Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browser Hijack - Google, MSN Search Showing Incorrect URLS


  • This topic is locked This topic is locked
2 replies to this topic

#1 ramone_johnny

ramone_johnny

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:12:29 PM

Posted 28 December 2008 - 11:54 AM

I believe I *may* have the same issue as posted below....

http://www.bleepingcomputer.com/forums/t/189953/search-engine-results-being-redirected/

....however I would like to post up some additional information, as this seriously is doing my head in. Ive been working on this for about 10 hours total without any luck. Hopefully someone here may have seen this issue previously, and can offer some assistance.

Issue.
Both Google and MSN searches are showing incorrect results. They display only organic results, with incorrect urls being displayed beneath what appears to be correct title and description information. Weird. Pages obviously, are being redirected to wrong websites due to this. Sponsored links within Google are no-where to be seen.

Operating System
Windows XP Home Edition SP3

Applied Troubleshooting and Attempted Correction
To this point I have tried the following software in an attempt to correct this issue without any luck. All with the latest signature updates and versions. Some in safe mode, again without any luck.

AVG anti virus
CCleaner
Adaware
Microsoft Defender
Trend House Call
Exterminate It
MalwareBytes
SuperAntiSpyWare
XsoftSpySE

What is it?
So far I have not been able to identify this as either malware, spyware, or a virus. Whatever it is its very persistant. I still dont know what Im chasing here....

What I do know
When viewing the source code in the Google search results I find this at the very top of the page....



This to me, suggests some kind of javascript attack, or perhaps Im wrong? When performing searches in Firefox, (which has the same issue -- so this is not browser specific) I noticed transferring to 7.7.7.0 within the status bar.

Im also getting cookies that are constantly being 're-written' to the C:\Documents and Settings\Home User\Cookies folder. They are....

overture
clickshield
quantserv
etc etc

What else have I tried?
Ive tried almost everything else I can think of. Ive searched the registry for certain keywords that Im seeing as cookies written to temp files, nothing. Ive tried flushing the entire system, performing a full clean up, restarting, nothing. Uninstalling all unnecessary applications. Double checked all running services, still nothing. I dont believe its worth uninstalling IE7 as the issue is also within FireFox.

Ive also checked the host files (all appear to be AOK.)

I also tried the GooredFix.exe thinking it might be that - no luck, as well as Otscanit (log file below)

OTScanIt2 logfile created on: 12/5/2008 1:37:51 PM - Run 1
OTScanIt2 by OldTimer - Version 1.0.2.1	 Folder = C:\Documents and Settings\Michael\Desktop\OTScanIt2
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1.98 Gb Total Physical Memory | 1.52 Gb Available Physical Memory | 76.48% Memory free
2.56 Gb Paging File | 2.25 Gb Available in Paging File | 87.78% Paging File free
Paging file location(s): C:\pagefile.sys 744 1488;
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 52.65 Gb Total Space | 20.15 Gb Free Space | 38.26% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: MIKE
Current User Name: Michael
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days
 
[Processes - Safe List]
1xconfig.exe -> %ProgramFiles%\Intel\Wireless\Bin\1XConfig.exe -> [2004/09/07 17:03:40 | 00,245,760 | ---- | M] (Intel)
aawservice.exe -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> [2007/07/20 02:21:34 | 00,557,056 | ---- | M] (Lavasoft AB)
applemobiledeviceservice.exe -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> [2008/10/01 12:06:14 | 00,116,040 | ---- | M] (Apple Inc.)
avgrsx.exe -> %ProgramFiles%\AVG\AVG8\avgrsx.exe -> [2008/07/03 12:32:04 | 00,287,000 | ---- | M] (AVG Technologies CZ, s.r.o.)
avgtray.exe -> %ProgramFiles%\AVG\AVG8\avgtray.exe -> [2008/11/28 13:28:55 | 01,261,336 | ---- | M] (AVG Technologies CZ, s.r.o.)
avgwdsvc.exe -> %ProgramFiles%\AVG\AVG8\avgwdsvc.exe -> [2008/08/29 10:18:07 | 00,231,704 | ---- | M] (AVG Technologies CZ, s.r.o.)
dlg.exe -> %ProgramFiles%\Digital Line Detect\DLG.exe -> [2003/10/29 03:06:00 | 00,024,576 | R--- | M] (BVRP Software)
evteng.exe -> %ProgramFiles%\Intel\Wireless\Bin\EvtEng.exe -> [2004/09/07 17:02:40 | 00,086,016 | ---- | M] (Intel Corporation)
hkcmd.exe -> %SystemRoot%\system32\hkcmd.exe -> [2005/09/19 20:32:24 | 00,077,824 | ---- | M] (Intel Corporation)
hpgs2wnd.exe -> %ProgramFiles%\HP\HP Share-to-Web\hpgs2wnd.exe -> [2002/04/16 21:42:56 | 00,069,632 | ---- | M] (Hewlett-Packard)
hpgs2wnf.exe -> %ProgramFiles%\HP\HP Share-to-Web\hpgs2wnf.exe -> [2002/04/16 21:49:16 | 00,077,824 | ---- | M] ()
ifrmewrk.exe -> %ProgramFiles%\Intel\Wireless\Bin\iFrmewrk.exe -> [2004/10/30 15:59:54 | 00,385,024 | ---- | M] (Intel Corporation)
igfxpers.exe -> %SystemRoot%\system32\igfxpers.exe -> [2005/09/19 20:36:20 | 00,114,688 | ---- | M] (Intel Corporation)
igfxsrvc.exe -> %SystemRoot%\system32\igfxsrvc.exe -> [2005/09/19 20:32:16 | 00,159,744 | ---- | M] (Intel Corporation)
ipodservice.exe -> %ProgramFiles%\iPod\bin\iPodService.exe -> [2008/10/01 17:57:00 | 00,536,872 | ---- | M] (Apple Inc.)
ituneshelper.exe -> %ProgramFiles%\iTunes\iTunesHelper.exe -> [2008/10/01 17:57:12 | 00,289,576 | ---- | M] (Apple Inc.)
jusched.exe -> %ProgramFiles%\Java\jre1.6.0_07\bin\jusched.exe -> [2008/06/10 03:27:04 | 00,144,784 | ---- | M] (Sun Microsystems, Inc.)
mdnsresponder.exe -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> [2008/08/29 09:18:44 | 00,238,888 | ---- | M] (Apple Inc.)
otscanit2.exe -> %UserProfile%\Desktop\OTScanIt2\OTScanIt2.exe -> [2008/12/01 10:28:50 | 00,477,184 | ---- | M] (OldTimer Tools)
qttask.exe -> %ProgramFiles%\QuickTime\QTTask.exe -> [2008/09/06 14:09:14 | 00,413,696 | ---- | M] (Apple Inc.)
regsrvc.exe -> %ProgramFiles%\Intel\Wireless\Bin\RegSrvc.exe -> [2004/09/07 17:02:04 | 00,139,264 | ---- | M] (Intel Corporation)
s24evmon.exe -> %ProgramFiles%\Intel\Wireless\Bin\S24EvMon.exe -> [2004/09/07 17:05:10 | 00,360,521 | ---- | M] (Intel Corporation )
syntpenh.exe -> %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe -> [2004/05/14 15:35:50 | 00,536,576 | ---- | M] (Synaptics, Inc.)
syntplpr.exe -> %ProgramFiles%\Synaptics\SynTP\SynTPLpr.exe -> [2004/05/14 01:23:56 | 00,098,304 | ---- | M] (Synaptics, Inc.)
wlkeeper.exe -> %ProgramFiles%\Intel\Wireless\Bin\WLKEEPER.exe -> [2004/09/07 17:12:32 | 00,225,353 | ---- | M] (Intel® Corporation)
wuauclt.exe -> %SystemRoot%\system32\wuauclt.exe -> [2008/10/16 14:09:44 | 00,051,224 | ---- | M] (Microsoft Corporation)
zcfgsvc.exe -> %ProgramFiles%\Intel\Wireless\Bin\ZCfgSvc.exe -> [2004/09/07 17:08:02 | 00,389,120 | ---- | M] (Intel Corporation)
 
[Win32 Services - Safe List]
(aawservice) Ad-Aware 2007 Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> [2007/07/20 02:21:34 | 00,557,056 | ---- | M] (Lavasoft AB)
(Adobe LM Service) Adobe LM Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Adobe Systems Shared\Service\Adobelmsvc.exe -> [2006/03/23 07:57:16 | 00,072,704 | ---- | M] (Adobe Systems)
(Apple Mobile Device) Apple Mobile Device [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> [2008/10/01 12:06:14 | 00,116,040 | ---- | M] (Apple Inc.)
(aspnet_state) ASP.NET State Service [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -> [2004/07/15 02:49:26 | 00,032,768 | ---- | M] (Microsoft Corporation)
(avg8wd) AVG8 WatchDog [Win32_Own | Auto | Running] -> %ProgramFiles%\AVG\AVG8\avgwdsvc.exe -> [2008/08/29 10:18:07 | 00,231,704 | ---- | M] (AVG Technologies CZ, s.r.o.)
(Bonjour Service) Bonjour Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> [2008/08/29 09:18:44 | 00,238,888 | ---- | M] (Apple Inc.)
(EvtEng) EvtEng [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Wireless\Bin\EvtEng.exe -> [2004/09/07 17:02:40 | 00,086,016 | ---- | M] (Intel Corporation)
(gusvc) Google Updater Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> [2007/01/03 20:40:21 | 00,136,120 | ---- | M] (Google)
(helpsvc) Help and Support [Win32_Shared | Auto | Running] -> %SystemRoot%\pchealth\helpctr\binaries\pchsvc.dll -> [2008/04/13 19:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation)
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> [2005/04/04 01:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation)
(iPod Service) iPod Service [Win32_Own | On_Demand | Running] -> %ProgramFiles%\iPod\bin\iPodService.exe -> [2008/10/01 17:57:00 | 00,536,872 | ---- | M] (Apple Inc.)
(RegSrvc) RegSrvc [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Wireless\Bin\RegSrvc.exe -> [2004/09/07 17:02:04 | 00,139,264 | ---- | M] (Intel Corporation)
(S24EventMonitor) Spectrum24 Event Monitor [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Wireless\Bin\S24EvMon.exe -> [2004/09/07 17:05:10 | 00,360,521 | ---- | M] (Intel Corporation )
(WLANKEEPER) WLANKEEPER [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Wireless\Bin\WLKEEPER.exe -> [2004/09/07 17:12:32 | 00,225,353 | ---- | M] (Intel® Corporation)
(WMPNetworkSvc) Windows Media Player Network Sharing Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Windows Media Player\wmpnetwk.exe -> [2006/10/18 08:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation)
(WudfSvc) Windows Driver Foundation - User-mode Driver Framework [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\WudfSvc.dll -> [2006/09/28 05:56:14 | 00,055,808 | ---- | M] (Microsoft Corporation)
(spupdsvc) Windows Service Pack Installer update service [Win32_Own | Auto | Stopped] -> %SystemRoot%\system32\spupdsvc.exe -> [2007/08/10 19:46:18 | 00,026,488 | ---- | M] (Microsoft Corporation)
 
[Driver Services - Safe List]
(AegisP) AEGIS Protocol (IEEE 802.1x) v3.1.0.1 [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\AegisP.sys -> [2005/11/10 22:53:48 | 00,017,056 | ---- | M] (Meetinghouse Data Communications)
(AliIde) AliIde [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\aliide.sys -> [2001/08/17 14:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.)
(amdagp) AMD AGP Bus Filter Driver [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\amdagp.sys -> [2008/04/13 13:36:39 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.)
(asc) asc [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\asc.sys -> [2001/08/17 14:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.)
(asc3550) asc3550 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\asc3550.sys -> [2001/08/17 14:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.)
(AvgLdx86) AVG AVI Loader Driver x86 [Kernel | System | Running] -> %SystemRoot%\system32\drivers\avgldx86.sys -> [2008/08/29 10:18:05 | 00,097,928 | ---- | M] (AVG Technologies CZ, s.r.o.)
(AvgMfx86) AVG On-access Scanner Minifilter Driver x86 [File_System | System | Running] -> %SystemRoot%\system32\drivers\avgmfx86.sys -> [2008/07/03 12:32:04 | 00,026,824 | ---- | M] (AVG Technologies CZ, s.r.o.)
(bcm4sbxp) Broadcom 440x 10/100 Integrated Controller XP Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\bcm4sbxp.sys -> [2004/05/26 21:18:18 | 00,044,928 | R--- | M] (Broadcom Corporation)
(CmdIde) CmdIde [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\cmdide.sys -> [2001/08/17 14:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.)
(dac2w2k) dac2w2k [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dac2w2k.sys -> [2001/08/17 14:52:16 | 00,179,584 | ---- | M] (Mylex Corporation)
(E100B) Intel(R) PRO Adapter Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\e100b325.sys -> [2001/08/17 13:12:10 | 00,117,760 | ---- | M] (Intel Corporation)
(GEARAspiWDM) GEAR ASPI Filter Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\GEARAspiWDM.sys -> [2008/04/17 12:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.)
(HPZid412) IEEE-1284.4 Driver HPZid412 [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\hpzid412.sys -> [2004/03/21 16:35:48 | 00,051,088 | ---- | M] (HP)
(HPZipr12) Print Class Driver for IEEE-1284.4 HPZipr12 [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\HPZipr12.sys -> [2004/03/21 16:35:52 | 00,016,496 | ---- | M] (HP)
(HPZius12) USB to IEEE-1284.4 Translation Driver HPZius12 [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\HPZius12.sys -> [2004/03/21 16:35:58 | 00,021,744 | ---- | M] (HP)
(HSFHWICH) HSFHWICH [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\HSFHWICH.sys -> [2003/11/14 01:21:16 | 00,197,120 | R--- | M] (Conexant Systems, Inc.)
(HSF_DP) HSF_DP [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\HSF_DP.sys -> [2003/11/14 01:17:00 | 01,042,816 | R--- | M] (Conexant Systems, Inc.)
(ialm) ialm [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ialmnt5.sys -> [2005/09/19 21:00:54 | 01,302,332 | ---- | M] (Intel Corporation)
(IWCA) Intel Wireless Connection Agent Miniport for Win XP [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\iwca.sys -> [2004/08/12 09:44:04 | 00,234,496 | ---- | M] (Intel Corporation)
(mdmxsdk) mdmxsdk [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\mdmxsdk.sys -> [2003/04/09 19:48:08 | 00,011,043 | R--- | M] (Conexant)
(mraid35x) mraid35x [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\mraid35x.sys -> [2001/08/17 14:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.)
(nv) nv [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\nv4_mini.sys -> [2004/08/03 23:29:56 | 01,897,408 | ---- | M] (NVIDIA Corporation)
(omci) OMCI WDM Device Driver [Kernel | System | Running] -> %SystemRoot%\system32\drivers\omci.sys -> [2004/02/13 17:46:00 | 00,017,153 | ---- | M] (Dell Inc)
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ptilink.sys -> [2004/08/04 06:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.)
(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\pxhelp20.sys -> [2008/04/07 18:16:45 | 00,043,872 | ---- | M] (Sonic Solutions)
(ql1080) ql1080 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\ql1080.sys -> [2001/08/17 14:52:20 | 00,040,320 | ---- | M] (QLogic Corporation)
(ql12160) ql12160 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\ql12160.sys -> [2001/08/17 14:52:20 | 00,045,312 | ---- | M] (QLogic Corporation)
(ql1280) ql1280 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\ql1280.sys -> [2001/08/17 14:52:18 | 00,049,024 | ---- | M] (QLogic Corporation)
(s24trans) WLAN Transport [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\s24trans.sys -> [2004/08/31 09:53:04 | 00,011,354 | ---- | M] (Intel Corporation)
(Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\secdrv.sys -> [2007/11/13 05:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
(sisagp) SIS AGP Bus Filter [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\sisagp.sys -> [2008/04/13 13:36:39 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation)
(Sparrow) Sparrow [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\sparrow.sys -> [2001/08/17 15:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.)
(STAC97) Audio Driver (WDM) - SigmaTel CODEC [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\stac97.sys -> [2004/11/15 22:37:52 | 00,264,440 | ---- | M] (SigmaTel, Inc.)
(symc810) symc810 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\symc810.sys -> [2001/08/17 15:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.)
(symc8xx) symc8xx [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\symc8xx.sys -> [2001/08/17 15:07:36 | 00,032,640 | ---- | M] (LSI Logic)
(sym_hi) sym_hi [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\sym_hi.sys -> [2001/08/17 15:07:40 | 00,028,384 | ---- | M] (LSI Logic)
(sym_u3) sym_u3 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\sym_u3.sys -> [2001/08/17 15:07:42 | 00,030,688 | ---- | M] (LSI Logic)
(SynTP) Synaptics TouchPad Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\SynTP.sys -> [2004/05/14 01:19:22 | 00,182,688 | ---- | M] (Synaptics, Inc.)
(tifm) tifm [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\tifm.sys -> [2004/05/21 20:18:56 | 00,067,072 | ---- | M] (Texas Instruments)
(ultra) ultra [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\ultra.sys -> [2001/08/17 14:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.)
(USBAAPL) Apple Mobile USB Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\usbaapl.sys -> [2008/07/10 08:35:22 | 00,032,000 | ---- | M] (Apple, Inc.)
(w29n51) Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows XP [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\w29n51.sys -> [2004/10/21 21:56:04 | 03,210,496 | ---- | M] (Intel® Corporation)
(winachsf) winachsf [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\HSF_CNXT.sys -> [2003/11/14 01:18:36 | 00,679,808 | R--- | M] (Conexant Systems, Inc.)
 
[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://go.microsoft.com/fwlink/?LinkId=69157 -> 
HKEY_LOCAL_MACHINE\: Main\\"Default_Search_URL" -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_LOCAL_MACHINE\: Main\\"Default_Secondary_Page_URL" ->  -> 
HKEY_LOCAL_MACHINE\: Main\\"Extensions Off Page" -> about:NoAdd-ons -> 
HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> %SystemRoot%\system32\blank.htm -> 
HKEY_LOCAL_MACHINE\: Main\\"Search Page" -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_LOCAL_MACHINE\: Main\\"Security Risk Page" -> about:SecurityRisk -> 
HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://go.microsoft.com/fwlink/?LinkId=69157 -> 
HKEY_LOCAL_MACHINE\: Search\\"CustomizeSearch" -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> 
HKEY_LOCAL_MACHINE\: Search\\"SearchAssistant" -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> 
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 
HKEY_CURRENT_USER\: Main\\"Default_Page_URL" -> http://www.dell4me.com/mywaybiz -> 
HKEY_CURRENT_USER\: Main\\"Default_Search_URL" -> http://www.google.com/ie -> 
HKEY_CURRENT_USER\: Main\\"Local Page" -> C:\WINDOWS\system32\blank.htm -> 
HKEY_CURRENT_USER\: Main\\"Search Page" -> http://www.google.com -> 
HKEY_CURRENT_USER\: Main\\"Start Page" -> http://www.dell4me.com/mywaybiz -> 
HKEY_CURRENT_USER\: Search\\"Default_Search_URL" -> http://www.google.com/ie -> 
HKEY_CURRENT_USER\: Search\\"SearchAssistant" -> http://www.google.com/ie -> 
HKEY_CURRENT_USER\: SearchURL\\"" -> http://www.google.com/search?q=%s -> 
HKEY_CURRENT_USER\: SearchURL\\"provider" -> gogl -> 
HKEY_CURRENT_USER\: "ProxyEnable" -> 0 -> 
HKEY_CURRENT_USER\: "ProxyOverride" -> *.local -> 
< Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> 
HKEY_USERS\.DEFAULT\: Main\\"Default_Page_URL" -> http://www.dell4me.com/mywaybiz -> 
HKEY_USERS\.DEFAULT\: Main\\"First Home Page" -> http://www.dell4me.com/mywaybiz -> 
HKEY_USERS\.DEFAULT\: Main\\"Start Page" -> http://www.dell4me.com/mywaybiz -> 
HKEY_USERS\.DEFAULT\: URLSearchHooks\\"{4D25F926-B9FE-4682-BF72-8AB8210D6D75}" [HKLM] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
HKEY_USERS\.DEFAULT\: "ProxyEnable" -> 0 -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> 
HKEY_USERS\S-1-5-18\: Main\\"Default_Page_URL" -> http://www.dell4me.com/mywaybiz -> 
HKEY_USERS\S-1-5-18\: Main\\"First Home Page" -> http://www.dell4me.com/mywaybiz -> 
HKEY_USERS\S-1-5-18\: Main\\"Start Page" -> http://www.dell4me.com/mywaybiz -> 
HKEY_USERS\S-1-5-18\: URLSearchHooks\\"{4D25F926-B9FE-4682-BF72-8AB8210D6D75}" [HKLM] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
HKEY_USERS\S-1-5-18\: "ProxyEnable" -> 0 -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-21-1669950748-2004412360-898080697-1006\] > -> -> 
HKEY_USERS\S-1-5-21-1669950748-2004412360-898080697-1006\: Main\\"Default_Page_URL" -> http://www.dell4me.com/mywaybiz -> 
HKEY_USERS\S-1-5-21-1669950748-2004412360-898080697-1006\: Main\\"Default_Search_URL" -> http://www.google.com/ie -> 
HKEY_USERS\S-1-5-21-1669950748-2004412360-898080697-1006\: Main\\"Local Page" -> C:\WINDOWS\system32\blank.htm -> 
HKEY_USERS\S-1-5-21-1669950748-2004412360-898080697-1006\: Main\\"Search Page" -> http://www.google.com -> 
HKEY_USERS\S-1-5-21-1669950748-2004412360-898080697-1006\: Main\\"Start Page" -> http://www.dell4me.com/mywaybiz -> 
HKEY_USERS\S-1-5-21-1669950748-2004412360-898080697-1006\: Search\\"Default_Search_URL" -> http://www.google.com/ie -> 
HKEY_USERS\S-1-5-21-1669950748-2004412360-898080697-1006\: Search\\"SearchAssistant" -> http://www.google.com/ie -> 
HKEY_USERS\S-1-5-21-1669950748-2004412360-898080697-1006\: SearchURL\\"" -> http://www.google.com/search?q=%s -> 
HKEY_USERS\S-1-5-21-1669950748-2004412360-898080697-1006\: SearchURL\\"provider" -> gogl -> 
HKEY_USERS\S-1-5-21-1669950748-2004412360-898080697-1006\: "ProxyEnable" -> 0 -> 
HKEY_USERS\S-1-5-21-1669950748-2004412360-898080697-1006\: "ProxyOverride" -> *.local -> 
< FireFox Settings [Default Profile] > -> C:\Documents and Settings\Michael\Application Data\Mozilla\FireFox\Profiles\0g3472hs.default\prefs.js -> 
browser.startup.homepage -> "http://en-US.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official" ->
browser.startup.homepage_override.mstone -> "rv:1.9.0.4" ->
extensions.enabledItems -> {3f963a5b-e555-4543-90e2-c3908898db71}:8.0 ->
extensions.enabledItems -> {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07 ->
extensions.enabledItems -> {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}:6.0.01 ->
extensions.enabledItems -> {5F590AA2-1221-4113-A6F4-A4BB62414FAC}:0.44.16.20081003.3 ->
extensions.enabledItems -> {61B7FB5D-0E79-40DF-8E45-2BCB2DF177E8}:1.0 ->
extensions.enabledItems -> {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.4 ->
< HOSTS File > (734 bytes and 19 lines) -> C:\WINDOWS\System32\drivers\etc\Hosts -> 
127.0.0.1	   localhost
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_07\bin\ssv.dll [SSVHelper Class] -> [2008/06/10 03:27:02 | 00,509,328 | ---- | M] (Sun Microsystems, Inc.)
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
"{BA52B914-B692-46c4-B683-905236F6F655}" [HKLM] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> 
ShellBrowser\\"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" [HKLM] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
ShellBrowser\\"{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3}" [HKLM] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
WebBrowser\\"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" [HKLM] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-1669950748-2004412360-898080697-1006\] > -> HKEY_USERS\S-1-5-21-1669950748-2004412360-898080697-1006\Software\Microsoft\Internet Explorer\Toolbar\ -> 
ShellBrowser\\"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" [HKLM] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
ShellBrowser\\"{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3}" [HKLM] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
WebBrowser\\"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" [HKLM] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"AppleSyncNotifier" -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe] -> [2008/09/03 19:12:50 | 00,111,936 | ---- | M] (Apple Inc.)
"AVG8_TRAY" -> %ProgramFiles%\AVG\AVG8\avgtray.exe [C:\PROGRA~1\AVG\AVG8\avgtray.exe] -> [2008/11/28 13:28:55 | 01,261,336 | ---- | M] (AVG Technologies CZ, s.r.o.)
"igfxhkcmd" -> %SystemRoot%\system32\hkcmd.exe [C:\WINDOWS\system32\hkcmd.exe] -> [2005/09/19 20:32:24 | 00,077,824 | ---- | M] (Intel Corporation)
"igfxpers" -> %SystemRoot%\system32\igfxpers.exe [C:\WINDOWS\system32\igfxpers.exe] -> [2005/09/19 20:36:20 | 00,114,688 | ---- | M] (Intel Corporation)
"igfxtray" -> %SystemRoot%\system32\igfxtray.exe [C:\WINDOWS\system32\igfxtray.exe] -> [2005/09/19 20:35:40 | 00,094,208 | ---- | M] (Intel Corporation)
"IntelWireless" -> %ProgramFiles%\Intel\Wireless\Bin\iFrmewrk.exe [C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless] -> [2004/10/30 15:59:54 | 00,385,024 | ---- | M] (Intel Corporation)
"iTunesHelper" -> %ProgramFiles%\iTunes\iTunesHelper.exe ["C:\Program Files\iTunes\iTunesHelper.exe"] -> [2008/10/01 17:57:12 | 00,289,576 | ---- | M] (Apple Inc.)
"QuickTime Task" -> %ProgramFiles%\QuickTime\QTTask.exe ["C:\Program Files\QuickTime\QTTask.exe" -atboottime] -> [2008/09/06 14:09:14 | 00,413,696 | ---- | M] (Apple Inc.)
"Share-to-Web Namespace Daemon" -> %ProgramFiles%\HP\HP Share-to-Web\hpgs2wnd.exe [c:\Program Files\HP\HP Share-to-Web\hpgs2wnd.exe] -> [2002/04/16 21:42:56 | 00,069,632 | ---- | M] (Hewlett-Packard)
"SunJavaUpdateSched" -> %ProgramFiles%\Java\jre1.6.0_07\bin\jusched.exe ["C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"] -> [2008/06/10 03:27:04 | 00,144,784 | ---- | M] (Sun Microsystems, Inc.)
"SynTPEnh" -> %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [C:\Program Files\Synaptics\SynTP\SynTPEnh.exe] -> [2004/05/14 15:35:50 | 00,536,576 | ---- | M] (Synaptics, Inc.)
"SynTPLpr" -> %ProgramFiles%\Synaptics\SynTP\SynTPLpr.exe [C:\Program Files\Synaptics\SynTP\SynTPLpr.exe] -> [2004/05/14 01:23:56 | 00,098,304 | ---- | M] (Synaptics, Inc.)
< RunOnce [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce -> 
"NoIE4StubProcessing" ->  [C:\WINDOWS\system32\reg.exe DELETE "HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" /v "NoIE4StubProcessing" /f] -> File not found
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"updateMgr" -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe ["C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1] -> [2006/03/30 03:45:08 | 00,313,472 | R--- | M] (Adobe Systems Incorporated)
< Run [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"Picasa Media Detector" -> %ProgramFiles%\Picasa2\PicasaMediaDetector.exe [C:\Program Files\Picasa2\PicasaMediaDetector.exe] -> File not found
< Run [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"Picasa Media Detector" -> %ProgramFiles%\Picasa2\PicasaMediaDetector.exe [C:\Program Files\Picasa2\PicasaMediaDetector.exe] -> File not found
< Run [HKEY_USERS\S-1-5-21-1669950748-2004412360-898080697-1006\] > -> HKEY_USERS\S-1-5-21-1669950748-2004412360-898080697-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"updateMgr" -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe ["C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1] -> [2006/03/30 03:45:08 | 00,313,472 | R--- | M] (Adobe Systems Incorporated)
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> 
%AllUsersProfile%\Start Menu\Programs\Startup\Digital Line Detect.lnk -> %ProgramFiles%\Digital Line Detect\DLG.exe -> [2003/10/29 03:06:00 | 00,024,576 | R--- | M] (BVRP Software)
%AllUsersProfile%\Start Menu\Programs\Startup\Microsoft Office.lnk -> %ProgramFiles%\Microsoft Office\Office10\OSA.EXE -> [2001/02/13 01:01:04 | 00,083,360 | ---- | M] (Microsoft Corporation)
< Default User Startup Folder > -> C:\Documents and Settings\Default User\Start Menu\Programs\Startup -> 
< Michael Startup Folder > -> C:\Documents and Settings\Michael\Start Menu\Programs\Startup -> 
%UserProfile%\Start Menu\Programs\Startup\Adobe Gamma.lnk -> %CommonProgramFiles%\Adobe\Calibration\Adobe Gamma Loader.exe -> [2005/03/16 06:16:50 | 00,113,664 | ---- | M] (Adobe Systems, Inc.)
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
\\"dontdisplaylastusername" ->  [0] -> File not found
\\"legalnoticecaption" ->  [] -> File not found
\\"legalnoticetext" ->  [] -> File not found
\\"shutdownwithoutlogon" ->  [1] -> File not found
\\"undockwithoutlogon" ->  [1] -> File not found
< CurrentVersion Policy Settings - Explorer [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-1669950748-2004412360-898080697-1006] > -> HKEY_USERS\S-1-5-21-1669950748-2004412360-898080697-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_USERS\S-1-5-21-1669950748-2004412360-898080697-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [145] -> File not found
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> 
Add to Google Photos Screensa&ver -> %SystemRoot%\system32\GPhotos.scr [res://C:\WINDOWS\system32\GPhotos.scr/200] -> [2008/11/17 15:04:25 | 02,306,113 | ---- | M] (Google Inc.)
E&xport to Microsoft Excel -> %ProgramFiles%\Microsoft Office\Office10\EXCEL.EXE [res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000] -> [2001/11/07 19:43:48 | 09,165,128 | R--- | M] (Microsoft Corporation)
< Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\MenuExt\ -> 
Add to Google Photos Screensa&ver -> %SystemRoot%\system32\GPhotos.scr [res://C:\WINDOWS\system32\GPhotos.scr/200] -> [2008/11/17 15:04:25 | 02,306,113 | ---- | M] (Google Inc.)
< Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\MenuExt\ -> 
Add to Google Photos Screensa&ver -> %SystemRoot%\system32\GPhotos.scr [res://C:\WINDOWS\system32\GPhotos.scr/200] -> [2008/11/17 15:04:25 | 02,306,113 | ---- | M] (Google Inc.)
< Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-1669950748-2004412360-898080697-1006\] > -> HKEY_USERS\S-1-5-21-1669950748-2004412360-898080697-1006\Software\Microsoft\Internet Explorer\MenuExt\ -> 
Add to Google Photos Screensa&ver -> %SystemRoot%\system32\GPhotos.scr [res://C:\WINDOWS\system32\GPhotos.scr/200] -> [2008/11/17 15:04:25 | 02,306,113 | ---- | M] (Google Inc.)
E&xport to Microsoft Excel -> %ProgramFiles%\Microsoft Office\Office10\EXCEL.EXE [res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000] -> [2001/11/07 19:43:48 | 09,165,128 | R--- | M] (Microsoft Corporation)
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_01\bin\npjpi160_01.dll [Menu: Sun Java Console] -> [2007/03/14 02:43:41 | 00,132,760 | ---- | M] (Sun Microsystems, Inc.)
{77BF5300-1474-4EC7-9980-D32B190E9B07}:{77BF5300-1474-4EC7-9980-D32B190E9B07} [HKLM] -> %ProgramFiles%\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [Button: Skype] -> [2007/12/07 15:08:02 | 01,377,576 | ---- | M] (Skype Technologies S.A.)
{e2e2dd38-d088-4134-82b7-f2ba38496583}:Exec [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [Menu: @xpsp3res.dll,-20001] -> [2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Button: Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Menu: Windows Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] -> %ProgramFiles%\Java\jre1.6.0_01\bin\npjpi160_01.dll [Sun Java Console] -> [2007/03/14 02:43:41 | 00,132,760 | ---- | M] (Sun Microsystems, Inc.)
CmdMapping\\"{77BF5300-1474-4EC7-9980-D32B190E9B07}" [HKLM] -> %ProgramFiles%\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [Skype add-on (button)] -> [2007/12/07 15:08:02 | 01,377,576 | ---- | M] (Skype Technologies S.A.)
CmdMapping\\"{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}" [HKLM] ->  [Reg Error: Value MenuText does not exist or could not be read.] -> File not found
CmdMapping\\"{e2e2dd38-d088-4134-82b7-f2ba38496583}" [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
CmdMapping\\"{FB858B22-55E2-413f-87F5-30ADC5552151}" [HKLM] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] -> %ProgramFiles%\Java\jre1.6.0_01\bin\npjpi160_01.dll [Sun Java Console] -> [2007/03/14 02:43:41 | 00,132,760 | ---- | M] (Sun Microsystems, Inc.)
CmdMapping\\"{77BF5300-1474-4EC7-9980-D32B190E9B07}" [HKLM] -> %ProgramFiles%\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [Skype add-on (button)] -> [2007/12/07 15:08:02 | 01,377,576 | ---- | M] (Skype Technologies S.A.)
CmdMapping\\"{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}" [HKLM] ->  [Reg Error: Value MenuText does not exist or could not be read.] -> File not found
CmdMapping\\"{e2e2dd38-d088-4134-82b7-f2ba38496583}" [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
< Internet Explorer Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] -> %ProgramFiles%\Java\jre1.6.0_01\bin\npjpi160_01.dll [Sun Java Console] -> [2007/03/14 02:43:41 | 00,132,760 | ---- | M] (Sun Microsystems, Inc.)
CmdMapping\\"{77BF5300-1474-4EC7-9980-D32B190E9B07}" [HKLM] -> %ProgramFiles%\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [Skype add-on (button)] -> [2007/12/07 15:08:02 | 01,377,576 | ---- | M] (Skype Technologies S.A.)
CmdMapping\\"{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}" [HKLM] ->  [Reg Error: Value MenuText does not exist or could not be read.] -> File not found
CmdMapping\\"{e2e2dd38-d088-4134-82b7-f2ba38496583}" [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
< Internet Explorer Extensions [HKEY_USERS\S-1-5-21-1669950748-2004412360-898080697-1006\] > -> HKEY_USERS\S-1-5-21-1669950748-2004412360-898080697-1006\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] -> %ProgramFiles%\Java\jre1.6.0_01\bin\npjpi160_01.dll [Sun Java Console] -> [2007/03/14 02:43:41 | 00,132,760 | ---- | M] (Sun Microsystems, Inc.)
CmdMapping\\"{77BF5300-1474-4EC7-9980-D32B190E9B07}" [HKLM] -> %ProgramFiles%\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [Skype add-on (button)] -> [2007/12/07 15:08:02 | 01,377,576 | ---- | M] (Skype Technologies S.A.)
CmdMapping\\"{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}" [HKLM] ->  [Reg Error: Value MenuText does not exist or could not be read.] -> File not found
CmdMapping\\"{e2e2dd38-d088-4134-82b7-f2ba38496583}" [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
CmdMapping\\"{FB858B22-55E2-413f-87F5-30ADC5552151}" [HKLM] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> 
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> 
1 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-21-1669950748-2004412360-898080697-1006\] > -> HKEY_USERS\S-1-5-21-1669950748-2004412360-898080697-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-21-1669950748-2004412360-898080697-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-21-1669950748-2004412360-898080697-1006\] > -> HKEY_USERS\S-1-5-21-1669950748-2004412360-898080697-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-21-1669950748-2004412360-898080697-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab[Java Plug-in 1.6.0_07] -> 
{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_07-windows-i586.cab[Java Plug-in 1.5.0_07] -> 
{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab[Java Plug-in 1.5.0_10] -> 
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab[Java Plug-in 1.6.0_01] -> 
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab[Java Plug-in 1.6.0_07] -> 
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab[Java Plug-in 1.6.0_07] -> 
{FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} [HKLM] -> http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.1.6.cab[DownloadManager Control] -> 
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{2C6661F4-3369-4137-AC46-4F1056A6A626} ->	(Broadcom 440x 10/100 Integrated Controller) -> 
{90B443AE-C94A-4A63-B1C9-5BBD7B94D2FB} ->	(1394 Net Adapter) -> 
{FA9E1198-10E4-49A1-A59B-D551609BA519} ->	(Intel(R) PRO/Wireless 2200BG Network Connection) -> 
< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs -> 
*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls -> 
avgrsstx.dll -> %SystemRoot%\system32\avgrsstx.dll -> [2008/07/03 12:32:05 | 00,010,520 | ---- | M] (AVG Technologies CZ, s.r.o.)
vmwvei.dll ->  -> File not found
*MultiFile Done* -> -> 
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 
igfxcui -> %SystemRoot%\system32\igfxdev.dll -> [2005/09/19 20:31:28 | 00,135,168 | ---- | M] (Intel Corporation)
IntelWireless -> %ProgramFiles%\Intel\Wireless\Bin\LgNotify.dll -> [2004/09/07 17:08:06 | 00,110,592 | ---- | M] (Intel Corporation)
< Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List -> 
"%windir%\Network Diagnostic\xpnetdiag.exe" -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> [2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> [2008/04/13 19:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation)
"C:\Program Files\America Online 9.0\waol.exe" -> C:\Program Files\America Online 9.0\waol.exe [C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL] -> File not found
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" -> C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe [C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL] -> File not found
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" -> C:\Program Files\Common Files\AOL\ACS\AOLDial.exe [C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL] -> File not found
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List -> 
"%windir%\Network Diagnostic\xpnetdiag.exe" -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> [2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> [2008/04/13 19:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation)
"C:\Documents and Settings\Michael\Desktop\utorrent.exe" -> C:\Documents and Settings\Michael\Desktop\utorrent.exe [C:\Documents and Settings\Michael\Desktop\utorrent.exe:*:Enabled:utorrent] -> File not found
"C:\Program Files\America Online 9.0\waol.exe" -> C:\Program Files\America Online 9.0\waol.exe [C:\Program Files\America Online 9.0\waol.exe:*:Disabled:AOL] -> File not found
"C:\Program Files\AVG\AVG8\avgupd.exe" -> C:\Program Files\AVG\AVG8\avgupd.exe [C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe] -> [2008/08/29 09:12:05 | 00,641,304 | ---- | M] (AVG Technologies CZ, s.r.o.)
"C:\Program Files\Azureus\Azureus.exe" -> C:\Program Files\Azureus\Azureus.exe [C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus] -> [2008/10/15 23:02:10 | 00,254,976 | ---- | M] (Azureus Inc)
"C:\Program Files\Bonjour\mDNSResponder.exe" -> C:\Program Files\Bonjour\mDNSResponder.exe [C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour] -> [2008/08/29 09:18:44 | 00,238,888 | ---- | M] (Apple Inc.)
"C:\Program Files\Common Files\AOL\1135174165\ee\aim6.exe" -> C:\Program Files\Common Files\AOL\1135174165\ee\aim6.exe [C:\Program Files\Common Files\AOL\1135174165\ee\aim6.exe:*:Enabled:AIM] -> File not found
"C:\Program Files\Common Files\AOL\1135174165\ee\aolsoftware.exe" -> C:\Program Files\Common Files\AOL\1135174165\ee\aolsoftware.exe [C:\Program Files\Common Files\AOL\1135174165\ee\aolsoftware.exe:*:Disabled:AOL Services] -> File not found
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" -> C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe [C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Disabled:AOL] -> File not found
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" -> C:\Program Files\Common Files\AOL\ACS\AOLDial.exe [C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Disabled:AOL] -> File not found
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" -> C:\Program Files\Common Files\AOL\Loader\aolload.exe [C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Disabled:AOL Loader] -> File not found
"C:\Program Files\Grisoft\AVG7\avgamsvr.exe" -> C:\Program Files\Grisoft\AVG7\avgamsvr.exe [C:\Program Files\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe] -> File not found
"C:\Program Files\Grisoft\AVG7\avgcc.exe" -> C:\Program Files\Grisoft\AVG7\avgcc.exe [C:\Program Files\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe] -> File not found
"C:\Program Files\Grisoft\AVG7\avginet.exe" -> C:\Program Files\Grisoft\AVG7\avginet.exe [C:\Program Files\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe] -> File not found
"C:\Program Files\iTunes\iTunes.exe" -> C:\Program Files\iTunes\iTunes.exe [C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes] -> [2008/10/01 17:57:04 | 14,258,472 | ---- | M] (Apple Inc.)
"C:\Program Files\Mozilla Firefox\firefox.exe" -> C:\Program Files\Mozilla Firefox\firefox.exe [C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox] -> [2008/11/14 23:41:56 | 00,307,712 | ---- | M] (Mozilla Corporation)
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> 
"AlternateShell" -> cmd.exe -> 
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 -> 
"DisplayName" -> CD-ROM Driver -> 
"ImagePath" -> %SystemRoot%\system32\drivers\cdrom.sys [system32\DRIVERS\cdrom.sys] -> [2008/04/13 13:40:46 | 00,062,976 | ---- | M] (Microsoft Corporation)
< Drives with AutoRun files > ->  -> 
C:\AUTOEXEC.BAT [] -> %SystemDrive%\AUTOEXEC.BAT [ NTFS ] -> [2004/08/10 14:04:08 | 00,000,000 | ---- | M] ()
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> 
 
[Registry - Additional Scans - Safe List]
< EventViewer Logs - Last 10 Errors > -> Event Information -> Description
Application [ Error ] 1/5/2007 9:56:31 AM Computer Name = CASHMICHAEL | Source = Application Hang | ID = 1002 -> Description = Hanging application firefox.exe, version 1.8.20061.20612, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Application [ Error ] 1/28/2007 2:19:15 AM Computer Name = CASHMICHAEL | Source = Application Error | ID = 1000 -> Description = Faulting application explorer.exe, version 6.0.2900.2180, faulting module msvcrt.dll, version 7.0.2600.2180, fault address 0x000370d0.
Application [ Error ] 1/28/2007 3:01:28 AM Computer Name = CASHMICHAEL | Source = Application Error | ID = 1000 -> Description = Faulting application ctcms.exe, version 3.0.35.0, faulting module ctsevpro.dll, version 3.0.8.0, fault address 0x00002901.
Application [ Error ] 1/28/2007 3:01:35 AM Computer Name = CASHMICHAEL | Source = Application Error | ID = 1000 -> Description = Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module dbghelp.dll, version 5.1.2600.2180, fault address 0x0001295d.
Application [ Error ] 1/28/2007 3:07:08 AM Computer Name = CASHMICHAEL | Source = Application Hang | ID = 1002 -> Description = Hanging application CTCMS.exe, version 3.0.35.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Application [ Error ] 3/26/2007 12:11:09 PM Computer Name = CASHMICHAEL | Source = Application Error | ID = 1000 -> Description = Faulting application firefox.exe, version 1.8.20070.30919, faulting module unknown, version 0.0.0.0, fault address 0xffff0323.
Application [ Error ] 4/15/2007 9:42:52 AM Computer Name = CASHMICHAEL | Source = Application Error | ID = 1000 -> Description = Faulting application firefox.exe, version 1.8.20070.30919, faulting module unknown, version 0.0.0.0, fault address 0x300a6ae6.
Application [ Error ] 4/21/2007 10:55:52 PM Computer Name = CASHMICHAEL | Source = Application Hang | ID = 1002 -> Description = Hanging application firefox.exe, version 1.8.20070.30919, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Application [ Error ] 4/21/2007 11:00:14 PM Computer Name = CASHMICHAEL | Source = Application Error | ID = 1000 -> Description = Faulting application acrord32.exe, version 7.0.8.218, faulting module acrord32.dll, version 7.0.8.218, fault address 0x000fc7c6.
Application [ Error ] 4/26/2007 12:36:21 PM Computer Name = CASHMICHAEL | Source = Application Error | ID = 1000 -> Description = Faulting application firefox.exe, version 1.8.20070.30919, faulting module flash.ocx, version 7.0.19.0, fault address 0x00095415.
System [ Error ] 12/4/2008 6:49:04 AM Computer Name = MIKE | Source = DCOM | ID = 10005 -> Description = DCOM got error "%1058" attempting to start the service wuauserv with arguments ""  in order to run the server:  {E60687F7-01A1-40AA-86AC-DB1CBF673334}
System [ Error ] 12/4/2008 6:49:08 AM Computer Name = MIKE | Source = DCOM | ID = 10005 -> Description = DCOM got error "%1058" attempting to start the service wuauserv with arguments ""  in order to run the server:  {E60687F7-01A1-40AA-86AC-DB1CBF673334}
System [ Error ] 12/4/2008 6:49:11 AM Computer Name = MIKE | Source = DCOM | ID = 10005 -> Description = DCOM got error "%1058" attempting to start the service wuauserv with arguments ""  in order to run the server:  {E60687F7-01A1-40AA-86AC-DB1CBF673334}
System [ Error ] 12/4/2008 6:57:16 AM Computer Name = MIKE | Source = Service Control Manager | ID = 7009 -> Description = Timeout (30000 milliseconds) waiting for the FCI service to connect.
System [ Error ] 12/4/2008 7:03:05 AM Computer Name = MIKE | Source = DCOM | ID = 10005 -> Description = DCOM got error "%1058" attempting to start the service wuauserv with arguments ""  in order to run the server:  {9B1F122C-2982-4E91-AA8B-E071D54F2A4D}
System [ Error ] 12/4/2008 7:03:07 AM Computer Name = MIKE | Source = DCOM | ID = 10005 -> Description = DCOM got error "%1058" attempting to start the service wuauserv with arguments ""  in order to run the server:  {9B1F122C-2982-4E91-AA8B-E071D54F2A4D}
System [ Error ] 12/4/2008 7:03:09 AM Computer Name = MIKE | Source = DCOM | ID = 10005 -> Description = DCOM got error "%1058" attempting to start the service wuauserv with arguments ""  in order to run the server:  {9B1F122C-2982-4E91-AA8B-E071D54F2A4D}
System [ Error ] 12/4/2008 7:49:35 AM Computer Name = MIKE | Source = Service Control Manager | ID = 7026 -> Description = The following boot-start or system-start driver(s) failed to load:   IntelIde
System [ Error ] 12/4/2008 8:24:46 PM Computer Name = MIKE | Source = Dhcp | ID = 1000 -> Description = Your computer has lost the lease to its IP address 10.0.1.2 on the  Network Card with network address 0013CE626F48.
System [ Error ] 12/5/2008 9:59:26 AM Computer Name = MIKE | Source = Dhcp | ID = 1000 -> Description = Your computer has lost the lease to its IP address 10.0.1.2 on the  Network Card with network address 0013CE626F48.
 
[Files/Folders - Created Within 30 Days]
1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
OTScanIt2 -> %UserProfile%\Desktop\OTScanIt2 -> [2008/12/05 13:35:07 | 00,000,000 | ---D | C]
ie7updates -> %SystemRoot%\ie7updates -> [2008/12/05 13:32:00 | 00,000,000 | ---D | C]
spupdsvc.inf -> %SystemRoot%\System32\spupdsvc.inf -> [2008/12/05 13:30:21 | 00,000,759 | ---- | C] ()
WBEM -> %SystemRoot%\WBEM -> [2008/12/05 13:30:10 | 00,000,000 | ---D | C]
ie7 -> %SystemRoot%\ie7 -> [2008/12/05 13:28:14 | 00,000,000 | -H-D | C]
$NtServicePackUninstallIDNMitigationAPIs$ -> %SystemRoot%\$NtServicePackUninstallIDNMitigationAPIs$ -> [2008/12/05 13:27:55 | 00,000,000 | -H-D | C]
$NtServicePackUninstallNLSDownlevelMapping$ -> %SystemRoot%\$NtServicePackUninstallNLSDownlevelMapping$ -> [2008/12/05 13:27:22 | 00,000,000 | -H-D | C]
LastGood -> %SystemRoot%\LastGood -> [2008/12/05 13:26:41 | 00,000,000 | ---D | C]
msfeeds.dll -> %SystemRoot%\System32\dllcache\msfeeds.dll -> [2008/12/05 13:24:39 | 00,459,264 | ---- | C] (Microsoft Corporation)
msfeedsbs.dll -> %SystemRoot%\System32\dllcache\msfeedsbs.dll -> [2008/12/05 13:24:39 | 00,052,224 | ---- | C] (Microsoft Corporation)
ieapfltr.dll -> %SystemRoot%\System32\dllcache\ieapfltr.dll -> [2008/12/05 13:24:38 | 00,383,488 | ---- | C] (Microsoft Corporation)
iertutil.dll -> %SystemRoot%\System32\dllcache\iertutil.dll -> [2008/12/05 13:24:38 | 00,267,776 | ---- | C] (Microsoft Corporation)
icardie.dll -> %SystemRoot%\System32\dllcache\icardie.dll -> [2008/12/05 13:24:38 | 00,063,488 | ---- | C] (Microsoft Corporation)
ieudinit.exe -> %SystemRoot%\System32\dllcache\ieudinit.exe -> [2008/12/05 13:24:38 | 00,013,824 | ---- | C] (Microsoft Corporation)
ieapfltr.dat -> %SystemRoot%\System32\dllcache\ieapfltr.dat -> [2008/12/05 13:24:37 | 02,455,488 | ---- | C] (Microsoft Corporation)
ieframe.dll.mui -> %SystemRoot%\System32\dllcache\ieframe.dll.mui -> [2008/12/05 13:24:36 | 00,991,232 | ---- | C] (Microsoft Corporation)
ieframe.dll -> %SystemRoot%\System32\dllcache\ieframe.dll -> [2008/12/05 13:24:34 | 06,066,176 | ---- | C] (Microsoft Corporation)
ERDNT -> %SystemRoot%\ERDNT -> [2008/12/05 12:32:39 | 00,000,000 | ---D | C]
NTREGOPT.lnk -> %UserProfile%\Desktop\NTREGOPT.lnk -> [2008/12/05 12:31:48 | 00,000,611 | ---- | C] ()
ERUNT.lnk -> %UserProfile%\Desktop\ERUNT.lnk -> [2008/12/05 12:31:47 | 00,000,592 | ---- | C] ()
ERUNT -> %ProgramFiles%\ERUNT -> [2008/12/05 12:31:43 | 00,000,000 | ---D | C]
MSNInstaller -> %AppData%\MSNInstaller -> [2008/12/05 12:04:05 | 00,000,000 | ---D | C]
imsins.BAK -> %SystemRoot%\imsins.BAK -> [2008/12/05 12:02:33 | 00,001,374 | ---- | C] ()
HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk -> [2008/12/05 11:57:40 | 00,001,734 | ---- | C] ()
Trend Micro -> %ProgramFiles%\Trend Micro -> [2008/12/05 11:57:38 | 00,000,000 | ---D | C]
Logs -> %UserProfile%\Desktop\Logs -> [2008/12/05 11:42:13 | 00,000,000 | ---D | C]
Symantec -> %AllUsersProfile%\Application Data\Symantec -> [2008/12/05 11:21:30 | 00,000,000 | ---D | C]
Norton -> %AllUsersProfile%\Application Data\Norton -> [2008/12/05 11:19:28 | 00,000,000 | ---D | C]
NortonInstaller -> %AllUsersProfile%\Application Data\NortonInstaller -> [2008/12/05 11:19:03 | 00,000,000 | ---D | C]
Malwarebytes -> %AppData%\Malwarebytes -> [2008/12/04 06:38:20 | 00,000,000 | ---D | C]
Malwarebytes' Anti-Malware.lnk -> %AllUsersProfile%\Desktop\Malwarebytes' Anti-Malware.lnk -> [2008/12/04 06:38:07 | 00,000,696 | ---- | C] ()
mbam.sys -> %SystemRoot%\System32\drivers\mbam.sys -> [2008/12/04 06:38:06 | 00,015,504 | ---- | C] (Malwarebytes Corporation)
mbamswissarmy.sys -> %SystemRoot%\System32\drivers\mbamswissarmy.sys -> [2008/12/04 06:38:04 | 00,038,496 | ---- | C] (Malwarebytes Corporation)
Malwarebytes -> %AllUsersProfile%\Application Data\Malwarebytes -> [2008/12/04 06:38:03 | 00,000,000 | ---D | C]
Malwarebytes' Anti-Malware -> %ProgramFiles%\Malwarebytes' Anti-Malware -> [2008/12/04 06:38:02 | 00,000,000 | ---D | C]
{61B7FB5D-0E79-40DF-8E45-2BCB2DF177E8} -> %UserProfile%\Local Settings\Application Data\{61B7FB5D-0E79-40DF-8E45-2BCB2DF177E8} -> [2008/12/04 05:58:03 | 00,000,000 | ---D | C]
.# -> %UserProfile%\Local Settings\Application Data\.# -> [2008/12/03 23:15:35 | 00,000,000 | -HSD | C]
nxlmpihv.job -> %SystemRoot%\tasks\nxlmpihv.job -> [2008/12/03 23:07:07 | 00,000,298 | ---- | C] ()
awtqnkhe.dll -> %SystemRoot%\System32\awtqnkhe.dll -> [2008/12/03 23:07:06 | 00,065,024 | ---- | C] ()
CCleaner.lnk -> %UserProfile%\Desktop\CCleaner.lnk -> [2008/11/29 00:33:17 | 00,001,548 | ---- | C] ()
CCleaner -> %ProgramFiles%\CCleaner -> [2008/11/29 00:33:16 | 00,000,000 | ---D | C]
hpqcopy.INI -> %SystemRoot%\hpqcopy.INI -> [2008/11/23 11:16:04 | 00,000,241 | ---- | C] ()
2025_Global_Trends_Final_Report.pdf -> %UserProfile%\Desktop\2025_Global_Trends_Final_Report.pdf -> [2008/11/21 23:23:14 | 08,713,690 | ---- | C] ()
bets.xls -> %UserProfile%\Desktop\bets.xls -> [2008/11/18 13:28:33 | 00,022,528 | ---- | C] ()
mrxsmb.sys -> %SystemRoot%\System32\dllcache\mrxsmb.sys -> [2008/11/13 17:28:09 | 00,455,296 | ---- | C] (Microsoft Corporation)
msxml3.dll -> %SystemRoot%\System32\dllcache\msxml3.dll -> [2008/11/13 17:27:26 | 01,106,944 | ---- | C] (Microsoft Corporation)
dvdshrink32setup1.zip -> %UserProfile%\Desktop\dvdshrink32setup1.zip -> [2008/11/09 19:07:20 | 01,094,021 | ---- | C] ()
NYC and Election Night -> %UserProfile%\Desktop\NYC and Election Night -> [2008/11/06 18:10:13 | 00,000,000 | ---D | C]
Iraq Comparison.xls -> %UserProfile%\Desktop\Iraq Comparison.xls -> [2008/11/06 01:54:16 | 00,019,968 | ---- | C] ()
 
[Files/Folders - Modified Within 30 Days]
38 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader -> [2005/11/10 23:11:59 | 00,000,000 | ---D | M]
qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [2008/12/05 13:24:30 | 00,004,232 | ---- | M] ()
qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [2008/12/05 13:24:30 | 00,004,646 | ---- | M] ()
C:\Documents and Settings\All Users\Application Data\Microsoft\Office\Data\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Office\Data -> [2006/02/03 12:21:49 | 00,000,000 | ---D | M]
data.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Office\Data\data.dat -> [2006/02/03 12:21:49 | 00,001,372 | ---- | M] ()
imsins.BAK -> %SystemRoot%\imsins.BAK -> [2008/12/05 13:30:23 | 00,001,374 | ---- | M] ()
spupdsvc.inf -> %SystemRoot%\System32\spupdsvc.inf -> [2008/12/05 13:30:21 | 00,000,759 | ---- | M] ()
nxlmpihv.job -> %SystemRoot%\tasks\nxlmpihv.job -> [2008/12/05 13:00:00 | 00,000,298 | ---- | M] ()
wpa.dbl -> %SystemRoot%\System32\wpa.dbl -> [2008/12/05 12:49:06 | 00,002,206 | ---- | M] ()
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [2008/12/05 12:47:51 | 00,000,006 | -H-- | M] ()
bootstat.dat -> %SystemRoot%\bootstat.dat -> [2008/12/05 12:47:28 | 00,002,048 | --S- | M] ()
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [2008/12/05 12:47:18 | 21,291,21280 | -HS- | M] ()
NTREGOPT.lnk -> %UserProfile%\Desktop\NTREGOPT.lnk -> [2008/12/05 12:31:48 | 00,000,611 | ---- | M] ()
ERUNT.lnk -> %UserProfile%\Desktop\ERUNT.lnk -> [2008/12/05 12:31:47 | 00,000,592 | ---- | M] ()
QuickZip45.ini -> %AppData%\QuickZip45.ini -> [2008/12/05 12:25:28 | 00,001,207 | ---- | M] ()
PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI -> [2008/12/05 12:04:46 | 00,441,602 | ---- | M] ()
perfh009.dat -> %SystemRoot%\System32\perfh009.dat -> [2008/12/05 12:04:46 | 00,382,260 | ---- | M] ()
perfc009.dat -> %SystemRoot%\System32\perfc009.dat -> [2008/12/05 12:04:46 | 00,053,838 | ---- | M] ()
HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk -> [2008/12/05 11:57:40 | 00,001,734 | ---- | M] ()
incavi.avm -> %SystemRoot%\System32\drivers\Avg\incavi.avm -> [2008/12/05 09:01:36 | 30,631,959 | ---- | M] ()
microavi.avg -> %SystemRoot%\System32\drivers\Avg\microavi.avg -> [2008/12/05 09:01:36 | 00,085,737 | ---- | M] ()
Malwarebytes' Anti-Malware.lnk -> %AllUsersProfile%\Desktop\Malwarebytes' Anti-Malware.lnk -> [2008/12/04 06:38:07 | 00,000,696 | ---- | M] ()
svchost.exe -> %SystemRoot%\System32\svchost.exe -> [2008/12/03 23:23:18 | 00,014,336 | ---- | M] (Microsoft Corporation)
svchost.exe -> %SystemRoot%\System32\dllcache\svchost.exe -> [2008/12/03 23:23:18 | 00,014,336 | ---- | M] (Microsoft Corporation)
awtqnkhe.dll -> %SystemRoot%\System32\awtqnkhe.dll -> [2008/12/03 23:07:07 | 00,065,024 | ---- | M] ()
mbamswissarmy.sys -> %SystemRoot%\System32\drivers\mbamswissarmy.sys -> [2008/12/03 19:52:38 | 00,038,496 | ---- | M] (Malwarebytes Corporation)
mbam.sys -> %SystemRoot%\System32\drivers\mbam.sys -> [2008/12/03 19:52:34 | 00,015,504 | ---- | M] (Malwarebytes Corporation)
CCleaner.lnk -> %UserProfile%\Desktop\CCleaner.lnk -> [2008/11/29 00:33:17 | 00,001,548 | ---- | M] ()
hpqcopy.INI -> %SystemRoot%\hpqcopy.INI -> [2008/11/23 11:16:05 | 00,000,241 | ---- | M] ()
2025_Global_Trends_Final_Report.pdf -> %UserProfile%\Desktop\2025_Global_Trends_Final_Report.pdf -> [2008/11/21 23:23:15 | 08,713,690 | ---- | M] ()
bets.xls -> %UserProfile%\Desktop\bets.xls -> [2008/11/18 13:28:34 | 00,022,528 | ---- | M] ()
AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job -> [2008/11/17 13:42:15 | 00,000,284 | ---- | M] ()
Iraq Comparison.xls -> %UserProfile%\Desktop\Iraq Comparison.xls -> [2008/11/12 04:11:48 | 00,019,968 | ---- | M] ()
dvdshrink32setup1.zip -> %UserProfile%\Desktop\dvdshrink32setup1.zip -> [2008/11/09 19:07:23 | 01,094,021 | ---- | M] ()
Iraq Comparison.xls -> %UserProfile%\My Documents\Iraq Comparison.xls -> [2008/11/06 01:52:47 | 00,019,968 | ---- | M] ()
miniavi.avg -> %SystemRoot%\System32\drivers\Avg\miniavi.avg -> [2008/11/06 00:18:22 | 00,334,743 | ---- | M] ()
[File - Lop Check]
Application Data -> C:\Documents and Settings\All Users\Application Data -> [2008/12/05 11:21:30 | 00,000,000 | RH-D | M]
{3276BE95_AF08_429F_A64F_CA64CB79BCF6} -> C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} -> [2008/10/29 11:13:32 | 00,000,000 | ---D | M]
DVD Shrink -> C:\Documents and Settings\All Users\Application Data\DVD Shrink -> [2008/02/19 21:05:03 | 00,000,000 | ---D | M]
FLEXnet -> C:\Documents and Settings\All Users\Application Data\FLEXnet -> [2007/11/19 10:17:42 | 00,000,000 | ---D | M]
Intel -> C:\Documents and Settings\All Users\Application Data\Intel -> [2005/11/10 22:53:34 | 00,000,000 | ---D | M]
Intuit -> C:\Documents and Settings\All Users\Application Data\Intuit -> [2005/11/10 23:00:45 | 00,000,000 | ---D | M]
Norton -> C:\Documents and Settings\All Users\Application Data\Norton -> [2008/12/05 12:07:08 | 00,000,000 | ---D | M]
NortonInstaller -> C:\Documents and Settings\All Users\Application Data\NortonInstaller -> [2008/12/05 11:19:03 | 00,000,000 | ---D | M]
SBSI -> C:\Documents and Settings\All Users\Application Data\SBSI -> [2004/08/10 14:13:06 | 00,000,000 | ---D | M]
TechSmith -> C:\Documents and Settings\All Users\Application Data\TechSmith -> [2006/03/31 22:05:45 | 00,000,000 | ---D | M]
TEMP -> C:\Documents and Settings\All Users\Application Data\TEMP -> [2008/10/16 22:28:28 | 00,000,000 | ---D | M]
@Alternate Data Stream - 117 bytes -> %AllUsersProfile%\Application Data\TEMP:1493A0EF
@Alternate Data Stream - 123 bytes -> %AllUsersProfile%\Application Data\TEMP:66E02052
Viewpoint -> C:\Documents and Settings\All Users\Application Data\Viewpoint -> [2007/03/07 08:52:25 | 00,000,000 | ---D | M]
WinZip -> C:\Documents and Settings\All Users\Application Data\WinZip -> [2008/09/16 20:00:34 | 00,000,000 | ---D | M]
Application Data -> C:\Documents and Settings\Default User\Application Data -> [2005/11/10 23:06:52 | 00,000,000 | RH-D | M]
Intel -> C:\Documents and Settings\Default User\Application Data\Intel -> [2005/11/10 22:54:07 | 00,000,000 | ---D | M]
Application Data -> C:\Documents and Settings\LocalService\Application Data -> [2008/05/12 01:15:36 | 00,000,000 | ---D | M]
Application Data -> C:\Documents and Settings\Michael\Application Data -> [2008/12/05 12:04:05 | 00,000,000 | RH-D | M]
acccore -> C:\Documents and Settings\Michael\Application Data\acccore -> [2005/12/21 09:13:00 | 00,000,000 | ---D | M]
Amazon -> C:\Documents and Settings\Michael\Application Data\Amazon -> [2008/06/03 14:09:52 | 00,000,000 | ---D | M]
Azureus -> C:\Documents and Settings\Michael\Application Data\Azureus -> [2008/10/29 10:57:15 | 00,000,000 | ---D | M]
CyberLink -> C:\Documents and Settings\Michael\Application Data\CyberLink -> [2005/12/24 01:55:53 | 00,000,000 | ---D | M]
Download Manager -> C:\Documents and Settings\Michael\Application Data\Download Manager -> [2007/11/19 09:57:35 | 00,000,000 | ---D | M]
Flickr -> C:\Documents and Settings\Michael\Application Data\Flickr -> [2006/05/31 08:10:35 | 00,000,000 | ---D | M]
ImgBurn -> C:\Documents and Settings\Michael\Application Data\ImgBurn -> [2008/11/29 00:44:28 | 00,000,000 | ---D | M]
Intel -> C:\Documents and Settings\Michael\Application Data\Intel -> [2005/11/10 22:54:07 | 00,000,000 | ---D | M]
Juniper Networks -> C:\Documents and Settings\Michael\Application Data\Juniper Networks -> [2006/09/17 05:58:55 | 00,000,000 | ---D | M]
Leadertech -> C:\Documents and Settings\Michael\Application Data\Leadertech -> [2005/12/20 15:53:49 | 00,000,000 | ---D | M]
MSNInstaller -> C:\Documents and Settings\Michael\Application Data\MSNInstaller -> [2008/12/05 12:04:05 | 00,000,000 | ---D | M]
Opera -> C:\Documents and Settings\Michael\Application Data\Opera -> [2006/03/23 08:44:10 | 00,000,000 | ---D | M]
RipIt4Me -> C:\Documents and Settings\Michael\Application Data\RipIt4Me -> [2007/08/26 00:09:16 | 00,000,000 | ---D | M]
Share-to-Web Upload Folder -> C:\Documents and Settings\Michael\Application Data\Share-to-Web Upload Folder -> [2006/10/14 20:18:40 | 00,000,000 | ---D | M]
Tor -> C:\Documents and Settings\Michael\Application Data\Tor -> [2006/04/07 10:34:39 | 00,000,000 | ---D | M]
uTorrent -> C:\Documents and Settings\Michael\Application Data\uTorrent -> [2005/12/23 21:57:27 | 00,000,000 | ---D | M]
Viewpoint -> C:\Documents and Settings\Michael\Application Data\Viewpoint -> [2007/03/07 08:52:26 | 00,000,000 | ---D | M]
Application Data -> C:\Documents and Settings\NetworkService\Application Data -> [2004/08/10 14:08:14 | 00,000,000 | ---D | M]
C:\WINDOWS\Tasks\ -> C:\WINDOWS\Tasks -> [2008/12/03 23:07:07 | 00,000,000 | --SD | M]
AppleSoftwareUpdate.job -> C:\WINDOWS\Tasks\AppleSoftwareUpdate.job -> [2008/11/17 13:42:15 | 00,000,284 | ---- | M] ()
desktop.ini -> C:\WINDOWS\Tasks\desktop.ini -> [2004/08/04 06:00:00 | 00,000,065 | RH-- | M] ()
nxlmpihv.job -> C:\WINDOWS\Tasks\nxlmpihv.job -> [2008/12/05 13:00:00 | 00,000,298 | ---- | M] ()
SA.DAT -> C:\WINDOWS\Tasks\SA.DAT -> [2008/12/05 12:47:51 | 00,000,006 | -H-- | M] ()
[File - Purity Scan]
 
[CatchMe Rootkit Scan by GMER]
< Windows folder & sub-folders >
scanning hidden processes ...
IPC error: 2 The system cannot find the file specified.
scanning hidden services & system hive ...
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
< Document and Settings folder & sub folders >
scanning hidden files ...
IPC error: 2 The system cannot find the file specified.
C:\Documents and Settings\All Users\Application Data\TEMP:1493A0EF 117 bytes
C:\Documents and Settings\All Users\Application Data\TEMP:66E02052 123 bytes
scan completed successfully
hidden files: 170
 
< End of report >


Im at a bit of a loss as to what to try next..

Heres my Hijack log, im hopeful that someone can help.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:34:42 AM, on 29/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\D-Link AirPlus XtremeG+\AirPlus.exe
C:\Program Files\Wireless\Client Manager\CMAGS.EXE
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.ninemsn.com.au/0SEENAU/SAOS01?FORM=TOOLBR
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.ninemsn.com.au/0SEENAU/SAOS01?FORM=TOOLBR
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: D-Link AirPlus XtremeG+ Configuration Utility.lnk = ?
O4 - Global Startup: Wireless Client Manager.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.1.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1175163512641
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jin...ows-i586-jc.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Sony SPTI Service for DVE (ICDSPTSV) - Unknown owner - C:\WINDOWS\system32\IcdSptSv.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

--
End of file - 8253 bytes


Thanks.

John

Edited by ramone_johnny, 28 December 2008 - 12:07 PM.


BC AdBot (Login to Remove)

 


#2 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:10:29 PM

Posted 09 January 2009 - 08:16 AM

Welcome to the BleepingComputer Forums.

Since it has been a few days since you scanned your computer with HijackThis, we will need a new HijackThis log. If you have not already downloaded Random's System Information Tool (RSIT), please download Random's System Information Tool (RSIT) by random/random which includes a HijackThis log and save it to your desktop. If you have RSIT already on your computer, please run it again.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Please post the contents of log.txt.
Thank you for your patience.

Please see Preparation Guide for use before posting about your potential Malware problem.

If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped.

While we are working on your HijackThis log, please:
  • Reply to this thread; do not start another!
  • Do not make any changes on your computer during the cleaning process or download/add programs on your computer unless instructed to do so.
  • Do not run any other tool until instructed to do so!
  • Let me know if any of the links do not work or if any of the tools do not work.
  • Tell me about problems or symptoms that occur during the fix.
  • Do not run any other programs or open any other windows while doing a fix.
  • Ask any questions that you have regarding the fix(es), the infection(s), the performance of your computer, etc.
Thanks.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#3 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:10:29 PM

Posted 19 January 2009 - 03:07 PM

This subject is now closed. If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request. If you should have a new issue, please start a new topic. This applies only to the original topic starter. Everyone else please begin a New Topic.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users