Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Error message on initialization 0XC150004


  • This topic is locked This topic is locked
15 replies to this topic

#1 GoddardCat

GoddardCat

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:01:36 AM

Posted 22 October 2008 - 07:55 AM

Dell Inspirion 6000 running XP home using IE7. About a week ago my computer went blue screen overnite and ran a scandisk eventually rebooted. But now on startup or reboot I get the following error messages:

hpqSRMON-exe Application Error
The application filed to initialize properly (0xc015004)
Click on OK to terminate the application.

I get the exact same message on bootup for MSASCui.exe. In addition I get the same message when trying to run Yahoo or MSN messenger and they will not run. There may be more that I haven't seen yet.
Trojan.downloader.murlo.du was found by Bit Defender and not cleansed. Nothing found by Stinger. I have run everything as per the tutorial for posting here.

HijackThis Log:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:48:22 AM, on 10/22/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\WINDOWS\system32\hphmon05.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Palm\Hotsync.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\OdHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://centralkansas.cox.net/cci/home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://v4.windowsupdate.microsoft.com/
F2 - REG:system.ini: Shell=Explorer.exe,mapipcss.exe,wkssdev5.exe,linkpact.exe,msvcfilt.exe,msjtimem.exe,feclrfts.exe,ir41onui.exe,jetesvcs.exe,cdini_ci.exe,igfxbduk.exe,kbdhdsl1.exe,lfifegdb.exe,mdmi2bin.exe,msvci_ci.exe,sjrpldrs.exe,ltdixmlr.exe,icaasdlg.exe,ialmctrs.exe,wextsbe.exe,tcpm_863.exe,himetask.exe,msjtlt48.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\mapipcss.exe,C:\WINDOWS\system32\wkssdev5.exe,C:\WINDOWS\system32\linkpact.exe,C:\WINDOWS\system32\msvcfilt.exe,C:\WINDOWS\system32\msjtimem.exe,C:\WINDOWS\system32\feclrfts.exe,C:\WINDOWS\system32\ir41onui.exe,C:\WINDOWS\system32\jetesvcs.exe,C:\WINDOWS\system32\cdini_ci.exe,C:\WINDOWS\system32\igfxbduk.exe,C:\WINDOWS\system32\kbdhdsl1.exe,C:\WINDOWS\system32\lfifegdb.exe,C:\WINDOWS\system32\mdmi2bin.exe,C:\WINDOWS\system32\msvci_ci.exe,C:\WINDOWS\system32\sjrpldrs.exe,C:\WINDOWS\system32\ltdixmlr.exe,C:\WINDOWS\system32\icaasdlg.exe,C:\WINDOWS\system32\ialmctrs.exe,C:\WINDOWS\system32\wextsbe.exe,C:\WINDOWS\system32\tcpm_863.exe,C:\WINDOWS\system32\himetask.exe,C:\WINDOWS\system32\msjtlt48.exe,
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Suggest - {5A263CF7-56A6-4D68-A8CF-345BE45BC911} - C:\Program Files\Yahoo!\Search\YSearchSuggest.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint\Apoint.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [hpqSRMon] "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSRMon.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\Palm\Hotsync.exe
O4 - Global Startup: Wireless-G Notebook Adapter.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: AceIESecuritySettings - http://ww1.acehardware-acenet.com/Controls...itySettings.CAB
O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} (CamfrogWEB Advanced Unicode Control) - http://activex.camfrogweb.com/advanced/2.0..._instmodule.exe
O16 - DPF: {24B8CB65-C0D2-11D0-A523-444553540000} (AceExplorer Control) - http://ww1.acehardware-acenet.com/ACENET/C...xpl/AceExpl.cab
O16 - DPF: {41F841C0-AE16-11D5-8817-0050DA6EF5E5} (FarPoint Spread 6.0 (OLEDB)) - http://ww1.acehardware-acenet.com/ACENET/c...t60/fpspr60.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1131719767640
O16 - DPF: {8BF1A503-001F-11D0-A296-00A0246497B9} (ACENET Control) - http://ww1.acehardware-acenet.com/ACENET/C...ENET/ACECTL.CAB
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppD...ap/PhtPkMSN.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,23/mcgdmgr.cab
O16 - DPF: {C903C000-9C6E-419D-A0AC-2E760BBA3764} (MCSiMenuCtl Class) - http://ww1.acehardware-acenet.com/ACENET/C...Si/McsiMenu.cab
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: NICSer_WPC54G - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 14736 bytes

Edited by GoddardCat, 22 October 2008 - 10:36 AM.


BC AdBot (Login to Remove)

 


#2 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:36 AM

Posted 06 November 2008 - 04:57 PM

Hello. I am PropagandaPanda (Panda or PP for short), and I will be helping you with your log.

I apologize for the delay in response. We get overwhelmed with logs at times, but we are trying our best to keep up. If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following so I can have a look at the current condition of your machine.

You may want to keep the link to this topic in your favourites. Alternatively, you can click the Posted Image button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.

Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
  • Finally, please reply using the Posted Image button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
Download and Run OTScanIt
Download OTScanIt2 by OldTimer to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt2 on your desktop.
  • Open the OTScanIt2 folder and double-click on OTScanIt2.exe to start the program. If you are running on Vista then right-click the program and choose Run as Administrator.
  • Check the Scan all users box.
  • Under the Additional Scans bar, click "Extras". Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
  • Close Notepad (saving the change if necessary).
  • Use the Add Reply button in the forum and Attach the scan back here (do not copy/paste it as it will be too big to fit into the post). It will be located in the OTScanIt2 folder and named OTScanIt.txt.
Download and Run Scan with GMER
We will use GMER to scan for rootkits.
  • Download gmer.zip and save to your desktop.
  • Unzip/extract the file to its own folder. (Click here for information on how to do this if not sure. Win 2000 users click here.
  • Close all other running programs. There is a small chance this application may crash your computer so save any work you have open.
  • Double-click on Gmer.exe to start the program.
  • Allow the gmer.sys driver to load if asked.
  • If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO.
  • Click the >>>.
  • Click on Settings, then check the first five settings:
    • System Protection and Tracing
    • Processes
    • Save created processes to the log
    • Drivers
    • Save loaded drivers to the log
  • Click OK.
  • You will be prompted to restart your computer. Please do so.
After the reboot, run Gmer again and click on the Rootkit tab.
  • Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.
  • Make sure all other boxes on the right of the screen are checked, EXCEPT for Show All.
  • Click on the Scan and wait for the scan to finish.
    Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan. You will know that the scan is done when the Stop buttons turns back to Scan.
  • When completed, click on the Copy button and right-click on your Desktop, choose New>Text document. Once the file is created, open it and right-click again and choose Paste. Save the file as gmer.txt and copy the information in your next reply.
  • Note: If you have any problems, try running GMER in Safe Mode
Important!:Please do not select the Show all checkbox during the scan..

In your next reply include:
-the OTScanIt log (attached)
-the GMER log (pasted directly into your reply)

Please also tell me of any changes you have made to your computer since your topic was started.

If you do not make a reply in 5 days, we will need to close your topic.

With Regards,
The Panda

Important Note to Other Users Reading this Topic: The instructions provided in this topic below this point are for the original topic starter only. Even if you have similar problems or log entries to those given here, please do not follow the directions, especially those involving specific tools and scripts. Doing so can result in serious damage to your computer. Instead, please start your own topic. Feel free to link to any relevant topics as needed.

#3 GoddardCat

GoddardCat
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:01:36 AM

Posted 10 November 2008 - 12:10 PM

Attached is the otscan file and here is the gmer.txt:

GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2008-11-10 11:04:49
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.14 ----

SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.) ZwAllocateVirtualMemory [0xF86F4B30]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xAA4B5618]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xAA4B54D4]
SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.) ZwCreateThread [0xF86F46F0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xAA4B59B2]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xAA4B50AC]
SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.) ZwMapViewOfSection [0xF86F4470]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xAA4B55AE]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xAA4B4FEC]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xAA4B5050]
SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.) ZwProtectVirtualMemory [0xF86F4C50]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xAA4B56CE]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xAA4B568E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xAA4B580E]
SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.) ZwShutdownSystem [0xF86F4990]
SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.) ZwTerminateProcess [0xF86F48D0]
SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.) ZwWriteVirtualMemory [0xF86F4D60]

---- Kernel code sections - GMER 1.0.14 ----

.text tcpip.sys!IPTransmit + 10FC AA6FAD3A 6 Bytes CALL F8385E50 Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
.text tcpip.sys!IPTransmit + 2A52 AA6FC690 6 Bytes CALL F8385E50 Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
.text tcpip.sys!IPRegisterProtocol + 930 AA712454 6 Bytes CALL F8385E50 Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
.text wanarp.sys F7B593FD 7 Bytes CALL F8385FA0 Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)

---- User code sections - GMER 1.0.14 ----

.text C:\Program Files\Internet Explorer\iexplore.exe[3584] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 42F0F301 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3584] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 430A179F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3584] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 430A1720 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3584] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 430A1764 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3584] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 430A16AC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3584] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 430A16E6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3584] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 430A17DA C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3584] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 42F316B6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

---- Kernel IAT/EAT - GMER 1.0.14 ----

IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisCloseAdapter] [F8386C70] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisOpenAdapter] [F8386BD0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisDeregisterProtocol] [F8386B10] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisRegisterProtocol] [F83868E0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [F83868E0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [F8386BD0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [F8386C70] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [F8386B10] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [F8386B10] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [F83868E0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [F8386BD0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [F8386C70] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [F83868E0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [F8386B10] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [F8386C70] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [F8386BD0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [F8386C70] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [F8386BD0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [F83868E0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [F8386B10] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [F83868E0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [F8386BD0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [F8386C70] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisCloseAdapter] [F8386C70] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisOpenAdapter] [F8386BD0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisDeregisterProtocol] [F8386B10] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisRegisterProtocol] [F83868E0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [F83868E0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [F8386B10] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [F8386C70] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [F8386BD0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)

---- User IAT/EAT - GMER 1.0.14 ----

IAT C:\WINDOWS\system32\services.exe[880] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00390002
IAT C:\WINDOWS\system32\services.exe[880] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00390000

---- Devices - GMER 1.0.14 ----

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

Device \Driver\Tcpip \Device\Ip wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.)
Device \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\Tcpip \Device\Tcp wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.)
Device \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\Tcpip \Device\Udp wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.)
Device \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\Tcpip \Device\RawIp wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.)
Device \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\Tcpip \Device\IPMULTICAST wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.)
Device \Driver\Tcpip \Device\IPMULTICAST avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
Device \FileSystem\Fastfat \Fat A900DD20

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

---- Registry - GMER 1.0.14 ----

Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B500DC14-6283-9611-2105-380F40015CA2}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B500DC14-6283-9611-2105-380F40015CA2}@iamadijkncamahojid 0x6A 0x61 0x69 0x6A ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B500DC14-6283-9611-2105-380F40015CA2}@hacbfgdieoggdpoh 0x6A 0x61 0x69 0x6A ...

---- EOF - GMER 1.0.14 ----

Attached Files



#4 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:36 AM

Posted 10 November 2008 - 05:05 PM

Hello.

Disable Realtime Protection
Antimalware programs can interfere with the tools we need to run.

Disable Avast!'s realtime protection by right clicking on the try icon beside your clock that looks like Posted Image and selecting Stop On-Access Protection.

In the settings:
Posted Image
(Please ignore the comment about ComboFix)

Run Fix with OTScanIt
We will run OTScanIt again, but the directions are slightly different. If you have lost your copy of OTScanIt, download it here and extract it like you did last time.
  • Double click the OTScanIt.exe icon in the OTScanIt folder on your desktop. If you are using Windows Vista, right click OTScanIt.exe and select Run as Administrator.
  • Copy the contents of the codebox below into the "Paste fix here" box.
    [Kill Explorer]
    [Registry - Safe List]
    < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    YN -> {4D25F921-B9FE-4682-BF72-8AB8210D6D75} [HKLM] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
    YN -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} [HKLM] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
    < Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
    YN -> "{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" [HKLM] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
    YN -> "{A057A204-BACC-4D26-9990-79A187E2698E}" [HKLM] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
    < Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
    YN -> ShellBrowser\\"{C4069E3A-68F1-403E-B40E-20066696354B}" [HKLM] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
    YN -> WebBrowser\\"{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}" [HKLM] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
    YN -> WebBrowser\\"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" [HKLM] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
    YN -> WebBrowser\\"{A057A204-BACC-4D26-9990-79A187E2698E}" [HKLM] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
    YN -> WebBrowser\\"{C4069E3A-68F1-403E-B40E-20066696354B}" [HKLM] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
    < Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-731900606-1750838273-2747603177-1006\] > -> HKEY_USERS\S-1-5-21-731900606-1750838273-2747603177-1006\Software\Microsoft\Internet Explorer\Toolbar\
    YN -> ShellBrowser\\"{C4069E3A-68F1-403E-B40E-20066696354B}" [HKLM] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
    YN -> WebBrowser\\"{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}" [HKLM] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
    YN -> WebBrowser\\"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" [HKLM] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
    YN -> WebBrowser\\"{A057A204-BACC-4D26-9990-79A187E2698E}" [HKLM] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
    YN -> WebBrowser\\"{C4069E3A-68F1-403E-B40E-20066696354B}" [HKLM] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
    < Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
    YN -> {d81ca86b-ef63-42af-bee3-4502d9a03c2d}:http://wwws.musicmatch.com/mmz/openWebRadio.html [HKLM] -> [Button: MUSICMATCH MX Web Player]
    < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
    *Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell
    YN -> *Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell
    < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
    *UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit
    YN -> *UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit
    < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
    < Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List
    YN -> "C:\Program Files\America Online 9.0\waol.exe" -> C:\Program Files\America Online 9.0\waol.exe [C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0]
    YN -> "C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" -> C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe [C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL]
    YN -> "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" -> C:\Program Files\Common Files\AOL\ACS\AOLDial.exe [C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL]
    YN -> "C:\Program Files\MSN Messenger\livecall.exe" -> C:\Program Files\MSN Messenger\livecall.exe [C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)]
    YN -> "C:\Program Files\MSN Messenger\msnmsgr.exe" -> C:\Program Files\MSN Messenger\msnmsgr.exe [C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1]
    YN -> "C:\Program Files\Windows Live\Messenger\livecall.exe" -> C:\Program Files\Windows Live\Messenger\livecall.exe [C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)]
    YN -> "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" -> C:\Program Files\Windows Live\Messenger\msnmsgr.exe [C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger]
    < Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List
    YN -> "C:\WINDOWS\system32\vkpsrpyp.exe" -> C:\WINDOWS\system32\vkpsrpyp.exe [C:\WINDOWS\system32\vkpsrpyp.exe:*:Enabled:.NET Runtime Optimization Service v1.000.3.1434]
    [Extra Files]
    c:\WINDOWS\tasks\At??.job
    c:\WINDOWS\tasks\At?.job
    [Extra Registry Entries]
    HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B500DC14-6283-9611-2105-380F40015CA2}  -> 
    [Empty Temp Folders]
    [Reboot]
  • Close all windows except OTScanIt.
  • Click it Run Fix button.
When the fix is completed a message box will popup either telling you that it is finished, or that a reboot is needed to complete the fix. If the fix is complete, click OK and Notepad will open with a log of actions taken during the fix. Post that log back here in your next reply.

If a reboot is required, click the "Yes" button to reboot the machine. After the reboot, OTScanIt2 will finish moving any files that could not be moved during the fix. Notepad will open with the final results at that time. Post that log back here in your next reply.

Download and run MalwareBytes Anti-Malware
Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on Download_mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

You can refer to this page which has a visual of the instructions above.


Re-enable your protection at this time.

Please post back with:
-the OTScanIt fix log
-the MalwareBytes log
-a new OTScanit scan log (leave the settings at default)

How is your computer running now?

With Regards,
The Panda

#5 GoddardCat

GoddardCat
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:01:36 AM

Posted 12 November 2008 - 09:12 AM

OTscan log:
Explorer killed successfully
[Registry - Safe List]
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4D25F921-B9FE-4682-BF72-8AB8210D6D75}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4D25F921-B9FE-4682-BF72-8AB8210D6D75}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar\\{A057A204-BACC-4D26-9990-79A187E2698E} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C4069E3A-68F1-403E-B40E-20066696354B}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{A057A204-BACC-4D26-9990-79A187E2698E} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C4069E3A-68F1-403E-B40E-20066696354B}\ not found.
Registry value HKEY_USERS\S-1-5-21-731900606-1750838273-2747603177-1006\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C4069E3A-68F1-403E-B40E-20066696354B}\ not found.
Registry value HKEY_USERS\S-1-5-21-731900606-1750838273-2747603177-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}\ not found.
Registry value HKEY_USERS\S-1-5-21-731900606-1750838273-2747603177-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.
Registry value HKEY_USERS\S-1-5-21-731900606-1750838273-2747603177-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{A057A204-BACC-4D26-9990-79A187E2698E} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}\ not found.
Registry value HKEY_USERS\S-1-5-21-731900606-1750838273-2747603177-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C4069E3A-68F1-403E-B40E-20066696354B}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{d81ca86b-ef63-42af-bee3-4502d9a03c2d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d81ca86b-ef63-42af-bee3-4502d9a03c2d}\ deleted successfully.
Unable to delete registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:*Shell* .
Unable to delete registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:*UserInit* .
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\America Online 9.0\waol.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\ACS\AOLDial.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\livecall.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\msnmsgr.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\livecall.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\msnmsgr.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\vkpsrpyp.exe deleted successfully.
[Empty Temp Folders]
File delete failed. C:\Documents and Settings\Bill Carpenter\Local Settings\Temp\ mon000.log scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_76c.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
FireFox cache emptied.
RecycleBin -> emptied.
< End of fix log >
OTScanIt2 by OldTimer - Version 1.0.0.33b fix logfile created on 11122008_073252

Files moved on Reboot...
C:\Documents and Settings\Bill Carpenter\Local Settings\Temp\ mon000.log moved successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat moved successfully.
C:\WINDOWS\temp\Perflib_Perfdata_76c.dat moved successfully.

New OTSCan:
OTScanIt2 logfile created on: 11/12/2008 8:08:33 AM - Run 3
OTScanIt2 by OldTimer - Version 1.0.0.33b	 Folder = C:\Documents and Settings\Bill Carpenter\Desktop\OTScanIt2
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
503.37 Mb Total Physical Memory | 205.98 Mb Available Physical Memory | 40.92% Memory free
1.44 Gb Paging File | 1.04 Gb Available in Paging File | 72.40% Paging File free
Paging file location(s): C:\pagefile.sys 1000 1512;
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 34.09 Gb Total Space | 17.87 Gb Free Space | 52.43% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: BILLS
Current User Name: Bill Carpenter
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On
File Age = 30 Days
 
[Processes - Safe List]
smc.exe -> %ProgramFiles%\Sygate\SPF\Smc.exe -> [2004/10/15 18:40:56 | 02,577,632 | ---- | M] (Sygate Technologies, Inc.)
aawservice.exe -> %ProgramFiles%\Lavasoft\Ad-Aware\aawservice.exe -> [2008/10/21 14:01:15 | 00,611,664 | ---- | M] (Lavasoft)
aswupdsv.exe -> %ProgramFiles%\Alwil Software\Avast4\aswUpdSv.exe -> [2008/07/19 08:25:06 | 00,016,056 | ---- | M] (ALWIL Software)
ashserv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashServ.exe -> [2008/07/19 08:38:28 | 00,147,640 | ---- | M] (ALWIL Software)
apoint.exe -> %ProgramFiles%\Apoint\Apoint.exe -> [2004/09/13 16:33:20 | 00,155,648 | ---- | M] (Alps Electric Co., Ltd.)
igfxsrvc.exe -> %SystemRoot%\system32\igfxsrvc.exe -> [2005/07/19 23:06:04 | 00,159,744 | ---- | M] (Intel Corporation)
hkcmd.exe -> %SystemRoot%\system32\hkcmd.exe -> [2005/07/19 23:06:12 | 00,077,824 | ---- | M] (Intel Corporation)
igfxpers.exe -> %SystemRoot%\system32\igfxpers.exe -> [2005/07/19 23:10:06 | 00,114,688 | ---- | M] (Intel Corporation)
pcmservice.exe -> %ProgramFiles%\Dell\Media Experience\PCMService.exe -> [2004/04/11 20:15:14 | 00,290,816 | ---- | M] (CyberLink Corp.)
apntex.exe -> %ProgramFiles%\Apoint\ApntEx.exe -> [2004/08/19 14:40:08 | 00,045,056 | ---- | M] (Alps Electric Co., Ltd.)
hpztsb09.exe -> %SystemRoot%\system32\spool\drivers\w32x86\3\hpztsb09.exe -> [2004/05/04 01:21:22 | 00,176,128 | ---- | M] (HP)
googleupdaterservice.exe -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> [2008/10/14 17:14:36 | 00,168,432 | ---- | M] (Google)
hphmon05.exe -> %SystemRoot%\system32\hphmon05.exe -> [2004/05/04 16:17:06 | 00,491,520 | ---- | M] (Hewlett-Packard)
qttask.exe -> %ProgramFiles%\QuickTime\qttask.exe -> [2007/04/27 08:41:54 | 00,282,624 | ---- | M] (Apple Inc.)
ituneshelper.exe -> %ProgramFiles%\iTunes\iTunesHelper.exe -> [2007/06/01 15:51:26 | 00,257,088 | ---- | M] (Apple Inc.)
nicconfigsvc.exe -> %ProgramFiles%\Dell\NicConfigSvc\NicConfigSvc.exe -> [2005/03/03 23:29:02 | 00,356,352 | ---- | M] (Dell Inc.)
jusched.exe -> %ProgramFiles%\Java\jre1.6.0_07\bin\jusched.exe -> [2008/06/10 03:27:04 | 00,144,784 | ---- | M] (Sun Microsystems, Inc.)
realsched.exe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> [2008/01/29 10:38:33 | 00,185,896 | ---- | M] (RealNetworks, Inc.)
sprtcmd.exe -> %ProgramFiles%\Dell Support Center\bin\sprtcmd.exe -> [2008/08/13 17:32:40 | 00,206,064 | ---- | M] (SupportSoft, Inc.)
ashdisp.exe -> %ProgramFiles%\Alwil Software\Avast4\ashDisp.exe -> [2008/07/19 08:38:34 | 00,078,008 | ---- | M] (ALWIL Software)
nicserv.exe -> %ProgramFiles%\Linksys\Wireless-G Notebook Adapter\NICServ.exe -> [2003/11/13 13:29:40 | 00,455,680 | ---- | M] ()
dsagnt.exe -> %ProgramFiles%\DellSupport\DSAgnt.exe -> [2007/03/15 10:09:36 | 00,460,784 | ---- | M] (Gteko Ltd.)
teatimer.exe -> %ProgramFiles%\Spybot - Search & Destroy\TeaTimer.exe -> [2008/09/16 11:16:08 | 01,833,296 | RHS- | M] (Safer Networking Limited)
googletoolbarnotifier.exe -> %ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe -> [2007/06/18 11:49:43 | 00,068,856 | ---- | M] (Google Inc.)
sprtsvc.exe -> %ProgramFiles%\Dell Support Center\bin\sprtsvc.exe -> [2008/08/13 17:32:40 | 00,201,968 | ---- | M] (SupportSoft, Inc.)
symlcsvc.exe -> %CommonProgramFiles%\Symantec Shared\CCPD-LC\symlcsvc.exe -> [2008/01/23 14:58:01 | 01,251,720 | ---- | M] ()
dlg.exe -> %ProgramFiles%\Digital Line Detect\DLG.exe -> [2003/10/29 03:06:00 | 00,024,576 | ---- | M] (BVRP Software)
hotsync.exe -> %ProgramFiles%\Palm\Hotsync.exe -> [2004/06/09 13:27:34 | 00,471,040 | ---- | M] (PalmSource, Inc)
gcc.exe -> %ProgramFiles%\Linksys\Wireless-G Notebook Adapter\Gcc.exe -> [2005/06/10 07:23:24 | 00,036,864 | ---- | M] ()
odhost.exe -> %ProgramFiles%\Linksys\Wireless-G Notebook Adapter\OdHost.exe -> [2004/09/01 19:16:04 | 00,024,641 | ---- | M] ()
wmiprvse.exe -> %SystemRoot%\system32\wbem\wmiprvse.exe -> [2008/04/13 18:12:40 | 00,218,112 | ---- | M] (Microsoft Corporation)
ipodservice.exe -> %ProgramFiles%\iPod\bin\iPodService.exe -> [2007/06/01 15:51:22 | 00,501,312 | ---- | M] (Apple Inc.)
hpzipm12.exe -> %SystemRoot%\system32\HPZipm12.exe -> [2004/03/18 16:55:48 | 00,065,536 | ---- | M] (HP)
iexplore.exe -> %ProgramFiles%\Internet Explorer\iexplore.exe -> [2008/08/22 23:56:15 | 00,635,848 | ---- | M] (Microsoft Corporation)
otscanit2.exe -> %UserProfile%\Desktop\OTScanIt2\OTScanIt2.exe -> [2008/11/09 11:18:54 | 00,464,896 | ---- | M] (OldTimer Tools)
 
[Win32 Services - Safe List]
(aawservice) Lavasoft Ad-Aware Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Lavasoft\Ad-Aware\aawservice.exe -> [2008/10/21 14:01:15 | 00,611,664 | ---- | M] (Lavasoft)
(aspnet_state) ASP.NET State Service [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -> [2004/07/15 01:49:26 | 00,032,768 | ---- | M] (Microsoft Corporation)
(aswUpdSv) avast! iAVS4 Control Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Alwil Software\Avast4\aswUpdSv.exe -> [2008/07/19 08:25:06 | 00,016,056 | ---- | M] (ALWIL Software)
(avast! Antivirus) avast! Antivirus [Win32_Own | Auto | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashServ.exe -> [2008/07/19 08:38:28 | 00,147,640 | ---- | M] (ALWIL Software)
(avast! Mail Scanner) avast! Mail Scanner [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Alwil Software\Avast4\ashMaiSv.exe -> [2008/07/19 08:38:04 | 00,250,040 | ---- | M] (ALWIL Software)
(avast! Web Scanner) avast! Web Scanner [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Alwil Software\Avast4\ashWebSv.exe -> [2008/07/23 08:25:45 | 00,348,344 | ---- | M] (ALWIL Software)
(avg8emc) AVG8 E-mail Scanner [Win32_Own | Auto | Stopped] -> %ProgramFiles%\AVG\AVG8\avgemc.exe -> [2008/09/01 06:31:47 | 00,875,288 | ---- | M] (AVG Technologies CZ, s.r.o.)
(avg8wd) AVG8 WatchDog [Win32_Own | Auto | Stopped] -> %ProgramFiles%\AVG\AVG8\avgwdsvc.exe -> [2008/09/01 06:31:39 | 00,231,704 | ---- | M] (AVG Technologies CZ, s.r.o.)
(DSBrokerService) DSBrokerService [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\DellSupport\brkrsvc.exe -> [2007/03/07 14:47:46 | 00,076,848 | ---- | M] ()
(gusvc) Google Updater Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> [2008/10/14 17:14:36 | 00,168,432 | ---- | M] (Google)
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> [2005/04/03 23:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation)
(iPod Service) iPod Service [Win32_Own | On_Demand | Running] -> %ProgramFiles%\iPod\bin\iPodService.exe -> [2007/06/01 15:51:22 | 00,501,312 | ---- | M] (Apple Inc.)
(NICCONFIGSVC) NICCONFIGSVC [Win32_Own | Auto | Running] -> %ProgramFiles%\Dell\NicConfigSvc\NicConfigSvc.exe -> [2005/03/03 23:29:02 | 00,356,352 | ---- | M] (Dell Inc.)
(NICSer_WPC54G) NICSer_WPC54G [Win32_Own | Auto | Running] -> %ProgramFiles%\Linksys\Wireless-G Notebook Adapter\NICServ.exe -> [2003/11/13 13:29:40 | 00,455,680 | ---- | M] ()
(ose) Office Source Engine [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Microsoft Shared\Source Engine\OSE.EXE -> [2003/07/28 12:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation)
(Pml Driver HPZ12) Pml Driver HPZ12 [Win32_Own | On_Demand | Running] -> %SystemRoot%\system32\HPZipm12.exe -> [2004/03/18 16:55:48 | 00,065,536 | ---- | M] (HP)
(SmcService) Sygate Personal Firewall [Win32_Own | Auto | Running] -> %ProgramFiles%\Sygate\SPF\Smc.exe -> [2004/10/15 18:40:56 | 02,577,632 | ---- | M] (Sygate Technologies, Inc.)
(sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter) [Win32_Own | Auto | Running] -> %ProgramFiles%\Dell Support Center\bin\sprtsvc.exe -> [2008/08/13 17:32:40 | 00,201,968 | ---- | M] (SupportSoft, Inc.)
(Symantec Core LC) Symantec Core LC [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\CCPD-LC\symlcsvc.exe -> [2008/01/23 14:58:01 | 01,251,720 | ---- | M] ()
(WinDefend) Windows Defender [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Windows Defender\MsMpEng.exe -> [2006/11/03 19:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation)
(WLSetupSvc) Windows Live Setup Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Windows Live\installer\WLSetupSvc.exe -> [2007/10/25 15:27:54 | 00,266,240 | ---- | M] (Microsoft Corporation)
(WMPNetworkSvc) Windows Media Player Network Sharing Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Windows Media Player\wmpnetwk.exe -> [2006/10/18 19:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation)
 
[Driver Services - Safe List]
(Aavmker4) avast! Asynchronous Virus Monitor [Kernel | System | Running] -> %SystemRoot%\System32\drivers\aavmker4.sys -> [2008/07/19 08:32:15 | 00,026,944 | ---- | M] (ALWIL Software)
(AliIde) AliIde [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\aliide.sys -> [2001/08/17 13:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.)
(amdagp) AMD AGP Bus Filter Driver [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\amdagp.sys -> [2008/04/13 12:36:39 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.)
(ApfiltrService) Alps Touch Pad Filter Driver for Windows 2000/XP [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\Apfiltr.sys -> [2004/11/16 16:03:52 | 00,108,791 | ---- | M] (Alps Electric Co., Ltd.)
(APPDRV) APPDRV [Kernel | System | Running] -> %SystemRoot%\system32\drivers\APPDRV.SYS -> [2004/08/18 14:53:54 | 00,016,128 | ---- | M] (Dell Inc)
(asc) asc [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\asc.sys -> [2001/08/17 13:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.)
(asc3550) asc3550 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\asc3550.sys -> [2001/08/17 13:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.)
(Aspi32) Aspi32 [Kernel | System | Running] -> %SystemRoot%\System32\drivers\aspi32.sys -> [2002/07/17 08:53:02 | 00,016,877 | ---- | M] (Adaptec)
(aswFsBlk) aswFsBlk [File_System | Auto | Running] -> %SystemRoot%\system32\drivers\aswFsBlk.sys -> [2008/07/19 08:37:42 | 00,020,560 | ---- | M] (ALWIL Software)
(aswMon2) avast! Standard Shield Support [File_System | Auto | Running] -> %SystemRoot%\System32\drivers\aswmon2.sys -> [2008/07/19 08:37:21 | 00,094,416 | ---- | M] (ALWIL Software)
(aswRdr) aswRdr [Kernel | On_Demand | Running] -> %SystemRoot%\System32\drivers\aswRdr.sys -> [2008/07/19 08:33:42 | 00,023,152 | ---- | M] (ALWIL Software)
(aswSP) avast! Self Protection [Kernel | System | Running] -> %SystemRoot%\System32\drivers\aswSP.sys -> [2008/07/19 08:35:18 | 00,078,416 | ---- | M] (ALWIL Software)
(aswTdi) avast! Network Shield Support [Kernel | System | Running] -> %SystemRoot%\System32\drivers\aswTdi.sys -> [2008/07/19 08:32:36 | 00,042,912 | ---- | M] (ALWIL Software)
(AvgLdx86) AVG AVI Loader Driver x86 [Kernel | System | Stopped] -> %SystemRoot%\system32\drivers\avgldx86.sys -> [2008/09/01 06:31:33 | 00,097,928 | ---- | M] (AVG Technologies CZ, s.r.o.)
(AvgMfx86) AVG On-access Scanner Minifilter Driver x86 [File_System | System | Running] -> %SystemRoot%\system32\drivers\avgmfx86.sys -> [2008/07/04 08:11:18 | 00,026,824 | ---- | M] (AVG Technologies CZ, s.r.o.)
(AvgTdiX) AVG8 Network Redirector [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\avgtdix.sys -> [2008/07/04 08:12:03 | 00,076,040 | ---- | M] (AVG Technologies CZ, s.r.o.)
(BCM42RLY) BCM42RLY [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\bcm42rly.sys -> [2004/12/17 13:52:58 | 00,017,992 | ---- | M] (Broadcom Corporation)
(BCM43XX) 802.11 Network Adapter Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\BCMWL5.SYS -> [2005/02/11 21:46:22 | 00,371,712 | ---- | M] (Broadcom Corporation)
(bcm4sbxp) Broadcom 440x 10/100 Integrated Controller XP Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\bcm4sbxp.sys -> [2004/05/26 20:18:18 | 00,044,928 | ---- | M] (Broadcom Corporation)
(BCMNTIO) BCMNTIO [Kernel | Auto | Running] -> %ProgramFiles%\CheckIt\Diagnostics\BCMNTIO.SYS -> [2004/03/05 16:09:00 | 00,003,744 | ---- | M] ()
(CA561) ICatch (VI) PC Camera [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\spca561.sys -> [2002/10/01 13:43:32 | 00,119,798 | ---- | M] (SP)
(CBTNDIS5) CBTNDIS5 NDIS Protocol Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\CBTNDIS5.sys -> [2003/07/16 22:28:02 | 00,017,142 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA))
(CmdIde) CmdIde [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\cmdide.sys -> [2001/08/17 13:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.)
(dac2w2k) dac2w2k [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dac2w2k.sys -> [2001/08/17 13:52:16 | 00,179,584 | ---- | M] (Mylex Corporation)
(DSproct) DSproct [Kernel | On_Demand | Running] -> %ProgramFiles%\DellSupport\GTAction\triggers\DSproct.sys -> [2006/10/05 15:07:28 | 00,004,736 | ---- | M] (Gteko Ltd.)
(dsunidrv) DellSupport UniDriver [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\dsunidrv.sys -> [2007/02/25 11:10:48 | 00,005,376 | --S- | M] (Gteko Ltd.)
(E100B) Intel(R) PRO Adapter Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\e100b325.sys -> [2001/08/17 12:12:10 | 00,117,760 | ---- | M] (Intel Corporation)
(eeCtrl) Symantec Eraser Control driver [Kernel | System | Running] -> %CommonProgramFiles%\Symantec Shared\EENGINE\eeCtrl.sys -> [2008/01/18 03:00:00 | 00,385,072 | ---- | M] (Symantec Corporation)
(GEARAspiWDM) GEARAspiWDM [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\GEARAspiWDM.sys -> [2006/09/19 15:44:04 | 00,015,664 | ---- | M] (GEAR Software Inc.)
(gmer) gmer [Kernel | System | Running] -> %SystemRoot%\system32\drivers\gmer.sys -> [2008/11/10 10:36:37 | 00,085,969 | ---- | M] (GMER)
(HPZid412) IEEE-1284.4 Driver HPZid412 [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\hpzid412.sys -> [2004/03/17 21:22:42 | 00,051,088 | R--- | M] (HP)
(HPZipr12) Print Class Driver for IEEE-1284.4 HPZipr12 [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\HPZipr12.sys -> [2004/03/17 21:22:44 | 00,016,496 | R--- | M] (HP)
(HPZius12) USB to IEEE-1284.4 Translation Driver HPZius12 [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\HPZius12.sys -> [2004/03/17 21:21:02 | 00,021,744 | ---- | M] (HP)
(HSFHWICH) HSFHWICH [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\HSFHWICH.sys -> [2004/06/17 20:57:02 | 00,200,064 | ---- | M] (Conexant Systems, Inc.)
(HSF_DP) HSF_DP [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\HSF_DP.sys -> [2004/06/17 20:55:04 | 01,041,536 | ---- | M] (Conexant Systems, Inc.)
(ialm) ialm [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ialmnt5.sys -> [2005/07/19 23:34:22 | 01,049,180 | ---- | M] (Intel Corporation)
(kbdhid) Keyboard HID Driver [Kernel | System | Stopped] -> %SystemRoot%\system32\drivers\kbdhid.sys -> [2008/04/13 12:39:48 | 00,014,592 | ---- | M] (Microsoft Corporation)
(MAPMEM) MAPMEM [Kernel | Auto | Running] -> %ProgramFiles%\CheckIt\Diagnostics\MAPMEM.SYS -> [2004/03/05 16:09:02 | 00,003,904 | ---- | M] ()
(mdmxsdk) mdmxsdk [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\mdmxsdk.sys -> [2004/03/17 18:04:14 | 00,013,059 | ---- | M] (Conexant)
(mraid35x) mraid35x [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\mraid35x.sys -> [2001/08/17 13:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.)
(nv) nv [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\nv4_mini.sys -> [2004/08/03 22:29:56 | 01,897,408 | ---- | M] (NVIDIA Corporation)
(odysseyIM4) Odyssey Network Agent Miniport [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\odysseyIM4.sys -> [2004/09/24 23:36:44 | 00,173,056 | ---- | M] (Funk Software, Inc.)
(omci) OMCI WDM Device Driver [Kernel | System | Running] -> %SystemRoot%\system32\drivers\omci.sys -> [2004/02/13 16:46:00 | 00,017,153 | ---- | M] (Dell Inc)
(PalmUSBD) PalmUSBD [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\PalmUSBD.sys -> [2007/05/03 14:52:05 | 00,016,694 | ---- | M] (PalmSource, Inc.)
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ptilink.sys -> [2004/08/04 05:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.)
(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\pxhelp20.sys -> [2005/04/25 02:03:00 | 00,020,640 | ---- | M] (Sonic Solutions)
(ql1080) ql1080 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\ql1080.sys -> [2001/08/17 13:52:20 | 00,040,320 | ---- | M] (QLogic Corporation)
(ql12160) ql12160 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\ql12160.sys -> [2001/08/17 13:52:20 | 00,045,312 | ---- | M] (QLogic Corporation)
(ql1280) ql1280 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\ql1280.sys -> [2001/08/17 13:52:18 | 00,049,024 | ---- | M] (QLogic Corporation)
(sdbus) sdbus [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\sdbus.sys -> [2008/04/13 12:36:44 | 00,079,232 | ---- | M] (Microsoft Corporation)
(Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\secdrv.sys -> [2007/11/13 04:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
(Ser2pl) Prolific Serial port driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\ser2pl.sys -> [2003/07/16 00:27:40 | 00,043,264 | R--- | M] (Prolific Technology Inc.)
(sffdisk) SFF Storage Class Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\sffdisk.sys -> [2008/04/13 12:40:47 | 00,011,904 | ---- | M] (Microsoft Corporation)
(sffp_sd) SFF Storage Protocol Driver for SDBus [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\sffp_sd.sys -> [2008/04/13 12:40:47 | 00,011,008 | ---- | M] (Microsoft Corporation)
(sisagp) SIS AGP Bus Filter [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\sisagp.sys -> [2008/04/13 12:36:39 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation)
(Sparrow) Sparrow [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\sparrow.sys -> [2001/08/17 14:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.)
(STAC97) SigmaTel C-Major Audio [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\STAC97.sys -> [2005/03/10 22:56:06 | 00,273,168 | ---- | M] (SigmaTel, Inc.)
(symc810) symc810 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\symc810.sys -> [2001/08/17 14:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.)
(symc8xx) symc8xx [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\symc8xx.sys -> [2001/08/17 14:07:36 | 00,032,640 | ---- | M] (LSI Logic)
(SymEvent) SymEvent [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\SYMEVENT.SYS -> [2008/06/02 19:48:44 | 00,123,952 | ---- | M] (Symantec Corporation)
(symlcbrd) symlcbrd [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\symlcbrd.sys -> [2006/08/17 14:09:05 | 00,010,344 | ---- | M] (Symantec Corporation)
(sym_hi) sym_hi [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\sym_hi.sys -> [2001/08/17 14:07:40 | 00,028,384 | ---- | M] (LSI Logic)
(sym_u3) sym_u3 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\sym_u3.sys -> [2001/08/17 14:07:42 | 00,030,688 | ---- | M] (LSI Logic)
(Teefer) Teefer for NT [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\Teefer.sys -> [2004/10/15 17:17:02 | 00,060,496 | ---- | M] (Sygate Technologies, Inc.)
(ultra) ultra [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\ultra.sys -> [2001/08/17 13:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.)
(USB_RNDIS_XP) Westell WireSpeed Dual Connect Modem [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\usb8023.sys -> [2008/04/13 12:56:49 | 00,012,800 | ---- | M] (Microsoft Corporation)
(wg3n) SyGate for NT, wg3n [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\wg3n.sys -> [2004/10/15 17:32:38 | 00,014,568 | ---- | M] (Sygate Technologies, Inc.)
(wg4n) SyGate for NT, wg4n [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\wg4n.sys -> [2004/10/15 17:32:40 | 00,014,568 | ---- | M] (Sygate Technologies, Inc.)
(wg5n) SyGate for NT, wg5n [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\wg5n.sys -> [2004/10/15 17:32:42 | 00,014,568 | ---- | M] (Sygate Technologies, Inc.)
(wg6n) SyGate for NT, wg6n [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\wg6n.sys -> [2004/10/15 17:32:44 | 00,014,568 | ---- | M] (Sygate Technologies, Inc.)
(winachsf) winachsf [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\HSF_CNXT.sys -> [2004/06/17 20:55:38 | 00,685,056 | ---- | M] (Conexant Systems, Inc.)
(wpsdrvnt) wpsdrvnt [Kernel | System | Running] -> %SystemRoot%\system32\drivers\wpsdrvnt.sys -> [2004/10/15 17:18:46 | 00,021,075 | ---- | M] (Sygate Technologies, Inc.)
 
[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://go.microsoft.com/fwlink/?LinkId=69157 -> 
HKEY_LOCAL_MACHINE\: Main\\"Default_Search_URL" -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_LOCAL_MACHINE\: Main\\"Default_Secondary_Page_URL" ->  -> 
HKEY_LOCAL_MACHINE\: Main\\"Extensions Off Page" -> about:NoAdd-ons -> 
HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> %SystemRoot%\system32\blank.htm -> 
HKEY_LOCAL_MACHINE\: Main\\"Search Page" -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_LOCAL_MACHINE\: Main\\"Security Risk Page" -> about:SecurityRisk -> 
HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://go.microsoft.com/fwlink/?LinkId=69157 -> 
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 
HKEY_CURRENT_USER\: Main\\"Local Page" -> C:\WINDOWS\system32\blank.htm -> 
HKEY_CURRENT_USER\: Main\\"Search Page" -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_CURRENT_USER\: Main\\"Start Page" -> http://centralkansas.cox.net/cci/home -> 
HKEY_CURRENT_USER\: SearchURL\\"" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_CURRENT_USER\: "ProxyEnable" -> 0 -> 
< HOSTS File > (263639 bytes and 9167 lines) -> C:\WINDOWS\System32\drivers\etc\Hosts -> 
First 25 entries...
127.0.0.1 localhost
127.0.0.1	www.007guard.com
127.0.0.1	007guard.com
127.0.0.1	010402.com
127.0.0.1	www.032439.com
127.0.0.1	032439.com
127.0.0.1	www.100888290cs.com
127.0.0.1	100888290cs.com
127.0.0.1	www.100sexlinks.com
127.0.0.1	100sexlinks.com
127.0.0.1	www.10sek.com
127.0.0.1	10sek.com
127.0.0.1	www.123topsearch.com
127.0.0.1	123topsearch.com
127.0.0.1	www.132.com
127.0.0.1	132.com
127.0.0.1	www.136136.net
127.0.0.1	136136.net
127.0.0.1	www.163ns.com
127.0.0.1	163ns.com
127.0.0.1	171203.com
127.0.0.1	17-plus.com
127.0.0.1	www.1800searchonline.com
127.0.0.1	1800searchonline.com
127.0.0.1	www.180searchassistant.com
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{02478D38-C3F9-4EFB-9B51-7695ECA05670} [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn0\yt.dll [&Yahoo! Toolbar Helper] -> [2007/12/18 15:49:22 | 00,817,936 | ---- | M] (Yahoo! Inc.)
{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} [HKLM] -> %ProgramFiles%\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL [Ask Search Assistant BHO] -> [2007/12/28 08:25:11 | 00,066,912 | ---- | M] (Ask.com)
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> [2006/12/18 03:16:42 | 00,059,032 | ---- | M] (Adobe Systems Incorporated)
{3049C3E9-B461-4BC5-8870-4C09146192CA} [HKLM] -> %ProgramFiles%\Real\RealPlayer\rpbrowserrecordplugin.dll [RealPlayer Download and Record Plugin for Internet Explorer] -> [2008/01/29 10:40:28 | 00,370,296 | ---- | M] (RealPlayer)
{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> [2008/09/15 13:25:44 | 01,562,960 | RHS- | M] (Safer Networking Limited)
{5A263CF7-56A6-4D68-A8CF-345BE45BC911} [HKLM] -> %ProgramFiles%\Yahoo!\Search\YSearchSuggest.dll [Yahoo! IE Suggest] -> [2007/02/23 17:04:32 | 00,140,840 | ---- | M] (Yahoo! Inc.)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_07\bin\ssv.dll [SSVHelper Class] -> [2008/06/10 03:27:02 | 00,509,328 | ---- | M] (Sun Microsystems, Inc.)
{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKLM] -> %ProgramFiles%\Google\GoogleToolbar2.dll [Google Toolbar Helper] -> [2007/05/11 06:53:23 | 02,403,392 | R--- | M] (Google Inc.)
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKLM] -> %ProgramFiles%\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll [Google Toolbar Notifier BHO] -> [2008/10/14 17:14:43 | 00,652,784 | ---- | M] (Google Inc.)
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" [HKLM] -> %ProgramFiles%\Google\GoogleToolbar2.dll [&Google] -> [2007/05/11 06:53:23 | 02,403,392 | R--- | M] (Google Inc.)
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn0\yt.dll [Yahoo! Toolbar] -> [2007/12/18 15:49:22 | 00,817,936 | ---- | M] (Yahoo! Inc.)
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> 
ShellBrowser\\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" [HKLM] -> %ProgramFiles%\Google\GoogleToolbar2.dll [&Google] -> [2007/05/11 06:53:23 | 02,403,392 | R--- | M] (Google Inc.)
WebBrowser\\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" [HKLM] -> %ProgramFiles%\Google\GoogleToolbar2.dll [&Google] -> [2007/05/11 06:53:23 | 02,403,392 | R--- | M] (Google Inc.)
WebBrowser\\"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn0\yt.dll [Yahoo! Toolbar] -> [2007/12/18 15:49:22 | 00,817,936 | ---- | M] (Yahoo! Inc.)
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"Apoint" -> %ProgramFiles%\Apoint\Apoint.exe ["C:\Program Files\Apoint\Apoint.exe"] -> [2004/09/13 16:33:20 | 00,155,648 | ---- | M] (Alps Electric Co., Ltd.)
"avast!" -> %ProgramFiles%\Alwil Software\Avast4\ashDisp.exe [C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe] -> [2008/07/19 08:38:34 | 00,078,008 | ---- | M] (ALWIL Software)
"DellSupportCenter" -> %ProgramFiles%\Dell Support Center\bin\sprtcmd.exe ["C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter] -> [2008/08/13 17:32:40 | 00,206,064 | ---- | M] (SupportSoft, Inc.)
"dscactivate" -> %ProgramFiles%\Dell Support Center\gs_agent\custom\dsca.exe ["C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"] -> [2007/11/15 09:24:00 | 00,016,384 | ---- | M] ( )
"HPDJ Taskbar Utility" -> %SystemRoot%\system32\spool\drivers\w32x86\3\hpztsb09.exe [C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe] -> [2004/05/04 01:21:22 | 00,176,128 | ---- | M] (HP)
"HPHmon05" -> %SystemRoot%\system32\hphmon05.exe [C:\WINDOWS\system32\hphmon05.exe] -> [2004/05/04 16:17:06 | 00,491,520 | ---- | M] (Hewlett-Packard)
"hpqSRMon" -> %ProgramFiles%\Hewlett-Packard\Digital Imaging\bin\HpqSRmon.exe ["C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSRMon.exe"] -> [2008/10/21 06:45:25 | 00,080,896 | ---- | M] (Hewlett-Packard)
"igfxhkcmd" -> %SystemRoot%\system32\hkcmd.exe [C:\WINDOWS\system32\hkcmd.exe] -> [2005/07/19 23:06:12 | 00,077,824 | ---- | M] (Intel Corporation)
"igfxpers" -> %SystemRoot%\system32\igfxpers.exe [C:\WINDOWS\system32\igfxpers.exe] -> [2005/07/19 23:10:06 | 00,114,688 | ---- | M] (Intel Corporation)
"igfxtray" -> %SystemRoot%\system32\igfxtray.exe [C:\WINDOWS\system32\igfxtray.exe] -> [2005/07/19 23:09:26 | 00,094,208 | ---- | M] (Intel Corporation)
"ISUSPM Startup" -> %CommonProgramFiles%\InstallShield\UpdateService\ISUSPM.exe ["C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup] -> [2005/06/10 10:44:02 | 00,249,856 | ---- | M] (InstallShield Software Corporation)
"ISUSScheduler" -> %CommonProgramFiles%\InstallShield\UpdateService\issch.exe ["C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start] -> [2005/06/10 10:44:02 | 00,081,920 | ---- | M] (InstallShield Software Corporation)
"iTunesHelper" -> %ProgramFiles%\iTunes\iTunesHelper.exe ["C:\Program Files\iTunes\iTunesHelper.exe"] -> [2007/06/01 15:51:26 | 00,257,088 | ---- | M] (Apple Inc.)
"PCMService" -> %ProgramFiles%\Dell\Media Experience\PCMService.exe ["C:\Program Files\Dell\Media Experience\PCMService.exe"] -> [2004/04/11 20:15:14 | 00,290,816 | ---- | M] (CyberLink Corp.)
"QuickTime Task" -> %ProgramFiles%\QuickTime\qttask.exe ["C:\Program Files\QuickTime\qttask.exe" -atboottime] -> [2007/04/27 08:41:54 | 00,282,624 | ---- | M] (Apple Inc.)
"SmcService" -> %ProgramFiles%\Sygate\SPF\Smc.exe [C:\PROGRA~1\Sygate\SPF\smc.exe -startgui] -> [2004/10/15 18:40:56 | 02,577,632 | ---- | M] (Sygate Technologies, Inc.)
"SunJavaUpdateSched" -> %ProgramFiles%\Java\jre1.6.0_07\bin\jusched.exe ["C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"] -> [2008/06/10 03:27:04 | 00,144,784 | ---- | M] (Sun Microsystems, Inc.)
"TkBellExe" -> %CommonProgramFiles%\Real\Update_OB\realsched.exe ["C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot] -> [2008/01/29 10:38:33 | 00,185,896 | ---- | M] (RealNetworks, Inc.)
"Windows Defender" -> %ProgramFiles%\Windows Defender\MSASCui.exe ["C:\Program Files\Windows Defender\MSASCui.exe" -hide] -> [2006/11/03 19:20:12 | 00,866,584 | ---- | M] (Microsoft Corporation)
< RunOnce [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce -> 
"Malwarebytes' Anti-Malware" -> %ProgramFiles%\Malwarebytes' Anti-Malware\mbamgui.exe [C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent] -> [2008/10/22 16:10:24 | 00,399,504 | ---- | M] (Malwarebytes Corporation)
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"DellSupport" -> %ProgramFiles%\DellSupport\DSAgnt.exe ["C:\Program Files\DellSupport\DSAgnt.exe" /startup] -> [2007/03/15 10:09:36 | 00,460,784 | ---- | M] (Gteko Ltd.)
"DellSupportCenter" -> %ProgramFiles%\Dell Support Center\bin\sprtcmd.exe ["C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter] -> [2008/08/13 17:32:40 | 00,206,064 | ---- | M] (SupportSoft, Inc.)
"SpybotSD TeaTimer" -> %ProgramFiles%\Spybot - Search & Destroy\TeaTimer.exe [C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe] -> [2008/09/16 11:16:08 | 01,833,296 | RHS- | M] (Safer Networking Limited)
"swg" -> %ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe] -> [2007/06/18 11:49:43 | 00,068,856 | ---- | M] (Google Inc.)
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> 
%AllUsersProfile%\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> [2008/04/23 02:38:16 | 00,029,696 | ---- | M] (Adobe Systems Incorporated)
%AllUsersProfile%\Start Menu\Programs\Startup\Digital Line Detect.lnk -> %ProgramFiles%\Digital Line Detect\DLG.exe -> [2003/10/29 03:06:00 | 00,024,576 | ---- | M] (BVRP Software)
%AllUsersProfile%\Start Menu\Programs\Startup\HOTSYNCSHORTCUTNAME.lnk -> %ProgramFiles%\Palm\Hotsync.exe -> [2004/06/09 13:27:34 | 00,471,040 | ---- | M] (PalmSource, Inc)
%AllUsersProfile%\Start Menu\Programs\Startup\Wireless-G Notebook Adapter.lnk -> %ProgramFiles%\Linksys\Wireless-G Notebook Adapter\Gcc.exe -> [2005/06/10 07:23:24 | 00,036,864 | ---- | M] ()
< Bill Carpenter Startup Folder > -> C:\Documents and Settings\Bill Carpenter\Start Menu\Programs\Startup -> 
< Software Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer -> 
< Software Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer -> 
HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer\Control Panel
\Control Panel\\"Colors" ->  [0] -> File not found
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoCDBurning" ->  [0] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
\\"dontdisplaylastusername" ->  [0] -> File not found
\\"legalnoticecaption" ->  [] -> File not found
\\"legalnoticetext" ->  [] -> File not found
\\"shutdownwithoutlogon" ->  [1] -> File not found
\\"undockwithoutlogon" ->  [1] -> File not found
< CurrentVersion Policy Settings - Explorer [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [145] -> File not found
\\"NoDrives" ->  [0] -> File not found
\\"NoViewOnDrive" ->  [0] -> File not found
< CurrentVersion Policy Settings - System [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
\\"DisableRegistryTools" ->  [0] -> File not found
\\"DisableTaskMgr" ->  [0] -> File not found
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [Menu: Sun Java Console] -> [2008/06/10 03:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
{85d1f590-48f4-11d9-9669-0800200c9a66}:Exec [HKLM] -> %SystemRoot%\bdoscandel.exe [Menu: Uninstall BitDefender Online Scanner v8] -> [2008/01/09 14:01:48 | 00,053,248 | ---- | M] ()
{92780B25-18CC-41C8-B9BE-3C9C571A8263}:{FF059E31-CC5A-4E2E-BF3B-96E929D65503} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Button: Research] -> [2007/04/19 14:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation)
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Menu: Spybot - Search & Destroy Configuration] -> [2008/09/15 13:25:44 | 01,562,960 | RHS- | M] (Safer Networking Limited)
{e2e2dd38-d088-4134-82b7-f2ba38496583}:Exec [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [Menu: @xpsp3res.dll,-20001] -> [2008/04/13 12:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Button: Messenger] -> [2008/04/13 18:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Menu: Windows Messenger] -> [2008/04/13 18:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> 
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 54 domain(s) found. -> 
3 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 30 range(s) found. -> 
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{17492023-C23A-453E-A040-C7C580BBF700} [HKLM] -> http://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab[Windows Genuine Advantage Validation Tool] -> 
{2357B3CF-7F8D-4451-8D81-FD6097610AEE} [HKLM] -> http://activex.camfrogweb.com/advanced/2.0.2.3/cfweb_activex.camfrogweb.com-advanced-2.0.2.3_instmodule.exe[CamfrogWEB Advanced Unicode Control] -> 
{24B8CB65-C0D2-11D0-A523-444553540000} [HKLM] -> http://ww1.acehardware-acenet.com/ACENET/Controls/AceExpl/AceExpl.cab[AceExplorer Control] -> 
{41F841C0-AE16-11D5-8817-0050DA6EF5E5} [HKLM] -> http://ww1.acehardware-acenet.com/ACENET/controls/FarPoint60/fpspr60.cab[FarPoint Spread 6.0 (OLEDB)] -> 
{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} [HKLM] -> http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab[Reg Error: Key does not exist or could not be opened.] -> 
{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} [HKLM] -> http://download.bitdefender.com/resources/scan8/oscan8.cab[BDSCANONLINE Control] -> 
{67DABFBF-D0AB-41FA-9C46-CC0F21721616} [HKLM] -> http://download.divx.com/player/DivXBrowserPlugin.cab[DivXBrowserPlugin Object] -> 
{6A344D34-5231-452A-8A57-D064AC9B7862} [HKLM] -> https://webdl.symantec.com/activex/symdlmgr.cab[Symantec Download Manager] -> 
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} [HKLM] -> http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1131719767640[MUWebControl Class] -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab[Java Plug-in 1.6.0_07] -> 
{8BF1A503-001F-11D0-A296-00A0246497B9} [HKLM] -> http://ww1.acehardware-acenet.com/ACENET/Controls/ACENET/ACECTL.CAB[ACENET Control] -> 
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [HKLM] -> http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab[Reg Error: Value  does not exist or could not be read.] -> 
{9122D757-5A4F-4768-82C5-B4171D8556A7} [HKLM] -> http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab[PhotoPickConvert Class] -> 
{9600F64D-755F-11D4-A47F-0001023E6D5A} [HKLM] -> http://web1.shutterfly.com/downloads/Uploader.cab[Shutterfly Picture Upload Plugin] -> 
{BCC0FF27-31D9-4614-A68E-C18E1ADA4389} [HKLM] -> http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,23/mcgdmgr.cab[Reg Error: Key does not exist or could not be opened.] -> 
{C903C000-9C6E-419D-A0AC-2E760BBA3764} [HKLM] -> http://ww1.acehardware-acenet.com/ACENET/Controls/MCSi/McsiMenu.cab[MCSiMenuCtl Class] -> 
{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab[Java Plug-in 1.5.0_11] -> 
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/products/plugin/autodl/jinstall-160-windows-i586.cab[Java Plug-in 1.6.0_01] -> 
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab[Java Plug-in 1.6.0_02] -> 
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab[Java Plug-in 1.6.0_03] -> 
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab[Java Plug-in 1.6.0_05] -> 
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab[Java Plug-in 1.6.0_07] -> 
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab[Java Plug-in 1.6.0_07] -> 
AceIESecuritySettings [HKLM] -> http://ww1.acehardware-acenet.com/Controls/AceIESecuritySettings.CAB[Reg Error: Key does not exist or could not be opened.] -> 
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{1764BF16-C48D-4292-81DC-10BBD61AEF68} ->	(1394 Net Adapter) -> 
{52EDDCB6-32CC-4C87-9418-C3524CB4FECB} ->	(Wireless-G Notebook Adapter WPC54G V3) -> 
{54319505-42BA-44D5-9C1F-AF18427E5D69} ->	(Broadcom 440x 10/100 Integrated Controller) -> 
{816A0F8E-8066-4827-8512-AFDFB84C9C05} ->	(Westell WireSpeed Dual Connect Modem) -> 
{D1FFE8B4-768C-46C7-A439-D78095B29D00} ->	() -> 
IE Styles -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Styles
< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs -> 
*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls -> 
avgrsstx.dll -> %SystemRoot%\system32\avgrsstx.dll -> [2008/07/04 08:11:20 | 00,010,520 | ---- | M] (AVG Technologies CZ, s.r.o.)
*MultiFile Done* -> -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
mapipcss.exe ->  -> File not found
wkssdev5.exe ->  -> File not found
linkpact.exe ->  -> File not found
msvcfilt.exe ->  -> File not found
msjtimem.exe ->  -> File not found
feclrfts.exe ->  -> File not found
ir41onui.exe ->  -> File not found
jetesvcs.exe ->  -> File not found
cdini_ci.exe ->  -> File not found
igfxbduk.exe ->  -> File not found
kbdhdsl1.exe ->  -> File not found
lfifegdb.exe ->  -> File not found
mdmi2bin.exe ->  -> File not found
msvci_ci.exe ->  -> File not found
sjrpldrs.exe ->  -> File not found
ltdixmlr.exe ->  -> File not found
icaasdlg.exe ->  -> File not found
ialmctrs.exe ->  -> File not found
wextsbe.exe ->  -> File not found
tcpm_863.exe ->  -> File not found
himetask.exe ->  -> File not found
msjtlt48.exe ->  -> File not found
*MultiFile Done* -> -> 
*UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit -> 
C:\WINDOWS\system32\mapipcss.exe -> %SystemRoot%\system32\mapipcss.exe -> File not found
C:\WINDOWS\system32\wkssdev5.exe -> %SystemRoot%\system32\wkssdev5.exe -> File not found
C:\WINDOWS\system32\linkpact.exe -> %SystemRoot%\system32\linkpact.exe -> File not found
C:\WINDOWS\system32\msvcfilt.exe -> %SystemRoot%\system32\msvcfilt.exe -> File not found
C:\WINDOWS\system32\msjtimem.exe -> %SystemRoot%\system32\msjtimem.exe -> File not found
C:\WINDOWS\system32\feclrfts.exe -> %SystemRoot%\system32\feclrfts.exe -> File not found
C:\WINDOWS\system32\ir41onui.exe -> %SystemRoot%\system32\ir41onui.exe -> File not found
C:\WINDOWS\system32\jetesvcs.exe -> %SystemRoot%\system32\jetesvcs.exe -> File not found
C:\WINDOWS\system32\cdini_ci.exe -> %SystemRoot%\system32\cdini_ci.exe -> File not found
C:\WINDOWS\system32\igfxbduk.exe -> %SystemRoot%\system32\igfxbduk.exe -> File not found
C:\WINDOWS\system32\kbdhdsl1.exe -> %SystemRoot%\system32\kbdhdsl1.exe -> File not found
C:\WINDOWS\system32\lfifegdb.exe -> %SystemRoot%\system32\lfifegdb.exe -> File not found
C:\WINDOWS\system32\mdmi2bin.exe -> %SystemRoot%\system32\mdmi2bin.exe -> File not found
C:\WINDOWS\system32\msvci_ci.exe -> %SystemRoot%\system32\msvci_ci.exe -> File not found
C:\WINDOWS\system32\sjrpldrs.exe -> %SystemRoot%\system32\sjrpldrs.exe -> File not found
C:\WINDOWS\system32\ltdixmlr.exe -> %SystemRoot%\system32\ltdixmlr.exe -> File not found
C:\WINDOWS\system32\icaasdlg.exe -> %SystemRoot%\system32\icaasdlg.exe -> File not found
C:\WINDOWS\system32\ialmctrs.exe -> %SystemRoot%\system32\ialmctrs.exe -> File not found
C:\WINDOWS\system32\wextsbe.exe -> %SystemRoot%\system32\wextsbe.exe -> File not found
C:\WINDOWS\system32\tcpm_863.exe -> %SystemRoot%\system32\tcpm_863.exe -> File not found
C:\WINDOWS\system32\himetask.exe -> %SystemRoot%\system32\himetask.exe -> File not found
C:\WINDOWS\system32\msjtlt48.exe -> %SystemRoot%\system32\msjtlt48.exe -> File not found
*MultiFile Done* -> -> 
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 
igfxcui -> %SystemRoot%\system32\igfxdev.dll -> [2005/07/19 23:05:16 | 00,135,168 | ---- | M] (Intel Corporation)
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> 
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}" [HKLM] -> %ProgramFiles%\Windows Defender\MpShHook.dll [Microsoft AntiMalware ShellExecuteHook] -> [2006/11/03 19:20:00 | 00,083,224 | ---- | M] (Microsoft Corporation)
< Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List -> 
"%windir%\Network Diagnostic\xpnetdiag.exe" -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> [2008/04/13 12:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> [2008/04/13 18:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation)
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List -> 
"%windir%\Network Diagnostic\xpnetdiag.exe" -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> [2008/04/13 12:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> [2008/04/13 18:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation)
"C:\Program Files\America Online 9.0\waol.exe" -> C:\Program Files\America Online 9.0\waol.exe [C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0] -> File not found
"C:\Program Files\AVG\AVG8\avgemc.exe" -> C:\Program Files\AVG\AVG8\avgemc.exe [C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe] -> [2008/09/01 06:31:47 | 00,875,288 | ---- | M] (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG8\avgupd.exe" -> C:\Program Files\AVG\AVG8\avgupd.exe [C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe] -> [2008/08/28 11:08:47 | 00,641,304 | ---- | M] (AVG Technologies CZ, s.r.o.)
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" -> C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe [C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL] -> File not found
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" -> C:\Program Files\Common Files\AOL\ACS\AOLDial.exe [C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL] -> File not found
"C:\Program Files\Grisoft\AVG Free\avginet.exe" -> C:\Program Files\Grisoft\AVG Free\avginet.exe [C:\Program Files\Grisoft\AVG Free\avginet.exe:*:Enabled:avginet.exe] -> File not found
"C:\Program Files\iTunes\iTunes.exe" -> C:\Program Files\iTunes\iTunes.exe [C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes] -> [2007/06/01 15:51:24 | 14,778,432 | ---- | M] (Apple Inc.)
"C:\Program Files\Messenger\msmsgs.exe" -> C:\Program Files\Messenger\msmsgs.exe [C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger] -> [2008/04/13 18:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
"C:\Program Files\MSN Messenger\livecall.exe" -> C:\Program Files\MSN Messenger\livecall.exe [C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)] -> File not found
"C:\Program Files\MSN Messenger\msnmsgr.exe" -> C:\Program Files\MSN Messenger\msnmsgr.exe [C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1] -> File not found
"C:\Program Files\SmartFTP\SmartFTP.exe" -> C:\Program Files\SmartFTP\SmartFTP.exe [C:\Program Files\SmartFTP\SmartFTP.exe:*:Enabled:SmartFTP Client] -> File not found
"C:\Program Files\Windows Live\Messenger\livecall.exe" -> C:\Program Files\Windows Live\Messenger\livecall.exe [C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)] -> File not found
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" -> C:\Program Files\Windows Live\Messenger\msnmsgr.exe [C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger] -> File not found
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -> C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger] -> File not found
"C:\Program Files\Yahoo!\Messenger\YServer.exe" -> C:\Program Files\Yahoo!\Messenger\YServer.exe [C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server] -> File not found
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> 
"AlternateShell" -> cmd.exe -> 
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 -> 
"DisplayName" -> CD-ROM Driver -> 
"ImagePath" -> %SystemRoot%\system32\drivers\cdrom.sys [system32\DRIVERS\cdrom.sys] -> [2008/04/13 12:40:46 | 00,062,976 | ---- | M] (Microsoft Corporation)
< Drives with AutoRun files > ->  -> 
C:\AUTOEXEC.BAT [] -> %SystemDrive%\AUTOEXEC.BAT [ NTFS ] -> [2004/08/10 13:04:08 | 00,000,000 | ---- | M] ()
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> 
\{526188ae-0497-11dc-9300-001422de6816}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{526188ae-0497-11dc-9300-001422de6816}\Shell
\{526188ae-0497-11dc-9300-001422de6816}\Shell\\"" ->  [AutoRun] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{526188ae-0497-11dc-9300-001422de6816}\Shell\AutoRun
\{526188ae-0497-11dc-9300-001422de6816}\Shell\AutoRun\\"" ->  [Auto&Play] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{526188ae-0497-11dc-9300-001422de6816}\Shell\AutoRun\command
\{526188ae-0497-11dc-9300-001422de6816}\Shell\AutoRun\command\\"" -> %SystemRoot%\system32\url.dll [rundll32.exe url.dll,FileProtocolHandler LapNetWizard.exe] -> [2008/08/26 01:24:30 | 00,105,984 | ---- | M] (Microsoft Corporation)
\{7d0c4a9a-80a6-11dc-938a-001422de6816}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7d0c4a9a-80a6-11dc-938a-001422de6816}\Shell\AutoRun\command
\{7d0c4a9a-80a6-11dc-938a-001422de6816}\Shell\AutoRun\command\\"" -> E:\setupSNK.exe [E:\setupSNK.exe] -> File not found
\{e5cb18d2-82af-11da-9144-001422de6816}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e5cb18d2-82af-11da-9144-001422de6816}\Shell
\{e5cb18d2-82af-11da-9144-001422de6816}\Shell\\"" ->  [AutoRun] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e5cb18d2-82af-11da-9144-001422de6816}\Shell\AutoRun
\{e5cb18d2-82af-11da-9144-001422de6816}\Shell\AutoRun\\"" ->  [Auto&Play] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e5cb18d2-82af-11da-9144-001422de6816}\Shell\AutoRun\command
\{e5cb18d2-82af-11da-9144-001422de6816}\Shell\AutoRun\command\\"" -> F:\LapNetWizard.exe [F:\LapNetWizard.exe] -> File not found
 
 
[Files/Folders - Created Within 30 Days]
2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
_OTScanIt -> %SystemDrive%\_OTScanIt -> [2008/11/12 07:32:52 | 00,000,000 | ---D | C]
Dell Support Center.lnk -> %AllUsersProfile%\Desktop\Dell Support Center.lnk -> [2008/11/12 05:24:25 | 00,002,469 | ---- | C] ()
gmer.ini -> %SystemRoot%\gmer.ini -> [2008/11/10 10:36:42 | 00,000,345 | ---- | C] ()
gmer.sys -> %SystemRoot%\System32\drivers\gmer.sys -> [2008/11/10 10:36:37 | 00,085,969 | ---- | C] (GMER)
gmer_uninstall.cmd -> %SystemRoot%\gmer_uninstall.cmd -> [2008/11/10 10:36:37 | 00,000,080 | ---- | C] ()
gmer.dll -> %SystemRoot%\gmer.dll -> [2008/11/10 10:36:36 | 00,884,736 | ---- | C] ()
gmer.exe -> %SystemRoot%\gmer.exe -> [2008/11/10 10:36:36 | 00,811,008 | ---- | C] ()
gmer.exe -> %UserProfile%\Desktop\gmer.exe -> [2008/11/10 10:33:28 | 00,811,008 | ---- | C] ()
gmer -> %UserProfile%\Desktop\gmer -> [2008/11/10 10:32:48 | 00,000,000 | ---D | C]
gmer.zip -> %UserProfile%\Desktop\gmer.zip -> [2008/11/10 10:32:24 | 00,747,873 | ---- | C] ()
OTScanIt2 -> %UserProfile%\Desktop\OTScanIt2 -> [2008/11/10 10:25:58 | 00,000,000 | ---D | C]
OTScanIt2.exe -> %UserProfile%\Desktop\OTScanIt2.exe -> [2008/11/10 10:25:41 | 00,635,481 | ---- | C] ()
spca561.sys -> %SystemRoot%\System32\drivers\spca561.sys -> [2008/10/26 20:28:31 | 00,119,798 | ---- | C] (SP)
Tw561a.ini -> %SystemRoot%\Tw561a.ini -> [2008/10/26 20:28:31 | 00,014,385 | ---- | C] ()
dshow508.ax -> %SystemRoot%\System32\dshow508.ax -> [2008/10/26 20:28:31 | 00,014,336 | ---- | C] (Microsoft Corporation)
Tw561a.src -> %SystemRoot%\Tw561a.src -> [2008/10/26 20:28:31 | 00,007,431 | ---- | C] ()
Setup8a.ini -> %SystemRoot%\Setup8a.ini -> [2008/10/26 20:28:30 | 00,000,081 | ---- | C] ()
ShowBmp.exe -> %SystemRoot%\ShowBmp.exe -> [2008/10/26 20:28:29 | 00,118,784 | ---- | C] ()
ap561.exe -> %SystemRoot%\ap561.exe -> [2008/10/26 20:28:29 | 00,053,248 | ---- | C] (Sunplus)
Setup2K -> %SystemRoot%\Setup2K -> [2008/10/26 20:28:29 | 00,000,000 | ---D | C]
netapi32.dll -> %SystemRoot%\System32\dllcache\netapi32.dll -> [2008/10/26 06:51:41 | 00,337,408 | ---- | C] (Microsoft Corporation)
bitscan102208.html -> %UserProfile%\Desktop\bitscan102208.html -> [2008/10/22 13:38:52 | 00,017,747 | ---- | C] ()
HJTInstall.exe -> %UserProfile%\Desktop\HJTInstall.exe -> [2008/10/22 06:47:01 | 00,812,344 | ---- | C] (Trend Micro Inc.)
wg6n.sys -> %SystemRoot%\System32\drivers\wg6n.sys -> [2008/10/22 06:28:27 | 00,014,568 | ---- | C] (Sygate Technologies, Inc.)
wg5n.sys -> %SystemRoot%\System32\drivers\wg5n.sys -> [2008/10/22 06:28:26 | 00,014,568 | ---- | C] (Sygate Technologies, Inc.)
wg4n.sys -> %SystemRoot%\System32\drivers\wg4n.sys -> [2008/10/22 06:28:26 | 00,014,568 | ---- | C] (Sygate Technologies, Inc.)
wg3n.sys -> %SystemRoot%\System32\drivers\wg3n.sys -> [2008/10/22 06:28:25 | 00,014,568 | ---- | C] (Sygate Technologies, Inc.)
Teefer.sys -> %SystemRoot%\System32\drivers\Teefer.sys -> [2008/10/22 06:28:24 | 00,060,496 | ---- | C] (Sygate Technologies, Inc.)
wpsdrvnt.sys -> %SystemRoot%\System32\drivers\wpsdrvnt.sys -> [2008/10/22 06:28:21 | 00,021,075 | ---- | C] (Sygate Technologies, Inc.)
SSSensor.dll -> %SystemRoot%\System32\SSSensor.dll -> [2008/10/22 06:28:08 | 00,083,096 | ---- | C] (Sygate Technologies, Inc.)
Sygate -> %ProgramFiles%\Sygate -> [2008/10/22 06:27:59 | 00,000,000 | ---D | C]
bitdefenderlog.html -> %UserProfile%\Desktop\bitdefenderlog.html -> [2008/10/22 05:03:04 | 05,641,565 | ---- | C] ()
BDOSCAN8 -> %SystemRoot%\BDOSCAN8 -> [2008/10/21 16:53:24 | 00,000,000 | ---D | C]
Ad-Watch.lnk -> %AllUsersProfile%\Desktop\Ad-Watch.lnk -> [2008/10/21 13:58:52 | 00,000,793 | ---- | C] ()
Ad-Aware.lnk -> %AllUsersProfile%\Desktop\Ad-Aware.lnk -> [2008/10/21 13:58:52 | 00,000,793 | ---- | C] ()
Lavasoft -> %ProgramFiles%\Lavasoft -> [2008/10/21 13:58:43 | 00,000,000 | ---D | C]
Lavasoft -> %AllUsersProfile%\Application Data\Lavasoft -> [2008/10/21 13:58:42 | 00,000,000 | ---D | C]
Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard -> [2008/10/21 13:58:06 | 00,000,000 | ---D | C]
Malwarebytes -> %AppData%\Malwarebytes -> [2008/10/21 10:01:12 | 00,000,000 | ---D | C]
Malwarebytes' Anti-Malware.lnk -> %AllUsersProfile%\Desktop\Malwarebytes' Anti-Malware.lnk -> [2008/10/21 10:01:08 | 00,000,696 | ---- | C] ()
mbam.sys -> %SystemRoot%\System32\drivers\mbam.sys -> [2008/10/21 10:01:07 | 00,015,504 | ---- | C] (Malwarebytes Corporation)
mbamswissarmy.sys -> %SystemRoot%\System32\drivers\mbamswissarmy.sys -> [2008/10/21 10:01:04 | 00,038,496 | ---- | C] (Malwarebytes Corporation)
Malwarebytes -> %AllUsersProfile%\Application Data\Malwarebytes -> [2008/10/21 10:01:02 | 00,000,000 | ---D | C]
Malwarebytes' Anti-Malware -> %ProgramFiles%\Malwarebytes' Anti-Malware -> [2008/10/21 10:01:01 | 00,000,000 | ---D | C]
mbam-setup.exe -> %UserProfile%\Desktop\mbam-setup.exe -> [2008/10/21 09:59:19 | 02,351,896 | ---- | C] (Malwarebytes Corporation									)
Applications -> %ProgramFiles%\Applications -> [2008/10/21 08:31:54 | 00,000,000 | ---D | C]
At9.job -> %SystemRoot%\tasks\At9.job -> [2008/10/21 08:24:28 | 00,000,350 | ---- | C] ()
At8.job -> %SystemRoot%\tasks\At8.job -> [2008/10/21 08:24:28 | 00,000,350 | ---- | C] ()
At7.job -> %SystemRoot%\tasks\At7.job -> [2008/10/21 08:24:28 | 00,000,350 | ---- | C] ()
At6.job -> %SystemRoot%\tasks\At6.job -> [2008/10/21 08:24:28 | 00,000,350 | ---- | C] ()
At5.job -> %SystemRoot%\tasks\At5.job -> [2008/10/21 08:24:28 | 00,000,350 | ---- | C] ()
At4.job -> %SystemRoot%\tasks\At4.job -> [2008/10/21 08:24:28 | 00,000,350 | ---- | C] ()
At3.job -> %SystemRoot%\tasks\At3.job -> [2008/10/21 08:24:28 | 00,000,350 | ---- | C] ()
At24.job -> %SystemRoot%\tasks\At24.job -> [2008/10/21 08:24:28 | 00,000,350 | ---- | C] ()
At23.job -> %SystemRoot%\tasks\At23.job -> [2008/10/21 08:24:28 | 00,000,350 | ---- | C] ()
At22.job -> %SystemRoot%\tasks\At22.job -> [2008/10/21 08:24:28 | 00,000,350 | ---- | C] ()
At21.job -> %SystemRoot%\tasks\At21.job -> [2008/10/21 08:24:28 | 00,000,350 | ---- | C] ()
At20.job -> %SystemRoot%\tasks\At20.job -> [2008/10/21 08:24:28 | 00,000,350 | ---- | C] ()
At2.job -> %SystemRoot%\tasks\At2.job -> [2008/10/21 08:24:28 | 00,000,350 | ---- | C] ()
At19.job -> %SystemRoot%\tasks\At19.job -> [2008/10/21 08:24:28 | 00,000,350 | ---- | C] ()
At18.job -> %SystemRoot%\tasks\At18.job -> [2008/10/21 08:24:28 | 00,000,350 | ---- | C] ()
At17.job -> %SystemRoot%\tasks\At17.job -> [2008/10/21 08:24:28 | 00,000,350 | ---- | C] ()
At16.job -> %SystemRoot%\tasks\At16.job -> [2008/10/21 08:24:28 | 00,000,350 | ---- | C] ()
At15.job -> %SystemRoot%\tasks\At15.job -> [2008/10/21 08:24:28 | 00,000,350 | ---- | C] ()
At14.job -> %SystemRoot%\tasks\At14.job -> [2008/10/21 08:24:28 | 00,000,350 | ---- | C] ()
At13.job -> %SystemRoot%\tasks\At13.job -> [2008/10/21 08:24:28 | 00,000,350 | ---- | C] ()
At12.job -> %SystemRoot%\tasks\At12.job -> [2008/10/21 08:24:28 | 00,000,350 | ---- | C] ()
At11.job -> %SystemRoot%\tasks\At11.job -> [2008/10/21 08:24:28 | 00,000,350 | ---- | C] ()
At10.job -> %SystemRoot%\tasks\At10.job -> [2008/10/21 08:24:28 | 00,000,350 | ---- | C] ()
At1.job -> %SystemRoot%\tasks\At1.job -> [2008/10/21 08:24:27 | 00,000,350 | ---- | C] ()
HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk -> [2008/10/21 07:20:22 | 00,001,734 | ---- | C] ()
Trend Micro -> %ProgramFiles%\Trend Micro -> [2008/10/21 07:20:22 | 00,000,000 | ---D | C]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [2008/10/20 15:19:32 | 52,789,2480 | -HS- | C] ()
cc_20081020_140115.reg -> %UserProfile%\My Documents\cc_20081020_140115.reg -> [2008/10/20 13:01:17 | 00,000,888 | ---- | C] ()
Revo Uninstaller.lnk -> %UserProfile%\Desktop\Revo Uninstaller.lnk -> [2008/10/15 09:24:10 | 00,000,917 | ---- | C] ()
VS Revo Group -> %ProgramFiles%\VS Revo Group -> [2008/10/15 09:24:09 | 00,000,000 | ---D | C]
True Sword -> %AppData%\True Sword -> [2008/10/15 07:32:27 | 00,000,000 | ---D | C]
True Sword 5 -> %ProgramFiles%\True Sword 5 -> [2008/10/15 07:32:15 | 00,000,000 | ---D | C]
srv.sys -> %SystemRoot%\System32\dllcache\srv.sys -> [2008/10/14 18:43:51 | 00,333,824 | ---- | C] (Microsoft Corporation)
ntkrnlmp.exe -> %SystemRoot%\System32\dllcache\ntkrnlmp.exe -> [2008/10/14 18:43:45 | 02,145,280 | ---- | C] (Microsoft Corporation)
ntoskrnl.exe -> %SystemRoot%\System32\dllcache\ntoskrnl.exe -> [2008/10/14 18:43:44 | 02,189,184 | ---- | C] (Microsoft Corporation)
ntkrnlpa.exe -> %SystemRoot%\System32\dllcache\ntkrnlpa.exe -> [2008/10/14 18:43:43 | 02,066,048 | ---- | C] (Microsoft Corporation)
ntkrpamp.exe -> %SystemRoot%\System32\dllcache\ntkrpamp.exe -> [2008/10/14 18:43:43 | 02,023,936 | ---- | C] (Microsoft Corporation)
win32k.sys -> %SystemRoot%\System32\dllcache\win32k.sys -> [2008/10/14 18:43:16 | 01,846,400 | ---- | C] (Microsoft Corporation)
Panda Security -> %ProgramFiles%\Panda Security -> [2008/10/14 13:54:23 | 00,000,000 | ---D | C]
 
[Files/Folders - Modified Within 30 Days]
14 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader -> [2005/11/01 02:11:53 | 00,000,000 | ---D | M]
qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [2008/11/12 05:26:17 | 00,011,181 | ---- | M] ()
qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [2008/11/12 05:26:17 | 00,010,767 | ---- | M] ()
C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA -> [2005/11/09 18:58:37 | 00,000,000 | ---D | M]
opa11.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa11.dat -> [2005/11/09 18:59:51 | 00,011,100 | ---- | M] ()
C:\WINDOWS\Temp\ -> C:\WINDOWS\Temp -> [2008/11/12 07:43:11 | 00,000,000 | ---D | M]
Perflib_Perfdata_1a8.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_1a8.dat -> [2008/11/12 07:39:43 | 00,016,384 | ---- | M] ()
At9.job -> %SystemRoot%\tasks\At9.job -> [2008/11/12 08:00:00 | 00,000,350 | ---- | M] ()
PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI -> [2008/11/12 07:44:11 | 00,445,630 | ---- | M] ()
perfh009.dat -> %SystemRoot%\System32\perfh009.dat -> [2008/11/12 07:44:11 | 00,385,164 | ---- | M] ()
perfc009.dat -> %SystemRoot%\System32\perfc009.dat -> [2008/11/12 07:44:11 | 00,054,682 | ---- | M] ()
wpa.dbl -> %SystemRoot%\System32\wpa.dbl -> [2008/11/12 07:41:18 | 00,002,206 | ---- | M] ()
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [2008/11/12 07:39:14 | 00,000,006 | -H-- | M] ()
bootstat.dat -> %SystemRoot%\bootstat.dat -> [2008/11/12 07:39:04 | 00,002,048 | --S- | M] ()
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [2008/11/12 07:39:02 | 52,789,2480 | -HS- | M] ()
At7.job -> %SystemRoot%\tasks\At7.job -> [2008/11/12 06:00:00 | 00,000,350 | ---- | M] ()
Dell Support Center.lnk -> %AllUsersProfile%\Desktop\Dell Support Center.lnk -> [2008/11/12 05:24:25 | 00,002,469 | ---- | M] ()
At17.job -> %SystemRoot%\tasks\At17.job -> [2008/11/10 16:00:00 | 00,000,350 | ---- | M] ()
At12.job -> %SystemRoot%\tasks\At12.job -> [2008/11/10 11:00:00 | 00,000,350 | ---- | M] ()
gmer.ini -> %SystemRoot%\gmer.ini -> [2008/11/10 10:50:34 | 00,000,345 | ---- | M] ()
gmer.zip -> %UserProfile%\Desktop\gmer.zip -> [2008/11/10 10:37:55 | 00,747,873 | ---- | M] ()
gmer.dll -> %SystemRoot%\gmer.dll -> [2008/11/10 10:36:37 | 00,884,736 | ---- | M] ()
gmer.sys -> %SystemRoot%\System32\drivers\gmer.sys -> [2008/11/10 10:36:37 | 00,085,969 | ---- | M] (GMER)
gmer_uninstall.cmd -> %SystemRoot%\gmer_uninstall.cmd -> [2008/11/10 10:36:37 | 00,000,080 | ---- | M] ()
OTScanIt2.exe -> %UserProfile%\Desktop\OTScanIt2.exe -> [2008/11/10 10:25:43 | 00,635,481 | ---- | M] ()
At11.job -> %SystemRoot%\tasks\At11.job -> [2008/11/10 10:00:00 | 00,000,350 | ---- | M] ()
At10.job -> %SystemRoot%\tasks\At10.job -> [2008/11/10 09:00:00 | 00,000,350 | ---- | M] ()
At20.job -> %SystemRoot%\tasks\At20.job -> [2008/11/08 19:00:00 | 00,000,350 | ---- | M] ()
At16.job -> %SystemRoot%\tasks\At16.job -> [2008/11/08 15:00:00 | 00,000,350 | ---- | M] ()
At13.job -> %SystemRoot%\tasks\At13.job -> [2008/11/07 12:00:00 | 00,000,350 | ---- | M] ()
CCleaner.lnk -> %UserProfile%\Desktop\CCleaner.lnk -> [2008/11/06 10:45:10 | 00,001,548 | ---- | M] ()
At21.job -> %SystemRoot%\tasks\At21.job -> [2008/11/05 20:00:00 | 00,000,350 | ---- | M] ()
At19.job -> %SystemRoot%\tasks\At19.job -> [2008/11/05 18:00:00 | 00,000,350 | ---- | M] ()
At18.job -> %SystemRoot%\tasks\At18.job -> [2008/11/05 17:00:00 | 00,000,350 | ---- | M] ()
At15.job -> %SystemRoot%\tasks\At15.job -> [2008/11/04 14:00:00 | 00,000,350 | ---- | M] ()
At14.job -> %SystemRoot%\tasks\At14.job -> [2008/11/04 13:00:00 | 00,000,350 | ---- | M] ()
QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [2008/11/04 08:09:14 | 00,054,156 | -H-- | M] ()
At8.job -> %SystemRoot%\tasks\At8.job -> [2008/11/02 07:00:00 | 00,000,350 | ---- | M] ()
At6.job -> %SystemRoot%\tasks\At6.job -> [2008/11/02 05:00:00 | 00,000,350 | ---- | M] ()
At5.job -> %SystemRoot%\tasks\At5.job -> [2008/11/02 04:00:00 | 00,000,350 | ---- | M] ()
At4.job -> %SystemRoot%\tasks\At4.job -> [2008/11/02 03:00:00 | 00,000,350 | ---- | M] ()
MP Scheduled Scan.job -> %SystemRoot%\tasks\MP Scheduled Scan.job -> [2008/11/02 02:21:00 | 00,000,330 | -H-- | M] ()
At3.job -> %SystemRoot%\tasks\At3.job -> [2008/11/02 02:00:00 | 00,000,350 | ---- | M] ()
At2.job -> %SystemRoot%\tasks\At2.job -> [2008/11/02 00:00:00 | 00,000,350 | ---- | M] ()
At1.job -> %SystemRoot%\tasks\At1.job -> [2008/11/01 23:08:00 | 00,000,350 | ---- | M] ()
At24.job -> %SystemRoot%\tasks\At24.job -> [2008/11/01 22:00:00 | 00,000,350 | ---- | M] ()
At23.job -> %SystemRoot%\tasks\At23.job -> [2008/11/01 21:00:00 | 00,000,350 | ---- | M] ()
At22.job -> %SystemRoot%\tasks\At22.job -> [2008/11/01 20:00:00 | 00,000,350 | ---- | M] ()
AVSDVDPlayer.m3u -> %AppData%\AVSDVDPlayer.m3u -> [2008/11/01 05:41:50 | 00,000,124 | ---- | M] ()
win.ini -> %SystemRoot%\win.ini -> [2008/10/26 20:30:01 | 00,000,933 | ---- | M] ()
mbamswissarmy.sys -> %SystemRoot%\System32\drivers\mbamswissarmy.sys -> [2008/10/22 16:10:38 | 00,038,496 | ---- | M] (Malwarebytes Corporation)
mbam.sys -> %SystemRoot%\System32\drivers\mbam.sys -> [2008/10/22 16:10:22 | 00,015,504 | ---- | M] (Malwarebytes Corporation)
bitscan102208.html -> %UserProfile%\Desktop\bitscan102208.html -> [2008/10/22 13:29:29 | 00,017,747 | ---- | M] ()
HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk -> [2008/10/22 06:47:48 | 00,001,734 | ---- | M] ()
HJTInstall.exe -> %UserProfile%\Desktop\HJTInstall.exe -> [2008/10/22 06:47:01 | 00,812,344 | ---- | M] (Trend Micro Inc.)
bitdefenderlog.html -> %UserProfile%\Desktop\bitdefenderlog.html -> [2008/10/21 22:15:27 | 05,641,565 | ---- | M] ()
IconCache.db -> %UserProfile%\Local Settings\Application Data\IconCache.db -> [2008/10/21 15:31:37 | 04,320,448 | -H-- | M] ()
Ad-Watch.lnk -> %AllUsersProfile%\Desktop\Ad-Watch.lnk -> [2008/10/21 13:58:52 | 00,000,793 | ---- | M] ()
Ad-Aware.lnk -> %AllUsersProfile%\Desktop\Ad-Aware.lnk -> [2008/10/21 13:58:52 | 00,000,793 | ---- | M] ()
Malwarebytes' Anti-Malware.lnk -> %AllUsersProfile%\Desktop\Malwarebytes' Anti-Malware.lnk -> [2008/10/21 10:01:08 | 00,000,696 | ---- | M] ()
mbam-setup.exe -> %UserProfile%\Desktop\mbam-setup.exe -> [2008/10/21 09:59:32 | 02,351,896 | ---- | M] (Malwarebytes Corporation									)
My Sharing Folders.lnk -> %UserProfile%\My Documents\My Sharing Folders.lnk -> [2008/10/20 13:29:15 | 00,000,930 | ---- | M] ()
cc_20081020_140115.reg -> %UserProfile%\My Documents\cc_20081020_140115.reg -> [2008/10/20 13:01:19 | 00,000,888 | ---- | M] ()
netapi32.dll -> %SystemRoot%\System32\netapi32.dll -> [2008/10/15 10:34:24 | 00,337,408 | ---- | M] (Microsoft Corporation)
netapi32.dll -> %SystemRoot%\System32\dllcache\netapi32.dll -> [2008/10/15 10:34:24 | 00,337,408 | ---- | M] (Microsoft Corporation)
Revo Uninstaller.lnk -> %UserProfile%\Desktop\Revo Uninstaller.lnk -> [2008/10/15 09:24:10 | 00,000,917 | ---- | M] ()
FNTCACHE.DAT -> %SystemRoot%\System32\FNTCACHE.DAT -> [2008/10/14 18:55:44 | 00,193,776 | ---- | M] ()
hosts -> %SystemRoot%\System32\drivers\etc\hosts -> [2008/10/14 11:40:55 | 00,263,639 | ---- | M] ()
< End of report >

Mbam:
Malwarebytes' Anti-Malware 1.30
Database version: 1388
Windows 5.1.2600 Service Pack 3

11/12/2008 8:03:42 AM
mbam-log-2008-11-12 (08-03-42).txt

Scan type: Quick Scan
Objects scanned: 63087
Time elapsed: 10 minute(s), 55 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9034a523-d068-4be8-a284-9df278be776e} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{be1a344f-9ff5-4024-949b-52205e6db2d0} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{144a6b24-0ebc-4d89-bf09-a06a718e57b5} (Trojan.Zlob) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#6 GoddardCat

GoddardCat
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:01:36 AM

Posted 12 November 2008 - 09:19 AM

iam still getting the same error messages and yahoo/msn messenger will not run.

#7 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:36 AM

Posted 12 November 2008 - 11:53 AM

Hello.

I don't think those errors are malware related.

Download and Run SmitFraudFix
You can find complete instructions for running SmitFraudFix in the link below:
http://www.bleepingcomputer.com/forums/t/17258/how-to-remove-the-smitfraud-generic-zlob-quicknavigate-virtual-maid/
  • Please download SmitFraudFix by S!Ri to your desktop.
  • Boot your computer into Safe Mode before we can run this tool.
  • Double click the icon to run it.
  • Select Option 2 by typing 2 and hitting Enter.
  • The scan will progress. Answer Yes to any prompts you receive. This will include running disk cleanup and removing infected files.
  • The tool will restart your computer.
  • Upon reboot, a log file located at C:\rapport.txt will open. Copy its contents into your next reply.
How to Boot into Safe Mode
Print out all intructions to be carried out in Safe Mode, or save them onto your desktop as you will not be able to access the forum where you are recieveing help.

If you are unfimiliar with the boot process, please jot down the boot instructions.
  • Shutdown your computer.
  • Press the power on button.
  • Wait for your computer to beep.
  • After hearing the beep, hit the F8 key repeatedly until you see a selection screen.
  • Use your arrow keys to navigate the highlight to Safe Mode.
  • Hit Enter.
  • You will now be asked to choose your operating system. Again, use the arrow keys to select Microsoft Windows XP, if the highlight was not already on it.
  • Hit Enter.
Your computer will proceed to booting into Safe Mode. During the boot process, you may see random code go past your screen. Simply wait for it to pass. Your computer should boot like usually, except with Safe Mode written in the corners of your screen. Your screen may also appear to be a different size because the video drivers are not loaded properly in Safe Mode.

After the boot, you will be asked whether you wish to use system restore, or to continue to Safe Mode. Select OK to choose Safe mode.

Run Scan with Kaspersky
Please do a scan with Kaspersky Online Scanner.

This scan is for Internet Explorer Only.

If you are using Windows Vista, open your browser by right-clicking on its icon and select Run as administrator to perform this scan.

  • Please disable your realtime protection software before proceeding. Refer to this page if you are unsure how.
  • Open the Kaspersky Scanner page.
  • Click on Accept and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
You can refer to this animation by sundavis.

This scanner will only scan. It does not remove any malware it finds.


Please post back with:
-the SmitFraudFix log
-the Kaspersky log
-a new HijackThis log

With Regards,
The Panda

#8 GoddardCat

GoddardCat
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:01:36 AM

Posted 12 November 2008 - 01:19 PM

I can't get Kaspersky to run. It downloads to 20% the stops and I get an IE error message:

Program has failed to start. Close the kaspersky Online Scanner 7.0 Window and open it again to install the program.

[ERROR:java.lang.UnsastisfiedLinkError:C:Documents and SettingsBill CarpenterLocalSettingsTempjkos-Bill Carpenter inarieskosglue-7.0.25.0.dll:
The referenced assembly is not installed on your system]

#9 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:36 AM

Posted 12 November 2008 - 03:13 PM

Hello.

Let's try F-Secure.

F-Secure Online Scan
Please run F-Secure Online Scanner.
This scan is for Internet Explorer only.
  • It is suggested that you disable security programs and close any other windows during the scan. While your security is disabled, please refrain from surfing on other sites. Refer to this page if you are unsure how.
  • Go to F-Secure Online Scanner
  • Follow the instructions here for installation.
  • Accept the License Agreement.
  • Once the ActiveX installs, click Full System Scan
  • Once the download completes, the scan will begin automatically. The scan will take some time to finish, so please be patient.
  • When the scan completes, click the Automatic cleaning (recommended) button.
  • Click the Show Report button and copy the entire report in your next reply.
  • Be sure to re-enable any security programs.

If it still won't work , skip this. Post back with a new HijackThis log and OTScanIt.

With Regards,
The Panda

#10 GoddardCat

GoddardCat
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:01:36 AM

Posted 12 November 2008 - 08:35 PM

F-secure:

Scanning Report
Wednesday, November 12, 2008 17:44:21 - 19:21:34
Computer name: BILLS
Scanning type: Scan system for malware, rootkits
Target: C:\


--------------------------------------------------------------------------------

Result: 6 malware found
RiskTool.Win32.Reboot (spyware)
System
TrackingCookie.2o7 (spyware)
System
TrackingCookie.Advertising (spyware)
System

OTSCan:

OTScanIt2 logfile created on: 11/12/2008 7:30:58 PM - Run 4
OTScanIt2 by OldTimer - Version 1.0.0.33b	 Folder = C:\Documents and Settings\Bill Carpenter\Desktop\OTScanIt2
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
503.37 Mb Total Physical Memory | 163.88 Mb Available Physical Memory | 32.56% Memory free
1.44 Gb Paging File | 0.78 Gb Available in Paging File | 53.98% Paging File free
Paging file location(s): C:\pagefile.sys 1000 1512;
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 34.09 Gb Total Space | 17.57 Gb Free Space | 51.55% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: BILLS
Current User Name: Bill Carpenter
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On
File Age = 30 Days
 
[Processes - Safe List]
aawservice.exe -> %ProgramFiles%\Lavasoft\Ad-Aware\aawservice.exe -> [2008/10/21 14:01:15 | 00,611,664 | ---- | M] (Lavasoft)
aswupdsv.exe -> %ProgramFiles%\Alwil Software\Avast4\aswUpdSv.exe -> [2008/07/19 08:25:06 | 00,016,056 | ---- | M] (ALWIL Software)
ashserv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashServ.exe -> [2008/07/19 08:38:28 | 00,147,640 | ---- | M] (ALWIL Software)
googleupdaterservice.exe -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> [2008/10/14 17:14:36 | 00,168,432 | ---- | M] (Google)
jqs.exe -> %ProgramFiles%\Java\jre6\bin\jqs.exe -> [2008/11/12 11:51:53 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.)
nicconfigsvc.exe -> %ProgramFiles%\Dell\NicConfigSvc\NicConfigSvc.exe -> [2005/03/03 23:29:02 | 00,356,352 | ---- | M] (Dell Inc.)
nicserv.exe -> %ProgramFiles%\Linksys\Wireless-G Notebook Adapter\NICServ.exe -> [2003/11/13 13:29:40 | 00,455,680 | ---- | M] ()
sprtsvc.exe -> %ProgramFiles%\Dell Support Center\bin\sprtsvc.exe -> [2008/08/13 17:32:40 | 00,201,968 | ---- | M] (SupportSoft, Inc.)
symlcsvc.exe -> %CommonProgramFiles%\Symantec Shared\CCPD-LC\symlcsvc.exe -> [2008/01/23 14:58:01 | 01,251,720 | ---- | M] ()
wmiprvse.exe -> %SystemRoot%\system32\wbem\wmiprvse.exe -> [2008/04/13 18:12:40 | 00,218,112 | ---- | M] (Microsoft Corporation)
apoint.exe -> %ProgramFiles%\Apoint\Apoint.exe -> [2004/09/13 16:33:20 | 00,155,648 | ---- | M] (Alps Electric Co., Ltd.)
hkcmd.exe -> %SystemRoot%\system32\hkcmd.exe -> [2005/07/19 23:06:12 | 00,077,824 | ---- | M] (Intel Corporation)
igfxpers.exe -> %SystemRoot%\system32\igfxpers.exe -> [2005/07/19 23:10:06 | 00,114,688 | ---- | M] (Intel Corporation)
igfxsrvc.exe -> %SystemRoot%\system32\igfxsrvc.exe -> [2005/07/19 23:06:04 | 00,159,744 | ---- | M] (Intel Corporation)
pcmservice.exe -> %ProgramFiles%\Dell\Media Experience\PCMService.exe -> [2004/04/11 20:15:14 | 00,290,816 | ---- | M] (CyberLink Corp.)
hpztsb09.exe -> %SystemRoot%\system32\spool\drivers\w32x86\3\hpztsb09.exe -> [2004/05/04 01:21:22 | 00,176,128 | ---- | M] (HP)
hphmon05.exe -> %SystemRoot%\system32\hphmon05.exe -> [2004/05/04 16:17:06 | 00,491,520 | ---- | M] (Hewlett-Packard)
apntex.exe -> %ProgramFiles%\Apoint\ApntEx.exe -> [2004/08/19 14:40:08 | 00,045,056 | ---- | M] (Alps Electric Co., Ltd.)
qttask.exe -> %ProgramFiles%\QuickTime\qttask.exe -> [2007/04/27 08:41:54 | 00,282,624 | ---- | M] (Apple Inc.)
ituneshelper.exe -> %ProgramFiles%\iTunes\iTunesHelper.exe -> [2007/06/01 15:51:26 | 00,257,088 | ---- | M] (Apple Inc.)
jusched.exe -> %ProgramFiles%\Java\jre6\bin\jusched.exe -> [2008/11/12 11:51:53 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.)
realsched.exe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> [2008/01/29 10:38:33 | 00,185,896 | ---- | M] (RealNetworks, Inc.)
sprtcmd.exe -> %ProgramFiles%\Dell Support Center\bin\sprtcmd.exe -> [2008/08/13 17:32:40 | 00,206,064 | ---- | M] (SupportSoft, Inc.)
ashdisp.exe -> %ProgramFiles%\Alwil Software\Avast4\ashDisp.exe -> [2008/07/19 08:38:34 | 00,078,008 | ---- | M] (ALWIL Software)
dsagnt.exe -> %ProgramFiles%\DellSupport\DSAgnt.exe -> [2007/03/15 10:09:36 | 00,460,784 | ---- | M] (Gteko Ltd.)
ipodservice.exe -> %ProgramFiles%\iPod\bin\iPodService.exe -> [2007/06/01 15:51:22 | 00,501,312 | ---- | M] (Apple Inc.)
googletoolbarnotifier.exe -> %ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe -> [2007/06/18 11:49:43 | 00,068,856 | ---- | M] (Google Inc.)
dlg.exe -> %ProgramFiles%\Digital Line Detect\DLG.exe -> [2003/10/29 03:06:00 | 00,024,576 | ---- | M] (BVRP Software)
hotsync.exe -> %ProgramFiles%\Palm\Hotsync.exe -> [2004/06/09 13:27:34 | 00,471,040 | ---- | M] (PalmSource, Inc)
gcc.exe -> %ProgramFiles%\Linksys\Wireless-G Notebook Adapter\Gcc.exe -> [2005/06/10 07:23:24 | 00,036,864 | ---- | M] ()
odhost.exe -> %ProgramFiles%\Linksys\Wireless-G Notebook Adapter\OdHost.exe -> [2004/09/01 19:16:04 | 00,024,641 | ---- | M] ()
smc.exe -> %ProgramFiles%\Sygate\SPF\Smc.exe -> [2004/10/15 18:40:56 | 02,577,632 | ---- | M] (Sygate Technologies, Inc.)
hpzipm12.exe -> %SystemRoot%\system32\HPZipm12.exe -> [2004/03/18 16:55:48 | 00,065,536 | ---- | M] (HP)
iexplore.exe -> %ProgramFiles%\Internet Explorer\iexplore.exe -> [2008/08/22 23:56:15 | 00,635,848 | ---- | M] (Microsoft Corporation)
fsgk32.exe -> %UserProfile%\Local Settings\Temp\OnlineScanner\Anti-Virus\fsgk32.exe -> [2008/11/12 17:44:04 | 00,413,696 | ---- | M] (F-Secure Corp.)
fssm32.exe -> %UserProfile%\Local Settings\Temp\OnlineScanner\Anti-Virus\fssm32.exe -> [2008/11/12 17:44:04 | 00,494,592 | ---- | M] (F-Secure Corp.)
otscanit2.exe -> %UserProfile%\Desktop\OTScanIt2\OTScanIt2.exe -> [2008/11/09 11:18:54 | 00,464,896 | ---- | M] (OldTimer Tools)
 
[Win32 Services - Safe List]
(aawservice) Lavasoft Ad-Aware Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Lavasoft\Ad-Aware\aawservice.exe -> [2008/10/21 14:01:15 | 00,611,664 | ---- | M] (Lavasoft)
(aspnet_state) ASP.NET State Service [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -> [2004/07/15 01:49:26 | 00,032,768 | ---- | M] (Microsoft Corporation)
(aswUpdSv) avast! iAVS4 Control Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Alwil Software\Avast4\aswUpdSv.exe -> [2008/07/19 08:25:06 | 00,016,056 | ---- | M] (ALWIL Software)
(avast! Antivirus) avast! Antivirus [Win32_Own | Auto | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashServ.exe -> [2008/07/19 08:38:28 | 00,147,640 | ---- | M] (ALWIL Software)
(avast! Mail Scanner) avast! Mail Scanner [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Alwil Software\Avast4\ashMaiSv.exe -> [2008/07/19 08:38:04 | 00,250,040 | ---- | M] (ALWIL Software)
(avast! Web Scanner) avast! Web Scanner [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Alwil Software\Avast4\ashWebSv.exe -> [2008/07/23 08:25:45 | 00,348,344 | ---- | M] (ALWIL Software)
(avg8emc) AVG8 E-mail Scanner [Win32_Own | Auto | Stopped] -> %ProgramFiles%\AVG\AVG8\avgemc.exe -> [2008/09/01 06:31:47 | 00,875,288 | ---- | M] (AVG Technologies CZ, s.r.o.)
(avg8wd) AVG8 WatchDog [Win32_Own | Auto | Stopped] -> %ProgramFiles%\AVG\AVG8\avgwdsvc.exe -> [2008/09/01 06:31:39 | 00,231,704 | ---- | M] (AVG Technologies CZ, s.r.o.)
(DSBrokerService) DSBrokerService [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\DellSupport\brkrsvc.exe -> [2007/03/07 14:47:46 | 00,076,848 | ---- | M] ()
(gusvc) Google Updater Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> [2008/10/14 17:14:36 | 00,168,432 | ---- | M] (Google)
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> [2005/04/03 23:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation)
(iPod Service) iPod Service [Win32_Own | On_Demand | Running] -> %ProgramFiles%\iPod\bin\iPodService.exe -> [2007/06/01 15:51:22 | 00,501,312 | ---- | M] (Apple Inc.)
(JavaQuickStarterService) Java Quick Starter [Win32_Own | Auto | Running] -> %ProgramFiles%\Java\jre6\bin\jqs.exe -> [2008/11/12 11:51:53 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.)
(NICCONFIGSVC) NICCONFIGSVC [Win32_Own | Auto | Running] -> %ProgramFiles%\Dell\NicConfigSvc\NicConfigSvc.exe -> [2005/03/03 23:29:02 | 00,356,352 | ---- | M] (Dell Inc.)
(NICSer_WPC54G) NICSer_WPC54G [Win32_Own | Auto | Running] -> %ProgramFiles%\Linksys\Wireless-G Notebook Adapter\NICServ.exe -> [2003/11/13 13:29:40 | 00,455,680 | ---- | M] ()
(ose) Office Source Engine [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Microsoft Shared\Source Engine\OSE.EXE -> [2003/07/28 12:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation)
(Pml Driver HPZ12) Pml Driver HPZ12 [Win32_Own | On_Demand | Running] -> %SystemRoot%\system32\HPZipm12.exe -> [2004/03/18 16:55:48 | 00,065,536 | ---- | M] (HP)
(SmcService) Sygate Personal Firewall [Win32_Own | Auto | Running] -> %ProgramFiles%\Sygate\SPF\Smc.exe -> [2004/10/15 18:40:56 | 02,577,632 | ---- | M] (Sygate Technologies, Inc.)
(sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter) [Win32_Own | Auto | Running] -> %ProgramFiles%\Dell Support Center\bin\sprtsvc.exe -> [2008/08/13 17:32:40 | 00,201,968 | ---- | M] (SupportSoft, Inc.)
(Symantec Core LC) Symantec Core LC [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\CCPD-LC\symlcsvc.exe -> [2008/01/23 14:58:01 | 01,251,720 | ---- | M] ()
(WinDefend) Windows Defender [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Windows Defender\MsMpEng.exe -> [2006/11/03 19:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation)
(WLSetupSvc) Windows Live Setup Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Windows Live\installer\WLSetupSvc.exe -> [2007/10/25 15:27:54 | 00,266,240 | ---- | M] (Microsoft Corporation)
(WMPNetworkSvc) Windows Media Player Network Sharing Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Windows Media Player\wmpnetwk.exe -> [2006/10/18 19:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation)
 
[Driver Services - Safe List]
(Aavmker4) avast! Asynchronous Virus Monitor [Kernel | System | Running] -> %SystemRoot%\System32\drivers\aavmker4.sys -> [2008/07/19 08:32:15 | 00,026,944 | ---- | M] (ALWIL Software)
(AliIde) AliIde [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\aliide.sys -> [2001/08/17 13:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.)
(amdagp) AMD AGP Bus Filter Driver [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\amdagp.sys -> [2008/04/13 12:36:39 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.)
(ApfiltrService) Alps Touch Pad Filter Driver for Windows 2000/XP [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\Apfiltr.sys -> [2004/11/16 16:03:52 | 00,108,791 | ---- | M] (Alps Electric Co., Ltd.)
(APPDRV) APPDRV [Kernel | System | Running] -> %SystemRoot%\system32\drivers\APPDRV.SYS -> [2004/08/18 14:53:54 | 00,016,128 | ---- | M] (Dell Inc)
(asc) asc [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\asc.sys -> [2001/08/17 13:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.)
(asc3550) asc3550 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\asc3550.sys -> [2001/08/17 13:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.)
(Aspi32) Aspi32 [Kernel | System | Running] -> %SystemRoot%\System32\drivers\aspi32.sys -> [2002/07/17 08:53:02 | 00,016,877 | ---- | M] (Adaptec)
(aswFsBlk) aswFsBlk [File_System | Auto | Running] -> %SystemRoot%\system32\drivers\aswFsBlk.sys -> [2008/07/19 08:37:42 | 00,020,560 | ---- | M] (ALWIL Software)
(aswMon2) avast! Standard Shield Support [File_System | Auto | Running] -> %SystemRoot%\System32\drivers\aswmon2.sys -> [2008/07/19 08:37:21 | 00,094,416 | ---- | M] (ALWIL Software)
(aswRdr) aswRdr [Kernel | On_Demand | Running] -> %SystemRoot%\System32\drivers\aswRdr.sys -> [2008/07/19 08:33:42 | 00,023,152 | ---- | M] (ALWIL Software)
(aswSP) avast! Self Protection [Kernel | System | Running] -> %SystemRoot%\System32\drivers\aswSP.sys -> [2008/07/19 08:35:18 | 00,078,416 | ---- | M] (ALWIL Software)
(aswTdi) avast! Network Shield Support [Kernel | System | Running] -> %SystemRoot%\System32\drivers\aswTdi.sys -> [2008/07/19 08:32:36 | 00,042,912 | ---- | M] (ALWIL Software)
(AvgLdx86) AVG AVI Loader Driver x86 [Kernel | System | Stopped] -> %SystemRoot%\system32\drivers\avgldx86.sys -> [2008/09/01 06:31:33 | 00,097,928 | ---- | M] (AVG Technologies CZ, s.r.o.)
(AvgMfx86) AVG On-access Scanner Minifilter Driver x86 [File_System | System | Running] -> %SystemRoot%\system32\drivers\avgmfx86.sys -> [2008/07/04 08:11:18 | 00,026,824 | ---- | M] (AVG Technologies CZ, s.r.o.)
(AvgTdiX) AVG8 Network Redirector [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\avgtdix.sys -> [2008/07/04 08:12:03 | 00,076,040 | ---- | M] (AVG Technologies CZ, s.r.o.)
(BCM42RLY) BCM42RLY [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\bcm42rly.sys -> [2004/12/17 13:52:58 | 00,017,992 | ---- | M] (Broadcom Corporation)
(BCM43XX) 802.11 Network Adapter Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\BCMWL5.SYS -> [2005/02/11 21:46:22 | 00,371,712 | ---- | M] (Broadcom Corporation)
(bcm4sbxp) Broadcom 440x 10/100 Integrated Controller XP Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\bcm4sbxp.sys -> [2004/05/26 20:18:18 | 00,044,928 | ---- | M] (Broadcom Corporation)
(BCMNTIO) BCMNTIO [Kernel | Auto | Running] -> %ProgramFiles%\CheckIt\Diagnostics\BCMNTIO.SYS -> [2004/03/05 16:09:00 | 00,003,744 | ---- | M] ()
(CA561) ICatch (VI) PC Camera [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\spca561.sys -> [2002/10/01 13:43:32 | 00,119,798 | ---- | M] (SP)
(CBTNDIS5) CBTNDIS5 NDIS Protocol Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\CBTNDIS5.sys -> [2003/07/16 22:28:02 | 00,017,142 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA))
(CmdIde) CmdIde [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\cmdide.sys -> [2001/08/17 13:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.)
(dac2w2k) dac2w2k [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dac2w2k.sys -> [2001/08/17 13:52:16 | 00,179,584 | ---- | M] (Mylex Corporation)
(DSproct) DSproct [Kernel | On_Demand | Running] -> %ProgramFiles%\DellSupport\GTAction\triggers\DSproct.sys -> [2006/10/05 15:07:28 | 00,004,736 | ---- | M] (Gteko Ltd.)
(dsunidrv) DellSupport UniDriver [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\dsunidrv.sys -> [2007/02/25 11:10:48 | 00,005,376 | --S- | M] (Gteko Ltd.)
(E100B) Intel(R) PRO Adapter Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\e100b325.sys -> [2001/08/17 12:12:10 | 00,117,760 | ---- | M] (Intel Corporation)
(eeCtrl) Symantec Eraser Control driver [Kernel | System | Running] -> %CommonProgramFiles%\Symantec Shared\EENGINE\eeCtrl.sys -> [2008/01/18 03:00:00 | 00,385,072 | ---- | M] (Symantec Corporation)
(GEARAspiWDM) GEARAspiWDM [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\GEARAspiWDM.sys -> [2006/09/19 15:44:04 | 00,015,664 | ---- | M] (GEAR Software Inc.)
(gmer) gmer [Kernel | System | Running] -> %SystemRoot%\system32\drivers\gmer.sys -> [2008/11/10 10:36:37 | 00,085,969 | ---- | M] (GMER)
(HPZid412) IEEE-1284.4 Driver HPZid412 [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\hpzid412.sys -> [2004/03/17 21:22:42 | 00,051,088 | R--- | M] (HP)
(HPZipr12) Print Class Driver for IEEE-1284.4 HPZipr12 [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\HPZipr12.sys -> [2004/03/17 21:22:44 | 00,016,496 | R--- | M] (HP)
(HPZius12) USB to IEEE-1284.4 Translation Driver HPZius12 [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\HPZius12.sys -> [2004/03/17 21:21:02 | 00,021,744 | ---- | M] (HP)
(HSFHWICH) HSFHWICH [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\HSFHWICH.sys -> [2004/06/17 20:57:02 | 00,200,064 | ---- | M] (Conexant Systems, Inc.)
(HSF_DP) HSF_DP [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\HSF_DP.sys -> [2004/06/17 20:55:04 | 01,041,536 | ---- | M] (Conexant Systems, Inc.)
(ialm) ialm [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ialmnt5.sys -> [2005/07/19 23:34:22 | 01,049,180 | ---- | M] (Intel Corporation)
(kbdhid) Keyboard HID Driver [Kernel | System | Stopped] -> %SystemRoot%\system32\drivers\kbdhid.sys -> [2008/04/13 12:39:48 | 00,014,592 | ---- | M] (Microsoft Corporation)
(MAPMEM) MAPMEM [Kernel | Auto | Running] -> %ProgramFiles%\CheckIt\Diagnostics\MAPMEM.SYS -> [2004/03/05 16:09:02 | 00,003,904 | ---- | M] ()
(mdmxsdk) mdmxsdk [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\mdmxsdk.sys -> [2004/03/17 18:04:14 | 00,013,059 | ---- | M] (Conexant)
(mraid35x) mraid35x [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\mraid35x.sys -> [2001/08/17 13:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.)
(nv) nv [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\nv4_mini.sys -> [2004/08/03 22:29:56 | 01,897,408 | ---- | M] (NVIDIA Corporation)
(odysseyIM4) Odyssey Network Agent Miniport [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\odysseyIM4.sys -> [2004/09/24 23:36:44 | 00,173,056 | ---- | M] (Funk Software, Inc.)
(omci) OMCI WDM Device Driver [Kernel | System | Running] -> %SystemRoot%\system32\drivers\omci.sys -> [2004/02/13 16:46:00 | 00,017,153 | ---- | M] (Dell Inc)
(PalmUSBD) PalmUSBD [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\PalmUSBD.sys -> [2007/05/03 14:52:05 | 00,016,694 | ---- | M] (PalmSource, Inc.)
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ptilink.sys -> [2004/08/04 05:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.)
(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\pxhelp20.sys -> [2005/04/25 02:03:00 | 00,020,640 | ---- | M] (Sonic Solutions)
(ql1080) ql1080 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\ql1080.sys -> [2001/08/17 13:52:20 | 00,040,320 | ---- | M] (QLogic Corporation)
(ql12160) ql12160 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\ql12160.sys -> [2001/08/17 13:52:20 | 00,045,312 | ---- | M] (QLogic Corporation)
(ql1280) ql1280 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\ql1280.sys -> [2001/08/17 13:52:18 | 00,049,024 | ---- | M] (QLogic Corporation)
(sdbus) sdbus [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\sdbus.sys -> [2008/04/13 12:36:44 | 00,079,232 | ---- | M] (Microsoft Corporation)
(Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\secdrv.sys -> [2007/11/13 04:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
(Ser2pl) Prolific Serial port driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\ser2pl.sys -> [2003/07/16 00:27:40 | 00,043,264 | R--- | M] (Prolific Technology Inc.)
(sffdisk) SFF Storage Class Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\sffdisk.sys -> [2008/04/13 12:40:47 | 00,011,904 | ---- | M] (Microsoft Corporation)
(sffp_sd) SFF Storage Protocol Driver for SDBus [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\sffp_sd.sys -> [2008/04/13 12:40:47 | 00,011,008 | ---- | M] (Microsoft Corporation)
(sisagp) SIS AGP Bus Filter [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\sisagp.sys -> [2008/04/13 12:36:39 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation)
(Sparrow) Sparrow [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\sparrow.sys -> [2001/08/17 14:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.)
(STAC97) SigmaTel C-Major Audio [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\STAC97.sys -> [2005/03/10 22:56:06 | 00,273,168 | ---- | M] (SigmaTel, Inc.)
(symc810) symc810 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\symc810.sys -> [2001/08/17 14:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.)
(symc8xx) symc8xx [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\symc8xx.sys -> [2001/08/17 14:07:36 | 00,032,640 | ---- | M] (LSI Logic)
(SymEvent) SymEvent [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\SYMEVENT.SYS -> [2008/06/02 19:48:44 | 00,123,952 | ---- | M] (Symantec Corporation)
(symlcbrd) symlcbrd [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\symlcbrd.sys -> [2006/08/17 14:09:05 | 00,010,344 | ---- | M] (Symantec Corporation)
(sym_hi) sym_hi [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\sym_hi.sys -> [2001/08/17 14:07:40 | 00,028,384 | ---- | M] (LSI Logic)
(sym_u3) sym_u3 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\sym_u3.sys -> [2001/08/17 14:07:42 | 00,030,688 | ---- | M] (LSI Logic)
(Teefer) Teefer for NT [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\Teefer.sys -> [2004/10/15 17:17:02 | 00,060,496 | ---- | M] (Sygate Technologies, Inc.)
(ultra) ultra [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\ultra.sys -> [2001/08/17 13:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.)
(USB_RNDIS_XP) Westell WireSpeed Dual Connect Modem [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\usb8023.sys -> [2008/04/13 12:56:49 | 00,012,800 | ---- | M] (Microsoft Corporation)
(wg3n) SyGate for NT, wg3n [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\wg3n.sys -> [2004/10/15 17:32:38 | 00,014,568 | ---- | M] (Sygate Technologies, Inc.)
(wg4n) SyGate for NT, wg4n [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\wg4n.sys -> [2004/10/15 17:32:40 | 00,014,568 | ---- | M] (Sygate Technologies, Inc.)
(wg5n) SyGate for NT, wg5n [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\wg5n.sys -> [2004/10/15 17:32:42 | 00,014,568 | ---- | M] (Sygate Technologies, Inc.)
(wg6n) SyGate for NT, wg6n [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\wg6n.sys -> [2004/10/15 17:32:44 | 00,014,568 | ---- | M] (Sygate Technologies, Inc.)
(winachsf) winachsf [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\HSF_CNXT.sys -> [2004/06/17 20:55:38 | 00,685,056 | ---- | M] (Conexant Systems, Inc.)
(wpsdrvnt) wpsdrvnt [Kernel | System | Running] -> %SystemRoot%\system32\drivers\wpsdrvnt.sys -> [2004/10/15 17:18:46 | 00,021,075 | ---- | M] (Sygate Technologies, Inc.)
(F-Secure Standalone Minifilter) F-Secure Standalone Minifilter [Kernel | On_Demand | Running] -> %UserProfile%\Local Settings\Temp\OnlineScanner\Anti-Virus\fsgk.sys -> [2008/11/12 17:43:32 | 00,065,024 | ---- | M] ()
 
[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome -> 
HKEY_LOCAL_MACHINE\: Main\\"Default_Search_URL" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_LOCAL_MACHINE\: Main\\"Default_Secondary_Page_URL" ->  -> 
HKEY_LOCAL_MACHINE\: Main\\"Extensions Off Page" -> about:NoAdd-ons -> 
HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> C:\windows\system32\blank.htm -> 
HKEY_LOCAL_MACHINE\: Main\\"Search Page" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_LOCAL_MACHINE\: Main\\"Security Risk Page" -> about:SecurityRisk -> 
HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home -> 
HKEY_LOCAL_MACHINE\: Search\\"CustomizeSearch" -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> 
HKEY_LOCAL_MACHINE\: Search\\"Default_Search_URL" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_LOCAL_MACHINE\: Search\\"SearchAssistant" -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> 
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 
HKEY_CURRENT_USER\: Main\\"Local Page" -> C:\windows\system32\blank.htm -> 
HKEY_CURRENT_USER\: Main\\"Search Page" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_CURRENT_USER\: Main\\"Start Page" -> http://centralkansas.cox.net/cci/home -> 
HKEY_CURRENT_USER\: SearchURL\\"" -> http://home.microsoft.com/access/autosearch.asp?p=%s -> 
HKEY_CURRENT_USER\: "ProxyEnable" -> 0 -> 
< HOSTS File > (263571 bytes and 9165 lines) -> C:\WINDOWS\System32\drivers\etc\Hosts -> 
First 25 entries...
127.0.0.1 localhost
127.0.0.1	www.007guard.com
127.0.0.1	007guard.com
127.0.0.1	010402.com
127.0.0.1	www.032439.com
127.0.0.1	032439.com
127.0.0.1	www.100888290cs.com
127.0.0.1	100888290cs.com
127.0.0.1	www.100sexlinks.com
127.0.0.1	100sexlinks.com
127.0.0.1	www.10sek.com
127.0.0.1	10sek.com
127.0.0.1	www.123topsearch.com
127.0.0.1	123topsearch.com
127.0.0.1	www.132.com
127.0.0.1	132.com
127.0.0.1	www.136136.net
127.0.0.1	136136.net
127.0.0.1	www.163ns.com
127.0.0.1	163ns.com
127.0.0.1	171203.com
127.0.0.1	17-plus.com
127.0.0.1	www.1800searchonline.com
127.0.0.1	1800searchonline.com
127.0.0.1	www.180searchassistant.com
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{02478D38-C3F9-4EFB-9B51-7695ECA05670} [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn0\yt.dll [&Yahoo! Toolbar Helper] -> [2007/12/18 15:49:22 | 00,817,936 | ---- | M] (Yahoo! Inc.)
{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} [HKLM] -> %ProgramFiles%\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL [Ask Search Assistant BHO] -> [2007/12/28 08:25:11 | 00,066,912 | ---- | M] (Ask.com)
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> [2006/12/18 03:16:42 | 00,059,032 | ---- | M] (Adobe Systems Incorporated)
{3049C3E9-B461-4BC5-8870-4C09146192CA} [HKLM] -> %ProgramFiles%\Real\RealPlayer\rpbrowserrecordplugin.dll [RealPlayer Download and Record Plugin for Internet Explorer] -> [2008/01/29 10:40:28 | 00,370,296 | ---- | M] (RealPlayer)
{5A263CF7-56A6-4D68-A8CF-345BE45BC911} [HKLM] -> %ProgramFiles%\Yahoo!\Search\YSearchSuggest.dll [Yahoo! IE Suggest] -> [2007/02/23 17:04:32 | 00,140,840 | ---- | M] (Yahoo! Inc.)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre6\bin\ssv.dll [Java(tm) Plug-In SSV Helper] -> [2008/11/12 11:51:54 | 00,320,920 | ---- | M] (Sun Microsystems, Inc.)
{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKLM] -> %ProgramFiles%\Google\GoogleToolbar2.dll [Google Toolbar Helper] -> [2007/05/11 06:53:23 | 02,403,392 | R--- | M] (Google Inc.)
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKLM] -> %ProgramFiles%\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll [Google Toolbar Notifier BHO] -> [2008/10/14 17:14:43 | 00,652,784 | ---- | M] (Google Inc.)
{DBC80044-A445-435b-BC74-9C25C1C588A9} [HKLM] -> %ProgramFiles%\Java\jre6\bin\jp2ssv.dll [Java(tm) Plug-In 2 SSV Helper] -> [2008/11/12 11:51:53 | 00,034,816 | ---- | M] (Sun Microsystems, Inc.)
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} [HKLM] -> %ProgramFiles%\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [JQSIEStartDetectorImpl Class] -> [2008/11/12 11:51:55 | 00,073,728 | ---- | M] (Sun Microsystems, Inc.)
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" [HKLM] -> %ProgramFiles%\Google\GoogleToolbar2.dll [&Google] -> [2007/05/11 06:53:23 | 02,403,392 | R--- | M] (Google Inc.)
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn0\yt.dll [Yahoo! Toolbar] -> [2007/12/18 15:49:22 | 00,817,936 | ---- | M] (Yahoo! Inc.)
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> 
ShellBrowser\\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" [HKLM] -> %ProgramFiles%\Google\GoogleToolbar2.dll [&Google] -> [2007/05/11 06:53:23 | 02,403,392 | R--- | M] (Google Inc.)
WebBrowser\\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" [HKLM] -> %ProgramFiles%\Google\GoogleToolbar2.dll [&Google] -> [2007/05/11 06:53:23 | 02,403,392 | R--- | M] (Google Inc.)
WebBrowser\\"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn0\yt.dll [Yahoo! Toolbar] -> [2007/12/18 15:49:22 | 00,817,936 | ---- | M] (Yahoo! Inc.)
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"Apoint" -> %ProgramFiles%\Apoint\Apoint.exe ["C:\Program Files\Apoint\Apoint.exe"] -> [2004/09/13 16:33:20 | 00,155,648 | ---- | M] (Alps Electric Co., Ltd.)
"avast!" -> %ProgramFiles%\Alwil Software\Avast4\ashDisp.exe [C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe] -> [2008/07/19 08:38:34 | 00,078,008 | ---- | M] (ALWIL Software)
"DellSupportCenter" -> %ProgramFiles%\Dell Support Center\bin\sprtcmd.exe ["C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter] -> [2008/08/13 17:32:40 | 00,206,064 | ---- | M] (SupportSoft, Inc.)
"dscactivate" -> %ProgramFiles%\Dell Support Center\gs_agent\custom\dsca.exe ["C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"] -> [2007/11/15 09:24:00 | 00,016,384 | ---- | M] ( )
"HPDJ Taskbar Utility" -> %SystemRoot%\system32\spool\drivers\w32x86\3\hpztsb09.exe [C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe] -> [2004/05/04 01:21:22 | 00,176,128 | ---- | M] (HP)
"HPHmon05" -> %SystemRoot%\system32\hphmon05.exe [C:\WINDOWS\system32\hphmon05.exe] -> [2004/05/04 16:17:06 | 00,491,520 | ---- | M] (Hewlett-Packard)
"hpqSRMon" -> %ProgramFiles%\Hewlett-Packard\Digital Imaging\bin\HpqSRmon.exe ["C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSRMon.exe"] -> [2008/10/21 06:45:25 | 00,080,896 | ---- | M] (Hewlett-Packard)
"igfxhkcmd" -> %SystemRoot%\system32\hkcmd.exe [C:\WINDOWS\system32\hkcmd.exe] -> [2005/07/19 23:06:12 | 00,077,824 | ---- | M] (Intel Corporation)
"igfxpers" -> %SystemRoot%\system32\igfxpers.exe [C:\WINDOWS\system32\igfxpers.exe] -> [2005/07/19 23:10:06 | 00,114,688 | ---- | M] (Intel Corporation)
"igfxtray" -> %SystemRoot%\system32\igfxtray.exe [C:\WINDOWS\system32\igfxtray.exe] -> [2005/07/19 23:09:26 | 00,094,208 | ---- | M] (Intel Corporation)
"ISUSPM Startup" -> %CommonProgramFiles%\InstallShield\UpdateService\ISUSPM.exe ["C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup] -> [2005/06/10 10:44:02 | 00,249,856 | ---- | M] (InstallShield Software Corporation)
"ISUSScheduler" -> %CommonProgramFiles%\InstallShield\UpdateService\issch.exe ["C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start] -> [2005/06/10 10:44:02 | 00,081,920 | ---- | M] (InstallShield Software Corporation)
"iTunesHelper" -> %ProgramFiles%\iTunes\iTunesHelper.exe ["C:\Program Files\iTunes\iTunesHelper.exe"] -> [2007/06/01 15:51:26 | 00,257,088 | ---- | M] (Apple Inc.)
"PCMService" -> %ProgramFiles%\Dell\Media Experience\PCMService.exe ["C:\Program Files\Dell\Media Experience\PCMService.exe"] -> [2004/04/11 20:15:14 | 00,290,816 | ---- | M] (CyberLink Corp.)
"QuickTime Task" -> %ProgramFiles%\QuickTime\qttask.exe ["C:\Program Files\QuickTime\qttask.exe" -atboottime] -> [2007/04/27 08:41:54 | 00,282,624 | ---- | M] (Apple Inc.)
"SmcService" -> %ProgramFiles%\Sygate\SPF\Smc.exe [C:\PROGRA~1\Sygate\SPF\smc.exe -startgui] -> [2004/10/15 18:40:56 | 02,577,632 | ---- | M] (Sygate Technologies, Inc.)
"SunJavaUpdateSched" -> %ProgramFiles%\Java\jre6\bin\jusched.exe ["C:\Program Files\Java\jre6\bin\jusched.exe"] -> [2008/11/12 11:51:53 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.)
"TkBellExe" -> %CommonProgramFiles%\Real\Update_OB\realsched.exe ["C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot] -> [2008/01/29 10:38:33 | 00,185,896 | ---- | M] (RealNetworks, Inc.)
"Windows Defender" -> %ProgramFiles%\Windows Defender\MSASCui.exe ["C:\Program Files\Windows Defender\MSASCui.exe" -hide] -> [2006/11/03 19:20:12 | 00,866,584 | ---- | M] (Microsoft Corporation)
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"DellSupport" -> %ProgramFiles%\DellSupport\DSAgnt.exe ["C:\Program Files\DellSupport\DSAgnt.exe" /startup] -> [2007/03/15 10:09:36 | 00,460,784 | ---- | M] (Gteko Ltd.)
"DellSupportCenter" -> %ProgramFiles%\Dell Support Center\bin\sprtcmd.exe ["C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter] -> [2008/08/13 17:32:40 | 00,206,064 | ---- | M] (SupportSoft, Inc.)
"Messenger (Yahoo!)" -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe ["C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet] -> [2008/11/05 21:59:00 | 04,347,120 | ---- | M] (Yahoo! Inc.)
"swg" -> %ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe] -> [2007/06/18 11:49:43 | 00,068,856 | ---- | M] (Google Inc.)
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> 
%AllUsersProfile%\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> [2008/04/23 02:38:16 | 00,029,696 | ---- | M] (Adobe Systems Incorporated)
%AllUsersProfile%\Start Menu\Programs\Startup\Digital Line Detect.lnk -> %ProgramFiles%\Digital Line Detect\DLG.exe -> [2003/10/29 03:06:00 | 00,024,576 | ---- | M] (BVRP Software)
%AllUsersProfile%\Start Menu\Programs\Startup\HOTSYNCSHORTCUTNAME.lnk -> %ProgramFiles%\Palm\Hotsync.exe -> [2004/06/09 13:27:34 | 00,471,040 | ---- | M] (PalmSource, Inc)
%AllUsersProfile%\Start Menu\Programs\Startup\Wireless-G Notebook Adapter.lnk -> %ProgramFiles%\Linksys\Wireless-G Notebook Adapter\Gcc.exe -> [2005/06/10 07:23:24 | 00,036,864 | ---- | M] ()
< Bill Carpenter Startup Folder > -> C:\Documents and Settings\Bill Carpenter\Start Menu\Programs\Startup -> 
< Software Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer -> 
< Software Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer -> 
HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer\Control Panel
\Control Panel\\"Colors" ->  [0] -> File not found
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoCDBurning" ->  [0] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
\\"dontdisplaylastusername" ->  [0] -> File not found
\\"legalnoticecaption" ->  [] -> File not found
\\"legalnoticetext" ->  [] -> File not found
\\"shutdownwithoutlogon" ->  [1] -> File not found
\\"undockwithoutlogon" ->  [1] -> File not found
< CurrentVersion Policy Settings - Explorer [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [145] -> File not found
\\"NoViewOnDrive" ->  [0] -> File not found
< CurrentVersion Policy Settings - System [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{85d1f590-48f4-11d9-9669-0800200c9a66}:Exec [HKLM] -> %SystemRoot%\bdoscandel.exe [Menu: Uninstall BitDefender Online Scanner v8] -> [2008/01/09 14:01:48 | 00,053,248 | ---- | M] ()
{92780B25-18CC-41C8-B9BE-3C9C571A8263}:{FF059E31-CC5A-4E2E-BF3B-96E929D65503} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Button: Research] -> [2007/04/19 14:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation)
{e2e2dd38-d088-4134-82b7-f2ba38496583}:Exec [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [Menu: @xpsp3res.dll,-20001] -> [2008/04/13 12:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Button: Messenger] -> [2008/04/13 18:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Menu: Windows Messenger] -> [2008/04/13 18:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> 
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 54 domain(s) found. -> 
3 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 30 range(s) found. -> 
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{17492023-C23A-453E-A040-C7C580BBF700} [HKLM] -> http://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab[Windows Genuine Advantage Validation Tool] -> 
{2357B3CF-7F8D-4451-8D81-FD6097610AEE} [HKLM] -> http://activex.camfrogweb.com/advanced/2.0.2.3/cfweb_activex.camfrogweb.com-advanced-2.0.2.3_instmodule.exe[CamfrogWEB Advanced Unicode Control] -> 
{24B8CB65-C0D2-11D0-A523-444553540000} [HKLM] -> http://ww1.acehardware-acenet.com/ACENET/Controls/AceExpl/AceExpl.cab[AceExplorer Control] -> 
{41F841C0-AE16-11D5-8817-0050DA6EF5E5} [HKLM] -> http://ww1.acehardware-acenet.com/ACENET/controls/FarPoint60/fpspr60.cab[FarPoint Spread 6.0 (OLEDB)] -> 
{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} [HKLM] -> http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab[Reg Error: Key does not exist or could not be opened.] -> 
{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} [HKLM] -> http://download.bitdefender.com/resources/scan8/oscan8.cab[BDSCANONLINE Control] -> 
{67DABFBF-D0AB-41FA-9C46-CC0F21721616} [HKLM] -> http://download.divx.com/player/DivXBrowserPlugin.cab[DivXBrowserPlugin Object] -> 
{6A344D34-5231-452A-8A57-D064AC9B7862} [HKLM] -> https://webdl.symantec.com/activex/symdlmgr.cab[Symantec Download Manager] -> 
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} [HKLM] -> http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1131719767640[MUWebControl Class] -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab[Java Plug-in 1.6.0_10] -> 
{8BF1A503-001F-11D0-A296-00A0246497B9} [HKLM] -> http://ww1.acehardware-acenet.com/ACENET/Controls/ACENET/ACECTL.CAB[ACENET Control] -> 
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [HKLM] -> http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab[Reg Error: Value  does not exist or could not be read.] -> 
{9122D757-5A4F-4768-82C5-B4171D8556A7} [HKLM] -> http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab[PhotoPickConvert Class] -> 
{9600F64D-755F-11D4-A47F-0001023E6D5A} [HKLM] -> http://web1.shutterfly.com/downloads/Uploader.cab[Shutterfly Picture Upload Plugin] -> 
{BCC0FF27-31D9-4614-A68E-C18E1ADA4389} [HKLM] -> http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,23/mcgdmgr.cab[Reg Error: Key does not exist or could not be opened.] -> 
{BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} [HKLM] -> http://support.f-secure.com/ols/fscax.cab[F-Secure Online Scanner 3.3] -> 
{C903C000-9C6E-419D-A0AC-2E760BBA3764} [HKLM] -> http://ww1.acehardware-acenet.com/ACENET/Controls/MCSi/McsiMenu.cab[MCSiMenuCtl Class] -> 
{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab[Java Plug-in 1.5.0_11] -> 
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/products/plugin/autodl/jinstall-160-windows-i586.cab[Java Plug-in 1.6.0_01] -> 
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab[Java Plug-in 1.6.0_02] -> 
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab[Java Plug-in 1.6.0_03] -> 
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab[Java Plug-in 1.6.0_05] -> 
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab[Java Plug-in 1.6.0_07] -> 
{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab[Java Plug-in 1.6.0_10] -> 
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab[Java Plug-in 1.6.0_10] -> 
AceIESecuritySettings [HKLM] -> http://ww1.acehardware-acenet.com/Controls/AceIESecuritySettings.CAB[Reg Error: Key does not exist or could not be opened.] -> 
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{1764BF16-C48D-4292-81DC-10BBD61AEF68} ->	(1394 Net Adapter) -> 
{52EDDCB6-32CC-4C87-9418-C3524CB4FECB} ->	(Wireless-G Notebook Adapter WPC54G V3) -> 
{54319505-42BA-44D5-9C1F-AF18427E5D69} ->	(Broadcom 440x 10/100 Integrated Controller) -> 
{816A0F8E-8066-4827-8512-AFDFB84C9C05} ->	(Westell WireSpeed Dual Connect Modem) -> 
{D1FFE8B4-768C-46C7-A439-D78095B29D00} ->	() -> 
IE Styles -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Styles
< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs -> 
*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls -> 
avgrsstx.dll -> %SystemRoot%\system32\avgrsstx.dll -> [2008/07/04 08:11:20 | 00,010,520 | ---- | M] (AVG Technologies CZ, s.r.o.)
*MultiFile Done* -> -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
mapipcss.exe ->  -> File not found
wkssdev5.exe ->  -> File not found
linkpact.exe ->  -> File not found
msvcfilt.exe ->  -> File not found
msjtimem.exe ->  -> File not found
feclrfts.exe ->  -> File not found
ir41onui.exe ->  -> File not found
jetesvcs.exe ->  -> File not found
cdini_ci.exe ->  -> File not found
igfxbduk.exe ->  -> File not found
kbdhdsl1.exe ->  -> File not found
lfifegdb.exe ->  -> File not found
mdmi2bin.exe ->  -> File not found
msvci_ci.exe ->  -> File not found
sjrpldrs.exe ->  -> File not found
ltdixmlr.exe ->  -> File not found
icaasdlg.exe ->  -> File not found
ialmctrs.exe ->  -> File not found
wextsbe.exe ->  -> File not found
tcpm_863.exe ->  -> File not found
himetask.exe ->  -> File not found
msjtlt48.exe ->  -> File not found
*MultiFile Done* -> -> 
*UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit -> 
C:\WINDOWS\system32\mapipcss.exe -> %SystemRoot%\system32\mapipcss.exe -> File not found
C:\WINDOWS\system32\wkssdev5.exe -> %SystemRoot%\system32\wkssdev5.exe -> File not found
C:\WINDOWS\system32\linkpact.exe -> %SystemRoot%\system32\linkpact.exe -> File not found
C:\WINDOWS\system32\msvcfilt.exe -> %SystemRoot%\system32\msvcfilt.exe -> File not found
C:\WINDOWS\system32\msjtimem.exe -> %SystemRoot%\system32\msjtimem.exe -> File not found
C:\WINDOWS\system32\feclrfts.exe -> %SystemRoot%\system32\feclrfts.exe -> File not found
C:\WINDOWS\system32\ir41onui.exe -> %SystemRoot%\system32\ir41onui.exe -> File not found
C:\WINDOWS\system32\jetesvcs.exe -> %SystemRoot%\system32\jetesvcs.exe -> File not found
C:\WINDOWS\system32\cdini_ci.exe -> %SystemRoot%\system32\cdini_ci.exe -> File not found
C:\WINDOWS\system32\igfxbduk.exe -> %SystemRoot%\system32\igfxbduk.exe -> File not found
C:\WINDOWS\system32\kbdhdsl1.exe -> %SystemRoot%\system32\kbdhdsl1.exe -> File not found
C:\WINDOWS\system32\lfifegdb.exe -> %SystemRoot%\system32\lfifegdb.exe -> File not found
C:\WINDOWS\system32\mdmi2bin.exe -> %SystemRoot%\system32\mdmi2bin.exe -> File not found
C:\WINDOWS\system32\msvci_ci.exe -> %SystemRoot%\system32\msvci_ci.exe -> File not found
C:\WINDOWS\system32\sjrpldrs.exe -> %SystemRoot%\system32\sjrpldrs.exe -> File not found
C:\WINDOWS\system32\ltdixmlr.exe -> %SystemRoot%\system32\ltdixmlr.exe -> File not found
C:\WINDOWS\system32\icaasdlg.exe -> %SystemRoot%\system32\icaasdlg.exe -> File not found
C:\WINDOWS\system32\ialmctrs.exe -> %SystemRoot%\system32\ialmctrs.exe -> File not found
C:\WINDOWS\system32\wextsbe.exe -> %SystemRoot%\system32\wextsbe.exe -> File not found
C:\WINDOWS\system32\tcpm_863.exe -> %SystemRoot%\system32\tcpm_863.exe -> File not found
C:\WINDOWS\system32\himetask.exe -> %SystemRoot%\system32\himetask.exe -> File not found
C:\WINDOWS\system32\msjtlt48.exe -> %SystemRoot%\system32\msjtlt48.exe -> File not found
*MultiFile Done* -> -> 
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 
igfxcui -> %SystemRoot%\system32\igfxdev.dll -> [2005/07/19 23:05:16 | 00,135,168 | ---- | M] (Intel Corporation)
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> 
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}" [HKLM] -> %ProgramFiles%\Windows Defender\MpShHook.dll [Microsoft AntiMalware ShellExecuteHook] -> [2006/11/03 19:20:00 | 00,083,224 | ---- | M] (Microsoft Corporation)
< Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List -> 
"%windir%\Network Diagnostic\xpnetdiag.exe" -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> [2008/04/13 12:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> [2008/04/13 18:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation)
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List -> 
"%windir%\Network Diagnostic\xpnetdiag.exe" -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> [2008/04/13 12:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> [2008/04/13 18:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation)
"C:\Program Files\America Online 9.0\waol.exe" -> C:\Program Files\America Online 9.0\waol.exe [C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0] -> File not found
"C:\Program Files\AVG\AVG8\avgemc.exe" -> C:\Program Files\AVG\AVG8\avgemc.exe [C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe] -> [2008/09/01 06:31:47 | 00,875,288 | ---- | M] (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG8\avgupd.exe" -> C:\Program Files\AVG\AVG8\avgupd.exe [C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe] -> [2008/08/28 11:08:47 | 00,641,304 | ---- | M] (AVG Technologies CZ, s.r.o.)
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" -> C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe [C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL] -> File not found
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" -> C:\Program Files\Common Files\AOL\ACS\AOLDial.exe [C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL] -> File not found
"C:\Program Files\Grisoft\AVG Free\avginet.exe" -> C:\Program Files\Grisoft\AVG Free\avginet.exe [C:\Program Files\Grisoft\AVG Free\avginet.exe:*:Enabled:avginet.exe] -> File not found
"C:\Program Files\iTunes\iTunes.exe" -> C:\Program Files\iTunes\iTunes.exe [C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes] -> [2007/06/01 15:51:24 | 14,778,432 | ---- | M] (Apple Inc.)
"C:\Program Files\Messenger\msmsgs.exe" -> C:\Program Files\Messenger\msmsgs.exe [C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger] -> [2008/04/13 18:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
"C:\Program Files\MSN Messenger\livecall.exe" -> C:\Program Files\MSN Messenger\livecall.exe [C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)] -> File not found
"C:\Program Files\MSN Messenger\msnmsgr.exe" -> C:\Program Files\MSN Messenger\msnmsgr.exe [C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1] -> File not found
"C:\Program Files\SmartFTP\SmartFTP.exe" -> C:\Program Files\SmartFTP\SmartFTP.exe [C:\Program Files\SmartFTP\SmartFTP.exe:*:Enabled:SmartFTP Client] -> File not found
"C:\Program Files\Windows Live\Messenger\livecall.exe" -> C:\Program Files\Windows Live\Messenger\livecall.exe [C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)] -> File not found
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" -> C:\Program Files\Windows Live\Messenger\msnmsgr.exe [C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger] -> File not found
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -> C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger] -> [2008/11/05 21:59:00 | 04,347,120 | ---- | M] (Yahoo! Inc.)
"C:\Program Files\Yahoo!\Messenger\YServer.exe" -> C:\Program Files\Yahoo!\Messenger\YServer.exe [C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server] -> File not found
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> 
"AlternateShell" -> cmd.exe -> 
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 -> 
"DisplayName" -> CD-ROM Driver -> 
"ImagePath" -> %SystemRoot%\system32\drivers\cdrom.sys [system32\DRIVERS\cdrom.sys] -> [2008/04/13 12:40:46 | 00,062,976 | ---- | M] (Microsoft Corporation)
< Drives with AutoRun files > ->  -> 
C:\AUTOEXEC.BAT [] -> %SystemDrive%\AUTOEXEC.BAT [ NTFS ] -> [2004/08/10 13:04:08 | 00,000,000 | ---- | M] ()
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> 
\{526188ae-0497-11dc-9300-001422de6816}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{526188ae-0497-11dc-9300-001422de6816}\Shell
\{526188ae-0497-11dc-9300-001422de6816}\Shell\\"" ->  [AutoRun] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{526188ae-0497-11dc-9300-001422de6816}\Shell\AutoRun
\{526188ae-0497-11dc-9300-001422de6816}\Shell\AutoRun\\"" ->  [Auto&Play] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{526188ae-0497-11dc-9300-001422de6816}\Shell\AutoRun\command
\{526188ae-0497-11dc-9300-001422de6816}\Shell\AutoRun\command\\"" -> %SystemRoot%\system32\url.dll [rundll32.exe url.dll,FileProtocolHandler LapNetWizard.exe] -> [2008/08/26 01:24:30 | 00,105,984 | ---- | M] (Microsoft Corporation)
\{7d0c4a9a-80a6-11dc-938a-001422de6816}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7d0c4a9a-80a6-11dc-938a-001422de6816}\Shell\AutoRun\command
\{7d0c4a9a-80a6-11dc-938a-001422de6816}\Shell\AutoRun\command\\"" -> E:\setupSNK.exe [E:\setupSNK.exe] -> File not found
\{e5cb18d2-82af-11da-9144-001422de6816}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e5cb18d2-82af-11da-9144-001422de6816}\Shell
\{e5cb18d2-82af-11da-9144-001422de6816}\Shell\\"" ->  [AutoRun] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e5cb18d2-82af-11da-9144-001422de6816}\Shell\AutoRun
\{e5cb18d2-82af-11da-9144-001422de6816}\Shell\AutoRun\\"" ->  [Auto&Play] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e5cb18d2-82af-11da-9144-001422de6816}\Shell\AutoRun\command
\{e5cb18d2-82af-11da-9144-001422de6816}\Shell\AutoRun\command\\"" -> F:\LapNetWizard.exe [F:\LapNetWizard.exe] -> File not found
 
 
[Files/Folders - Created Within 30 Days]
2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
fsaua.data -> %SystemDrive%\fsaua.data -> [2008/11/12 17:38:39 | 00,000,000 | ---D | C]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [2008/11/12 11:31:57 | 52,789,2480 | -HS- | C] ()
tmp.reg -> %SystemRoot%\System32\tmp.reg -> [2008/11/12 11:21:08 | 00,003,946 | ---- | C] ()
SmitfraudFix -> %UserProfile%\Desktop\SmitfraudFix -> [2008/11/12 11:20:05 | 00,000,000 | ---D | C]
_OTScanIt -> %SystemDrive%\_OTScanIt -> [2008/11/12 07:32:52 | 00,000,000 | ---D | C]
mrxsmb.sys -> %SystemRoot%\System32\dllcache\mrxsmb.sys -> [2008/11/12 05:26:08 | 00,455,296 | ---- | C] (Microsoft Corporation)
msxml3.dll -> %SystemRoot%\System32\dllcache\msxml3.dll -> [2008/11/12 05:25:00 | 01,106,944 | ---- | C] (Microsoft Corporation)
Dell Support Center.lnk -> %AllUsersProfile%\Desktop\Dell Support Center.lnk -> [2008/11/12 05:24:25 | 00,002,469 | ---- | C] ()
gmer.ini -> %SystemRoot%\gmer.ini -> [2008/11/10 10:36:42 | 00,000,345 | ---- | C] ()
gmer.sys -> %SystemRoot%\System32\drivers\gmer.sys -> [2008/11/10 10:36:37 | 00,085,969 | ---- | C] (GMER)
gmer_uninstall.cmd -> %SystemRoot%\gmer_uninstall.cmd -> [2008/11/10 10:36:37 | 00,000,080 | ---- | C] ()
gmer.dll -> %SystemRoot%\gmer.dll -> [2008/11/10 10:36:36 | 00,884,736 | ---- | C] ()
gmer.exe -> %SystemRoot%\gmer.exe -> [2008/11/10 10:36:36 | 00,811,008 | ---- | C] ()
gmer.exe -> %UserProfile%\Desktop\gmer.exe -> [2008/11/10 10:33:28 | 00,811,008 | ---- | C] ()
gmer -> %UserProfile%\Desktop\gmer -> [2008/11/10 10:32:48 | 00,000,000 | ---D | C]
gmer.zip -> %UserProfile%\Desktop\gmer.zip -> [2008/11/10 10:32:24 | 00,747,873 | ---- | C] ()
OTScanIt2 -> %UserProfile%\Desktop\OTScanIt2 -> [2008/11/10 10:25:58 | 00,000,000 | ---D | C]
OTScanIt2.exe -> %UserProfile%\Desktop\OTScanIt2.exe -> [2008/11/10 10:25:41 | 00,635,481 | ---- | C] ()
spca561.sys -> %SystemRoot%\System32\drivers\spca561.sys -> [2008/10/26 20:28:31 | 00,119,798 | ---- | C] (SP)
Tw561a.ini -> %SystemRoot%\Tw561a.ini -> [2008/10/26 20:28:31 | 00,014,385 | ---- | C] ()
dshow508.ax -> %SystemRoot%\System32\dshow508.ax -> [2008/10/26 20:28:31 | 00,014,336 | ---- | C] (Microsoft Corporation)
Tw561a.src -> %SystemRoot%\Tw561a.src -> [2008/10/26 20:28:31 | 00,007,431 | ---- | C] ()
Setup8a.ini -> %SystemRoot%\Setup8a.ini -> [2008/10/26 20:28:30 | 00,000,081 | ---- | C] ()
ShowBmp.exe -> %SystemRoot%\ShowBmp.exe -> [2008/10/26 20:28:29 | 00,118,784 | ---- | C] ()
ap561.exe -> %SystemRoot%\ap561.exe -> [2008/10/26 20:28:29 | 00,053,248 | ---- | C] (Sunplus)
Setup2K -> %SystemRoot%\Setup2K -> [2008/10/26 20:28:29 | 00,000,000 | ---D | C]
netapi32.dll -> %SystemRoot%\System32\dllcache\netapi32.dll -> [2008/10/26 06:51:41 | 00,337,408 | ---- | C] (Microsoft Corporation)
bitscan102208.html -> %UserProfile%\Desktop\bitscan102208.html -> [2008/10/22 13:38:52 | 00,017,747 | ---- | C] ()
HJTInstall.exe -> %UserProfile%\Desktop\HJTInstall.exe -> [2008/10/22 06:47:01 | 00,812,344 | ---- | C] (Trend Micro Inc.)
wg6n.sys -> %SystemRoot%\System32\drivers\wg6n.sys -> [2008/10/22 06:28:27 | 00,014,568 | ---- | C] (Sygate Technologies, Inc.)
wg5n.sys -> %SystemRoot%\System32\drivers\wg5n.sys -> [2008/10/22 06:28:26 | 00,014,568 | ---- | C] (Sygate Technologies, Inc.)
wg4n.sys -> %SystemRoot%\System32\drivers\wg4n.sys -> [2008/10/22 06:28:26 | 00,014,568 | ---- | C] (Sygate Technologies, Inc.)
wg3n.sys -> %SystemRoot%\System32\drivers\wg3n.sys -> [2008/10/22 06:28:25 | 00,014,568 | ---- | C] (Sygate Technologies, Inc.)
Teefer.sys -> %SystemRoot%\System32\drivers\Teefer.sys -> [2008/10/22 06:28:24 | 00,060,496 | ---- | C] (Sygate Technologies, Inc.)
wpsdrvnt.sys -> %SystemRoot%\System32\drivers\wpsdrvnt.sys -> [2008/10/22 06:28:21 | 00,021,075 | ---- | C] (Sygate Technologies, Inc.)
SSSensor.dll -> %SystemRoot%\System32\SSSensor.dll -> [2008/10/22 06:28:08 | 00,083,096 | ---- | C] (Sygate Technologies, Inc.)
Sygate -> %ProgramFiles%\Sygate -> [2008/10/22 06:27:59 | 00,000,000 | ---D | C]
bitdefenderlog.html -> %UserProfile%\Desktop\bitdefenderlog.html -> [2008/10/22 05:03:04 | 05,641,565 | ---- | C] ()
BDOSCAN8 -> %SystemRoot%\BDOSCAN8 -> [2008/10/21 16:53:24 | 00,000,000 | ---D | C]
Ad-Watch.lnk -> %AllUsersProfile%\Desktop\Ad-Watch.lnk -> [2008/10/21 13:58:52 | 00,000,793 | ---- | C] ()
Ad-Aware.lnk -> %AllUsersProfile%\Desktop\Ad-Aware.lnk -> [2008/10/21 13:58:52 | 00,000,793 | ---- | C] ()
Lavasoft -> %ProgramFiles%\Lavasoft -> [2008/10/21 13:58:43 | 00,000,000 | ---D | C]
Lavasoft -> %AllUsersProfile%\Application Data\Lavasoft -> [2008/10/21 13:58:42 | 00,000,000 | ---D | C]
Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard -> [2008/10/21 13:58:06 | 00,000,000 | ---D | C]
Malwarebytes -> %AppData%\Malwarebytes -> [2008/10/21 10:01:12 | 00,000,000 | ---D | C]
Malwarebytes' Anti-Malware.lnk -> %AllUsersProfile%\Desktop\Malwarebytes' Anti-Malware.lnk -> [2008/10/21 10:01:08 | 00,000,696 | ---- | C] ()
mbam.sys -> %SystemRoot%\System32\drivers\mbam.sys -> [2008/10/21 10:01:07 | 00,015,504 | ---- | C] (Malwarebytes Corporation)
mbamswissarmy.sys -> %SystemRoot%\System32\drivers\mbamswissarmy.sys -> [2008/10/21 10:01:04 | 00,038,496 | ---- | C] (Malwarebytes Corporation)
Malwarebytes -> %AllUsersProfile%\Application Data\Malwarebytes -> [2008/10/21 10:01:02 | 00,000,000 | ---D | C]
Malwarebytes' Anti-Malware -> %ProgramFiles%\Malwarebytes' Anti-Malware -> [2008/10/21 10:01:01 | 00,000,000 | ---D | C]
mbam-setup.exe -> %UserProfile%\Desktop\mbam-setup.exe -> [2008/10/21 09:59:19 | 02,351,896 | ---- | C] (Malwarebytes Corporation									)
HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk -> [2008/10/21 07:20:22 | 00,001,734 | ---- | C] ()
Trend Micro -> %ProgramFiles%\Trend Micro -> [2008/10/21 07:20:22 | 00,000,000 | ---D | C]
cc_20081020_140115.reg -> %UserProfile%\My Documents\cc_20081020_140115.reg -> [2008/10/20 13:01:17 | 00,000,888 | ---- | C] ()
Revo Uninstaller.lnk -> %UserProfile%\Desktop\Revo Uninstaller.lnk -> [2008/10/15 09:24:10 | 00,000,917 | ---- | C] ()
VS Revo Group -> %ProgramFiles%\VS Revo Group -> [2008/10/15 09:24:09 | 00,000,000 | ---D | C]
True Sword -> %AppData%\True Sword -> [2008/10/15 07:32:27 | 00,000,000 | ---D | C]
True Sword 5 -> %ProgramFiles%\True Sword 5 -> [2008/10/15 07:32:15 | 00,000,000 | ---D | C]
srv.sys -> %SystemRoot%\System32\dllcache\srv.sys -> [2008/10/14 18:43:51 | 00,333,824 | ---- | C] (Microsoft Corporation)
ntkrnlmp.exe -> %SystemRoot%\System32\dllcache\ntkrnlmp.exe -> [2008/10/14 18:43:45 | 02,145,280 | ---- | C] (Microsoft Corporation)
ntoskrnl.exe -> %SystemRoot%\System32\dllcache\ntoskrnl.exe -> [2008/10/14 18:43:44 | 02,189,184 | ---- | C] (Microsoft Corporation)
ntkrnlpa.exe -> %SystemRoot%\System32\dllcache\ntkrnlpa.exe -> [2008/10/14 18:43:43 | 02,066,048 | ---- | C] (Microsoft Corporation)
ntkrpamp.exe -> %SystemRoot%\System32\dllcache\ntkrpamp.exe -> [2008/10/14 18:43:43 | 02,023,936 | ---- | C] (Microsoft Corporation)
win32k.sys -> %SystemRoot%\System32\dllcache\win32k.sys -> [2008/10/14 18:43:16 | 01,846,400 | ---- | C] (Microsoft Corporation)
Panda Security -> %ProgramFiles%\Panda Security -> [2008/10/14 13:54:23 | 00,000,000 | ---D | C]
 
[Files/Folders - Modified Within 30 Days]
14 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader -> [2005/11/01 02:11:53 | 00,000,000 | ---D | M]
qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [2008/11/12 05:26:17 | 00,011,181 | ---- | M] ()
qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [2008/11/12 05:26:17 | 00,010,767 | ---- | M] ()
C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA -> [2005/11/09 18:58:37 | 00,000,000 | ---D | M]
opa11.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa11.dat -> [2005/11/09 18:59:51 | 00,011,100 | ---- | M] ()
C:\Documents and Settings\Bill Carpenter\Local Settings\Temp\ICD1.tmp\ -> C:\Documents and Settings\Bill Carpenter\Local Settings\Temp\ICD1.tmp\ -> [2008/11/12 11:50:26 | 00,000,000 | ---D | M]
jinstall.exe -> C:\Documents and Settings\Bill Carpenter\Local Settings\Temp\ICD1.tmp\jinstall.exe -> [2008/11/09 15:26:38 | 00,602,112 | ---- | M] (Sun Microsystems, Inc.)
C:\Documents and Settings\Bill Carpenter\Local Settings\Temp\jkos-Bill Carpenter\binaries\ -> C:\Documents and Settings\Bill Carpenter\Local Settings\Temp\jkos-Bill Carpenter\binaries -> [2008/11/12 12:24:59 | 00,000,000 | ---D | M]
ScanningProcess.exe -> C:\Documents and Settings\Bill Carpenter\Local Settings\Temp\jkos-Bill Carpenter\binaries\ScanningProcess.exe -> [2008/11/12 12:24:58 | 00,139,264 | ---- | M] (Kaspersky Lab.)
C:\Documents and Settings\Bill Carpenter\Local Settings\Temp\OnlineScanner\Anti-Virus\ -> C:\Documents and Settings\Bill Carpenter\Local Settings\Temp\OnlineScanner\Anti-Virus -> [2008/11/12 17:56:40 | 00,000,000 | ---D | M]
fsgk32.exe -> C:\Documents and Settings\Bill Carpenter\Local Settings\Temp\OnlineScanner\Anti-Virus\fsgk32.exe -> [2008/11/12 17:44:04 | 00,413,696 | ---- | M] (F-Secure Corp.)
fssm32.exe -> C:\Documents and Settings\Bill Carpenter\Local Settings\Temp\OnlineScanner\Anti-Virus\fssm32.exe -> [2008/11/12 17:44:04 | 00,494,592 | ---- | M] (F-Secure Corp.)
C:\Documents and Settings\Bill Carpenter\Local Settings\Temp\OnlineScanner\updates\fsav_beta\ -> C:\Documents and Settings\Bill Carpenter\Local Settings\Temp\OnlineScanner\updates\fsav_beta -> [2008/11/12 17:44:05 | 00,000,000 | ---D | M]
fsgk32.exe -> C:\Documents and Settings\Bill Carpenter\Local Settings\Temp\OnlineScanner\updates\fsav_beta\fsgk32.exe -> [2008/11/12 17:44:04 | 00,413,696 | ---- | M] (F-Secure Corp.)
fssm32.exe -> C:\Documents and Settings\Bill Carpenter\Local Settings\Temp\OnlineScanner\updates\fsav_beta\fssm32.exe -> [2008/11/12 17:44:04 | 00,494,592 | ---- | M] (F-Secure Corp.)
C:\Documents and Settings\Bill Carpenter\Local Settings\Temp\2452594\ -> C:\Documents and Settings\Bill Carpenter\Local Settings\Temp\2452594 -> [2008/11/12 08:17:48 | 00,000,000 | ---D | M]
ywiseext.dll -> C:\Documents and Settings\Bill Carpenter\Local Settings\Temp\2452594\ywiseext.dll -> [2008/03/25 14:17:20 | 00,122,880 | ---- | M] (Yahoo! Inc.)
C:\Documents and Settings\Bill Carpenter\Local Settings\Temp\jkos-Bill Carpenter\binaries\ -> C:\Documents and Settings\Bill Carpenter\Local Settings\Temp\jkos-Bill Carpenter\binaries -> [2008/11/12 12:24:59 | 00,000,000 | ---D | M]
FSSync.dll -> C:\Documents and Settings\Bill Carpenter\Local Settings\Temp\jkos-Bill Carpenter\binaries\FSSync.dll -> [2008/11/12 12:24:58 | 00,038,400 | ---- | M] (Kaspersky Lab)
ikave.dll -> C:\Documents and Settings\Bill Carpenter\Local Settings\Temp\jkos-Bill Carpenter\binaries\ikave.dll -> [2008/11/12 12:24:58 | 00,065,536 | ---- | M] ()
kave.dll -> C:\Documents and Settings\Bill Carpenter\Local Settings\Temp\jkos-Bill Carpenter\binaries\kave.dll -> [2008/11/12 12:24:58 | 00,282,624 | ---- | M] (Kaspersky Lab.)
kosglue-7.0.25.0.dll -> C:\Documents and Settings\Bill Carpenter\Local Settings\Temp\jkos-Bill Carpenter\binaries\kosglue-7.0.25.0.dll -> [2008/11/12 12:24:59 | 00,729,152 | ---- | M] (Kaspersky Lab)
msvcm80.dll -> C:\Documents and Settings\Bill Carpenter\Local Settings\Temp\jkos-Bill Carpenter\binaries\msvcm80.dll -> [2008/11/12 12:24:58 | 00,479,232 | ---- | M] (Microsoft Corporation)
msvcp80.dll -> C:\Documents and Settings\Bill Carpenter\Local Settings\Temp\jkos-Bill Carpenter\binaries\msvcp80.dll -> [2008/11/12 12:24:58 | 00,548,864 | ---- | M] (Microsoft Corporation)
msvcr80.dll -> C:\Documents and Settings\Bill Carpenter\Local Settings\Temp\jkos-Bill Carpenter\binaries\msvcr80.dll -> [2008/11/12 12:24:59 | 00,626,688 | ---- | M] (Microsoft Corporation)
prLoader.dll -> C:\Documents and Settings\Bill Carpenter\Local Settings\Temp\jkos-Bill Carpenter\binaries\prLoader.dll -> [2008/11/12 12:24:59 | 00,184,320 | ---- | M] (Kaspersky Lab)
prremote.dll -> C:\Documents and Settings\Bill Carpenter\Local Settings\Temp\jkos-Bill Carpenter\binaries\prremote.dll -> [2008/11/12 12:24:59 | 00,090,112 | ---- | M] (Kaspersky Lab)
C:\Documents and Settings\Bill Carpenter\Local Settings\Temp\OnlineScanner\Anti-Virus\ -> C:\Documents and Settings\Bill Carpenter\Local Settings\Temp\OnlineScanner\Anti-Virus -> [2008/11/12 17:56:40 | 00,000,000 | ---D | M]
AVPFPI0.dll -> C:\Documents and Settings\Bill Carpenter\Local Settings\Temp\OnlineScanner\Anti-Virus\AVPFPI0.dll -> [2008/11/12 17:44:04 | 00,147,538 | ---- | M] (Kaspersky Lab)
avpproxy.dll -> C:\Documents and Settings\Bill Carpenter\Local Settings\Temp\OnlineScanner\Anti-Virus\avpproxy.dll -> [2008/11/12 17:44:04 | 00,077,910 | ---- | M] (F-Secure Corporation)
daas_s.dll -> C:\Documents and Settings\Bill Carpenter\Local Settings\Temp\OnlineScanner\Anti-Virus\daas_s.dll -> [2008/02/27 15:59:28 | 00,495,616 | ---- | M] (F-Secure Corporation)
fm4av.dll -> C:\Documents and Settings\Bill Carpenter\Local Settings\Temp\OnlineScanner\Anti-Virus\fm4av.dll -> [2008/11/12 17:44:04 | 00,514,048 | ---- | M] ()
fpinor.dll -> C:\Documents and Settings\Bill Carpenter\Local Settings\Temp\OnlineScanner\Anti-Virus\fpinor.dll -> [2008/11/12 17:44:04 | 00,113,664 | ---- | M] (F-Secure Corporation)
fsbl.dll -> C:\Documents and Settings\Bill Carpenter\Local Settings\Temp\OnlineScanner\Anti-Virus\fsbl.dll -> [2008/11/12 17:44:04 | 00,049,152 | ---- | M] (F-Secure Corporation)
fsbld.dll -> C:\Documents and Settings\Bill Carpenter\Local Settings\Temp\OnlineScanner\Anti-Virus\fsbld.dll -> [2008/11/12 17:43:29 | 00,731,784 | ---- | M] (F-Secure Corporation)
fsecr32.dll -> C:\Documents and Settings\Bill Carpenter\Local Settings\Temp\OnlineScanner\Anti-Virus\fsecr32.dll -> [2008/11/12 17:43:47 | 00,262,144 | ---- | M] (F-Secure Corporation)
fsgkiapi.dll -> C:\Documents and Settings\Bill Carpenter\Local Settings\Temp\OnlineScanner\Anti-Virus\fsgkiapi.dll -> [2008/11/12 17:44:04 | 00,082,432 | ---- | M] (F-Secure Corp.)
fsmart.dll -> C:\Documents and Settings\Bill Carpenter\Local Settings\Temp\OnlineScanner\Anti-Virus\fsmart.dll -> [2008/11/12 17:43:54 | 00,147,456 | ---- | M] (F-Secure Corporation)
fspe32.dll -> C:\Documents and Settings\Bill Carpenter\Local Settings\Temp\OnlineScanner\Anti-Virus\fspe32.dll -> [2008/11/12 17:43:47 | 00,385,024 | ---- | M] (F-Secure Corporation)
fssubmit.dll -> C:\Documents and Settings\Bill Carpenter\Local Settings\Temp\OnlineScanner\Anti-Virus\fssubmit.dll -> [2008/11/12 17:43:32 | 00,651,264 | ---- | M] (F-Secure Corporation)
fsup32.dll -> C:\Documents and Settings\Bill Carpenter\Local Settings\Temp\OnlineScanner\Anti-Virus\fsup32.dll -> [2008/11/12 17:43:47 | 00,577,536 | ---- | M] (F-Secure Corporation)
fsupcx32.dll -> C:\Documents and Settings\Bill Carpenter\Local Settings\Temp\OnlineScanner\Anti-Virus\fsupcx32.dll -> [2008/11/12 17:43:47 | 00,073,728 | ---- | M] (F-Secure Corporation)
fsupfg32.dll -> C:\Documents and Settings\Bill Carpenter\Local Settings\Temp\OnlineScanner\Anti-Virus\fsupfg32.dll -> [2008/11/12 17:43:47 | 00,098,304 | ---- | M] (F-Secure Corporation)
fsupmw32.dll -> C:\Documents and Settings\Bill Carpenter\Local Settings\Temp\OnlineScanner\Anti-Virus\fsupmw32.dll -> [2008/11/12 17:43:47 | 00,086,016 | ---- | M] (F-Secure Corporation)
fsupnp32.dll -> C:\Documents and Settings\Bill Carpenter\Local Settings\Temp\OnlineScanner\Anti-Virus\fsupnp32.dll -> [2008/11/12 17:43:47 | 00,098,304 | ---- | M] (F-Secure Corporation)
fsupux32.dll -> C:\Documents and Settings\Bill Carpenter\Local Settings\Temp\OnlineScanner\Anti-Virus\fsupux32.dll -> [2008/11/12 17:43:47 | 00,090,112 | ---- | M] (F-Secure Corporation)
fsupwu32.dll -> C:\Documents and Settings\Bill Carpenter\Local Settings\Temp\OnlineScanner\Anti-Virus\fsupwu32.dll -> [2008/11/12 17:43:47 | 00,090,112 | ---- | M] (F-Secure Corporation)
fsusscr.dll -> C:\Documents and Settings\Bill Carpenter\Local Settings\Temp\OnlineScanner\Anti-Virus\fsusscr.dll -> [2008/11/12 17:43:54 | 00,883,336 | ---- | M] (F-Secure Corporation)
Nse_w32.dll -> C:\Documents and Settings\Bill Carpenter\Local Settings\Temp\OnlineScanner\Anti-Virus\Nse_w32.dll -> [2008/11/12 17:43:27 | 00,588,856 | ---- | M] (Norman ASA)
C:\Documents and Settings\Bill Carpenter\Local Settings\Temp\OnlineScanner\updates\fsav_beta\ -> C:\Documents and Settings\Bill Carpenter\Local Settings\Temp\OnlineScanner\updates\fsav_beta -> [2008/11/12 17:44:05 | 00,000,000 | ---D | M]
AVPFPI0.dll -> C:\Documents and Settings\Bill Carpenter\Local Settings\Temp\OnlineScanner\updates\fsav_beta\AVPFPI0.dll -> [2008/11/12 17:44:04 | 00,147,538 | ---- | M] (Kaspersky Lab)
avpproxy.dll -> C:\Documents and Settings\Bill Carpenter\Local Settings\Temp\OnlineScanner\updates\fsav_beta\avpproxy.dll -> [2008/11/12 17:44:04 | 00,077,910 | ---- | M] (F-Secure Corporation)
fm4av.dll -> C:\Documents and Settings\Bill Carpenter\Local Settings\Temp\OnlineScanner\updates\fsav_beta\fm4av.dll -> [2008/11/12 17:44:04 | 00,514,048 | ---- | M] ()
fpinor.dll -> C:\Documents and Settings\Bill Carpenter\Local Settings\Temp\OnlineScanner\updates\fsav_beta\fpinor.dll -> [2008/11/12 17:44:04 | 00,113,664 | ---- | M] (F-Secure Corporation)
fsbl.dll -> C:\Documents and Settings\Bill Carpenter\Local Settings\Temp\OnlineScanner\updates\fsav_beta\fsbl.dll -> [2008/11/12 17:44:04 | 00,049,152 | ---- | M] (F-Secure Corporation)
fsgkiapi.dll -> C:\Documents and Settings\Bill Carpenter\Local Settings\Temp\OnlineScanner\updates\fsav_beta\fsgkiapi.dll -> [2008/11/12 17:44:04 | 00,082,432 | ---- | M] (F-Secure Corp.)
C:\Documents and Settings\Bill Carpenter\Local Settings\Temp\OnlineScanner\updates\hydrawin\ -> C:\Documents and Settings\Bill Carpenter\Local Settings\Temp\OnlineScanner\updates\hydrawin -> [2008/11/12 17:43:47 | 00,000,000 | ---D | M]
fsecr32.dll -> C:\Documents and Settings\Bill Carpenter\Local Settings\Temp\OnlineScanner\updates\hydrawin\fsecr32.dll -> [2008/11/12 17:43:47 | 00,262,144 | ---- | M] (F-Secure Corporation)
fspe32.dll -> C:\Documents and Settings\Bill Carpenter\Local Settings\Temp\OnlineScanner\updates\hydrawin\fspe32.dll -> [2008/11/12 17:43:47 | 00,385,024 | ---- | M] (F-Secure Corporation)
fsup32.dll -> C:\Documents and Settings\Bill Carpenter\Local Settings\Temp\OnlineScanner\updates\hydrawin\fsup32.dll -> [2008/11/12 17:43:47 | 00,577,536 | ---- | M] (F-Secure Corporation)
fsupcx32.dll -> C:\Documents and Settings\Bill Carpenter\Local Settings\Temp\OnlineScanner\updates\hydrawin\fsupcx32.dll -> [2008/11/12 17:43:47 | 00,073,728 | ---- | M] (F-Secure Corporation)
fsupfg32.dll -> C:\Documents and Settings\Bill Carpenter\Local Settings\Temp\OnlineScanner\updates\hydrawin\fsupfg32.dll -> [2008/11/12 17:43:47 | 00,098,304 | ---- | M] (F-Secure Corporation)
fsupmw32.dll -> C:\Documents and Settings\Bill Carpenter\Local Settings\Temp\OnlineScanner\updates\hydrawin\fsupmw32.dll -> [2008/11/12 17:43:47 | 00,086,016 | ---- | M] (F-Secure Corporation)
fsupnp32.dll -> C:\Documents and Settings\Bill Carpenter\Local Settings\Temp\OnlineScanner\updates\hydrawin\fsupnp32.dll -> [2008/11/12 17:43:47 | 00,098,304 | ---- | M] (F-Secure Corporation)
fsupux32.dll -> C:\Documents and Settings\Bill Carpenter\Local Settings\Temp\OnlineScanner\updates\hydrawin\fsupux32.dll -> [2008/11/12 17:43:47 | 00,090,112 | ---- | M] (F-Secure Corporation)
fsupwu32.dll -> C:\Documents and Settings\Bill Carpenter\Local Settings\Temp\OnlineScanner\updates\hydrawin\fsupwu32.dll -> [2008/11/12 17:43:47 | 00,090,112 | ---- | M] (F-Secure Corporation)
C:\Documents and Settings\Bill Carpenter\Local Settings\Temp\OnlineScanner\updates\mlcwin\ -> C:\Documents and Settings\Bill Carpenter\Local Settings\Temp\OnlineScanner\updates\mlcwin -> [2008/11/12 17:43:54 | 00,000,000 | ---D | M]
fsmart.dll -> C:\Documents and Settings\Bill Carpenter\Local Settings\Temp\OnlineScanner\updates\mlcwin\fsmart.dll -> [2008/11/12 17:43:54 | 00,147,456 | ---- | M] (F-Secure Corporation)
fsusscr.dll -> C:\Documents and Settings\Bill Carpenter\Local Settings\Temp\OnlineScanner\updates\mlcwin\fsusscr.dll -> [2008/11/12 17:43:54 | 00,883,336 | ---- | M] (F-Secure Corporation)
C:\Documents and Settings\Bill Carpenter\Local Settings\Temp\OnlineScanner\updates\ols_30_pegdb\ -> C:\Documents and Settings\Bill Carpenter\Local Settings\Temp\OnlineScanner\updates\ols_30_pegdb -> [2008/11/12 17:43:27 | 00,000,000 | ---D | M]
Nse_w32.dll -> C:\Documents and Settings\Bill Carpenter\Local Settings\Temp\OnlineScanner\updates\ols_30_pegdb\Nse_w32.dll -> [2008/11/12 17:43:27 | 00,588,856 | ---- | M] (Norman ASA)
C:\Documents and Settings\Bill Carpenter\Local Settings\Temp\OnlineScanner\updates\ols_33_bin\ -> C:\Documents and Settings\Bill Carpenter\Local Settings\Temp\OnlineScanner\updates\ols_33_bin -> [2008/11/12 17:43:32 | 00,000,000 | ---D | M]
fssubmit.dll -> C:\Documents and Settings\Bill Carpenter\Local Settings\Temp\OnlineScanner\updates\ols_33_bin\fssubmit.dll -> [2008/11/12 17:43:32 | 00,651,264 | ---- | M] (F-Secure Corporation)
C:\Documents and Settings\Bill Carpenter\Local Settings\Temp\OnlineScanner\updates\ols_bl\ -> C:\Documents and Settings\Bill Carpenter\Local Settings\Temp\OnlineScanner\updates\ols_bl -> [2008/11/12 17:43:29 | 00,000,000 | ---D | M]
fsblu.dll -> C:\Documents and Settings\Bill Carpenter\Local Settings\Temp\OnlineScanner\updates\ols_bl\fsblu.dll -> [2008/11/12 17:43:29 | 00,731,784 | ---- | M] (F-Secure Corporation)
C:\Documents and Settings\Bill Carpenter\Local Settings\Temp\OnlineScanner\Anti-Virus\ -> C:\Documents and Settings\Bill Carpenter\Local Settings\Temp\OnlineScanner\Anti-Virus -> [2008/11/12 17:56:40 | 00,000,000 | ---D | M]
ext.dat -> C:\Documents and Settings\Bill Carpenter\Local Settings\Temp\OnlineScanner\Anti-Virus\ext.dat -> [2008/11/12 17:43:16 | 00,000,444 | ---- | M] ()
fsedb.dat -> C:\Documents and Settings\Bill Carpenter\Local Settings\Temp\OnlineScanner\Anti-Virus\fsedb.dat -> [2008/11/12 17:43:47 | 01,750,226 | ---- | M] ()
fsupdllb.dat -> C:\Documents and Settings\Bill Carpenter\Local Settings\Temp\OnlineScanner\Anti-Virus\fsupdllb.dat -> [2008/11/12 17:43:47 | 00,422,594 | ---- | M] ()
fsupplgn.dat -> C:\Documents and Settings\Bill Carpenter\Local Settings\Temp\OnlineScanner\Anti-Virus\fsupplgn.dat -> [2008/11/12 17:43:47 | 00,000,226 | ---- | M] ()
fsuptmpl.dat -> C:\Documents and Settings\Bill Carpenter\Local Settings\Temp\OnlineScanner\Anti-Virus\fsuptmpl.dat -> [2008/11/12 17:43:47 | 00,005,828 | ---- | M] ()
perf.dat -> C:\Documents and Settings\Bill Carpenter\Local Settings\Temp\OnlineScanner\Anti-Virus\perf.dat -> [2008/11/12 17:44:23 | 00,000,128 | ---- | M] ()
sae.dat -> C:\Documents and Settings\Bill Carpenter\Local Settings\Temp\OnlineScanner\Anti-Virus\sae.dat -> [2008/11/12 17:43:16 | 00,000,243 | ---- | M] ()
sai.dat -> C:\Documents and Settings\Bill Carpenter\Local Settings\Temp\OnlineScanner\Anti-Virus\sai.dat -> [2008/11/12 17:43:16 | 00,001,348 | ---- | M] ()
C:\Documents and Settings\Bill Carpenter\Local Settings\Temp\OnlineScanner\updates\avmisc\ -> C:\Documents and Settings\Bill Carpenter\Local Settings\Temp\OnlineScanner\updates\avmisc -> [2008/11/12 17:43:16 | 00,000,000 | ---D | M]
ext.dat -> C:\Documents and Settings\Bill Carpenter\Local Settings\Temp\OnlineScanner\updates\avmisc\ext.dat -> [2008/11/12 17:43:16 | 00,000,444 | ---- | M] ()
sae.dat -> C:\Documents and Settings\Bill Carpenter\Local Settings\Temp\OnlineScanner\updates\avmisc\sae.dat -> [2008/11/12 17:43:16 | 00,000,243 | ---- | M] ()
sai.dat -> C:\Documents and Settings\Bill Carpenter\Local Settings\Temp\OnlineScanner\updates\avmisc\sai.dat -> [2008/11/12 17:43:16 | 00,001,348 | ---- | M] ()
C:\Documents and Settings\Bill Carpenter\Local Settings\Temp\OnlineScanner\updates\hydrawin\ -> C:\Documents and Settings\Bill Carpenter\Local Settings\Temp\OnlineScanner\updates\hydrawin -> [2008/11/12 17:43:47 | 00,000,000 | ---D | M]
fsedb.dat -> C:\Documents and Settings\Bill Carpenter\Local Settings\Temp\OnlineScanner\updates\hydrawin\fsedb.dat -> [2008/11/12 17:43:47 | 01,750,226 | ---- | M] ()
fsupdllb.dat -> C:\Documents and Settings\Bill Carpenter\Local Settings\Temp\OnlineScanner\updates\hydrawin\fsupdllb.dat -> [2008/11/12 17:43:47 | 00,422,594 | ---- | M] ()
fsupplgn.dat -> C:\Documents and Settings\Bill Carpenter\Local Settings\Temp\OnlineScanner\updates\hydrawin\fsupplgn.dat -> [2008/11/12 17:43:47 | 00,000,226 | ---- | M] ()
fsuptmpl.dat -> C:\Documents and Settings\Bill Carpenter\Local Settings\Temp\OnlineScanner\updates\hydrawin\fsuptmpl.dat -> [2008/11/12 17:43:47 | 00,005,828 | ---- | M] ()
C:\WINDOWS\Temp\ -> C:\WINDOWS\Temp -> [2008/11/12 17:37:00 | 00,000,000 | ---D | M]
Perflib_Perfdata_1f4.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_1f4.dat -> [2008/11/12 12:01:58 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_c0.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_c0.dat -> [2008/11/12 08:31:24 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_d4.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_d4.dat -> [2008/11/12 12:01:58 | 00,016,384 | ---- | M] ()
perfh009.dat -> %SystemRoot%\System32\perfh009.dat -> [2008/11/12 12:06:02 | 00,385,164 | ---- | M] ()
perfc009.dat -> %SystemRoot%\System32\perfc009.dat -> [2008/11/12 12:06:02 | 00,054,682 | ---- | M] ()
PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI -> [2008/11/12 12:06:01 | 00,445,630 | ---- | M] ()
wpa.dbl -> %SystemRoot%\System32\wpa.dbl -> [2008/11/12 12:02:29 | 00,002,206 | ---- | M] ()
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [2008/11/12 12:01:50 | 00,000,006 | -H-- | M] ()
bootstat.dat -> %SystemRoot%\bootstat.dat -> [2008/11/12 12:01:41 | 00,002,048 | --S- | M] ()
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [2008/11/12 12:01:39 | 52,789,2480 | -HS- | M] ()
IconCache.db -> %UserProfile%\Local Settings\Application Data\IconCache.db -> [2008/11/12 12:00:03 | 04,318,812 | -H-- | M] ()
tmp.reg -> %SystemRoot%\System32\tmp.reg -> [2008/11/12 11:21:08 | 00,003,946 | ---- | M] ()
hosts -> %SystemRoot%\System32\drivers\etc\hosts -> [2008/11/12 11:20:59 | 00,263,571 | ---- | M] ()
Dell Support Center.lnk -> %AllUsersProfile%\Desktop\Dell Support Center.lnk -> [2008/11/12 05:24:25 | 00,002,469 | ---- | M] ()
gmer.ini -> %SystemRoot%\gmer.ini -> [2008/11/10 10:50:34 | 00,000,345 | ---- | M] ()
gmer.zip -> %UserProfile%\Desktop\gmer.zip -> [2008/11/10 10:37:55 | 00,747,873 | ---- | M] ()
gmer.dll -> %SystemRoot%\gmer.dll -> [2008/11/10 10:36:37 | 00,884,736 | ---- | M] ()
gmer.sys -> %SystemRoot%\System32\drivers\gmer.sys -> [2008/11/10 10:36:37 | 00,085,969 | ---- | M] (GMER)
gmer_uninstall.cmd -> %SystemRoot%\gmer_uninstall.cmd -> [2008/11/10 10:36:37 | 00,000,080 | ---- | M] ()
OTScanIt2.exe -> %UserProfile%\Desktop\OTScanIt2.exe -> [2008/11/10 10:25:43 | 00,635,481 | ---- | M] ()
CCleaner.lnk -> %UserProfile%\Desktop\CCleaner.lnk -> [2008/11/06 10:45:10 | 00,001,548 | ---- | M] ()
QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [2008/11/04 08:09:14 | 00,054,156 | -H-- | M] ()
MRT.exe -> %SystemRoot%\System32\MRT.exe -> [2008/11/03 18:10:25 | 17,318,336 | ---- | M] (Microsoft Corporation)
MP Scheduled Scan.job -> %SystemRoot%\tasks\MP Scheduled Scan.job -> [2008/11/02 02:21:00 | 00,000,330 | -H-- | M] ()
AVSDVDPlayer.m3u -> %AppData%\AVSDVDPlayer.m3u -> [2008/11/01 05:41:50 | 00,000,124 | ---- | M] ()
win.ini -> %SystemRoot%\win.ini -> [2008/10/26 20:30:01 | 00,000,933 | ---- | M] ()
mrxsmb.sys -> %SystemRoot%\System32\drivers\mrxsmb.sys -> [2008/10/24 05:21:09 | 00,455,296 | ---- | M] (Microsoft Corporation)
mrxsmb.sys -> %SystemRoot%\System32\dllcache\mrxsmb.sys -> [2008/10/24 05:21:09 | 00,455,296 | ---- | M] (Microsoft Corporation)
mbamswissarmy.sys -> %SystemRoot%\System32\drivers\mbamswissarmy.sys -> [2008/10/22 16:10:38 | 00,038,496 | ---- | M] (Malwarebytes Corporation)
mbam.sys -> %SystemRoot%\System32\drivers\mbam.sys -> [2008/10/22 16:10:22 | 00,015,504 | ---- | M] (Malwarebytes Corporation)
bitscan102208.html -> %UserProfile%\Desktop\bitscan102208.html -> [2008/10/22 13:29:29 | 00,017,747 | ---- | M] ()
HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk -> [2008/10/22 06:47:48 | 00,001,734 | ---- | M] ()
HJTInstall.exe -> %UserProfile%\Desktop\HJTInstall.exe -> [2008/10/22 06:47:01 | 00,812,344 | ---- | M] (Trend Micro Inc.)
bitdefenderlog.html -> %UserProfile%\Desktop\bitdefenderlog.html -> [2008/10/21 22:15:27 | 05,641,565 | ---- | M] ()
Ad-Watch.lnk -> %AllUsersProfile%\Desktop\Ad-Watch.lnk -> [2008/10/21 13:58:52 | 00,000,793 | ---- | M] ()
Ad-Aware.lnk -> %AllUsersProfile%\Desktop\Ad-Aware.lnk -> [2008/10/21 13:58:52 | 00,000,793 | ---- | M] ()
Malwarebytes' Anti-Malware.lnk -> %AllUsersProfile%\Desktop\Malwarebytes' Anti-Malware.lnk -> [2008/10/21 10:01:08 | 00,000,696 | ---- | M] ()
mbam-setup.exe -> %UserProfile%\Desktop\mbam-setup.exe -> [2008/10/21 09:59:32 | 02,351,896 | ---- | M] (Malwarebytes Corporation									)
My Sharing Folders.lnk -> %UserProfile%\My Documents\My Sharing Folders.lnk -> [2008/10/20 13:29:15 | 00,000,930 | ---- | M] ()
cc_20081020_140115.reg -> %UserProfile%\My Documents\cc_20081020_140115.reg -> [2008/10/20 13:01:19 | 00,000,888 | ---- | M] ()
netapi32.dll -> %SystemRoot%\System32\netapi32.dll -> [2008/10/15 10:34:24 | 00,337,408 | ---- | M] (Microsoft Corporation)
netapi32.dll -> %SystemRoot%\System32\dllcache\netapi32.dll -> [2008/10/15 10:34:24 | 00,337,408 | ---- | M] (Microsoft Corporation)
Revo Uninstaller.lnk -> %UserProfile%\Desktop\Revo Uninstaller.lnk -> [2008/10/15 09:24:10 | 00,000,917 | ---- | M] ()
FNTCACHE.DAT -> %SystemRoot%\System32\FNTCACHE.DAT -> [2008/10/14 18:55:44 | 00,193,776 | ---- | M] ()
< End of report >

HijackThis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:33:41, on 11/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\WINDOWS\system32\hphmon05.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Palm\Hotsync.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\OdHost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://centralkansas.cox.net/cci/home
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://v4.windowsupdate.microsoft.com/
F2 - REG:system.ini: Shell=Explorer.exe,mapipcss.exe,wkssdev5.exe,linkpact.exe,msvcfilt.exe,msjtimem.exe,feclrfts.exe,ir41onui.exe,jetesvcs.exe,cdini_ci.exe,igfxbduk.exe,kbdhdsl1.exe,lfifegdb.exe,mdmi2bin.exe,msvci_ci.exe,sjrpldrs.exe,ltdixmlr.exe,icaasdlg.exe,ialmctrs.exe,wextsbe.exe,tcpm_863.exe,himetask.exe,msjtlt48.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\mapipcss.exe,C:\WINDOWS\system32\wkssdev5.exe,C:\WINDOWS\system32\linkpact.exe,C:\WINDOWS\system32\msvcfilt.exe,C:\WINDOWS\system32\msjtimem.exe,C:\WINDOWS\system32\feclrfts.exe,C:\WINDOWS\system32\ir41onui.exe,C:\WINDOWS\system32\jetesvcs.exe,C:\WINDOWS\system32\cdini_ci.exe,C:\WINDOWS\system32\igfxbduk.exe,C:\WINDOWS\system32\kbdhdsl1.exe,C:\WINDOWS\system32\lfifegdb.exe,C:\WINDOWS\system32\mdmi2bin.exe,C:\WINDOWS\system32\msvci_ci.exe,C:\WINDOWS\system32\sjrpldrs.exe,C:\WINDOWS\system32\ltdixmlr.exe,C:\WINDOWS\system32\icaasdlg.exe,C:\WINDOWS\system32\ialmctrs.exe,C:\WINDOWS\system32\wextsbe.exe,C:\WINDOWS\system32\tcpm_863.exe,C:\WINDOWS\system32\himetask.exe,C:\WINDOWS\system32\msjtlt48.exe,
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Yahoo! IE Suggest - {5A263CF7-56A6-4D68-A8CF-345BE45BC911} - C:\Program Files\Yahoo!\Search\YSearchSuggest.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint\Apoint.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [hpqSRMon] "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSRMon.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\Palm\Hotsync.exe
O4 - Global Startup: Wireless-G Notebook Adapter.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: AceIESecuritySettings - http://ww1.acehardware-acenet.com/Controls...itySettings.CAB
O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} (CamfrogWEB Advanced Unicode Control) - http://activex.camfrogweb.com/advanced/2.0..._instmodule.exe
O16 - DPF: {24B8CB65-C0D2-11D0-A523-444553540000} (AceExplorer Control) - http://ww1.acehardware-acenet.com/ACENET/C...xpl/AceExpl.cab
O16 - DPF: {41F841C0-AE16-11D5-8817-0050DA6EF5E5} (FarPoint Spread 6.0 (OLEDB)) - http://ww1.acehardware-acenet.com/ACENET/c...t60/fpspr60.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1131719767640
O16 - DPF: {8BF1A503-001F-11D0-A296-00A0246497B9} (ACENET Control) - http://ww1.acehardware-acenet.com/ACENET/C...ENET/ACECTL.CAB
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppD...ap/PhtPkMSN.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,23/mcgdmgr.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {C903C000-9C6E-419D-A0AC-2E760BBA3764} (MCSiMenuCtl Class) - http://ww1.acehardware-acenet.com/ACENET/C...Si/McsiMenu.cab
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: NICSer_WPC54G - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 13055 bytes


TrackingCookie.Atdmt (spyware)
System
TrackingCookie.Doubleclick (spyware)
System
TrackingCookie.Questionmarket (spyware)
System

--------------------------------------------------------------------------------

Statistics
Scanned:
Files: 65958
System: 4178
Not scanned: 8
Actions:
Disinfected: 0
Renamed: 0
Deleted: 0
None: 6
Submitted: 0
Files not scanned:
C:\HIBERFIL.SYS
C:\PAGEFILE.SYS
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
C:\WINDOWS\SYSTEM32\CONFIG\SAM
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCRST.DLL

--------------------------------------------------------------------------------

Options
Scanning engines:
F-Secure USS: 2.40.0
F-Secure Hydra: 2.8.8110, 2008-11-12
F-Secure AVP: 7.0.171, 2008-11-12
F-Secure Pegasus: 1.20.0, 2008-10-09
F-Secure Blacklight: 2.4.1093
Scanning options:
Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ZIP XXX ANI AVB BAT CMD JPG LSP MAP MHT MIF PHP POT SWF WMF NWS TAR
Use Advanced heuristics

--------------------------------------------------------------------------------

Copyright 1998-2007 Product support |Send virus sample to F-Secure
F-Secure assumes no responsibility for material created or published by third parties that F-Secure World Wide Web pages have a link to. Unless you have clearly stated otherwise, by submitting material to any of our servers, for example by E-mail or via our F-Secure's CGI E-mail, you agree that the material you make available may be published in the F-Secure World Wide Pages or hard-copy publications. You will reach F-Secure public web site by clicking on underlined links. While doing this, your access will be logged to our private access statistics with your domain name.This information will not be given to any third party. You agree not to take action against us in relation to material that you submit. Unless you have clearly stated otherwise, by submitting material you warrant that F-Secure may incorporate any concepts described in it in the F-Secure products/publications

#11 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:36 AM

Posted 13 November 2008 - 08:10 AM

Hello.

I see that you are running more than one antivirus program, AVG and Avast!. It is not recommended that you do so. In addition to wasting resources, the programs may detect virus signatures in the other and cause false positives. The different drivers used by the programs can cause crashes.

Please uninstall them until you are only running one antivirus using Add/Remove Programs.

Fix HijackThis Entries
  • Double click the HijackThis icon on your desktop.
  • Close all other open windows.
  • Select Do a System Scan Only.
  • Wait a few moments for the list to be compiled.
  • To the left of each entry you will see a check box. Check the box next to the following entries:

    F2 - REG:system.ini: Shell=Explorer.exe...............
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe.................
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

    If you no longer see some of the entries, don't worry. It is possible that the uninstaller or removal tool already took care of it. If it is marked " (file missing) ", put a check mark next to its box anyways.
  • Close all open windows except HijackThis.
  • Click Posted Image and OK at the prompt.
  • The screen will clear itself.
  • Close out of HijackThis.

Post back with a new HijackThis log.

With Regards,
The Panda

#12 GoddardCat

GoddardCat
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:01:36 AM

Posted 13 November 2008 - 10:38 AM

Tha's wierd about AVG. I deleted it a while ago and had to use Revo Uninstaller because the XP uninstaller would not do it. I just looked and there is no AVG in either uninstaller but after a search I found a bunch (whole page) of AVG files and deleted them that way.

New HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:34:52, on 11/13/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\WINDOWS\system32\hphmon05.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Palm\Hotsync.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\OdHost.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://centralkansas.cox.net/cci/home
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://v4.windowsupdate.microsoft.com/
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Yahoo! IE Suggest - {5A263CF7-56A6-4D68-A8CF-345BE45BC911} - C:\Program Files\Yahoo!\Search\YSearchSuggest.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint\Apoint.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [hpqSRMon] "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSRMon.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\Palm\Hotsync.exe
O4 - Global Startup: Wireless-G Notebook Adapter.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: AceIESecuritySettings - http://ww1.acehardware-acenet.com/Controls...itySettings.CAB
O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} (CamfrogWEB Advanced Unicode Control) - http://activex.camfrogweb.com/advanced/2.0..._instmodule.exe
O16 - DPF: {24B8CB65-C0D2-11D0-A523-444553540000} (AceExplorer Control) - http://ww1.acehardware-acenet.com/ACENET/C...xpl/AceExpl.cab
O16 - DPF: {41F841C0-AE16-11D5-8817-0050DA6EF5E5} (FarPoint Spread 6.0 (OLEDB)) - http://ww1.acehardware-acenet.com/ACENET/c...t60/fpspr60.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1131719767640
O16 - DPF: {8BF1A503-001F-11D0-A296-00A0246497B9} (ACENET Control) - http://ww1.acehardware-acenet.com/ACENET/C...ENET/ACECTL.CAB
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppD...ap/PhtPkMSN.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,23/mcgdmgr.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {C903C000-9C6E-419D-A0AC-2E760BBA3764} (MCSiMenuCtl Class) - http://ww1.acehardware-acenet.com/ACENET/C...Si/McsiMenu.cab
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - Unknown owner - C:\PROGRA~1\AVG\AVG8\avgemc.exe (file missing)
O23 - Service: AVG8 WatchDog (avg8wd) - Unknown owner - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe (file missing)
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: NICSer_WPC54G - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 11783 bytes

#13 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:36 AM

Posted 13 November 2008 - 11:58 AM

Hello.

That log looks clean.

If the errors still occur, please start a new topic in the Windows XP forum.

Create and Run Batch Script
  • Copy the following into a notepad (Start>Run>"notepad"). Do not copy the word "code".
    @ECHO OFF
    sc delete avg8emc
    sc delete avg8wd
    del %0
  • Click File, then Save As... .
  • Click Desktop on the left.
  • Under the Save as type dropdown, select All Files.
  • In the box File Name, input fix.bat
  • Hit OK.
When done properly, the icon should look like Posted Image.

Double click Fix.bat. The file will run and delete itself.

Run Cleanup with OTScantIt
This will remove all the tools we used.
  • Double click the OTScanIt.exe icon in the OTScanIt folder on your desktop. If you are using Windows Vista, right click OTScanIt.exe and select Run as Administrator.
  • Click the CleanUp bottun.
  • Restart if prompted.
Set New System Restore Point
Now you should Set a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since System Restore is a protected directory, your tools can not access it to delete these bad files which sometimes can reinfect your system. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click System Restor.
  • Choose the radio button marked "Create a Restore Point" on the first screen then click Next. Give the R.P. a name then click Create. The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then go to Start > Run and type:
    cleanmgr
  • Click OK.
  • Click the More Options Tab.
  • Click Clean Up in the System Restore section to remove all previous restore points except the newly created one.
Preventing Malware Infection in the Future
Please also have a look at the following links, giving some advice and suggestions for preventing future infections: Visit the Windows Update Site regularly.
  • Lots of Hacking/Trojans use the methods found (plugged by the updates) that have not been stopped by people not updating.
  • Update ALL Critical updates and any other Windows updates for services/programs that you use.
  • If you wish, you can also use automatic updates. This is a good thing to have if you want to be up-to-date all the time, but can also be a bit of an annoyance due to its handling and the sizes of the updates. If you wish to turn on automatic updates then you will find here is a nice little article about turning on automatic updates.
    Note that it will download them for you, but you still have to actually click install.
    If you do not want to have automatic updates turned on, or are on dial-up, you can always download updates separately at: http://windowsupdate.microsoft.com.
It is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector and Calendar of Updates.

Finally, and definitely the MOST IMPORTANT step, click on the following tutorial and follow each step listed there:

Simple and easy ways to keep your computer safe and secure on the Internet

For general slowness problems, take a look at Slow Computer/browser? It May Not Be Malware. Read How to use the Startup Database to identify and disable uneeded processes and increase the amount of available resources.

Do you have any further questions or concerns?

With Regards,
The Panda

#14 GoddardCat

GoddardCat
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:01:36 AM

Posted 13 November 2008 - 12:11 PM

I still have all the same errors and the messenger programs will not run. Should I go ahead and clean up the programs we used? I assume I should not create a new restore point. Should I start a new thread now in the XP forum?

Thanks so much for your help even though the problem is still there.

#15 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:36 AM

Posted 13 November 2008 - 03:18 PM

Hello.

Yes please run the cleanup and set a new restore point since you were infected.

Good luck in your new topic.

With Regards,
The Panda




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users