Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Recommended Hijack This Log Post by moderator


  • This topic is locked This topic is locked
19 replies to this topic

#1 frstmate72

frstmate72

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:05:24 AM

Posted 22 January 2009 - 06:44 PM

It was suggested by one of your moderators that I post a HijackThis Log. I've also posted the link to my original post just to get you up to speed.....

http://www.bleepingcomputer.com/forums/t/196572/computer-freezing/

I will now attempt to Run Hijack this and will post a log (if possible) in a few moments.

Corrected link. ~ OB

Here is what I came up with:



DDS (Ver_09-01-19.01) - NTFSx86
Run by Linda at 18:48:58.70 on Thu 01/22/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.370 [GMT -5:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated)
FW: McAfee Personal Firewall *enabled*

============== Running Processes ===============

D:WINDOWSsystem32Ati2evxx.exe
D:WINDOWSsystem32svchost -k DcomLaunch
svchost.exe
D:WINDOWSSystem32svchost.exe -k netsvcs
svchost.exe
svchost.exe
D:WINDOWSsystem32LEXBCES.EXE
D:WINDOWSsystem32Ati2evxx.exe
D:WINDOWSsystem32spoolsv.exe
D:WINDOWSsystem32LEXPPS.EXE
D:WINDOWSExplorer.EXE
D:Program FilesRealRealPlayerRealPlay.exe
D:Program FilesMcAfee.comAgentmcagent.exe
D:Program FilesMcAfeeMBKMcAfeeDataBackup.exe
D:Program FilesCommon FilesAOL1221781625eeAOLSoftware.exe
D:WINDOWSstsystra.exe
D:Program FilesLexmark 4200 Serieslxbmbmgr.exe
D:Program FilesCyberLinkPowerDVDPDVDServ.exe
D:Program FilesDell Photo AIO Printer 924dlccmon.exe
D:Program FilesLinksysLinksys EasyLink AdvisorLinksys EasyLink Advisor.exe
D:Program FilesCommon FilesPure Networks SharedPlatformnmctxth.exe
D:Program FilesJavajre6binjusched.exe
D:Program FilesLexmark 4200 Serieslxbmbmon.exe
D:Program FilesQuickTimeQTTask.exe
D:Program FilesiTunesiTunesHelper.exe
D:WINDOWSsystem32ctfmon.exe
D:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe
D:Program FilesWindows Media PlayerWMPNSCFG.exe
D:Program FilesAOL 9.1waol.exe
D:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
D:Program FilesBonjourmDNSResponder.exe
D:WINDOWSSystem32spoolDRIVERSW32X863DLCCserv.exe
D:WINDOWSSystem32svchost.exe -k HTTPFilter
D:Program FilesJavajre6binjqs.exe
D:Program FilesLinksysLinksys UpdaterbinLinksysUpdater.exe
D:Program FilesMcAfeeSiteAdvisorMcSACore.exe
D:PROGRA~1McAfeeMSCmcmscsvc.exe
D:WINDOWSsystem32java.exe
d:PROGRA~1COMMON~1mcafeemnamcnasvc.exe
d:PROGRA~1COMMON~1mcafeemcproxymcproxy.exe
D:PROGRA~1McAfeeVIRUSS~1mcshield.exe
D:Program FilesMcAfeeMPFMPFSrv.exe
D:Program FilesMcAfeeMSKMskSrver.exe
D:WINDOWSSystem32svchost.exe -k imgsvc
D:WINDOWSwanmpsvc.exe
D:Program FilesCommon FilesPure Networks SharedPlatformnmsrvc.exe
D:Program FilesCanonCALCALMAIN.exe
D:WINDOWSsystem32dlcccoms.exe
D:Program FilesiPodbiniPodService.exe
D:Program FilesCommon FilesAOLACSAOLacsd.exe
D:Program FilesCommon FilesAOLACSAOLacsd.exe
D:Program FilesAOL 9.1shellmon.exe
D:Program FilesCommon FilesAOLTopspeed3.0aoltpsd3.exe
D:PROGRA~1McAfeeVIRUSS~1mcsysmon.exe
D:Documents and SettingsLindaDesktopdds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.aol.com/
uSearch Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://windiwsfsearch.com/search?q={searchTerms}
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://windiwsfsearch.com
mDefault_Search_URL = hxxp://windiwsfsearch.com
mSearch Page = hxxp://windiwsfsearch.com
mSearchMigratedDefaultURL = hxxp://windiwsfsearch.com/search?q={searchTerms}
mSearch Bar = hxxp://windiwsfsearch.com/ie6.html
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://windiwsfsearch.com
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
mSearchURL = hxxp://windiwsfsearch.com
mSearchAssistant = hxxp://windiwsfsearch.com
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - d:program filesadobeacrobat 6.0readeractivexAcroIEHelper.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - d:progra~1mcafeemskmskapbho.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - d:program filesjavajre6binssv.dll
BHO: AOL Toolbar Launcher: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - d:program filesaolaol toolbar 5.0aoltb.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - d:program filesmcafeevirusscanscriptsn.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - d:program filesgooglegoogletoolbar1.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - d:program filesgooglegoogletoolbarnotifier3.1.807.1746swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - d:progra~1mcafeesitead~1mcieplg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - d:program filesjavajre6binjp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - d:program filesjavajre6libdeployjqsiejqs_plugin.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - d:progra~1mcafeesitead~1mcieplg.dll
TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - d:program filesaolaol toolbar 5.0aoltb.dll
TB: {144A6B24-0EBC-4D89-BF09-A06A718E57B5} - No File
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - d:program filesgooglegoogletoolbar1.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - d:windowssystem32Shdocvw.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] d:windowssystem32ctfmon.exe
uRun: [wblogon] d:windowssystem32algg.exe
uRun: [swg] d:program filesgooglegoogletoolbarnotifierGoogleToolbarNotifier.exe
uRun: [WMPNSCFG] d:program fileswindows media playerWMPNSCFG.exe
uRun: [AOL Fast Start] "d:program filesaol 9.1AOL.EXE" -b
mRun: [RealTray] d:program filesrealrealplayerRealPlay.exe SYSTEMBOOTHIDEPLAYER
mRun: [mcagent_exe] "d:program filesmcafee.comagentmcagent.exe" /runkey
mRun: [McENUI] d:progra~1mcafeemhnMcENUI.exe /hide
mRun: [McAfee Backup] "d:program filesmcafeembkMcAfeeDataBackup.exe"
mRun: [HostManager] d:program filescommon filesaol1221781625eeAOLSoftware.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [Lexmark 4200 Series] "d:program fileslexmark 4200 serieslxbmbmgr.exe"
mRun: [FaxCenterServer4_in_1] "d:program fileslexmark 4200 seriesfaxfm3032.exe" /s
mRun: []
mRun: [RemoteControl] "d:program filescyberlinkpowerdvdPDVDServ.exe"
mRun: [DLCCCATS] rundll32 d:windowssystem32spooldriversw32x863DLCCtime.dll,_RunDLLEntry@16
mRun: [dlccmon.exe] "d:program filesdell photo aio printer 924dlccmon.exe"
mRun: [LELA] "d:program fileslinksyslinksys easylink advisorLinksys EasyLink Advisor.exe" /minimized
mRun: [nmctxth] "d:program filescommon filespure networks sharedplatformnmctxth.exe"
mRun: [SunJavaUpdateSched] "d:program filesjavajre6binjusched.exe"
mRun: [AppleSyncNotifier] d:program filescommon filesapplemobile device supportbinAppleSyncNotifier.exe
mRun: [QuickTime Task] "d:program filesquicktimeQTTask.exe" -atboottime
mRun: [iTunesHelper] "d:program filesitunesiTunesHelper.exe"
mExplorerRun: [start] d:program filesapplicationsiebtm.exe
IE: &AOL Toolbar Search - d:program filesaolaol toolbar 5.0resourcesen-uslocalsearch.html
IE: {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.onlyiesettings.com/redirect.php
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%Network Diagnosticxpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - d:program filesmessengermsmsgs.exe
IE: {3369AF0D-62E9-4bda-8103-B4C75499B578} - {DE9C389F-3316-41A7-809B-AA305ED9D922} - d:program filesaolaol toolbar 5.0aoltb.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - d:windowssystem32Shdocvw.dll
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} - hxxp://aol.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photo2.walgreens.com/WalgreensActivia.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} - hxxp://www.designamosaic.com/include/aurigma/ImageUploader5.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1221741592125
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://dl8-cdn-01.sun.com/s/ESD5/JSCDL/jre/6u11-b90/jinstall-6u11-windows-i586-jc.cab?e=1229478304192&h=e8775c14a87798f227e8ed0cf8da06a1/&filename=jinstall-6u11-windows-i586-jc.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} - hxxps://webaccess.schneiderlogistics.com/dana-cached/setup/JuniperSetupSP1.cab
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - d:program filescommon filespure networks sharedplatformpuresp3.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - d:progra~1mcafeesitead~1McIEPlg.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - d:windowssystem32WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R1 mfehidk;McAfee Inc. mfehidk;d:windowssystem32driversmfehidk.sys [2008-6-27 207656]
R3 McSysmon;McAfee SystemGuards;d:progra~1mcafeeviruss~1mcsysmon.exe [2008-9-18 605512]
R3 mfeavfk;McAfee Inc. mfeavfk;d:windowssystem32driversmfeavfk.sys [2008-9-18 79240]
R3 mfebopk;McAfee Inc. mfebopk;d:windowssystem32driversmfebopk.sys [2008-9-18 35240]
R3 mfesmfk;McAfee Inc. mfesmfk;d:windowssystem32driversmfesmfk.sys [2008-9-18 40488]
R4 DLCCCustomerConnect;DLCCCustomerConnect;d:windowssystem32spooldriversw32x863dlccserv.exe [2008-11-21 57344]
R4 LinksysUpdater;Linksys Updater;d:program fileslinksyslinksys updaterbinLinksysUpdater.exe [2008-4-18 204800]
R4 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;d:program filesmcafeesiteadvisorMcSACore.exe [2008-9-18 206096]
R4 McProxy;McAfee Proxy Service;d:progra~1common~1mcafeemcproxymcproxy.exe [2008-9-18 358736]
R4 McShield;McAfee Real-time Scanner;d:progra~1mcafeeviruss~1mcshield.exe [2008-9-18 144704]
S3 mferkdk;McAfee Inc. mferkdk;d:windowssystem32driversmferkdk.sys [2008-9-18 34152]
S3 REMOVE;REMOVE;??d:windowssystem32driversremove.sys --> d:windowssystem32driversREMOVE.SYS [?]

=============== Created Last 30 ================

2009-01-21 17:58 15,504 a------- d:windowssystem32driversmbam.sys
2009-01-21 17:58 38,496 a------- d:windowssystem32driversmbamswissarmy.sys
2009-01-21 17:58 --d----- d:program filesMalwarebytes' Anti-Malware
2009-01-21 17:58 --d----- d:docume~1alluse~1applic~1Malwarebytes
2008-12-25 12:46 187,765 a------- D:IMG_4053.JPG
2008-12-25 12:46 182,931 a------- D:IMG_4052.JPG
2008-12-25 12:46 164,884 a------- D:IMG_4051.JPG

==================== Find3M ====================

2008-12-12 11:18 87,336 a------- d:windowssystem32dns-sd.exe
2008-12-12 11:11 61,440 a------- d:windowssystem32dnssd.dll
2008-12-11 05:57 333,952 a------- d:windowssystem32driverssrv.sys
2008-11-10 05:43 410,984 a------- d:windowssystem32deploytk.dll
2008-10-05 07:22 32,768 a--sh--- d:windowssystem32configsystemprofilelocal settingshistoryhistory.ie5mshist012008091520080922index.dat
2008-10-05 07:22 32,768 a--sh--- d:windowssystem32configsystemprofilelocal settingshistoryhistory.ie5mshist012008100520081006index.dat

============= FINISH: 18:50:19.92 ===============

merged posts. ~ OB

Attached Files


Edited by Orange Blossom, 22 January 2009 - 07:05 PM.


BC AdBot (Login to Remove)

 


#2 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,695 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:06:24 AM

Posted 22 January 2009 - 07:30 PM

Hi, frstmate72 :thumbup2:

Welcome.

Please download ComboFix from Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Please, never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      -----------------------------------------------------------

    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    -----------------------------------------------------------

  • Double click on combofix.exe & follow the prompts.
  • If you receive a message that Combofix has detected the presence of rootkit activity and needs to reboot, kindly write down on paper the list of files present in the message before continuing, and post it in your next reply.
  • Install the Recovery Console upon request.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#3 frstmate72

frstmate72
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:05:24 AM

Posted 22 January 2009 - 08:46 PM

Here's what I came up with:

rootkit activity:
D:\WINDOWS\system32\drivers\TDSSmhlt.sys
D:\WINDOWS\system32\drivers\TDSScjbn.dll
D:\WINDOWS\system32\drivers\TDSSorvd.dat
D:\WINDOWS\system32\drivers\TDSShrsr.dll
D:\WINDOWS\system32\drivers\TDSSriqp.dll
D:\WINDOWS\system32\drivers\TDSSxfum.dll
D:\WINDOWS\system32\drivers\TDSSlxwp.dll
D:\WINDOWS\system32\drivers\TDSSkkdn.log
D:\WINDOWS\system32\drivers\TDSSnmxh.log
D:\WINDOWS\system32\drivers\TDSSsihc.dll
D:\WINDOWS\system32\drivers\TDSSrhyp.log

COMBOFIX REPORT:

ComboFix 09-01-21.04 - Linda 2009-01-22 20:29:11.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.589 [GMT -5:00]
Running from: d:\documents and settings\Linda\Desktop\Combo-Fix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated)
FW: McAfee Personal Firewall *disabled*
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

d:\documents and settings\Linda\My Documents\My Documents.url
d:\documents and settings\Linda\My Documents\My Music\My Music.url
d:\documents and settings\Linda\My Documents\My Videos\My Video.url
d:\program files\Applications\myd.ico
d:\program files\Applications\mym.ico
d:\program files\Applications\myp.ico
d:\program files\Applications\myv.ico
d:\program files\Applications\ot.ico
d:\program files\Applications\ts.ico
d:\windows\system32\drivers\TDSSmhlt.sys
d:\windows\system32\TDSScjbn.dll
d:\windows\system32\TDSShrsr.dll
d:\windows\system32\TDSSkkdu.log
d:\windows\system32\TDSSlxwp.dll
d:\windows\system32\TDSSnmxh.log
d:\windows\system32\TDSSorvd.dat
d:\windows\system32\TDSSrhyp.log
d:\windows\system32\TDSSriqp.dll
d:\windows\system32\TDSSsihc.dll
d:\windows\system32\TDSSxfum.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_TDSSserv.sys
-------\Legacy_TDSSserv.sys


((((((((((((((((((((((((( Files Created from 2008-12-23 to 2009-01-23 )))))))))))))))))))))))))))))))
.

2009-01-21 18:28 . 2009-01-21 18:28 <DIR> d-------- d:\documents and settings\Administrator\Application Data\Viewpoint
2009-01-21 18:28 . 2009-01-21 18:28 <DIR> d-------- d:\documents and settings\Administrator\Application Data\AOL
2009-01-21 18:21 . 2009-01-21 18:21 <DIR> d-------- d:\documents and settings\Administrator
2009-01-21 17:58 . 2009-01-21 17:58 <DIR> d-------- d:\program files\Malwarebytes' Anti-Malware
2009-01-21 17:58 . 2009-01-21 17:58 <DIR> d-------- d:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-21 17:58 . 2009-01-14 16:11 38,496 --a------ d:\windows\system32\drivers\mbamswissarmy.sys
2009-01-21 17:58 . 2009-01-14 16:11 15,504 --a------ d:\windows\system32\drivers\mbam.sys
2008-12-25 12:46 . 2008-12-25 12:40 187,765 --a------ D:\IMG_4053.JPG
2008-12-25 12:46 . 2008-12-25 12:40 182,931 --a------ D:\IMG_4052.JPG
2008-12-25 12:46 . 2008-12-25 12:40 164,884 --a------ D:\IMG_4051.JPG

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-23 01:29 --------- d-----w d:\program files\Applications
2009-01-21 11:29 --------- d-----w d:\program files\Dl_cats
2009-01-18 15:41 --------- d-----w d:\documents and settings\Linda\Application Data\ZoomBrowser EX
2009-01-18 15:36 --------- d-----w d:\documents and settings\All Users\Application Data\ZoomBrowser
2009-01-11 03:31 --------- d-----w d:\documents and settings\Linda\Application Data\MSN6
2008-12-20 04:32 --------- d-----w d:\program files\Bonjour
2008-12-20 04:30 --------- d-----w d:\program files\iTunes
2008-12-20 04:30 --------- d-----w d:\program files\iPod
2008-12-20 04:30 --------- d-----w d:\program files\Common Files\Apple
2008-12-20 04:30 --------- d-----w d:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-20 04:28 --------- d-----w d:\program files\QuickTime
2008-12-20 04:13 --------- d-----w d:\program files\Safari
2008-12-17 01:44 --------- d-----w d:\program files\Java
2008-12-16 01:38 --------- d-----w d:\program files\WebEx
2008-12-16 01:38 --------- d-----w d:\documents and settings\All Users\Application Data\Linksys
2008-12-16 01:37 --------- d-----w d:\program files\MSBuild
2008-12-16 01:33 --------- d-----w d:\program files\Reference Assemblies
2008-12-16 01:26 --------- d-----w d:\program files\Common Files\Pure Networks Shared
2008-12-16 01:26 --------- d-----w d:\documents and settings\All Users\Application Data\Pure Networks
2008-12-16 01:25 --------- d--h--w d:\program files\InstallShield Installation Information
2008-12-16 01:25 --------- d-----w d:\program files\Linksys
2008-12-13 01:54 --------- d-----w d:\program files\ABBYY FineReader 5.0 Sprint
2008-12-12 16:18 87,336 ----a-w d:\windows\system32\dns-sd.exe
2008-12-12 16:11 61,440 ----a-w d:\windows\system32\dnssd.dll
2008-12-11 10:57 333,952 ----a-w d:\windows\system32\drivers\srv.sys
2008-12-10 03:01 --------- d-----w d:\program files\McAfee
2008-11-25 01:05 --------- d-----w d:\documents and settings\Linda\Application Data\Apple Computer
2008-11-10 10:43 410,984 ----a-w d:\windows\system32\deploytk.dll
2008-10-23 12:36 286,720 ----a-w d:\windows\system32\gdi32.dll
2008-10-05 12:22 32,768 --sha-w d:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008091520080922\index.dat
2008-10-05 12:22 32,768 --sha-w d:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008100520081006\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="d:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"swg"="d:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-19 68856]
"WMPNSCFG"="d:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]
"AOL Fast Start"="d:\program files\AOL 9.1\AOL.EXE" [2008-06-03 50528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RealTray"="d:\program files\Real\RealPlayer\RealPlay.exe" [2008-09-17 26112]
"mcagent_exe"="d:\program files\McAfee.com\Agent\mcagent.exe" [2008-07-11 641208]
"McENUI"="d:\progra~1\McAfee\MHN\McENUI.exe" [2008-06-13 1176808]
"HostManager"="d:\program files\Common Files\AOL\1221781625\ee\AOLSoftware.exe" [2007-05-25 42032]
"Lexmark 4200 Series"="d:\program files\Lexmark 4200 Series\lxbmbmgr.exe" [2004-01-16 57344]
"FaxCenterServer4_in_1"="d:\program files\Lexmark 4200 Series\Fax\fm3032.exe" [2004-01-22 151552]
"RemoteControl"="d:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 32768]
"DLCCCATS"="d:\windows\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll" [2005-06-07 69632]
"dlccmon.exe"="d:\program files\Dell Photo AIO Printer 924\dlccmon.exe" [2005-07-22 425984]
"LELA"="d:\program files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe" [2008-05-01 131072]
"nmctxth"="d:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-04-09 648504]
"SunJavaUpdateSched"="d:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
"AppleSyncNotifier"="d:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-11-07 111936]
"QuickTime Task"="d:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="d:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-22 d:\windows\stsystra.exe]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mfehidk.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mferkdk.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program Files\\America Online 9.0\\waol.exe"=
"d:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"d:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"d:\\Program Files\\Common Files\\AOL\\1221781625\\ee\\aolsoftware.exe"=
"d:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"d:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"d:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Program Files\\Messenger\\msmsgs.exe"=
"d:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"d:\\Program Files\\AOL 9.1\\waol.exe"=
"d:\\Program Files\\iTunes\\iTunes.exe"=
"d:\\Program Files\\Bonjour\\mDNSResponder.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDP:DHCP Discovery Service

R4 LinksysUpdater;Linksys Updater;d:\program files\Linksys\Linksys Updater\bin\LinksysUpdater.exe [2008-04-18 204800]
R4 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;d:\program files\McAfee\SiteAdvisor\McSACore.exe [2008-09-18 206096]
S3 REMOVE;REMOVE;\??\d:\windows\system32\drivers\REMOVE.SYS --> d:\windows\system32\drivers\REMOVE.SYS [?]
S4 DLCCCustomerConnect;DLCCCustomerConnect;d:\windows\system32\spool\drivers\w32x86\3\dlccserv.exe [2008-11-21 57344]
.
Contents of the 'Scheduled Tasks' folder

2009-01-16 d:\windows\Tasks\AppleSoftwareUpdate.job
- d:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2008-09-18 d:\windows\Tasks\McDefragTask.job
- d:\progra~1\mcafee\mqc\QcConsol.exe [2008-07-09 17:10]

2008-11-01 d:\windows\Tasks\McQcTask.job
- d:\progra~1\mcafee\mqc\QcConsol.exe [2008-07-09 17:10]
.
- - - - ORPHANS REMOVED - - - -

Toolbar-{144A6B24-0EBC-4D89-BF09-A06A718E57B5} - (no file)
WebBrowser-{144A6B24-0EBC-4D89-BF09-A06A718E57B5} - (no file)
HKCU-Run-wblogon - d:\windows\system32\algg.exe
SafeBoot-mfehidk
SafeBoot-mferkdk
SafeBoot-mfetdik
SafeBoot-mfetdik.sys


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.aol.com/
uSearchMigratedDefaultURL = hxxp://windiwsfsearch.com/search?q={searchTerms}
uDefault_Search_URL = hxxp://windiwsfsearch.com
mSearchMigratedDefaultURL = hxxp://windiwsfsearch.com/search?q={searchTerms}
mSearch Bar = hxxp://windiwsfsearch.com/ie6.html
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
mSearchURL = hxxp://windiwsfsearch.com
IE: &AOL Toolbar Search - d:\program files\aol\aol toolbar 5.0\resources\en-US\local\search.html
IE: {{9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.onlyiesettings.com/redirect.php
DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} - hxxp://aol.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} - hxxp://www.designamosaic.com/include/aurigma/ImageUploader5.cab
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-22 20:32:08
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCCCATS = rundll32 d:\windows\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(640)
d:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-01-22 20:33:26
ComboFix-quarantined-files.txt 2009-01-23 01:33:23

Pre-Run: 163,446,968,320 bytes free
Post-Run: 163,657,797,632 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(1)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(1)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

199 --- E O F --- 2009-01-14 12:04:36





Hijack This:


DDS (Ver_09-01-19.01) - NTFSx86
Run by Linda at 20:35:29.15 on Thu 01/22/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.563 [GMT -5:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated)
FW: McAfee Personal Firewall *disabled*

============== Running Processes ===============

D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
D:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\LEXBCES.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\system32\LEXPPS.EXE
D:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
D:\Program Files\Bonjour\mDNSResponder.exe
D:\WINDOWS\System32\svchost.exe -k HTTPFilter
D:\Program Files\Java\jre6\bin\jqs.exe
D:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
D:\Program Files\McAfee\SiteAdvisor\McSACore.exe
D:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
d:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
d:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
D:\WINDOWS\system32\java.exe
D:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
D:\Program Files\McAfee\MPF\MPFSrv.exe
D:\Program Files\McAfee\MSK\MskSrver.exe
D:\WINDOWS\System32\svchost.exe -k imgsvc
D:\WINDOWS\wanmpsvc.exe
D:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
D:\Program Files\Canon\CAL\CALMAIN.exe
d:\PROGRA~1\mcafee.com\agent\mcagent.exe
D:\WINDOWS\system32\notepad.exe
D:\WINDOWS\explorer.exe
D:\Documents and Settings\Linda\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.aol.com/
uSearchMigratedDefaultURL = hxxp://windiwsfsearch.com/search?q={searchTerms}
uDefault_Search_URL = hxxp://windiwsfsearch.com
mSearchMigratedDefaultURL = hxxp://windiwsfsearch.com/search?q={searchTerms}
mSearch Bar = hxxp://windiwsfsearch.com/ie6.html
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
mSearchURL = hxxp://windiwsfsearch.com
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - d:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - d:\progra~1\mcafee\msk\mskapbho.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - d:\program files\java\jre6\bin\ssv.dll
BHO: AOL Toolbar Launcher: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - d:\program files\aol\aol toolbar 5.0\aoltb.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - d:\program files\mcafee\virusscan\scriptsn.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - d:\program files\google\googletoolbar1.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - d:\program files\google\googletoolbarnotifier\3.1.807.1746\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - d:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - d:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - d:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - d:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - d:\program files\aol\aol toolbar 5.0\aoltb.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - d:\program files\google\googletoolbar1.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - d:\windows\system32\Shdocvw.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] d:\windows\system32\ctfmon.exe
uRun: [swg] d:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [WMPNSCFG] d:\program files\windows media player\WMPNSCFG.exe
uRun: [AOL Fast Start] "d:\program files\aol 9.1\AOL.EXE" -b
mRun: [RealTray] d:\program files\real\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
mRun: [mcagent_exe] "d:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [McENUI] d:\progra~1\mcafee\mhn\McENUI.exe /hide
mRun: [HostManager] d:\program files\common files\aol\1221781625\ee\AOLSoftware.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [Lexmark 4200 Series] "d:\program files\lexmark 4200 series\lxbmbmgr.exe"
mRun: [FaxCenterServer4_in_1] "d:\program files\lexmark 4200 series\fax\fm3032.exe" /s
mRun: [RemoteControl] "d:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [DLCCCATS] rundll32 d:\windows\system32\spool\drivers\w32x86\3\DLCCtime.dll,_RunDLLEntry@16
mRun: [dlccmon.exe] "d:\program files\dell photo aio printer 924\dlccmon.exe"
mRun: [LELA] "d:\program files\linksys\linksys easylink advisor\Linksys EasyLink Advisor.exe" /minimized
mRun: [nmctxth] "d:\program files\common files\pure networks shared\platform\nmctxth.exe"
mRun: [SunJavaUpdateSched] "d:\program files\java\jre6\bin\jusched.exe"
mRun: [AppleSyncNotifier] d:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [QuickTime Task] "d:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "d:\program files\itunes\iTunesHelper.exe"
IE: &AOL Toolbar Search - d:\program files\aol\aol toolbar 5.0\resources\en-us\local\search.html
IE: {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.onlyiesettings.com/redirect.php
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - d:\program files\messenger\msmsgs.exe
IE: {3369AF0D-62E9-4bda-8103-B4C75499B578} - {DE9C389F-3316-41A7-809B-AA305ED9D922} - d:\program files\aol\aol toolbar 5.0\aoltb.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - d:\windows\system32\Shdocvw.dll
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} - hxxp://aol.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photo2.walgreens.com/WalgreensActivia.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} - hxxp://www.designamosaic.com/include/aurigma/ImageUploader5.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1221741592125
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://dl8-cdn-01.sun.com/s/ESD5/JSCDL/jre/6u11-b90/jinstall-6u11-windows-i586-jc.cab?e=1229478304192&h=e8775c14a87798f227e8ed0cf8da06a1/&filename=jinstall-6u11-windows-i586-jc.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} - hxxps://webaccess.schneiderlogistics.com/dana-cached/setup/JuniperSetupSP1.cab
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - d:\program files\common files\pure networks shared\platform\puresp3.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - d:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - d:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R1 mfehidk;McAfee Inc. mfehidk;d:\windows\system32\drivers\mfehidk.sys [2008-6-27 207656]
R3 mfeavfk;McAfee Inc. mfeavfk;d:\windows\system32\drivers\mfeavfk.sys [2008-9-18 79240]
R3 mfebopk;McAfee Inc. mfebopk;d:\windows\system32\drivers\mfebopk.sys [2008-9-18 35240]
R4 LinksysUpdater;Linksys Updater;d:\program files\linksys\linksys updater\bin\LinksysUpdater.exe [2008-4-18 204800]
R4 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;d:\program files\mcafee\siteadvisor\McSACore.exe [2008-9-18 206096]
R4 McProxy;McAfee Proxy Service;d:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2008-9-18 358736]
R4 McShield;McAfee Real-time Scanner;d:\progra~1\mcafee\viruss~1\mcshield.exe [2008-9-18 144704]
S3 mferkdk;McAfee Inc. mferkdk;d:\windows\system32\drivers\mferkdk.sys [2008-9-18 34152]
S3 mfesmfk;McAfee Inc. mfesmfk;d:\windows\system32\drivers\mfesmfk.sys [2008-9-18 40488]
S3 REMOVE;REMOVE;\??\d:\windows\system32\drivers\remove.sys --> d:\windows\system32\drivers\REMOVE.SYS [?]
S4 DLCCCustomerConnect;DLCCCustomerConnect;d:\windows\system32\spool\drivers\w32x86\3\dlccserv.exe [2008-11-21 57344]
S4 McSysmon;McAfee SystemGuards;d:\progra~1\mcafee\viruss~1\mcsysmon.exe [2008-9-18 605512]

=============== Created Last 30 ================

2009-01-22 20:16 161,792 a------- d:\windows\SWREG.exe
2009-01-22 20:16 98,816 a------- d:\windows\sed.exe
2009-01-22 20:16 <DIR> --d----- D:\Combo-Fix
2009-01-21 17:58 15,504 a------- d:\windows\system32\drivers\mbam.sys
2009-01-21 17:58 38,496 a------- d:\windows\system32\drivers\mbamswissarmy.sys
2009-01-21 17:58 <DIR> --d----- d:\program files\Malwarebytes' Anti-Malware
2009-01-21 17:58 <DIR> --d----- d:\docume~1\alluse~1\applic~1\Malwarebytes
2008-12-25 12:46 187,765 a------- D:\IMG_4053.JPG
2008-12-25 12:46 182,931 a------- D:\IMG_4052.JPG
2008-12-25 12:46 164,884 a------- D:\IMG_4051.JPG

==================== Find3M ====================

2008-12-12 11:18 87,336 a------- d:\windows\system32\dns-sd.exe
2008-12-12 11:11 61,440 a------- d:\windows\system32\dnssd.dll
2008-12-11 05:57 333,952 a------- d:\windows\system32\drivers\srv.sys
2008-11-10 05:43 410,984 a------- d:\windows\system32\deploytk.dll
2008-10-05 07:22 32,768 a--sh--- d:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008091520080922\index.dat
2008-10-05 07:22 32,768 a--sh--- d:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008100520081006\index.dat

============= FINISH: 20:35:50.21 ===============

Attached Files



#4 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,695 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:06:24 AM

Posted 22 January 2009 - 08:55 PM

Lets check for remnants:

If your copy of MalwareBytes isn't working, Posted Image Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.

Please do an online scan with Kaspersky WebScanner

Kaspersky online scanner uses JAVA tecnology to perform the scan. If you do not have the latest JAVA version, follow the instrutions below under Upgrading Java, to download and install the latest vesion.
  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure the following is checked.
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Please post this log in your next reply.
Upgrading Java:
  • Download the latest version of Java SE Runtime Environment (JRE) 6 Update 11.
  • Click the "Download" button to the right.
  • Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
  • Click on Continue.
  • Click on the link to download Windows Offline Installation (jre-6u11-windows-i586-p.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.(Vista users, right click on the jre-6u11-windows-i586-p.exe) and select "Run as an Administrator.")

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#5 frstmate72

frstmate72
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:05:24 AM

Posted 22 January 2009 - 10:38 PM

There was nothing under "scan report"...therefore no option for "save report as".

This is only a good thing I'm assuming??

#6 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,695 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:06:24 AM

Posted 22 January 2009 - 10:54 PM

I guess it is. Lets take a deeper look:

Download OTScanit2.exe to your Desktop and double-click on it to extract the files. It will create a folder named OTScanit2 on your desktop. OTScanit2 can be detected as malware by your firewall and Ativirus. Chose Ignore on any warning alert.
  • Close any open browsers.
  • Open the OTScanit2 folder and double-click on OTScanit2.exe to start the program.
  • Leave all settings as they appear as default, except for the following:
  • Under Drivers, select "All".
  • Under Rootkit Search, select Yes
  • Under additional Scan select the following:
    • Reg - ControlSets
    • Reg - Disabled MS Config Items
    • Reg - File Associations
    • Reg - Security Center Settings
    • Reg - Tcpip Persistent Routes
  • Now click the Run Scan button on the toolbar.
  • The program will be scanning huge amounts of data so depending on your system it could take a long time to complete. Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Save that notepad file
Use the Reply button and attach the notepad file here (Do not copy and paste in a reply, rather attach it to it).

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#7 frstmate72

frstmate72
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:05:24 AM

Posted 22 January 2009 - 11:34 PM

Anything else?? I do have a question or two if we are finished....let me know

Attached Files



#8 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,695 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:06:24 AM

Posted 22 January 2009 - 11:56 PM

Hi, frstmate72 :thumbup2:

Start OTScanit2. Copy/Paste the information in the Quotebox below into the pane where it says "Paste fix here" and then click the Run Fix button.


[Kill Explorer][Unregister Dlls][Registry - Safe List]< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunYN -> "FaxCenterServer4_in_1" -> ["D:\Program Files\Lexmark 4200 Series\Fax\fm3032.exe" /s]< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\YN -> 1 domain(s) and sub-domain(s) not assigned to a zone. -> < Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\YN ->   .[msn] -> My ComputerYN -> objects_aol.com [*] -> Out of zone range - ( 5 )YN -> 4 domain(s) and sub-domain(s) not assigned to a zone. -> [Empty Temp Folders][Start Explorer][Reboot]


The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. CLick the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here along with a new OTScanit scan.

I will review the information when it comes back in.

Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.

I will be Off for the night. Will see your report in the AM. All seems clear at this point.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#9 frstmate72

frstmate72
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:05:24 AM

Posted 23 January 2009 - 12:29 AM

sorry..where am I supposed to post this??

#10 frstmate72

frstmate72
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:05:24 AM

Posted 23 January 2009 - 12:50 AM

I think you lost me. Sorry for being such an idiot.

#11 frstmate72

frstmate72
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:05:24 AM

Posted 23 January 2009 - 12:54 AM

ok, joke begins two posts above mine??

#12 frstmate72

frstmate72
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:05:24 AM

Posted 23 January 2009 - 01:26 AM

I was just thinking how I deserve to make a donation...although not much..something at least....$$ I'm sure you can give me the information to do so??

#13 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,695 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:06:24 AM

Posted 23 January 2009 - 08:15 AM

Were you able to perform the above. If so, please post the resulting report.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#14 frstmate72

frstmate72
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:05:24 AM

Posted 23 January 2009 - 03:39 PM

OTScanIt2 logfile created on: 1/23/2009 3:29:46 PM - Run 2

OTScanIt2 by OldTimer - Version 1.0.6.2	 Folder = D:\Documents and Settings\Linda\Desktop\OTScanIt2

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

1022.07 Mb Total Physical Memory | 407.39 Mb Available Physical Memory | 39.86% Memory free

2.40 Gb Paging File | 1.86 Gb Available in Paging File | 77.25% Paging File free

Paging file location(s): D:\pagefile.sys 1536 3072;

 

%SystemDrive% = D: | %SystemRoot% = D:\WINDOWS | %ProgramFiles% = D:\Program Files

Drive C: | 74.50 Gb Total Space | 71.63 Gb Free Space | 96.16% Space Free | Partition Type: NTFS

Drive D: | 186.30 Gb Total Space | 152.29 Gb Free Space | 81.74% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: LINDA-FHWPML5YQ

Current User Name: Linda

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: Current user

Whitelist: On

File Age = 30 Days

 

[Processes - Safe List]

aolacsd.exe -> %CommonProgramFiles%\AOL\ACS\AOLacsd.exe -> [2006/10/23 07:50:35 | 00,046,640 | R--- | M] (AOL LLC)

aolsoftware.exe -> %CommonProgramFiles%\AOL\1221781625\ee\aolsoftware.exe -> [2007/05/25 12:16:08 | 00,042,032 | ---- | M] (AOL LLC)

applemobiledeviceservice.exe -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> [2008/11/07 14:28:16 | 00,132,424 | ---- | M] (Apple Inc.)

ati2evxx.exe -> %SystemRoot%\system32\ati2evxx.exe -> [2007/09/29 02:56:34 | 00,483,328 | ---- | M] (ATI Technologies Inc.)

ati2evxx.exe -> %SystemRoot%\system32\ati2evxx.exe -> [2007/09/29 02:56:34 | 00,483,328 | ---- | M] (ATI Technologies Inc.)

calmain.exe -> %ProgramFiles%\Canon\CAL\CALMAIN.exe -> [2006/03/30 09:15:44 | 00,096,341 | ---- | M] (Canon Inc.)

dlcccoms.exe -> %SystemRoot%\system32\dlcccoms.exe -> [2005/06/21 15:19:38 | 00,491,520 | ---- | M] ()

dlccmon.exe -> %ProgramFiles%\Dell Photo AIO Printer 924\dlccmon.exe -> [2005/07/22 14:03:00 | 00,425,984 | ---- | M] (Dell)

dlccserv.exe -> %SystemRoot%\system32\spool\drivers\w32x86\3\dlccserv.exe -> [2005/06/07 13:38:28 | 00,057,344 | ---- | M] ()

googletoolbarnotifier.exe -> %ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe -> [2008/12/19 06:47:41 | 00,068,856 | ---- | M] (Google Inc.)

ipodservice.exe -> %ProgramFiles%\iPod\bin\iPodService.exe -> [2008/11/20 13:20:44 | 00,536,872 | ---- | M] (Apple Inc.)

ituneshelper.exe -> %ProgramFiles%\iTunes\iTunesHelper.exe -> [2008/11/20 13:20:54 | 00,290,088 | ---- | M] (Apple Inc.)

java.exe -> %SystemRoot%\system32\java.exe -> [2008/11/10 05:43:37 | 00,144,792 | ---- | M] (Sun Microsystems, Inc.)

jqs.exe -> %ProgramFiles%\Java\jre6\bin\jqs.exe -> [2008/11/10 05:43:40 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.)

jusched.exe -> %ProgramFiles%\Java\jre6\bin\jusched.exe -> [2008/11/10 05:43:42 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.)

lexbces.exe -> %SystemRoot%\system32\LEXBCES.EXE -> [2004/01/13 18:00:02 | 00,311,296 | ---- | M] (Lexmark International, Inc.)

lexpps.exe -> %SystemRoot%\system32\LEXPPS.EXE -> [2004/01/13 17:55:52 | 00,174,592 | ---- | M] (Lexmark International, Inc.)

linksys easylink advisor.exe -> %ProgramFiles%\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe -> [2008/05/01 06:38:00 | 00,131,072 | ---- | M] (Linksys LLC - A Division of Cisco Systems)

linksysupdater.exe -> %ProgramFiles%\Linksys\Linksys Updater\bin\LinksysUpdater.exe -> [2008/04/18 04:30:43 | 00,204,800 | ---- | M] ()

lxbmbmgr.exe -> %ProgramFiles%\Lexmark 4200 Series\lxbmbmgr.exe -> [2004/01/16 05:04:08 | 00,057,344 | ---- | M] (Lexmark International, Inc.)

lxbmbmon.exe -> %ProgramFiles%\Lexmark 4200 Series\lxbmbmon.exe -> [2004/01/16 05:27:30 | 00,094,208 | ---- | M] (Lexmark International, Inc.)

mcagent.exe -> %ProgramFiles%\McAfee.com\Agent\mcagent.exe -> [2008/07/11 17:48:54 | 00,641,208 | ---- | M] (McAfee, Inc.)

mcmscsvc.exe -> %ProgramFiles%\McAfee\MSC\mcmscsvc.exe -> [2008/10/10 16:16:00 | 00,792,696 | ---- | M] (McAfee, Inc.)

mcnasvc.exe -> %CommonProgramFiles%\McAfee\MNA\McNASvc.exe -> [2008/07/18 07:02:52 | 02,482,848 | ---- | M] (McAfee, Inc.)

mcods.exe -> %ProgramFiles%\McAfee\VirusScan\mcods.exe -> [2008/06/20 12:10:22 | 00,361,800 | ---- | M] (McAfee, Inc.)

mcproxy.exe -> %CommonProgramFiles%\McAfee\McProxy\McProxy.exe -> [2008/07/09 13:49:10 | 00,358,736 | ---- | M] (McAfee, Inc.)

mcsacore.exe -> %ProgramFiles%\McAfee\SiteAdvisor\McSACore.exe -> [2008/11/20 08:45:06 | 00,206,096 | ---- | M] ()

mcshield.exe -> %ProgramFiles%\McAfee\VirusScan\Mcshield.exe -> [2008/06/20 04:41:04 | 00,144,704 | ---- | M] (McAfee, Inc.)

mcsysmon.exe -> %ProgramFiles%\McAfee\VirusScan\mcsysmon.exe -> [2008/09/16 10:04:12 | 00,605,512 | ---- | M] (McAfee, Inc.)

mcvsshld.exe -> %ProgramFiles%\McAfee\VirusScan\mcvsshld.exe -> [2008/06/20 12:10:24 | 00,259,912 | ---- | M] (McAfee, Inc.)

mpfsrv.exe -> %ProgramFiles%\McAfee\MPF\MpfSrv.exe -> [2008/07/09 16:36:30 | 00,884,360 | ---- | M] (McAfee, Inc.)

msksrver.exe -> %ProgramFiles%\McAfee\MSK\msksrver.exe -> [2008/07/09 13:35:34 | 00,025,416 | ---- | M] (McAfee, Inc.)

nmctxth.exe -> %CommonProgramFiles%\Pure Networks Shared\Platform\nmctxth.exe -> [2008/04/09 00:15:10 | 00,648,504 | ---- | M] (Pure Networks, Inc.)

nmsrvc.exe -> %CommonProgramFiles%\Pure Networks Shared\Platform\nmsrvc.exe -> [2008/04/09 00:15:12 | 00,648,504 | ---- | M] (Pure Networks, Inc.)

otscanit2.exe -> %UserProfile%\Desktop\OTScanIt2\OTScanIt2.exe -> [2009/01/09 09:03:22 | 00,485,376 | ---- | M] (OldTimer Tools)

pdvdserv.exe -> %ProgramFiles%\CyberLink\PowerDVD\PDVDServ.exe -> [2005/01/12 03:01:32 | 00,032,768 | ---- | M] (Cyberlink Corp.)

qttask.exe -> %ProgramFiles%\QuickTime\QTTask.exe -> [2008/11/04 10:30:50 | 00,413,696 | ---- | M] (Apple Inc.)

realplay.exe -> %ProgramFiles%\Real\RealPlayer\realplay.exe -> [2008/09/17 16:24:37 | 00,026,112 | ---- | M] (RealNetworks, Inc.)

shellmon.exe -> %ProgramFiles%\AOL 9.1\shellmon.exe -> [2008/06/03 00:36:05 | 00,054,624 | ---- | M] (AOL, LLC.)

stsystra.exe -> %SystemRoot%\stsystra.exe -> [2005/03/22 05:20:44 | 00,339,968 | ---- | M] (SigmaTel, Inc.)

wanmpsvc.exe -> %SystemRoot%\wanmpsvc.exe -> [2003/08/27 09:27:44 | 00,065,536 | ---- | M] (America Online, Inc.)

waol.exe -> %ProgramFiles%\AOL 9.1\waol.exe -> [2008/06/03 00:36:06 | 00,039,264 | ---- | M] (AOL, LLC.)

wmpnetwk.exe -> %ProgramFiles%\Windows Media Player\wmpnetwk.exe -> [2006/10/18 19:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation)

wmpnscfg.exe -> %ProgramFiles%\Windows Media Player\wmpnscfg.exe -> [2006/10/18 19:05:26 | 00,204,288 | ---- | M] (Microsoft Corporation)

 

[Win32 Services - Safe List]

(AOL ACS) AOL Connectivity Service [Win32_Own | Auto | Stopped] -> %CommonProgramFiles%\AOL\ACS\acsd.exe -> [2007/10/11 06:20:39 | 00,042,368 | R--- | M] (AOL LLC)

(Apple Mobile Device) Apple Mobile Device [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> [2008/11/07 14:28:16 | 00,132,424 | ---- | M] (Apple Inc.)

(aspnet_state) ASP.NET State Service [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -> [2005/09/23 07:28:32 | 00,029,896 | ---- | M] (Microsoft Corporation)

(Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Auto | Running] -> %SystemRoot%\system32\ati2evxx.exe -> [2007/09/29 02:56:34 | 00,483,328 | ---- | M] (ATI Technologies Inc.)

(Bonjour Service) Bonjour Service [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.)

(CCALib8) Canon Camera Access Library 8 [Win32_Own | Auto | Running] -> %ProgramFiles%\Canon\CAL\CALMAIN.exe -> [2006/03/30 09:15:44 | 00,096,341 | ---- | M] (Canon Inc.)

(clr_optimization_v2.0.50727_32) .NET Runtime Optimization Service v2.0.50727_X86 [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -> [2005/09/23 07:28:56 | 00,066,240 | ---- | M] (Microsoft Corporation)

(Creative Labs Licensing Service) Creative Labs Licensing Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Creative Labs Shared\Service\CreativeLicensing.exe -> [2008/09/19 20:47:50 | 00,069,632 | ---- | M] (Creative Labs)

(DLCCCustomerConnect) DLCCCustomerConnect [Win32_Own | Auto | Running] -> %SystemRoot%\system32\spool\drivers\w32x86\3\dlccserv.exe -> [2005/06/07 13:38:28 | 00,057,344 | ---- | M] ()

(dlcc_device) dlcc_device [Win32_Own | On_Demand | Running] -> %SystemRoot%\system32\dlcccoms.exe -> [2005/06/21 15:19:38 | 00,491,520 | ---- | M] ()

(FontCache3.0.0.0) Windows Presentation Foundation Font Cache 3.0.0.0 [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -> [2006/10/20 21:21:24 | 00,036,864 | ---- | M] (Microsoft Corporation)

(gusvc) Google Updater Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> [2008/11/08 13:51:38 | 00,138,168 | ---- | M] (Google)

(idsvc) Windows CardSpace [Win32_Shared | Unknown | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -> [2006/10/30 03:33:58 | 00,741,376 | ---- | M] (Microsoft Corporation)

(iPod Service) iPod Service [Win32_Own | On_Demand | Running] -> %ProgramFiles%\iPod\bin\iPodService.exe -> [2008/11/20 13:20:44 | 00,536,872 | ---- | M] (Apple Inc.)

(JavaQuickStarterService) Java Quick Starter [Win32_Own | Auto | Running] -> %ProgramFiles%\Java\jre6\bin\jqs.exe -> [2008/11/10 05:43:40 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.)

(LexBceS) LexBce Server [Win32_Own | Auto | Running] -> %SystemRoot%\system32\LEXBCES.EXE -> [2004/01/13 18:00:02 | 00,311,296 | ---- | M] (Lexmark International, Inc.)

(LinksysUpdater) Linksys Updater [Win32_Own | Auto | Running] -> %ProgramFiles%\Linksys\Linksys Updater\bin\LinksysUpdater.exe -> [2008/04/18 04:30:43 | 00,204,800 | ---- | M] ()

(MBackMonitor) MBackMonitor [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\McAfee\MBK\MBackMonitor.exe -> [2008/07/10 13:42:56 | 00,066,848 | ---- | M] (McAfee)

(McAfee SiteAdvisor Service) McAfee SiteAdvisor Service [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee\SiteAdvisor\McSACore.exe -> [2008/11/20 08:45:06 | 00,206,096 | ---- | M] ()

(mcmscsvc) McAfee Services [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee\MSC\mcmscsvc.exe -> [2008/10/10 16:16:00 | 00,792,696 | ---- | M] (McAfee, Inc.)

(McNASvc) McAfee Network Agent [Win32_Own | Auto | Running] -> %CommonProgramFiles%\McAfee\MNA\McNASvc.exe -> [2008/07/18 07:02:52 | 02,482,848 | ---- | M] (McAfee, Inc.)

(McODS) McAfee Scanner [Win32_Own | On_Demand | Running] -> %ProgramFiles%\McAfee\VirusScan\mcods.exe -> [2008/06/20 12:10:22 | 00,361,800 | ---- | M] (McAfee, Inc.)

(McProxy) McAfee Proxy Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\McAfee\McProxy\McProxy.exe -> [2008/07/09 13:49:10 | 00,358,736 | ---- | M] (McAfee, Inc.)

(McShield) McAfee Real-time Scanner [Win32_Own | Unknown | Running] -> %ProgramFiles%\McAfee\VirusScan\Mcshield.exe -> [2008/06/20 04:41:04 | 00,144,704 | ---- | M] (McAfee, Inc.)

(McSysmon) McAfee SystemGuards [Win32_Own | On_Demand | Running] -> %ProgramFiles%\McAfee\VirusScan\mcsysmon.exe -> [2008/09/16 10:04:12 | 00,605,512 | ---- | M] (McAfee, Inc.)

(MpfService) McAfee Personal Firewall Service [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee\MPF\MpfSrv.exe -> [2008/07/09 16:36:30 | 00,884,360 | ---- | M] (McAfee, Inc.)

(MSK80Service) McAfee Anti-Spam Service [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee\MSK\msksrver.exe -> [2008/07/09 13:35:34 | 00,025,416 | ---- | M] (McAfee, Inc.)

(NetTcpPortSharing) Net.Tcp Port Sharing Service [Win32_Shared | Disabled | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -> [2006/10/30 03:34:02 | 00,122,880 | ---- | M] (Microsoft Corporation)

(nmservice) Pure Networks Platform Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Pure Networks Shared\Platform\nmsrvc.exe -> [2008/04/09 00:15:12 | 00,648,504 | ---- | M] (Pure Networks, Inc.)

(WANMiniportService) WAN Miniport (ATW) Service [Win32_Own | Auto | Running] -> %SystemRoot%\wanmpsvc.exe -> [2003/08/27 09:27:44 | 00,065,536 | ---- | M] (America Online, Inc.)

(WMPNetworkSvc) Windows Media Player Network Sharing Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Windows Media Player\wmpnetwk.exe -> [2006/10/18 19:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation)

 

[Driver Services - All]

(Abiosdsk) Abiosdsk [Kernel | Disabled | Stopped] ->  -> File not found

(abp480n5) abp480n5 [Kernel | Disabled | Stopped] ->  -> File not found

(ACPI) Microsoft ACPI Driver [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\acpi.sys -> [2008/04/13 14:36:36 | 00,187,776 | ---- | M] (Microsoft Corporation)

(ACPIEC) ACPIEC [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\acpiec.sys -> [2003/03/31 07:00:00 | 00,011,648 | ---- | M] (Microsoft Corporation)

(adpu160m) adpu160m [Kernel | Disabled | Stopped] ->  -> File not found

(aec) Microsoft Kernel Acoustic Echo Canceller [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\aec.sys -> [2008/04/13 12:39:24 | 00,142,592 | ---- | M] (Microsoft Corporation)

(AFD) AFD Networking Support Environment [Kernel | System | Running] -> %SystemRoot%\system32\drivers\afd.sys -> [2008/08/14 05:04:36 | 00,138,496 | ---- | M] (Microsoft Corporation)

(Aha154x) Aha154x [Kernel | Disabled | Stopped] ->  -> File not found

(aic78u2) aic78u2 [Kernel | Disabled | Stopped] ->  -> File not found

(aic78xx) aic78xx [Kernel | Disabled | Stopped] ->  -> File not found

(AliIde) AliIde [Kernel | Disabled | Stopped] ->  -> File not found

(amsint) amsint [Kernel | Disabled | Stopped] ->  -> File not found

(asc) asc [Kernel | Disabled | Stopped] ->  -> File not found

(asc3350p) asc3350p [Kernel | Disabled | Stopped] ->  -> File not found

(asc3550) asc3550 [Kernel | Disabled | Stopped] ->  -> File not found

(ASCTRM) ASCTRM [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\asctrm.sys -> [2008/09/17 16:24:40 | 00,008,552 | ---- | M] (Windows (R) 2000 DDK provider)

(AsyncMac) RAS Asynchronous Media Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\asyncmac.sys -> [2008/04/13 13:57:27 | 00,014,336 | ---- | M] (Microsoft Corporation)

(atapi) Standard IDE/ESDI Hard Disk Controller [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\atapi.sys -> [2008/04/13 14:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation)

(Atdisk) Atdisk [Kernel | Disabled | Stopped] ->  -> File not found

(ati2mtag) ati2mtag [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ati2mtag.sys -> [2007/09/29 03:06:00 | 02,456,064 | ---- | M] (ATI Technologies Inc.)

(Atmarpc) ATM ARP Client Protocol [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\atmarpc.sys -> [2008/04/13 13:51:25 | 00,059,904 | ---- | M] (Microsoft Corporation)

(audstub) Audio Stub Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\audstub.sys -> [2001/08/17 08:59:44 | 00,003,072 | ---- | M] (Microsoft Corporation)

(Beep) Beep [Kernel | System | Running] -> %SystemRoot%\system32\drivers\beep.sys -> [2003/03/31 07:00:00 | 00,004,224 | ---- | M] (Microsoft Corporation)

(cbidf2k) cbidf2k [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\cbidf2k.sys -> [2003/03/31 07:00:00 | 00,013,952 | ---- | M] (Microsoft Corporation)

(cd20xrnt) cd20xrnt [Kernel | Disabled | Stopped] ->  -> File not found

(Cdaudio) Cdaudio [Kernel | System | Stopped] -> %SystemRoot%\system32\drivers\cdaudio.sys -> [2003/03/31 07:00:00 | 00,018,688 | ---- | M] (Microsoft Corporation)

(Cdfs) Cdfs [File_System | Disabled | Running] -> %SystemRoot%\system32\drivers\cdfs.sys -> [2008/04/13 14:14:21 | 00,063,744 | ---- | M] (Microsoft Corporation)

(Cdrom) CD-ROM Driver [Kernel | System | Running] -> %SystemRoot%\system32\drivers\cdrom.sys -> [2008/04/13 14:40:46 | 00,062,976 | ---- | M] (Microsoft Corporation)

(Changer) Changer [Kernel | System | Stopped] ->  -> File not found

(CmdIde) CmdIde [Kernel | Disabled | Stopped] ->  -> File not found

(Cpqarray) Cpqarray [Kernel | Disabled | Stopped] ->  -> File not found

(ctsfm2k) Creative SoundFont Management Device Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\CTSFM2K.SYS -> [2005/01/10 05:15:00 | 00,138,752 | ---- | M] (Creative Technology Ltd)

(CTUSFSYN) Creative SoundFont Synthesizer [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\CTUSFSYN.SYS -> [2005/05/25 04:34:00 | 00,158,464 | ---- | M] (Creative Technology Ltd.)

(dac960nt) dac960nt [Kernel | Disabled | Stopped] ->  -> File not found

(Disk) Disk Driver [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\disk.sys -> [2008/04/13 14:40:48 | 00,036,352 | ---- | M] (Microsoft Corporation)

(dmboot) dmboot [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dmboot.sys -> [2008/04/13 13:44:48 | 00,799,744 | ---- | M] (Microsoft Corp., Veritas Software)

(dmio) dmio [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dmio.sys -> [2008/04/13 13:44:46 | 00,153,344 | ---- | M] (Microsoft Corp., Veritas Software)

(dmload) dmload [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dmload.sys -> [2003/03/31 07:00:00 | 00,005,888 | ---- | M] (Microsoft Corp., Veritas Software.)

(DMusic) Microsoft Kernel DLS Syntheiszer [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\dmusic.sys -> [2008/04/13 14:45:02 | 00,052,864 | ---- | M] (Microsoft Corporation)

(dpti2o) dpti2o [Kernel | Disabled | Stopped] ->  -> File not found

(drmkaud) Microsoft Kernel DRM Audio Descrambler [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\drmkaud.sys -> [2008/04/13 14:45:14 | 00,002,944 | ---- | M] (Microsoft Corporation)

(E100B) Intel(R) PRO Network Connection Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\e100b325.sys -> [2005/06/13 12:58:04 | 00,162,816 | ---- | M] (Intel Corporation)

(Fastfat) Fastfat [File_System | Disabled | Stopped] -> %SystemRoot%\system32\drivers\fastfat.sys -> [2008/04/13 14:14:29 | 00,143,744 | ---- | M] (Microsoft Corporation)

(Fdc) Fdc [Kernel | System | Stopped] -> %SystemRoot%\system32\drivers\fdc.sys -> [2008/04/13 14:40:26 | 00,027,392 | ---- | M] (Microsoft Corporation)

(Fips) Fips [Kernel | System | Running] -> %SystemRoot%\system32\drivers\fips.sys -> [2008/04/13 13:33:28 | 00,044,544 | ---- | M] (Microsoft Corporation)

(Flpydisk) Flpydisk [Kernel | System | Stopped] -> %SystemRoot%\system32\drivers\flpydisk.sys -> [2008/04/13 14:40:26 | 00,020,480 | ---- | M] (Microsoft Corporation)

(FltMgr) FltMgr [File_System | Boot | Running] -> %SystemRoot%\system32\drivers\fltmgr.sys -> [2008/04/13 13:32:59 | 00,129,792 | ---- | M] (Microsoft Corporation)

(Ftdisk) Volume Manager Driver [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\ftdisk.sys -> [2003/03/31 07:00:00 | 00,125,056 | ---- | M] (Microsoft Corporation)

(GEARAspiWDM) GEAR ASPI Filter Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\GEARAspiWDM.sys -> [2008/04/17 12:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.)

(Gpc) Generic Packet Classifier [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\msgpc.sys -> [2008/04/13 13:56:32 | 00,035,072 | ---- | M] (Microsoft Corporation)

(HDAudBus) Microsoft UAA Bus Driver for High Definition Audio [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\hdaudbus.sys -> [2008/04/13 12:36:06 | 00,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider)

(hidusb) Microsoft HID Class Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\hidusb.sys -> [2008/04/13 14:45:28 | 00,010,368 | ---- | M] (Microsoft Corporation)

(hpn) hpn [Kernel | Disabled | Stopped] ->  -> File not found

(HTTP) HTTP [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\http.sys -> [2008/04/13 14:53:54 | 00,264,832 | ---- | M] (Microsoft Corporation)

(i2omgmt) i2omgmt [Kernel | System | Stopped] ->  -> File not found

(i2omp) i2omp [Kernel | Disabled | Stopped] ->  -> File not found

(Imapi) CD-Burning Filter Driver [Kernel | System | Running] -> %SystemRoot%\system32\drivers\imapi.sys -> [2008/04/13 14:40:58 | 00,042,112 | ---- | M] (Microsoft Corporation)

(ini910u) ini910u [Kernel | Disabled | Stopped] ->  -> File not found

(IntelIde) IntelIde [Kernel | Disabled | Stopped] ->  -> File not found

(intelppm) Intel Processor Driver [Kernel | System | Running] -> %SystemRoot%\system32\drivers\intelppm.sys -> [2008/04/13 14:31:32 | 00,036,352 | ---- | M] (Microsoft Corporation)

(ip6fw) IPv6 Windows Firewall Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\ip6fw.sys -> [2008/04/13 13:53:34 | 00,036,608 | ---- | M] (Microsoft Corporation)

(IpFilterDriver) IP Traffic Filter Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ipfltdrv.sys -> [2003/03/31 07:00:00 | 00,032,896 | ---- | M] (Microsoft Corporation)

(IpInIp) IP in IP Tunnel Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\ipinip.sys -> [2008/04/13 13:57:07 | 00,020,864 | ---- | M] (Microsoft Corporation)

(IpNat) IP Network Address Translator [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ipnat.sys -> [2008/04/13 13:57:15 | 00,152,832 | ---- | M] (Microsoft Corporation)

(IPSec) IPSEC driver [Kernel | System | Running] -> %SystemRoot%\system32\drivers\ipsec.sys -> [2008/04/13 14:19:42 | 00,075,264 | ---- | M] (Microsoft Corporation)

(IRENUM) IR Enumerator Service [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\irenum.sys -> [2008/04/13 13:54:28 | 00,011,264 | ---- | M] (Microsoft Corporation)

(isapnp) PnP ISA/EISA Bus Driver [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\isapnp.sys -> [2008/04/13 14:36:42 | 00,037,248 | ---- | M] (Microsoft Corporation)

(Kbdclass) Keyboard Class Driver [Kernel | System | Running] -> %SystemRoot%\system32\drivers\kbdclass.sys -> [2008/04/13 14:39:48 | 00,024,576 | ---- | M] (Microsoft Corporation)

(kbdhid) Keyboard HID Driver [Kernel | System | Running] -> %SystemRoot%\system32\drivers\kbdhid.sys -> [2008/04/13 14:39:48 | 00,014,592 | ---- | M] (Microsoft Corporation)

(kmixer) Microsoft Kernel Wave Audio Mixer [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\kmixer.sys -> [2008/04/13 14:45:10 | 00,172,416 | ---- | M] (Microsoft Corporation)

(KSecDD) KSecDD [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\ksecdd.sys -> [2008/04/13 13:31:43 | 00,092,288 | ---- | M] (Microsoft Corporation)

(lbrtfdc) lbrtfdc [Kernel | System | Stopped] ->  -> File not found

(mfeavfk) McAfee Inc. mfeavfk [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\mfeavfk.sys -> [2008/06/27 05:08:40 | 00,079,240 | ---- | M] (McAfee, Inc.)

(mfebopk) McAfee Inc. mfebopk [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\mfebopk.sys -> [2008/06/27 05:08:40 | 00,035,240 | ---- | M] (McAfee, Inc.)

(mfehidk) McAfee Inc. mfehidk [Kernel | System | Running] -> %SystemRoot%\system32\drivers\mfehidk.sys -> [2008/06/27 05:08:40 | 00,207,656 | ---- | M] (McAfee, Inc.)

(mferkdk) McAfee Inc. mferkdk [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\mferkdk.sys -> [2008/06/20 04:41:38 | 00,034,152 | ---- | M] (McAfee, Inc.)

(mfesmfk) McAfee Inc. mfesmfk [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\mfesmfk.sys -> [2008/06/27 05:08:40 | 00,040,488 | ---- | M] (McAfee, Inc.)

(mnmdd) mnmdd [Kernel | System | Running] -> %SystemRoot%\system32\drivers\mnmdd.sys -> [2003/03/31 07:00:00 | 00,004,224 | ---- | M] (Microsoft Corporation)

(Modem) Modem [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\modem.sys -> [2008/04/13 15:00:20 | 00,030,080 | ---- | M] (Microsoft Corporation)

(Mouclass) Mouse Class Driver [Kernel | System | Running] -> %SystemRoot%\system32\drivers\mouclass.sys -> [2008/04/13 14:39:48 | 00,023,040 | ---- | M] (Microsoft Corporation)

(mouhid) Mouse HID Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\mouhid.sys -> [2003/03/31 07:00:00 | 00,012,160 | ---- | M] (Microsoft Corporation)

(MountMgr) Mount Point Manager [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\mountmgr.sys -> [2008/04/13 13:39:46 | 00,042,368 | ---- | M] (Microsoft Corporation)

(MPFP) MPFP [Kernel | System | Running] -> %SystemRoot%\system32\drivers\Mpfp.sys -> [2008/06/02 13:55:42 | 00,120,136 | ---- | M] (McAfee, Inc.)

(mraid35x) mraid35x [Kernel | Disabled | Stopped] ->  -> File not found

(MRxDAV) WebDav Client Redirector [File_System | On_Demand | Running] -> %SystemRoot%\system32\drivers\mrxdav.sys -> [2008/04/13 13:32:44 | 00,180,608 | ---- | M] (Microsoft Corporation)

(MRxSmb) MRxSmb [File_System | System | Running] -> %SystemRoot%\system32\drivers\mrxsmb.sys -> [2008/10/24 06:21:09 | 00,455,296 | ---- | M] (Microsoft Corporation)

(Msfs) Msfs [File_System | System | Running] -> %SystemRoot%\system32\drivers\msfs.sys -> [2008/04/13 13:32:39 | 00,019,072 | ---- | M] (Microsoft Corporation)

(MSKSSRV) Microsoft Streaming Service Proxy [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\mskssrv.sys -> [2008/04/13 14:39:52 | 00,007,552 | ---- | M] (Microsoft Corporation)

(MSPCLOCK) Microsoft Streaming Clock Proxy [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\mspclock.sys -> [2008/04/13 14:39:50 | 00,005,376 | ---- | M] (Microsoft Corporation)

(MSPQM) Microsoft Streaming Quality Manager Proxy [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\mspqm.sys -> [2008/04/13 14:39:52 | 00,004,992 | ---- | M] (Microsoft Corporation)

(mssmbios) Microsoft System Management BIOS Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\mssmbios.sys -> [2008/04/13 14:36:46 | 00,015,488 | ---- | M] (Microsoft Corporation)

(Mup) Mup [File_System | Boot | Running] -> %SystemRoot%\system32\drivers\mup.sys -> [2008/04/13 14:17:05 | 00,105,344 | ---- | M] (Microsoft Corporation)

(NDIS) NDIS System Driver [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\ndis.sys -> [2008/04/13 14:20:37 | 00,182,656 | ---- | M] (Microsoft Corporation)

(NdisTapi) Remote Access NDIS TAPI Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ndistapi.sys -> [2008/04/13 13:57:27 | 00,010,112 | ---- | M] (Microsoft Corporation)

(Ndisuio) NDIS Usermode I/O Protocol [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ndisuio.sys -> [2008/04/13 14:55:58 | 00,014,592 | ---- | M] (Microsoft Corporation)

(NdisWan) Remote Access NDIS WAN Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ndiswan.sys -> [2008/04/13 14:20:42 | 00,091,520 | ---- | M] (Microsoft Corporation)

(NDProxy) NDIS Proxy [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ndproxy.sys -> [2008/04/13 13:57:29 | 00,040,576 | ---- | M] (Microsoft Corporation)

(NetBIOS) NetBIOS Interface [File_System | System | Running] -> %SystemRoot%\system32\drivers\netbios.sys -> [2008/04/13 13:56:02 | 00,034,688 | ---- | M] (Microsoft Corporation)

(NetBT) NetBios over Tcpip [Kernel | System | Running] -> %SystemRoot%\system32\drivers\netbt.sys -> [2008/04/13 14:21:00 | 00,162,816 | ---- | M] (Microsoft Corporation)

(Npfs) Npfs [File_System | System | Running] -> %SystemRoot%\system32\drivers\npfs.sys -> [2008/04/13 13:32:39 | 00,030,848 | ---- | M] (Microsoft Corporation)

(Ntfs) Ntfs [File_System | Disabled | Running] -> %SystemRoot%\system32\drivers\ntfs.sys -> [2008/04/13 14:15:53 | 00,574,976 | ---- | M] (Microsoft Corporation)

(Null) Null [Kernel | System | Running] -> %SystemRoot%\system32\drivers\null.sys -> [2003/03/31 07:00:00 | 00,002,944 | ---- | M] (Microsoft Corporation)

(NwlnkFlt) IPX Traffic Filter Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\nwlnkflt.sys -> [2003/03/31 07:00:00 | 00,012,416 | ---- | M] (Microsoft Corporation)

(NwlnkFwd) IPX Traffic Forwarder Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\nwlnkfwd.sys -> [2003/03/31 07:00:00 | 00,032,512 | ---- | M] (Microsoft Corporation)

(ossrv) Creative OS Services Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\CTOSS2K.SYS -> [2005/01/10 05:15:00 | 00,106,496 | ---- | M] (Creative Technology Ltd.)

(Parport) Parport [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\parport.sys -> [2008/04/13 14:40:10 | 00,080,128 | ---- | M] (Microsoft Corporation)

(PartMgr) Partition Manager [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\partmgr.sys -> [2008/04/13 13:40:49 | 00,019,712 | ---- | M] (Microsoft Corporation)

(ParVdm) ParVdm [Kernel | Auto | Stopped] -> %SystemRoot%\system32\drivers\parvdm.sys -> [2003/03/31 07:00:00 | 00,006,784 | ---- | M] (Microsoft Corporation)

(PCI) PCI Bus Driver [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\pci.sys -> [2008/04/13 14:36:44 | 00,068,224 | ---- | M] (Microsoft Corporation)

(PCIDump) PCIDump [Kernel | System | Stopped] ->  -> File not found

(PCIIde) PCIIde [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\pciide.sys -> [2003/03/31 07:00:00 | 00,003,328 | ---- | M] (Microsoft Corporation)

(Pcmcia) Pcmcia [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\pcmcia.sys -> [2008/04/13 14:36:44 | 00,120,192 | ---- | M] (Microsoft Corporation)

(PDCOMP) PDCOMP [Kernel | On_Demand | Stopped] ->  -> File not found

(PDFRAME) PDFRAME [Kernel | On_Demand | Stopped] ->  -> File not found

(PDRELI) PDRELI [Kernel | On_Demand | Stopped] ->  -> File not found

(PDRFRAME) PDRFRAME [Kernel | On_Demand | Stopped] ->  -> File not found

(perc2) perc2 [Kernel | Disabled | Stopped] ->  -> File not found

(perc2hib) perc2hib [Kernel | Disabled | Stopped] ->  -> File not found

(pnarp) Pure Networks Device Discovery Driver [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\pnarp.sys -> [2008/04/09 00:14:04 | 00,023,992 | ---- | M] (Pure Networks, Inc.)

(PptpMiniport) WAN Miniport (PPTP) [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\raspptp.sys -> [2008/04/13 14:19:48 | 00,048,384 | ---- | M] (Microsoft Corporation)

(Processor) Processor Driver [Kernel | System | Stopped] -> %SystemRoot%\system32\drivers\processr.sys -> [2008/04/13 14:31:30 | 00,035,840 | ---- | M] (Microsoft Corporation)

(PSched) QoS Packet Scheduler [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\psched.sys -> [2008/04/13 13:56:38 | 00,069,120 | ---- | M] (Microsoft Corporation)

(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ptilink.sys -> [2003/03/31 07:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.)

(purendis) Pure Networks Wireless Driver [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\purendis.sys -> [2008/04/09 00:14:00 | 00,025,272 | ---- | M] (Pure Networks, Inc.)

(ql1080) ql1080 [Kernel | Disabled | Stopped] ->  -> File not found

(Ql10wnt) Ql10wnt [Kernel | Disabled | Stopped] ->  -> File not found

(ql12160) ql12160 [Kernel | Disabled | Stopped] ->  -> File not found

(ql1240) ql1240 [Kernel | Disabled | Stopped] ->  -> File not found

(ql1280) ql1280 [Kernel | Disabled | Stopped] ->  -> File not found

(RasAcd) Remote Access Auto Connection Driver [Kernel | System | Running] -> %SystemRoot%\system32\drivers\rasacd.sys -> [2003/03/31 07:00:00 | 00,008,832 | ---- | M] (Microsoft Corporation)

(Rasl2tp) WAN Miniport (L2TP) [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\rasl2tp.sys -> [2008/04/13 14:19:43 | 00,051,328 | ---- | M] (Microsoft Corporation)

(RasPppoe) Remote Access PPPOE Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\raspppoe.sys -> [2008/04/13 13:57:32 | 00,041,472 | ---- | M] (Microsoft Corporation)

(Raspti) Direct Parallel [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\raspti.sys -> [2003/03/31 07:00:00 | 00,016,512 | ---- | M] (Microsoft Corporation)

(Rdbss) Rdbss [File_System | System | Running] -> %SystemRoot%\system32\drivers\rdbss.sys -> [2008/04/13 14:28:39 | 00,175,744 | ---- | M] (Microsoft Corporation)

(RDPCDD) RDPCDD [Kernel | System | Running] -> %SystemRoot%\system32\drivers\rdpcdd.sys -> [2003/03/31 07:00:00 | 00,004,224 | ---- | M] (Microsoft Corporation)

(RDPWD) RDPWD [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\rdpwd.sys -> [2008/04/13 19:13:22 | 00,139,656 | ---- | M] (Microsoft Corporation)

(redbook) Digital CD Audio Playback Filter Driver [Kernel | System | Running] -> %SystemRoot%\system32\drivers\redbook.sys -> [2008/04/13 14:40:28 | 00,057,600 | ---- | M] (Microsoft Corporation)

(REMOVE) REMOVE [Kernel | On_Demand | Stopped] ->  -> File not found

(Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\secdrv.sys -> [2008/04/13 11:39:15 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)

(Serial) Serial [Kernel | Auto | Stopped] -> %SystemRoot%\system32\drivers\serial.sys -> [2008/04/13 15:15:46 | 00,064,512 | ---- | M] (Microsoft Corporation)

(Sfloppy) Sfloppy [Kernel | System | Stopped] -> %SystemRoot%\system32\drivers\sfloppy.sys -> [2008/04/13 14:40:48 | 00,011,392 | ---- | M] (Microsoft Corporation)

(sigfilt) sigfilt [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\sigfilt.sys -> [2005/03/24 21:11:00 | 01,350,272 | ---- | M] (Creative Technology Ltd.)

(Simbad) Simbad [Kernel | Disabled | Stopped] ->  -> File not found

(Sparrow) Sparrow [Kernel | Disabled | Stopped] ->  -> File not found

(splitter) Microsoft Kernel Audio Splitter [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\splitter.sys -> [2008/04/13 14:45:08 | 00,006,272 | ---- | M] (Microsoft Corporation)

(sr) System Restore Filter Driver [File_System | Boot | Running] -> %SystemRoot%\system32\drivers\sr.sys -> [2008/04/13 13:36:52 | 00,073,472 | ---- | M] (Microsoft Corporation)

(Srv) Srv [File_System | On_Demand | Running] -> %SystemRoot%\system32\drivers\srv.sys -> [2008/12/11 05:57:09 | 00,333,952 | ---- | M] (Microsoft Corporation)

(STHDA) High Definition Audio Driver (WDM) - SigmaTel CODEC [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\sthda.sys -> [2005/06/06 03:40:48 | 00,180,736 | ---- | M] (SigmaTel, Inc.)

(swenum) Software Bus Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\swenum.sys -> [2008/04/13 14:39:54 | 00,004,352 | ---- | M] (Microsoft Corporation)

(swmidi) Microsoft Kernel GS Wavetable Synthesizer [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\swmidi.sys -> [2008/04/13 14:45:10 | 00,056,576 | ---- | M] (Microsoft Corporation)

(symc810) symc810 [Kernel | Disabled | Stopped] ->  -> File not found

(symc8xx) symc8xx [Kernel | Disabled | Stopped] ->  -> File not found

(sym_hi) sym_hi [Kernel | Disabled | Stopped] ->  -> File not found

(sym_u3) sym_u3 [Kernel | Disabled | Stopped] ->  -> File not found

(sysaudio) Microsoft Kernel System Audio Device [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\sysaudio.sys -> [2008/04/13 15:15:56 | 00,060,800 | ---- | M] (Microsoft Corporation)

(Tcpip) TCP/IP Protocol Driver [Kernel | System | Running] -> %SystemRoot%\system32\drivers\tcpip.sys -> [2008/06/20 06:51:12 | 00,361,600 | ---- | M] (Microsoft Corporation)

(TDPIPE) TDPIPE [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\tdpipe.sys -> [2008/04/13 19:13:20 | 00,012,040 | ---- | M] (Microsoft Corporation)

(TDTCP) TDTCP [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\tdtcp.sys -> [2008/04/13 19:13:21 | 00,021,896 | ---- | M] (Microsoft Corporation)

(TermDD) Terminal Device Driver [Kernel | System | Running] -> %SystemRoot%\system32\drivers\termdd.sys -> [2008/04/13 20:13:20 | 00,040,840 | ---- | M] (Microsoft Corporation)

(TosIde) TosIde [Kernel | Disabled | Stopped] ->  -> File not found

(Udfs) Udfs [File_System | Disabled | Running] -> %SystemRoot%\system32\drivers\udfs.sys -> [2008/04/13 13:32:36 | 00,066,048 | ---- | M] (Microsoft Corporation)

(ultra) ultra [Kernel | Disabled | Stopped] ->  -> File not found

(Update) Microcode Update Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\update.sys -> [2008/04/13 13:39:46 | 00,384,768 | ---- | M] (Microsoft Corporation)

(USBAAPL) Apple Mobile USB Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\usbaapl.sys -> [2008/10/01 13:01:28 | 00,032,000 | ---- | M] (Apple, Inc.)

(usbccgp) Microsoft USB Generic Parent Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\usbccgp.sys -> [2008/04/13 14:45:40 | 00,032,128 | ---- | M] (Microsoft Corporation)

(usbehci) Microsoft USB 2.0 Enhanced Host Controller Miniport Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\usbehci.sys -> [2008/04/13 14:45:36 | 00,030,208 | ---- | M] (Microsoft Corporation)

(usbhub) USB2 Enabled Hub [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\usbhub.sys -> [2008/04/13 14:45:38 | 00,059,520 | ---- | M] (Microsoft Corporation)

(usbprint) Microsoft USB PRINTER Class [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\usbprint.sys -> [2008/04/13 14:47:38 | 00,025,856 | ---- | M] (Microsoft Corporation)

(usbscan) USB Scanner Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\usbscan.sys -> [2008/04/13 14:45:34 | 00,015,104 | ---- | M] (Microsoft Corporation)

(USBSTOR) USB Mass Storage Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\usbstor.sys -> [2008/04/13 14:45:38 | 00,026,368 | ---- | M] (Microsoft Corporation)

(usbuhci) Microsoft USB Universal Host Controller Miniport Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\usbuhci.sys -> [2008/04/13 14:45:36 | 00,020,608 | ---- | M] (Microsoft Corporation)

(USB_RNDIS) Arris Remote NDIS Network Device Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\usb8023.sys -> [2008/04/13 13:56:49 | 00,012,800 | ---- | M] (Microsoft Corporation)

(VgaSave) VGA Display Controller. [Kernel | System | Running] -> %SystemRoot%\system32\drivers\vga.sys -> [2008/04/13 13:44:40 | 00,020,992 | ---- | M] (Microsoft Corporation)

(ViaIde) ViaIde [Kernel | Disabled | Stopped] ->  -> File not found

(VolSnap) VolSnap [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\volsnap.sys -> [2008/04/13 13:41:01 | 00,052,352 | ---- | M] (Microsoft Corporation)

(Wanarp) Remote Access IP ARP Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\wanarp.sys -> [2008/04/13 13:57:21 | 00,034,560 | ---- | M] (Microsoft Corporation)

(wanatw) WAN Miniport (ATW) [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\wanatw4.sys -> [2003/01/10 16:13:04 | 00,033,588 | ---- | M] (America Online, Inc.)

(WDICA) WDICA [Kernel | On_Demand | Stopped] ->  -> File not found

(wdmaud) Microsoft WINMM WDM Audio Compatibility Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\wdmaud.sys -> [2008/04/13 15:17:18 | 00,083,072 | ---- | M] (Microsoft Corporation)

(WudfPf) Windows Driver Foundation - User-mode Driver Framework Platform Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\WudfPf.sys -> [2006/09/28 17:55:50 | 00,077,568 | ---- | M] (Microsoft Corporation)

(WudfRd) Windows Driver Foundation - User-mode Driver Framework Reflector [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\WudfRd.sys -> [2006/09/28 18:00:34 | 00,082,944 | ---- | M] (Microsoft Corporation)

 

[Registry - Safe List]

< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 

HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://go.microsoft.com/fwlink/?LinkId=69157 -> 

HKEY_LOCAL_MACHINE\: Main\\"Default_Search_URL" -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 

HKEY_LOCAL_MACHINE\: Main\\"Default_Secondary_Page_URL" ->  -> 

HKEY_LOCAL_MACHINE\: Main\\"Extensions Off Page" -> about:NoAdd-ons -> 

HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> %SystemRoot%\system32\blank.htm -> 

HKEY_LOCAL_MACHINE\: Main\\"Search Page" -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 

HKEY_LOCAL_MACHINE\: Main\\"SearchMigratedDefaultName" -> Search -> 

HKEY_LOCAL_MACHINE\: Main\\"SearchMigratedDefaultURL" -> http://www.google.com/ -> 

HKEY_LOCAL_MACHINE\: Main\\"Security Risk Page" -> about:SecurityRisk -> 

HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://go.microsoft.com/fwlink/?LinkId=69157 -> 

HKEY_LOCAL_MACHINE\: Search\\"CustomizeSearch" -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> 

HKEY_LOCAL_MACHINE\: Search\\"SearchAssistant" -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> 

HKEY_LOCAL_MACHINE\: SearchURL\w\\"" -> http://www.google.com/ -> 

< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 

HKEY_CURRENT_USER\: Main\\"Default_Search_URL" -> http://www.google.com/ -> 

HKEY_CURRENT_USER\: Main\\"Local Page" -> D:\WINDOWS\system32\blank.htm -> 

HKEY_CURRENT_USER\: Main\\"Search Page" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 

HKEY_CURRENT_USER\: Main\\"SearchMigratedDefaultName" -> Search -> 

HKEY_CURRENT_USER\: Main\\"SearchMigratedDefaultURL" -> http://www.google.com/ -> 

HKEY_CURRENT_USER\: Main\\"Start Page" -> http://www.aol.com/ -> 

HKEY_CURRENT_USER\: SearchURL\\"" -> http://search.yahoo.com/search?fr=mcafee&p=%s -> 

HKEY_CURRENT_USER\: "ProxyEnable" -> 0 -> 

HKEY_CURRENT_USER\: "ProxyOverride" -> *.local -> 

< HOSTS File > (734 bytes and 19 lines) -> D:\WINDOWS\System32\drivers\etc\Hosts -> 

127.0.0.1	   localhost

< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [AcroIEHlprObj Class] -> [2003/11/03 13:17:44 | 00,054,248 | ---- | M] (Adobe Systems Incorporated)

{27B4851A-3207-45A2-B947-BE8AFE6163AB} [HKLM] -> %ProgramFiles%\McAfee\MSK\mskapbho.dll [McAfee Phishing Filter] -> [2008/10/17 11:45:10 | 00,247,312 | ---- | M] ()

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre6\bin\ssv.dll [Java(tm) Plug-In SSV Helper] -> [2008/11/10 05:43:31 | 00,320,920 | ---- | M] (Sun Microsystems, Inc.)

{7C554162-8CB7-45A4-B8F4-8EA1C75885F9} [HKLM] -> %ProgramFiles%\AOL\AOL Toolbar 5.0\aoltb.dll [AOL Toolbar Launcher] -> [2007/03/23 15:35:30 | 01,025,584 | ---- | M] (AOL LLC)

{7DB2D5A0-7241-4E79-B68D-6309F01C5231} [HKLM] -> %ProgramFiles%\McAfee\VirusScan\scriptsn.dll [scriptproxy] -> [2008/06/20 04:41:56 | 00,058,688 | ---- | M] (McAfee, Inc.)

{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKLM] -> %ProgramFiles%\Google\GoogleToolbar1.dll [Google Toolbar Helper] -> [2008/11/08 13:51:37 | 02,403,392 | R--- | M] (Google Inc.)

{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKLM] -> %ProgramFiles%\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll [Google Toolbar Notifier BHO] -> [2008/12/19 06:47:41 | 00,737,776 | ---- | M] (Google Inc.)

{B164E929-A1B6-4A06-B104-2CD0E90A88FF} [HKLM] -> %ProgramFiles%\McAfee\SiteAdvisor\McIEPlg.dll [McAfee SiteAdvisor BHO] -> [2008/11/14 12:25:26 | 00,150,032 | ---- | M] ()

{DBC80044-A445-435b-BC74-9C25C1C588A9} [HKLM] -> %ProgramFiles%\Java\jre6\bin\jp2ssv.dll [Java(tm) Plug-In 2 SSV Helper] -> [2008/11/10 05:43:16 | 00,034,816 | ---- | M] (Sun Microsystems, Inc.)

{E7E6F031-17CE-4C07-BC86-EABFE594F69C} [HKLM] -> %ProgramFiles%\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [JQSIEStartDetectorImpl Class] -> [2008/11/10 05:43:17 | 00,073,728 | ---- | M] (Sun Microsystems, Inc.)

< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 

"{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}" [HKLM] -> %ProgramFiles%\McAfee\SiteAdvisor\McIEPlg.dll [McAfee SiteAdvisor Toolbar] -> [2008/11/14 12:25:26 | 00,150,032 | ---- | M] ()

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" [HKLM] -> %ProgramFiles%\Google\GoogleToolbar1.dll [&Google] -> [2008/11/08 13:51:37 | 02,403,392 | R--- | M] (Google Inc.)

"{DE9C389F-3316-41A7-809B-AA305ED9D922}" [HKLM] -> %ProgramFiles%\AOL\AOL Toolbar 5.0\aoltb.dll [AOL Toolbar] -> [2007/03/23 15:35:30 | 01,025,584 | ---- | M] (AOL LLC)

< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> 

WebBrowser\\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" [HKLM] -> %ProgramFiles%\Google\GoogleToolbar1.dll [&Google] -> [2008/11/08 13:51:37 | 02,403,392 | R--- | M] (Google Inc.)

WebBrowser\\"{DE9C389F-3316-41A7-809B-AA305ED9D922}" [HKLM] -> %ProgramFiles%\AOL\AOL Toolbar 5.0\aoltb.dll [AOL Toolbar] -> [2007/03/23 15:35:30 | 01,025,584 | ---- | M] (AOL LLC)

< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 

"AppleSyncNotifier" -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe] -> [2008/11/07 14:16:58 | 00,111,936 | ---- | M] (Apple Inc.)

"DLCCCATS" -> %SystemRoot%\system32\spool\drivers\w32x86\3\dlcctime.dll [rundll32 D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16] -> [2005/06/07 13:38:10 | 00,069,632 | ---- | M] ()

"dlccmon.exe" -> %ProgramFiles%\Dell Photo AIO Printer 924\dlccmon.exe ["D:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe"] -> [2005/07/22 14:03:00 | 00,425,984 | ---- | M] (Dell)

"FaxCenterServer4_in_1" ->  ["D:\Program Files\Lexmark 4200 Series\Fax\fm3032.exe" /s] -> File not found

"HostManager" -> %CommonProgramFiles%\AOL\1221781625\ee\aolsoftware.exe [D:\Program Files\Common Files\AOL\1221781625\ee\AOLSoftware.exe] -> [2007/05/25 12:16:08 | 00,042,032 | ---- | M] (AOL LLC)

"iTunesHelper" -> %ProgramFiles%\iTunes\iTunesHelper.exe ["D:\Program Files\iTunes\iTunesHelper.exe"] -> [2008/11/20 13:20:54 | 00,290,088 | ---- | M] (Apple Inc.)

"LELA" -> %ProgramFiles%\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe ["D:\Program Files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe" /minimized] -> [2008/05/01 06:38:00 | 00,131,072 | ---- | M] (Linksys LLC - A Division of Cisco Systems)

"Lexmark 4200 Series" -> %ProgramFiles%\Lexmark 4200 Series\lxbmbmgr.exe ["D:\Program Files\Lexmark 4200 Series\lxbmbmgr.exe"] -> [2004/01/16 05:04:08 | 00,057,344 | ---- | M] (Lexmark International, Inc.)

"mcagent_exe" -> %ProgramFiles%\McAfee.com\Agent\mcagent.exe ["D:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey] -> [2008/07/11 17:48:54 | 00,641,208 | ---- | M] (McAfee, Inc.)

"McENUI" -> %ProgramFiles%\McAfee\MHN\McENUI.exe [D:\PROGRA~1\McAfee\MHN\McENUI.exe /hide] -> [2008/06/13 01:59:26 | 01,176,808 | ---- | M] (McAfee, Inc.)

"nmctxth" -> %CommonProgramFiles%\Pure Networks Shared\Platform\nmctxth.exe ["D:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"] -> [2008/04/09 00:15:10 | 00,648,504 | ---- | M] (Pure Networks, Inc.)

"QuickTime Task" -> %ProgramFiles%\QuickTime\QTTask.exe ["D:\Program Files\QuickTime\QTTask.exe" -atboottime] -> [2008/11/04 10:30:50 | 00,413,696 | ---- | M] (Apple Inc.)

"RealTray" -> %ProgramFiles%\Real\RealPlayer\realplay.exe [D:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER] -> [2008/09/17 16:24:37 | 00,026,112 | ---- | M] (RealNetworks, Inc.)

"RemoteControl" -> %ProgramFiles%\CyberLink\PowerDVD\PDVDServ.exe ["D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"] -> [2005/01/12 03:01:32 | 00,032,768 | ---- | M] (Cyberlink Corp.)

"SigmatelSysTrayApp" -> %SystemRoot%\stsystra.exe [stsystra.exe] -> [2005/03/22 05:20:44 | 00,339,968 | ---- | M] (SigmaTel, Inc.)

"SunJavaUpdateSched" -> %ProgramFiles%\Java\jre6\bin\jusched.exe ["D:\Program Files\Java\jre6\bin\jusched.exe"] -> [2008/11/10 05:43:42 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.)

< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 

"AOL Fast Start" -> %ProgramFiles%\AOL 9.1\aol.exe ["D:\Program Files\AOL 9.1\AOL.EXE" -b] -> [2008/06/03 00:35:57 | 00,050,528 | ---- | M] (AOL, LLC.)

"swg" -> %ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe] -> [2008/12/19 06:47:41 | 00,068,856 | ---- | M] (Google Inc.)

"WMPNSCFG" -> %ProgramFiles%\Windows Media Player\wmpnscfg.exe [D:\Program Files\Windows Media Player\WMPNSCFG.exe] -> [2006/10/18 19:05:26 | 00,204,288 | ---- | M] (Microsoft Corporation)

< All Users Startup Folder > -> D:\Documents and Settings\All Users\Start Menu\Programs\Startup -> 

< Linda Startup Folder > -> D:\Documents and Settings\Linda\Start Menu\Programs\Startup -> 

< Software Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer -> 

< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer

\\"NoDriveAutoRun" ->  [67108863] -> File not found

\\"NoDriveTypeAutoRun" ->  [323] -> File not found

\\"NoDrives" ->  [0] -> File not found

< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System

\\"dontdisplaylastusername" ->  [0] -> File not found

\\"legalnoticecaption" ->  [] -> File not found

\\"legalnoticetext" ->  [] -> File not found

\\"shutdownwithoutlogon" ->  [1] -> File not found

\\"undockwithoutlogon" ->  [1] -> File not found

\\"DisableRegistryTools" ->  [0] -> File not found

< CurrentVersion Policy Settings - Explorer [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer

\\"NoDriveTypeAutoRun" ->  [323] -> File not found

\\"NoDriveAutoRun" ->  [67108863] -> File not found

\\"NoDrives" ->  [0] -> File not found

< CurrentVersion Policy Settings - System [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 

< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> 

&AOL Toolbar Search -> %ProgramFiles%\AOL\AOL Toolbar 5.0\resources\en-us\local\search.html [d:\program files\aol\aol toolbar 5.0\resources\en-US\local\search.html] -> [2006/09/07 15:59:50 | 00,000,747 | ---- | M] ()

< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 

{3369AF0D-62E9-4bda-8103-B4C75499B578}:{DE9C389F-3316-41A7-809B-AA305ED9D922} [HKLM] -> %ProgramFiles%\AOL\AOL Toolbar 5.0\aoltb.dll [Button: AOL Toolbar] -> [2007/03/23 15:35:30 | 01,025,584 | ---- | M] (AOL LLC)

{e2e2dd38-d088-4134-82b7-f2ba38496583}:Exec [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [Menu: @xpsp3res.dll,-20001] -> [2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)

{FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Button: Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

{FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Menu: Windows Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> 

CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] ->  [Reg Error: Value  does not exist or could not be read.] -> File not found

CmdMapping\\"{3369AF0D-62E9-4bda-8103-B4C75499B578}" [HKLM] -> %ProgramFiles%\AOL\AOL Toolbar 5.0\aoltb.dll [AOL Toolbar] -> [2007/03/23 15:35:30 | 01,025,584 | ---- | M] (AOL LLC)

CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 

PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 

PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> 

< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix

"" -> http://

< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> 

1 domain(s) and sub-domain(s) not assigned to a zone.

< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 

< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 56 domain(s) found. -> 

  .[msn] -> My Computer -> 

objects_aol.com [*] -> Out of zone range - ( 5 ) -> 

4 domain(s) and sub-domain(s) not assigned to a zone.

< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 30 range(s) found. -> 

< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 

{0CCA191D-13A6-4E29-B746-314DEE697D83} [HKLM] -> http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab [Facebook Photo Uploader 5 Control] -> 

{166B1BCA-3F9C-11CF-8075-444553540000} [HKLM] -> http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab [Shockwave ActiveX Control] -> 

{3107C2A8-9F0B-4404-A58B-21BD85268FBC} [HKLM] -> http://aol.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB [PogoWebLauncher Control] -> 

{406B5949-7190-4245-91A9-30A17DE16AD0} [HKLM] -> http://photo2.walgreens.com/WalgreensActivia.cab [Snapfish Activia] -> 

{48DD0448-9209-4F81-9F6D-D83562940134} [HKLM] -> http://lads.myspace.com/upload/MySpaceUploader1006.cab [MySpace Uploader Control] -> 

{5D637FAD-E202-48D1-8F18-5B9C459BD1E3} [HKLM] -> http://www.designamosaic.com/include/aurigma/ImageUploader5.cab [Image Uploader Control] -> 

{6414512B-B978-451D-A0D8-FCFDF33E833C} [HKLM] -> http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1221741592125 [WUWebControl Class] -> 

{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://dl8-cdn-01.sun.com/s/ESD5/JSCDL/jre/6u11-b90/jinstall-6u11-windows-i586-jc.cab?e=1229478304192&h=e8775c14a87798f227e8ed0cf8da06a1/&filename=jinstall-6u11-windows-i586-jc.cab [Java Plug-in 1.6.0_11] -> 

{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab [Reg Error: Key does not exist or could not be opened.] -> 

{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab [Reg Error: Key does not exist or could not be opened.] -> 

{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab [Java Plug-in 1.6.0_11] -> 

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab [Java Plug-in 1.6.0_11] -> 

{E06E2E99-0AA1-11D4-ABA6-0060082AA75C} [HKLM] ->  [Reg Error: Value  does not exist or could not be read.] -> 

{E5F5D008-DD2C-4D32-977D-1A0ADF03058B} [HKLM] -> https://webaccess.schneiderlogistics.com/dana-cached/setup/JuniperSetupSP1.cab [JuniperSetupSP1 Control] -> 

< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 

{03A30FB9-5946-42A5-B144-45B5D015E944} ->	(ARRIS TOUCHSTONE DEVICE) -> 

{E5737397-53BC-45EA-BE4F-B7A94D47E486} ->	(Intel(R) PRO/100 VE Network Connection) -> 

< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 

AtiExtEvent -> %SystemRoot%\system32\ati2evxx.dll -> [2007/09/29 02:57:56 | 00,122,880 | ---- | M] (ATI Technologies Inc.)

< Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List -> 

"%windir%\Network Diagnostic\xpnetdiag.exe" -> D:\WINDOWS\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> [2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)

"%windir%\system32\sessmgr.exe" -> D:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> [2008/04/13 19:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation)

"D:\Program Files\America Online 9.0\waol.exe" -> D:\Program Files\America Online 9.0\waol.exe [D:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0] -> [2004/04/28 13:03:14 | 00,238,792 | -H-- | M] (America Online, Inc.)

"D:\Program Files\AOL 9.1\waol.exe" -> D:\Program Files\AOL 9.1\waol.exe [D:\Program Files\AOL 9.1\waol.exe:*:Enabled:AOL 9.1] -> [2008/06/03 00:36:06 | 00,039,264 | ---- | M] (AOL, LLC.)

< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List -> 

"%windir%\Network Diagnostic\xpnetdiag.exe" -> D:\WINDOWS\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> [2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)

"%windir%\system32\sessmgr.exe" -> D:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> [2008/04/13 19:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation)

"D:\Program Files\America Online 9.0\waol.exe" -> D:\Program Files\America Online 9.0\waol.exe [D:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0] -> [2004/04/28 13:03:14 | 00,238,792 | -H-- | M] (America Online, Inc.)

"D:\Program Files\AOL 9.1\waol.exe" -> D:\Program Files\AOL 9.1\waol.exe [D:\Program Files\AOL 9.1\waol.exe:*:Enabled:AOL 9.1] -> [2008/06/03 00:36:06 | 00,039,264 | ---- | M] (AOL, LLC.)

"D:\Program Files\Bonjour\mDNSResponder.exe" -> D:\Program Files\Bonjour\mDNSResponder.exe [D:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour] -> [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.)

"D:\Program Files\Common Files\AOL\1221781625\ee\aolsoftware.exe" -> D:\Program Files\Common Files\AOL\1221781625\ee\aolsoftware.exe [D:\Program Files\Common Files\AOL\1221781625\ee\aolsoftware.exe:*:Enabled:AOL Shared Components] -> [2007/05/25 12:16:08 | 00,042,032 | ---- | M] (AOL LLC)

"D:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" -> D:\Program Files\Common Files\AOL\ACS\AOLacsd.exe [D:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL Connectivity Service] -> [2006/10/23 07:50:35 | 00,046,640 | R--- | M] (AOL LLC)

"D:\Program Files\Common Files\AOL\ACS\AOLDial.exe" -> D:\Program Files\Common Files\AOL\ACS\AOLDial.exe [D:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL Connectivity Service Dialer] -> [2006/10/23 07:50:37 | 00,071,216 | R--- | M] (AOL LLC)

"D:\Program Files\Common Files\AOL\Loader\aolload.exe" -> D:\Program Files\Common Files\AOL\Loader\aolload.exe [D:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader] -> [2006/11/03 02:17:27 | 00,010,800 | ---- | M] (AOL LLC)

"D:\Program Files\Common Files\AOL\System Information\sinf.exe" -> D:\Program Files\Common Files\AOL\System Information\sinf.exe [D:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL System Information] -> [2007/09/17 08:02:47 | 00,206,176 | ---- | M] (AOL LLC)

"D:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe" -> D:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe [D:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe:*:Enabled:AOL TopSpeed] -> [2007/04/02 07:33:32 | 00,063,120 | ---- | M] (AOL LLC)

"D:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe" -> D:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe [D:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:LocalSubNet:Enabled:Pure Networks Platform Service] -> [2008/04/09 00:15:12 | 00,648,504 | ---- | M] (Pure Networks, Inc.)

"D:\Program Files\iTunes\iTunes.exe" -> D:\Program Files\iTunes\iTunes.exe [D:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes] -> [2008/11/20 13:20:48 | 14,294,824 | ---- | M] (Apple Inc.)

"D:\Program Files\Messenger\msmsgs.exe" -> D:\Program Files\Messenger\msmsgs.exe [D:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

"D:\Program Files\Real\RealPlayer\realplay.exe" -> D:\Program Files\Real\RealPlayer\realplay.exe [D:\Program Files\Real\RealPlayer\realplay.exe:*:Disabled:RealPlayer] -> [2008/09/17 16:24:37 | 00,026,112 | ---- | M] (RealNetworks, Inc.)

< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> 

"AlternateShell" -> cmd.exe -> 

< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->

"AutoRun" -> 1 -> 

"DisplayName" -> CD-ROM Driver -> 

"ImagePath" -> %SystemRoot%\system32\drivers\cdrom.sys [System32\DRIVERS\cdrom.sys] -> [2008/04/13 14:40:46 | 00,062,976 | ---- | M] (Microsoft Corporation)

< Drives with AutoRun files > ->  -> 

C:\AUTOEXEC.BAT [] -> C:\AUTOEXEC.BAT [ NTFS ] -> [2008/09/17 16:11:57 | 00,000,000 | ---- | M] ()

< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> 

 

[Registry - Additional Scans - Safe List]

< ControlSets > -> HKEY_LOCAL_MACHINE\SYSTEM\Select -> 

HKEY_LOCAL_MACHINE\SYSTEM\Select

\\"Current" ->  [1] -> File not found

\\"Default" ->  [1] -> File not found

\\"Failed" ->  [0] -> File not found

\\"LastKnownGood" ->  [2] -> File not found

< File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ -> 

.bat [@ = batfile] -> "%1" %* -> 

.chm [@ = chm.file] -> %SystemRoot%\hh.exe -> [2008/04/13 19:12:21 | 00,010,752 | ---- | M] (Microsoft Corporation)

.cmd [@ = cmdfile] -> "%1" %* -> 

.com [@ = ComFile] -> "%1" %* -> 

.exe [@ = exefile] -> "%1" %* -> 

.hlp [@ = hlpfile] -> %SystemRoot%\system32\winhlp32.exe -> [2003/03/31 07:00:00 | 00,008,192 | ---- | M] (Microsoft Corporation)

.hta [@ = htafile] -> %SystemRoot%\system32\mshta.exe -> [2007/08/13 17:32:30 | 00,045,568 | ---- | M] (Microsoft Corporation)

.html [@ = htmlfile] -> %ProgramFiles%\Internet Explorer\iexplore.exe -> [2008/10/15 02:06:26 | 00,633,632 | ---- | M] (Microsoft Corporation)

.inf [@ = inffile] -> %SystemRoot%\system32\notepad.exe -> [2008/04/13 19:12:29 | 00,069,120 | ---- | M] (Microsoft Corporation)

.ini [@ = inifile] -> %SystemRoot%\system32\notepad.exe -> [2008/04/13 19:12:29 | 00,069,120 | ---- | M] (Microsoft Corporation)

.js [@ = JSFile] -> %SystemRoot%\system32\wscript.exe -> [2008/05/08 06:24:44 | 00,155,648 | ---- | M] (Microsoft Corporation)

.jse [@ = JSEFile] -> %SystemRoot%\system32\wscript.exe -> [2008/05/08 06:24:44 | 00,155,648 | ---- | M] (Microsoft Corporation)

.pif [@ = piffile] -> "%1" %* -> 

.reg [@ = regfile] -> %SystemRoot%\regedit.exe -> [2008/04/13 19:12:32 | 00,146,432 | ---- | M] (Microsoft Corporation)

.scr [@ = scrfile] -> "%1" /S -> 

.txt [@ = txtfile] -> %SystemRoot%\system32\notepad.exe -> [2008/04/13 19:12:29 | 00,069,120 | ---- | M] (Microsoft Corporation)

.vbe [@ = VBEFile] -> %SystemRoot%\system32\wscript.exe -> [2008/05/08 06:24:44 | 00,155,648 | ---- | M] (Microsoft Corporation)

.vbs [@ = VBSFile] -> %SystemRoot%\system32\wscript.exe -> [2008/05/08 06:24:44 | 00,155,648 | ---- | M] (Microsoft Corporation)

.wsf [@ = WSFFile] -> %SystemRoot%\system32\wscript.exe -> [2008/05/08 06:24:44 | 00,155,648 | ---- | M] (Microsoft Corporation)

.wsh [@ = WSHFile] -> %SystemRoot%\system32\wscript.exe -> [2008/05/08 06:24:44 | 00,155,648 | ---- | M] (Microsoft Corporation)

< Security Center Settings > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center

\\"AntiVirusDisableNotify" ->  [0] -> File not found

\\"FirewallDisableNotify" ->  [0] -> File not found

\\"UpdatesDisableNotify" ->  [0] -> File not found

\\"AntiVirusOverride" ->  [0] -> File not found

\\"FirewallOverride" ->  [0] -> File not found

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus

\Monitoring\McAfeeAntiVirus\\"DisableMonitoring" ->  [1] -> File not found

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall

\Monitoring\McAfeeFirewall\\"DisableMonitoring" ->  [1] -> File not found

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> -> 

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> -> 

< Tcpip Persistent Routes > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes -> 

 

[Files/Folders - Created Within 30 Days]

5 D:\WINDOWS\*.tmp files -> D:\WINDOWS\*.tmp -> 

_OTScanIt -> %SystemDrive%\_OTScanIt -> [2009/01/23 15:26:50 | 00,000,000 | ---D | C]

OTScanIt2 -> %UserProfile%\Desktop\OTScanIt2 -> [2009/01/22 23:16:39 | 00,000,000 | ---D | C]

OTScanIt2.exe -> %UserProfile%\Desktop\OTScanIt2.exe -> [2009/01/22 23:11:10 | 00,656,730 | ---- | C] ()

Len and Katie.jpg -> %UserProfile%\Desktop\Len and Katie.jpg -> [2009/01/22 22:53:47 | 00,028,410 | ---- | C] ()

Malwarebytes -> %AppData%\Malwarebytes -> [2009/01/22 21:00:38 | 00,000,000 | ---D | C]

RECYCLER -> %SystemDrive%\RECYCLER -> [2009/01/22 20:35:13 | 00,000,000 | -HSD | C]

PSEXESVC.EXE -> %SystemRoot%\PSEXESVC.EXE -> [2009/01/22 20:32:04 | 00,053,248 | ---- | C] (Sysinternals)

SWXCACLS.exe -> %SystemRoot%\SWXCACLS.exe -> [2009/01/22 20:16:09 | 00,212,480 | ---- | C] (SteelWerX)

SWREG.exe -> %SystemRoot%\SWREG.exe -> [2009/01/22 20:16:09 | 00,161,792 | ---- | C] (SteelWerX)

SWSC.exe -> %SystemRoot%\SWSC.exe -> [2009/01/22 20:16:09 | 00,136,704 | ---- | C] (SteelWerX)

sed.exe -> %SystemRoot%\sed.exe -> [2009/01/22 20:16:09 | 00,098,816 | ---- | C] ()

fdsv.exe -> %SystemRoot%\fdsv.exe -> [2009/01/22 20:16:09 | 00,089,504 | ---- | C] (Smallfrogs Studio)

grep.exe -> %SystemRoot%\grep.exe -> [2009/01/22 20:16:09 | 00,080,412 | ---- | C] ()

zip.exe -> %SystemRoot%\zip.exe -> [2009/01/22 20:16:09 | 00,068,096 | ---- | C] ()

VFIND.exe -> %SystemRoot%\VFIND.exe -> [2009/01/22 20:16:09 | 00,049,152 | ---- | C] ()

NIRCMD.exe -> %SystemRoot%\NIRCMD.exe -> [2009/01/22 20:16:09 | 00,029,696 | ---- | C] (NirSoft)

Combo-Fix -> %SystemDrive%\Combo-Fix -> [2009/01/22 20:16:02 | 00,000,000 | ---D | C]

Qoobox -> %SystemDrive%\Qoobox -> [2009/01/22 20:14:26 | 00,000,000 | ---D | C]

ERDNT -> %SystemRoot%\ERDNT -> [2009/01/22 20:14:26 | 00,000,000 | ---D | C]

Combo-Fix.exe -> %UserProfile%\Desktop\Combo-Fix.exe -> [2009/01/22 19:54:44 | 03,048,418 | R--- | C] ()

dds.scr -> %UserProfile%\Desktop\dds.scr -> [2009/01/22 18:48:05 | 00,368,971 | ---- | C] ()

mbam.sys -> %SystemRoot%\System32\drivers\mbam.sys -> [2009/01/21 17:58:31 | 00,015,504 | ---- | C] (Malwarebytes Corporation)

Malwarebytes' Anti-Malware.lnk -> %AllUsersProfile%\Desktop\Malwarebytes' Anti-Malware.lnk -> [2009/01/21 17:58:31 | 00,000,696 | ---- | C] ()

mbamswissarmy.sys -> %SystemRoot%\System32\drivers\mbamswissarmy.sys -> [2009/01/21 17:58:29 | 00,038,496 | ---- | C] (Malwarebytes Corporation)

Malwarebytes' Anti-Malware -> %ProgramFiles%\Malwarebytes' Anti-Malware -> [2009/01/21 17:58:28 | 00,000,000 | ---D | C]

Malwarebytes -> %AllUsersProfile%\Application Data\Malwarebytes -> [2009/01/21 17:58:28 | 00,000,000 | ---D | C]

mbam-setup.exe -> %UserProfile%\Desktop\mbam-setup.exe -> [2009/01/21 17:48:02 | 02,737,800 | ---- | C] (Malwarebytes Corporation									)

Config.Msi -> %SystemDrive%\Config.Msi -> [2009/01/20 18:23:36 | 00,000,000 | -HSD | C]

SUPERAntiSpyware.exe -> %UserProfile%\Desktop\SUPERAntiSpyware.exe -> [2009/01/20 18:18:58 | 05,953,568 | ---- | C] ()

JC_Penney_1977[1].pdf -> %UserProfile%\My Documents\JC_Penney_1977[1].pdf -> [2009/01/16 14:32:13 | 00,358,576 | ---- | C] ()

application.pdf -> %UserProfile%\Desktop\application.pdf -> [2009/01/13 18:59:28 | 01,308,017 | ---- | C] ()

Random Pics -> %UserProfile%\Desktop\Random Pics -> [2009/01/08 21:27:30 | 00,000,000 | ---D | C]

gettingtoknowyourfriends.rtf -> %UserProfile%\My Documents\gettingtoknowyourfriends.rtf -> [2008/12/31 06:19:52 | 00,003,159 | ---- | C] ()

Christmas 4 -> %UserProfile%\Desktop\Christmas 4 -> [2008/12/29 21:51:36 | 00,000,000 | ---D | C]

Christmas 3 -> %UserProfile%\Desktop\Christmas 3 -> [2008/12/29 21:51:15 | 00,000,000 | ---D | C]

Christmas 2 -> %UserProfile%\Desktop\Christmas 2 -> [2008/12/29 21:50:58 | 00,000,000 | ---D | C]

Christmas 1 -> %UserProfile%\Desktop\Christmas 1 -> [2008/12/29 21:50:35 | 00,000,000 | ---D | C]

Christmas Pics.zip -> %UserProfile%\Desktop\Christmas Pics.zip -> [2008/12/29 20:22:42 | 12,649,252 | ---- | C] ()

Christmas Pics -> %UserProfile%\Desktop\Christmas Pics -> [2008/12/29 19:17:23 | 00,000,000 | ---D | C]

Brian's Wii -> %UserProfile%\Desktop\Brian's Wii -> [2008/12/26 17:19:25 | 00,000,000 | ---D | C]

IMG_4053.JPG -> %SystemDrive%\IMG_4053.JPG -> [2008/12/25 12:46:27 | 00,187,765 | ---- | C] ()

IMG_4052.JPG -> %SystemDrive%\IMG_4052.JPG -> [2008/12/25 12:46:27 | 00,182,931 | ---- | C] ()

IMG_4051.JPG -> %SystemDrive%\IMG_4051.JPG -> [2008/12/25 12:46:27 | 00,164,884 | ---- | C] ()

MVI_4079.THM -> %SystemDrive%\MVI_4079.THM -> [2008/12/25 12:45:56 | 00,008,678 | ---- | C] ()

MVI_4079.AVI -> %SystemDrive%\MVI_4079.AVI -> [2008/12/25 12:45:53 | 55,292,754 | ---- | C] ()

MVI_4078.THM -> %SystemDrive%\MVI_4078.THM -> [2008/12/25 12:45:53 | 00,007,486 | ---- | C] ()

MVI_4078.AVI -> %SystemDrive%\MVI_4078.AVI -> [2008/12/25 12:45:50 | 57,540,952 | ---- | C] ()

MVI_4076.THM -> %SystemDrive%\MVI_4076.THM -> [2008/12/25 12:45:50 | 00,008,180 | ---- | C] ()

MVI_4076.AVI -> %SystemDrive%\MVI_4076.AVI -> [2008/12/25 12:45:48 | 45,555,046 | ---- | C] ()

MVI_4073.THM -> %SystemDrive%\MVI_4073.THM -> [2008/12/25 12:45:48 | 00,008,958 | ---- | C] ()

MVI_4073.AVI -> %SystemDrive%\MVI_4073.AVI -> [2008/12/25 12:45:43 | 10,739,8276 | ---- | C] ()

MVI_4062.THM -> %SystemDrive%\MVI_4062.THM -> [2008/12/25 12:45:43 | 00,007,800 | ---- | C] ()

MVI_4062.AVI -> %SystemDrive%\MVI_4062.AVI -> [2008/12/25 12:45:39 | 59,860,070 | ---- | C] ()

MVI_4060.AVI -> %SystemDrive%\MVI_4060.AVI -> [2008/12/25 12:45:39 | 13,500,984 | ---- | C] ()

IMG_4072.JPG -> %SystemDrive%\IMG_4072.JPG -> [2008/12/25 12:45:39 | 00,081,682 | ---- | C] ()

IMG_4064.JPG -> %SystemDrive%\IMG_4064.JPG -> [2008/12/25 12:45:39 | 00,075,710 | ---- | C] ()

IMG_4065.JPG -> %SystemDrive%\IMG_4065.JPG -> [2008/12/25 12:45:39 | 00,061,411 | ---- | C] ()

IMG_4077.JPG -> %SystemDrive%\IMG_4077.JPG -> [2008/12/25 12:45:39 | 00,058,967 | ---- | C] ()

IMG_4082.JPG -> %SystemDrive%\IMG_4082.JPG -> [2008/12/25 12:45:39 | 00,049,901 | ---- | C] ()

IMG_4085.JPG -> %SystemDrive%\IMG_4085.JPG -> [2008/12/25 12:45:39 | 00,049,205 | ---- | C] ()

IMG_4081.JPG -> %SystemDrive%\IMG_4081.JPG -> [2008/12/25 12:45:39 | 00,047,650 | ---- | C] ()

IMG_4066.JPG -> %SystemDrive%\IMG_4066.JPG -> [2008/12/25 12:45:39 | 00,047,395 | ---- | C] ()

IMG_4083.JPG -> %SystemDrive%\IMG_4083.JPG -> [2008/12/25 12:45:39 | 00,047,362 | ---- | C] ()

IMG_4067.JPG -> %SystemDrive%\IMG_4067.JPG -> [2008/12/25 12:45:39 | 00,045,443 | ---- | C] ()

IMG_4084.JPG -> %SystemDrive%\IMG_4084.JPG -> [2008/12/25 12:45:39 | 00,044,314 | ---- | C] ()

IMG_4075.JPG -> %SystemDrive%\IMG_4075.JPG -> [2008/12/25 12:45:39 | 00,043,104 | ---- | C] ()

IMG_4074.JPG -> %SystemDrive%\IMG_4074.JPG -> [2008/12/25 12:45:39 | 00,042,016 | ---- | C] ()

IMG_4068.JPG -> %SystemDrive%\IMG_4068.JPG -> [2008/12/25 12:45:39 | 00,041,521 | ---- | C] ()

IMG_4070.JPG -> %SystemDrive%\IMG_4070.JPG -> [2008/12/25 12:45:39 | 00,040,868 | ---- | C] ()

IMG_4069.JPG -> %SystemDrive%\IMG_4069.JPG -> [2008/12/25 12:45:39 | 00,030,286 | ---- | C] ()

MVI_4060.THM -> %SystemDrive%\MVI_4060.THM -> [2008/12/25 12:45:39 | 00,008,620 | ---- | C] ()

IMG_4057.JPG -> %SystemDrive%\IMG_4057.JPG -> [2008/12/25 12:45:38 | 00,068,578 | ---- | C] ()

IMG_4058.JPG -> %SystemDrive%\IMG_4058.JPG -> [2008/12/25 12:45:38 | 00,068,138 | ---- | C] ()

IMG_4061.JPG -> %SystemDrive%\IMG_4061.JPG -> [2008/12/25 12:45:38 | 00,065,944 | ---- | C] ()

IMG_4063.JPG -> %SystemDrive%\IMG_4063.JPG -> [2008/12/25 12:45:38 | 00,065,086 | ---- | C] ()

IMG_4059.JPG -> %SystemDrive%\IMG_4059.JPG -> [2008/12/25 12:45:38 | 00,040,576 | ---- | C] ()

 

[Files/Folders - Modified Within 30 Days]

4 D:\WINDOWS\System32\*.tmp files -> D:\WINDOWS\System32\*.tmp -> 

5 D:\WINDOWS\*.tmp files -> D:\WINDOWS\*.tmp -> 

1 D:\WINDOWS\Temp\*.tmp files -> D:\WINDOWS\Temp\*.tmp -> 

iTunes.lnk -> %AllUsersProfile%\Desktop\iTunes.lnk -> [2009/01/23 14:23:32 | 00,002,137 | ---- | M] ()

Perflib_Perfdata_844.dat -> %SystemRoot%\Temp\Perflib_Perfdata_844.dat -> [2009/01/23 11:43:30 | 00,016,384 | ---- | M] ()

win.ini -> %SystemRoot%\win.ini -> [2009/01/23 10:51:46 | 00,000,622 | ---- | M] ()

Config.MPF -> %SystemRoot%\System32\Config.MPF -> [2009/01/23 10:51:25 | 00,019,183 | ---- | M] ()

Perflib_Perfdata_67c.dat -> %SystemRoot%\Temp\Perflib_Perfdata_67c.dat -> [2009/01/23 10:50:41 | 00,000,000 | ---- | M] ()

wpa.dbl -> %SystemRoot%\System32\wpa.dbl -> [2009/01/23 10:50:30 | 00,002,422 | ---- | M] ()

SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [2009/01/23 10:50:28 | 00,000,006 | -H-- | M] ()

bootstat.dat -> %SystemRoot%\bootstat.dat -> [2009/01/23 10:50:25 | 00,002,048 | --S- | M] ()

ntuser.dat -> %UserProfile%\ntuser.dat -> [2009/01/23 01:36:23 | 03,670,016 | ---- | M] ()

ntuser.ini -> %UserProfile%\ntuser.ini -> [2009/01/23 01:36:23 | 00,000,178 | -HS- | M] ()

IconCache.db -> %UserProfile%\Local Settings\Application Data\IconCache.db -> [2009/01/23 01:35:52 | 04,831,920 | -H-- | M] ()

OTScanIt2.exe -> %UserProfile%\Desktop\OTScanIt2.exe -> [2009/01/23 00:26:08 | 00,656,730 | ---- | M] ()

lexstat.ini -> %SystemRoot%\lexstat.ini -> [2009/01/22 23:12:03 | 00,000,415 | ---- | M] ()

sfdb.dat -> %UserProfile%\Local Settings\temp\jkos-Linda\engine\bases\sfdb.dat -> [2009/01/22 23:09:54 | 00,204,068 | ---- | M] ()

Len and Katie.jpg -> %UserProfile%\Desktop\Len and Katie.jpg -> [2009/01/22 22:52:49 | 00,028,410 | ---- | M] ()

kosglue-7.0.25.0.dll -> %UserProfile%\Local Settings\temp\jkos-Linda\binaries\kosglue-7.0.25.0.dll -> [2009/01/22 22:35:00 | 00,729,152 | ---- | M] (Kaspersky Lab)

prremote.dll -> %UserProfile%\Local Settings\temp\jkos-Linda\binaries\prremote.dll -> [2009/01/22 22:35:00 | 00,090,112 | ---- | M] (Kaspersky Lab)

msvcr80.dll -> %UserProfile%\Local Settings\temp\jkos-Linda\binaries\msvcr80.dll -> [2009/01/22 22:34:59 | 00,626,688 | ---- | M] (Microsoft Corporation)

msvcp80.dll -> %UserProfile%\Local Settings\temp\jkos-Linda\binaries\msvcp80.dll -> [2009/01/22 22:34:59 | 00,548,864 | ---- | M] (Microsoft Corporation)

kave.dll -> %UserProfile%\Local Settings\temp\jkos-Linda\binaries\kave.dll -> [2009/01/22 22:34:59 | 00,282,624 | ---- | M] (Kaspersky Lab.)

prLoader.dll -> %UserProfile%\Local Settings\temp\jkos-Linda\binaries\prLoader.dll -> [2009/01/22 22:34:59 | 00,184,320 | ---- | M] (Kaspersky Lab)

ikave.dll -> %UserProfile%\Local Settings\temp\jkos-Linda\binaries\ikave.dll -> [2009/01/22 22:34:59 | 00,065,536 | ---- | M] ()

ScanningProcess.exe -> %UserProfile%\Local Settings\temp\jkos-Linda\binaries\ScanningProcess.exe -> [2009/01/22 22:34:58 | 00,139,264 | ---- | M] (Kaspersky Lab.)

FSSync.dll -> %UserProfile%\Local Settings\temp\jkos-Linda\binaries\FSSync.dll -> [2009/01/22 22:34:58 | 00,038,400 | ---- | M] (Kaspersky Lab)

msvcm80.dll -> %UserProfile%\Local Settings\temp\jkos-Linda\binaries\msvcm80.dll -> [2009/01/22 22:34:57 | 00,479,232 | ---- | M] (Microsoft Corporation)

PSEXESVC.EXE -> %SystemRoot%\PSEXESVC.EXE -> [2009/01/22 20:33:29 | 00,053,248 | ---- | M] (Sysinternals)

system.ini -> %SystemRoot%\system.ini -> [2009/01/22 20:32:10 | 00,000,227 | ---- | M] ()

Combo-Fix.exe -> %UserProfile%\Desktop\Combo-Fix.exe -> [2009/01/22 20:15:47 | 03,048,418 | R--- | M] ()

dds.scr -> %UserProfile%\Desktop\dds.scr -> [2009/01/22 18:48:26 | 00,368,971 | ---- | M] ()

Malwarebytes' Anti-Malware.lnk -> %AllUsersProfile%\Desktop\Malwarebytes' Anti-Malware.lnk -> [2009/01/21 17:58:31 | 00,000,696 | ---- | M] ()

mbam-setup.exe -> %UserProfile%\Desktop\mbam-setup.exe -> [2009/01/21 17:48:02 | 02,737,800 | ---- | M] (Malwarebytes Corporation									)

SUPERAntiSpyware.exe -> %UserProfile%\Desktop\SUPERAntiSpyware.exe -> [2009/01/20 18:18:58 | 05,953,568 | ---- | M] ()

DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %UserProfile%\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2009/01/18 16:02:00 | 00,022,016 | ---- | M] ()

AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job -> [2009/01/16 16:28:01 | 00,000,284 | ---- | M] ()

JC_Penney_1977[1].pdf -> %UserProfile%\My Documents\JC_Penney_1977[1].pdf -> [2009/01/16 14:32:22 | 00,358,576 | ---- | M] ()

mbamswissarmy.sys -> %SystemRoot%\System32\drivers\mbamswissarmy.sys -> [2009/01/14 16:11:32 | 00,038,496 | ---- | M] (Malwarebytes Corporation)

mbam.sys -> %SystemRoot%\System32\drivers\mbam.sys -> [2009/01/14 16:11:28 | 00,015,504 | ---- | M] (Malwarebytes Corporation)

qmgr0.dat -> %AllUsersProfile%\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [2009/01/14 06:37:22 | 00,005,529 | ---- | M] ()

qmgr1.dat -> %AllUsersProfile%\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [2009/01/14 06:37:22 | 00,004,232 | ---- | M] ()

application.pdf -> %UserProfile%\Desktop\application.pdf -> [2009/01/13 18:59:28 | 01,308,017 | ---- | M] ()

MRT.exe -> %SystemRoot%\System32\MRT.exe -> [2009/01/09 20:35:28 | 20,853,704 | ---- | M] (Microsoft Corporation)

gettingtoknowyourfriends.rtf -> %UserProfile%\My Documents\gettingtoknowyourfriends.rtf -> [2008/12/31 06:19:52 | 00,003,159 | ---- | M] ()

Christmas Pics.zip -> %UserProfile%\Desktop\Christmas Pics.zip -> [2008/12/29 21:38:00 | 12,649,252 | ---- | M] ()

IMG_4082.JPG -> %SystemDrive%\IMG_4082.JPG -> [2008/12/25 12:41:46 | 00,049,901 | ---- | M] ()

IMG_4083.JPG -> %SystemDrive%\IMG_4083.JPG -> [2008/12/25 12:41:46 | 00,047,362 | ---- | M] ()

IMG_4084.JPG -> %SystemDrive%\IMG_4084.JPG -> [2008/12/25 12:41:46 | 00,044,314 | ---- | M] ()

IMG_4085.JPG -> %SystemDrive%\IMG_4085.JPG -> [2008/12/25 12:41:44 | 00,049,205 | ---- | M] ()

IMG_4081.JPG -> %SystemDrive%\IMG_4081.JPG -> [2008/12/25 12:41:44 | 00,047,650 | ---- | M] ()

MVI_4079.AVI -> %SystemDrive%\MVI_4079.AVI -> [2008/12/25 12:41:43 | 55,292,754 | ---- | M] ()

MVI_4078.AVI -> %SystemDrive%\MVI_4078.AVI -> [2008/12/25 12:41:35 | 57,540,952 | ---- | M] ()

MVI_4079.THM -> %SystemDrive%\MVI_4079.THM -> [2008/12/25 12:41:35 | 00,008,678 | ---- | M] ()

MVI_4076.AVI -> %SystemDrive%\MVI_4076.AVI -> [2008/12/25 12:41:26 | 45,555,046 | ---- | M] ()

IMG_4077.JPG -> %SystemDrive%\IMG_4077.JPG -> [2008/12/25 12:41:26 | 00,058,967 | ---- | M] ()

MVI_4078.THM -> %SystemDrive%\MVI_4078.THM -> [2008/12/25 12:41:26 | 00,007,486 | ---- | M] ()

IMG_4075.JPG -> %SystemDrive%\IMG_4075.JPG -> [2008/12/25 12:41:20 | 00,043,104 | ---- | M] ()

MVI_4076.THM -> %SystemDrive%\MVI_4076.THM -> [2008/12/25 12:41:20 | 00,008,180 | ---- | M] ()

MVI_4073.AVI -> %SystemDrive%\MVI_4073.AVI -> [2008/12/25 12:41:19 | 10,739,8276 | ---- | M] ()

IMG_4074.JPG -> %SystemDrive%\IMG_4074.JPG -> [2008/12/25 12:41:19 | 00,042,016 | ---- | M] ()

IMG_4070.JPG -> %SystemDrive%\IMG_4070.JPG -> [2008/12/25 12:41:06 | 00,040,868 | ---- | M] ()

IMG_4069.JPG -> %SystemDrive%\IMG_4069.JPG -> [2008/12/25 12:41:05 | 00,030,286 | ---- | M] ()

IMG_4072.JPG -> %SystemDrive%\IMG_4072.JPG -> [2008/12/25 12:41:04 | 00,081,682 | ---- | M] ()

IMG_4063.JPG -> %SystemDrive%\IMG_4063.JPG -> [2008/12/25 12:41:04 | 00,065,086 | ---- | M] ()

MVI_4073.THM -> %SystemDrive%\MVI_4073.THM -> [2008/12/25 12:41:04 | 00,008,958 | ---- | M] ()

IMG_4065.JPG -> %SystemDrive%\IMG_4065.JPG -> [2008/12/25 12:41:03 | 00,061,411 | ---- | M] ()

IMG_4066.JPG -> %SystemDrive%\IMG_4066.JPG -> [2008/12/25 12:41:03 | 00,047,395 | ---- | M] ()

IMG_4067.JPG -> %SystemDrive%\IMG_4067.JPG -> [2008/12/25 12:41:03 | 00,045,443 | ---- | M] ()

IMG_4068.JPG -> %SystemDrive%\IMG_4068.JPG -> [2008/12/25 12:41:03 | 00,041,521 | ---- | M] ()

MVI_4062.AVI -> %SystemDrive%\MVI_4062.AVI -> [2008/12/25 12:41:02 | 59,860,070 | ---- | M] ()

IMG_4064.JPG -> %SystemDrive%\IMG_4064.JPG -> [2008/12/25 12:41:02 | 00,075,710 | ---- | M] ()

MVI_4062.THM -> %SystemDrive%\MVI_4062.THM -> [2008/12/25 12:40:54 | 00,007,800 | ---- | M] ()

MVI_4060.AVI -> %SystemDrive%\MVI_4060.AVI -> [2008/12/25 12:40:53 | 13,500,984 | ---- | M] ()

IMG_4061.JPG -> %SystemDrive%\IMG_4061.JPG -> [2008/12/25 12:40:53 | 00,065,944 | ---- | M] ()

IMG_4053.JPG -> %SystemDrive%\IMG_4053.JPG -> [2008/12/25 12:40:50 | 00,187,765 | ---- | M] ()

IMG_4052.JPG -> %SystemDrive%\IMG_4052.JPG -> [2008/12/25 12:40:50 | 00,182,931 | ---- | M] ()

IMG_4051.JPG -> %SystemDrive%\IMG_4051.JPG -> [2008/12/25 12:40:50 | 00,164,884 | ---- | M] ()

IMG_4057.JPG -> %SystemDrive%\IMG_4057.JPG -> [2008/12/25 12:40:49 | 00,068,578 | ---- | M] ()

IMG_4058.JPG -> %SystemDrive%\IMG_4058.JPG -> [2008/12/25 12:40:49 | 00,068,138 | ---- | M] ()

IMG_4059.JPG -> %SystemDrive%\IMG_4059.JPG -> [2008/12/25 12:40:49 | 00,040,576 | ---- | M] ()

MVI_4060.THM -> %SystemDrive%\MVI_4060.THM -> [2008/12/25 12:40:49 | 00,008,620 | ---- | M] ()

[CatchMe Rootkit Scan by GMER]

< Windows folder & sub-folders >

scanning hidden processes ...

IPC error: 2 The system cannot find the file specified.

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully

hidden processes: 0

hidden services: 0

hidden files: 0

< Document and Settings folder & sub folders >

scanning hidden files ...

IPC error: 2 The system cannot find the file specified.

D:\Documents and Settings\All Users\Application Data\TEMP:FF981A7F 157 bytes

scan completed successfully

hidden files: 90

 

< End of report >

Attached Files



#15 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,695 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:06:24 AM

Posted 23 January 2009 - 06:29 PM

Hi, frstmate72 :thumbup2:

How is the computer doing?

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users