Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Vundo.trojan bundle and random songs/ads on desktop


  • This topic is locked This topic is locked
22 replies to this topic

#1 tyler987

tyler987

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Las Vegas, NV
  • Local time:08:00 PM

Posted 30 November 2008 - 01:52 AM

Around 11:50pm on 11/27/08 I was searching for Battlestar Galactica Season 1, Episode 1 on <hxxp://show-links.tv/> on the Firefox 3.0.4 browser. First time looking for free tv shows and I found this website from a Google search. As I was searching for working links to the episode, a full screen tab popped up. When I closed it, two more tabs popped up. Then my McAfee started to bug out; my virus protection and everything became disabled. When I clicked "Fix" in the McAfee security center screen, McAfee seemed to be working again because it started to detect adware, spyware, and trojans with strange names: spyware-webhancer, adware-isearch, tool-netmon, generic pup.d, vundo.gen.m (trojan), generic (trojan). However, it did not seem to be quarantining or removing any of the malware. This same problem occurred with McAfee about a month and half ago when I accidentally caught the "XP Antispyware 2009" virus. Luckily I had downloaded Malwarebytes' Anti-Malware to deal with the XP Antispyware 2009, and I used it now to scan and quarantine about 35 infections. I also initiated the McAfee Lockdown firewall, but it was probably too late to help.

After a reboot, I went on Firefox to research the trojans, when I started to hear music playing in the background. I did not recognize the music as anything I had on my computer, and no application except for Firefox was running. Then a couple ads popped up on my desktop. I closed Firefox, and some more ads popped up. I opened Firefox again to look this problem up on Google, but random tabs in the browser started to pop up, leading to yellowpages and other search engines, with addresses like [.]hxxp://2greatfind.com/search.php?query=firefox+random+tabs]. So I ran Malwarebytes again and quarantined 20 or so Vundo trojans. I used VundoFix too after Malwarebytes, but it found nothing. I also downloaded Windows Defender and it found one thing, [Adware:Win32/ZenoSearch]. In addition, Microsoft Auto-updates and Windows Firewall were disabled, so I re-enabled them.

So I looked this problem up on Google and found a topic on this site similar to my problem Random Audio Files and Ads (or: http://www.bleepingcomputer.com/forums/t/159488/random-audio-files-ads-music-clips-play-on-computer/). Boopme's comment scared me:
 

"...Yopu also had several rootkits. These can be very dangerous. They will take your personal information and send it home. They are looking for passwords,crdit card and other financial information so thsy can steal it. You should changeany and all passwords and finacial information stored on this PC.

Although the rootkit has been identified and may be removed, your PC has likely been compromised and there is no way to be sure the computer can ever be trusted again. It is dangerous and incorrect to assume that because the rootkit has been removed the computer is now secure. Many experts in the security community believe that once infected with this type of malware, the best course of action is to reformat and reinstall the OS. Please read " When should I re-format?and "Reformatting the computer or troubleshooting; which is best? "."

Specifically the comments about the rootkits, the computer never being secure again, and possibly having to reformat. Anyway I ran a Kaspersky online scan and it didn't find anything, so my question is, am I secure yet? Has my security been compromised permanently? Should I get some new firewalls and anti-virus software? Other than McAfee and Malwarebytes, like Avast! and Comodo? And is my McAfee possibly infected?

Here's the first two Malwarebytes scans, followed by the most recent Kaspersky online scan, and finally the RSIT (log.txt) and HijackThis (info.txt) logs. Sorry if I posted too much information; this is my first post and I thought more info rather than less would be helpful. Any and all help would be very much appreciated! I'm freaking out because I don't want to reformat if I don't have too, and I don't know if I have to reset all my passwords, or if my credit card information has been compromised!


------------------------------------------------------------

Malwarebytes' Anti-Malware 1.30
Database version: 1321
Windows 5.1.2600 Service Pack 3

11/28/2008 1:10:14 AM
mbam-log-2008-11-28 (01-10-14).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 145182
Time elapsed: 1 hour(s), 7 minute(s), 17 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 2
Registry Keys Infected: 11
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 4
Files Infected: 15

Memory Processes Infected:
c:\WINDOWS\system32\dwwnw64r.exe (Trojan.Agent) -> Unloaded process successfully.

Memory Modules Infected:
C:\WINDOWS\VHlsZXI\asappsrv.dll (Adware.CommAd) -> Delete on reboot.
C:\Program Files\webHancer\Programs\webhdll.dll (Adware.Webhancer) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{c89435b0-cdfe-11d3-976a-00e02913a9e0} (Adware.WebHancer) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c900b400-cdfe-11d3-976a-00e02913a9e0} (Adware.WebHancer) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{a394e835-c8d6-4b4b-884b-d2709059f3be} (Trojan.Network.Monitor) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3877c2cd-f137-4144-bdb2-0a811492f920} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Deewoo Network Manager (Adware.Radio) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\xpre (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\webHancer Agent (Adware.WebHancer) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdService (Adware.CommAd) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Network Monitor (Trojan.Service) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\prunnet (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{49-9a-a4-4e-dw} (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\Network Monitor (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Program Files\webHancer (Adware.Webhancer) -> Delete on reboot.
C:\Program Files\webHancer\Programs (Adware.Webhancer) -> Delete on reboot.
C:\Documents and Settings\LocalService\Application Data\NetMon (Trojan.NetMon) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\drivers\rawwann.sys (Rootkit.Agent.H) -> Delete on reboot.
C:\WINDOWS\VHlsZXI\asappsrv.dll (Adware.CommAd) -> Delete on reboot.
C:\Program Files\webHancer\Programs\webhdll.dll (Adware.Webhancer) -> Delete on reboot.
C:\WINDOWS\system32\DEC\E5MTDg4.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt (Trojan.NetMon) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt (Trojan.NetMon) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gside.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dwwnw64r.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\zxdnt3d.cfg. (Adware.ZenoSearch) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pac.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msnav32.ax (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\zxdnt3d.cfg (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\efcBrOfE.dll (Trojan.Vundo) -> Delete on reboot.
C:\Documents and Settings\Tyler\Start Menu\Programs\Startup\DW_Start.lnk (Malware.Links) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\core.cache.dsk (Rootkit.Agent) -> Delete on reboot.


------------------------------------------------------------


Malwarebytes' Anti-Malware 1.30
Database version: 1430
Windows 5.1.2600 Service Pack 3

11/28/2008 4:03:45 AM
mbam-log-2008-11-28 (04-03-45).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 148630
Time elapsed: 1 hour(s), 8 minute(s), 3 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 2
Registry Keys Infected: 8
Registry Values Infected: 6
Registry Data Items Infected: 2
Folders Infected: 1
Files Infected: 12

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\tigifofi.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\tifajuze.dll (Trojan.BHO) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c256e328-c39f-4ac7-aca5-27ed7f0bbc89} (Trojan.BHO.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{c256e328-c39f-4ac7-aca5-27ed7f0bbc89} (Trojan.BHO.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.BHO) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{c6c2dbb7-c45a-d31a-fa01-760c13ac184a} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{682d12ef-4991-2143-8421-e91b3dcfa5c3} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{682d12ef-4991-2143-8421-e91b3dcfa5c3} (Adware.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.BHO) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ssodl (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\gadcom (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lvifyducgn (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cpm5f37a97d (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vesafakepi (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.BHO) -> Data: c:\windows\system32\tifajuze.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.BHO) -> Data: system32\tifajuze.dll -> Quarantined and deleted successfully.

Folders Infected:
C:\Documents and Settings\Tyler\Local Settings\Temp\snapsnet (Trojan.Agent) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\tigifofi.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\ifofigit.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kubidima.dll (Trojan.BHO.H) -> Delete on reboot.
c:\WINDOWS\system32\tifajuze.dll (Trojan.BHO) -> Delete on reboot.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP378\A0067658.dll (Adware.CommAd) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP378\A0067662.dll (Adware.Webhancer) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hcyolfvfmhdl.dll-uninst.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\AI\nIE65FR.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Tyler\Local Settings\Temp\snapsnet\dPI191065.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jnzgfffvkdmfpaex.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\towusozo.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\~.exe (Trojan.Downloader) -> Quarantined and deleted successfully.


------------------------------------------------------------

KASPERSKY ONLINE SCANNER 7 REPORT
Saturday, November 29, 2008
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Saturday, November 29, 2008 20:22:01
Records in database: 1428083
Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes
Scan area My Computer
C:\
D:\
Scan statistics
Files scanned 97299
Threat name 0
Infected objects 0
Suspicious objects 0
Duration of the scan 01:50:38

No malware has been detected. The scan area is clean.
The selected area was scanned.

------------------------------------------------------------

(log.txt)

Logfile of random's system information tool 1.04 (written by random/random)
Run by Tyler at 2008-11-29 22:19:58
Microsoft Windows XP Professional Service Pack 3
System drive C: has 36 GB (40%) free of 90 GB
Total RAM: 2046 MB (50% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:20:00 PM, on 11/29/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Creative\VoiceCenter\AndreaVC.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\DOCUME~1\Tyler\LOCALS~1\Temp\clclean.0001
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Creative\Mixer\CTSVolFE.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe
C:\Program Files\TiVo\Desktop\TiVoNotify.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Pharos\bin\PSNotify.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\VirusScan\McShield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\TiVo\Desktop\TiVoServer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
c:\PROGRA~1\mcafee\msc\mcshell.exe
C:\Program Files\Pidgin\pidgin.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Tyler\My Documents\PC Updates\Anti-Virus\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\trend micro\Tyler.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: (no name) - {c256e328-c39f-4ac7-aca5-27ed7f0bbc89} - C:\WINDOWS\system32\kubidima.dll (file missing)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [MBMon] Rundll32 CTMBHA.DLL,MBMon
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [VoiceCenter] "C:\Program Files\Creative\VoiceCenter\AndreaVC.exe" /tray
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [CTSVolFE.exe] "C:\Program Files\Creative\Mixer\CTSVolFE.exe" /r
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [TivoTransfer] "C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe" /service /registry /auto:TivoTransfer
O4 - HKCU\..\Run: [TivoNotify] "C:\Program Files\TiVo\Desktop\TiVoNotify.exe" /service /registry /auto:TivoNotify
O4 - HKCU\..\Run: [TivoServer] "C:\Program Files\TiVo\Desktop\TiVoServer.exe" /service /registry
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [vesafakepi] Rundll32.exe "C:\WINDOWS\system32\towusozo.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [vesafakepi] Rundll32.exe "C:\WINDOWS\system32\towusozo.dll",s (User 'NETWORK SERVICE')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Pharos Notify.lnk = C:\Program Files\Pharos\bin\PSNotify.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by119fd.bay119.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1219706458890
O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} (Dell PC Checkup Installer Control) - http://pccheckup.dellfix.com/rel/41/install/gtdownde.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - AppInit_DLLs: karna.dat ,
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Pharos Systems ComTaskMaster - Pharos Systems International - C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: TiVo Beacon (TivoBeacon2) - TiVo Inc. - C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 14523 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\McDefragTask.job
C:\WINDOWS\tasks\McQcTask.job
C:\WINDOWS\tasks\MP Scheduled Scan.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-11-22 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]
McAfee SiteAdvisor BHO - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2008-09-30 145424]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c256e328-c39f-4ac7-aca5-27ed7f0bbc89}]
C:\WINDOWS\system32\kubidima.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-11-22 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-11-22 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2008-09-30 145424]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-03-08 761947]
"Broadcom Wireless Manager UI"=C:\WINDOWS\system32\WLTRAY.exe [2006-11-01 1392640]
"ATICCC"=C:\Program Files\ATI Technologies\ATI.ACE\cli.exe [2005-08-12 45056]
"Dell QuickSet"=C:\Program Files\Dell\QuickSet\quickset.exe [2006-04-06 1032192]
"CTSysVol"=C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe [2005-10-31 57344]
"MBMon"=Rundll32 CTMBHA.DLL []
"UpdReg"=C:\WINDOWS\UpdReg.EXE [2000-05-10 90112]
"VoiceCenter"=C:\Program Files\Creative\VoiceCenter\AndreaVC.exe [2006-01-02 1126400]
"DVDLauncher"=C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe [2005-12-09 49152]
"ISUSPM Startup"=C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe [2005-06-10 249856]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2005-06-10 81920]
"DMXLauncher"=C:\Program Files\Dell\Media Experience\DMXLauncher.exe [2005-01-26 86016]
""= []
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-11-22 136600]
"dla"=C:\WINDOWS\system32\dla\tfswctrl.exe [2005-05-31 122941]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2007-04-27 282624]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2007-04-27 257088]
"dscactivate"=C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe [2007-11-15 16384]
"CTSVolFE.exe"=C:\Program Files\Creative\Mixer\CTSVolFE.exe [2005-02-23 57344]
"SigmatelSysTrayApp"=C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe [2007-05-10 405504]
"DellSupportCenter"=C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2008-08-13 206064]
"mcagent_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2007-11-01 582992]
"Kernel and Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2008-02-29 76304]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2006-11-03 866584]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ModemOnHold"=C:\Program Files\NetWaiting\netWaiting.exe [2003-09-09 20480]
"SetDefaultMIDI"=C:\WINDOWS\MIDIDef.exe [2004-12-22 24576]
"Creative Detector"=C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe [2004-12-02 102400]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]
"Steam"= []
"DellSupport"=C:\Program Files\DellSupport\DSAgnt.exe [2007-03-15 460784]
"DellSupportCenter"=C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2008-08-13 206064]
"TivoTransfer"=C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe [2007-09-25 1195008]
"TivoNotify"=C:\Program Files\TiVo\Desktop\TiVoNotify.exe [2007-09-25 384000]
"TivoServer"=C:\Program Files\TiVo\Desktop\TiVoServer.exe [2007-09-25 1495040]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-10-18 204288]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe
Pharos Notify.lnk - C:\Program Files\Pharos\bin\PSNotify.exe
Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe

C:\Documents and Settings\Tyler\Start Menu\Programs\Startup
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="karna.dat , "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2006-02-15 61440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn]
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll [2008-05-02 72208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-13 239616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2008-05-26 304128]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TDSSserv.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TDSSserv.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Disabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Disabled:AOL"
"C:\Program Files\Starcraft\StarCraft.exe"="C:\Program Files\Starcraft\StarCraft.exe:*:Enabled:Starcraft"
"C:\Program Files\THQ\Dawn Of War\W40k.exe"="C:\Program Files\THQ\Dawn Of War\W40k.exe:*:Enabled:W40k"
"C:\Program Files\THQ\Dawn Of War\W40kWA.exe"="C:\Program Files\THQ\Dawn Of War\W40kWA.exe:*:Enabled:W40kWA"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Warcraft III\Frozen Throne.exe"="C:\Program Files\Warcraft III\Frozen Throne.exe:*:Enabled:Warcraft III - The Frozen Throne"
"C:\Program Files\Warcraft III\Warcraft III.exe"="C:\Program Files\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III"
"C:\Program Files\EA Games\Command & Conquer The First Decade\Command & Conquer Red Alert™ II\RA2\game.exe"="C:\Program Files\EA Games\Command & Conquer The First Decade\Command & Conquer Red Alert™ II\RA2\game.exe:*:Enabled:Main executable for Red Alert 2"
"C:\Program Files\Microsoft Games\Halo Trial\halo.exe"="C:\Program Files\Microsoft Games\Halo Trial\halo.exe:*:Enabled:Halo"
"C:\Program Files\Microsoft Games\Halo\halo.exe"="C:\Program Files\Microsoft Games\Halo\halo.exe:*:Enabled:Halo"
"C:\WINDOWS\system32\java.exe"="C:\WINDOWS\system32\java.exe:*:Enabled:Java™ 2 Platform Standard Edition binary"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\WINDOWS\system32\LEXPPS.EXE"="C:\WINDOWS\system32\LEXPPS.EXE:*:Enabled:LEXPPS.EXE"
"C:\Program Files\Steam\steamapps\tymack193@msn.com\counter-strike source\hl2.exe"="C:\Program Files\Steam\steamapps\tymack193@msn.com\counter-strike source\hl2.exe:*:Enabled:hl2"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\THQ\Dawn of War - Dark Crusade\DarkCrusade.exe"="C:\Program Files\THQ\Dawn of War - Dark Crusade\DarkCrusade.exe:*:Enabled:DarkCrusade"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Disabled:America Online 9.0"
"C:\Program Files\Pharos\bin\PSNotify.exe"="C:\Program Files\Pharos\bin\PSNotify.exe:*:Enabled:Pharos Notify Client "
"C:\Program Files\BitTorrent_DNA\dna.exe"="C:\Program Files\BitTorrent_DNA\dna.exe:*:Enabled:BitTorrent DNA"
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe"="C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe:LocalSubNet:Enabled:TiVo Beacon Service"
"C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe"="C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe:LocalSubNet:Enabled:TiVo Transfer Service"
"C:\Program Files\TiVo\Desktop\TiVoServer.exe"="C:\Program Files\TiVo\Desktop\TiVoServer.exe:LocalSubNet:Enabled:TiVo Server Service"
"C:\Program Files\TiVo\Desktop\TiVoDesktop.exe"="C:\Program Files\TiVo\Desktop\TiVoDesktop.exe:LocalSubNet:Enabled:TiVo Desktop User Interface"
"C:\Program Files\DNA\btdna.exe"="C:\Program Files\DNA\btdna.exe:*:Enabled:DNA"
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe"="C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\WINDOWS\explorer.exe"="C:\WINDOWS\explorer.exe:*:Enabled:Explorer"
"C:\WINDOWS\system32\searchprotocolhost.exe"="C:\WINDOWS\system32\searchprotocolhost.exe:*:Enabled:SearchProtocolHost"
"C:\WINDOWS\system32\logonui.exe"="C:\WINDOWS\system32\logonui.exe:*:Enabled:logonui"
"C:\WINDOWS\system32\winlogon.exe"="C:\WINDOWS\system32\winlogon.exe:*:Enabled:winlogon"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0"
"C:\Program Files\Pharos\bin\PSNotify.exe"="C:\Program Files\Pharos\bin\PSNotify.exe:*:Enabled:Pharos Notify Client "
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"

======List of files/folders created in the last 3 months======

2008-12-21 20:59:26 ----A---- C:\WINDOWS\system32\DivXVfWCodec.dll
2008-12-21 20:59:24 ----A---- C:\WINDOWS\system32\SamsungVfWCodec.dll
2008-12-21 20:59:08 ----A---- C:\WINDOWS\system32\OpenQuicktimeLib.dll
2008-12-21 20:59:00 ----A---- C:\WINDOWS\system32\3ivxVfWCodec.dll
2008-12-21 20:58:56 ----A---- C:\WINDOWS\system32\3ivx.dll
2008-12-21 20:52:02 ----A---- C:\WINDOWS\system32\libfaac.dll
2008-11-29 00:38:11 ----D---- C:\Program Files\trend micro
2008-11-29 00:38:10 ----D---- C:\rsit
2008-11-28 22:04:04 ----D---- C:\Program Files\Windows Defender
2008-11-28 20:26:31 ----A---- C:\WINDOWS\system32\MRT.exe
2008-11-28 20:25:44 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-11-28 20:25:10 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2008-11-28 20:24:31 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-11-28 20:23:41 ----SHD---- C:\Config.Msi
2008-11-28 19:50:48 ----D---- C:\VundoFix Backups
2008-11-28 19:50:48 ----A---- C:\VundoFix.txt
2008-11-28 11:44:09 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2008-11-27 23:52:56 ----SHD---- C:\WINDOWS\VHlsZXI
2008-11-27 23:52:09 ----A---- C:\WINDOWS\system32\oaffltcucgnexuyqv.exe
2008-11-27 23:52:03 ----D---- C:\WINDOWS\system32\oca
2008-11-27 23:52:03 ----D---- C:\WINDOWS\system32\ns5
2008-11-27 23:52:03 ----D---- C:\WINDOWS\system32\LN
2008-11-27 23:52:03 ----D---- C:\WINDOWS\system32\jec
2008-11-27 23:52:03 ----D---- C:\WINDOWS\system32\DEC
2008-11-27 23:52:03 ----D---- C:\WINDOWS\system32\AI
2008-11-27 23:51:26 ----D---- C:\WINDOWS\system32\dPI19
2008-11-27 23:51:26 ----D---- C:\Temp
2008-11-27 23:51:20 ----A---- C:\WINDOWS\system32\MPFServiceFailureCount.txt
2008-11-22 22:39:41 ----A---- C:\WINDOWS\system32\javaws.exe
2008-11-22 22:39:41 ----A---- C:\WINDOWS\system32\javaw.exe
2008-11-22 22:39:41 ----A---- C:\WINDOWS\system32\java.exe
2008-11-22 22:39:41 ----A---- C:\WINDOWS\system32\deploytk.dll
2008-10-23 21:12:05 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-10-18 23:13:21 ----A---- C:\WINDOWS\msoffice.ini
2008-10-18 17:16:15 ----D---- C:\WINDOWS\system32\appmgmt
2008-10-18 14:57:54 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-10-18 14:57:48 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-10-18 14:57:41 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-10-18 14:55:58 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-10-18 14:55:47 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-10-18 11:28:30 ----D---- C:\Documents and Settings\Tyler\Application Data\Malwarebytes
2008-10-18 11:28:25 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-18 11:28:25 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-18 11:05:40 ----A---- C:\WINDOWS\uqohesygan.com
2008-10-18 11:05:40 ----A---- C:\WINDOWS\system32\tupul.dll
2008-10-18 11:05:40 ----A---- C:\WINDOWS\mewofylobu.bat
2008-10-18 11:05:40 ----A---- C:\WINDOWS\equmyhuwir.exe
2008-10-18 11:05:40 ----A---- C:\Documents and Settings\Tyler\Application Data\qasili.dll
2008-10-17 17:25:47 ----D---- C:\Program Files\NOS
2008-10-17 17:25:47 ----D---- C:\Documents and Settings\All Users\Application Data\NOS
2008-10-13 23:12:59 ----D---- C:\Program Files\3ivx
2008-10-12 16:46:23 ----D---- C:\Documents and Settings\Tyler\Application Data\WinRAR
2008-10-12 16:37:27 ----D---- C:\Program Files\WinRAR
2008-09-30 16:43:34 ----A---- C:\WINDOWS\system32\msxml4.dll
2008-09-20 10:11:57 ----D---- C:\Documents and Settings\Tyler\Application Data\Logitech
2008-09-20 10:10:51 ----R---- C:\WINDOWS\bwUnin-8.1.1.50-8876480SL.exe
2008-09-20 10:09:17 ----HDC---- C:\WINDOWS\$NtUninstallWdf01005$
2008-09-20 10:07:56 ----A---- C:\WINDOWS\system32\BtCoreIf.dll
2008-09-20 10:07:50 ----A---- C:\WINDOWS\system32\KemXML.dll
2008-09-20 10:07:50 ----A---- C:\WINDOWS\system32\KemWnd.dll
2008-09-20 10:07:50 ----A---- C:\WINDOWS\system32\KemUtil.dll
2008-09-20 10:07:50 ----A---- C:\WINDOWS\system32\kemutb.dll
2008-09-20 10:07:14 ----D---- C:\Documents and Settings\All Users\Application Data\Logitech
2008-09-20 10:07:06 ----D---- C:\Program Files\Common Files\Logishrd
2008-09-20 10:06:56 ----D---- C:\Program Files\Logitech
2008-09-20 10:06:07 ----D---- C:\Documents and Settings\All Users\Application Data\LogiShrd
2008-09-14 12:33:41 ----A---- C:\WINDOWS\system32\PSSAF3CA.DLL
2008-09-14 12:32:57 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-09-14 12:32:11 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$

======List of files/folders modified in the last 3 months======

2008-11-29 22:12:59 ----D---- C:\Documents and Settings\Tyler\Application Data\.purple
2008-11-29 21:53:33 ----D---- C:\WINDOWS\Temp
2008-11-29 19:02:50 ----D---- C:\Program Files\Mozilla Firefox
2008-11-29 18:06:22 ----D---- C:\WINDOWS\Prefetch
2008-11-29 13:37:16 ----D---- C:\WINDOWS
2008-11-29 13:36:58 ----A---- C:\WINDOWS\ModemLog_Conexant HDA D110 MDC V.92 Modem.txt
2008-11-29 13:36:55 ----D---- C:\WINDOWS\system32\CatRoot2
2008-11-29 13:36:39 ----SD---- C:\WINDOWS\Tasks
2008-11-29 13:33:22 ----D---- C:\WINDOWS\system32
2008-11-29 03:26:59 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-11-29 00:38:11 ----D---- C:\Program Files
2008-11-28 22:45:29 ----SHD---- C:\System Volume Information
2008-11-28 22:45:29 ----D---- C:\WINDOWS\system32\Restore
2008-11-28 22:04:14 ----SHD---- C:\WINDOWS\Installer
2008-11-28 22:04:06 ----HD---- C:\WINDOWS\inf
2008-11-28 22:04:04 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-11-28 20:26:17 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-11-28 20:25:47 ----RSHD---- C:\WINDOWS\system32\dllcache
2008-11-28 20:25:47 ----D---- C:\WINDOWS\system32\drivers
2008-11-28 20:25:43 ----HD---- C:\WINDOWS\$hf_mig$
2008-11-28 20:25:14 ----A---- C:\WINDOWS\imsins.BAK
2008-11-28 20:23:56 ----D---- C:\WINDOWS\WinSxS
2008-11-28 11:44:23 ----D---- C:\WINDOWS\SoftwareDistribution
2008-11-28 11:44:14 ----D---- C:\WINDOWS\Help
2008-11-28 04:16:47 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-11-28 01:16:56 ----D---- C:\Program Files\McAfee
2008-11-26 02:08:47 ----A---- C:\WINDOWS\win.ini
2008-11-25 15:23:29 ----D---- C:\Documents and Settings\Tyler\Application Data\LimeWire
2008-11-24 17:04:22 ----D---- C:\WINDOWS\system32\CatRoot
2008-11-22 22:39:09 ----D---- C:\Program Files\Java
2008-11-11 14:22:39 ----D---- C:\Documents and Settings\Tyler\Application Data\BitTorrent
2008-10-25 15:41:20 ----SHD---- C:\WINDOWS\CSC
2008-10-23 14:24:03 ----A---- C:\WINDOWS\system.ini
2008-10-22 19:38:13 ----D---- C:\Program Files\Microsoft Silverlight
2008-10-22 18:23:30 ----HD---- C:\Program Files\InstallShield Installation Information
2008-10-22 18:23:30 ----D---- C:\Program Files\Rockstar Games
2008-10-22 13:07:37 ----SD---- C:\Documents and Settings\Tyler\Application Data\Microsoft
2008-10-19 14:40:13 ----D---- C:\Program Files\Warcraft III
2008-10-19 14:37:33 ----D---- C:\Program Files\Starcraft
2008-10-19 09:52:14 ----D---- C:\Documents and Settings\Tyler\Application Data\OfficeUpdate12
2008-10-18 23:15:26 ----D---- C:\Program Files\Google
2008-10-18 23:15:26 ----D---- C:\Program Files\Common Files
2008-10-18 23:13:42 ----D---- C:\Program Files\Common Files\AOL
2008-10-18 23:13:42 ----D---- C:\Documents and Settings\All Users\Application Data\AOL
2008-10-18 23:09:25 ----D---- C:\Documents and Settings\All Users\Application Data\Google
2008-10-18 14:57:30 ----D---- C:\Program Files\Internet Explorer
2008-10-18 12:40:50 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-10-18 11:02:51 ----D---- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-10-17 17:24:38 ----D---- C:\Documents and Settings\Tyler\Application Data\Adobe
2008-10-16 14:13:40 ----A---- C:\WINDOWS\system32\wuaueng.dll
2008-10-16 14:12:22 ----A---- C:\WINDOWS\system32\wucltui.dll
2008-10-16 14:12:20 ----A---- C:\WINDOWS\system32\wuapi.dll
2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\wups2.dll
2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\wuauclt.exe
2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\cdm.dll
2008-10-16 14:09:40 ----A---- C:\WINDOWS\system32\wucltui.dll.mui
2008-10-16 14:08:58 ----A---- C:\WINDOWS\system32\wups.dll
2008-10-16 14:07:14 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui
2008-10-15 08:34:24 ----A---- C:\WINDOWS\system32\netapi32.dll
2008-10-09 18:02:35 ----D---- C:\Documents and Settings\All Users\Application Data\McAfee
2008-10-03 09:41:15 ----A---- C:\WINDOWS\system32\ieframe.dll
2008-09-20 10:10:03 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-09-12 03:15:49 ----D---- C:\Documents and Settings\Tyler\Application Data\DNA
2008-09-11 07:52:04 ----AC---- C:\WINDOWS\dellstat.ini
2008-09-11 07:49:47 ----D---- C:\Documents and Settings\Tyler\Application Data\AdobeUM
2008-09-09 17:14:56 ----A---- C:\WINDOWS\system32\msxml6.dll
2008-09-06 23:28:35 ----D---- C:\Program Files\DNA
2008-09-05 22:30:42 ----A---- C:\WINDOWS\system32\WgaLogon.dll
2008-09-05 22:30:06 ----A---- C:\WINDOWS\system32\LegitCheckControl.dll
2008-09-05 22:29:58 ----N---- C:\WINDOWS\system32\WgaTray.exe
2008-09-04 09:15:04 ----A---- C:\WINDOWS\system32\msxml3.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 APPDRV;APPDRV; C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS [2005-08-12 16128]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 mfehidk;McAfee Inc. mfehidk; C:\WINDOWS\system32\drivers\mfehidk.sys [2007-11-22 201320]
R1 MPFP;MPFP; C:\WINDOWS\System32\Drivers\Mpfp.sys [2007-07-13 113952]
R1 omci;OMCI WDM Device Driver; C:\WINDOWS\system32\DRIVERS\omci.sys [2004-02-13 17153]
R1 sscdbhk5;sscdbhk5; C:\WINDOWS\system32\drivers\sscdbhk5.sys [2005-05-13 5627]
R1 ssrtln;ssrtln; C:\WINDOWS\system32\drivers\ssrtln.sys [2005-05-13 23545]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R2 ASCTRM;ASCTRM; C:\WINDOWS\system32\drivers\ASCTRM.sys [2006-08-02 8552]
R2 BTSERIAL;Bluetooth Serial Driver; \??\C:\WINDOWS\system32\drivers\btserial.sys []
R2 drvnddm;drvnddm; C:\WINDOWS\system32\drivers\drvnddm.sys [2005-04-21 40544]
R2 dsunidrv;DellSupport UniDriver; C:\WINDOWS\system32\DRIVERS\dsunidrv.sys [2007-02-25 5376]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2005-10-04 12544]
R2 PfModNT;PfModNT; \??\C:\WINDOWS\system32\drivers\PfModNT.sys []
R2 tfsnboio;tfsnboio; C:\WINDOWS\system32\dla\tfsnboio.sys [2005-05-31 25725]
R2 tfsncofs;tfsncofs; C:\WINDOWS\system32\dla\tfsncofs.sys [2005-05-31 34845]
R2 tfsndrct;tfsndrct; C:\WINDOWS\system32\dla\tfsndrct.sys [2005-05-31 4125]
R2 tfsndres;tfsndres; C:\WINDOWS\system32\dla\tfsndres.sys [2005-05-31 2241]
R2 tfsnifs;tfsnifs; C:\WINDOWS\system32\dla\tfsnifs.sys [2005-05-31 86876]
R2 tfsnopio;tfsnopio; C:\WINDOWS\system32\dla\tfsnopio.sys [2005-05-31 15069]
R2 tfsnpool;tfsnpool; C:\WINDOWS\system32\dla\tfsnpool.sys [2005-05-31 6365]
R2 tfsnudf;tfsnudf; C:\WINDOWS\system32\dla\tfsnudf.sys [2005-05-31 98716]
R2 tfsnudfa;tfsnudfa; C:\WINDOWS\system32\dla\tfsnudfa.sys [2005-05-31 100605]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-02-15 1421312]
R3 BCM43XX;Dell Wireless WLAN Card Driver; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2006-10-12 604928]
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys [2005-08-05 45312]
R3 btaudio;Bluetooth Audio Device; C:\WINDOWS\system32\drivers\btaudio.sys [2006-05-24 328237]
R3 BTKRNL;Bluetooth Bus Enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2006-05-24 851434]
R3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2006-05-24 66488]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys [2005-12-08 142336]
R3 CTUSFSYN;Creative SoundFont Synthesizer; C:\WINDOWS\system32\drivers\ctusfsyn.sys [2006-08-07 162176]
R3 DSproct;DSproct; \??\C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys []
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2006-09-19 15664]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys [2005-11-30 936960]
R3 HSXHWAZL;HSXHWAZL; C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys [2005-11-30 192512]
R3 mfeavfk;McAfee Inc. mfeavfk; C:\WINDOWS\system32\drivers\mfeavfk.sys [2007-11-22 79304]
R3 mfebopk;McAfee Inc. mfebopk; C:\WINDOWS\system32\drivers\mfebopk.sys [2007-11-22 35240]
R3 mfesmfk;McAfee Inc. mfesmfk; C:\WINDOWS\system32\drivers\mfesmfk.sys [2007-12-02 40488]
R3 monfilt;monfilt; C:\WINDOWS\system32\drivers\monfilt.sys [2006-01-04 1389056]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\DRIVERS\ctoss2k.sys [2005-12-08 114688]
R3 rimmptsk;rimmptsk; C:\WINDOWS\system32\DRIVERS\rimmptsk.sys [2005-07-14 28544]
R3 rimsptsk;rimsptsk; C:\WINDOWS\system32\DRIVERS\rimsptsk.sys [2005-07-12 51328]
R3 rismxdp;Ricoh xD-Picture Card Driver; C:\WINDOWS\system32\DRIVERS\rixdptsk.sys [2005-07-14 307968]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2007-05-10 1222840]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2006-03-08 191872]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys [2005-11-30 669696]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
S1 rawwann;rawwann; C:\WINDOWS\System32\drivers\rawwann.sys []
S3 BTDriver;Bluetooth Virtual Communications Driver; C:\WINDOWS\system32\DRIVERS\btport.sys [2006-05-24 30427]
S3 BTWDNDIS;Bluetooth LAN Access Server; C:\WINDOWS\system32\DRIVERS\btwdndis.sys [2006-05-24 148900]
S3 btwhid;btwhid; C:\WINDOWS\system32\DRIVERS\btwhid.sys [2006-05-24 45683]
S3 btwmodem;Bluetooth Modem; C:\WINDOWS\system32\DRIVERS\btwmodem.sys [2006-05-24 30285]
S3 BVRPMPR5;BVRPMPR5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\drivers\BVRPMPR5.SYS []
S3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-17 117760]
S3 genmcmnUSB;USB Scroll Mouse Driver; C:\WINDOWS\system32\DRIVERS\gflmouhid.sys [2004-04-19 6656]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys [2008-02-29 35344]
S3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys [2008-02-29 36880]
S3 mferkdk;McAfee Inc. mferkdk; C:\WINDOWS\system32\drivers\mferkdk.sys [2007-11-22 33832]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 naecd;naecd; \??\C:\DOCUME~1\Tyler\LOCALS~1\Temp\naecd.sys []
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 sffdisk;SFF Storage Class Driver; C:\WINDOWS\system32\DRIVERS\sffdisk.sys [2008-04-13 11904]
S3 sffp_sd;SFF Storage Protocol Driver for SDBus; C:\WINDOWS\system32\DRIVERS\sffp_sd.sys [2008-04-13 11008]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys []
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2008-04-13 5504]
S4 mchInjDrv;mchInjDrv; \??\C:\WINDOWS\TEMP\mc28.tmp []
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 sr;System Restore Filter Driver; C:\WINDOWS\system32\DRIVERS\sr.sys [2008-04-13 73472]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-02-15 405504]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2006-05-24 266295]
R2 Creative Labs Licensing Service;Creative Labs Licensing Service; C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe [2006-08-02 69632]
R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.exe [1999-12-12 44032]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-11-22 152984]
R2 LexBceS;LexBce Server; C:\WINDOWS\system32\LEXBCES.EXE [2004-03-04 311296]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [2008-10-08 203280]
R2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2008-01-09 767976]
R2 McNASvc;McAfee Network Agent; c:\program files\common files\mcafee\mna\mcnasvc.exe [2008-01-25 2458128]
R2 McProxy;McAfee Proxy Service; c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [2007-08-15 359248]
R2 McShield;McAfee Real-time Scanner; C:\Program Files\McAfee\VirusScan\McShield.exe [2007-07-24 144704]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 MpfService;McAfee Personal Firewall Service; C:\Program Files\McAfee\MPF\MPFSrv.exe [2007-07-18 856864]
R2 MSK80Service;McAfee SpamKiller Service; C:\Program Files\McAfee\MSK\MskSrver.exe [2007-11-26 23880]
R2 MSSQL$MICROSOFTSMLBIZ;MSSQL$MICROSOFTSMLBIZ; C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe [2008-05-25 9154560]
R2 NICCONFIGSVC;NICCONFIGSVC; C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe [2006-04-06 380928]
R2 Pharos Systems ComTaskMaster;Pharos Systems ComTaskMaster; C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe [2005-10-11 294912]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2008-03-03 66872]
R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter); C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2008-08-13 201968]
R2 TivoBeacon2;TiVo Beacon; C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe [2007-09-25 867328]
R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
R2 wltrysvc;Dell Wireless WLAN Tray Service; C:\WINDOWS\System32\WLTRYSVC.EXE [2006-11-01 20480]
R2 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2007-04-27 500800]
R3 McSysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [2007-12-05 695624]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 DSBrokerService;DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [2007-03-07 76848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
S3 getPlus® Helper;getPlus® Helper; C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [2008-08-29 33752]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
S3 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe [2008-05-02 121360]
S3 McODS;McAfee Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [2007-11-07 378184]
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2005-05-03 73728]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 SQLAgent$MICROSOFTSMLBIZ;SQLAgent$MICROSOFTSMLBIZ; C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlagent.EXE [2005-05-03 323584]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]

-----------------EOF-----------------



------------------------------------------------------------

(info.txt)

info.txt logfile of random's system information tool 1.04 2008-11-29 00:38:31

======Uninstall list======

-->"C:\Program Files\Creative\SBAudigy\Program\CTZapxx.EXE" ctsbmb.ini /U /N /S /W
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0B095086-7205-4D48-90DF-DCD16613C6D4}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0B095086-7205-4D48-90DF-DCD16613C6D4}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{103BCDA0-E063-46AC-8028-64E78722ABA7}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{103BCDA0-E063-46AC-8028-64E78722ABA7}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2616B36E-38CE-4357-8AB5-8B3EE9B1C117}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2616B36E-38CE-4357-8AB5-8B3EE9B1C117}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{32B4B536-4443-42F0-9676-98373BE9114F}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{32B4B536-4443-42F0-9676-98373BE9114F}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{34EBD418-B8E6-4E86-89C4-33B72CF5663F}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{34EBD418-B8E6-4E86-89C4-33B72CF5663F}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{52338F65-A1C3-4CDC-B733-50051682B297}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{52338F65-A1C3-4CDC-B733-50051682B297}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{569A9538-86EC-44C3-8EE4-C68B165F2A75}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{569A9538-86EC-44C3-8EE4-C68B165F2A75}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5B17E626-7885-4FC3-A66A-73548A4F01FD}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5B17E626-7885-4FC3-A66A-73548A4F01FD}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{73919E2B-725C-4FAA-8473-45E063A3575F}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{73919E2B-725C-4FAA-8473-45E063A3575F}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7AFFF09F-386B-4F7A-B3E0-EC24C13893AA}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7AFFF09F-386B-4F7A-B3E0-EC24C13893AA}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7E9BE6D1-680B-49B2-A2B0-CBC32D20DF04}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8A3F2ADE-DEF2-4A50-866A-6B9357B5590F}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8A3F2ADE-DEF2-4A50-866A-6B9357B5590F}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{943884D4-B604-496F-B132-DFA9C63FAF6A}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AA2CA846-C6DB-4468-B291-18D4BA359656}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DAAC5938-8026-4D0C-A476-D1954917B7F5}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DAAC5938-8026-4D0C-A476-D1954917B7F5}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DE4A4C48-2232-4CCB-AD61-490ACD29BA85}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DE4A4C48-2232-4CCB-AD61-490ACD29BA85}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EEEF992E-270C-4B4C-8389-4B3DEEE33190}\Setup.exe" -l0x9
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
3ivx MPEG-4 5.0.2 (remove only)-->"C:\Program Files\3ivx\3ivx MPEG-4 5.0.2\uninstaller.exe"
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 7.0.9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
Adobe Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Advertisement Service-->C:\WINDOWS\system32\prunnet.exe Uninstall
Andrea VoiceCenter-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8D2AE3F6-79DF-423C-91CB-389F6FB5837B}\Setup.exe" -Remove
AOLIcon-->MsiExec.exe /I{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}
ATI Catalyst Control Center-->MsiExec.exe /I{0D251F37-10CB-46DF-BFA0-4702218DB0B6}
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Avid DVD by Sonic-->MsiExec.exe /I{353073E8-1185-4823-8F3A-A1F4AF6DD2CD}
Blast Thru-->C:\WINDOWS\uninst.exe -f"C:\Program Files\Galaxy of Arcade\Blast Thru\DeIsL1.isu" -c"C:\Program Files\Galaxy of Arcade\Blast Thru\_ISREG32.DLL"
Broadcom Management Programs-->MsiExec.exe /I{26E1BFB0-E87E-4696-9F89-B467F01F81E5}
CDDRV_Installer-->MsiExec.exe /I{0C826C5B-B131-423A-A229-C71B3CACCD6A}
Combat-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{65E4833F-CA1B-11D5-A227-0050BA4AC847}\Setup.exe" -l0x9
Command & Conquer The First Decade-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{66D6F3BD-CA23-41A4-9FA3-96B26B32528C}\setup.exe" -l0x9 -removeonly
Conexant HDA D110 MDC V.92 Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3\HXFSETUP.EXE -U -Idel1028p.inf
Corel Photo Album 6-->MsiExec.exe /X{8A9B8148-DDD7-448F-BD6C-358386D32354}
Creative MediaSource-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}\Setup.exe" -l0x9 /remove
Dawn of War - Dark Crusade-->C:\Program Files\InstallShield Installation Information\{FF39FC01-819B-42E4-AE49-1968AF12DDD4}\setup.exe -runfromtemp -l0x0009 -removeonly
Dell Digital Jukebox Driver-->C:\Program Files\Dell\Digital Jukebox Drivers\DrvUnins.exe /s
Dell Game Console-->"C:\Program Files\WildTangent\Apps\Dell Game Console\Uninstall.exe"
Dell Media Experience-->MsiExec.exe /I{AC0EE5B0-A8FB-4D0A-AF03-2EDC518F841B}
Dell Photo Printer 720-->C:\WINDOWS\system32\spool\drivers\w32x86\3\DLBCUN5C.EXE -dDell Photo Printer 720
Dell Support Center (Support Software)-->MsiExec.exe /X{E3BFEE55-39E2-4BE0-B966-89FE583822C1}
Dell Wireless WLAN Card-->"C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Program Files\Dell\Dell Wireless WLAN Card"
DellSupport-->MsiExec.exe /X{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}
Digital Content Portal-->MsiExec.exe /I{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}
Digital Line Detect-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
Documentation & Support Launcher-->MsiExec.exe /X{B0DF58A2-40DF-4465-AA56-38623EC9938C}
DOOM Collector's Edition-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\DOOM Collector's Edition\DC.isu"
EducateU-->MsiExec.exe /I{A683A2C0-821C-486F-858C-FA634DB5E864}
ELIcon-->MsiExec.exe /I{4667B940-BB01-428B-986E-A0CC46497BF7}
erLT-->MsiExec.exe /I{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}
Games, Music, & Photos Launcher-->MsiExec.exe /X{B6884A07-0305-47AE-9969-8F26FADC17DE}
GTK+ Runtime 2.10.13 rev a (remove only)-->C:\Program Files\Common Files\GTK\2.0\uninst.exe
High Definition Audio Driver Package - KB835221-->C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
Hotfix 2050 for SQL Server 2000 ENU (KB948110)-->"C:\WINDOWS\$SQLUninstallSQL2000-KB948110-v8.00.2050-x86-ENU$\spuninst\spuninst.exe"
Hotfix for Microsoft .NET Framework 3.0 (KB932471)-->C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {ECD292A0-0347-4244-8C24-5DBCE990FB40} /package {BAF78226-3200-4DB4-BE33-4D922A799840}
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Format SDK (KB902344)-->"C:\WINDOWS\$NtUninstallKB902344$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB915800-v4)-->"C:\WINDOWS\$NtUninstallKB915800-v4$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Internet Service Offers Launcher-->MsiExec.exe /X{E42BD75A-FC23-4E3F-9F91-2658334C644F}
iTunes-->MsiExec.exe /I{3592F5CB-B524-43AA-92F2-2377268199CC}
J2SE Runtime Environment 5.0 Update 10-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
J2SE Runtime Environment 5.0 Update 11-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Jasc Paint Shop Photo Album-->MsiExec.exe /I{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}
Jasc Paint Shop Pro 8 Dell Edition-->MsiExec.exe /I{81A34902-9D0B-4920-A25C-4CDC5D14B328}
Java 2 Runtime Environment, SE v1.4.2_03-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030}
Java™ 6 Update 10-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}
Java™ 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java™ 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Java™ SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
KhalInstallWrapper-->MsiExec.exe /I{3101CB58-3482-4D21-AF1A-7057FC935355}
Learn2 Player (Uninstall Only)-->C:\Program Files\Learn2.com\StRunner\stuninst.exe
LimeWire 4.18.2-->"C:\Program Files\LimeWire\uninstall.exe"
Logitech Desktop Messenger-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\SETUP.EXE" -l0x9 UNINSTALL
Logitech SetPoint-->C:\Program Files\InstallShield Installation Information\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}\setup.exe -runfromtemp -l0x0009 -removeonly
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Max Payne 2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFE1AB94-5466-4B6E-BE31-FF4C115FD25D}\setup.exe" -l0x9
McAfee SecurityCenter-->C:\Program Files\McAfee\MSC\mcuninst.exe
McAfee Uninstaller-->C:\PROGRA~1\McAfee.com\Shared\mcappins.exe /v=3 /uninstall=1 /interact=1 /script_proactive=0 /start=c:\PROGRA~1\mcafee.com\agent\uninst\comrem.dll::uninstall.htm
MCU-->MsiExec.exe /I{D2988E9B-C73F-422C-AD4B-A66EBE257120}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft .NET Framework 3.0 Service Pack 1-->MsiExec.exe /I{2BA00471-0328-3743-93BD-FA813353A783}
Microsoft Base Smart Card Cryptographic Service Provider Package-->"C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook 2003 with Business Contact Manager Update-->MsiExec.exe /I{BA68600E-96D9-4E92-80F2-26B9681B5A63}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{91110409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Plus! Digital Media Edition Installer-->MsiExec.exe /X{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}
Microsoft Plus! Photo Story 2 LE-->MsiExec.exe /X{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server Desktop Engine (MICROSOFTSMLBIZ)-->MsiExec.exe /X{E09B48B5-E141-427A-AB0C-D3605127224A}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mixer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7E9BE6D1-680B-49B2-A2B0-CBC32D20DF04}\setup.exe" -l0x9 /remove
Modem Helper-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
Mozilla Firefox (3.0.4)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSN-->C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Musicmatch for Windows Media Player-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E93E5EF6-D361-481E-849D-F16EF5C78EBC}\setup.exe" -l0x9 remove
Musicmatch® Jukebox-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{85D3CC30-8859-481A-9654-FD9B74310BEF}\setup.exe" -l0x9 -uninst
NetWaiting-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
Pharos-->C:\PROGRA~1\Pharos\bin\Local.EXE
Pidgin-->C:\Program Files\Pidgin\pidgin-uninst.exe
PowerDVD 5.7-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
Qualxserve Service Agreement-->MsiExec.exe /X{0F756CD9-4A1E-409B-B101-601DDC4C03AA}
QuickSet-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C5074CC4-0E26-4716-A307-960272A90040}\setup.exe" -l0x9 APPDRVNT4
QuickTime-->MsiExec.exe /I{08094E03-AFE4-4853-9D31-6D0743DF5328}
RealPlayer Basic-->C:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0
RON Tool Banners4u-->C:\WINDOWS\system32\oaffltcucgnexuyqv.exe
Search Assist-->MsiExec.exe /X{DF6A589A-7A1A-430C-9FF2-A0BDB42669DC}
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB955936)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {1D94099C-2BBA-440E-BD5E-093BBDF8F028}
Security Update for Microsoft Office Excel 2007 (KB955470)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {6E8637D8-10D6-4568-AA06-E2706F31685E}
Security Update for Microsoft Office OneNote 2007 (KB950130)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {F1B2401C-B610-4BF2-AA1C-52C55827A8F4}
Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
Security Update for Microsoft Office system 2007 (KB951808)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office Word 2007 (KB950113)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9}
Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB929969)-->"C:\WINDOWS\ie7updates\KB929969\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
SigmaTel Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x9 -remove -removeonly
Sonic & Knuckles Collection Documentation-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Expert Software\Sonic & Knuckles Collection Documentation\Uninst.isu"
Sonic & Knuckles Killer !-->C:\WINDOWS\SKUNINST.EXE C:\WINDOWS\Sonic3K.INI
Sonic Audio module-->MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Sonic Data Module-->MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Sonic DLA-->MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sonic MyDVD LE-->MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
Sonic RecordNow Copy-->MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Sonic Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Sound Blaster ADVANCED MB Drivers-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{943884D4-B604-496F-B132-DFA9C63FAF6A}\setup.exe" -l0x9 /remove
Sound Blaster Audigy ADVANCED MB Demo-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AA2CA846-C6DB-4468-B291-18D4BA359656}\setup.exe" -l0x9 /remove
Sound Blaster Audigy ADVANCED MB Product Registration-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EEEF992E-270C-4B4C-8389-4B3DEEE33190}\Setup.exe" -l0x9 /remove
Sound Blaster Audigy ADVANCED MB-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{53C6D09E-EAB6-49E5-BA4C-BA7FF13830FB}\Setup.exe" -l0x9 /remove
Steam-->C:\PROGRA~1\Steam\UNWISE.EXE C:\PROGRA~1\Steam\INSTALL.LOG
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
TiVo Desktop 2.5.1-->MsiExec.exe /X{4E839090-3B68-436A-B3CF-A2A08C38DD26}
Update for Office 2007 (KB946691)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951618-v2)-->"C:\WINDOWS\$NtUninstallKB951618-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
URGE-->MsiExec.exe /I{8BBF6DFD-0AD9-43A7-9FBD-BF065E3866AF}
URL Assistant-->regsvr32 /u /s "C:\Program Files\BAE\BAE.dll"
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Warhammer 40,000: Dawn Of War - Gold Edition-->MsiExec.exe /X{83F12F73-D52E-40C0-93B1-463C311C4E17}
WebCyberCoach 3.2 Dell-->"C:\Program Files\WebCyberCoach\b_Dell\WCC_Wipe.exe" "WebCyberCoach ext\wtrb" /inf "engine.inf,RealUninstallSection,,4" /infcfg "enginecf.inf,RealUninstallSection,,4"
WIDCOMM Bluetooth Software-->MsiExec.exe /X{3F4EC965-28EF-45C3-B063-04B25D4E9679}
WildTangent Web Driver-->C:\Program Files\WildTangent\Apps\CDA\CDAUninstall.exe
Windows Defender-->MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Media Connect-->"C:\WINDOWS\$NtUninstallWMCSetup$\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 10-->MsiExec.exe /I{33BB4982-DC52-4886-A03B-F4C5C80BEE89}
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Search 4.0-->"C:\WINDOWS\$NtUninstallKB940157$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe

======Security center information======

AV: McAfee VirusScan
FW: McAfee Personal Firewall

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\ATI Technologies\ATI.ACE\;C:\Program Files\Microsoft SQL Server\80\Tools\Binn\;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\PharosSystems\OutputManagement;C:\Program Files\PharosSystems\Core
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 14 Stepping 8, GenuineIntel
"PROCESSOR_REVISION"=0e08
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"SonicCentral"=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip

-----------------EOF-----------------

Thank you!

Edited by Orange Blossom, 11 February 2013 - 02:30 AM.
Deactivate link. ~ OB


BC AdBot (Login to Remove)

 


#2 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:12:00 AM

Posted 02 December 2008 - 10:20 PM

Hello tyler987 and welcome to BC. Let's see what we can find.

Before running a new scan let's clean out the temporoary folders.

Download ATF Cleaner to your Desktop.
  • Double-click ATF-Cleaner.exe to run the program.
  • Click Select All found at the bottom of the list.
  • Click the Empty Selected button.
If you use Firefox browser, do this also:
  • Click Firefox at the top and choose Select All from the list.
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser, do this also:
  • Click Opera at the top and choose Select All from the list.
  • Close ALL Internet browsers (very important).
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

Now download OTScanIt2.exe to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt2 on your desktop.

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Open the OTScanIt2 folder and double-click on OTScanIt2.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
  • Click the Scan All Users checkbox on the toolbar.
  • In the Additional Scans area check the following two items:
    • Reg - SafeBoot Minimal
      Reg - SafeBoot Network
  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
  • Close Notepad (saving the change if necessry).
Use the Add Reply button and Attach the scan back here (do not copy/paste it as it will be too big to fit into the post). It will be located in the OTScanIt2 folder and named OTScanIt.txt.

I will review it when it comes in.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#3 tyler987

tyler987
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Las Vegas, NV
  • Local time:08:00 PM

Posted 02 December 2008 - 11:09 PM

Hello Old Timer,

Thanks you for the reply. I ran the ATF Cleaner and the OTScanIt2. Here is the log as an attachment.

Thank you so much for the help!

#4 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:12:00 AM

Posted 02 December 2008 - 11:29 PM

Hi tyler987. Let's see what we can do. Follow the steps below in order:

Step #1

Please download The Avenger by Swandog46 to your Desktop.
  • Click on Avenger.zip to open the file
  • Extract avenger.exe to your desktop
Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Drivers to delete:
TDSSserv.sys
Files to delete:
%systemroot%\system32\oaffltcucgnexuyqv.exe
c:\documents and settings\all users\application data\microsoft\network\downloader\qmgr0.dat
c:\documents and settings\all users\application data\microsoft\network\downloader\qmgr1.dat
Folders to delete:
%systemdrive%\temp
%systemroot%\system32\ai
%systemroot%\system32\dec
%systemroot%\system32\dpi19
%systemroot%\system32\jec
%systemroot%\system32\ln
%systemroot%\system32\ns5
%systemroot%\system32\oca
%systemroot%\vhlszxi

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

Now, start The Avenger program by clicking on its icon on your desktop.
  • Click in the window labeled Input Scrupt Here and paste the text copied to the clipboard into it by pressing (Ctrl+V).
  • Click the Execute button
  • Answer "Yes" twice when prompted.
The Avenger will automatically do the following:
  • It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avenger?s actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
Step #2

Start OTScanIt2. Copy/Paste the information in the codebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Kill Explorer]
[Unregister Dlls]
[Registry - Safe List]
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YN -> {c256e328-c39f-4ac7-aca5-27ed7f0bbc89} [HKLM] -> %SystemRoot%\system32\kubidima.dll [Reg Error: Value  does not exist or could not be read.]
< Internet Explorer ToolBars [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\
YN -> WebBrowser\\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" [HKLM] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
< Internet Explorer ToolBars [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\
YN -> WebBrowser\\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" [HKLM] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> "" -> []
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> "Steam" -> []
< Run [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> "vesafakepi" -> %SystemRoot%\system32\towusozo.DLL [Rundll32.exe "C:\WINDOWS\system32\towusozo.dll",s]
< Run [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> "vesafakepi" -> %SystemRoot%\system32\towusozo.DLL [Rundll32.exe "C:\WINDOWS\system32\towusozo.dll",s]
< Run [HKEY_USERS\S-1-5-21-1987986097-3446227131-2950338395-1006\] > -> HKEY_USERS\S-1-5-21-1987986097-3446227131-2950338395-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> "Steam" -> []
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\
YN -> CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] -> [Reg Error: Value  does not exist or could not be read.]
YN -> CmdMapping\\"{39FD89BF-D3F1-45b6-BB56-3582CCF489E1}" [HKLM] -> [Reg Error: Key does not exist or could not be opened.]
< Internet Explorer Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\
YN -> CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] -> [Reg Error: Value  does not exist or could not be read.]
YN -> CmdMapping\\"{39FD89BF-D3F1-45b6-BB56-3582CCF489E1}" [HKLM] -> [Reg Error: Key does not exist or could not be opened.]
< Internet Explorer Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\
YN -> CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] -> [Reg Error: Value  does not exist or could not be read.]
YN -> CmdMapping\\"{39FD89BF-D3F1-45b6-BB56-3582CCF489E1}" [HKLM] -> [Reg Error: Key does not exist or could not be opened.]
< Internet Explorer Extensions [HKEY_USERS\S-1-5-21-1987986097-3446227131-2950338395-1006\] > -> HKEY_USERS\S-1-5-21-1987986097-3446227131-2950338395-1006\Software\Microsoft\Internet Explorer\Extensions\
YN -> CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] -> [Reg Error: Value  does not exist or could not be read.]
YN -> CmdMapping\\"{39FD89BF-D3F1-45b6-BB56-3582CCF489E1}" [HKLM] -> [Reg Error: Key does not exist or could not be opened.]
< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls
YN -> ~EmptyValue -> 
< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
< Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List
YN -> "C:\Program Files\America Online 9.0\waol.exe" -> C:\Program Files\America Online 9.0\waol.exe [C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0]
YN -> "C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" -> C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe [C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL]
YN -> "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" -> C:\Program Files\Common Files\AOL\ACS\AOLDial.exe [C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL]
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List
YN -> "C:\Program Files\America Online 9.0\waol.exe" -> C:\Program Files\America Online 9.0\waol.exe [C:\Program Files\America Online 9.0\waol.exe:*:Disabled:America Online 9.0]
YN -> "C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" -> C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe [C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Disabled:AOL]
YN -> "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" -> C:\Program Files\Common Files\AOL\ACS\AOLDial.exe [C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Disabled:AOL]
YN -> "C:\Program Files\Microsoft Games\Halo Trial\halo.exe" -> C:\Program Files\Microsoft Games\Halo Trial\halo.exe [C:\Program Files\Microsoft Games\Halo Trial\halo.exe:*:Enabled:Halo]
YN -> "C:\Program Files\Microsoft Games\Halo\halo.exe" -> C:\Program Files\Microsoft Games\Halo\halo.exe [C:\Program Files\Microsoft Games\Halo\halo.exe:*:Enabled:Halo]
YN -> "C:\Program Files\Starcraft\StarCraft.exe" -> C:\Program Files\Starcraft\StarCraft.exe [C:\Program Files\Starcraft\StarCraft.exe:*:Enabled:Starcraft]
YN -> "C:\Program Files\Warcraft III\Frozen Throne.exe" -> C:\Program Files\Warcraft III\Frozen Throne.exe [C:\Program Files\Warcraft III\Frozen Throne.exe:*:Enabled:Warcraft III - The Frozen Throne]
YN -> "C:\Program Files\Warcraft III\Warcraft III.exe" -> C:\Program Files\Warcraft III\Warcraft III.exe [C:\Program Files\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III]
[Registry - Additional Scans - Safe List]
< SafeBoot-Minimal Settings > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\
YN -> TDSSserv.sys -> driver
< SafeBoot-Network Settings > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\
YN -> TDSSserv.sys -> driver
[Files/Folders - Created Within 30 Days]
NY -> 13 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp
NY -> 1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp
NY -> VHlsZXI -> %SystemRoot%\VHlsZXI
NY -> oaffltcucgnexuyqv.exe -> %SystemRoot%\System32\oaffltcucgnexuyqv.exe
NY -> oca -> %SystemRoot%\System32\oca
NY -> ns5 -> %SystemRoot%\System32\ns5
NY -> LN -> %SystemRoot%\System32\LN
NY -> jec -> %SystemRoot%\System32\jec
NY -> DEC -> %SystemRoot%\System32\DEC
NY -> AI -> %SystemRoot%\System32\AI
NY -> Temp -> %SystemDrive%\Temp
NY -> dPI19 -> %SystemRoot%\System32\dPI19
[Files/Folders - Modified Within 30 Days]
NY -> 13 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp
NY -> 1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp
NY -> qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
NY -> qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
[Empty Temp Folders]
[Start Explorer]

The fix should only take a very short time. When the fix is completed a message box will popup either telling you that it is finished, or that a reboot is needed to complete the fix. If the fix is complete, click the Ok button and Notepad will open with a log of actions taken during the fix. Post that log back here in your next reply.

If a reboot is required, click the "Yes" button to reboot the machine. After the reboot, OTScanIt2 will finish moving any files that could not be moved during the fix and NotePad will open with the final results at that time. Post that log back here in your next reply.

Step #3

Now let's run an online virus scan. Both of these require Internet Explorer. Try F-Secure first. Sometimes it doesn't play nice with other system components so if it cannot complete then try the Kaspersky scan. You only need to complete one of the two.

Run the F-Secure Online Scanner

Note: This Scanner is for Internet Explorer Only!
  • Click on Online Services and then Online Scanner
  • Accept the License Agreement.
  • Once the ActiveX installs,Click Full System Scan
  • Once the download completes,the scan will begin automatically.
  • The scan will take some time to finish,so please be patient.
  • When the scan completes, click the Automatic cleaning (recommended) button.
  • Click the Show Report button and Copy&Paste the entire report in your next reply.
If the F-Secure scan did not work then try an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be prompted to install an ActiveX component from Kaspersky, click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
      • Extended (if available otherwise Standard)
    • Scan Options:Scan Archives
      Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • The program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
  • Click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
Step #4

Run a new OTScanIt2 scan with the following options

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Open the OTScanIt2 folder and double-click on OTScanIt2.exe to start the program.
  • Just use the default settings.
  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it and close Notepad (save changes if necessary).
  • Close OTScanIt2 and locate the OTScanIt.txt file in the folder where OTScanIt2.exe is located.
  • Attach that file back here in your next reply.
Step #5

Copy/paste the following back here in your next reply:
  • The Avenger report (c:\Avenger.txt)
  • The latest OTScanIt2 fix log (look in the OTScanIt2 folder for a file with a name in the form of mmddyyyy_hhmmss.log for month, day, year, hours, minutes, and seconds that the scan was run. )
  • The online virus scan report (whichever one you ran)
Attach the following back here in your next reply:
  • The new OTScanIt2 scan log
I will review the information when it comes back in.

Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#5 tyler987

tyler987
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Las Vegas, NV
  • Local time:08:00 PM

Posted 03 December 2008 - 12:56 AM

Hi OldTimer,

I followed the directions for Step #1. I ran the Avenger program with the posted CODE and my computer rebooted. However, I think I ran into a problem. When my computer was loading Windows, it rebooted itself. The second time at the Windows loading screen, a blue screen popped up with:

STOP: c000021a {Fatal System Error}
The Session Manager Initialization system process terminated unexpectedly with a status of 0xc000003a (0x00000000 0x00000000).
The system has been shut down.

Beginning dump of physical memory
Physical memory dump complete.
Contact your system administrator or technical support group for further assistance.


I rebooted my computer again and the same thing happened. I am currently logged onto a different computer with the blue screen still showing on my personal computer. Besides this, I have not had any problems with random audio or ads since my HijackThis post.

#6 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:12:00 AM

Posted 03 December 2008 - 09:47 AM

Hi tyler987. Yeah, sometimes that can happen when the rootkit is removed. It doesn't always play nice when you mess with it lol. Let's try this: start the system and while it's booting up begin tapping the F8 key. This hsould bring you to the Boot Menu. Choose "Last known good configuration" and see if the bootup will complete. If it does, the rootkit will be back and we'll need to attack it from a different direction. If it still doesn't bootup, then we can try a repair install.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#7 tyler987

tyler987
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Las Vegas, NV
  • Local time:08:00 PM

Posted 03 December 2008 - 09:57 AM

Hi OldTimer,

Alright tried the "Last Known Good Configuration" and it's up and running again thank you! Ready for the next try.

#8 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:12:00 AM

Posted 03 December 2008 - 10:17 AM

Hi tyler987. Ok, we'll need to go at this from a different direction. Look in the root of the c: drive for a file called Avenger.txt (c:\avenger.txt). If that is there, post the contents back here.

Also, run a new scan with OTScanIt2 and attach that back here too.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#9 tyler987

tyler987
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Las Vegas, NV
  • Local time:08:00 PM

Posted 03 December 2008 - 10:35 AM

Hi OldTimer,

I could not find the Avenger.txt, but I ran a new OTScanIt2 and it is attached.

#10 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:12:00 AM

Posted 03 December 2008 - 10:56 AM

Hi tyler987. Let's just leave the rootkit be for now and remove some of the other files. The Avenger log will give us some additional information for dealing with the rootkit. Follow the steps below in order:

Step #1

Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Files to delete:
%systemroot%\system32\nofisaho
%systemroot%\system32\oaffltcucgnexuyqv.exe
c:\documents and settings\all users\application data\microsoft\network\downloader\qmgr0.dat
c:\documents and settings\all users\application data\microsoft\network\downloader\qmgr1.dat
Folders to delete:
%systemdrive%\temp
%systemroot%\system32\ai
%systemroot%\system32\dec
%systemroot%\system32\dpi19
%systemroot%\system32\jec
%systemroot%\system32\ln
%systemroot%\system32\ns5
%systemroot%\system32\oca
%systemroot%\vhlszxi

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

Now, start The Avenger program by clicking on its icon on your desktop.
  • Click in the window labeled Input Scrupt Here and paste the text copied to the clipboard into it by pressing (Ctrl+V).
  • Click the Execute button
  • Answer "Yes" twice when prompted.
The Avenger will automatically do the following:
  • It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avenger?s actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
Step #2

Start OTScanIt2. Copy/Paste the information in the codebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Kill Explorer]
[Unregister Dlls]
[Registry - Safe List]
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YN -> {c256e328-c39f-4ac7-aca5-27ed7f0bbc89} [HKLM] -> %SystemRoot%\system32\kubidima.dll [Reg Error: Value  does not exist or could not be read.]
< Internet Explorer ToolBars [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\
YN -> WebBrowser\\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" [HKLM] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
< Internet Explorer ToolBars [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\
YN -> WebBrowser\\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" [HKLM] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> "" -> []
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> "Steam" -> []
< Run [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> "vesafakepi" -> %SystemRoot%\system32\towusozo.DLL [Rundll32.exe "C:\WINDOWS\system32\towusozo.dll",s]
< Run [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> "vesafakepi" -> %SystemRoot%\system32\towusozo.DLL [Rundll32.exe "C:\WINDOWS\system32\towusozo.dll",s]
< Run [HKEY_USERS\S-1-5-21-1987986097-3446227131-2950338395-1006\] > -> HKEY_USERS\S-1-5-21-1987986097-3446227131-2950338395-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> "Steam" -> []
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\
YN -> CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] -> [Reg Error: Value  does not exist or could not be read.]
YN -> CmdMapping\\"{39FD89BF-D3F1-45b6-BB56-3582CCF489E1}" [HKLM] -> [Reg Error: Key does not exist or could not be opened.]
< Internet Explorer Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\
YN -> CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] -> [Reg Error: Value  does not exist or could not be read.]
YN -> CmdMapping\\"{39FD89BF-D3F1-45b6-BB56-3582CCF489E1}" [HKLM] -> [Reg Error: Key does not exist or could not be opened.]
< Internet Explorer Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\
YN -> CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] -> [Reg Error: Value  does not exist or could not be read.]
YN -> CmdMapping\\"{39FD89BF-D3F1-45b6-BB56-3582CCF489E1}" [HKLM] -> [Reg Error: Key does not exist or could not be opened.]
< Internet Explorer Extensions [HKEY_USERS\S-1-5-21-1987986097-3446227131-2950338395-1006\] > -> HKEY_USERS\S-1-5-21-1987986097-3446227131-2950338395-1006\Software\Microsoft\Internet Explorer\Extensions\
YN -> CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] -> [Reg Error: Value  does not exist or could not be read.]
YN -> CmdMapping\\"{39FD89BF-D3F1-45b6-BB56-3582CCF489E1}" [HKLM] -> [Reg Error: Key does not exist or could not be opened.]
< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls
YN -> ~EmptyValue -> 
< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
< Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List
YN -> "C:\Program Files\America Online 9.0\waol.exe" -> C:\Program Files\America Online 9.0\waol.exe [C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0]
YN -> "C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" -> C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe [C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL]
YN -> "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" -> C:\Program Files\Common Files\AOL\ACS\AOLDial.exe [C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL]
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List
YN -> "C:\Program Files\America Online 9.0\waol.exe" -> C:\Program Files\America Online 9.0\waol.exe [C:\Program Files\America Online 9.0\waol.exe:*:Disabled:America Online 9.0]
YN -> "C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" -> C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe [C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Disabled:AOL]
YN -> "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" -> C:\Program Files\Common Files\AOL\ACS\AOLDial.exe [C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Disabled:AOL]
YN -> "C:\Program Files\Microsoft Games\Halo Trial\halo.exe" -> C:\Program Files\Microsoft Games\Halo Trial\halo.exe [C:\Program Files\Microsoft Games\Halo Trial\halo.exe:*:Enabled:Halo]
YN -> "C:\Program Files\Microsoft Games\Halo\halo.exe" -> C:\Program Files\Microsoft Games\Halo\halo.exe [C:\Program Files\Microsoft Games\Halo\halo.exe:*:Enabled:Halo]
YN -> "C:\Program Files\Starcraft\StarCraft.exe" -> C:\Program Files\Starcraft\StarCraft.exe [C:\Program Files\Starcraft\StarCraft.exe:*:Enabled:Starcraft]
YN -> "C:\Program Files\Warcraft III\Frozen Throne.exe" -> C:\Program Files\Warcraft III\Frozen Throne.exe [C:\Program Files\Warcraft III\Frozen Throne.exe:*:Enabled:Warcraft III - The Frozen Throne]
YN -> "C:\Program Files\Warcraft III\Warcraft III.exe" -> C:\Program Files\Warcraft III\Warcraft III.exe [C:\Program Files\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III]
[Registry - Additional Scans - Safe List]
< SafeBoot-Minimal Settings > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\
YN -> TDSSserv.sys -> driver
< SafeBoot-Network Settings > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\
YN -> TDSSserv.sys -> driver
[Files/Folders - Created Within 30 Days]
NY -> 13 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp
NY -> 7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp
NY -> VHlsZXI -> %SystemRoot%\VHlsZXI
NY -> oaffltcucgnexuyqv.exe -> %SystemRoot%\System32\oaffltcucgnexuyqv.exe
NY -> oca -> %SystemRoot%\System32\oca
NY -> ns5 -> %SystemRoot%\System32\ns5
NY -> LN -> %SystemRoot%\System32\LN
NY -> jec -> %SystemRoot%\System32\jec
NY -> DEC -> %SystemRoot%\System32\DEC
NY -> AI -> %SystemRoot%\System32\AI
NY -> Temp -> %SystemDrive%\Temp
NY -> dPI19 -> %SystemRoot%\System32\dPI19
[Files/Folders - Modified Within 30 Days]
NY -> 13 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp
NY -> 7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp
NY -> qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
NY -> qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
NY -> nofisaho -> %SystemRoot%\System32\nofisaho
[Empty Temp Folders]
[Start Explorer]

The fix should only take a very short time. When the fix is completed a message box will popup either telling you that it is finished, or that a reboot is needed to complete the fix. If the fix is complete, click the Ok button and Notepad will open with a log of actions taken during the fix. Post that log back here in your next reply.

If a reboot is required, click the "Yes" button to reboot the machine. After the reboot, OTScanIt2 will finish moving any files that could not be moved during the fix and NotePad will open with the final results at that time. Post that log back here in your next reply.

Step #3

Now let's run an online virus scan. Both of these require Internet Explorer. Try F-Secure first. Sometimes it doesn't play nice with other system components so if it cannot complete then try the Kaspersky scan. You only need to complete one of the two.

Run the F-Secure Online Scanner

Note: This Scanner is for Internet Explorer Only!
  • Click on Online Services and then Online Scanner
  • Accept the License Agreement.
  • Once the ActiveX installs,Click Full System Scan
  • Once the download completes,the scan will begin automatically.
  • The scan will take some time to finish,so please be patient.
  • When the scan completes, click the Automatic cleaning (recommended) button.
  • Click the Show Report button and Copy&Paste the entire report in your next reply.
If the F-Secure scan did not work then try an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be prompted to install an ActiveX component from Kaspersky, click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
      • Extended (if available otherwise Standard)
    • Scan Options:Scan Archives
      Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • The program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
  • Click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
Step #4

Run a new OTScanIt2 scan with the following options

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Open the OTScanIt2 folder and double-click on OTScanIt2.exe to start the program.
  • Just use the default settings.
  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it and close Notepad (save changes if necessary).
  • Close OTScanIt2 and locate the OTScanIt.txt file in the folder where OTScanIt2.exe is located.
  • Attach that file back here in your next reply.
Step #5

Copy/paste the following back here in your next reply:
  • The Avenger report (c:\Avenger.txt)
  • The latest OTScanIt2 fix log (look in the OTScanIt2 folder for a file with a name in the form of mmddyyyy_hhmmss.log for month, day, year, hours, minutes, and seconds that the scan was run. )
  • The online virus scan report (whichever one you ran)
Attach the following back here in your next reply:
  • The new OTScanIt2 scan log
I will review the information when it comes back in.

Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#11 tyler987

tyler987
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Las Vegas, NV
  • Local time:08:00 PM

Posted 03 December 2008 - 12:54 PM

Hello OldTimer,

I followed Step #1 and #2 with no problems and I'm currently running the F-Secure Online Scanner. I have class until 3pm though. When I get back I'll continue with your instructions and post the results. Thank you for all the help and the quick responses!

#12 tyler987

tyler987
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Las Vegas, NV
  • Local time:08:00 PM

Posted 03 December 2008 - 08:17 PM

Ok I'm back. Here is the Avenger report, OTScanIt2 fix log, F-Secure online virus scan, and OTScanIt2 scan log. Sorry but I posted the log for the last default OTScanIt2 scan because it was too big of an attachment. The max single upload size is 124.84k, while the OTScanIt2 scan log is172k. It also says "Attachment space used 387.16k of 512k" with (0) attachments for some reason.


Avenger report

Logfile of The Avenger Version 2.0, © by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File "C:\WINDOWS\system32\nofisaho" deleted successfully.
File "C:\WINDOWS\system32\oaffltcucgnexuyqv.exe" deleted successfully.
File "c:\documents and settings\all users\application data\microsoft\network\downloader\qmgr0.dat" deleted successfully.
File "c:\documents and settings\all users\application data\microsoft\network\downloader\qmgr1.dat" deleted successfully.
Folder "C:\temp" deleted successfully.
Folder "C:\WINDOWS\system32\ai" deleted successfully.
Folder "C:\WINDOWS\system32\dec" deleted successfully.
Folder "C:\WINDOWS\system32\dpi19" deleted successfully.
Folder "C:\WINDOWS\system32\jec" deleted successfully.
Folder "C:\WINDOWS\system32\ln" deleted successfully.
Folder "C:\WINDOWS\system32\ns5" deleted successfully.
Folder "C:\WINDOWS\system32\oca" deleted successfully.
Folder "C:\WINDOWS\vhlszxi" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.


OTScanIt2 fix log

Process Explorer.EXE killed successfully!
[Registry - Safe List]
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c256e328-c39f-4ac7-aca5-27ed7f0bbc89}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c256e328-c39f-4ac7-aca5-27ed7f0bbc89}\ deleted successfully.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Steam deleted successfully.
Registry value HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\vesafakepi deleted successfully.
Registry value HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\vesafakepi deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1987986097-3446227131-2950338395-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Steam not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{39FD89BF-D3F1-45b6-BB56-3582CCF489E1} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{39FD89BF-D3F1-45b6-BB56-3582CCF489E1}\ not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{39FD89BF-D3F1-45b6-BB56-3582CCF489E1} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{39FD89BF-D3F1-45b6-BB56-3582CCF489E1}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{39FD89BF-D3F1-45b6-BB56-3582CCF489E1} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{39FD89BF-D3F1-45b6-BB56-3582CCF489E1}\ not found.
Registry value HKEY_USERS\S-1-5-21-1987986097-3446227131-2950338395-1006\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ not found.
Registry value HKEY_USERS\S-1-5-21-1987986097-3446227131-2950338395-1006\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{39FD89BF-D3F1-45b6-BB56-3582CCF489E1} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{39FD89BF-D3F1-45b6-BB56-3582CCF489E1}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:~EmptyValue deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\America Online 9.0\waol.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\ACS\AOLDial.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\America Online 9.0\waol.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\ACS\AOLDial.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft Games\Halo Trial\halo.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft Games\Halo\halo.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Starcraft\StarCraft.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Warcraft III\Frozen Throne.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Warcraft III\Warcraft III.exe deleted successfully.
[Registry - Additional Scans - Safe List]
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TDSSserv.sys\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TDSSserv.sys\ deleted successfully.
[Files/Folders - Created Within 30 Days]
File C:\WINDOWS\VHlsZXI not found!
File C:\WINDOWS\System32\oaffltcucgnexuyqv.exe not found!
File C:\WINDOWS\System32\oca not found!
File C:\WINDOWS\System32\ns5 not found!
File C:\WINDOWS\System32\LN not found!
File C:\WINDOWS\System32\jec not found!
File C:\WINDOWS\System32\DEC not found!
File C:\WINDOWS\System32\AI not found!
File C:\Temp not found!
File C:\WINDOWS\System32\dPI19 not found!
[Files/Folders - Modified Within 30 Days]
File move failed. C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat scheduled to be moved on reboot.
File C:\WINDOWS\System32\nofisaho not found!
[Empty Temp Folders]
File delete failed. C:\Documents and Settings\Tyler\Local Settings\Temp\clclean.0001.dir.0000\~df394b.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Tyler\Local Settings\Temp\clclean.0001.dir.0000\~efe2.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Tyler\Local Settings\Temp\clclean.0001 scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Tyler\Local Settings\Temp\etilqs_4xBxkYUUVbvz6tdkjf51 scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\mcafee_CLZZm1vUIucTyGH scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\mcafee_inzl1OnsSgMfVb1 scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\mcmsc_2gu1T6v2uuMnSfM scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\mcmsc_CGh7T1sTpfrqbo7 scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\mcmsc_FyaljjjOww3yDcV scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\mcmsc_wkvXEaTNkSWf26m scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_4e0.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_e74.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\sqlite_54QjS1GFR2dOcTp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\sqlite_brTZjDpjpjbkUyt scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\sqlite_eY9pgL99u62Pngs scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\sqlite_gAVncwxsOpDUug7 scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\sqlite_SnSU68XOps59heg scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\TMP000000644A8D117EE67C9603 scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\WFV9.tmp scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\Tyler\Local Settings\Application Data\Mozilla\Firefox\Profiles\f9ji3gpu.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Tyler\Local Settings\Application Data\Mozilla\Firefox\Profiles\f9ji3gpu.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Tyler\Local Settings\Application Data\Mozilla\Firefox\Profiles\f9ji3gpu.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Tyler\Local Settings\Application Data\Mozilla\Firefox\Profiles\f9ji3gpu.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Tyler\Local Settings\Application Data\Mozilla\Firefox\Profiles\f9ji3gpu.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Tyler\Local Settings\Application Data\Mozilla\Firefox\Profiles\f9ji3gpu.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
RecycleBin -> emptied.
Explorer started successfully
< End of fix log >
OTScanIt2 by OldTimer - Version 1.0.2.1 fix logfile created on 12032008_082459

Files moved on Reboot...
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat moved successfully.
File C:\Documents and Settings\Tyler\Local Settings\Temp\clclean.0001.dir.0000\~df394b.tmp not found!
File C:\Documents and Settings\Tyler\Local Settings\Temp\clclean.0001.dir.0000\~efe2.tmp not found!
C:\Documents and Settings\Tyler\Local Settings\Temp\clclean.0001 moved successfully.
File C:\Documents and Settings\Tyler\Local Settings\Temp\etilqs_4xBxkYUUVbvz6tdkjf51 not found!
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat moved successfully.
File C:\WINDOWS\temp\mcafee_CLZZm1vUIucTyGH not found!
File C:\WINDOWS\temp\mcafee_inzl1OnsSgMfVb1 not found!
File C:\WINDOWS\temp\mcmsc_2gu1T6v2uuMnSfM not found!
File C:\WINDOWS\temp\mcmsc_CGh7T1sTpfrqbo7 not found!
File C:\WINDOWS\temp\mcmsc_FyaljjjOww3yDcV not found!
File C:\WINDOWS\temp\mcmsc_wkvXEaTNkSWf26m not found!
File C:\WINDOWS\temp\Perflib_Perfdata_4e0.dat not found!
File C:\WINDOWS\temp\Perflib_Perfdata_e74.dat not found!
C:\WINDOWS\temp\sqlite_54QjS1GFR2dOcTp moved successfully.
C:\WINDOWS\temp\sqlite_brTZjDpjpjbkUyt moved successfully.
C:\WINDOWS\temp\sqlite_eY9pgL99u62Pngs moved successfully.
C:\WINDOWS\temp\sqlite_gAVncwxsOpDUug7 moved successfully.
C:\WINDOWS\temp\sqlite_SnSU68XOps59heg moved successfully.
File C:\WINDOWS\temp\TMP000000644A8D117EE67C9603 not found!
File C:\WINDOWS\temp\WFV9.tmp not found!
C:\Documents and Settings\Tyler\Local Settings\Application Data\Mozilla\Firefox\Profiles\f9ji3gpu.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\Tyler\Local Settings\Application Data\Mozilla\Firefox\Profiles\f9ji3gpu.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\Tyler\Local Settings\Application Data\Mozilla\Firefox\Profiles\f9ji3gpu.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\Tyler\Local Settings\Application Data\Mozilla\Firefox\Profiles\f9ji3gpu.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\Tyler\Local Settings\Application Data\Mozilla\Firefox\Profiles\f9ji3gpu.default\urlclassifier3.sqlite moved successfully.
C:\Documents and Settings\Tyler\Local Settings\Application Data\Mozilla\Firefox\Profiles\f9ji3gpu.default\XUL.mfl moved successfully.

Registry entries deleted on Reboot...



F-Secure Online Virus Scan report

Scanning Report
Wednesday, December 03, 2008 08:42:39 - 10:11:32

Computer name: TYLER3
Scanning type: Scan system for malware, rootkits
Target: C:\
Result: 0 malware found
Statistics
Scanned:

* Files: 66801
* System: 4033
* Not scanned: 22

Actions:

* Disinfected: 0
* Renamed: 0
* Deleted: 0
* None: 0
* Submitted: 0

Files not scanned:

* C:\HIBERFIL.SYS
* C:\PAGEFILE.SYS
* C:\WINDOWS\TEMP\MCAFEE_MHU3RJCVLUWRUOB
* C:\WINDOWS\TEMP\MCMSC_BQUNKHLXAB59NGD
* C:\WINDOWS\TEMP\MCMSC_HKTX2SWQ5ASHJSB
* C:\WINDOWS\TEMP\MCMSC_QJCMGTOHYDIQDEJ
* C:\WINDOWS\TEMP\MCMSC_QT5QIS2VFAZ3S6F
* C:\WINDOWS\TEMP\MCMSC_SSKGBXUFVGGMQL8
* C:\WINDOWS\TEMP\MCMSC_XQBKP4NBAHPWBED
* C:\WINDOWS\TEMP\MCMSC_Z5COKXSXSJDNZF9
* C:\WINDOWS\TEMP\SQLITE_DBMRMRVV3IM3AMN
* C:\WINDOWS\TEMP\SQLITE_EBMOWNPL4FJW5SC
* C:\WINDOWS\TEMP\SQLITE_EPZCFHOJYWIFDAP
* C:\WINDOWS\TEMP\SQLITE_GQ8UWPU9UARKVQJ
* C:\WINDOWS\TEMP\SQLITE_ORDOBEMR7O1DBKX
* C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
* C:\WINDOWS\SYSTEM32\CONFIG\SAM
* C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
* C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
* C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
* C:\DOCUMENTS AND SETTINGS\TYLER\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\WINDOWS DEFENDER\FILETRACKER\{AB766EEC-F748-4CAC-A959-FB1716BBFD99}
* C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3AD391678A806EC4D691E83AAA393B6F_50E417E0-E461-474B-96E2-077B80325612

Options
Scanning engines:

* F-Secure USS: 2.40.0
* F-Secure Blacklight: 2.4.1093
* F-Secure Hydra: 2.8.8110, 2008-12-03
* F-Secure Pegasus: 1.20.0, 2008-10-25
* F-Secure AVP: 7.0.171, 2008-12-03

Scanning options:

* Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ZIP XXX ANI AVB BAT CMD JPG LSP MAP MHT MIF PHP POT SWF WMF NWS TAR
* Use Advanced heuristics

Copyright © 1998-2007 Product support |Send virus sample to F-Secure
F-Secure assumes no responsibility for material created or published by third parties that F-Secure World Wide Web pages have a link to. Unless you have clearly stated otherwise, by submitting material to any of our servers, for example by E-mail or via our F-Secure's CGI E-mail, you agree that the material you make available may be published in the F-Secure World Wide Pages or hard-copy publications. You will reach F-Secure public web site by clicking on underlined links. While doing this, your access will be logged to our private access statistics with your domain name.This information will not be given to any third party. You agree not to take action against us in relation to material that you submit. Unless you have clearly stated otherwise, by submitting material you warrant that F-Secure may incorporate any concepts described in it in the F-Secure products/publications without liability.


OTScanIt2 scan log

OTScanIt2 logfile created on: 12/3/2008 4:59:23 PM - Run 4
OTScanIt2 by OldTimer - Version 1.0.2.1	 Folder = C:\Documents and Settings\Tyler\My Documents\PC Updates\Anti-Virus\OTScanIt2 files\OTScanIt2
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
2.00 Gb Total Physical Memory | 1.20 Gb Available Physical Memory | 60.20% Memory free
3.85 Gb Paging File | 3.12 Gb Available in Paging File | 81.02% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 87.63 Gb Total Space | 34.02 Gb Free Space | 38.82% Space Free | Partition Type: NTFS
Drive D: | 617.21 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: TYLER3
Current User Name: Tyler
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On
File Age = 30 Days
 
[Processes - Safe List]
andreavc.exe -> %ProgramFiles%\Creative\VoiceCenter\AndreaVC.exe -> [2006/01/02 06:13:52 | 01,126,400 | ---- | M] (Andrea Electronics Corporation)
ati2evxx.exe -> %SystemRoot%\system32\ati2evxx.exe -> [2006/02/15 20:33:12 | 00,405,504 | ---- | M] (ATI Technologies Inc.)
ati2evxx.exe -> %SystemRoot%\system32\ati2evxx.exe -> [2006/02/15 20:33:12 | 00,405,504 | ---- | M] (ATI Technologies Inc.)
bcmwltry.exe -> %SystemRoot%\system32\BCMWLTRY.EXE -> [2006/11/01 20:48:10 | 01,253,376 | ---- | M] (Dell Inc.)
bttray.exe -> %ProgramFiles%\WIDCOMM\Bluetooth Software\BTTray.exe -> [2006/05/24 15:28:28 | 00,622,653 | ---- | M] (Broadcom Corporation.)
btwdins.exe -> %ProgramFiles%\WIDCOMM\Bluetooth Software\bin\btwdins.exe -> [2006/05/24 15:21:28 | 00,266,295 | ---- | M] (Broadcom Corporation.)
clclean.0001 -> %UserProfile%\Local Settings\Temp\clclean.0001 -> [2008/12/03 08:28:12 | 00,059,964 | ---- | M] (Macrovision Europe Ltd.)
creativelicensing.exe -> %CommonProgramFiles%\Creative Labs Shared\Service\CreativeLicensing.exe -> [2006/08/02 10:19:13 | 00,069,632 | ---- | M] (Creative Labs)
ctdetect.exe -> %ProgramFiles%\Creative\MediaSource\Detector\CTDetect.exe -> [2004/12/02 15:23:34 | 00,102,400 | ---- | M] (Creative Technology Ltd)
ctskmstr.exe -> %ProgramFiles%\PharosSystems\Core\CTskMstr.exe -> [2005/10/11 13:59:58 | 00,294,912 | ---- | M] (Pharos Systems International)
ctsvccda.exe -> %SystemRoot%\system32\CTSVCCDA.EXE -> [1999/12/12 07:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd)
ctsvolfe.exe -> %ProgramFiles%\Creative\Mixer\CTSVolFE.exe -> [2005/02/23 14:57:24 | 00,057,344 | ---- | M] (Creative Technology Ltd)
ctsysvol.exe -> %ProgramFiles%\Creative\SBAudigy\Surround Mixer\CTSysVol.exe -> [2005/10/31 07:51:52 | 00,057,344 | ---- | M] (Creative Technology Ltd)
dlg.exe -> %ProgramFiles%\Digital Line Detect\DLG.exe -> [2003/10/28 23:06:00 | 00,024,576 | ---- | M] (BVRP Software)
dmxlauncher.exe -> %ProgramFiles%\Dell\Media Experience\DMXLauncher.exe -> [2005/01/26 22:02:00 | 00,086,016 | ---- | M] ()
dsagnt.exe -> %ProgramFiles%\DellSupport\DSAgnt.exe -> [2007/03/15 10:09:36 | 00,460,784 | ---- | M] (Gteko Ltd.)
dvdlauncher.exe -> %ProgramFiles%\CyberLink\PowerDVD\DVDLauncher.exe -> [2005/12/09 17:29:52 | 00,049,152 | ---- | M] (CyberLink Corp.)
firefox.exe -> %ProgramFiles%\Mozilla Firefox\firefox.exe -> [2008/11/15 09:45:28 | 00,307,712 | ---- | M] (Mozilla Corporation)
ipodservice.exe -> %ProgramFiles%\iPod\bin\iPodService.exe -> [2007/04/27 10:25:52 | 00,500,800 | ---- | M] (Apple Inc.)
issch.exe -> %CommonProgramFiles%\InstallShield\UpdateService\issch.exe -> [2005/06/10 07:44:02 | 00,081,920 | ---- | M] (InstallShield Software Corporation)
ituneshelper.exe -> %ProgramFiles%\iTunes\iTunesHelper.exe -> [2007/04/27 10:25:58 | 00,257,088 | ---- | M] (Apple Inc.)
jqs.exe -> %ProgramFiles%\Java\jre6\bin\jqs.exe -> [2008/11/22 22:39:15 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.)
jusched.exe -> %ProgramFiles%\Java\jre6\bin\jusched.exe -> [2008/11/22 22:39:15 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.)
khalmnpr.exe -> %CommonProgramFiles%\Logishrd\KHAL2\KHALMNPR.exe -> [2008/05/02 01:40:56 | 00,076,304 | ---- | M] (Logitech, Inc.)
lexbces.exe -> %SystemRoot%\system32\LEXBCES.EXE -> [2004/03/04 07:30:48 | 00,311,296 | ---- | M] (Lexmark International, Inc.)
lexpps.exe -> %SystemRoot%\system32\LEXPPS.EXE -> [2004/03/04 07:26:20 | 00,174,592 | ---- | M] (Lexmark International, Inc.)
logitechdesktopmessenger.exe -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe -> [2008/09/20 10:10:52 | 00,067,128 | ---- | M] (Logitech Inc.)
mcagent.exe -> %ProgramFiles%\McAfee.com\Agent\mcagent.exe -> [2007/11/01 18:12:38 | 00,582,992 | ---- | M] (McAfee, Inc.)
mcmscsvc.exe -> %ProgramFiles%\McAfee\MSC\mcmscsvc.exe -> [2008/01/09 15:50:22 | 00,767,976 | ---- | M] (McAfee, Inc.)
mcnasvc.exe -> %CommonProgramFiles%\McAfee\MNA\McNASvc.exe -> [2008/01/25 00:38:12 | 02,458,128 | ---- | M] (McAfee, Inc.)
mcproxy.exe -> %CommonProgramFiles%\McAfee\McProxy\McProxy.exe -> [2007/08/15 11:36:04 | 00,359,248 | ---- | M] (McAfee, Inc.)
mcsacore.exe -> %ProgramFiles%\McAfee\SiteAdvisor\McSACore.exe -> [2008/10/08 11:04:44 | 00,203,280 | ---- | M] ()
mcshield.exe -> %ProgramFiles%\McAfee\VirusScan\Mcshield.exe -> [2007/07/24 11:02:14 | 00,144,704 | ---- | M] (McAfee, Inc.)
mcsysmon.exe -> %ProgramFiles%\McAfee\VirusScan\mcsysmon.exe -> [2007/12/05 09:04:10 | 00,695,624 | ---- | M] (McAfee, Inc.)
mdm.exe -> %CommonProgramFiles%\Microsoft Shared\VS7DEBUG\MDM.EXE -> [2003/06/19 20:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation)
mpfsrv.exe -> %ProgramFiles%\McAfee\MPF\MpfSrv.exe -> [2007/07/18 14:54:42 | 00,856,864 | ---- | M] (McAfee, Inc.)
msascui.exe -> %ProgramFiles%\Windows Defender\MSASCui.exe -> [2006/11/03 19:20:12 | 00,866,584 | ---- | M] (Microsoft Corporation)
msksrver.exe -> %ProgramFiles%\McAfee\MSK\msksrver.exe -> [2007/11/26 09:46:14 | 00,023,880 | ---- | M] (McAfee, Inc.)
msmpeng.exe -> %ProgramFiles%\Windows Defender\MsMpEng.exe -> [2006/11/03 19:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation)
nicconfigsvc.exe -> %ProgramFiles%\Dell\QuickSet\NicConfigSvc.exe -> [2006/04/06 11:57:54 | 00,380,928 | ---- | M] (Dell Inc.)
onenotem.exe -> %ProgramFiles%\Microsoft Office\Office12\ONENOTEM.EXE -> [2007/12/07 19:44:36 | 00,101,440 | ---- | M] (Microsoft Corporation)
otscanit2.exe -> %UserProfile%\My Documents\PC Updates\Anti-Virus\OTScanIt2 files\OTScanIt2\OTScanIt2.exe -> [2008/12/02 19:54:31 | 00,477,184 | ---- | M] (OldTimer Tools)
pnkbstra.exe -> %SystemRoot%\system32\PnkBstrA.exe -> [2008/03/03 00:45:30 | 00,066,872 | ---- | M] ()
psnotify.exe -> %ProgramFiles%\Pharos\bin\PSNotify.exe -> [2005/08/23 17:20:50 | 00,405,504 | ---- | M] (Pharos Systems International)
quickset.exe -> %ProgramFiles%\Dell\QuickSet\quickset.exe -> [2006/04/06 11:58:52 | 01,032,192 | ---- | M] (Dell Inc)
rundll32.exe -> %SystemRoot%\system32\rundll32.exe -> [2008/04/13 16:12:33 | 00,033,280 | ---- | M] (Microsoft Corporation)
searchfilterhost.exe -> %SystemRoot%\system32\searchfilterhost.exe -> [2008/05/26 21:17:56 | 00,087,552 | ---- | M] (Microsoft Corporation)
searchindexer.exe -> %SystemRoot%\system32\searchindexer.exe -> [2008/05/26 21:18:44 | 00,439,808 | ---- | M] (Microsoft Corporation)
searchprotocolhost.exe -> %SystemRoot%\system32\searchprotocolhost.exe -> [2008/05/26 21:18:18 | 00,184,832 | ---- | M] (Microsoft Corporation)
setpoint.exe -> %ProgramFiles%\Logitech\SetPoint\SetPoint.exe -> [2008/05/02 01:44:08 | 00,805,392 | ---- | M] (Logitech, Inc.)
sprtcmd.exe -> %ProgramFiles%\Dell Support Center\bin\sprtcmd.exe -> [2008/08/13 17:32:40 | 00,206,064 | ---- | M] (SupportSoft, Inc.)
sprtsvc.exe -> %ProgramFiles%\Dell Support Center\bin\sprtsvc.exe -> [2008/08/13 17:32:40 | 00,201,968 | ---- | M] (SupportSoft, Inc.)
sqlmangr.exe -> %ProgramFiles%\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe -> [2005/05/03 19:07:32 | 00,081,920 | ---- | M] (Microsoft Corporation)
sqlservr.exe -> %ProgramFiles%\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe -> [2008/05/25 16:44:16 | 09,154,560 | ---- | M] (Microsoft Corporation)
stsystra.exe -> %ProgramFiles%\Sigmatel\C-Major Audio\WDM\stsystra.exe -> [2007/05/10 09:22:32 | 00,405,504 | ---- | M] (SigmaTel, Inc.)
syntpenh.exe -> %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe -> [2006/03/08 08:48:02 | 00,761,947 | ---- | M] (Synaptics, Inc.)
tfswctrl.exe -> %SystemRoot%\system32\dla\tfswctrl.exe -> [2005/05/31 04:33:00 | 00,122,941 | ---- | M] (Sonic Solutions)
tivobeacon.exe -> %CommonProgramFiles%\TiVo Shared\Beacon\TiVoBeacon.exe -> [2007/09/25 10:33:18 | 00,867,328 | ---- | M] (TiVo Inc.)
tivonotify.exe -> %ProgramFiles%\TiVo\Desktop\TiVoNotify.exe -> [2007/09/25 10:34:16 | 00,384,000 | ---- | M] (TiVo Inc.)
tivoserver.exe -> %ProgramFiles%\TiVo\Desktop\TiVoServer.exe -> [2007/09/25 10:35:44 | 01,495,040 | ---- | M] (TiVo Inc.)
tivotransfer.exe -> %CommonProgramFiles%\TiVo Shared\Transfer\TiVoTransfer.exe -> [2007/09/25 10:33:52 | 01,195,008 | ---- | M] (TiVo Inc.)
wltray.exe -> %SystemRoot%\system32\WLTRAY.EXE -> [2006/11/01 20:48:12 | 01,392,640 | ---- | M] (Dell Inc.)
wltrysvc.exe -> %SystemRoot%\system32\WLTRYSVC.EXE -> [2006/11/01 20:48:12 | 00,020,480 | ---- | M] ()
wmiprvse.exe -> %SystemRoot%\system32\wbem\wmiprvse.exe -> [2008/04/13 16:12:40 | 00,218,112 | ---- | M] (Microsoft Corporation)
wmpnetwk.exe -> %ProgramFiles%\Windows Media Player\wmpnetwk.exe -> [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation)
wmpnscfg.exe -> %ProgramFiles%\Windows Media Player\wmpnscfg.exe -> [2006/10/18 20:05:26 | 00,204,288 | ---- | M] (Microsoft Corporation)
 
[Win32 Services - Safe List]
(aspnet_state) ASP.NET State Service [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -> [2007/10/24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation)
(Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Auto | Running] -> %SystemRoot%\system32\ati2evxx.exe -> [2006/02/15 20:33:12 | 00,405,504 | ---- | M] (ATI Technologies Inc.)
(btwdins) Bluetooth Service [Win32_Own | Auto | Running] -> %ProgramFiles%\WIDCOMM\Bluetooth Software\bin\btwdins.exe -> [2006/05/24 15:21:28 | 00,266,295 | ---- | M] (Broadcom Corporation.)
(clr_optimization_v2.0.50727_32) .NET Runtime Optimization Service v2.0.50727_X86 [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -> [2007/10/24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation)
(Creative Labs Licensing Service) Creative Labs Licensing Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Creative Labs Shared\Service\CreativeLicensing.exe -> [2006/08/02 10:19:13 | 00,069,632 | ---- | M] (Creative Labs)
(Creative Service for CDROM Access) Creative Service for CDROM Access [Win32_Own | Auto | Running] -> %SystemRoot%\system32\CTSVCCDA.EXE -> [1999/12/12 07:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd)
(DSBrokerService) DSBrokerService [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\DellSupport\brkrsvc.exe -> [2007/03/07 14:47:46 | 00,076,848 | ---- | M] ()
(FontCache3.0.0.0) Windows Presentation Foundation Font Cache 3.0.0.0 [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -> [2007/10/09 12:58:12 | 00,036,864 | ---- | M] (Microsoft Corporation)
(getPlus(R) Helper) getPlus(R) Helper [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\NOS\bin\getPlus_HelperSvc.exe -> [2008/08/29 09:01:22 | 00,033,752 | ---- | M] (NOS Microsystems Ltd.)
(helpsvc) Help and Support [Win32_Shared | Auto | Running] -> %SystemRoot%\pchealth\helpctr\binaries\pchsvc.dll -> [2008/04/13 16:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation)
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> [2005/04/03 23:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation)
(idsvc) Windows CardSpace [Win32_Shared | Unknown | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -> [2007/10/11 09:55:10 | 00,864,256 | ---- | M] (Microsoft Corporation)
(iPod Service) iPod Service [Win32_Own | On_Demand | Running] -> %ProgramFiles%\iPod\bin\iPodService.exe -> [2007/04/27 10:25:52 | 00,500,800 | ---- | M] (Apple Inc.)
(JavaQuickStarterService) Java Quick Starter [Win32_Own | Auto | Running] -> %ProgramFiles%\Java\jre6\bin\jqs.exe -> [2008/11/22 22:39:15 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.)
(LBTServ) Logitech Bluetooth Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Logishrd\Bluetooth\LBTServ.exe -> [2008/05/02 01:42:06 | 00,121,360 | ---- | M] (Logitech, Inc.)
(LexBceS) LexBce Server [Win32_Own | Auto | Running] -> %SystemRoot%\system32\LEXBCES.EXE -> [2004/03/04 07:30:48 | 00,311,296 | ---- | M] (Lexmark International, Inc.)
(McAfee SiteAdvisor Service) McAfee SiteAdvisor Service [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee\SiteAdvisor\McSACore.exe -> [2008/10/08 11:04:44 | 00,203,280 | ---- | M] ()
(mcmscsvc) McAfee Services [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee\MSC\mcmscsvc.exe -> [2008/01/09 15:50:22 | 00,767,976 | ---- | M] (McAfee, Inc.)
(McNASvc) McAfee Network Agent [Win32_Own | Auto | Running] -> %CommonProgramFiles%\McAfee\MNA\McNASvc.exe -> [2008/01/25 00:38:12 | 02,458,128 | ---- | M] (McAfee, Inc.)
(McODS) McAfee Scanner [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\McAfee\VirusScan\mcods.exe -> [2007/11/07 08:35:40 | 00,378,184 | ---- | M] (McAfee, Inc.)
(McProxy) McAfee Proxy Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\McAfee\McProxy\McProxy.exe -> [2007/08/15 11:36:04 | 00,359,248 | ---- | M] (McAfee, Inc.)
(McShield) McAfee Real-time Scanner [Win32_Own | Unknown | Running] -> %ProgramFiles%\McAfee\VirusScan\Mcshield.exe -> [2007/07/24 11:02:14 | 00,144,704 | ---- | M] (McAfee, Inc.)
(McSysmon) McAfee SystemGuards [Win32_Own | On_Demand | Running] -> %ProgramFiles%\McAfee\VirusScan\mcsysmon.exe -> [2007/12/05 09:04:10 | 00,695,624 | ---- | M] (McAfee, Inc.)
(MDM) Machine Debug Manager [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Microsoft Shared\VS7DEBUG\MDM.EXE -> [2003/06/19 20:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation)
(MpfService) McAfee Personal Firewall Service [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee\MPF\MpfSrv.exe -> [2007/07/18 14:54:42 | 00,856,864 | ---- | M] (McAfee, Inc.)
(MSK80Service) McAfee SpamKiller Service [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee\MSK\msksrver.exe -> [2007/11/26 09:46:14 | 00,023,880 | ---- | M] (McAfee, Inc.)
(MSSQL$MICROSOFTSMLBIZ) MSSQL$MICROSOFTSMLBIZ [Win32_Own | Auto | Running] -> %ProgramFiles%\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe -> [2008/05/25 16:44:16 | 09,154,560 | ---- | M] (Microsoft Corporation)
(MSSQLServerADHelper) MSSQLServerADHelper [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe -> [2005/05/03 19:50:28 | 00,073,728 | ---- | M] (Microsoft Corporation)
(NetTcpPortSharing) Net.Tcp Port Sharing Service [Win32_Shared | Disabled | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -> [2007/10/11 09:55:14 | 00,122,880 | ---- | M] (Microsoft Corporation)
(NICCONFIGSVC) NICCONFIGSVC [Win32_Own | Auto | Running] -> %ProgramFiles%\Dell\QuickSet\NicConfigSvc.exe -> [2006/04/06 11:57:54 | 00,380,928 | ---- | M] (Dell Inc.)
(odserv) Microsoft Office Diagnostics Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Microsoft Shared\OFFICE12\ODSERV.EXE -> [2007/08/24 02:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation)
(ose) Office Source Engine [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Microsoft Shared\Source Engine\OSE.EXE -> [2006/10/26 13:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation)
(Pharos Systems ComTaskMaster) Pharos Systems ComTaskMaster [Win32_Own | Auto | Running] -> %ProgramFiles%\PharosSystems\Core\CTskMstr.exe -> [2005/10/11 13:59:58 | 00,294,912 | ---- | M] (Pharos Systems International)
(PnkBstrA) PnkBstrA [Win32_Own | Auto | Running] -> %SystemRoot%\system32\PnkBstrA.exe -> [2008/03/03 00:45:30 | 00,066,872 | ---- | M] ()
(sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter) [Win32_Own | Auto | Running] -> %ProgramFiles%\Dell Support Center\bin\sprtsvc.exe -> [2008/08/13 17:32:40 | 00,201,968 | ---- | M] (SupportSoft, Inc.)
(SQLAgent$MICROSOFTSMLBIZ) SQLAgent$MICROSOFTSMLBIZ [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlagent.EXE -> [2005/05/03 18:42:56 | 00,323,584 | ---- | M] (Microsoft Corporation)
(TivoBeacon2) TiVo Beacon [Win32_Shared | Auto | Running] -> %CommonProgramFiles%\TiVo Shared\Beacon\TiVoBeacon.exe -> [2007/09/25 10:33:18 | 00,867,328 | ---- | M] (TiVo Inc.)
(WinDefend) Windows Defender [Win32_Own | Auto | Running] -> %ProgramFiles%\Windows Defender\MsMpEng.exe -> [2006/11/03 19:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation)
(wltrysvc) Dell Wireless WLAN Tray Service [Win32_Own | Auto | Running] -> %SystemRoot%\system32\WLTRYSVC.EXE -> [2006/11/01 20:48:12 | 00,020,480 | ---- | M] ()
(WMPNetworkSvc) Windows Media Player Network Sharing Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Windows Media Player\wmpnetwk.exe -> [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation)
(WSearch) Windows Search [Win32_Own | Auto | Running] -> %SystemRoot%\system32\searchindexer.exe -> [2008/05/26 21:18:44 | 00,439,808 | ---- | M] (Microsoft Corporation)
(WudfSvc) Windows Driver Foundation - User-mode Driver Framework [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\WudfSvc.dll -> [2006/09/28 18:56:14 | 00,055,808 | ---- | M] (Microsoft Corporation)
 
[Driver Services - Safe List]
(AliIde) AliIde [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\aliide.sys -> [2001/08/17 10:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.)
(amdagp) AMD AGP Bus Filter Driver [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\amdagp.sys -> [2008/04/13 10:36:39 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.)
(APPDRV) APPDRV [Kernel | System | Running] -> %SystemRoot%\system32\drivers\APPDRV.SYS -> [2005/08/12 14:50:46 | 00,016,128 | ---- | M] (Dell Inc)
(asc) asc [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\asc.sys -> [2001/08/17 10:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.)
(asc3550) asc3550 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\asc3550.sys -> [2001/08/17 10:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.)
(ASCTRM) ASCTRM [Kernel | Auto | Running] -> %SystemRoot%\System32\drivers\asctrm.sys -> [2006/08/02 10:30:09 | 00,008,552 | ---- | M] (Windows (R) 2000 DDK provider)
(ati2mtag) ati2mtag [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ati2mtag.sys -> [2006/02/15 20:39:00 | 01,421,312 | ---- | M] (ATI Technologies Inc.)
(BCM43XX) Dell Wireless WLAN Card Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\BCMWL5.SYS -> [2006/10/12 23:28:42 | 00,604,928 | ---- | M] (Broadcom Corporation)
(bcm4sbxp) Broadcom 440x 10/100 Integrated Controller XP Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\bcm4sbxp.sys -> [2005/08/05 06:32:16 | 00,045,312 | ---- | M] (Broadcom Corporation)
(btaudio) Bluetooth Audio Device [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\btaudio.sys -> [2006/05/24 15:07:18 | 00,328,237 | ---- | M] (Broadcom Corporation.)
(BTDriver) Bluetooth Virtual Communications Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\btport.sys -> [2006/05/24 15:01:34 | 00,030,427 | ---- | M] (Broadcom Corporation.)
(BTKRNL) Bluetooth Bus Enumerator [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\btkrnl.sys -> [2006/05/24 15:04:04 | 00,851,434 | ---- | M] (Broadcom Corporation.)
(BTSERIAL) Bluetooth Serial Driver [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\btserial.sys -> [2006/05/24 15:05:26 | 00,023,271 | ---- | M] (Broadcom Corporation.)
(BTWDNDIS) Bluetooth LAN Access Server [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\btwdndis.sys -> [2006/05/24 14:58:18 | 00,148,900 | ---- | M] (Broadcom Corporation.)
(btwhid) btwhid [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\btwhid.sys -> [2006/05/24 14:57:00 | 00,045,683 | ---- | M] (Broadcom Corporation.)
(btwmodem) Bluetooth Modem [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\btwmodem.sys -> [2006/05/24 15:01:22 | 00,030,285 | ---- | M] (Broadcom Corporation.)
(BTWUSB) WIDCOMM USB Bluetooth Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\btwusb.sys -> [2006/05/24 15:00:50 | 00,066,488 | ---- | M] (Broadcom Corporation.)
(BVRPMPR5) BVRPMPR5 NDIS Protocol Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\BVRPMPR5.SYS -> [2006/03/15 14:15:06 | 00,044,224 | R--- | M] (BVRP Software)
(CmdIde) CmdIde [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\cmdide.sys -> [2001/08/17 10:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.)
(ctsfm2k) Creative SoundFont Management Device Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ctsfm2k.sys -> [2005/12/08 02:54:44 | 00,142,336 | ---- | M] (Creative Technology Ltd)
(CTUSFSYN) Creative SoundFont Synthesizer [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ctusfsyn.sys -> [2006/08/07 10:30:52 | 00,162,176 | ---- | M] (Creative Technology Ltd.)
(dac2w2k) dac2w2k [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dac2w2k.sys -> [2001/08/17 10:52:16 | 00,179,584 | ---- | M] (Mylex Corporation)
(drvmcdb) drvmcdb [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\drvmcdb.sys -> [2005/04/22 02:22:00 | 00,088,352 | ---- | M] (Sonic Solutions)
(drvnddm) drvnddm [File_System | Auto | Running] -> %SystemRoot%\system32\drivers\drvnddm.sys -> [2005/04/21 01:56:00 | 00,040,544 | ---- | M] (Sonic Solutions)
(DSproct) DSproct [Kernel | On_Demand | Running] -> %ProgramFiles%\DellSupport\GTAction\triggers\DSproct.sys -> [2006/10/05 15:07:28 | 00,004,736 | ---- | M] (Gteko Ltd.)
(dsunidrv) DellSupport UniDriver [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\dsunidrv.sys -> [2007/02/25 11:10:48 | 00,005,376 | --S- | M] (Gteko Ltd.)
(E100B) Intel(R) PRO Adapter Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\e100b325.sys -> [2001/08/17 09:12:10 | 00,117,760 | ---- | M] (Intel Corporation)
(GEARAspiWDM) GEARAspiWDM [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\GEARAspiWDM.sys -> [2006/09/19 15:44:04 | 00,015,664 | ---- | M] (GEAR Software Inc.)
(genmcmnUSB) USB Scroll Mouse Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\gflmouhid.sys -> [2004/04/19 14:01:00 | 00,006,656 | ---- | M] ()
(HDAudBus) Microsoft UAA Bus Driver for High Definition Audio [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\hdaudbus.sys -> [2008/04/13 08:36:05 | 00,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider)
(HSF_DPV) HSF_DPV [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\HSX_DPV.sys -> [2005/11/30 21:40:56 | 00,936,960 | ---- | M] (Conexant Systems, Inc.)
(HSXHWAZL) HSXHWAZL [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\HSXHWAZL.sys -> [2005/11/30 21:40:12 | 00,192,512 | ---- | M] (Conexant Systems, Inc.)
(kbdhid) Keyboard HID Driver [Kernel | System | Stopped] -> %SystemRoot%\system32\drivers\kbdhid.sys -> [2008/04/13 10:39:48 | 00,014,592 | ---- | M] (Microsoft Corporation)
(LHidFilt) Logitech SetPoint KMDF HID Filter Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\LHidFilt.Sys -> [2008/02/29 02:13:16 | 00,035,344 | ---- | M] (Logitech, Inc.)
(LMouFilt) Logitech SetPoint KMDF Mouse Filter Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\LMouFilt.Sys -> [2008/02/29 02:13:24 | 00,036,880 | ---- | M] (Logitech, Inc.)
(mdmxsdk) mdmxsdk [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\mdmxsdk.sys -> [2005/10/04 18:57:08 | 00,012,544 | ---- | M] (Conexant)
(mfeavfk) McAfee Inc. mfeavfk [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\mfeavfk.sys -> [2007/11/22 05:44:08 | 00,079,304 | ---- | M] (McAfee, Inc.)
(mfebopk) McAfee Inc. mfebopk [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\mfebopk.sys -> [2007/11/22 05:44:08 | 00,035,240 | ---- | M] (McAfee, Inc.)
(mfehidk) McAfee Inc. mfehidk [Kernel | System | Running] -> %SystemRoot%\system32\drivers\mfehidk.sys -> [2007/11/22 05:44:08 | 00,201,320 | ---- | M] (McAfee, Inc.)
(mferkdk) McAfee Inc. mferkdk [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\mferkdk.sys -> [2007/11/22 05:44:04 | 00,033,832 | ---- | M] (McAfee, Inc.)
(mfesmfk) McAfee Inc. mfesmfk [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\mfesmfk.sys -> [2007/12/02 11:51:42 | 00,040,488 | ---- | M] (McAfee, Inc.)
(monfilt) monfilt [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\monfilt.sys -> [2006/01/04 14:41:48 | 01,389,056 | ---- | M] (Creative Technology Ltd.)
(MPFP) MPFP [Kernel | System | Running] -> %SystemRoot%\system32\drivers\Mpfp.sys -> [2007/07/13 05:20:24 | 00,113,952 | ---- | M] (McAfee, Inc.)
(mraid35x) mraid35x [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\mraid35x.sys -> [2001/08/17 10:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.)
(nv) nv [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\nv4_mini.sys -> [2004/08/03 19:29:56 | 01,897,408 | ---- | M] (NVIDIA Corporation)
(omci) OMCI WDM Device Driver [Kernel | System | Running] -> %SystemRoot%\system32\drivers\omci.sys -> [2004/02/13 06:46:00 | 00,017,153 | ---- | M] (Dell Inc)
(ossrv) Creative OS Services Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ctoss2k.sys -> [2005/12/08 02:54:52 | 00,114,688 | ---- | M] (Creative Technology Ltd.)
(PfModNT) PfModNT [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\PfModNT.sys -> [2004/10/19 06:07:22 | 00,009,728 | ---- | M] (Creative Technology Ltd.)
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ptilink.sys -> [2004/08/04 02:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.)
(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\pxhelp20.sys -> [2005/04/25 01:03:00 | 00,020,640 | ---- | M] (Sonic Solutions)
(ql1080) ql1080 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\ql1080.sys -> [2001/08/17 10:52:20 | 00,040,320 | ---- | M] (QLogic Corporation)
(ql12160) ql12160 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\ql12160.sys -> [2001/08/17 10:52:20 | 00,045,312 | ---- | M] (QLogic Corporation)
(ql1280) ql1280 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\ql1280.sys -> [2001/08/17 10:52:18 | 00,049,024 | ---- | M] (QLogic Corporation)
(rimmptsk) rimmptsk [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\rimmptsk.sys -> [2005/07/14 13:58:14 | 00,028,544 | ---- | M] (REDC)
(rimsptsk) rimsptsk [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\rimsptsk.sys -> [2005/07/12 14:00:30 | 00,051,328 | ---- | M] (REDC)
(rismxdp) Ricoh xD-Picture Card Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\rixdptsk.sys -> [2005/07/14 12:28:38 | 00,307,968 | ---- | M] (REDC)
(sdbus) sdbus [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\sdbus.sys -> [2008/04/13 10:36:44 | 00,079,232 | ---- | M] (Microsoft Corporation)
(Secdrv) Secdrv [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\secdrv.sys -> [2007/11/13 02:25:53 | 00,020,480 | R--- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
(sffdisk) SFF Storage Class Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\sffdisk.sys -> [2008/04/13 10:40:47 | 00,011,904 | ---- | M] (Microsoft Corporation)
(sffp_sd) SFF Storage Protocol Driver for SDBus [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\sffp_sd.sys -> [2008/04/13 10:40:47 | 00,011,008 | ---- | M] (Microsoft Corporation)
(sisagp) SIS AGP Bus Filter [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\sisagp.sys -> [2008/04/13 10:36:39 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation)
(Sparrow) Sparrow [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\sparrow.sys -> [2001/08/17 11:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.)
(sscdbhk5) sscdbhk5 [File_System | System | Running] -> %SystemRoot%\system32\drivers\sscdbhk5.sys -> [2005/05/13 09:37:28 | 00,005,627 | ---- | M] (Sonic Solutions)
(ssrtln) ssrtln [File_System | System | Running] -> %SystemRoot%\system32\drivers\ssrtln.sys -> [2005/05/13 09:37:20 | 00,023,545 | ---- | M] (Sonic Solutions)
(STHDA) SigmaTel High Definition Audio CODEC [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\sthda.sys -> [2007/05/10 09:24:34 | 01,222,840 | ---- | M] (SigmaTel, Inc.)
(symc810) symc810 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\symc810.sys -> [2001/08/17 11:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.)
(symc8xx) symc8xx [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\symc8xx.sys -> [2001/08/17 11:07:36 | 00,032,640 | ---- | M] (LSI Logic)
(sym_hi) sym_hi [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\sym_hi.sys -> [2001/08/17 11:07:40 | 00,028,384 | ---- | M] (LSI Logic)
(sym_u3) sym_u3 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\sym_u3.sys -> [2001/08/17 11:07:42 | 00,030,688 | ---- | M] (LSI Logic)
(SynTP) Synaptics TouchPad Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\SynTP.sys -> [2006/03/08 08:35:10 | 00,191,872 | ---- | M] (Synaptics, Inc.)
(tfsnboio) tfsnboio [File_System | Auto | Running] -> %SystemRoot%\system32\dla\tfsnboio.sys -> [2005/05/31 04:33:00 | 00,025,725 | ---- | M] (Sonic Solutions)
(tfsncofs) tfsncofs [File_System | Auto | Running] -> %SystemRoot%\system32\dla\tfsncofs.sys -> [2005/05/31 04:33:00 | 00,034,845 | ---- | M] (Sonic Solutions)
(tfsndrct) tfsndrct [File_System | Auto | Running] -> %SystemRoot%\system32\dla\tfsndrct.sys -> [2005/05/31 04:33:00 | 00,004,125 | ---- | M] (Sonic Solutions)
(tfsndres) tfsndres [File_System | Auto | Running] -> %SystemRoot%\system32\dla\tfsndres.sys -> [2005/05/31 04:33:00 | 00,002,241 | ---- | M] (Sonic Solutions)
(tfsnifs) tfsnifs [File_System | Auto | Running] -> %SystemRoot%\system32\dla\tfsnifs.sys -> [2005/05/31 04:33:00 | 00,086,876 | ---- | M] (Sonic Solutions)
(tfsnopio) tfsnopio [File_System | Auto | Running] -> %SystemRoot%\system32\dla\tfsnopio.sys -> [2005/05/31 04:33:00 | 00,015,069 | ---- | M] (Sonic Solutions)
(tfsnpool) tfsnpool [File_System | Auto | Running] -> %SystemRoot%\system32\dla\tfsnpool.sys -> [2005/05/31 04:33:00 | 00,006,365 | ---- | M] (Sonic Solutions)
(tfsnudf) tfsnudf [File_System | Auto | Running] -> %SystemRoot%\system32\dla\tfsnudf.sys -> [2005/05/31 04:33:00 | 00,098,716 | ---- | M] (Sonic Solutions)
(tfsnudfa) tfsnudfa [File_System | Auto | Running] -> %SystemRoot%\system32\dla\tfsnudfa.sys -> [2005/05/31 04:33:00 | 00,100,605 | ---- | M] (Sonic Solutions)
(ultra) ultra [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\ultra.sys -> [2001/08/17 10:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.)
(Wdf01000) Wdf01000 [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\wdf01000.sys -> [2006/11/02 06:22:54 | 00,492,000 | ---- | M] (Microsoft Corporation)
(winachsf) winachsf [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\HSX_CNXT.sys -> [2005/11/30 21:40:08 | 00,669,696 | ---- | M] (Conexant Systems, Inc.)
(WmiAcpi) Microsoft Windows Management Interface for ACPI [Kernel | System | Running] -> %SystemRoot%\system32\drivers\wmiacpi.sys -> [2008/04/13 10:36:38 | 00,008,832 | ---- | M] (Microsoft Corporation)
(WS2IFSL) Windows Socket 2.0 Non-IFS Service Provider Support Environment [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\ws2ifsl.sys -> [2004/08/04 02:00:00 | 00,012,032 | ---- | M] (Microsoft Corporation)
 
[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://go.microsoft.com/fwlink/?LinkId=69157 -> 
HKEY_LOCAL_MACHINE\: Main\\"Default_Search_URL" -> http://www.google.com/ie -> 
HKEY_LOCAL_MACHINE\: Main\\"Default_Secondary_Page_URL" ->  -> 
HKEY_LOCAL_MACHINE\: Main\\"Extensions Off Page" -> about:NoAdd-ons -> 
HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> %SystemRoot%\system32\blank.htm -> 
HKEY_LOCAL_MACHINE\: Main\\"Search Page" -> http://www.google.com -> 
HKEY_LOCAL_MACHINE\: Main\\"Security Risk Page" -> about:SecurityRisk -> 
HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://www.google.com -> 
HKEY_LOCAL_MACHINE\: Search\\"CustomizeSearch" -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> 
HKEY_LOCAL_MACHINE\: Search\\"Default_Page_URL" -> www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us -> 
HKEY_LOCAL_MACHINE\: Search\\"SearchAssistant" -> http://www.google.com -> 
HKEY_LOCAL_MACHINE\: Search\\"Start Page" -> www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us -> 
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 
HKEY_CURRENT_USER\: Main\\"Default_Page_URL" -> www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us -> 
HKEY_CURRENT_USER\: Main\\"Local Page" -> C:\WINDOWS\system32\blank.htm -> 
HKEY_CURRENT_USER\: Main\\"Page_Transitions" ->  -> 
HKEY_CURRENT_USER\: Main\\"Search Page" -> http://www.google.com -> 
HKEY_CURRENT_USER\: Main\\"Start Page" -> http://www.google.com/ig/dell -> 
HKEY_CURRENT_USER\: Search\\"SearchAssistant" -> http://www.google.com -> 
HKEY_CURRENT_USER\: "ProxyEnable" -> 0 -> 
< FireFox Settings [Default Profile] > -> C:\Documents and Settings\Tyler\Application Data\Mozilla\FireFox\Profiles\f9ji3gpu.default\prefs.js -> 
browser.search.selectedEngine -> "Google" ->
browser.startup.homepage_override.mstone -> "rv:1.9.0.4" ->
extensions.enabledItems -> {CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}:1.5.2.29 ->
extensions.enabledItems -> {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}:6.0.01 ->
extensions.enabledItems -> {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}:6.0.02 ->
extensions.enabledItems -> {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}:6.0.03 ->
extensions.enabledItems -> {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}:6.0.05 ->
extensions.enabledItems -> {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07 ->
extensions.enabledItems -> {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}:6.0.10 ->
extensions.enabledItems -> jqs@sun.com:1.0 ->
extensions.enabledItems -> {B7082FAA-CB62-4872-9106-E42DD88EDE45}:2.8 ->
extensions.enabledItems -> {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.4 ->
< HOSTS File > (734 bytes and 19 lines) -> C:\WINDOWS\System32\drivers\etc\Hosts -> 
127.0.0.1	   localhost
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre6\bin\ssv.dll [Java(tm) Plug-In SSV Helper] -> [2008/11/22 22:39:17 | 00,320,920 | ---- | M] (Sun Microsystems, Inc.)
{B164E929-A1B6-4A06-B104-2CD0E90A88FF} [HKLM] -> %ProgramFiles%\McAfee\SiteAdvisor\McIEPlg.dll [McAfee SiteAdvisor BHO] -> [2008/09/30 12:05:24 | 00,145,424 | ---- | M] ()
{DBC80044-A445-435b-BC74-9C25C1C588A9} [HKLM] -> %ProgramFiles%\Java\jre6\bin\jp2ssv.dll [Java(tm) Plug-In 2 SSV Helper] -> [2008/11/22 22:39:15 | 00,034,816 | ---- | M] (Sun Microsystems, Inc.)
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} [HKLM] -> %ProgramFiles%\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [JQSIEStartDetectorImpl Class] -> [2008/11/22 22:39:18 | 00,073,728 | ---- | M] (Sun Microsystems, Inc.)
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
"{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}" [HKLM] -> %ProgramFiles%\McAfee\SiteAdvisor\McIEPlg.dll [McAfee SiteAdvisor Toolbar] -> [2008/09/30 12:05:24 | 00,145,424 | ---- | M] ()
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"ATICCC" -> %ProgramFiles%\ATI Technologies\ATI.ACE\CLI.exe ["C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay] -> [2005/08/12 11:43:58 | 00,045,056 | ---- | M] (ATI Technologies Inc.)
"Broadcom Wireless Manager UI" -> %SystemRoot%\system32\WLTRAY.EXE [C:\WINDOWS\system32\WLTRAY.exe] -> [2006/11/01 20:48:12 | 01,392,640 | ---- | M] (Dell Inc.)
"CTSVolFE.exe" -> %ProgramFiles%\Creative\Mixer\CTSVolFE.exe ["C:\Program Files\Creative\Mixer\CTSVolFE.exe" /r] -> [2005/02/23 14:57:24 | 00,057,344 | ---- | M] (Creative Technology Ltd)
"CTSysVol" -> %ProgramFiles%\Creative\SBAudigy\Surround Mixer\CTSysVol.exe [C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r] -> [2005/10/31 07:51:52 | 00,057,344 | ---- | M] (Creative Technology Ltd)
"Dell QuickSet" -> %ProgramFiles%\Dell\QuickSet\quickset.exe [C:\Program Files\Dell\QuickSet\quickset.exe] -> [2006/04/06 11:58:52 | 01,032,192 | ---- | M] (Dell Inc)
"DellSupportCenter" -> %ProgramFiles%\Dell Support Center\bin\sprtcmd.exe ["C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter] -> [2008/08/13 17:32:40 | 00,206,064 | ---- | M] (SupportSoft, Inc.)
"dla" -> %SystemRoot%\system32\dla\tfswctrl.exe [C:\WINDOWS\system32\dla\tfswctrl.exe] -> [2005/05/31 04:33:00 | 00,122,941 | ---- | M] (Sonic Solutions)
"DMXLauncher" -> %ProgramFiles%\Dell\Media Experience\DMXLauncher.exe [C:\Program Files\Dell\Media Experience\DMXLauncher.exe] -> [2005/01/26 22:02:00 | 00,086,016 | ---- | M] ()
"dscactivate" -> %ProgramFiles%\Dell Support Center\gs_agent\custom\dsca.exe ["C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"] -> [2007/11/15 09:24:00 | 00,016,384 | ---- | M] ( )
"DVDLauncher" -> %ProgramFiles%\CyberLink\PowerDVD\DVDLauncher.exe ["C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"] -> [2005/12/09 17:29:52 | 00,049,152 | ---- | M] (CyberLink Corp.)
"ISUSPM Startup" -> %CommonProgramFiles%\InstallShield\UpdateService\ISUSPM.exe ["C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup] -> [2005/06/10 07:44:02 | 00,249,856 | ---- | M] (InstallShield Software Corporation)
"ISUSScheduler" -> %CommonProgramFiles%\InstallShield\UpdateService\issch.exe ["C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start] -> [2005/06/10 07:44:02 | 00,081,920 | ---- | M] (InstallShield Software Corporation)
"iTunesHelper" -> %ProgramFiles%\iTunes\iTunesHelper.exe ["C:\Program Files\iTunes\iTunesHelper.exe"] -> [2007/04/27 10:25:58 | 00,257,088 | ---- | M] (Apple Inc.)
"Kernel and Hardware Abstraction Layer" -> %SystemRoot%\KHALMNPR.Exe [KHALMNPR.EXE] -> [2008/02/29 02:12:38 | 00,076,304 | ---- | M] (Logitech, Inc.)
"KernelFaultCheck" ->  [%systemroot%\system32\dumprep 0 -k] -> File not found
"MBMon" -> %SystemRoot%\system32\CTMBHA.DLL [Rundll32 CTMBHA.DLL,MBMon] -> [2006/03/03 00:18:08 | 01,355,938 | ---- | M] ()
"mcagent_exe" -> %ProgramFiles%\McAfee.com\Agent\mcagent.exe [C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey] -> [2007/11/01 18:12:38 | 00,582,992 | ---- | M] (McAfee, Inc.)
"QuickTime Task" -> %ProgramFiles%\QuickTime\qttask.exe ["C:\Program Files\QuickTime\qttask.exe" -atboottime] -> [2007/04/27 08:41:54 | 00,282,624 | ---- | M] (Apple Inc.)
"SigmatelSysTrayApp" -> %ProgramFiles%\Sigmatel\C-Major Audio\WDM\stsystra.exe [%ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe] -> [2007/05/10 09:22:32 | 00,405,504 | ---- | M] (SigmaTel, Inc.)
"SunJavaUpdateSched" -> %ProgramFiles%\Java\jre6\bin\jusched.exe ["C:\Program Files\Java\jre6\bin\jusched.exe"] -> [2008/11/22 22:39:15 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.)
"SynTPEnh" -> %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [C:\Program Files\Synaptics\SynTP\SynTPEnh.exe] -> [2006/03/08 08:48:02 | 00,761,947 | ---- | M] (Synaptics, Inc.)
"UpdReg" -> %SystemRoot%\Updreg.EXE [C:\WINDOWS\UpdReg.EXE] -> [2000/05/10 22:00:00 | 00,090,112 | ---- | M] (Creative Technology Ltd.)
"VoiceCenter" -> %ProgramFiles%\Creative\VoiceCenter\AndreaVC.exe ["C:\Program Files\Creative\VoiceCenter\AndreaVC.exe" /tray] -> [2006/01/02 06:13:52 | 01,126,400 | ---- | M] (Andrea Electronics Corporation)
"Windows Defender" -> %ProgramFiles%\Windows Defender\MSASCui.exe ["C:\Program Files\Windows Defender\MSASCui.exe" -hide] -> [2006/11/03 19:20:12 | 00,866,584 | ---- | M] (Microsoft Corporation)
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"Creative Detector" -> %ProgramFiles%\Creative\MediaSource\Detector\CTDetect.exe ["C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R] -> [2004/12/02 15:23:34 | 00,102,400 | ---- | M] (Creative Technology Ltd)
"DellSupport" ->  ["C:\Program Files\DellSupport\DSAgnt.exe" /startup] -> File not found
"DellSupportCenter" -> %ProgramFiles%\Dell Support Center\bin\sprtcmd.exe ["C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter] -> [2008/08/13 17:32:40 | 00,206,064 | ---- | M] (SupportSoft, Inc.)
"ModemOnHold" -> %ProgramFiles%\NetWaiting\netwaiting.exe [C:\Program Files\NetWaiting\netWaiting.exe] -> [2003/09/09 23:24:00 | 00,020,480 | ---- | M] ()
"MSMSGS" -> %ProgramFiles%\Messenger\msmsgs.exe ["C:\Program Files\Messenger\msmsgs.exe" /background] -> [2008/04/13 16:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
"SetDefaultMIDI" -> %SystemRoot%\MIDIDEF.EXE [MIDIDef.exe] -> [2004/12/22 01:40:02 | 00,024,576 | ---- | M] (Creative Technology Ltd)
"TivoNotify" ->  ["C:\Program Files\TiVo\Desktop\TiVoNotify.exe" /service /registry /auto:TivoNotify] -> File not found
"TivoServer" ->  ["C:\Program Files\TiVo\Desktop\TiVoServer.exe" /service /registry] -> File not found
"TivoTransfer" ->  ["C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe" /service /registry /auto:TivoTransfer] -> File not found
"WMPNSCFG" -> %ProgramFiles%\Windows Media Player\wmpnscfg.exe [C:\Program Files\Windows Media Player\WMPNSCFG.exe] -> [2006/10/18 20:05:26 | 00,204,288 | ---- | M] (Microsoft Corporation)
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> 
%AllUsersProfile%\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> [2005/09/23 22:05:26 | 00,029,696 | ---- | M] (Adobe Systems Incorporated)
%AllUsersProfile%\Start Menu\Programs\Startup\Bluetooth.lnk -> %ProgramFiles%\WIDCOMM\Bluetooth Software\BTTray.exe -> [2006/05/24 15:28:28 | 00,622,653 | ---- | M] (Broadcom Corporation.)
%AllUsersProfile%\Start Menu\Programs\Startup\Digital Line Detect.lnk -> %ProgramFiles%\Digital Line Detect\DLG.exe -> [2003/10/28 23:06:00 | 00,024,576 | ---- | M] (BVRP Software)
%AllUsersProfile%\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe -> [2008/09/20 10:10:52 | 00,067,128 | ---- | M] (Logitech Inc.)
%AllUsersProfile%\Start Menu\Programs\Startup\Logitech SetPoint.lnk -> %ProgramFiles%\Logitech\SetPoint\SetPoint.exe -> [2008/05/02 01:44:08 | 00,805,392 | ---- | M] (Logitech, Inc.)
%AllUsersProfile%\Start Menu\Programs\Startup\Pharos Notify.lnk -> %ProgramFiles%\Pharos\bin\PSNotify.exe -> [2005/08/23 17:20:50 | 00,405,504 | ---- | M] (Pharos Systems International)
%AllUsersProfile%\Start Menu\Programs\Startup\Service Manager.lnk -> %ProgramFiles%\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe -> [2005/05/03 19:07:32 | 00,081,920 | ---- | M] (Microsoft Corporation)
%AllUsersProfile%\Start Menu\Programs\Startup\Windows Search.lnk -> %ProgramFiles%\Windows Desktop Search\WindowsSearch.exe -> [2008/05/26 21:19:14 | 00,123,904 | ---- | M] (Microsoft Corporation)
< Tyler Startup Folder > -> C:\Documents and Settings\Tyler\Start Menu\Programs\Startup -> 
%UserProfile%\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk -> %ProgramFiles%\Microsoft Office\Office12\ONENOTEM.EXE -> [2007/12/07 19:44:36 | 00,101,440 | ---- | M] (Microsoft Corporation)
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
\\"dontdisplaylastusername" ->  [0] -> File not found
\\"legalnoticecaption" ->  [] -> File not found
\\"legalnoticetext" ->  [] -> File not found
\\"shutdownwithoutlogon" ->  [1] -> File not found
\\"undockwithoutlogon" ->  [1] -> File not found
< CurrentVersion Policy Settings - Explorer [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [145] -> File not found
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> 
E&xport to Microsoft Excel -> %ProgramFiles%\Microsoft Office\Office12\EXCEL.EXE [res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000] -> [2008/07/30 02:25:02 | 17,930,264 | ---- | M] (Microsoft Corporation)
Send to &Bluetooth Device... -> %ProgramFiles%\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm [C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm] -> [2003/05/29 10:53:12 | 00,001,320 | ---- | M] ()
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{2670000A-7350-4f3c-8081-5663EE0C6C49}:{48E73304-E1D6-4330-914C-F5F514E3486C} [HKLM] -> %ProgramFiles%\Microsoft Office\Office12\ONBttnIE.dll [Button: Send to OneNote] -> [2007/12/13 01:20:58 | 00,606,288 | ---- | M] (Microsoft Corporation)
{2670000A-7350-4f3c-8081-5663EE0C6C49}:{48E73304-E1D6-4330-914C-F5F514E3486C} [HKLM] -> %ProgramFiles%\Microsoft Office\Office12\ONBttnIE.dll [Menu: S&end to OneNote] -> [2007/12/13 01:20:58 | 00,606,288 | ---- | M] (Microsoft Corporation)
{92780B25-18CC-41C8-B9BE-3C9C571A8263}:{FF059E31-CC5A-4E2E-BF3B-96E929D65503} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Button: Research] -> [2007/04/19 14:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation)
{e2e2dd38-d088-4134-82b7-f2ba38496583}:Exec [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [Menu: @xpsp3res.dll,-20001] -> [2008/04/13 10:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Button: Messenger] -> [2008/04/13 16:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Menu: Windows Messenger] -> [2008/04/13 16:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\"{92780B25-18CC-41C8-B9BE-3C9C571A8263}" [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2007/04/19 14:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation)
CmdMapping\\"{e2e2dd38-d088-4134-82b7-f2ba38496583}" [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 10:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 16:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> 
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 2 domain(s) found. -> 
online_musicmatch.com [https] -> Trusted sites -> 
2 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} [HKLM] -> http://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab[Office Genuine Advantage Validation Tool] -> 
{3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} [HKLM] -> http://office.microsoft.com/officeupdate/content/opuc3.cab[Office Update Installation Engine] -> 
{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} [HKLM] -> http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab[McAfee.com Operating System Class] -> 
{4F1E5B1A-2A80-42CA-8532-2D05CB959537} [HKLM] -> http://by119fd.bay119.hotmail.msn.com/resources/MsnPUpld.cab[MSN Photo Upload Tool] -> 
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} [HKLM] -> http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1219706458890[MUWebControl Class] -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab[Java Plug-in 1.6.0_10] -> 
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [HKLM] -> http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab[Reg Error: Key does not exist or could not be opened.] -> 
{BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} [HKLM] -> http://support.f-secure.com/ols/fscax.cab[F-Secure Online Scanner 3.3] -> 
{C7DB51B4-BCF7-4923-8874-7F1A0DC92277} [HKLM] -> http://office.microsoft.com/officeupdate/content/opuc4.cab[Office Update Installation Engine] -> 
{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab[Java Plug-in 1.4.2_03] -> 
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab[Java Plug-in 1.5.0_06] -> 
{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab[Java Plug-in 1.5.0_10] -> 
{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab[Java Plug-in 1.5.0_11] -> 
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab[Java Plug-in 1.6.0_01] -> 
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab[Java Plug-in 1.6.0_02] -> 
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab[Java Plug-in 1.6.0_03] -> 
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab[Java Plug-in 1.6.0_05] -> 
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab[Java Plug-in 1.6.0_07] -> 
{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab[Java Plug-in 1.6.0_10] -> 
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab[Java Plug-in 1.6.0_10] -> 
{D27CDB6E-AE6D-11CF-96B8-444553540000} [HKLM] -> http://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab[Shockwave Flash Object] -> 
{E856B973-45FD-4559-8F82-EAB539144667} [HKLM] -> http://pccheckup.dellfix.com/rel/41/install/gtdownde.cab[Dell PC Checkup Installer Control] -> 
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{6BF74A0B-C078-4538-A753-B369564B2768} ->	(Dell Wireless 1500 Draft 802.11n WLAN Mini-Card) -> 
{8EB20EE8-7542-4865-9D91-2A7190572A47} ->	(Broadcom 440x 10/100 Integrated Controller) -> 
{AAC47EE6-F979-4865-8C9E-C810A0A729D0} ->	(1394 Net Adapter) -> 
{EBD29BF6-ADF6-4564-BA6D-5D4A79732512} ->	() -> 
< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs -> 
*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls -> 
karna.dat ->  -> File not found
*MultiFile Done* -> -> 
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 
AtiExtEvent -> %SystemRoot%\system32\ati2evxx.dll -> [2006/02/15 20:34:14 | 00,061,440 | ---- | M] (ATI Technologies Inc.)
LBTWlgn -> %CommonProgramFiles%\Logishrd\Bluetooth\LBTWLgn.dll -> [2008/05/02 01:42:30 | 00,072,208 | ---- | M] (Logitech, Inc.)
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> 
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}" [HKLM] -> %ProgramFiles%\Windows Defender\MpShHook.dll [Microsoft AntiMalware ShellExecuteHook] -> [2006/11/03 19:20:00 | 00,083,224 | ---- | M] (Microsoft Corporation)
"{56F9679E-7826-4C84-81F3-532071A8BCC5}" [HKLM] -> %ProgramFiles%\Windows Desktop Search\MSNLNamespaceMgr.dll [] -> [2008/05/26 21:19:02 | 00,304,128 | ---- | M] (Microsoft Corporation)
< Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List -> 
"%windir%\Network Diagnostic\xpnetdiag.exe" -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> [2008/04/13 10:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> [2008/04/13 16:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" -> C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger] -> [2008/09/20 10:10:52 | 00,067,128 | ---- | M] (Logitech Inc.)
"C:\Program Files\Pharos\bin\PSNotify.exe" -> C:\Program Files\Pharos\bin\PSNotify.exe [C:\Program Files\Pharos\bin\PSNotify.exe:*:Enabled:Pharos Notify Client ] -> [2005/08/23 17:20:50 | 00,405,504 | ---- | M] (Pharos Systems International)
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List -> 
"%windir%\Network Diagnostic\xpnetdiag.exe" -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> [2008/04/13 10:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
"C:\Program Files\BitTorrent\bittorrent.exe" -> C:\Program Files\BitTorrent\bittorrent.exe [C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent] -> [2008/07/05 18:06:32 | 00,587,568 | ---- | M] ()
"C:\Program Files\BitTorrent_DNA\dna.exe" -> C:\Program Files\BitTorrent_DNA\dna.exe [C:\Program Files\BitTorrent_DNA\dna.exe:*:Enabled:BitTorrent DNA] -> [2008/03/19 22:30:02 | 00,287,040 | ---- | M] ()
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" -> C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe [C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent] -> [2008/01/25 00:38:12 | 02,458,128 | ---- | M] (McAfee, Inc.)
"C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe" -> C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe [C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe:LocalSubNet:Enabled:TiVo Beacon Service] -> [2007/09/25 10:33:18 | 00,867,328 | ---- | M] (TiVo Inc.)
"C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe" -> C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe [C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe:LocalSubNet:Enabled:TiVo Transfer Service] -> [2007/09/25 10:33:52 | 01,195,008 | ---- | M] (TiVo Inc.)
"C:\Program Files\DNA\btdna.exe" -> C:\Program Files\DNA\btdna.exe [C:\Program Files\DNA\btdna.exe:*:Enabled:DNA] -> [2008/09/06 23:28:21 | 00,342,848 | ---- | M] (BitTorrent, Inc.)
"C:\Program Files\EA Games\Command & Conquer The First Decade\Command & Conquer Red Alert(tm) II\RA2\game.exe" -> C:\Program Files\EA Games\Command & Conquer The First Decade\Command & Conquer Red Alert(tm) II\RA2\game.exe [C:\Program Files\EA Games\Command & Conquer The First Decade\Command & Conquer Red Alert(tm) II\RA2\game.exe:*:Enabled:Main executable for Red Alert 2] -> [2005/08/16 14:49:28 | 04,485,392 | ---- | M] (Westwood Studios)
"C:\Program Files\iTunes\iTunes.exe" -> C:\Program Files\iTunes\iTunes.exe [C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes] -> [2007/04/27 10:25:54 | 14,672,448 | ---- | M] (Apple Inc.)
"C:\Program Files\LimeWire\LimeWire.exe" -> C:\Program Files\LimeWire\LimeWire.exe [C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire] -> [2008/06/05 10:52:50 | 00,147,456 | ---- | M] (Lime Wire, LLC)
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" -> C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger] -> [2008/09/20 10:10:52 | 00,067,128 | ---- | M] (Logitech Inc.)
"C:\Program Files\Messenger\msmsgs.exe" -> C:\Program Files\Messenger\msmsgs.exe [C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger] -> [2008/04/13 16:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" -> C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE [C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote] -> [2008/05/21 04:54:40 | 01,022,496 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Pharos\bin\PSNotify.exe" -> C:\Program Files\Pharos\bin\PSNotify.exe [C:\Program Files\Pharos\bin\PSNotify.exe:*:Enabled:Pharos Notify Client ] -> [2005/08/23 17:20:50 | 00,405,504 | ---- | M] (Pharos Systems International)
"C:\Program Files\Steam\steamapps\tymack193@msn.com\counter-strike source\hl2.exe" -> C:\Program Files\Steam\steamapps\tymack193@msn.com\counter-strike source\hl2.exe [C:\Program Files\Steam\steamapps\tymack193@msn.com\counter-strike source\hl2.exe:*:Enabled:hl2] -> [2008/03/03 01:02:03 | 00,106,496 | ---- | M] ()
"C:\Program Files\THQ\Dawn of War - Dark Crusade\DarkCrusade.exe" -> C:\Program Files\THQ\Dawn of War - Dark Crusade\DarkCrusade.exe [C:\Program Files\THQ\Dawn of War - Dark Crusade\DarkCrusade.exe:*:Enabled:DarkCrusade] -> [2007/03/16 17:37:44 | 03,112,536 | ---- | M] (THQ Canada Inc.)
"C:\Program Files\THQ\Dawn Of War\W40k.exe" -> C:\Program Files\THQ\Dawn Of War\W40k.exe [C:\Program Files\THQ\Dawn Of War\W40k.exe:*:Enabled:W40k] -> [2006/08/15 14:35:05 | 03,151,360 | ---- | M] (THQ Canada Inc.)
"C:\Program Files\THQ\Dawn Of War\W40kWA.exe" -> C:\Program Files\THQ\Dawn Of War\W40kWA.exe [C:\Program Files\THQ\Dawn Of War\W40kWA.exe:*:Enabled:W40kWA] -> [2006/08/15 13:36:10 | 03,153,408 | ---- | M] (THQ Canada Inc.)
"C:\Program Files\TiVo\Desktop\TiVoDesktop.exe" -> C:\Program Files\TiVo\Desktop\TiVoDesktop.exe [C:\Program Files\TiVo\Desktop\TiVoDesktop.exe:LocalSubNet:Enabled:TiVo Desktop User Interface] -> [2007/09/25 10:37:32 | 02,114,048 | ---- | M] (TiVo Inc.)
"C:\Program Files\TiVo\Desktop\TiVoServer.exe" -> C:\Program Files\TiVo\Desktop\TiVoServer.exe [C:\Program Files\TiVo\Desktop\TiVoServer.exe:LocalSubNet:Enabled:TiVo Server Service] -> [2007/09/25 10:35:44 | 01,495,040 | ---- | M] (TiVo Inc.)
"C:\WINDOWS\explorer.exe" -> C:\WINDOWS\explorer.exe [C:\WINDOWS\explorer.exe:*:Enabled:Explorer] -> [2008/04/13 16:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation)
"C:\WINDOWS\system32\java.exe" -> C:\WINDOWS\system32\java.exe [C:\WINDOWS\system32\java.exe:*:Enabled:Java(TM) 2 Platform Standard Edition binary] -> [2008/11/22 22:39:14 | 00,144,792 | ---- | M] (Sun Microsystems, Inc.)
"C:\WINDOWS\system32\LEXPPS.EXE" -> C:\WINDOWS\system32\LEXPPS.EXE [C:\WINDOWS\system32\LEXPPS.EXE:*:Enabled:LEXPPS.EXE] -> [2004/03/04 07:26:20 | 00,174,592 | ---- | M] (Lexmark International, Inc.)
"C:\WINDOWS\system32\logonui.exe" -> C:\WINDOWS\system32\logonui.exe [C:\WINDOWS\system32\logonui.exe:*:Enabled:logonui] -> [2008/04/13 16:12:24 | 00,514,560 | ---- | M] (Microsoft Corporation)
"C:\WINDOWS\system32\searchprotocolhost.exe" -> C:\WINDOWS\system32\searchprotocolhost.exe [C:\WINDOWS\system32\searchprotocolhost.exe:*:Enabled:SearchProtocolHost] -> [2008/05/26 21:18:18 | 00,184,832 | ---- | M] (Microsoft Corporation)
"C:\WINDOWS\system32\sessmgr.exe" -> C:\WINDOWS\system32\sessmgr.exe [C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019] -> [2008/04/13 16:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation)
"C:\WINDOWS\system32\winlogon.exe" -> C:\WINDOWS\system32\winlogon.exe [C:\WINDOWS\system32\winlogon.exe:*:Enabled:winlogon] -> [2008/04/13 16:12:39 | 00,507,904 | ---- | M] (Microsoft Corporation)
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> 
"AlternateShell" -> cmd.exe -> 
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 -> 
"DisplayName" -> CD-ROM Driver -> 
"ImagePath" -> %SystemRoot%\system32\drivers\cdrom.sys [system32\DRIVERS\cdrom.sys] -> [2008/04/13 10:40:46 | 00,062,976 | ---- | M] (Microsoft Corporation)
< Drives with AutoRun files > ->  -> 
C:\AUTOEXEC.BAT [] -> %SystemDrive%\AUTOEXEC.BAT [ NTFS ] -> [2004/08/11 14:15:00 | 00,000,000 | ---- | M] ()
D:\autorun.inf [[autorun] | icon=bin\maxpayne2.ico | ] -> D:\autorun.inf [ CDFS ] -> [2003/09/18 12:11:56 | 00,000,035 | R--- | M] ()
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> 
 
 
[Files/Folders - Created Within 30 Days]
DivXVfWCodec.dll -> %SystemRoot%\System32\DivXVfWCodec.dll -> [2008/12/21 20:59:26 | 00,025,312 | ---- | C] ()
SamsungVfWCodec.dll -> %SystemRoot%\System32\SamsungVfWCodec.dll -> [2008/12/21 20:59:24 | 00,025,312 | ---- | C] ()
OpenQuicktimeLib.dll -> %SystemRoot%\System32\OpenQuicktimeLib.dll -> [2008/12/21 20:59:08 | 00,447,200 | ---- | C] ()
3ivxVfWCodec.dll -> %SystemRoot%\System32\3ivxVfWCodec.dll -> [2008/12/21 20:59:00 | 00,332,512 | ---- | C] (3ivx Technologies Pty. Ltd.)
3ivx.dll -> %SystemRoot%\System32\3ivx.dll -> [2008/12/21 20:58:56 | 01,155,808 | ---- | C] (3ivx Technologies Pty. Ltd.)
libfaac.dll -> %SystemRoot%\System32\libfaac.dll -> [2008/12/21 20:52:02 | 00,066,272 | ---- | C] ()
fsaua.data -> %SystemDrive%\fsaua.data -> [2008/12/03 08:38:33 | 00,000,000 | ---D | C]
_OTScanIt -> %SystemDrive%\_OTScanIt -> [2008/12/03 08:24:59 | 00,000,000 | ---D | C]
Avenger -> %SystemDrive%\Avenger -> [2008/12/03 08:14:59 | 00,000,000 | ---D | C]
Shortcut to OTScanIt2.lnk -> %UserProfile%\Desktop\Shortcut to OTScanIt2.lnk -> [2008/12/03 07:26:49 | 00,000,659 | ---- | C] ()
Minidump -> %SystemRoot%\Minidump -> [2008/12/03 06:53:07 | 00,000,000 | ---D | C]
vplw.sys -> %SystemRoot%\System32\drivers\vplw.sys -> [2008/12/02 21:16:42 | 00,061,440 | ---- | C] ()
avenger -> %UserProfile%\Desktop\avenger -> [2008/12/02 21:10:34 | 00,000,000 | ---D | C]
mucltui.dll -> %SystemRoot%\System32\mucltui.dll -> [2008/12/02 18:14:04 | 00,268,648 | ---- | C] (Microsoft Corporation)
muweb.dll -> %SystemRoot%\System32\muweb.dll -> [2008/12/02 18:14:04 | 00,208,744 | ---- | C] (Microsoft Corporation)
wuweb.dll -> %SystemRoot%\System32\wuweb.dll -> [2008/12/02 18:13:51 | 00,202,776 | ---- | C] (Microsoft Corporation)
wuweb.dll -> %SystemRoot%\System32\dllcache\wuweb.dll -> [2008/12/02 18:13:51 | 00,202,776 | ---- | C] (Microsoft Corporation)
Config.Msi -> %SystemDrive%\Config.Msi -> [2008/11/30 15:40:14 | 00,000,000 | -HSD | C]
11-27-08 Malware -> %UserProfile%\Desktop\11-27-08 Malware -> [2008/11/30 04:22:36 | 00,000,000 | ---D | C]
trend micro -> %ProgramFiles%\trend micro -> [2008/11/29 00:38:11 | 00,000,000 | ---D | C]
rsit -> %SystemDrive%\rsit -> [2008/11/29 00:38:10 | 00,000,000 | ---D | C]
MP Scheduled Scan.job -> %SystemRoot%\tasks\MP Scheduled Scan.job -> [2008/11/28 22:07:14 | 00,000,330 | -H-- | C] ()
Windows Defender.lnk -> %UserProfile%\Desktop\Windows Defender.lnk -> [2008/11/28 22:05:14 | 00,000,955 | ---- | C] ()
Windows Defender -> %ProgramFiles%\Windows Defender -> [2008/11/28 22:04:04 | 00,000,000 | ---D | C]
MRT.exe -> %SystemRoot%\System32\MRT.exe -> [2008/11/28 20:26:31 | 17,318,336 | ---- | C] (Microsoft Corporation)
mrxsmb.sys -> %SystemRoot%\System32\dllcache\mrxsmb.sys -> [2008/11/28 20:20:44 | 00,455,296 | ---- | C] (Microsoft Corporation)
msxml3.dll -> %SystemRoot%\System32\dllcache\msxml3.dll -> [2008/11/28 20:20:18 | 01,106,944 | ---- | C] (Microsoft Corporation)
VundoFix Backups -> %SystemDrive%\VundoFix Backups -> [2008/11/28 19:50:48 | 00,000,000 | ---D | C]
wuapi.dll.mui -> %SystemRoot%\System32\wuapi.dll.mui -> [2008/11/28 11:44:09 | 00,023,576 | ---- | C] (Microsoft Corporation)
MSINET.OCX -> %SystemRoot%\System32\MSINET.OCX -> [2008/11/27 23:51:13 | 00,115,016 | ---- | C] (Microsoft Corporation)
Tyler's 21st b-day list.docx -> %UserProfile%\Desktop\Tyler's 21st b-day list.docx -> [2008/11/21 10:54:40 | 00,014,901 | ---- | C] ()
BOOK LIST.docx -> %UserProfile%\Desktop\BOOK LIST.docx -> [2008/11/19 23:06:53 | 00,011,114 | ---- | C] ()
 
[Files/Folders - Modified Within 30 Days]
C:\Documents and Settings\All Users\Application Data\Microsoft\HTML Help\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\HTML Help -> [2008/10/19 14:13:45 | 00,000,000 | ---D | M]
hhcolreg.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\HTML Help\hhcolreg.dat -> [2008/10/19 14:37:34 | 00,000,184 | ---- | M] ()
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader -> [2008/12/03 08:30:10 | 00,000,000 | ---D | M]
qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [2008/12/03 08:30:10 | 00,004,096 | ---- | M] ()
qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [2008/12/03 08:30:10 | 00,004,096 | ---- | M] ()
C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA -> [2008/08/16 16:26:44 | 00,000,000 | ---D | M]
opa11.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa11.dat -> [2006/08/28 17:30:41 | 00,011,082 | ---- | M] ()
opa12.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa12.dat -> [2008/08/16 16:29:23 | 00,008,396 | ---- | M] ()
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Temp\usgthrsvc -> [2008/12/03 08:31:12 | 00,000,000 | ---D | M]
Perflib_Perfdata_cd8.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\Perflib_Perfdata_cd8.dat -> [2008/12/03 08:31:12 | 00,016,384 | ---- | M] ()
C:\Documents and Settings\All Users\Application Data\Microsoft\Small Business Accounting\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Small Business Accounting -> [2006/09/18 06:17:24 | 00,000,000 | ---D | M]
GridLayout.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Small Business Accounting\GridLayout.dat -> [2005/04/05 14:39:08 | 00,101,841 | ---- | M] ()
C:\Documents and Settings\Tyler\Local Settings\Temp\OnlineScanner\Anti-Virus\ -> C:\Documents and Settings\Tyler\Local Settings\Temp\OnlineScanner\Anti-Virus -> [2008/12/03 09:00:47 | 00,000,000 | ---D | M]
fsgk32.exe -> C:\Documents and Settings\Tyler\Local Settings\Temp\OnlineScanner\Anti-Virus\fsgk32.exe -> [2008/12/03 08:42:15 | 00,432,232 | ---- | M] (F-Secure Corp.)
fssm32.exe -> C:\Documents and Settings\Tyler\Local Settings\Temp\OnlineScanner\Anti-Virus\fssm32.exe -> [2008/12/03 08:42:15 | 00,514,664 | ---- | M] (F-Secure Corp.)
C:\Documents and Settings\Tyler\Local Settings\Temp\OnlineScanner\updates\fsav_beta\ -> C:\Documents and Settings\Tyler\Local Settings\Temp\OnlineScanner\updates\fsav_beta -> [2008/12/03 08:42:15 | 00,000,000 | ---D | M]
fsgk32.exe -> C:\Documents and Settings\Tyler\Local Settings\Temp\OnlineScanner\updates\fsav_beta\fsgk32.exe -> [2008/12/03 08:42:15 | 00,432,232 | ---- | M] (F-Secure Corp.)
fssm32.exe -> C:\Documents and Settings\Tyler\Local Settings\Temp\OnlineScanner\updates\fsav_beta\fssm32.exe -> [2008/12/03 08:42:15 | 00,514,664 | ---- | M] (F-Secure Corp.)
C:\Documents and Settings\Tyler\Local Settings\Temp\clclean.0001.dir.0000\ -> C:\Documents and Settings\Tyler\Local Settings\Temp\clclean.0001.dir.0000 -> [2008/12/03 08:31:39 | 00,000,000 | ---D | M]
ActivationGui.dll -> C:\Documents and Settings\Tyler\Local Settings\Temp\clclean.0001.dir.0000\ActivationGui.dll -> [2008/12/03 08:31:39 | 00,208,896 | ---- | M] (Creative Technology Ltd)
ApiExShell.dll -> C:\Documents and Settings\Tyler\Local Settings\Temp\clclean.0001.dir.0000\ApiExShell.dll -> [2008/12/03 08:31:39 | 00,077,824 | ---- | M] (Creative Technology Ltd)
3 C:\Documents and Settings\Tyler\Local Settings\Temp\clclean.0001.dir.0000\*.tmp files -> C:\Documents and Settings\Tyler\Local Settings\Temp\clclean.0001.dir.0000\*.tmp -> 
C:\Documents and Settings\Tyler\Local Settings\Temp\OnlineScanner\Anti-Virus\ -> C:\Documents and Settings\Tyler\Local Settings\Temp\OnlineScanner\Anti-Virus -> [2008/12/03 09:00:47 | 00,000,000 | ---D | M]
AVPFPI0.dll -> C:\Documents and Settings\Tyler\Local Settings\Temp\OnlineScanner\Anti-Virus\AVPFPI0.dll -> [2008/12/03 08:42:15 | 00,154,304 | ---- | M] (Kaspersky Lab)
avpproxy.dll -> C:\Documents and Settings\Tyler\Local Settings\Temp\OnlineScanner\Anti-Virus\avpproxy.dll -> [2008/12/03 08:42:15 | 00,084,672 | ---- | M] (F-Secure Corporation)
daas_s.dll -> C:\Documents and Settings\Tyler\Local Settings\Temp\OnlineScanner\Anti-Virus\daas_s.dll -> [2008/02/27 15:59:28 | 00,495,616 | ---- | M] (F-Secure Corporation)
fm4av.dll -> C:\Documents and Settings\Tyler\Local Settings\Temp\OnlineScanner\Anti-Virus\fm4av.dll -> [2008/12/03 08:42:15 | 00,521,320 | ---- | M] ()
fpinor.dll -> C:\Documents and Settings\Tyler\Local Settings\Temp\OnlineScanner\Anti-Virus\fpinor.dll -> [2008/12/03 08:42:15 | 00,120,424 | ---- | M] (F-Secure Corporation)
fsbl.dll -> C:\Documents and Settings\Tyler\Local Settings\Temp\OnlineScanner\Anti-Virus\fsbl.dll -> [2008/12/03 08:42:15 | 00,055,912 | ---- | M] (F-Secure Corporation)
fsbld.dll -> C:\Documents and Settings\Tyler\Local Settings\Temp\OnlineScanner\Anti-Virus\fsbld.dll -> [2008/12/03 08:42:01 | 00,731,784 | ---- | M] (F-Secure Corporation)
fsecr32.dll -> C:\Documents and Settings\Tyler\Local Settings\Temp\OnlineScanner\Anti-Virus\fsecr32.dll -> [2008/12/03 08:42:10 | 00,262,144 | ---- | M] (F-Secure Corporation)
fsepx32.dll -> C:\Documents and Settings\Tyler\Local Settings\Temp\OnlineScanner\Anti-Virus\fsepx32.dll -> [2008/12/03 08:42:15 | 00,150,168 | ---- | M] (F-Secure Corporation)
fsgkiapi.dll -> C:\Documents and Settings\Tyler\Local Settings\Temp\OnlineScanner\Anti-Virus\fsgkiapi.dll -> [2008/12/03 08:42:15 | 00,100,456 | ---- | M] (F-Secure Corp.)
fsmart.dll -> C:\Documents and Settings\Tyler\Local Settings\Temp\OnlineScanner\Anti-Virus\fsmart.dll -> [2008/12/03 08:42:18 | 00,147,456 | ---- | M] (F-Secure Corporation)
fspe32.dll -> C:\Documents and Settings\Tyler\Local Settings\Temp\OnlineScanner\Anti-Virus\fspe32.dll -> [2008/12/03 08:42:10 | 00,385,024 | ---- | M] (F-Secure Corporation)
fssubmit.dll -> C:\Documents and Settings\Tyler\Local Settings\Temp\OnlineScanner\Anti-Virus\fssubmit.dll -> [2008/12/03 08:41:52 | 00,651,264 | ---- | M] (F-Secure Corporation)
fsup32.dll -> C:\Documents and Settings\Tyler\Local Settings\Temp\OnlineScanner\Anti-Virus\fsup32.dll -> [2008/12/03 08:42:10 | 00,577,536 | ---- | M] (F-Secure Corporation)
fsupcx32.dll -> C:\Documents and Settings\Tyler\Local Settings\Temp\OnlineScanner\Anti-Virus\fsupcx32.dll -> [2008/12/03 08:42:10 | 00,073,728 | ---- | M] (F-Secure Corporation)
fsupfg32.dll -> C:\Documents and Settings\Tyler\Local Settings\Temp\OnlineScanner\Anti-Virus\fsupfg32.dll -> [2008/12/03 08:42:10 | 00,098,304 | ---- | M] (F-Secure Corporation)
fsupmw32.dll -> C:\Documents and Settings\Tyler\Local Settings\Temp\OnlineScanner\Anti-Virus\fsupmw32.dll -> [2008/12/03 08:42:10 | 00,086,016 | ---- | M] (F-Secure Corporation)
fsupnp32.dll -> C:\Documents and Settings\Tyler\Local Settings\Temp\OnlineScanner\Anti-Virus\fsupnp32.dll -> [2008/12/03 08:42:10 | 00,098,304 | ---- | M] (F-Secure Corporation)
fsupux32.dll -> C:\Documents and Settings\Tyler\Local Settings\Temp\OnlineScanner\Anti-Virus\fsupux32.dll -> [2008/12/03 08:42:10 | 00,090,112 | ---- | M] (F-Secure Corporation)
fsupwu32.dll -> C:\Documents and Settings\Tyler\Local Settings\Temp\OnlineScanner\Anti-Virus\fsupwu32.dll -> [2008/12/03 08:42:10 | 00,090,112 | ---- | M] (F-Secure Corporation)
fsusscr.dll -> C:\Documents and Settings\Tyler\Local Settings\Temp\OnlineScanner\Anti-Virus\fsusscr.dll -> [2008/12/03 08:42:18 | 00,883,336 | ---- | M] (F-Secure Corporation)
Nse_w32.dll -> C:\Documents and Settings\Tyler\Local Settings\Temp\OnlineScanner\Anti-Virus\Nse_w32.dll -> [2008/12/03 08:41:59 | 00,588,856 | ---- | M] (Norman ASA)
C:\Documents and Settings\Tyler\Local Settings\Temp\OnlineScanner\updates\fsav_beta\ -> C:\Documents and Settings\Tyler\Local Settings\Temp\OnlineScanner\updates\fsav_beta -> [2008/12/03 08:42:15 | 00,000,000 | ---D | M]
AVPFPI0.dll -> C:\Documents and Settings\Tyler\Local Settings\Temp\OnlineScanner\updates\fsav_beta\AVPFPI0.dll -> [2008/12/03 08:42:15 | 00,154,304 | ---- | M] (Kaspersky Lab)
avpproxy.dll -> C:\Documents and Settings\Tyler\Local Settings\Temp\OnlineScanner\updates\fsav_beta\avpproxy.dll -> [2008/12/03 08:42:15 | 00,084,672 | ---- | M] (F-Secure Corporation)
fm4av.dll -> C:\Documents and Settings\Tyler\Local Settings\Temp\OnlineScanner\updates\fsav_beta\fm4av.dll -> [2008/12/03 08:42:15 | 00,521,320 | ---- | M] ()
fpinor.dll -> C:\Documents and Settings\Tyler\Local Settings\Temp\OnlineScanner\updates\fsav_beta\fpinor.dll -> [2008/12/03 08:42:15 | 00,120,424 | ---- | M] (F-Secure Corporation)
fsbl.dll -> C:\Documents and Settings\Tyler\Local Settings\Temp\OnlineScanner\updates\fsav_beta\fsbl.dll -> [2008/12/03 08:42:15 | 00,055,912 | ---- | M] (F-Secure Corporation)
fsepx32.dll -> C:\Documents and Settings\Tyler\Local Settings\Temp\OnlineScanner\updates\fsav_beta\fsepx32.dll -> [2008/12/03 08:42:15 | 00,150,168 | ---- | M] (F-Secure Corporation)
fsgkiapi.dll -> C:\Documents and Settings\Tyler\Local Settings\Temp\OnlineScanner\updates\fsav_beta\fsgkiapi.dll -> [2008/12/03 08:42:15 | 00,100,456 | ---- | M] (F-Secure Corp.)
C:\Documents and Settings\Tyler\Local Settings\Temp\OnlineScanner\updates\hydrawin\ -> C:\Documents and Settings\Tyler\Local Settings\Temp\OnlineScanner\updates\hydrawin -> [2008/12/03 08:42:11 | 00,000,000 | ---D | M]
fsecr32.dll -> C:\Documents and Settings\Tyler\Local Settings\Temp\OnlineScanner\updates\hydrawin\fsecr32.dll -> [2008/12/03 08:42:10 | 00,262,144 | ---- | M] (F-Secure Corporation)
fspe32.dll -> C:\Documents and Settings\Tyler\Local Settings\Temp\OnlineScanner\updates\hydrawin\fspe32.dll -> [2008/12/03 08:42:10 | 00,385,024 | ---- | M] (F-Secure Corporation)
fsup32.dll -> C:\Documents and Settings\Tyler\Local Settings\Temp\OnlineScanner\updates\hydrawin\fsup32.dll -> [2008/12/03 08:42:10 | 00,577,536 | ---- | M] (F-Secure Corporation)
fsupcx32.dll -> C:\Documents and Settings\Tyler\Local Settings\Temp\OnlineScanner\updates\hydrawin\fsupcx32.dll -> [2008/12/03 08:42:10 | 00,073,728 | ---- | M] (F-Secure Corporation)
fsupfg32.dll -> C:\Documents and Settings\Tyler\Local Settings\Temp\OnlineScanner\updates\hydrawin\fsupfg32.dll -> [2008/12/03 08:42:10 | 00,098,304 | ---- | M] (F-Secure Corporation)
fsupmw32.dll -> C:\Documents and Settings\Tyler\Local Settings\Temp\OnlineScanner\updates\hydrawin\fsupmw32.dll -> [2008/12/03 08:42:10 | 00,086,016 | ---- | M] (F-Secure Corporation)
fsupnp32.dll -> C:\Documents and Settings\Tyler\Local Settings\Temp\OnlineScanner\updates\hydrawin\fsupnp32.dll -> [2008/12/03 08:42:10 | 00,098,304 | ---- | M] (F-Secure Corporation)
fsupux32.dll -> C:\Documents and Settings\Tyler\Local Settings\Temp\OnlineScanner\updates\hydrawin\fsupux32.dll -> [2008/12/03 08:42:10 | 00,090,112 | ---- | M] (F-Secure Corporation)
fsupwu32.dll -> C:\Documents and Settings\Tyler\Local Settings\Temp\OnlineScanner\updates\hydrawin\fsupwu32.dll -> [2008/12/03 08:42:10 | 00,090,112 | ---- | M] (F-Secure Corporation)
C:\Documents and Settings\Tyler\Local Settings\Temp\OnlineScanner\updates\mlcwin\ -> C:\Documents and Settings\Tyler\Local Settings\Temp\OnlineScanner\updates\mlcwin -> [2008/12/03 08:42:18 | 00,000,000 | ---D | M]
fsmart.dll -> C:\Documents and Settings\Tyler\Local Settings\Temp\OnlineScanner\updates\mlcwin\fsmart.dll -> [2008/12/03 08:42:18 | 00,147,456 | ---- | M] (F-Secure Corporation)
fsusscr.dll -> C:\Documents and Settings\Tyler\Local Settings\Temp\OnlineScanner\updates\mlcwin\fsusscr.dll -> [2008/12/03 08:42:18 | 00,883,336 | ---- | M] (F-Secure Corporation)
C:\Documents and Settings\Tyler\Local Settings\Temp\OnlineScanner\updates\ols_30_pegdb\ -> C:\Documents and Settings\Tyler\Local Settings\Temp\OnlineScanner\updates\ols_30_pegdb -> [2008/12/03 08:41:59 | 00,000,000 | ---D | M]
Nse_w32.dll -> C:\Documents and Settings\Tyler\Local Settings\Temp\OnlineScanner\updates\ols_30_pegdb\Nse_w32.dll -> [2008/12/03 08:41:59 | 00,588,856 | ---- | M] (Norman ASA)
C:\Documents and Settings\Tyler\Local Settings\Temp\OnlineScanner\updates\ols_33_bin\ -> C:\Documents and Settings\Tyler\Local Settings\Temp\OnlineScanner\updates\ols_33_bin -> [2008/12/03 08:41:52 | 00,000,000 | ---D | M]
fssubmit.dll -> C:\Documents and Settings\Tyler\Local Settings\Temp\OnlineScanner\updates\ols_33_bin\fssubmit.dll -> [2008/12/03 08:41:52 | 00,651,264 | ---- | M] (F-Secure Corporation)
C:\Documents and Settings\Tyler\Local Settings\Temp\OnlineScanner\updates\ols_bl\ -> C:\Documents and Settings\Tyler\Local Settings\Temp\OnlineScanner\updates\ols_bl -> [2008/12/03 08:42:01 | 00,000,000 | ---D | M]
fsblu.dll -> C:\Documents and Settings\Tyler\Local Settings\Temp\OnlineScanner\updates\ols_bl\fsblu.dll -> [2008/12/03 08:42:01 | 00,731,784 | ---- | M] (F-Secure Corporation)
C:\Documents and Settings\Tyler\Local Settings\Temp\OnlineScanner\Anti-Virus\ -> C:\Documents and Settings\Tyler\Local Settings\Temp\OnlineScanner\Anti-Virus -> [2008/12/03 09:00:47 | 00,000,000 | ---D | M]
ext.dat -> C:\Documents and Settings\Tyler\Local Settings\Temp\OnlineScanner\Anti-Virus\ext.dat -> [2008/12/03 08:41:50 | 00,000,444 | ---- | M] ()
fsedb.dat -> C:\Documents and Settings\Tyler\Local Settings\Temp\OnlineScanner\Anti-Virus\fsedb.dat -> [2008/12/03 08:42:10 | 01,786,818 | ---- | M] ()
fsupdllb.dat -> C:\Documents and Settings\Tyler\Local Settings\Temp\OnlineScanner\Anti-Virus\fsupdllb.dat -> [2008/12/03 08:42:10 | 00,422,594 | ---- | M] ()
fsupplgn.dat -> C:\Documents and Settings\Tyler\Local Settings\Temp\OnlineScanner\Anti-Virus\fsupplgn.dat -> [2008/12/03 08:42:10 | 00,000,226 | ---- | M] ()
fsuptmpl.dat -> C:\Documents and Settings\Tyler\Local Settings\Temp\OnlineScanner\Anti-Virus\fsuptmpl.dat -> [2008/12/03 08:42:10 | 00,005,828 | ---- | M] ()
perf.dat -> C:\Documents and Settings\Tyler\Local Settings\Temp\OnlineScanner\Anti-Virus\perf.dat -> [2008/12/03 16:53:13 | 00,000,128 | ---- | M] ()
sae.dat -> C:\Documents and Settings\Tyler\Local Settings\Temp\OnlineScanner\Anti-Virus\sae.dat -> [2008/12/03 08:41:50 | 00,000,243 | ---- | M] ()
sai.dat -> C:\Documents and Settings\Tyler\Local Settings\Temp\OnlineScanner\Anti-Virus\sai.dat -> [2008/12/03 08:41:50 | 00,001,348 | ---- | M] ()
C:\Documents and Settings\Tyler\Local Settings\Temp\OnlineScanner\updates\avmisc\ -> C:\Documents and Settings\Tyler\Local Settings\Temp\OnlineScanner\updates\avmisc -> [2008/12/03 08:41:50 | 00,000,000 | ---D | M]
ext.dat -> C:\Documents and Settings\Tyler\Local Settings\Temp\OnlineScanner\updates\avmisc\ext.dat -> [2008/12/03 08:41:50 | 00,000,444 | ---- | M] ()
sae.dat -> C:\Documents and Settings\Tyler\Local Settings\Temp\OnlineScanner\updates\avmisc\sae.dat -> [2008/12/03 08:41:50 | 00,000,243 | ---- | M] ()
sai.dat -> C:\Documents and Settings\Tyler\Local Settings\Temp\OnlineScanner\updates\avmisc\sai.dat -> [2008/12/03 08:41:50 | 00,001,348 | ---- | M] ()
C:\Documents and Settings\Tyler\Local Settings\Temp\OnlineScanner\updates\hydrawin\ -> C:\Documents and Settings\Tyler\Local Settings\Temp\OnlineScanner\updates\hydrawin -> [2008/12/03 08:42:11 | 00,000,000 | ---D | M]
fsedb.dat -> C:\Documents and Settings\Tyler\Local Settings\Temp\OnlineScanner\updates\hydrawin\fsedb.dat -> [2008/12/03 08:42:10 | 01,786,818 | ---- | M] ()
fsupdllb.dat -> C:\Documents and Settings\Tyler\Local Settings\Temp\OnlineScanner\updates\hydrawin\fsupdllb.dat -> [2008/12/03 08:42:10 | 00,422,594 | ---- | M] ()
fsupplgn.dat -> C:\Documents and Settings\Tyler\Local Settings\Temp\OnlineScanner\updates\hydrawin\fsupplgn.dat -> [2008/12/03 08:42:10 | 00,000,226 | ---- | M] ()
fsuptmpl.dat -> C:\Documents and Settings\Tyler\Local Settings\Temp\OnlineScanner\updates\hydrawin\fsuptmpl.dat -> [2008/12/03 08:42:10 | 00,005,828 | ---- | M] ()
C:\WINDOWS\Temp\ -> C:\WINDOWS\Temp -> [2008/12/03 16:57:56 | 00,000,000 | ---D | M]
Perflib_Perfdata_194.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_194.dat -> [2008/12/03 08:30:23 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_e38.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_e38.dat -> [2008/12/03 08:30:11 | 00,016,384 | ---- | M] ()
1 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp -> 
DivXVfWCodec.dll -> %SystemRoot%\System32\DivXVfWCodec.dll -> [2008/12/21 20:59:26 | 00,025,312 | ---- | M] ()
SamsungVfWCodec.dll -> %SystemRoot%\System32\SamsungVfWCodec.dll -> [2008/12/21 20:59:24 | 00,025,312 | ---- | M] ()
OpenQuicktimeLib.dll -> %SystemRoot%\System32\OpenQuicktimeLib.dll -> [2008/12/21 20:59:08 | 00,447,200 | ---- | M] ()
3ivxVfWCodec.dll -> %SystemRoot%\System32\3ivxVfWCodec.dll -> [2008/12/21 20:59:00 | 00,332,512 | ---- | M] (3ivx Technologies Pty. Ltd.)
3ivx.dll -> %SystemRoot%\System32\3ivx.dll -> [2008/12/21 20:58:56 | 01,155,808 | ---- | M] (3ivx Technologies Pty. Ltd.)
libfaac.dll -> %SystemRoot%\System32\libfaac.dll -> [2008/12/21 20:52:02 | 00,066,272 | ---- | M] ()
MOVIE LIST.doc -> %UserProfile%\Desktop\MOVIE LIST.doc -> [2008/12/03 09:48:02 | 00,031,744 | ---- | M] ()
Tyler's 21st b-day list.docx -> %UserProfile%\Desktop\Tyler's 21st b-day list.docx -> [2008/12/03 09:44:25 | 00,014,901 | ---- | M] ()
Config.MPF -> %SystemRoot%\System32\Config.MPF -> [2008/12/03 08:32:45 | 00,011,865 | ---- | M] ()
wpa.dbl -> %SystemRoot%\System32\wpa.dbl -> [2008/12/03 08:31:44 | 00,002,206 | ---- | M] ()
MP Scheduled Scan.job -> %SystemRoot%\tasks\MP Scheduled Scan.job -> [2008/12/03 08:30:59 | 00,000,330 | -H-- | M] ()
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [2008/12/03 08:27:55 | 00,000,006 | -H-- | M] ()
bootstat.dat -> %SystemRoot%\bootstat.dat -> [2008/12/03 08:27:52 | 00,002,048 | --S- | M] ()
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [2008/12/03 08:27:49 | 21,458,45248 | -HS- | M] ()
Shortcut to OTScanIt2.lnk -> %UserProfile%\Desktop\Shortcut to OTScanIt2.lnk -> [2008/12/03 07:27:31 | 00,000,659 | ---- | M] ()
vplw.sys -> %SystemRoot%\System32\drivers\vplw.sys -> [2008/12/02 21:16:42 | 00,061,440 | ---- | M] ()
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %UserProfile%\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2008/12/02 19:57:55 | 00,140,800 | ---- | M] ()
Windows Defender.lnk -> %UserProfile%\Desktop\Windows Defender.lnk -> [2008/11/28 22:05:14 | 00,000,955 | ---- | M] ()
imsins.BAK -> %SystemRoot%\imsins.BAK -> [2008/11/28 20:25:14 | 00,001,393 | ---- | M] ()
PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI -> [2008/11/28 04:16:47 | 00,584,352 | ---- | M] ()
perfh009.dat -> %SystemRoot%\System32\perfh009.dat -> [2008/11/28 04:16:47 | 00,485,312 | ---- | M] ()
perfc009.dat -> %SystemRoot%\System32\perfc009.dat -> [2008/11/28 04:16:47 | 00,088,032 | ---- | M] ()
MSINET.OCX -> %SystemRoot%\System32\MSINET.OCX -> [2008/11/27 23:51:13 | 00,115,016 | ---- | M] (Microsoft Corporation)
win.ini -> %SystemRoot%\win.ini -> [2008/11/26 02:08:47 | 00,000,734 | ---- | M] ()
GAME LIST.doc -> %UserProfile%\Desktop\GAME LIST.doc -> [2008/11/24 20:53:05 | 00,030,208 | ---- | M] ()
SONG LIST.doc -> %UserProfile%\Desktop\SONG LIST.doc -> [2008/11/24 17:24:12 | 00,035,840 | ---- | M] ()
BOOK LIST.docx -> %UserProfile%\Desktop\BOOK LIST.docx -> [2008/11/20 02:23:37 | 00,011,114 | ---- | M] ()
< End of report >


#13 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:12:00 AM

Posted 03 December 2008 - 09:11 PM

Hi tyler987. It looks like we got it all. Good job :thumbsup:

There's just one left-over registry entry. Let's fix that.

Start OTScanIt2. Copy/Paste the information in the codebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Registry - Safe List]
< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls
YN -> karna.dat -> 
< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs

The fix should only take a very short time. When the fix is completed a message box will popup either telling you that it is finished, or that a reboot is needed to complete the fix. If the fix is complete, click the Ok button and Notepad will open with a log of actions taken during the fix.

If a reboot is required, click the "Yes" button to reboot the machine. After the reboot, OTScanIt2 will finish moving any files that could not be moved during the fix and NotePad will open with the final results at that time. Close NotePad and OTScanIt2 (I don't need to see the log).

Now go ahead and run the system normally for a couple of days to see if there are any lingering malware issues and then get back with me so we can do some final cleanup.

Cheers.

OT

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#14 tyler987

tyler987
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Las Vegas, NV
  • Local time:08:00 PM

Posted 03 December 2008 - 09:49 PM

Hi OldTimer,

Alright fixed the left-over registry entry. Wow, I can not believe I was that infected! I can't thank you enough though for your insight and help with my situation, especially with the codes and the tools; way out of my league. It would have taken me weeks, or even longer to clean my computer on my own. What a great website and community. But about the final cleanup, would you like me to PM you in a couple of days or add a reply to this topic?

Again, thank you very much for your time and assistance.

#15 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:12:00 AM

Posted 03 December 2008 - 10:04 PM

Well thanks tyler987, you're too kind. Just reply back here in a couple of days and let me know how things are going and if everything is Ok we'll do a couple of last steps to cleanup all the tools we used, the files they created, and the system restore points.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users