Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible CoolWebSearch infection/ Computer 2


  • This topic is locked This topic is locked
7 replies to this topic

#1 SkitsoSquirrel

SkitsoSquirrel

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:54 PM

Posted 14 March 2009 - 08:36 PM

I ran a spyware terminator scan on my laptop. I came up with a CoolWebSearch infection. I deleted it. Now, however, everytime I turn on, off or try to get the task manager, a pop-up comes up saying

"LogonUI.exe - Unable To Locate Component

This application has failed to start because Image.dll was not found. Re-installing the application may fix this problem."

I've looked on other sites with people that have had the same problem and some people say this might be a legitimate file that the spyware defender didn't recognize correctly, and others say it's part of the spyware. Any help would be greatly appreciated.

-Nicole


DDS (Ver_09-02-01.01) - NTFSx86
Run by Nicole at 21:12:03.13 on Sat 03/14/2009
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_12
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2038.886 [GMT -4:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Bonjour\mDNSResponder.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Nexon\MapleStory\npkcmsvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Windows\vsnp2uvc.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\EzButton\EzButton.EXE
C:\Program Files\Lenovo\EnergyCut\utilty.exe
C:\Program Files\Lenovo\EnergyCut\EnergyCut.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Lenovo\VeriFace\PManage.exe
C:\Program Files\Lenovo\ShuttleCenter\PCMService.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.Exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\ehome\ehmsas.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Windows\ehome\ehsched.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Windows\ehome\ehRecvr.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Nicole\Downloads\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://lenovo.live.com/
mDefault_Page_URL = hxxp://www.lenovo.com
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: AOL Toolbar Loader: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol toolbar\aoltb.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
BHO: NoExplorer - No File
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol toolbar\aoltb.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Aim6]
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [snp2uvc] c:\windows\vsnp2uvc.exe
mRun: [SMSERIAL] c:\program files\motorola\smserial\sm56hlpr.exe
mRun: [EzButton] c:\progra~1\ezbutton\EzButton.EXE
mRun: [EnergyUtility] c:\program files\lenovo\energycut\utilty.exe
mRun: [EnergyCut] c:\program files\lenovo\energycut\EnergyCut.exe
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [VeriFacePassManager] c:\program files\lenovo\veriface\PManage.exe
mRun: [PCMService] "c:\program files\lenovo\shuttlecenter\PCMService.exe"
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [McENUI] c:\progra~1\mcafee\mhn\McENUI.exe /hide
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Skytel] Skytel.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [SpywareTerminator] "c:\program files\spyware terminator\SpywareTerminatorShield.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\kodake~1.lnk - c:\program files\kodak\kodak easyshare software\bin\EasyShare.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &AOL Toolbar Search - c:\programdata\aol\ietoolbar\resources\en-us\local\search.html
IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {7F9DB11C-E358-4ca6-A83D-ACC663939424} - {9999A076-A9E2-4C99-8A2B-632FC9429223} - c:\program files\bonjour\ExplorerPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Notify: igfxcui - igfxdev.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\nicole\appdata\roaming\mozilla\firefox\profiles\pu78qq7x.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.subeta.net
FF - component: c:\users\nicole\appdata\roaming\mozilla\firefox\profiles\pu78qq7x.default\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}\components\WinampPlayer.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll

============= SERVICES / DRIVERS ===============

R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2009-3-3 142592]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-1-3 24652]
R3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\drivers\AcpiVpc.sys [2007-9-29 11776]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2007-2-8 179712]
R3 CapFilt;CapFilt;c:\windows\system32\drivers\CapFilt.sys [2007-9-29 17536]

=============== Created Last 30 ================

2009-03-10 15:01 268,288 a------- c:\windows\system32\schannel.dll
2009-03-10 15:01 2,033,152 a------- c:\windows\system32\win32k.sys
2009-03-06 20:35 0 a---h--- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-03-06 02:31 <DIR> --d----- c:\programdata\Spybot - Search & Destroy
2009-03-06 02:31 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-03-06 02:31 <DIR> --d----- c:\progra~2\Spybot - Search & Destroy
2009-03-06 00:51 <DIR> --d----- c:\program files\Trend Micro
2009-03-06 00:48 410,984 a------- c:\windows\system32\deploytk.dll
2009-03-05 23:04 236,885,796 a------- c:\windows\MEMORY.DMP
2009-03-05 19:15 <DIR> a-d----- c:\programdata\TEMP
2009-03-05 19:14 <DIR> --d----- c:\programdata\PC Tools
2009-03-05 19:14 <DIR> --d----- c:\progra~2\PC Tools
2009-03-03 23:07 <DIR> --d----- c:\program files\Diablo II
2009-03-03 22:39 <DIR> --d----- c:\programdata\Lavasoft
2009-03-03 22:39 <DIR> --d----- c:\program files\Lavasoft
2009-03-03 22:37 4,667 a------- c:\windows\system32\BIN_STRSBW.SPT
2009-03-03 21:48 142,592 a------- c:\windows\system32\drivers\sp_rsdrv2.sys
2009-03-03 21:48 <DIR> --d----- c:\users\nicole\appdata\roaming\Spyware Terminator
2009-03-03 21:48 <DIR> --d----- c:\programdata\Spyware Terminator
2009-03-03 21:48 <DIR> --d----- c:\progra~2\Spyware Terminator
2009-03-03 21:48 <DIR> --d----- c:\program files\Spyware Terminator
2009-03-03 19:54 97,800 a------- c:\windows\system32\infocardapi.dll
2009-03-03 19:54 105,016 a------- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-03-03 19:54 37,384 a------- c:\windows\system32\infocardcpl.cpl
2009-03-03 19:54 622,080 a------- c:\windows\system32\icardagt.exe
2009-03-03 19:54 43,544 a------- c:\windows\system32\PresentationHostProxy.dll
2009-03-03 19:54 11,264 a------- c:\windows\system32\icardres.dll
2009-03-03 19:54 781,344 a------- c:\windows\system32\PresentationNative_v0300.dll
2009-03-03 19:54 326,160 a------- c:\windows\system32\PresentationHost.exe
2009-03-03 19:44 96,760 a------- c:\windows\system32\dfshim.dll
2009-03-03 19:44 282,112 a------- c:\windows\system32\mscoree.dll
2009-03-03 19:44 41,984 a------- c:\windows\system32\netfxperf.dll
2009-03-03 19:43 158,720 a------- c:\windows\system32\mscorier.dll
2009-03-03 19:43 83,968 a------- c:\windows\system32\mscories.dll
2009-03-03 19:40 8,147,456 a------- c:\windows\system32\wmploc.DLL
2009-03-03 19:40 7,680 a------- c:\windows\system32\spwmp.dll
2009-03-03 19:40 4,096 a------- c:\windows\system32\msdxm.ocx
2009-03-03 19:40 4,096 a------- c:\windows\system32\dxmasf.dll
2009-03-03 19:31 428,544 a------- c:\windows\system32\EncDec.dll
2009-03-03 19:31 217,088 a------- c:\windows\system32\psisrndr.ax
2009-03-03 19:31 293,376 a------- c:\windows\system32\psisdecd.dll
2009-03-03 19:31 177,664 a------- c:\windows\system32\mpg2splt.ax
2009-03-03 19:31 80,896 a------- c:\windows\system32\MSNP.ax
2009-03-03 19:29 827,392 a------- c:\windows\system32\wininet.dll
2009-03-03 19:29 1,383,424 a------- c:\windows\system32\mshtml.tlb
2009-03-03 19:29 288,768 a------- c:\windows\system32\drivers\srv.sys

==================== Find3M ====================

2009-01-05 00:02 143,360 a------- c:\windows\inf\infstrng.dat
2009-01-05 00:02 86,016 a------- c:\windows\inf\infstor.dat
2009-01-05 00:02 51,200 a------- c:\windows\inf\infpub.dat
2009-01-04 01:27 174 a--sh--- c:\program files\desktop.ini
2009-01-04 01:13 665,600 a------- c:\windows\inf\drvindex.dat
2009-01-04 00:56 101,888 a------- c:\windows\system32\ifxcardm.dll
2009-01-04 00:56 82,432 a------- c:\windows\system32\axaltocm.dll
2009-01-01 20:12 269,312 a------- c:\windows\system32\es.dll
2008-12-25 00:17 118,784 a------- c:\windows\DiabUnin.exe
2008-12-25 00:17 6,791 a------- c:\windows\DiabUnin.dat
2008-12-25 00:17 2,829 a------- c:\windows\DiabUnin.pif
2008-12-23 22:59 361,984 a------- c:\windows\system32\IPSECSVC.DLL
2008-12-23 22:59 61,440 a------- c:\windows\system32\winipsec.dll
2008-12-23 22:59 28,672 a------- c:\windows\system32\FwRemoteSvr.dll
2008-12-23 22:59 272,896 a------- c:\windows\system32\polstore.dll
2008-12-23 22:57 241,152 a------- c:\windows\system32\PortableDeviceApi.dll
2008-12-23 22:57 160,768 a------- c:\windows\system32\PortableDeviceTypes.dll
2008-12-23 22:57 94,720 a------- c:\windows\system32\PortableDeviceClassExtension.dll
2008-12-23 22:51 296,960 a------- c:\windows\system32\gdi32.dll
2008-12-23 22:47 28,672 a------- c:\windows\system32\Apphlpdm.dll
2008-12-23 22:47 2,560 a------- c:\windows\apppatch\AcRes.dll
2008-12-23 22:47 2,154,496 a------- c:\windows\apppatch\AcGenral.dll
2008-12-23 22:47 4,240,384 a------- c:\windows\system32\GameUXLegacyGDFs.dll
2008-12-23 22:47 541,696 a------- c:\windows\apppatch\AcLayers.dll
2008-12-23 22:47 460,288 a------- c:\windows\apppatch\AcSpecfc.dll
2008-12-23 22:47 173,056 a------- c:\windows\apppatch\AcXtrnal.dll
2008-12-23 22:47 52,736 a------- c:\windows\apppatch\iebrshim.dll
2008-12-23 22:47 1,695,744 a------- c:\windows\system32\gameux.dll
2008-12-23 22:47 303,616 a------- c:\windows\system32\wmpeffects.dll
2008-12-23 22:45 1,191,936 a------- c:\windows\system32\msxml3.dll
2008-12-23 22:45 2,048 a------- c:\windows\system32\msxml3r.dll
2008-12-23 22:42 2,048 a------- c:\windows\system32\tzres.dll
2008-12-23 22:37 2,927,104 a------- c:\windows\explorer.exe
2008-12-23 22:33 1,808,896 a------- c:\windows\system32\NlsLexicons0046.dll
2008-12-23 22:33 1,793,536 a------- c:\windows\system32\NlsLexicons0045.dll
2008-12-23 22:33 1,782,272 a------- c:\windows\system32\NlsLexicons0039.dll
2008-12-23 22:33 1,558,016 a------- c:\windows\system32\NlsLexicons0049.dll
2008-12-23 22:33 1,411,072 a------- c:\windows\system32\NlsLexicons0047.dll
2008-12-23 22:33 1,236,992 a------- c:\windows\system32\NlsLexicons0020.dll
2008-12-23 22:30 6,656 a------- c:\windows\system32\kbd106n.dll
2008-12-23 22:30 988,216 a------- c:\windows\system32\winload.exe
2008-12-23 22:30 927,288 a------- c:\windows\system32\winresume.exe
2008-12-23 22:30 378,368 a------- c:\windows\system32\srcore.dll
2008-12-23 22:30 318,464 a------- c:\windows\system32\rstrui.exe
2008-12-23 22:30 46,592 a------- c:\windows\system32\setbcdlocale.dll
2008-12-23 22:30 40,960 a------- c:\windows\system32\srclient.dll
2008-12-23 22:30 19,000 a------- c:\windows\system32\kd1394.dll
2008-12-23 22:30 14,848 a------- c:\windows\system32\srdelayed.exe
2008-12-23 22:30 615,992 a------- c:\windows\system32\ci.dll
2008-12-23 22:26 712,704 a------- c:\windows\system32\WindowsCodecs.dll
2008-12-23 22:26 425,472 a------- c:\windows\system32\PhotoMetadataHandler.dll
2008-12-23 22:26 347,136 a------- c:\windows\system32\WindowsCodecsExt.dll
2008-12-23 22:24 443,392 a------- c:\windows\system32\win32spl.dll
2008-12-23 22:24 37,888 a------- c:\windows\system32\printcom.dll
2008-12-23 22:24 14,848 a------- c:\windows\system32\wshrm.dll
2008-12-23 22:22 2,868,736 a------- c:\windows\system32\mf.dll
2008-12-23 22:22 98,816 a------- c:\windows\system32\mfps.dll
2008-12-23 22:22 53,248 a------- c:\windows\system32\rrinstaller.exe
2008-12-23 22:22 24,576 a------- c:\windows\system32\mfpmp.exe
2008-12-23 22:22 2,048 a------- c:\windows\system32\mferror.dll
2008-12-23 22:22 996,352 a------- c:\windows\system32\WMNetMgr.dll
2008-12-23 22:22 94,720 a------- c:\windows\system32\logagent.exe
2008-12-23 22:21 738,304 a------- c:\windows\system32\inetcomm.dll
2008-12-23 22:21 84,480 a------- c:\windows\system32\INETRES.dll
2008-12-23 22:21 1,645,568 a------- c:\windows\system32\connect.dll
2008-12-23 22:20 1,314,816 a------- c:\windows\system32\quartz.dll
2008-12-23 22:20 3,601,464 a------- c:\windows\system32\ntkrnlpa.exe
2008-12-23 22:20 3,549,240 a------- c:\windows\system32\ntoskrnl.exe
2008-12-23 22:19 1,334,272 a------- c:\windows\system32\msxml6.dll
2008-12-23 22:19 2,048 a------- c:\windows\system32\msxml6r.dll
2008-12-23 21:17 1,524,736 a------- c:\windows\system32\wucltux.dll
2008-12-23 21:16 83,456 a------- c:\windows\system32\wudriver.dll
2008-12-23 21:16 162,064 a------- c:\windows\system32\wuwebv.dll
2008-12-23 21:16 31,232 a------- c:\windows\system32\wuapp.exe
2006-11-02 08:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 08:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 08:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 08:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 21:13:27.52 ===============

BC AdBot (Login to Remove)

 


#2 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Staff Emeritus
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the &quot;Logic Free Zone&quot;, in Md, USA
  • Local time:02:54 PM

Posted 26 March 2009 - 02:30 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

R,
K
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)

#3 SkitsoSquirrel

SkitsoSquirrel
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:54 PM

Posted 26 March 2009 - 03:49 PM

Here is the log. Thank you for helping :thumbup2:


DDS (Ver_09-03-16.01) - NTFSx86
Run by Nicole at 16:43:51.45 on Thu 03/26/2009
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_12
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2038.964 [GMT -4:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Bonjour\mDNSResponder.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Nexon\MapleStory\npkcmsvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Windows\vsnp2uvc.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\EzButton\EzButton.EXE
C:\Program Files\Lenovo\EnergyCut\utilty.exe
C:\Program Files\Lenovo\EnergyCut\EnergyCut.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Lenovo\VeriFace\PManage.exe
C:\Program Files\Lenovo\ShuttleCenter\PCMService.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.Exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\ehome\ehsched.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Windows\ehome\ehRecvr.exe
C:\Program Files\Apoint2K\Apntex.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Nicole\Downloads\dds.com
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://lenovo.live.com/
mDefault_Page_URL = hxxp://www.lenovo.com
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: AOL Toolbar Loader: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol toolbar\aoltb.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
BHO: 1 (0x1) - No File
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol toolbar\aoltb.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Aim6]
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [snp2uvc] c:\windows\vsnp2uvc.exe
mRun: [SMSERIAL] c:\program files\motorola\smserial\sm56hlpr.exe
mRun: [EzButton] c:\progra~1\ezbutton\EzButton.EXE
mRun: [EnergyUtility] c:\program files\lenovo\energycut\utilty.exe
mRun: [EnergyCut] c:\program files\lenovo\energycut\EnergyCut.exe
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [VeriFacePassManager] c:\program files\lenovo\veriface\PManage.exe
mRun: [PCMService] "c:\program files\lenovo\shuttlecenter\PCMService.exe"
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [McENUI] c:\progra~1\mcafee\mhn\McENUI.exe /hide
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Skytel] Skytel.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [SpywareTerminator] "c:\program files\spyware terminator\SpywareTerminatorShield.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\kodake~1.lnk - c:\program files\kodak\kodak easyshare software\bin\EasyShare.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &AOL Toolbar Search - c:\programdata\aol\ietoolbar\resources\en-us\local\search.html
IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {7F9DB11C-E358-4ca6-A83D-ACC663939424} - {9999A076-A9E2-4C99-8A2B-632FC9429223} - c:\program files\bonjour\ExplorerPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Notify: igfxcui - igfxdev.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\nicole\appdata\roaming\mozilla\firefox\profiles\pu78qq7x.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.subeta.net
FF - component: c:\users\nicole\appdata\roaming\mozilla\firefox\profiles\pu78qq7x.default\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}\components\WinampPlayer.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-3-15 64160]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2009-3-3 142592]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-9 951632]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-1-3 24652]
R3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\drivers\AcpiVpc.sys [2007-9-29 11776]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2007-2-8 179712]
R3 CapFilt;CapFilt;c:\windows\system32\drivers\CapFilt.sys [2007-9-29 17536]

=============== Created Last 30 ================

2009-03-26 02:04 0 a---h--- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-03-15 04:43 15,688 a------- c:\windows\system32\lsdelete.exe
2009-03-15 04:29 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-03-15 04:22 <DIR> -cd-h--- c:\programdata\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-03-15 04:22 <DIR> -cd-h--- c:\progra~2\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-03-10 15:01 268,288 a------- c:\windows\system32\schannel.dll
2009-03-10 15:01 2,033,152 a------- c:\windows\system32\win32k.sys
2009-03-06 20:35 0 a---h--- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-03-06 02:31 <DIR> --d----- c:\programdata\Spybot - Search & Destroy
2009-03-06 02:31 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-03-06 02:31 <DIR> --d----- c:\progra~2\Spybot - Search & Destroy
2009-03-06 00:51 <DIR> --d----- c:\program files\Trend Micro
2009-03-06 00:48 410,984 a------- c:\windows\system32\deploytk.dll
2009-03-05 23:04 236,885,796 a------- c:\windows\MEMORY.DMP
2009-03-05 19:15 <DIR> a-d----- c:\programdata\TEMP
2009-03-05 19:14 <DIR> --d----- c:\programdata\PC Tools
2009-03-05 19:14 <DIR> --d----- c:\progra~2\PC Tools
2009-03-03 23:07 <DIR> --d----- c:\program files\Diablo II
2009-03-03 22:39 <DIR> --d----- c:\programdata\Lavasoft
2009-03-03 22:39 <DIR> --d----- c:\program files\Lavasoft
2009-03-03 22:37 4,667 a------- c:\windows\system32\BIN_STRSBW.SPT
2009-03-03 21:48 142,592 a------- c:\windows\system32\drivers\sp_rsdrv2.sys
2009-03-03 21:48 <DIR> --d----- c:\users\nicole\appdata\roaming\Spyware Terminator
2009-03-03 21:48 <DIR> --d----- c:\programdata\Spyware Terminator
2009-03-03 21:48 <DIR> --d----- c:\progra~2\Spyware Terminator
2009-03-03 21:48 <DIR> --d----- c:\program files\Spyware Terminator
2009-03-03 19:54 97,800 a------- c:\windows\system32\infocardapi.dll
2009-03-03 19:54 105,016 a------- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-03-03 19:54 37,384 a------- c:\windows\system32\infocardcpl.cpl
2009-03-03 19:54 622,080 a------- c:\windows\system32\icardagt.exe
2009-03-03 19:54 43,544 a------- c:\windows\system32\PresentationHostProxy.dll
2009-03-03 19:54 11,264 a------- c:\windows\system32\icardres.dll
2009-03-03 19:54 781,344 a------- c:\windows\system32\PresentationNative_v0300.dll
2009-03-03 19:54 326,160 a------- c:\windows\system32\PresentationHost.exe
2009-03-03 19:44 96,760 a------- c:\windows\system32\dfshim.dll
2009-03-03 19:44 282,112 a------- c:\windows\system32\mscoree.dll
2009-03-03 19:44 41,984 a------- c:\windows\system32\netfxperf.dll
2009-03-03 19:43 158,720 a------- c:\windows\system32\mscorier.dll
2009-03-03 19:43 83,968 a------- c:\windows\system32\mscories.dll
2009-03-03 19:40 8,147,456 a------- c:\windows\system32\wmploc.DLL
2009-03-03 19:40 7,680 a------- c:\windows\system32\spwmp.dll
2009-03-03 19:40 4,096 a------- c:\windows\system32\msdxm.ocx
2009-03-03 19:40 4,096 a------- c:\windows\system32\dxmasf.dll
2009-03-03 19:31 428,544 a------- c:\windows\system32\EncDec.dll
2009-03-03 19:31 217,088 a------- c:\windows\system32\psisrndr.ax
2009-03-03 19:31 293,376 a------- c:\windows\system32\psisdecd.dll
2009-03-03 19:31 177,664 a------- c:\windows\system32\mpg2splt.ax
2009-03-03 19:31 80,896 a------- c:\windows\system32\MSNP.ax
2009-03-03 19:29 827,392 a------- c:\windows\system32\wininet.dll
2009-03-03 19:29 1,383,424 a------- c:\windows\system32\mshtml.tlb
2009-03-03 19:29 288,768 a------- c:\windows\system32\drivers\srv.sys

==================== Find3M ====================

2009-01-05 00:02 143,360 a------- c:\windows\inf\infstrng.dat
2009-01-05 00:02 86,016 a------- c:\windows\inf\infstor.dat
2009-01-05 00:02 51,200 a------- c:\windows\inf\infpub.dat
2009-01-04 01:27 174 a--sh--- c:\program files\desktop.ini
2009-01-04 01:13 665,600 a------- c:\windows\inf\drvindex.dat
2009-01-04 00:56 101,888 a------- c:\windows\system32\ifxcardm.dll
2009-01-04 00:56 82,432 a------- c:\windows\system32\axaltocm.dll
2009-01-01 20:12 269,312 a------- c:\windows\system32\es.dll
2006-11-02 08:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 08:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 08:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 08:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2008-12-23 23:30 16,384 a--sh--- c:\windows\temp\cookies\index.dat
2008-12-23 23:30 32,768 a--sh--- c:\windows\temp\history\history.ie5\index.dat
2008-12-23 23:30 49,152 a--sh--- c:\windows\temp\temporary internet files\content.ie5\index.dat

============= FINISH: 16:45:27.01 ===============

#4 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:54 PM

Posted 27 March 2009 - 05:23 PM

Hello.

That log looks clean.

Do you have an antivirus installed?

Let's see what we can find.

Run Scan with Kaspersky
Please do a scan with Kaspersky Online Scanner.

This scan is for Internet Explorer Only.

If you are using Windows Vista, open your browser by right-clicking on its icon and select Run as administrator to perform this scan.

  • Please disable your realtime protection software before proceeding. Refer to this page if you are unsure how.
  • Open the Kaspersky Scanner page.
  • Click on Accept and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
You can refer to this animation by sundavis.

This scanner will only scan. It does not remove any malware it finds.


Download and Run OTListIt
Please download OTListIt by OldTimer to your desktop.
Open OTListIt by double clicking its icon. If you are using Windows Vista, right click OTListIt2.exe and select Run As Administrator.
Paste into the Custom Scans/Fixes box:
c:\image.dll /s
Click Run Scan. When the scan is complete, a logfile will open.
Copy the contents of the log into your next reply. It will be saved as OTListIt.txt where OTListIt.exe is located.

With Regards,
The Panda

#5 SkitsoSquirrel

SkitsoSquirrel
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:54 PM

Posted 28 March 2009 - 06:17 AM

Here are the two logs. OTListIt2 also gave me an Extras.txt. Did you want me to post that as well?

Saturday, March 28, 2009
Operating System: Microsoft Windows Vista Home Premium Edition, 32-bit Service Pack 1 (build 6001)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Saturday, March 28, 2009 08:40:42
Records in database: 1980294
Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes
Scan area My Computer
C:\
E:\
Scan statistics
Files scanned 160194
Threat name 0
Infected objects 0
Suspicious objects 0
Duration of the scan 01:51:24

No malware has been detected. The scan area is clean.
The selected area was scanned.




OTListIt logfile created on: 3/28/2009 7:06:28 AM - Run 1
OTListIt2 by OldTimer - Version 2.0.7.2 Folder = C:\Users\Nicole\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 0.81 Gb Available Physical Memory | 40.86% Memory free
4.00 Gb Paging File | 2.44 Gb Available in Paging File | 61.05% Paging File free
Paging file location(s): ?:\pagefile.sys;

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 135.24 Gb Total Space | 45.26 Gb Free Space | 33.47% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 6.37 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: NICOLE-PC
Current User Name: Nicole
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - [2009/03/09 15:06:55 | 00,951,632 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2005/11/28 13:11:36 | 00,229,376 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/07/09 15:49:10 | 00,358,736 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2008/07/09 18:36:30 | 00,884,360 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MPFSrv.exe
PRC - [2008/07/09 14:35:34 | 00,025,416 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSK\MskSrver.exe
PRC - [2008/12/15 11:50:18 | 00,088,728 | ---- | M] (INCA Internet Co., Ltd.) -- C:\Nexon\MapleStory\npkcmsvc.exe
PRC - [2007/08/09 07:39:46 | 00,262,247 | ---- | M] () -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe
PRC - [2009/03/03 21:48:26 | 00,540,672 | ---- | M] (Crawler.com) -- C:\Program Files\Spyware Terminator\sp_rsser.exe
PRC - [2007/01/04 17:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2008/12/23 22:37:49 | 02,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\Explorer.EXE
PRC - [2007/04/23 03:51:44 | 04,435,968 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2006/12/28 19:48:10 | 00,569,344 | ---- | M] (Sonix) -- C:\Windows\vsnp2uvc.exe
PRC - [2006/11/22 04:31:28 | 00,630,784 | ---- | M] (Motorola Inc.) -- C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
PRC - [2007/04/14 02:47:46 | 00,502,544 | ---- | M] (Dritek System Inc.) -- C:\Program Files\EzButton\EzButton.EXE
PRC - [2007/07/26 15:20:38 | 02,502,656 | ---- | M] (Lenovo(beijing) Limited) -- C:\Program Files\Lenovo\EnergyCut\utilty.exe
PRC - [2007/07/26 17:05:44 | 01,232,896 | ---- | M] (Lenovo (Beijing) Limited) -- C:\Program Files\Lenovo\EnergyCut\EnergyCut.exe
PRC - [2007/07/21 06:18:16 | 00,159,744 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint2K\Apoint.exe
PRC - [2007/09/29 18:04:08 | 00,241,664 | ---- | M] (Lenovo) -- C:\Program Files\Lenovo\VeriFace\PManage.exe
PRC - [2007/08/09 19:38:58 | 00,417,792 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Lenovo\ShuttleCenter\PCMService.exe
PRC - [2008/07/11 17:48:54 | 00,641,208 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2008/11/10 14:23:40 | 00,157,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Zune\ZuneLauncher.exe
PRC - [2008/02/11 22:13:12 | 00,141,848 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxtray.exe
PRC - [2008/02/11 22:13:02 | 00,166,424 | ---- | M] (Intel Corporation) -- C:\Windows\System32\hkcmd.exe
PRC - [2008/02/11 22:13:08 | 00,133,656 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxpers.exe
PRC - [2009/03/06 00:47:54 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/03/09 15:06:55 | 00,515,416 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2008/01/19 03:33:30 | 01,233,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Sidebar\sidebar.exe
PRC - [2008/01/19 03:33:09 | 00,125,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehtray.exe
PRC - [2008/02/11 22:13:10 | 00,256,536 | ---- | M] (Intel Corporation) -- C:\Windows\system32\igfxsrvc.exe
PRC - [2008/01/19 03:33:09 | 00,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehmsas.exe
PRC - [2008/01/19 03:33:33 | 00,037,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wbem\unsecapp.exe
PRC - [2008/10/10 17:16:00 | 00,792,696 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
PRC - [2006/11/02 08:35:29 | 00,131,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe
PRC - [2006/09/08 02:54:32 | 00,042,544 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint2K\ApMsgFwd.exe
PRC - [2008/01/19 03:33:39 | 00,245,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wbem\wmiprvse.exe
PRC - [2006/09/08 03:06:10 | 00,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint2K\Apntex.exe
PRC - [2008/01/19 03:33:09 | 00,292,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehRecvr.exe
PRC - [2008/07/18 09:02:52 | 02,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2009/03/05 06:35:31 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2008/01/19 03:33:12 | 00,299,520 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\ieuser.exe
PRC - [2008/01/19 03:33:12 | 00,625,664 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2008/11/05 18:18:30 | 00,140,584 | ---- | M] (AOL LLC) -- c:\program files\aol toolbar\AolTbServer.exe
PRC - [2009/02/02 22:07:18 | 00,240,544 | R--- | M] (Adobe Systems, Inc.) -- C:\Windows\system32\Macromed\Flash\FlashUtil10b.exe
PRC - [2009/03/06 00:47:51 | 00,022,424 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jp2launcher.exe
PRC - [2009/03/06 00:47:49 | 00,144,792 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\java.exe
PRC - [2009/03/09 15:06:56 | 02,121,544 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe
PRC - [2009/03/28 04:50:11 | 00,139,264 | ---- | M] (Kaspersky Lab.) -- C:\Users\Nicole\AppData\Local\Temp\jkos-Nicole\binaries\ScanningProcess.exe
PRC - [2009/03/28 04:50:11 | 00,139,264 | ---- | M] (Kaspersky Lab.) -- C:\Users\Nicole\AppData\Local\Temp\jkos-Nicole\binaries\ScanningProcess.exe
PRC - [2009/03/28 07:05:31 | 00,498,688 | ---- | M] (OldTimer Tools) -- C:\Users\Nicole\Downloads\OTListIt2.exe

========== Win32 Services (SafeList) ==========

SRV - [2005/11/28 13:11:36 | 00,229,376 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2008/07/27 14:03:13 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2008/01/19 03:33:09 | 00,292,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehRecvr.exe -- (ehRecvr [On_Demand | Running])
SRV - [2006/11/02 08:35:29 | 00,131,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe -- (ehSched [On_Demand | Running])
SRV - [2006/11/02 08:35:29 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehstart.dll -- (ehstart [Auto | Stopped])
SRV - [2008/06/19 21:14:44 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2005/11/14 02:06:04 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2008/06/19 21:14:31 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2009/03/09 15:06:55 | 00,951,632 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service [On_Demand | Running])
SRV - [2008/10/10 17:16:00 | 00,792,696 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc [Auto | Running])
SRV - [2008/07/18 09:02:52 | 02,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc [Auto | Running])
SRV - [2008/06/20 14:10:22 | 00,361,800 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS [On_Demand | Stopped])
SRV - [2008/07/09 15:49:10 | 00,358,736 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy [Auto | Running])
SRV - File not found -- -- (McShield [Unknown | Stopped])
SRV - [2008/09/16 11:04:12 | 00,605,512 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon [On_Demand | Stopped])
SRV - [2008/07/09 18:36:30 | 00,884,360 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService [Auto | Running])
SRV - [2008/07/09 14:35:34 | 00,025,416 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSK\MskSrver.exe -- (MSK80Service [Auto | Running])
SRV - [2008/06/19 21:14:31 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2008/12/15 11:50:18 | 00,088,728 | ---- | M] (INCA Internet Co., Ltd.) -- C:\Nexon\MapleStory\npkcmsvc.exe -- (npkcmsvc [Auto | Running])
SRV - [2007/08/24 05:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
SRV - [2006/10/26 15:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2007/08/09 07:39:46 | 00,262,247 | ---- | M] () -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe -- (RichVideo [Auto | Running])
SRV - [2009/03/03 21:48:26 | 00,540,672 | ---- | M] (Crawler.com) -- C:\Program Files\Spyware Terminator\sp_rsser.exe -- (sp_rssrv [Auto | Running])
SRV - [2006/04/14 10:04:54 | 00,087,840 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter [On_Demand | Stopped])
SRV - [2007/01/04 17:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service [Auto | Running])
SRV - [2008/01/19 03:38:24 | 00,272,952 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend [Auto | Stopped])
SRV - [2008/01/19 03:33:39 | 00,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])
SRV - [2008/11/10 14:23:50 | 05,117,568 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc [On_Demand | Stopped])
SRV - [2008/11/10 14:23:42 | 00,243,840 | ---- | M] (Microsoft Corporation) -- c:\Windows\system32\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2007/06/05 17:39:26 | 00,011,776 | ---- | M] (Lenovo Corporation) -- C:\Windows\system32\DRIVERS\AcpiVpc.sys -- (ACPIVPC [On_Demand | Running])
DRV - [2006/11/02 05:51:38 | 00,420,968 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx [Disabled | Stopped])
DRV - [2006/11/02 05:51:32 | 00,297,576 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci [Disabled | Stopped])
DRV - [2006/11/02 05:50:35 | 00,098,408 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m [Disabled | Stopped])
DRV - [2006/11/02 05:51:00 | 00,147,048 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320 [Disabled | Stopped])
DRV - [2006/11/02 05:50:11 | 00,071,272 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx [Disabled | Stopped])
DRV - [2006/11/02 05:49:20 | 00,014,952 | ---- | M] (Acer Laboratories Inc.) -- C:\Windows\system32\drivers\aliide.sys -- (aliide [Disabled | Stopped])
DRV - [2007/08/02 04:46:24 | 00,156,672 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Windows\system32\DRIVERS\Apfiltr.sys -- (ApfiltrService [On_Demand | Running])
DRV - [2006/11/02 05:50:09 | 00,067,688 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\arc.sys -- (arc [Disabled | Stopped])
DRV - [2006/11/02 05:50:10 | 00,067,688 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas [Disabled | Stopped])
DRV - [2007/02/08 15:03:20 | 00,179,712 | ---- | M] (Broadcom Corporation) -- C:\Windows\system32\DRIVERS\b57nd60x.sys -- (b57nd60x [On_Demand | Running])
DRV - [2006/11/02 04:24:45 | 00,013,568 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo [On_Demand | Stopped])
DRV - [2006/11/02 04:24:46 | 00,005,248 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp [On_Demand | Stopped])
DRV - [2006/11/02 04:25:24 | 00,071,808 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brserid.sys -- (Brserid [Disabled | Stopped])
DRV - [2006/11/02 04:24:44 | 00,062,336 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm [Disabled | Stopped])
DRV - [2006/11/02 04:24:44 | 00,012,160 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm [Disabled | Stopped])
DRV - [2006/11/02 04:24:47 | 00,011,904 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer [On_Demand | Stopped])
DRV - [2007/09/29 17:36:03 | 00,017,536 | ---- | M] (ensurebit) -- C:\Windows\System32\drivers\CapFilt.sys -- (CapFilt [On_Demand | Running])
DRV - [2006/11/02 05:49:28 | 00,016,488 | ---- | M] (CMD Technology, Inc.) -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide [Disabled | Stopped])
DRV - [2006/11/02 09:29:40 | 00,021,264 | ---- | M] (Dritek System Inc.) -- C:\Windows\system32\DRIVERS\DKbFltr.sys -- (DKbFltr [On_Demand | Running])
DRV - [2006/11/02 09:27:38 | 00,020,112 | ---- | M] (Dritek System Inc.) -- C:\Program Files\EzButton\DPortIO.sys -- (DritekPortIO [System | Running])
DRV - [2006/11/02 03:30:54 | 00,117,760 | ---- | M] (Intel Corporation) -- C:\Windows\system32\DRIVERS\E1G60I32.sys -- (E1G60 [On_Demand | Stopped])
DRV - [2006/11/02 05:51:34 | 00,316,520 | ---- | M] (Emulex) -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor [Disabled | Stopped])
DRV - [2006/11/02 05:50:10 | 00,037,480 | ---- | M] (Hewlett-Packard Company) -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs [Disabled | Stopped])
DRV - [2006/11/02 05:51:25 | 00,232,040 | ---- | M] (Intel Corporation) -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV [Disabled | Stopped])
DRV - [2008/02/11 21:36:10 | 02,302,976 | ---- | M] (Intel Corporation) -- C:\Windows\system32\DRIVERS\igdkmd32.sys -- (igfx [On_Demand | Running])
DRV - [2006/11/02 05:50:17 | 00,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp [Disabled | Stopped])
DRV - [2007/04/23 06:13:24 | 01,769,952 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\system32\drivers\RTKVHDA.sys -- (IntcAzAudAddService [On_Demand | Running])
DRV - [2006/11/02 05:50:07 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi [Disabled | Stopped])
DRV - [2006/11/02 05:50:09 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid [Disabled | Stopped])
DRV - [2009/03/09 15:06:56 | 00,064,160 | ---- | M] (Lavasoft AB) -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd [Boot | Running])
DRV - [2006/11/02 05:50:04 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC [Disabled | Stopped])
DRV - [2006/11/02 05:50:05 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS [Disabled | Stopped])
DRV - [2006/11/02 05:50:10 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI [Disabled | Stopped])
DRV - [2006/11/02 05:49:53 | 00,028,776 | ---- | M] (LSI Logic Corporation) -- C:\Windows\system32\drivers\megasas.sys -- (megasas [Disabled | Stopped])
DRV - [2008/06/27 07:08:40 | 00,079,240 | ---- | M] (McAfee, Inc.) -- C:\Windows\system32\drivers\mfeavfk.sys -- (mfeavfk [On_Demand | Stopped])
DRV - [2008/06/27 07:08:40 | 00,035,240 | ---- | M] (McAfee, Inc.) -- C:\Windows\system32\drivers\mfebopk.sys -- (mfebopk [On_Demand | Stopped])
DRV - [2008/06/27 07:08:40 | 00,207,656 | ---- | M] (McAfee, Inc.) -- C:\Windows\system32\drivers\mfehidk.sys -- (mfehidk [System | Running])
DRV - [2008/06/20 06:41:38 | 00,034,152 | ---- | M] (McAfee, Inc.) -- C:\Windows\system32\drivers\mferkdk.sys -- (mferkdk [On_Demand | Stopped])
DRV - [2008/06/27 07:08:40 | 00,040,488 | ---- | M] (McAfee, Inc.) -- C:\Windows\system32\drivers\mfesmfk.sys -- (mfesmfk [On_Demand | Stopped])
DRV - [2008/02/14 15:06:20 | 00,443,776 | ---- | M] (DiBcom) -- C:\Windows\System32\Drivers\dvb7700all.sys -- (mod7700 [On_Demand | Stopped])
DRV - [2008/06/02 15:56:02 | 00,130,424 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\Drivers\Mpfp.sys -- (MPFP [System | Running])
DRV - [2006/11/02 05:49:59 | 00,033,384 | ---- | M] (LSI Logic Corporation) -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x [Disabled | Stopped])
DRV - [2006/11/02 03:30:54 | 01,781,760 | ---- | M] (Intel® Corporation) -- C:\Windows\system32\DRIVERS\NETw3v32.sys -- (NETw3v32 [On_Demand | Stopped])
DRV - [2007/06/20 16:51:30 | 02,222,080 | ---- | M] (Intel Corporation) -- C:\Windows\system32\DRIVERS\NETw4v32.sys -- (NETw4v32 [On_Demand | Running])
DRV - [2006/11/02 05:50:19 | 00,045,160 | ---- | M] (IBM Corporation) -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960 [Disabled | Stopped])
DRV - [2008/12/15 11:50:06 | 00,054,888 | ---- | M] (INCA Internet Co., Ltd.) -- C:\Nexon\MapleStory\npkcrypt.sys -- (npkcrypt [Auto | Running])
DRV - [2006/11/02 03:36:50 | 00,020,608 | ---- | M] (N-trig Innovative Technologies) -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi [Disabled | Stopped])
DRV - [2006/11/02 05:50:24 | 00,088,680 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid [Disabled | Stopped])
DRV - [2006/11/02 05:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor [Disabled | Stopped])
DRV - [2006/11/02 05:51:45 | 00,900,712 | ---- | M] (QLogic Corporation) -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300 [Disabled | Stopped])
DRV - [2006/11/02 05:50:35 | 00,106,088 | ---- | M] (QLogic Corporation) -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx [Disabled | Stopped])
DRV - [2007/02/24 14:42:22 | 00,039,936 | ---- | M] (REDC) -- C:\Windows\system32\DRIVERS\rimmptsk.sys -- (rimmptsk [Auto | Running])
DRV - [2007/01/23 16:40:20 | 00,042,496 | ---- | M] (REDC) -- C:\Windows\system32\DRIVERS\rimsptsk.sys -- (rimsptsk [Auto | Running])
DRV - [2007/03/21 22:02:04 | 00,037,376 | ---- | M] (REDC) -- C:\Windows\system32\DRIVERS\rixdptsk.sys -- (rismxdp [Auto | Running])
DRV - [2006/11/02 02:37:21 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv [Auto | Running])
DRV - [2006/07/05 08:39:29 | 00,059,256 | ---- | M] (Protection Technology (StarForce)) -- C:\Windows\System32\drivers\sfdrv01.sys -- (sfdrv01 [Boot | Running])
DRV - [2006/06/14 10:56:56 | 00,013,680 | ---- | M] (Protection Technology (StarForce)) -- C:\Windows\System32\drivers\sfhlp02.sys -- (sfhlp02 [Boot | Running])
DRV - [2006/07/10 12:19:58 | 00,027,032 | ---- | M] (Protection Technology) -- C:\Windows\System32\drivers\sfsync02.sys -- (sfsync02 [Boot | Running])
DRV - [2007/02/08 13:44:43 | 00,083,320 | ---- | M] (Protection Technology (StarForce)) -- C:\Windows\System32\drivers\sfvfs02.sys -- (sfvfs02 [Boot | Running])
DRV - [2006/11/02 05:50:10 | 00,038,504 | ---- | M] (Silicon Integrated Systems Corp.) -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2 [Disabled | Stopped])
DRV - [2006/11/02 05:50:16 | 00,071,784 | ---- | M] (Silicon Integrated Systems) -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4 [Disabled | Stopped])
DRV - [2006/11/22 04:35:02 | 00,982,272 | ---- | M] (Motorola Inc.) -- C:\Windows\system32\DRIVERS\smserial.sys -- (smserial [On_Demand | Running])
DRV - [2006/12/28 16:20:40 | 09,599,744 | ---- | M] () -- C:\Windows\system32\DRIVERS\snp2uvc.sys -- (SNP2UVC [On_Demand | Running])
DRV - [2009/03/03 21:48:26 | 00,142,592 | ---- | M] () -- C:\Windows\system32\drivers\sp_rsdrv2.sys -- (sp_rsdrv2 [System | Running])
DRV - [2006/11/02 05:50:05 | 00,035,944 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx [Disabled | Stopped])
DRV - [2006/11/02 05:49:56 | 00,031,848 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi [Disabled | Stopped])
DRV - [2006/11/02 05:50:03 | 00,034,920 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3 [Disabled | Stopped])
DRV - [2006/11/02 05:51:25 | 00,235,112 | ---- | M] (ULi Electronics Inc.) -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci [Disabled | Stopped])
DRV - [2006/11/02 05:50:35 | 00,098,408 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata [Disabled | Stopped])
DRV - [2006/11/02 05:50:45 | 00,115,816 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2 [Disabled | Stopped])
DRV - [2006/11/02 05:49:30 | 00,017,512 | ---- | M] (VIA Technologies, Inc.) -- C:\Windows\system32\drivers\viaide.sys -- (viaide [Disabled | Stopped])
DRV - [2006/11/02 05:50:41 | 00,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid [Disabled | Stopped])
DRV - [2008/01/19 01:53:22 | 00,031,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\DRIVERS\WinUSB.sys -- (WinUSB [On_Demand | Stopped])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.lenovo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/;
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.live.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.subeta.net"
FF - prefs.js..extensions.enabledItems: {7affbfae-c4e2-4915-8c0f-00fa3ec610a1}:5.13.15.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}:6.0.12
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.0
FF - prefs.js..extensions.enabledItems: c.j.e@hotmail.com:1
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.7


FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\ [2009/03/03 20:01:22 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.7\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/03/05 06:35:40 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.7\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/03/06 00:48:51 | 00,000,000 | ---D | M]

[2008/12/23 21:20:33 | 00,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\mozilla\Extensions
[2008/12/23 21:20:33 | 00,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/03/28 04:53:31 | 00,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\mozilla\Firefox\Profiles\pu78qq7x.default\extensions
[2008/12/23 21:23:48 | 00,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\mozilla\Firefox\Profiles\pu78qq7x.default\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}
[2009/03/18 03:04:12 | 00,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\mozilla\Firefox\Profiles\pu78qq7x.default\extensions\c.j.e@hotmail.com
[2008/12/23 21:24:06 | 00,001,714 | ---- | M] () -- C:\Users\Nicole\AppData\Roaming\Mozilla\FireFox\Profiles\pu78qq7x.default\searchplugins\aol-search.xml
[2009/03/06 00:49:13 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/03/05 06:35:40 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/03/06 00:49:13 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
[2009/03/05 06:35:30 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/03/05 06:35:30 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2008/12/02 04:04:40 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2008/12/02 04:04:40 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2007/07/26 13:05:16 | 00,001,329 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\crawlersrch.xml
[2008/12/02 04:04:40 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2008/12/02 04:04:40 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2008/12/02 04:04:40 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2008/12/02 04:04:40 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2008/12/02 04:04:40 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (302817 bytes) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 10437 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (AOL Toolbar Loader) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL LLC)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL LLC)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL LLC)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [EnergyCut] C:\Program Files\Lenovo\EnergyCut\EnergyCut.exe (Lenovo (Beijing) Limited)
O4 - HKLM..\Run: [EnergyUtility] C:\Program Files\Lenovo\EnergyCut\utilty.exe (Lenovo(beijing) Limited)
O4 - HKLM..\Run: [EzButton] C:\PROGRA~1\EzButton\EzButton.EXE (Dritek System Inc.)
O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey (McAfee, Inc.)
O4 - HKLM..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide (McAfee, Inc.)
O4 - HKLM..\Run: [PCMService] "C:\Program Files\Lenovo\ShuttleCenter\PCMService.exe" (CyberLink Corp.)
O4 - HKLM..\Run: [Persistence] C:\Windows\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [RtHDVCpl] RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Skytel] Skytel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [snp2uvc] C:\Windows\vsnp2uvc.exe (Sonix)
O4 - HKLM..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" (Crawler.com)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [VeriFacePassManager] C:\Program Files\Lenovo\VeriFace\PManage.exe (Lenovo)
O4 - HKLM..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide (Microsoft Corporation)
O4 - HKLM..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe" (Microsoft Corporation)
O4 - HKCU..\Run: [Aim6] File not found
O4 - HKCU..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O8 - Extra context menu item: &AOL Toolbar Search - C:\ProgramData\AOL\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll (Apple Computer, Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [@%SystemRoot%\system32\nlasvc.dll,-1000] - C:\Windows\system32\NLAapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [@%SystemRoot%\system32\napinsp.dll,-1000] - C:\Windows\system32\napinsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [@%SystemRoot%\system32\pnrpnsp.dll,-1000] - C:\Windows\system32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [@%SystemRoot%\system32\pnrpnsp.dll,-1001] - C:\Windows\system32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [mdnsNSP] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O13 - gopher Prefix: missing
O15 - HKLM\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\system32\igfxdev.dll (Intel Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008/07/17 07:32:25 | 00,000,218 | R--- | M] () - E:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{7461aa82-6ece-11dc-b974-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{7461aa82-6ece-11dc-b974-806e6f6e6963}\Shell\AutoRun\command - "" = E:\winopen.exe \Start.pdf -- File not found
O33 - MountPoints2\{7461aa82-6ece-11dc-b974-806e6f6e6963}\Shell\pdf\command - "" = install\Adobe Reader 7.0\AdbeRdr708_en_us
O33 - MountPoints2\{7461aa82-6ece-11dc-b974-806e6f6e6963}\Shell\viewreadme\command - "" = E:\winopen.exe \readme.html -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()

========== Files/Folders - Created Within 30 Days ==========

[2009/03/28 07:05:08 | 00,002,638 | ---- | C] () -- C:\Users\Nicole\Documents\das.html
[2009/03/26 02:09:29 | 00,000,022 | ---- | C] () -- C:\Users\Nicole\AppData\Local\kodakpcd.ini
[2009/03/26 02:04:55 | 00,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
[2009/03/25 01:43:34 | 00,000,000 | ---D | C] -- C:\Users\Nicole\Documents\dls
[2009/03/25 01:30:49 | 00,000,000 | ---D | C] -- C:\Users\Nicole\Documents\Gameboy
[2009/03/24 23:45:10 | 00,004,608 | ---- | C] () -- C:\Users\Nicole\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/24 23:19:22 | 00,000,000 | ---D | C] -- C:\Users\Nicole\Documents\Comics
[2009/03/15 04:43:18 | 00,015,688 | ---- | C] () -- C:\Windows\System32\lsdelete.exe
[2009/03/15 04:29:20 | 00,000,472 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2009/03/15 04:29:12 | 00,064,160 | ---- | C] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2009/03/15 04:29:12 | 00,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2009/03/15 04:22:26 | 00,000,000 | -H-D | C] -- C:\ProgramData\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
[2009/03/10 15:01:16 | 00,268,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\schannel.dll
[2009/03/10 15:01:10 | 02,033,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2009/03/06 20:35:18 | 00,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
[2009/03/06 02:31:14 | 00,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2009/03/06 02:31:14 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2009/03/06 00:51:10 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/03/06 00:47:39 | 00,000,000 | ---D | C] -- C:\Program Files\Java
[2009/03/05 23:05:22 | 00,000,000 | ---D | C] -- C:\Windows\Minidump
[2009/03/05 23:04:37 | 23,688,5796 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2009/03/05 19:15:02 | 00,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2009/03/05 19:14:46 | 00,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2009/03/04 16:53:00 | 00,000,000 | -H-- | C] () -- C:\Users\Nicole\AppData\Roaming\Nicole.idx
[2009/03/03 23:07:05 | 00,000,000 | ---D | C] -- C:\Program Files\Diablo II
[2009/03/03 22:39:12 | 00,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2009/03/03 22:39:12 | 00,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2009/03/03 22:37:45 | 00,004,667 | ---- | C] () -- C:\Windows\System32\BIN_STRSBW.SPT
[2009/03/03 21:48:26 | 00,142,592 | ---- | C] () -- C:\Windows\System32\drivers\sp_rsdrv2.sys
[2009/03/03 21:48:26 | 00,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\Spyware Terminator
[2009/03/03 21:48:23 | 00,000,000 | ---D | C] -- C:\ProgramData\Spyware Terminator
[2009/03/03 21:48:22 | 00,000,000 | ---D | C] -- C:\Program Files\Spyware Terminator
[2009/03/03 19:54:21 | 00,097,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardapi.dll
[2009/03/03 19:54:20 | 00,105,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
[2009/03/03 19:54:19 | 00,037,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardcpl.cpl
[2009/03/03 19:54:18 | 00,622,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardagt.exe
[2009/03/03 19:54:18 | 00,043,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2009/03/03 19:54:18 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardres.dll
[2009/03/03 19:54:15 | 00,781,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationNative_v0300.dll
[2009/03/03 19:54:09 | 00,326,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2009/03/03 19:44:10 | 00,096,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dfshim.dll
[2009/03/03 19:44:03 | 00,282,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscoree.dll
[2009/03/03 19:44:00 | 00,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll
[2009/03/03 19:43:25 | 00,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscorier.dll
[2009/03/03 19:43:15 | 00,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscories.dll
[2009/03/03 19:40:14 | 10,622,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmp.dll
[2009/03/03 19:40:12 | 08,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2009/03/03 19:40:12 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwmp.dll
[2009/03/03 19:40:12 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.ocx
[2009/03/03 19:40:12 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxmasf.dll
[2009/03/03 19:34:54 | 00,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2009/03/03 19:31:06 | 00,428,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2009/03/03 19:31:05 | 00,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax
[2009/03/03 19:31:03 | 00,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2009/03/03 19:31:02 | 00,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2009/03/03 19:31:02 | 00,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax
[2009/03/03 19:29:53 | 03,580,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.dll
[2009/03/03 19:29:51 | 06,069,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieframe.dll
[2009/03/03 19:29:51 | 01,166,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\urlmon.dll
[2009/03/03 19:29:50 | 00,827,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wininet.dll
[2009/03/03 19:29:50 | 00,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2009/03/03 19:29:50 | 00,458,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2009/03/03 19:29:50 | 00,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iertutil.dll
[2009/03/03 19:29:49 | 01,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2009/03/03 19:29:49 | 00,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2009/03/03 19:29:36 | 00,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\srv.sys

========== Files - Modified Within 30 Days ==========

[2009/03/28 07:05:08 | 00,002,638 | ---- | M] () -- C:\Users\Nicole\Documents\das.html
[2009/03/28 06:17:53 | 00,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/03/28 06:17:53 | 00,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/03/28 06:13:03 | 00,000,270 | ---- | M] () -- C:\Windows\tasks\Check Updates for Windows Live Toolbar.job
[2009/03/28 04:43:43 | 00,015,715 | ---- | M] () -- C:\Windows\System32\Config.MPF
[2009/03/27 23:03:43 | 00,000,402 | ---- | M] () -- C:\Windows\tasks\EasyShare Registration Task.job
[2009/03/27 22:39:23 | 00,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/03/27 22:39:23 | 00,595,684 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/03/27 22:39:23 | 00,101,350 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/03/27 22:17:46 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/03/27 22:17:44 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/03/27 22:17:42 | 21,374,48448 | -HS- | M] () -- C:\hiberfil.sys
[2009/03/27 06:56:50 | 03,227,636 | -H-- | M] () -- C:\Users\Nicole\AppData\Local\IconCache.db
[2009/03/26 02:10:00 | 00,111,616 | R--- | M] () -- C:\Users\Public\Documents\ESBK.mbb
[2009/03/26 02:10:00 | 00,088,064 | R--- | M] () -- C:\Users\Public\Documents\ESBK.mb
[2009/03/26 02:09:29 | 00,000,022 | ---- | M] () -- C:\Users\Nicole\AppData\Local\kodakpcd.ini
[2009/03/26 02:04:55 | 00,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
[2009/03/24 23:45:59 | 00,004,608 | ---- | M] () -- C:\Users\Nicole\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/23 04:29:00 | 00,000,472 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2009/03/15 04:29:29 | 00,000,342 | ---- | M] () -- C:\Windows\tasks\McDefragTask.job
[2009/03/11 21:44:50 | 00,302,817 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2009/03/10 23:48:25 | 00,367,736 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/03/09 18:10:25 | 00,002,375 | ---- | M] () -- C:\Users\Nicole\Desktop\MapleStory.lnk
[2009/03/09 15:06:57 | 00,015,688 | ---- | M] () -- C:\Windows\System32\lsdelete.exe
[2009/03/09 15:06:56 | 00,064,160 | ---- | M] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2009/03/07 18:38:22 | 23,688,5796 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2009/03/06 20:35:18 | 00,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
[2009/03/06 03:00:26 | 00,302,589 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20090311-214450.backup
[2009/03/06 02:59:56 | 00,302,589 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20090306-020026.backup
[2009/03/06 02:59:23 | 00,302,589 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20090306-015956.backup
[2009/03/06 02:54:18 | 00,302,589 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20090306-015923.backup
[2009/03/04 16:53:00 | 00,000,000 | -H-- | M] () -- C:\Users\Nicole\AppData\Roaming\Nicole.idx
[2009/03/03 22:39:31 | 00,004,667 | ---- | M] () -- C:\Windows\System32\BIN_STRSBW.SPT
[2009/03/03 21:48:26 | 00,142,592 | ---- | M] () -- C:\Windows\System32\drivers\sp_rsdrv2.sys

========== Custom Scans ==========


< c:\image.dll /s >
[2007/09/29 18:04:07 | 00,208,896 | ---- | M] () -- c:\Program Files\Lenovo\VeriFace\Image.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 144 bytes -> c:\Users\All Users\TEMP:DFC5A2B2
@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:DFC5A2B2
< End of report >

#6 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:54 PM

Posted 29 March 2009 - 09:30 AM

Hello.

Sorry for the delay.

Your logs look clean.

The infection may have damaged some Windows files previously. Refering to this guide, run the System File Checker.

With Regards,
The Panda

#7 SkitsoSquirrel

SkitsoSquirrel
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:54 PM

Posted 30 March 2009 - 04:57 AM

The issue has been fixed. Thank you for your help.

#8 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:54 PM

Posted 30 March 2009 - 07:12 PM

That's good to hear.

Since this issue appears to be resolved, this topic is now closed.
If you are the topic starter and need this topic reopened, send me a message.

Everyone else, please begin a new topic.

With Regards,
The Panda




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users