Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Suspected Vundo/Virtumonde infection, it just won't go away


  • This topic is locked This topic is locked
13 replies to this topic

#1 Bossy22

Bossy22

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:42 PM

Posted 22 March 2009 - 10:35 PM

Hello to whomever is gracious enough to help me-

I've experienced the Vundo curse several times over the past couple of months and have (seemingly) been able to remove it.
Or so I thought.
Everytime it seems to be gone it resurfaces or maybe it is something else entirely.
I usually encounter the usual "Your computer is infected, try this" type of warning from the virus and I clean it with Malwarebytes & Spybot Search & Destroy.
Sometimes I will leave the computer idle for a while and I'll find that the browser has closed and McAfee has disabled a trojan; typically the generic variety so I run MBAM and find infections.
I recently installed SpywareBlaster which I thought would assist me in preventing such infections, but maybe I was too late. I don't know.

I don't knkow what else I can add to my description, but I hope you can help me clean my machine and will take any advise/suggestions you give me.

Thank you again for helping; you provide a wonderful service to us.

Here are my log files:




DDS (Ver_09-03-16.01) - NTFSx86
Run by owner at 23:19:51.64 on Sun 03/22/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_12
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.375 [GMT -4:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated)
FW: McAfee Personal Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\VirusScan\McShield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe
C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\owner\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mDefault_Page_URL = hxxp://www.google.com
mDefault_Search_URL = hxxp://www.google.com
mSearch Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyServer = 205.150.73.3:65208
uInternet Settings,ProxyOverride = *.local
mSearchAssistant = hxxp://www.google.com
mCustomizeSearch = hxxp://www.google.com
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
EB: &Yahoo! Messenger: {4528bbe0-4e08-11d5-ad55-00010333d0ad} - c:\progra~1\yahoo!\common\yhexbmesus.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
EB: &Research: {ff059e31-cc5a-4e2e-bf3b-96e929d65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
uRun: [DellSupport-] "c:\program files\dellsupport\DSAgnt.exe" /startup
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [IntelWireless] c:\program files\intel\wireless\bin\ifrmewrk.exe /tf Intel PROSet/Wireless
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [BJCFD] c:\program files\broadjump\client foundation\CFD.exe
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [mxomssmenu] "c:\program files\maxtor\onetouch status\maxmenumgr.exe"
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [mcagent_exe] c:\program files\mcafee.com\agent\mcagent.exe /runkey
mRun: [McAfee Backup] c:\program files\mcafee\mbk\McAfeeDataBackup.exe
mRun: [MBkLogOnHook] c:\program files\mcafee\mbk\LogOnHook.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
uPolicies-explorer: ForceClassicControlPanel = 1 (0x1)
IE: &Yahoo! Search - file:///c:\program files\yahoo!\Common/ycsrch.htm
IE: Download All by FlashGet - c:\documents and settings\owner\my documents\ad\flashget\jc_all.htm
IE: Download using FlashGet - c:\documents and settings\owner\my documents\ad\flashget\jc_link.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Yahoo! &Dictionary - file:///c:\program files\yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\yahoo!\Common/ycsms.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: turbotax.com
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB
DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} - hxxp://www.ipix.com/download/ipixx.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/3/9/8/398422c0-8d3e-40e1-a617-af65a72a0465/LegitCheckControl.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} - hxxp://dl.tvunetworks.com/TVUAx.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,90/mcinsctl.cab
DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - hxxp://www.eset.eu/OnlineScanner.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1196447399734
DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} - hxxp://chill.comcast.net/gameshell/online/en/chainz2/mjolauncher.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,23/mcgdmgr.cab
DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} - hxxp://support.f-secure.com/ols/fscax.cab
DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} - hxxp://playgames.comcast.net/Gameshell/GameHost/1.0/OberonGameHost.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Notify: AtiExtEvent - Ati2evxx.dll
Notify: IntelWireless - c:\program files\intel\wireless\bin\LgNotify.dll

================= FIREFOX ===================

FF - ProfilePath -

============= SERVICES / DRIVERS ===============

R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2008-9-6 201320]
R2 Maxtor Sync Service;Maxtor Service;c:\program files\maxtor\sync\SyncServices.exe [2007-7-13 156976]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2008-9-6 359248]
R2 McShield;McAfee Real-time Scanner;c:\program files\mcafee\virusscan\Mcshield.exe [2008-9-6 144704]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2008-9-6 695624]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2008-9-6 79304]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2008-9-6 35240]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2008-9-6 40488]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2008-9-6 33832]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-6-28 42512]

=============== Created Last 30 ================

2009-03-21 19:56 <DIR> --d----- c:\program files\SpywareBlaster
2009-03-10 18:05 73,728 a------- c:\windows\system32\javacpl.cpl
2009-03-09 22:33 <DIR> --d----- C:\fsaua.data
2009-03-04 19:28 250 a------- c:\windows\gmer.ini
2009-03-02 20:02 161,792 a------- c:\windows\SWREG.exe
2009-03-02 20:02 98,816 a------- c:\windows\sed.exe
2009-03-02 13:21 <DIR> --d----- c:\program files\Bonjour
2009-03-01 01:10 38 a------- c:\windows\AviSplitter.INI
2009-02-24 15:16 1,089,593 -------- c:\windows\system32\dllcache\ntprint.cat

==================== Find3M ====================

2009-03-10 18:04 410,984 a------- c:\windows\system32\deploytk.dll
2009-02-14 21:57 1,890 a--sh--- c:\windows\system32\KGyGaAvL.sys
2009-02-11 11:19 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-11 11:19 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-02-09 07:13 1,846,784 a------- c:\windows\system32\win32k.sys
2009-02-09 07:13 1,846,784 -------- c:\windows\system32\dllcache\win32k.sys
2009-01-21 03:21 3,532 a------- C:\drmHeader.bin
2009-01-16 22:35 3,594,752 a------- c:\windows\system32\dllcache\mshtml.dll
2006-01-28 00:39 251 a------- c:\program files\wt3d.ini
2008-11-10 00:52 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008110920081110\index.dat

============= FINISH: 23:21:20.62 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:05:42 PM

Posted 30 March 2009 - 02:45 PM

Welcome to the BleepingComputer Forums.

Since it has been a few days since you scanned your computer with HijackThis, we will need a new HijackThis log. If you have not already downloaded Random's System Information Tool (RSIT), please download Random's System Information Tool (RSIT) by random/random which includes a HijackThis log and save it to your desktop. If you have RSIT already on your computer, please run it again.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Please post the contents of log.txt.
Thank you for your patience.

Please see Preparation Guide for use before posting about your potential Malware problem.

If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped.

Please post your HijackThis log as a reply to this thread and not as an attachment. I am always leery of opening attachments so I always request that HijackThis logs are to be posted as a reply to the thread. I do not think that you are attaching anything scary but others may do so.

While we are working on your HijackThis log, please:
  • Reply to this thread; do not start another!
  • Do not make any changes on your computer during the cleaning process or download/add programs on your computer unless instructed to do so.
  • Do not run any other tool until instructed to do so!
  • Let me know if any of the links do not work or if any of the tools do not work.
  • Tell me about problems or symptoms that occur during the fix.
  • Do not run any other programs or open any other windows while doing a fix.
  • Ask any questions that you have regarding the fix(es), the infection(s), the performance of your computer, etc.
Thanks.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#3 Bossy22

Bossy22
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:42 PM

Posted 01 April 2009 - 05:12 PM

Hi suebaby41-

First of all, sorry for the delay in replying; I hadn't checked my Spam gmail folder for a couple of days and didn't see your reply until now.
Second, thank you for helping me.
Third, sorry about attaching the Attach file, I myself thought it was strange to read that was how it was to be done - unless I read the instructions incorrectly!
Lastly, if there is anything else that you can recommend to me that could prevent scripts/exe files from running without my permission, I would be most appreciative.

OK, here are the RSIT & HJT logs as requested.



Logfile of random's system information tool 1.05 (written by random/random)
Run by owner at 2009-04-01 18:03:03
Microsoft Windows XP Professional Service Pack 3
System drive C: has 14 GB (27%) free of 52 GB
Total RAM: 1023 MB (47% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:03:33 PM, on 4/1/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Maxtor\Sync\SyncServices.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\VirusScan\McShield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\owner\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\owner.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 205.150.73.3:65208
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {C90DBB52-46E0-4E65-92BC-799ADEE54C86} - C:\PROGRA~1\Flash2X\FLASHP~1\FLASHP~1.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [McAfee Backup] C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [DellSupport-] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Download All by FlashGet - C:\Documents and Settings\owner\My Documents\AD\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Documents and Settings\owner\My Documents\AD\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: ComcastHSI - {28AF5171-19DD-41CA-B714-FA611DC5FD08} - http://www.comcast.net (file missing) (HKCU)
O9 - Extra button: Help - {FCF05CCD-CBFB-4EA2-B68D-7FDB8DA5BC43} - http://www.comcast.net/memberservices/ (file missing) (HKCU)
O9 - Extra button: Support - {FE75A239-4EB9-47C5-AF22-A25EC64BF505} - http://www.comcastsupport.com (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...90/mcinsctl.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/OnlineScanner.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1196447399734
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://chill.comcast.net/gameshell/online/...mjolauncher.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,23/mcgdmgr.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://playgames.comcast.net/Gameshell/Gam...ronGameHost.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 12525 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\McDefragTask.job
C:\WINDOWS\tasks\McQcTask.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C90DBB52-46E0-4E65-92BC-799ADEE54C86}]
C:\PROGRA~1\Flash2X\FLASHP~1\FLASHP~1.DLL [2008-09-22 482304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-10 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-03-10 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray"=C:\WINDOWS\ehome\ehtray.exe [2004-08-10 59392]
"Apoint"=C:\Program Files\Apoint\Apoint.exe [2004-09-13 155648]
"IntelWireless"=C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [2004-10-30 385024]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2004-12-03 344064]
"Dell QuickSet"=C:\Program Files\Dell\QuickSet\quickset.exe [2006-06-29 1032192]
"DVDLauncher"=C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe [2005-02-23 53248]
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2004-07-27 221184]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2004-07-27 81920]
"BJCFD"=C:\Program Files\BroadJump\Client Foundation\CFD.exe [2001-12-17 483394]
"dla"=C:\WINDOWS\system32\dla\tfswctrl.exe [2005-05-31 122941]
"Broadcom Wireless Manager UI"=C:\WINDOWS\system32\WLTRAY.exe [2005-12-19 1347584]
"dscactivate"=C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe [2007-10-09 16384]
"mxomssmenu"=C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe [2007-07-13 169264]
"DellSupportCenter"=C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2008-08-13 206064]
"mcagent_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2007-11-01 582992]
"McAfee Backup"=C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe [2007-01-16 4838952]
"MBkLogOnHook"=C:\Program Files\McAfee\MBK\LogOnHook.exe [2007-01-08 20480]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-11-04 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-03-10 148888]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"=C:\Program Files\DellSupport\DSAgnt.exe [2007-03-15 460784]
"DellSupport-"=C:\Program Files\DellSupport\DSAgnt.exe [2007-03-15 460784]
"DellSupportCenter"=C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2008-08-13 206064]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"updateMgr"=C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [2006-03-30 313472]
"Messenger (Yahoo!)"=C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2009-02-04 4363504]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
C:\PROGRA~1\AMERIC~1.0\aoltray.exe -check []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AOL ACS"=2

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe
QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2004-12-04 90112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll [2004-09-07 110592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-02-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"ForceClassicControlPanel"=1
"NoDrives"=0
"NoDriveAutoRun"=67108863

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Support.com\bin\tgcmd.exe"="C:\Program Files\Support.com\bin\tgcmd.exe:*:Disabled:ComcastSUPPORT / Support.com Agent"
"C:\Program Files\VideoLAN\VLC\vlc.exe"="C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player"
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe"="C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe"="C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe:*:Enabled:McAfee Data Backup"
"C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe"="C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe:*:Enabled:ifrmewrk"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

======List of files/folders created in the last 1 months======

2009-03-28 15:52:30 ----D---- C:\Program Files\Flash2X
2009-03-28 15:49:05 ----D---- C:\Program Files\XeFlashPlayer
2009-03-24 20:49:43 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2009-03-24 20:48:06 ----D---- C:\Program Files\S_A_S
2009-03-24 20:48:06 ----D---- C:\Documents and Settings\owner\Application Data\SUPERAntiSpyware.com
2009-03-24 19:43:36 ----D---- C:\Program Files\Mal_B_A_Mwre
2009-03-21 19:56:53 ----D---- C:\Program Files\SpywareBlaster
2009-03-10 18:05:28 ----A---- C:\WINDOWS\system32\javaws.exe
2009-03-10 18:05:28 ----A---- C:\WINDOWS\system32\javaw.exe
2009-03-10 18:05:27 ----A---- C:\WINDOWS\system32\java.exe
2009-03-10 17:45:43 ----HDC---- C:\WINDOWS\$NtUninstallKB958690$
2009-03-10 17:45:33 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2$
2009-03-10 17:45:15 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2009-03-09 22:33:29 ----D---- C:\fsaua.data
2009-03-04 19:28:26 ----A---- C:\WINDOWS\gmer.ini
2009-03-04 19:28:24 ----A---- C:\WINDOWS\gmer_uninstall.cmd
2009-03-04 19:28:24 ----A---- C:\WINDOWS\gmer.exe
2009-03-04 19:28:24 ----A---- C:\WINDOWS\gmer.dll
2009-03-03 19:59:49 ----SHD---- C:\RECYCLER
2009-03-02 20:12:03 ----A---- C:\ComboFix.txt
2009-03-02 20:02:59 ----A---- C:\WINDOWS\zip.exe
2009-03-02 20:02:59 ----A---- C:\WINDOWS\VFIND.exe
2009-03-02 20:02:59 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-03-02 20:02:59 ----A---- C:\WINDOWS\SWSC.exe
2009-03-02 20:02:59 ----A---- C:\WINDOWS\SWREG.exe
2009-03-02 20:02:59 ----A---- C:\WINDOWS\sed.exe
2009-03-02 20:02:59 ----A---- C:\WINDOWS\NIRCMD.exe
2009-03-02 20:02:59 ----A---- C:\WINDOWS\grep.exe
2009-03-02 20:02:59 ----A---- C:\WINDOWS\fdsv.exe
2009-03-02 19:59:06 ----AD---- C:\Qoobox
2009-03-02 13:21:38 ----D---- C:\Program Files\Bonjour

======List of files/folders modified in the last 1 months======

2009-04-01 18:03:32 ----D---- C:\WINDOWS\Temp
2009-04-01 18:03:06 ----D---- C:\WINDOWS\Prefetch
2009-03-29 20:08:16 ----D---- C:\WINDOWS\system32\CatRoot2
2009-03-29 12:40:01 ----D---- C:\WINDOWS
2009-03-29 12:40:00 ----A---- C:\WINDOWS\ModemLog_Conexant D110 MDC V.92 Modem.txt
2009-03-29 12:39:30 ----D---- C:\WINDOWS\Registration
2009-03-29 02:34:49 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-03-28 15:52:30 ----RD---- C:\Program Files
2009-03-28 13:06:55 ----A---- C:\WINDOWS\orun32.ini
2009-03-28 12:06:19 ----D---- C:\WINDOWS\system32\drivers
2009-03-28 12:05:39 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-03-24 21:35:39 ----D---- C:\WINDOWS\system32
2009-03-24 20:48:16 ----SHD---- C:\WINDOWS\Installer
2009-03-24 20:48:15 ----SHD---- C:\Config.Msi
2009-03-24 20:47:34 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-03-24 20:02:48 ----SHD---- C:\WINDOWS\CSC
2009-03-24 19:54:45 ----A---- C:\WINDOWS\ntbtlog.txt
2009-03-21 18:05:36 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-03-16 00:00:25 ----D---- C:\Program Files\McAfee
2009-03-16 00:00:25 ----D---- C:\Documents and Settings\All Users\Application Data\McAfee
2009-03-15 23:53:08 ----D---- C:\Program Files\GameHouse
2009-03-11 13:47:38 ----D---- C:\Program Files\Support.com
2009-03-11 13:47:36 ----D---- C:\Documents and Settings\All Users\Application Data\Support.com
2009-03-10 18:04:50 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-03-10 17:45:48 ----HD---- C:\WINDOWS\inf
2009-03-10 17:45:46 ----RSHD---- C:\WINDOWS\system32\dllcache
2009-03-10 17:45:39 ----A---- C:\WINDOWS\imsins.BAK
2009-03-10 17:45:35 ----D---- C:\WINDOWS\WinSxS
2009-03-10 17:37:38 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-03-10 14:42:04 ----HD---- C:\WINDOWS\$hf_mig$
2009-03-08 17:29:28 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-03-02 20:08:44 ----A---- C:\WINDOWS\system.ini
2009-03-02 20:07:17 ----D---- C:\WINDOWS\AppPatch
2009-03-02 20:07:06 ----D---- C:\Program Files\Common Files
2009-03-02 20:01:03 ----D---- C:\WINDOWS\ERDNT

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 APPDRV;APPDRV; C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS [2005-08-12 16128]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 mfehidk;McAfee Inc. mfehidk; C:\WINDOWS\system32\drivers\mfehidk.sys [2007-11-22 201320]
R1 MPFP;MPFP; C:\WINDOWS\System32\Drivers\Mpfp.sys [2007-07-13 113952]
R1 omci;OMCI WDM Device Driver; C:\WINDOWS\system32\DRIVERS\omci.sys [2004-02-13 17153]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\S_A_S\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\S_A_S\SASKUTIL.sys []
R1 sscdbhk5;sscdbhk5; C:\WINDOWS\system32\drivers\sscdbhk5.sys [2005-05-13 5627]
R1 ssrtln;ssrtln; C:\WINDOWS\system32\drivers\ssrtln.sys [2005-05-13 23545]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.1.0.1; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2005-08-11 17056]
R2 drvnddm;drvnddm; C:\WINDOWS\system32\drivers\drvnddm.sys [2005-04-21 40544]
R2 dsunidrv;DellSupport UniDriver; C:\WINDOWS\system32\DRIVERS\dsunidrv.sys [2007-02-25 5376]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-03-17 13059]
R2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2004-08-31 11354]
R2 tfsnboio;tfsnboio; C:\WINDOWS\system32\dla\tfsnboio.sys [2005-05-31 25725]
R2 tfsncofs;tfsncofs; C:\WINDOWS\system32\dla\tfsncofs.sys [2005-05-31 34845]
R2 tfsndrct;tfsndrct; C:\WINDOWS\system32\dla\tfsndrct.sys [2005-05-31 4125]
R2 tfsndres;tfsndres; C:\WINDOWS\system32\dla\tfsndres.sys [2005-05-31 2241]
R2 tfsnifs;tfsnifs; C:\WINDOWS\system32\dla\tfsnifs.sys [2005-05-31 86876]
R2 tfsnopio;tfsnopio; C:\WINDOWS\system32\dla\tfsnopio.sys [2005-05-31 15069]
R2 tfsnpool;tfsnpool; C:\WINDOWS\system32\dla\tfsnpool.sys [2005-05-31 6365]
R2 tfsnudf;tfsnudf; C:\WINDOWS\system32\dla\tfsnudf.sys [2005-05-31 98716]
R2 tfsnudfa;tfsnudfa; C:\WINDOWS\system32\dla\tfsnudfa.sys [2005-05-31 100605]
R3 ApfiltrService;Alps Touch Pad Filter Driver for Windows 2000/XP; C:\WINDOWS\system32\DRIVERS\Apfiltr.sys [2004-11-16 108791]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2004-12-04 800768]
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys [2004-05-26 44928]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 DSproct;DSproct; \??\C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys []
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.SYS [2005-05-03 1033728]
R3 HSFHWICH;HSFHWICH; C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys [2005-05-03 208384]
R3 IWCA;Intel Wireless Connection Agent Miniport for Win XP; C:\WINDOWS\system32\DRIVERS\iwca.sys [2004-08-12 234496]
R3 mfeavfk;McAfee Inc. mfeavfk; C:\WINDOWS\system32\drivers\mfeavfk.sys [2007-11-22 79304]
R3 mfebopk;McAfee Inc. mfebopk; C:\WINDOWS\system32\drivers\mfebopk.sys [2007-11-22 35240]
R3 mferkdk;McAfee Inc. mferkdk; C:\WINDOWS\system32\drivers\mferkdk.sys [2007-11-22 33832]
R3 mfesmfk;McAfee Inc. mfesmfk; C:\WINDOWS\system32\drivers\mfesmfk.sys [2007-12-02 40488]
R3 MXOPSWD;Maxtor OneTouch Security Driver; C:\WINDOWS\system32\DRIVERS\mxopswd.sys [2007-05-03 22152]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
R3 STAC97;SigmaTel C-Major Audio; C:\WINDOWS\system32\drivers\STAC97.sys [2005-03-10 273168]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 w29n51;Intel® PRO/Wireless 2200BG Network Connection Driver for Windows XP; C:\WINDOWS\system32\DRIVERS\w29n51.sys [2004-10-21 3210496]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2005-05-03 705408]
S3 bvrp_pci;bvrp_pci; C:\WINDOWS\system32\drivers\bvrp_pci.sys []
S3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-17 117760]
S3 gmer;gmer; C:\WINDOWS\System32\DRIVERS\gmer.sys [2009-03-04 85969]
S3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2004-06-17 1041536]
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 nm;Network Monitor Driver; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-13 40320]
S3 NPF;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2007-06-28 42512]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 SASENUM;SASENUM; \??\C:\Program Files\S_A_S\SASENUM.SYS []
S3 UIUSys;Conexant Setup API; C:\WINDOWS\system32\drivers\UIUSys.sys []
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys []
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2004-12-04 405504]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2004-09-28 195584]
R2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2004-08-10 102912]
R2 EvtEng;EvtEng; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2004-09-07 86016]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-03-10 152984]
R2 Maxtor Sync Service;Maxtor Service; C:\Program Files\Maxtor\Sync\SyncServices.exe [2007-07-13 156976]
R2 MBackMonitor;MBackMonitor; C:\Program Files\McAfee\MBK\MBackMonitor.exe [2007-01-16 71208]
R2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2008-01-09 767976]
R2 McNASvc;McAfee Network Agent; c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe [2008-01-25 2458128]
R2 McProxy;McAfee Proxy Service; c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [2007-08-15 359248]
R2 McShield;McAfee Real-time Scanner; C:\Program Files\McAfee\VirusScan\McShield.exe [2007-07-24 144704]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
R2 MpfService;McAfee Personal Firewall Service; C:\Program Files\McAfee\MPF\MPFSrv.exe [2007-07-18 856864]
R2 NICCONFIGSVC;NICCONFIGSVC; C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe [2006-06-29 376832]
R2 RegSrvc;RegSrvc; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2004-09-07 139264]
R2 S24EventMonitor;Spectrum24 Event Monitor; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2004-09-07 360521]
R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter); C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2008-08-13 201968]
R2 WLANKEEPER;WLANKEEPER; C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe [2004-09-07 225353]
R2 wltrysvc;Dell Wireless WLAN Tray Service; C:\WINDOWS\System32\WLTRYSVC.EXE [2005-12-19 18944]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
R3 McSysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [2007-12-05 695624]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 DSBrokerService;DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [2007-03-07 76848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 McODS;McAfee Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [2007-11-07 378184]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2007-06-28 92792]
S3 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-09-15 38912]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:04:53 PM, on 4/1/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Maxtor\Sync\SyncServices.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\VirusScan\McShield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 205.150.73.3:65208
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {C90DBB52-46E0-4E65-92BC-799ADEE54C86} - C:\PROGRA~1\Flash2X\FLASHP~1\FLASHP~1.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [McAfee Backup] C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [DellSupport-] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Download All by FlashGet - C:\Documents and Settings\owner\My Documents\AD\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Documents and Settings\owner\My Documents\AD\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: ComcastHSI - {28AF5171-19DD-41CA-B714-FA611DC5FD08} - http://www.comcast.net (file missing) (HKCU)
O9 - Extra button: Help - {FCF05CCD-CBFB-4EA2-B68D-7FDB8DA5BC43} - http://www.comcast.net/memberservices/ (file missing) (HKCU)
O9 - Extra button: Support - {FE75A239-4EB9-47C5-AF22-A25EC64BF505} - http://www.comcastsupport.com (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...90/mcinsctl.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/OnlineScanner.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1196447399734
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://chill.comcast.net/gameshell/online/...mjolauncher.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,23/mcgdmgr.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://playgames.comcast.net/Gameshell/Gam...ronGameHost.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 12490 bytes

#4 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:05:42 PM

Posted 04 April 2009 - 02:22 PM

Step 1

You may want to print this page. Make sure to work through the fixes in the order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes.

Step 2

Ensure that you have the latest version of Adobe® Reader®. If you do not have the latest version, you may want to download the latest version, Adobe® Reader® 9.

Step 3

Let’s run ATF-Cleaner to ensure no malware is hiding in temporary folders and for general computer cleanup to free space on your computer.
  • Please download the ATF-Cleaner by Atribune.
  • Double-click ATF-Cleaner.exe to run the program.
  • Check the boxes to the left of:
    • Windows Temp
    • Current User Temp
    • All Users Temp
    • Temporary Internet Files
    • Prefetch (Windows XP) only
    • Java Cache
  • The rest are optional - if you want to remove them all, check Select All.
  • Click the Empty Selected button.
  • When you get the Done Cleaning message, click OK.
  • Follow the same steps for Firefox or Opera. You have the option of checking No if you want to save your passwords.
  • Click Exit on the Main menu to close the program.
Step 4

In Normal Mode, run an online malware check from at least two and preferably three (one may catch something that another one may not) of the following sites
BitDefender
Kaspersky Online Virus Scanner
McAfee FreeScan
Panda's ActiveScan
Trend Micro™ HouseCall
Windows Live Safety Center Free Online Scan
WindowSecurity.com TrojanScan
When you have completed the scans, if you get a report of files that cannot be cleaned / deleted, make a note of the file location of anything that cannot be cleaned / deleted. Please edit the log(s) and remove:
  • items listed as "Object is locked skipped"
  • items reported that are in a quarantine folder
Please post the edited list in your next reply.

Step 5
  • Please download Ad-Aware Free - Anniversary Edition to your desktop. The Ad-Aware Free - Anniversary Edition installation file will be Ad-AwareAE.exe.
  • Double-click the file and follow the on-screen instructions in the Installation Wizard to install.
  • When the Please Enter Your License Information screen appears, click Cancel and Ad-Aware Free - Anniversary Edition will be installed.
  • When the Ad-Aware Free - Anniversary Edition Has Been Successfully Installed Screen appears, click Finish to complete the installation and to launch Ad-Aware Free - Anniversary Edition.
  • The Status screen will appear. You will see four sections.
    • System Protection Status section where you will see Real Time Protection with a check in the Off dialog box and Automatic Updates with a check in the On dialog box.
    • Update Status section
    • System Scan section
    • License Status section where you will see that the Type: will be Free Edition and License Expires in: Never.
  • In the list on the left of the screen, click Scan. You will be given a choice of Smart Scan, Full Scan, and Custom Scan. (Scheduler on the right of the screen is only available in Ad-Aware 2008 Plus and Ad-Aware Pro.)
  • In the list on the left of the screen, click Settings > Scanning tab. Use the default settings unless you see some changes that you want to make.
  • In the list on the left of the screen, click Status. In the System Scan section, click Scan Now.
  • When the scan finishes, the Critical Objects tab window appears.
  • Under Scan Results, you will see the list of Critical Objects that Ad-Aware Free - Anniversary Edition found. You are given three choices, Add to ignore, Quarantine, Remove, and System Restore. You may choose to create a System Restore Point prior to removing any objects that you are unsure of removing or after a scan when you know the system is clean. If Critical Objects are found, select all objects found (right click anywhere in the list of found objects and click "Select All Objects").
  • Click Remove.
  • If no Critical Objects are found, click the Privacy Objects tab.
  • If there are Privacy Objects listed, select all objects found (right click anywhere in the list of found objects and click "Select All Objects"). Select Add to ignore or Remove..
  • Click Remove.
  • If no Privacy Objects are found, click the Log File tab to see the statistics of the Ad-Aware Free - Anniversary Edition scan.
  • Click Finish.
  • The next screen shows you the Scan Summary in the left panel and System Restore in the right panel.
    • You may choose to create a System Restore Point prior to removing any objects that you are unsure of removing or after a scan when you know the system is clean. If you choose to create a System Restore Point, click Set.
    • You may want to export the results Click Export and save the log on your computer .
    • Click Scan Again to repeat the scan.
  • You will be returned to the Status screen. Click on the X in the upper right corner to exit Ad-Aware Free - Anniversary Edition.
Step 6

Boot into Safe Mode safely (without networking support !)
  • If your computer is running, shut down Windows, then turn the power off.
  • Wait 30 seconds, then turn the computer on, and begin tapping the F8 key (if this doesn't work try the F5 key).
  • The Windows Advanced Options Menu appears.
  • Select Safe Mode using the up/down arrow keys.
  • Click Enter.
  • Log on with an account with administrator privileges, usually your own account (NOT the account named Administrator).
If you cannot boot into safe mode using this method, it is important that you let me know.

Do not attempt to boot into Safe Mode using MSCONFIG

If you do so, you may be unable to boot your computer or your computer may enter a "Safe Mode Boot Loop".


An infected computer is not stable. By using the /SAFEBOOT option in MSCONFIG, you are altering your Boot.ini file to make it boot ONLY in Safe Mode. If your computer fails to boot into Safe Mode, as it may well do, then you will be left in a position where your computer will not boot at all or your computer will enter a Safe Mode Boot Loop.

Because your Safe Mode Registry Entries have been damaged by your computer infection, your computer cannot boot into Safe Mode or is in a Safe Mode Boot Loop. You cannot boot to Normal Mode (because of the alterations you made to your Boot.ini file), so now you are left with a computer that will not boot into Safe Mode or Normal Mode or will be in a Safe Mode Boot Loop. This is not a situation you want to be in.

Do not use the BOOTSAFE option in Super Anti-Spyware or use BOOTSAFE by SUPERAdBlocker. Both of these do the same thing as MSCONFIG.

If F8/F5 doesn't work, TELL ME!

There are tools we can use to repair your faulty Safe Mode condition, but these can only be used so long as you are able to boot your computer.

Step 7

If you still have Malwarebytes installed, run it in Safe Mode.

Malwarebytes' Anti-Malware is FREEWARE, however you may upgrade to the PRO version which contains realtime protection, scheduled scanning and updating.
  • Please download Malwarebytes Anti-Malware (MBAM). Alternate download link
  • Double-click on Download_mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing scan. If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from the Malware Bytes Web site. Scroll down the page until you see Latest Database; click Download from GT500.org
  • Double-click on mbam-rules.exe to install.
  • On the Scanner tab, make sure the Perform Quick Scan option is selected.
  • Click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and Scan in progress will show at the top. It may take some time to complete; please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully.
  • At the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
  • Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
Step 8

Reboot to Normal Mode.

Step 9
  • Please download SUPERAntiSpyware (SAS) - SUPERAntiSpyware Free Version For Home Users
  • Install it and double-click the icon on your desktop to run it.
  • It will ask if you want to update the program definitions, click Yes.
  • Under Configuration and Preferences, click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options, make sure the following are checked:
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
    • Please leave the others unchecked.
  • Click the Close button to leave the control center screen.
  • On the main screen, under Scan for Harmful Software, click Scan your computer.
  • On the left, check C:\Fixed Drive.
  • On the right, under Complete Scan, choose Perform Complete Scan.
  • Click Next to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a summary box will appear. Click OK.
  • Make sure everything in the white box has a check next to it, then click Next.
  • It will quarantine what it found and if it asks if you want to reboot, click Yes.
  • To retrieve the removal information, please do the following:
    • After reboot, double-click the SUPERAntispyware icon on your desktop.
    • Click Preferences. Click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • It will open in your default text editor (such as Notepad/Wordpad).
    • Please highlight everything in the notepad, then right-click and choose Copy.
    • Click Close and Close again to exit the program.
  • Please post that information with a new HijackThis log.
Step 10

Check your computer with anti-rootkit applications. I recommend avast! antirootkit or Trend Micro RootkitBuster.

Step 11

Check to see if you have insecure applications with
Secunia Software Inspector. Secunia Software Inspector:
  • Detects insecure versions of common/popular programs installed on your computer.
  • Verifies that all Microsoft patches are applied.
  • Assists you in updating, patching, and protecting your computer.
  • Activates additional security features in Sun Java.
  • Runs through your browser. No installation or download is required.
Step 12

Optional Fixes is the name that we use for fixes for unnecessary programs that load during startup and run in the background. These programs are not required to start automatically as you can start them manually if you need them. You would be removing the program from your startup but you would not be removing the program itself.

Your computer may be sluggish due to the many programs loading during startup and running in the background that are not necessary. Windows has a facility for starting programs at startup time. Some of these programs are required for your computer and the applications installed on it to run correctly. A good example of such a program is a virus-checking application that must always run, constantly checking for and isolating or removing files with viruses. Other such programs are not strictly required, or are optional. In some cases, you can gain significant performance enhancements by disabling the automatic startup of these programs. In many cases, the functionality offered by the programs is still available by starting the programs manually by, for example, starting the program from the Windows Start->Programs menu. Media players and instant messaging programs often fall into this category. In fact, it is common for many modern software applications, when installed, to add programs at startup that add items to the system tray or shortcut (context) menus in Windows Explorer to provide quick access to the features and functions of these applications. While they may be useful, they do increase boot time and consume system resources. It is advised that you disable these programs so that they do not take up necessary resources or slow the boot time.

Other than ScanRegistry, SystemTray, StateMgr, antivirus program entries, and firewall program entries, very few others need to load and run.

Read the articles below to see if it applies to your computer problem with being slow to respond.
Slow_Computer_Check_here_first_it_may_not_be_malware.
Help! My computer is slow!
50 Tips for a Super Fast PC
4 Ways to Speed Up Your Computer's Performance
It's not always malware: How to fix the top 10 Internet Explorer issues

If you decide that you want to stop the Optional Fixes in your startup, let me know and I will give you a list with instructions. You would be removing the program from your startup but you would not be removing the program itself.

Step 13
  • Please download OTScanIt2.exe  to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt2 on your desktop.
  • Open the OTScanIt2 folder and double-click on OTScanIt.exe to start the program. Make sure you close all other programs and do not use the computer while the scan runs.
  • Click the Run Scan button on the toolbar. Make sure not to use the computer while the program is running or it will freeze.
  • When the scan is complete, Notepad will open with the report file.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is, click on it to uncheck it.
Use the Add Reply button and post the information in your next reply. I will review it when it comes in. The last line is < End of Report >, so make sure that is the last line in your reply. If necessary, use more than one post.

Step 14

Please run HijackThis in Normal Mode and post:
  • the list of file names and locations for any files that cannot be cleaned / deleted that were reported after you completed the online scans.
  • the log from MalwareBytes
  • the log from SUPERAntiSpyware
  • the report from OTScanIt2.
  • a new HijackThis log
Please advise me of any problems you still have.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#5 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:05:42 PM

Posted 05 April 2009 - 01:41 PM

I will keep this topic open per your request.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#6 Bossy22

Bossy22
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:42 PM

Posted 16 April 2009 - 05:56 PM

Hi Sue-

Thanks for keeping this topic open, there were a lot of steps and procedures to perform and there's only so many hours in the day!

OK, I updated to the latest version of Adobe Reader and ran ATF-Cleaner.

I ran BitDefender and here is the text file of the results.
Please let me know if it is hard to read and I'll post it however is best for you:

BitDefender Online Scanner -Scan ReportBitDefender Online Scanner
Scan report generated at: Mon, Apr 06, 2009 - 23:09:54

Scan path: C:\Documents and Settings\owner\Local Settings\Application
Data\Microsoft\Messenger\<Bossy22 REMOVED LOGIN INFO>@hotmail.com\Sharing
Folders;C:\Documents and Settings\owner\My Documents;C:\Documents and
Settings\All Users\Documents;C:\;D:\;C:\Documents and Settings\owner\My
Documents;C:\Documents and Settings\owner\Desktop\Adobe Reader 9
Installer;C:\Documents and Settings\owner\Desktop\FileFind;C:\Documents
and Settings\owner\Desktop\gmer;C:\Documents and
Settings\owner\Desktop\OTScanIt2;C:\Documents and
Settings\owner\Desktop\RegSrch;C:\Documents and
Settings\owner\Desktop\Unused Desktop Shortcuts;

Statistics
Time02:11:31
Files327431
Folders12905
Boot Sectors0
Archives6400
Packed Files16353

Results
Identified Viruses 7
Infected Files 20
Suspect Files 0
Warnings0
Disinfected0
Deleted Files20

Engines Info
Virus Definitions2828975
Engine buildAVCORE v1.7 (build 8314.19) (i386) (Sep 29 2008
17:19:14)
Scan plugins17
Archive plugins45
Unpack plugins7
E-mail plugins6
System plugins4

Scan Settings
First ActionDisinfect
Second ActionDelete
HeuristicsYes
Enable WarningsYes
Scanned Extensions*;
Exclude Extensions
Scan EmailsYes
Scan ArchivesYes
Scan PackedYes
Scan FilesYes
Scan BootYes

Scanned File Status
C:\Documents and Settings\owner\My Documents\AD\FlashGet\BACKUP\CD_INSTALL277.EXE=>(ZIP Sfxs)=>cd_clint.dll Detected with: Adware.Cydoor.4
C:\Documents and Settings\owner\My Documents\AD\FlashGet\BACKUP\CD_INSTALL277.EXE=>(ZIP Sfxs)=>cd_clint.dll Deleted
C:\Documents and Settings\owner\My Documents\AD\FlashGet\BACKUP\CD_INSTALL277.EXE=>(ZIP Sfx s) Updated
C:\Documents and Settings\owner\My Documents\AD\FlashGet\BACKUP\CD_INSTALL277.EXE Update failed
C:\Documents and Settings\owner\Application Data\Move Networks\MoveMediaPlayer_07076007.exeInfected with: Backdoor.Generic.95440
C:\Documents and Settings\owner\Application Data\Move Networks\MoveMediaPlayer_07076007.exe Deleted
C:\Documents and Settings\owner\Application Data\Move Networks\MoveMediaPlayer_07103010.exe Infected with: Backdoor.Generic.121567
C:\Documents and Settings\owner\Application Data\Move Networks\MoveMediaPlayer_07103010.exe Deleted
C:\Documents and Settings\owner\My Documents\AD\FlashGet\BACKUP\CD_INSTALL277.EXE=>(ZIP Sfxs)=>cd_clint.dllDetected with: Adware.Cydoor.4
C:\Documents and Settings\owner\My Documents\AD\FlashGet\BACKUP\CD_INSTALL277.EXE=>(ZIP Sfxs)=>cd_clint.dll Deleted
C:\Documents and Settings\owner\My Documents\AD\FlashGet\BACKUP\CD_INSTALL277.EXE=>(ZIP Sfx s) Updated
C:\Documents and Settings\owner\My Documents\AD\FlashGet\BACKUP\CD_INSTALL277.EXE Update failed
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP946\A0070618.exe Infected with: Trojan.Inject.UB
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP946\A0070618.exe Deleted
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP968\A0074316.exe Infected with: Backdoor.Generic.95440
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP968\A0074316.exe Deleted
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP968\A0074317.exe Infected with: Backdoor.Generic.121567
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP968\A0074317.exe Deleted
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP968\A0074318.exe Deleted
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP968\A0074319.exe Deleted
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP968\A0074320.exe Deleted
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP968\A0074321.exe Deleted
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP968\A0074322.exe Deleted
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP968\A0074323.exe Deleted
C:\Documents and Settings\owner\My Documents\AD\FlashGet\BACKUP\CD_INSTALL277.EXE=>(ZIP Sfxs)=>cd_clint.dll Detected with: Adware.Cydoor.4
C:\Documents and Settings\owner\My Documents\AD\FlashGet\BACKUP\CD_INSTALL277.EXE=>(ZIP Sfxs)=>cd_clint.dll Deleted
C:\Documents and Settings\owner\My Documents\AD\FlashGet\BACKUP\CD_INSTALL277.EXE=>(ZIP Sfx s)Updated
C:\Documents and Settings\owner\My Documents\AD\FlashGet\BACKUP\CD_INSTALL277.EXE Update failed



WindowSecurity.com TrojanScan I just noticed that Heuristics were turned off; should I rerun and post new results?

a-squared Web Malware Scanner v. 4.0

Scan settings:

Objects: Memory, Traces, Cookies, C:\, E:\, F:\
Scan archives: On
Heuristics: Off
ADS Scan: On

Scan start: 4/6/2009 11:30:18 PM

c:\program files\divx\divx pro codec\config.exe detected: Trace.File.DivX 5.0.3 Pro Bundle!A2
c:\program files\divx\divx pro codec\divx.com.url detected: Trace.File.DivX 5.0.3 Pro Bundle!A2
c:\program files\divx\divx pro codec\license.txt detected: Trace.File.DivX 5.0.3 Pro Bundle!A2
c:\program files\divx\divx pro codec\readme.txt detected: Trace.File.DivX 5.0.3 Pro Bundle!A2
c:\documents and settings\all users\start menu\programs\divx\divx pro codec\divx.com.lnk detected: Trace.File.DivX 5.0.3 Pro Bundle!A2
Value: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\XP_AntiSpyware --> Order detected: Trace.Registry. XP Antispyware 2009!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Freeze.com\Installer --> id detected: Trace.Registry.EZ Game Cheats!A2
Key: HKEY_CURRENT_USER\software\kazaa detected: Trace.Registry.KaZaA!A2
C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\wktw0cxn.default\cookies.sqlite:1230515747515625 detected: Trace.TrackingCookie.pop!A2
C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\wktw0cxn.default\cookies.sqlite:1230515749078125 detected: Trace.TrackingCookie.com!A2
C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\wktw0cxn.default\cookies.sqlite:1230515749109375 detected: Trace.TrackingCookie.com!A2
C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\wktw0cxn.default\cookies.sqlite:1230515749125000 detected: Trace.TrackingCookie.com!A2
C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\wktw0cxn.default\cookies.sqlite:1230515751640625 detected: Trace.TrackingCookie.pop!A2
C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\wktw0cxn.default\cookies.sqlite:1230515751656250 detected: Trace.TrackingCookie.pop!A2
C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\wktw0cxn.default\cookies.sqlite:1230515752328125 detected: Trace.TrackingCookie.count!A2
C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\wktw0cxn.default\cookies.sqlite:1230515752343750 detected: Trace.TrackingCookie.count!A2
C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\wktw0cxn.default\cookies.sqlite:1230515752437500 detected: Trace.TrackingCookie.count!A2
C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\wktw0cxn.default\cookies.sqlite:1230515752453125 detected: Trace.TrackingCookie.count!A2
C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\wktw0cxn.default\cookies.sqlite:1230515756328126 detected: Trace.TrackingCookie.humanclick!A2
C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\wktw0cxn.default\cookies.sqlite:1230515756500000 detected: Trace.TrackingCookie.humanclick!A2
C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\wktw0cxn.default\cookies.sqlite:1230515758125000 detected: Trace.TrackingCookie.webtrends!A2
C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\wktw0cxn.default\cookies.sqlite:1230515758828126 detected: Trace.TrackingCookie.agent!A2
C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\wktw0cxn.default\cookies.sqlite:1230515758843750 detected: Trace.TrackingCookie.agent!A2
C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\wktw0cxn.default\cookies.sqlite:1230515758875000 detected: Trace.TrackingCookie.agent!A2
C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\wktw0cxn.default\cookies.sqlite:1230515759218750 detected: Trace.TrackingCookie.humanclick!A2
C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\wktw0cxn.default\cookies.sqlite:1230515759437501 detected: Trace.TrackingCookie.humanclick!A2
C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\wktw0cxn.default\cookies.sqlite:1230515759437502 detected: Trace.TrackingCookie.humanclick!A2
C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\wktw0cxn.default\cookies.sqlite:1230515762781250 detected: Trace.TrackingCookie.pop!A2
C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\wktw0cxn.default\cookies.sqlite:1230515772890625 detected: Trace.TrackingCookie.webtrends!A2
C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\wktw0cxn.default\cookies.sqlite:1230515772937500 detected: Trace.TrackingCookie.count!A2
C:\Program Files\Dell Support Center\HWDiag\bin\pcdrmodem.p5x detected: Heuristic.Dialer.RAS!A2

Scanned

Files: 94002
Traces: 377317
Cookies: 1028
Processes: 66

Found

Files: 1
Traces: 10
Cookies: 22
Processes: 0

Scan end: 4/7/2009 12:50:30 AM
Scan time: 1:20:12 AM


I'll post the next set of results in a new reply.

#7 Bossy22

Bossy22
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:42 PM

Posted 16 April 2009 - 06:12 PM

Step 5 Ad-Aware
I actually ran this twice because I ran into a scary time when my McAfee kept getting turned off. I'll post the most recent results.
I noticed that Ad-Aware may have created a new version of the application; it appeared quite different than how I expected as per your instructions.
I did the best I could to configure the way you instructed, I hope I did it properly.
Please advise if I need to rerun.


Logfile created: 4/14/2009 12:0:42
Lavasoft Ad-Aware version: 8.0.3
Extended engine version: 8.1
User performing scan: owner

*********************** Definitions database information ***********************
Lavasoft definition file: 148.8
Extended engine definition file: 8.1

******************************** Scan results: *********************************
Scan profile name: Smart Scan (ID: smart)
Objects scanned: 42384
Objects detected: 0


Type Detected
==========================
Processes.......: 0
Registry entries: 0
Hostfile entries: 0
Files...........: 0
Folders.........: 0
LSPs............: 0
Cookies.........: 0
Browser hijacks.: 0
MRU objects.....: 0



Scan and cleaning complete: Finished correctly after 302 seconds

*********************************** Settings ***********************************

Scan profile:
ID: smart, enabled:1, value: Smart Scan
ID: scancriticalareas, enabled:1, value: true
ID: scanrunningapps, enabled:1, value: true
ID: scanregistry, enabled:1, value: true
ID: scanlsp, enabled:1, value: true
ID: scanads, enabled:1, value: false
ID: scanhostsfile, enabled:1, value: false
ID: scanmru, enabled:1, value: false
ID: scanbrowserhijacks, enabled:1, value: true
ID: scantrackingcookies, enabled:1, value: true
ID: closebrowsers, enabled:1, value: false
ID: folderstoscan, enabled:1, value:
ID: scanrootkits, enabled:1, value: true
ID: usespywareheuristics, enabled:1, value: true
ID: extendedengine, enabled:0, value: true
ID: useheuristics, enabled:0, value: true
ID: heuristicslevel, enabled:0, value: mild, domain: medium,mild,strict
ID: filescanningoptions, enabled:1
ID: archives, enabled:1, value: false
ID: onlyexecutables, enabled:1, value: true
ID: skiplargerthan, enabled:1, value: 20480

Scan global:
ID: global, enabled:1
ID: addtocontextmenu, enabled:1, value: false
ID: playsoundoninfection, enabled:1, value: false
ID: soundfile, enabled:0, value: *to be filled in automatically*\alert.wav

Scheduled scan settings:
<Empty>

Update settings:
ID: updates, enabled:1
ID: launchthreatworksafterscan, enabled:1, value: off, domain: normal,off,silently
ID: displaystatus, enabled:1, value: false
ID: deffiles, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall
ID: autodetectproxy, enabled:1, value: false
ID: useautoconfigscript, enabled:1, value: false
ID: autoconfigurl, enabled:0, value:
ID: useproxy, enabled:1, value: false
ID: proxyserver, enabled:0, value:
ID: softwareupdates, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall
ID: licenseandinfo, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall
ID: schedules, enabled:1, value: true
ID: updatedaily, enabled:1, value: Daily
ID: time, enabled:1, value: Tue Apr 07 19:42:00 2009
ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: false
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false
ID: updateweekly, enabled:1, value: Weekly
ID: time, enabled:1, value: Tue Apr 07 19:42:00 2009
ID: frequency, enabled:1, value: weekly, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: true
ID: tuesday, enabled:1, value: true
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false

Appearance settings:
ID: appearance, enabled:1
ID: skin, enabled:1, value: default.egl, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Resource
ID: showtrayicon, enabled:1, value: true
ID: language, enabled:1, value: en, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Language

Realtime protection settings:
ID: realtime, enabled:1
ID: processprotection, enabled:1, value: true
ID: registryprotection, enabled:0, value: false
ID: networkprotection, enabled:0, value: false
ID: loadatstartup, enabled:1, value: true
ID: usespywareheuristics, enabled:0, value: false
ID: extendedengine, enabled:0, value: false
ID: useheuristics, enabled:0, value: false
ID: heuristicslevel, enabled:0, value: mild, domain: medium,mild,strict
ID: infomessages, enabled:1, value: onlyimportant, domain: display,dontnotify,onlyimportant


****************************** System information ******************************
Computer name: ME
Processor name: Intel® Pentium® M processor 2.00GHz
Processor identifier: x86 Family 6 Model 13 Stepping 8
Raw info: processorarchitecture 0, processortype 586, processorlevel 6, processor revision 3336, number of processors 1
Physical memory available: 296325120 bytes
Physical memory total: 1073111040 bytes
Virtual memory available: 2049060864 bytes
Virtual memory total: 2147352576 bytes
Memory load: 72%
Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Windows startup mode:

Running processes:
PID: 964 name: \SystemRoot\System32\smss.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1072 name: \??\C:\WINDOWS\system32\csrss.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1096 name: \??\C:\WINDOWS\system32\winlogon.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1140 name: C:\WINDOWS\system32\services.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1152 name: C:\WINDOWS\system32\lsass.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1328 name: C:\WINDOWS\system32\Ati2evxx.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1340 name: C:\WINDOWS\system32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1500 name: C:\WINDOWS\system32\svchost.exe owner: NETWORK SERVICE domain: NT AUTHORITY
PID: 1688 name: C:\WINDOWS\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1736 name: C:\Program Files\Intel\Wireless\Bin\EvtEng.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1824 name: C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1864 name: C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1916 name: C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe owner: owner domain: ME
PID: 1968 name: C:\WINDOWS\system32\Ati2evxx.exe owner: owner domain: ME
PID: 160 name: C:\WINDOWS\Explorer.EXE owner: owner domain: ME
PID: 196 name: C:\WINDOWS\system32\svchost.exe owner: NETWORK SERVICE domain: NT AUTHORITY
PID: 424 name: C:\WINDOWS\system32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY
PID: 808 name: C:\WINDOWS\System32\WLTRYSVC.EXE owner: SYSTEM domain: NT AUTHORITY
PID: 820 name: C:\WINDOWS\System32\bcmwltry.exe owner: SYSTEM domain: NT AUTHORITY
PID: 980 name: C:\WINDOWS\system32\spoolsv.exe owner: SYSTEM domain: NT AUTHORITY
PID: 292 name: C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe owner: owner domain: ME
PID: 732 name: C:\Program Files\Bonjour\mDNSResponder.exe owner: SYSTEM domain: NT AUTHORITY
PID: 764 name: C:\WINDOWS\eHome\ehRecvr.exe owner: SYSTEM domain: NT AUTHORITY
PID: 792 name: C:\WINDOWS\eHome\ehSched.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1020 name: C:\Program Files\Java\jre6\bin\jqs.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1728 name: C:\Program Files\Maxtor\Sync\SyncServices.exe owner: SYSTEM domain: NT AUTHORITY
PID: 464 name: C:\Program Files\McAfee\MBK\MBackMonitor.exe owner: SYSTEM domain: NT AUTHORITY
PID: 628 name: C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1640 name: c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1216 name: c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1268 name: C:\Program Files\McAfee\VirusScan\McShield.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1560 name: C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE owner: SYSTEM domain: NT AUTHORITY
PID: 2100 name: C:\Program Files\McAfee\MPF\MPFSrv.exe owner: SYSTEM domain: NT AUTHORITY
PID: 2236 name: C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe owner: SYSTEM domain: NT AUTHORITY
PID: 2420 name: C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe owner: SYSTEM domain: NT AUTHORITY
PID: 2580 name: C:\Program Files\Dell Support Center\bin\sprtsvc.exe owner: SYSTEM domain: NT AUTHORITY
PID: 2680 name: C:\WINDOWS\system32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 3068 name: c:\PROGRA~1\mcafee.com\agent\mcagent.exe owner: owner domain: ME
PID: 3660 name: C:\WINDOWS\system32\wbem\wmiprvse.exe owner: SYSTEM domain: NT AUTHORITY
PID: 3984 name: C:\WINDOWS\system32\dllhost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 2512 name: C:\WINDOWS\System32\alg.exe owner: LOCAL SERVICE domain: NT AUTHORITY
PID: 2940 name: C:\WINDOWS\ehome\ehtray.exe owner: owner domain: ME
PID: 2952 name: C:\Program Files\Apoint\Apoint.exe owner: owner domain: ME
PID: 2968 name: C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe owner: owner domain: ME
PID: 3288 name: C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe owner: owner domain: ME
PID: 3452 name: C:\Program Files\Dell\QuickSet\quickset.exe owner: owner domain: ME
PID: 3476 name: C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe owner: owner domain: ME
PID: 3512 name: C:\WINDOWS\eHome\ehmsas.exe owner: owner domain: ME
PID: 3528 name: C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe owner: owner domain: ME
PID: 3556 name: C:\Program Files\BroadJump\Client Foundation\CFD.exe owner: owner domain: ME
PID: 3576 name: C:\WINDOWS\system32\dla\tfswctrl.exe owner: owner domain: ME
PID: 3632 name: C:\WINDOWS\system32\WLTRAY.exe owner: owner domain: ME
PID: 3012 name: C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe owner: owner domain: ME
PID: 3924 name: C:\Program Files\Apoint\Apntex.exe owner: owner domain: ME
PID: 416 name: C:\Program Files\Dell Support Center\bin\sprtcmd.exe owner: owner domain: ME
PID: 3820 name: C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe owner: owner domain: ME
PID: 2592 name: C:\Program Files\Java\jre6\bin\jusched.exe owner: owner domain: ME
PID: 3488 name: C:\Program Files\DellSupport\DSAgnt.exe owner: owner domain: ME
PID: 1636 name: C:\WINDOWS\system32\ctfmon.exe owner: owner domain: ME
PID: 3788 name: C:\Program Files\Digital Line Detect\DLG.exe owner: owner domain: ME
PID: 3548 name: C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe owner: owner domain: ME
PID: 1624 name: C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1844 name: C:\Program Files\iPod\bin\iPodService.exe owner: SYSTEM domain: NT AUTHORITY
PID: 3208 name: C:\Program Files\Common Files\Real\Update_OB\realsched.exe owner: owner domain: ME
PID: 5228 name: C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe owner: owner domain: ME
PID: 696 name: C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe owner: SYSTEM domain: NT AUTHORITY
PID: 4468 name: C:\WINDOWS\system32\wbem\unsecapp.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1940 name: C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe owner: owner domain: ME

Startup items:
Name: PostBootReminder imagepath: {7849596a-48ea-486e-8937-a2a3009f31a9}
Name: CDBurn imagepath: {fbeb8a05-beee-4442-804e-409d6c4515e9}
Name: WebCheck imagepath: {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
Name: SysTray imagepath: {35CEC8A3-2BE6-11D2-8773-92E220524153}
Name: {438755C2-A8BA-11D1-B96B-00A0C90312E1} imagepath: Browseui preloader
Name: {8C7461EF-2B13-11d2-BE35-3078302C2030} imagepath: Component Categories cache daemon
Name: ehTray imagepath: C:\WINDOWS\ehome\ehtray.exe
Name: Apoint imagepath: C:\Program Files\Apoint\Apoint.exe
Name: IntelWireless imagepath: C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
Name: ATIPTA imagepath: C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
Name: Dell QuickSet imagepath: C:\Program Files\Dell\QuickSet\quickset.exe
Name: DVDLauncher imagepath: "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
Name: ISUSPM Startup imagepath: C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
Name: ISUSScheduler imagepath: "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
Name: BJCFD imagepath: C:\Program Files\BroadJump\Client Foundation\CFD.exe
Name: dla imagepath: C:\WINDOWS\system32\dla\tfswctrl.exe
Name: Broadcom Wireless Manager UI imagepath: C:\WINDOWS\system32\WLTRAY.exe
Name: dscactivate imagepath: "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
Name: mxomssmenu imagepath: "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"
Name: DellSupportCenter imagepath: "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
Name: mcagent_exe imagepath: C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
Name: McAfee Backup imagepath: C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe


Steps 6 & 7
I had no issues when booting up in Safe Mode and MBAM found nothing.

I will post the next set of results in a new reply

#8 Bossy22

Bossy22
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:42 PM

Posted 16 April 2009 - 06:40 PM

Step 9 SuperAntiSpyware (SAS) & New HijackThis log

SAS found only tracking cookies which I had SAS delete.

Here is a brand new HijackThis log run just moments ago:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:18:37 PM, on 4/16/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Maxtor\Sync\SyncServices.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\VirusScan\McShield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 205.150.73.3:65208
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {C90DBB52-46E0-4E65-92BC-799ADEE54C86} - C:\PROGRA~1\Flash2X\FLASHP~1\FLASHP~1.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [McAfee Backup] C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [DellSupport-] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Download All by FlashGet - C:\Documents and Settings\owner\My Documents\AD\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Documents and Settings\owner\My Documents\AD\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: ComcastHSI - {28AF5171-19DD-41CA-B714-FA611DC5FD08} - http://www.comcast.net (file missing) (HKCU)
O9 - Extra button: Help - {FCF05CCD-CBFB-4EA2-B68D-7FDB8DA5BC43} - http://www.comcast.net/memberservices/ (file missing) (HKCU)
O9 - Extra button: Support - {FE75A239-4EB9-47C5-AF22-A25EC64BF505} - http://www.comcastsupport.com (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...90/mcinsctl.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/OnlineScanner.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1196447399734
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://chill.comcast.net/gameshell/online/...mjolauncher.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,23/mcgdmgr.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://playgames.comcast.net/Gameshell/Gam...ronGameHost.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 14196 bytes



Step 10
I ran Trend Micro RootkitBuster and nothing was found.


+----------------------------------------------------
| Trend Micro RootkitBuster
| Module version: 2.52.0.1013
+----------------------------------------------------


--== Dump Hidden MBR and Hidden File on C:\ ==--
No hidden files found.

--== Dump Hidden Registry Value on HKLM ==--
No hidden registry entries found.


--== Dump Hidden Process ==--
No hidden processes found.

--== Dump Hidden Driver ==--
No hidden drivers found.



I also ran Secunia Software Inspector and found several applications that were out of date.
I updated them to the most current versions.
This was a very helpful tool and I greatly appreciate the link.
I will check it periodically as I was surprised that apps that you expect to update automatically or at least prompt you, were still out of date.


Step 12 Optional Fixes
Sue, I am very interested in optimizing the efficiencies of my computer as it is quite old and only has 1G of memory.
I would love to be able to turn off anything I can in the start up and programs/apps I can start manually when needed.


I will post the next set of results in the next reply

#9 Bossy22

Bossy22
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:42 PM

Posted 16 April 2009 - 06:41 PM

Step 13 OTScanIt2
Here are the results of the scan:

OTScanIt2 logfile created on: 4/14/2009 11:54:06 AM - Run 2
OTScanIt2 by OldTimer - Version 1.0.8.0	 Folder = C:\Documents and Settings\owner\Desktop\OTScanIt2
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1023.40 Mb Total Physical Memory | 330.41 Mb Available Physical Memory | 32.29% Memory free
2.40 Gb Paging File | 1.96 Gb Available in Paging File | 81.64% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072;
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 51.19 Gb Total Space | 12.27 Gb Free Space | 23.96% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 698.64 Gb Total Space | 116.54 Gb Free Space | 16.68% Space Free | Partition Type: NTFS
Drive F: | 931.51 Gb Total Space | 497.32 Gb Free Space | 53.39% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: ME
Current User Name: owner
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On
File Age = 30 Days
 
[Processes - Safe List]
1xconfig.exe -> %ProgramFiles%\Intel\Wireless\Bin\1XConfig.exe -> [2004/09/07 17:03:40 | 00,245,760 | ---- | M] (Intel)
apntex.exe -> %ProgramFiles%\Apoint\Apntex.exe -> [2004/08/19 15:40:08 | 00,045,056 | ---- | M] (Alps Electric Co., Ltd.)
apoint.exe -> %ProgramFiles%\Apoint\Apoint.exe -> [2004/09/13 17:33:20 | 00,155,648 | ---- | M] (Alps Electric Co., Ltd.)
applemobiledeviceservice.exe -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> [2009/03/06 00:04:30 | 00,132,424 | ---- | M] (Apple Inc.)
ati2evxx.exe -> %SystemRoot%\system32\Ati2evxx.exe -> [2004/12/04 04:32:34 | 00,405,504 | ---- | M] (ATI Technologies Inc.)
ati2evxx.exe -> %SystemRoot%\system32\Ati2evxx.exe -> [2004/12/04 04:32:34 | 00,405,504 | ---- | M] (ATI Technologies Inc.)
atiptaxx.exe -> %ProgramFiles%\ATI Technologies\ATI Control Panel\atiptaxx.exe -> [2004/12/03 22:00:00 | 00,344,064 | ---- | M] (ATI Technologies, Inc.)
bcmwltry.exe -> %SystemRoot%\System32\bcmwltry.exe -> [2005/12/19 09:08:40 | 01,200,128 | ---- | M] (Dell Inc.)
cfd.exe -> %ProgramFiles%\BroadJump\Client Foundation\CFD.exe -> [2001/12/17 11:18:06 | 00,483,394 | ---- | M] (BroadJump, Inc.)
dlg.exe -> %ProgramFiles%\Digital Line Detect\DLG.exe -> [2003/10/29 04:06:00 | 00,024,576 | ---- | M] (BVRP Software)
dsagnt.exe -> %ProgramFiles%\DellSupport\DSAgnt.exe -> [2007/03/15 11:09:36 | 00,460,784 | ---- | M] (Gteko Ltd.)
dvdlauncher.exe -> %ProgramFiles%\CyberLink\PowerDVD\DVDLauncher.exe -> [2005/02/23 17:19:56 | 00,053,248 | ---- | M] (CyberLink Corp.)
ehmsas.exe -> %SystemRoot%\eHome\ehmsas.exe -> [2004/08/10 05:04:36 | 00,045,568 | ---- | M] (Microsoft Corporation)
ehrecvr.exe -> %SystemRoot%\eHome\ehRecvr.exe -> [2004/09/28 02:33:52 | 00,195,584 | ---- | M] (Microsoft Corporation)
ehsched.exe -> %SystemRoot%\eHome\ehSched.exe -> [2004/08/10 05:04:42 | 00,102,912 | ---- | M] (Microsoft Corporation)
ehtray.exe -> %SystemRoot%\ehome\ehtray.exe -> [2004/08/10 05:04:42 | 00,059,392 | ---- | M] (Microsoft Corporation)
evteng.exe -> %ProgramFiles%\Intel\Wireless\Bin\EvtEng.exe -> [2004/09/07 17:02:40 | 00,086,016 | ---- | M] (Intel Corporation)
explorer.exe -> %SystemRoot%\Explorer.EXE -> [2008/04/13 20:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation)
ifrmewrk.exe -> %ProgramFiles%\Intel\Wireless\Bin\ifrmewrk.exe -> [2004/10/30 15:59:54 | 00,385,024 | ---- | M] (Intel Corporation)
ipodservice.exe -> %ProgramFiles%\iPod\bin\iPodService.exe -> [2009/03/12 20:56:52 | 00,656,168 | ---- | M] (Apple Inc.)
issch.exe -> %CommonProgramFiles%\InstallShield\UpdateService\issch.exe -> [2004/07/27 17:50:18 | 00,081,920 | ---- | M] (InstallShield Software Corporation)
jqs.exe -> %ProgramFiles%\Java\jre6\bin\jqs.exe -> [2009/03/09 05:19:15 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.)
jusched.exe -> %ProgramFiles%\Java\jre6\bin\jusched.exe -> [2009/03/09 05:19:17 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.)
maxmenumgr.exe -> %ProgramFiles%\Maxtor\OneTouch Status\maxmenumgr.exe -> [2007/07/13 16:01:40 | 00,169,264 | ---- | M] (Maxtor Corporation)
mbackmonitor.exe -> %ProgramFiles%\McAfee\MBK\MBackMonitor.exe -> [2007/01/16 13:59:46 | 00,071,208 | ---- | M] (McAfee)
mcafeedatabackup.exe -> %ProgramFiles%\McAfee\MBK\McAfeeDataBackup.exe -> [2007/01/16 13:59:50 | 04,838,952 | ---- | M] (McAfee)
mcagent.exe -> %ProgramFiles%\McAfee.com\Agent\mcagent.exe -> [2007/11/01 19:12:38 | 00,582,992 | ---- | M] (McAfee, Inc.)
mcmscsvc.exe -> %ProgramFiles%\McAfee\MSC\mcmscsvc.exe -> [2008/01/09 16:50:22 | 00,767,976 | ---- | M] (McAfee, Inc.)
mcnasvc.exe -> %CommonProgramFiles%\McAfee\MNA\McNASvc.exe -> [2008/01/25 01:38:12 | 02,458,128 | ---- | M] (McAfee, Inc.)
mcproxy.exe -> %CommonProgramFiles%\McAfee\McProxy\McProxy.exe -> [2007/08/15 12:36:04 | 00,359,248 | ---- | M] (McAfee, Inc.)
mcshield.exe -> %ProgramFiles%\McAfee\VirusScan\McShield.exe -> [2007/07/24 12:02:14 | 00,144,704 | ---- | M] (McAfee, Inc.)
mdm.exe -> %CommonProgramFiles%\Microsoft Shared\VS7DEBUG\MDM.EXE -> [2003/06/20 00:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation)
mdnsresponder.exe -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> [2008/12/12 12:17:38 | 00,238,888 | ---- | M] (Apple Inc.)
mpfsrv.exe -> %ProgramFiles%\McAfee\MPF\MPFSrv.exe -> [2007/07/18 15:54:42 | 00,856,864 | ---- | M] (McAfee, Inc.)
nicconfigsvc.exe -> %ProgramFiles%\Dell\QuickSet\NICCONFIGSVC.exe -> [2006/06/29 12:12:34 | 00,376,832 | ---- | M] (Dell Inc.)
otscanit2.exe -> %UserProfile%\Desktop\OTScanIt2\OTScanIt2.exe -> [2009/02/19 12:15:40 | 00,489,984 | ---- | M] (OldTimer Tools)
quickset.exe -> %ProgramFiles%\Dell\QuickSet\quickset.exe -> [2006/06/29 12:13:32 | 01,032,192 | ---- | M] (Dell Inc)
realsched.exe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> [2009/04/14 11:48:21 | 00,198,160 | ---- | M] (RealNetworks, Inc.)
regsrvc.exe -> %ProgramFiles%\Intel\Wireless\Bin\RegSrvc.exe -> [2004/09/07 17:02:04 | 00,139,264 | ---- | M] (Intel Corporation)
s24evmon.exe -> %ProgramFiles%\Intel\Wireless\Bin\S24EvMon.exe -> [2004/09/07 17:05:10 | 00,360,521 | ---- | M] (Intel Corporation )
sprtcmd.exe -> %ProgramFiles%\Dell Support Center\bin\sprtcmd.exe -> [2008/08/13 18:32:40 | 00,206,064 | ---- | M] (SupportSoft, Inc.)
sprtsvc.exe -> %ProgramFiles%\Dell Support Center\bin\sprtsvc.exe -> [2008/08/13 18:32:40 | 00,201,968 | ---- | M] (SupportSoft, Inc.)
syncservices.exe -> %ProgramFiles%\Maxtor\Sync\SyncServices.exe -> [2007/07/13 16:02:32 | 00,156,976 | ---- | M] (Seagate Technology LLC)
tfswctrl.exe -> %SystemRoot%\system32\dla\tfswctrl.exe -> [2005/05/31 06:33:00 | 00,122,941 | ---- | M] (Sonic Solutions)
wlkeeper.exe -> %ProgramFiles%\Intel\Wireless\Bin\WLKeeper.exe -> [2004/09/07 17:12:32 | 00,225,353 | ---- | M] (Intel® Corporation)
wltray.exe -> %SystemRoot%\system32\WLTRAY.exe -> [2005/12/19 09:08:42 | 01,347,584 | ---- | M] (Dell Inc.)
wltrysvc.exe -> %SystemRoot%\System32\WLTRYSVC.EXE -> [2005/12/19 09:08:42 | 00,018,944 | ---- | M] ()
wmiprvse.exe -> %SystemRoot%\system32\wbem\wmiprvse.exe -> [2008/04/13 20:12:40 | 00,218,112 | ---- | M] (Microsoft Corporation)
ymsgr_tray.exe -> %ProgramFiles%\Yahoo!\Messenger\ymsgr_tray.exe -> [2009/02/04 17:57:42 | 00,079,088 | ---- | M] (Yahoo! Inc.)
zcfgsvc.exe -> %ProgramFiles%\Intel\Wireless\Bin\ZcfgSvc.exe -> [2004/09/07 17:08:02 | 00,389,120 | ---- | M] (Intel Corporation)
 
[Win32 Services - Safe List]
(Apple Mobile Device) Apple Mobile Device [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> [2009/03/06 00:04:30 | 00,132,424 | ---- | M] (Apple Inc.)
(aspnet_state) ASP.NET State Service [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -> [2008/07/25 12:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation)
(Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Auto | Running] -> %SystemRoot%\system32\Ati2evxx.exe -> [2004/12/04 04:32:34 | 00,405,504 | ---- | M] (ATI Technologies Inc.)
(Bonjour Service) Bonjour Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> [2008/12/12 12:17:38 | 00,238,888 | ---- | M] (Apple Inc.)
(clr_optimization_v2.0.50727_32) .NET Runtime Optimization Service v2.0.50727_X86 [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -> [2008/07/25 12:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation)
(DSBrokerService) DSBrokerService [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\DellSupport\brkrsvc.exe -> [2007/03/07 15:47:46 | 00,076,848 | ---- | M] ()
(ehRecvr) Media Center Receiver Service [Win32_Own | Auto | Running] -> %SystemRoot%\eHome\ehRecvr.exe -> [2004/09/28 02:33:52 | 00,195,584 | ---- | M] (Microsoft Corporation)
(ehSched) Media Center Scheduler Service [Win32_Own | Auto | Running] -> %SystemRoot%\eHome\ehSched.exe -> [2004/08/10 05:04:42 | 00,102,912 | ---- | M] (Microsoft Corporation)
(EvtEng) EvtEng [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Wireless\Bin\EvtEng.exe -> [2004/09/07 17:02:40 | 00,086,016 | ---- | M] (Intel Corporation)
(FontCache3.0.0.0) Windows Presentation Foundation Font Cache 3.0.0.0 [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -> [2008/07/29 22:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation)
(helpsvc) Help and Support [Win32_Shared | Auto | Running] -> %SystemRoot%\PCHealth\HelpCtr\Binaries\pchsvc.dll -> [2008/04/13 20:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation)
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> [2005/04/04 01:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation)
(idsvc) Windows CardSpace [Win32_Shared | Unknown | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -> [2008/07/29 20:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation)
(JavaQuickStarterService) Java Quick Starter [Win32_Own | Auto | Running] -> %ProgramFiles%\Java\jre6\bin\jqs.exe -> [2009/03/09 05:19:15 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.)
(Lavasoft Ad-Aware Service) Lavasoft Ad-Aware Service [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Lavasoft\Ad-Aware\AAWService.exe -> [2009/03/09 15:06:55 | 00,951,632 | ---- | M] (Lavasoft)
(Maxtor Sync Service) Maxtor Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Maxtor\Sync\SyncServices.exe -> [2007/07/13 16:02:32 | 00,156,976 | ---- | M] (Seagate Technology LLC)
(MBackMonitor) MBackMonitor [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee\MBK\MBackMonitor.exe -> [2007/01/16 13:59:46 | 00,071,208 | ---- | M] (McAfee)
(mcmscsvc) McAfee Services [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee\MSC\mcmscsvc.exe -> [2008/01/09 16:50:22 | 00,767,976 | ---- | M] (McAfee, Inc.)
(McNASvc) McAfee Network Agent [Win32_Own | Auto | Running] -> %CommonProgramFiles%\McAfee\MNA\McNASvc.exe -> [2008/01/25 01:38:12 | 02,458,128 | ---- | M] (McAfee, Inc.)
(McODS) McAfee Scanner [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\McAfee\VirusScan\mcods.exe -> [2007/11/07 09:35:40 | 00,378,184 | ---- | M] (McAfee, Inc.)
(McProxy) McAfee Proxy Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\McAfee\McProxy\McProxy.exe -> [2007/08/15 12:36:04 | 00,359,248 | ---- | M] (McAfee, Inc.)
(McShield) McAfee Real-time Scanner [Win32_Own | Unknown | Running] -> %ProgramFiles%\McAfee\VirusScan\McShield.exe -> [2007/07/24 12:02:14 | 00,144,704 | ---- | M] (McAfee, Inc.)
(McSysmon) McAfee SystemGuards [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\McAfee\VirusScan\mcsysmon.exe -> [2007/12/05 10:04:10 | 00,695,624 | ---- | M] (McAfee, Inc.)
(MDM) Machine Debug Manager [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Microsoft Shared\VS7DEBUG\MDM.EXE -> [2003/06/20 00:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation)
(MHN) MHN [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\System32\mhn.dll -> [2004/08/10 05:11:50 | 00,085,504 | ---- | M] (Microsoft Corporation)
(MpfService) McAfee Personal Firewall Service [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee\MPF\MPFSrv.exe -> [2007/07/18 15:54:42 | 00,856,864 | ---- | M] (McAfee, Inc.)
(NetTcpPortSharing) Net.Tcp Port Sharing Service [Win32_Shared | Disabled | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -> [2008/07/29 20:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation)
(NICCONFIGSVC) NICCONFIGSVC [Win32_Own | Auto | Running] -> %ProgramFiles%\Dell\QuickSet\NICCONFIGSVC.exe -> [2006/06/29 12:12:34 | 00,376,832 | ---- | M] (Dell Inc.)
(ose) Office Source Engine [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Microsoft Shared\Source Engine\OSE.EXE -> [2003/07/28 13:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation)
(RegSrvc) RegSrvc [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Wireless\Bin\RegSrvc.exe -> [2004/09/07 17:02:04 | 00,139,264 | ---- | M] (Intel Corporation)
(rpcapd) Remote Packet Capture Protocol v.0 (experimental) [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\WinPcap\rpcapd.exe -> [2007/06/28 20:01:48 | 00,092,792 | ---- | M] (CACE Technologies)
(S24EventMonitor) Spectrum24 Event Monitor [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Wireless\Bin\S24EvMon.exe -> [2004/09/07 17:05:10 | 00,360,521 | ---- | M] (Intel Corporation )
(sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter) [Win32_Own | Auto | Running] -> %ProgramFiles%\Dell Support Center\bin\sprtsvc.exe -> [2008/08/13 18:32:40 | 00,201,968 | ---- | M] (SupportSoft, Inc.)
(UMWdf) Windows User Mode Driver Framework [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\system32\wdfmgr.exe -> [2004/09/15 13:27:54 | 00,038,912 | ---- | M] (Microsoft Corporation)
(usnjsvc) Messenger Sharing Folders USN Journal Reader service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\MSN Messenger\usnsvc.exe -> [2007/01/19 12:54:14 | 00,097,136 | ---- | M] (Microsoft Corporation)
(WLANKEEPER) WLANKEEPER [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Wireless\Bin\WLKeeper.exe -> [2004/09/07 17:12:32 | 00,225,353 | ---- | M] (Intel® Corporation)
(wltrysvc) Dell Wireless WLAN Tray Service [Win32_Own | Auto | Running] -> %SystemRoot%\System32\WLTRYSVC.EXE -> [2005/12/19 09:08:42 | 00,018,944 | ---- | M] ()
(iPod Service) iPod Service [Win32_Own | On_Demand | Running] -> %ProgramFiles%\iPod\bin\iPodService.exe -> [2009/03/12 20:56:52 | 00,656,168 | ---- | M] (Apple Inc.)
 
[Driver Services - Safe List]
(AegisP) AEGIS Protocol (IEEE 802.1x) v3.1.0.1 [Kernel | Auto | Running] -> %SystemRoot%\system32\DRIVERS\AegisP.sys -> [2005/08/11 23:09:45 | 00,017,056 | ---- | M] (Meetinghouse Data Communications)
(AliIde) AliIde [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\DRIVERS\aliide.sys -> [2001/08/17 14:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.)
(amdagp) AMD AGP Bus Filter Driver [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\DRIVERS\amdagp.sys -> [2008/04/13 14:36:39 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.)
(ApfiltrService) Alps Touch Pad Filter Driver for Windows 2000/XP [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\Apfiltr.sys -> [2004/11/16 17:03:52 | 00,108,791 | ---- | M] (Alps Electric Co., Ltd.)
(APPDRV) APPDRV [Kernel | System | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\APPDRV.SYS -> [2005/08/12 17:50:46 | 00,016,128 | ---- | M] (Dell Inc)
(asc) asc [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\DRIVERS\asc.sys -> [2001/08/17 14:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.)
(asc3550) asc3550 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\DRIVERS\asc3550.sys -> [2001/08/17 14:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.)
(ati2mtag) ati2mtag [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\ati2mtag.sys -> [2004/12/04 04:34:26 | 00,800,768 | ---- | M] (ATI Technologies Inc.)
(bcm4sbxp) Broadcom 440x 10/100 Integrated Controller XP Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\bcm4sbxp.sys -> [2004/05/26 15:18:18 | 00,044,928 | ---- | M] (Broadcom Corporation)
(CmdIde) CmdIde [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\DRIVERS\cmdide.sys -> [2001/08/17 14:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.)
(dac2w2k) dac2w2k [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\DRIVERS\dac2w2k.sys -> [2001/08/17 14:52:16 | 00,179,584 | ---- | M] (Mylex Corporation)
(drvmcdb) drvmcdb [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\drvmcdb.sys -> [2005/04/22 04:22:00 | 00,088,352 | ---- | M] (Sonic Solutions)
(drvnddm) drvnddm [File_System | Auto | Running] -> %SystemRoot%\system32\drivers\drvnddm.sys -> [2005/04/21 03:56:00 | 00,040,544 | ---- | M] (Sonic Solutions)
(DSproct) DSproct [Kernel | On_Demand | Running] -> %ProgramFiles%\DellSupport\GTAction\triggers\DSproct.sys -> [2006/10/05 16:07:28 | 00,004,736 | ---- | M] (Gteko Ltd.)
(dsunidrv) DellSupport UniDriver [Kernel | Auto | Running] -> %SystemRoot%\system32\DRIVERS\dsunidrv.sys -> [2007/02/25 12:10:48 | 00,005,376 | --S- | M] (Gteko Ltd.)
(E100B) Intel(R) PRO Adapter Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\DRIVERS\e100b325.sys -> [2001/08/17 13:12:10 | 00,117,760 | ---- | M] (Intel Corporation)
(GEARAspiWDM) GEAR ASPI Filter Driver [Kernel | On_Demand | Running] -> %SystemRoot%\System32\Drivers\GEARAspiWDM.sys -> [2009/01/15 12:19:36 | 00,023,848 | ---- | M] (GEAR Software Inc.)
(gmer) gmer [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\DRIVERS\gmer.sys -> [2009/03/04 19:28:24 | 00,085,969 | ---- | M] (GMER)
(HSFHWICH) HSFHWICH [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\HSFHWICH.sys -> [2005/05/03 15:08:50 | 00,208,384 | ---- | M] (Conexant Systems, Inc.)
(HSF_DP) HSF_DP [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\DRIVERS\HSF_DP.sys -> [2004/06/17 21:55:04 | 01,041,536 | ---- | M] (Conexant Systems, Inc.)
(HSF_DPV) HSF_DPV [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\HSF_DPV.SYS -> [2005/05/03 15:09:28 | 01,033,728 | ---- | M] (Conexant Systems, Inc.)
(IWCA) Intel Wireless Connection Agent Miniport for Win XP [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\iwca.sys -> [2004/08/12 09:44:04 | 00,234,496 | ---- | M] (Intel Corporation)
(Lbd) Lbd [File_System | Boot | Running] -> %SystemRoot%\system32\DRIVERS\Lbd.sys -> [2009/03/09 15:06:56 | 00,064,160 | ---- | M] (Lavasoft AB)
(mdmxsdk) mdmxsdk [Kernel | Auto | Running] -> %SystemRoot%\system32\DRIVERS\mdmxsdk.sys -> [2004/03/17 12:04:14 | 00,013,059 | ---- | M] (Conexant)
(mfeavfk) McAfee Inc. mfeavfk [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\mfeavfk.sys -> [2007/11/22 06:44:08 | 00,079,304 | ---- | M] (McAfee, Inc.)
(mfebopk) McAfee Inc. mfebopk [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\mfebopk.sys -> [2007/11/22 06:44:08 | 00,035,240 | ---- | M] (McAfee, Inc.)
(mfehidk) McAfee Inc. mfehidk [Kernel | System | Running] -> %SystemRoot%\system32\drivers\mfehidk.sys -> [2007/11/22 06:44:08 | 00,201,320 | ---- | M] (McAfee, Inc.)
(mferkdk) McAfee Inc. mferkdk [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\mferkdk.sys -> [2007/11/22 06:44:04 | 00,033,832 | ---- | M] (McAfee, Inc.)
(mfesmfk) McAfee Inc. mfesmfk [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\mfesmfk.sys -> [2007/12/02 12:51:42 | 00,040,488 | ---- | M] (McAfee, Inc.)
(MPFP) MPFP [Kernel | System | Running] -> %SystemRoot%\System32\Drivers\Mpfp.sys -> [2007/07/13 06:20:24 | 00,113,952 | ---- | M] (McAfee, Inc.)
(mraid35x) mraid35x [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\DRIVERS\mraid35x.sys -> [2001/08/17 14:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.)
(MXOPSWD) Maxtor OneTouch Security Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\mxopswd.sys -> [2007/05/03 14:37:08 | 00,022,152 | ---- | M] (Maxtor Corp.)
(nm) Network Monitor Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\DRIVERS\NMnt.sys -> [2008/04/13 14:53:09 | 00,040,320 | ---- | M] (Microsoft Corporation)
(NPF) NetGroup Packet Filter Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\npf.sys -> [2007/06/28 20:01:48 | 00,042,512 | ---- | M] (CACE Technologies)
(nv) nv [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\DRIVERS\nv4_mini.sys -> [2004/08/03 23:29:56 | 01,897,408 | ---- | M] (NVIDIA Corporation)
(omci) OMCI WDM Device Driver [Kernel | System | Running] -> %SystemRoot%\system32\DRIVERS\omci.sys -> [2004/02/13 17:46:00 | 00,017,153 | ---- | M] (Dell Inc)
(pavboot) pavboot [File_System | Boot | Running] -> %SystemRoot%\system32\drivers\pavboot.sys -> [2008/06/19 16:24:30 | 00,028,544 | ---- | M] (Panda Security, S.L.)
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\ptilink.sys -> [2004/08/10 06:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.)
(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %SystemRoot%\System32\Drivers\PxHelp20.sys -> [2007/08/15 18:33:10 | 00,043,528 | ---- | M] (Sonic Solutions)
(ql1080) ql1080 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\DRIVERS\ql1080.sys -> [2001/08/17 14:52:20 | 00,040,320 | ---- | M] (QLogic Corporation)
(ql12160) ql12160 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\DRIVERS\ql12160.sys -> [2001/08/17 14:52:20 | 00,045,312 | ---- | M] (QLogic Corporation)
(ql1280) ql1280 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\DRIVERS\ql1280.sys -> [2001/08/17 14:52:18 | 00,049,024 | ---- | M] (QLogic Corporation)
(s24trans) WLAN Transport [Kernel | Auto | Running] -> %SystemRoot%\system32\DRIVERS\s24trans.sys -> [2004/08/31 09:53:04 | 00,011,354 | ---- | M] (Intel Corporation)
(SASDIFSV) SASDIFSV [Kernel | System | Running] -> %ProgramFiles%\S_A_S\SASDIFSV.SYS -> [2009/02/17 11:43:28 | 00,008,944 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
(SASENUM) SASENUM [Kernel | On_Demand | Running] -> %ProgramFiles%\S_A_S\SASENUM.SYS -> [2009/02/17 11:43:30 | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
(SASKUTIL) SASKUTIL [Kernel | System | Running] -> %ProgramFiles%\S_A_S\SASKUTIL.sys -> [2009/02/17 11:43:28 | 00,055,024 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
(Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\DRIVERS\secdrv.sys -> [2007/11/13 06:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
(sisagp) SIS AGP Bus Filter [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\DRIVERS\sisagp.sys -> [2008/04/13 14:36:39 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation)
(Sparrow) Sparrow [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\DRIVERS\sparrow.sys -> [2001/08/17 15:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.)
(sscdbhk5) sscdbhk5 [File_System | System | Running] -> %SystemRoot%\system32\drivers\sscdbhk5.sys -> [2005/05/13 11:37:28 | 00,005,627 | ---- | M] (Sonic Solutions)
(ssrtln) ssrtln [File_System | System | Running] -> %SystemRoot%\system32\drivers\ssrtln.sys -> [2005/05/13 11:37:20 | 00,023,545 | ---- | M] (Sonic Solutions)
(STAC97) SigmaTel C-Major Audio [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\STAC97.sys -> [2005/03/10 23:56:06 | 00,273,168 | ---- | M] (SigmaTel, Inc.)
(symc810) symc810 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\DRIVERS\symc810.sys -> [2001/08/17 15:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.)
(symc8xx) symc8xx [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\DRIVERS\symc8xx.sys -> [2001/08/17 15:07:36 | 00,032,640 | ---- | M] (LSI Logic)
(sym_hi) sym_hi [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\DRIVERS\sym_hi.sys -> [2001/08/17 15:07:40 | 00,028,384 | ---- | M] (LSI Logic)
(sym_u3) sym_u3 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\DRIVERS\sym_u3.sys -> [2001/08/17 15:07:42 | 00,030,688 | ---- | M] (LSI Logic)
(tfsnboio) tfsnboio [File_System | Auto | Running] -> %SystemRoot%\system32\dla\tfsnboio.sys -> [2005/05/31 06:33:00 | 00,025,725 | ---- | M] (Sonic Solutions)
(tfsncofs) tfsncofs [File_System | Auto | Running] -> %SystemRoot%\system32\dla\tfsncofs.sys -> [2005/05/31 06:33:00 | 00,034,845 | ---- | M] (Sonic Solutions)
(tfsndrct) tfsndrct [File_System | Auto | Running] -> %SystemRoot%\system32\dla\tfsndrct.sys -> [2005/05/31 06:33:00 | 00,004,125 | ---- | M] (Sonic Solutions)
(tfsndres) tfsndres [File_System | Auto | Running] -> %SystemRoot%\system32\dla\tfsndres.sys -> [2005/05/31 06:33:00 | 00,002,241 | ---- | M] (Sonic Solutions)
(tfsnifs) tfsnifs [File_System | Auto | Running] -> %SystemRoot%\system32\dla\tfsnifs.sys -> [2005/05/31 06:33:00 | 00,086,876 | ---- | M] (Sonic Solutions)
(tfsnopio) tfsnopio [File_System | Auto | Running] -> %SystemRoot%\system32\dla\tfsnopio.sys -> [2005/05/31 06:33:00 | 00,015,069 | ---- | M] (Sonic Solutions)
(tfsnpool) tfsnpool [File_System | Auto | Running] -> %SystemRoot%\system32\dla\tfsnpool.sys -> [2005/05/31 06:33:00 | 00,006,365 | ---- | M] (Sonic Solutions)
(tfsnudf) tfsnudf [File_System | Auto | Running] -> %SystemRoot%\system32\dla\tfsnudf.sys -> [2005/05/31 06:33:00 | 00,098,716 | ---- | M] (Sonic Solutions)
(tfsnudfa) tfsnudfa [File_System | Auto | Running] -> %SystemRoot%\system32\dla\tfsnudfa.sys -> [2005/05/31 06:33:00 | 00,100,605 | ---- | M] (Sonic Solutions)
(ultra) ultra [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\DRIVERS\ultra.sys -> [2001/08/17 14:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.)
(w29n51) Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows XP [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\w29n51.sys -> [2004/10/21 21:56:04 | 03,210,496 | ---- | M] (Intel® Corporation)
(winachsf) winachsf [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\HSF_CNXT.sys -> [2005/05/03 15:08:44 | 00,705,408 | ---- | M] (Conexant Systems, Inc.)
 
[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://www.google.com -> 
HKEY_LOCAL_MACHINE\: Main\\"Default_Search_URL" -> http://www.google.com -> 
HKEY_LOCAL_MACHINE\: Main\\"Default_Secondary_Page_URL" -> Reg Error: Invalid data type. -> 
HKEY_LOCAL_MACHINE\: Main\\"Extensions Off Page" -> about:NoAdd-ons -> 
HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> %SystemRoot%\system32\blank.htm -> 
HKEY_LOCAL_MACHINE\: Main\\"Search Page" -> http://www.google.com -> 
HKEY_LOCAL_MACHINE\: Main\\"Security Risk Page" -> about:SecurityRisk -> 
HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://www.google.com -> 
HKEY_LOCAL_MACHINE\: Main\\"Update_Check_Page" -> http://www.microsoft.com/isapi/redir.dll?Prd=ie&Pver=5.0&Ar=ie5update -> 
HKEY_LOCAL_MACHINE\: Search\\"CustomizeSearch" -> http://www.google.com -> 
HKEY_LOCAL_MACHINE\: Search\\"SearchAssistant" -> http://www.google.com -> 
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 
HKEY_CURRENT_USER\: Main\\"Local Page" -> C:\WINDOWS\system32\blank.htm -> 
HKEY_CURRENT_USER\: Main\\"Page_Transitions" -> Reg Error: Invalid data type. -> 
HKEY_CURRENT_USER\: Main\\"Search Page" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_CURRENT_USER\: Main\\"SearchMigratedDefaultName" -> Google -> 
HKEY_CURRENT_USER\: Main\\"SearchMigratedDefaultURL" -> http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 -> 
HKEY_CURRENT_USER\: Main\\"Start Page" -> http://www.google.com -> 
HKEY_CURRENT_USER\: "ProxyEnable" -> 0 -> 
HKEY_CURRENT_USER\: "ProxyOverride" -> *.local -> 
< FireFox Settings [Default Profile] > -> C:\Documents and Settings\owner\Application Data\Mozilla\FireFox\Profiles\wktw0cxn.default\prefs.js -> 
browser.search.selectedEngine -> "Google" ->
browser.startup.homepage -> "http://www.google.com" ->
browser.startup.homepage_override.mstone -> "rv:1.9.0.5" ->
extensions.enabledItems -> {62b958b4-9962-4fc2-9983-01a9a42d6f2d}:0.4.1 ->
extensions.enabledItems -> digger@clav.mozdev.org:3.0 ->
extensions.enabledItems -> {D9808C4D-1CF5-4f67-8DB2-12CF78BBA23F}:2.5.8 ->
extensions.enabledItems -> {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.0.4 ->
extensions.enabledItems -> {1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}:0.3.1 ->
extensions.enabledItems -> {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11 ->
extensions.enabledItems -> jqs@sun.com:1.0 ->
extensions.enabledItems -> launchy@gemal.dk:4.2.1 ->
extensions.enabledItems -> linky@gemal.dk:2.7.1 ->
extensions.enabledItems -> {84b24861-62f6-364b-eba5-2e5e2061d7e6}:0.9.1 ->
extensions.enabledItems -> {2485990f-d3b0-4e57-bd0f-5abdffa70773}:1.4.8 ->
extensions.enabledItems -> refspoof@mozdev.org:0.9.5 ->
extensions.enabledItems -> {6cffc2d6-aea4-4032-b8c6-d211fe6ded4e}:0.6.5 ->
extensions.enabledItems -> {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.5 ->
< HOSTS File > (31 bytes and 3 lines) -> C:\WINDOWS\System32\drivers\etc\Hosts -> 
127.0.0.1	   localhost
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} [HKLM] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [Adobe PDF Link Helper] -> [2009/02/27 12:07:26 | 00,075,128 | ---- | M] (Adobe Systems Incorporated)
{3049C3E9-B461-4BC5-8870-4C09146192CA} [HKLM] -> %ProgramFiles%\Real\RealPlayer\rpbrowserrecordplugin.dll [RealPlayer Download and Record Plugin for Internet Explorer] -> [2009/04/14 11:49:14 | 00,312,928 | ---- | M] (RealPlayer)
{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> [2008/09/15 15:25:44 | 01,562,960 | RHS- | M] (Safer Networking Limited)
{C90DBB52-46E0-4E65-92BC-799ADEE54C86} [HKLM] -> %ProgramFiles%\Flash2X\Flash Player\FlashPlayer.dll [] -> [2008/09/22 21:28:18 | 00,482,304 | ---- | M] ()
{DBC80044-A445-435b-BC74-9C25C1C588A9} [HKLM] -> %ProgramFiles%\Java\jre6\bin\jp2ssv.dll [Java(tm) Plug-In 2 SSV Helper] -> [2009/03/09 05:18:50 | 00,035,840 | ---- | M] (Sun Microsystems, Inc.)
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} [HKLM] -> %ProgramFiles%\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [JQSIEStartDetectorImpl Class] -> [2009/03/09 05:18:52 | 00,073,728 | ---- | M] (Sun Microsystems, Inc.)
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> 
WebBrowser\\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"Adobe Reader Speed Launcher" -> %ProgramFiles%\Adobe\Reader 9.0\Reader\Reader_sl.exe ["C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"] -> [2009/02/27 17:10:28 | 00,035,696 | ---- | M] (Adobe Systems Incorporated)
"Ad-Watch" -> %ProgramFiles%\Lavasoft\Ad-Aware\AAWTray.exe [C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe] -> [2009/03/09 15:06:55 | 00,515,416 | ---- | M] (Lavasoft)
"Apoint" -> %ProgramFiles%\Apoint\Apoint.exe [C:\Program Files\Apoint\Apoint.exe] -> [2004/09/13 17:33:20 | 00,155,648 | ---- | M] (Alps Electric Co., Ltd.)
"ATIPTA" -> %ProgramFiles%\ATI Technologies\ATI Control Panel\atiptaxx.exe [C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe] -> [2004/12/03 22:00:00 | 00,344,064 | ---- | M] (ATI Technologies, Inc.)
"BJCFD" -> %ProgramFiles%\BroadJump\Client Foundation\CFD.exe [C:\Program Files\BroadJump\Client Foundation\CFD.exe] -> [2001/12/17 11:18:06 | 00,483,394 | ---- | M] (BroadJump, Inc.)
"Broadcom Wireless Manager UI" -> %SystemRoot%\system32\WLTRAY.exe [C:\WINDOWS\system32\WLTRAY.exe] -> [2005/12/19 09:08:42 | 01,347,584 | ---- | M] (Dell Inc.)
"Dell QuickSet" -> %ProgramFiles%\Dell\QuickSet\quickset.exe [C:\Program Files\Dell\QuickSet\quickset.exe] -> [2006/06/29 12:13:32 | 01,032,192 | ---- | M] (Dell Inc)
"DellSupportCenter" -> %ProgramFiles%\Dell Support Center\bin\sprtcmd.exe ["C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter] -> [2008/08/13 18:32:40 | 00,206,064 | ---- | M] (SupportSoft, Inc.)
"dla" -> %SystemRoot%\system32\dla\tfswctrl.exe [C:\WINDOWS\system32\dla\tfswctrl.exe] -> [2005/05/31 06:33:00 | 00,122,941 | ---- | M] (Sonic Solutions)
"dscactivate" -> %ProgramFiles%\Dell Support Center\gs_agent\custom\dsca.exe ["C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"] -> [2007/10/09 18:57:14 | 00,016,384 | ---- | M] ( )
"DVDLauncher" -> %ProgramFiles%\CyberLink\PowerDVD\DVDLauncher.exe ["C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"] -> [2005/02/23 17:19:56 | 00,053,248 | ---- | M] (CyberLink Corp.)
"ehTray" -> %SystemRoot%\ehome\ehtray.exe [C:\WINDOWS\ehome\ehtray.exe] -> [2004/08/10 05:04:42 | 00,059,392 | ---- | M] (Microsoft Corporation)
"IntelWireless" -> %ProgramFiles%\Intel\Wireless\Bin\ifrmewrk.exe [C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless] -> [2004/10/30 15:59:54 | 00,385,024 | ---- | M] (Intel Corporation)
"ISUSPM Startup" -> %CommonProgramFiles%\InstallShield\UpdateService\ISUSPM.exe [C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup] -> [2004/07/27 17:50:42 | 00,221,184 | ---- | M] (InstallShield Software Corporation)
"ISUSScheduler" -> %CommonProgramFiles%\InstallShield\UpdateService\issch.exe ["C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start] -> [2004/07/27 17:50:18 | 00,081,920 | ---- | M] (InstallShield Software Corporation)
"iTunesHelper" -> %ProgramFiles%\iTunes\iTunesHelper.exe ["C:\Program Files\iTunes\iTunesHelper.exe"] -> [2009/03/12 20:56:58 | 00,342,312 | ---- | M] (Apple Inc.)
"MBkLogOnHook" -> %ProgramFiles%\McAfee\MBK\LogOnHook.exe [C:\Program Files\McAfee\MBK\LogOnHook.exe] -> [2007/01/08 11:22:46 | 00,020,480 | ---- | M] (McAfee)
"McAfee Backup" -> %ProgramFiles%\McAfee\MBK\McAfeeDataBackup.exe [C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe] -> [2007/01/16 13:59:50 | 04,838,952 | ---- | M] (McAfee)
"mcagent_exe" -> %ProgramFiles%\McAfee.com\Agent\mcagent.exe [C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey] -> [2007/11/01 19:12:38 | 00,582,992 | ---- | M] (McAfee, Inc.)
"mxomssmenu" -> %ProgramFiles%\Maxtor\OneTouch Status\maxmenumgr.exe ["C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"] -> [2007/07/13 16:01:40 | 00,169,264 | ---- | M] (Maxtor Corporation)
"QuickTime Task" -> %ProgramFiles%\QuickTime\QTTask.exe ["C:\Program Files\QuickTime\QTTask.exe" -atboottime] -> [2009/01/05 16:18:48 | 00,413,696 | ---- | M] (Apple Inc.)
"SunJavaUpdateSched" -> %ProgramFiles%\Java\jre6\bin\jusched.exe ["C:\Program Files\Java\jre6\bin\jusched.exe"] -> [2009/03/09 05:19:17 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.)
"TkBellExe" -> %CommonProgramFiles%\Real\Update_OB\realsched.exe ["C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot] -> [2009/04/14 11:48:21 | 00,198,160 | ---- | M] (RealNetworks, Inc.)
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"DellSupport" ->  ["C:\Program Files\DellSupport\DSAgnt.exe" /startup] -> File not found
"DellSupport-" ->  ["C:\Program Files\DellSupport\DSAgnt.exe" /startup] -> File not found
"DellSupportCenter" -> %ProgramFiles%\Dell Support Center\bin\sprtcmd.exe ["C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter] -> [2008/08/13 18:32:40 | 00,206,064 | ---- | M] (SupportSoft, Inc.)
"Messenger (Yahoo!)" -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe ["C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet] -> [2009/02/04 17:57:42 | 04,363,504 | ---- | M] (Yahoo! Inc.)
"updateMgr" -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe ["C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1] -> File not found
< RunOnce [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce -> 
"RealUpgradeHelper" -> %CommonProgramFiles%\Real\Update_OB\upgrdhlp.exe ["C:\Program Files\Common Files\Real\Update_OB\upgrdhlp.exe" "RealNetworks|RealPlayer|6.0"] -> [2009/04/14 11:48:19 | 00,136,744 | ---- | M] (RealNetworks, Inc.)
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> 
%AllUsersProfile%\Start Menu\Programs\Startup\Digital Line Detect.lnk -> %ProgramFiles%\Digital Line Detect\DLG.exe -> [2003/10/29 04:06:00 | 00,024,576 | ---- | M] (BVRP Software)
%AllUsersProfile%\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk -> %CommonProgramFiles%\Intuit\QuickBooks\QBUpdate\qbupdate.exe -> [2004/11/11 12:59:36 | 00,806,912 | ---- | M] (Intuit, Inc.)
< owner Startup Folder > -> C:\Documents and Settings\owner\Start Menu\Programs\Startup -> 
< Software Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer -> 
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDrives" ->  [0] -> File not found
\\"NoDriveAutoRun" ->  [67108863] -> File not found
\\"NoDriveTypeAutoRun" ->  [323] -> File not found
\\"HonorAutoRunSetting" ->  [1] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
\\"dontdisplaylastusername" ->  [0] -> File not found
\\"legalnoticecaption" ->  [] -> File not found
\\"legalnoticetext" ->  [] -> File not found
\\"shutdownwithoutlogon" ->  [1] -> File not found
\\"undockwithoutlogon" ->  [1] -> File not found
\\"InstallVisualStyle" -> %SystemRoot%\Resources\Themes\Royale\Royale.mss [C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles] -> File not found
\\"InstallTheme" -> %SystemRoot%\Resources\Themes\Royale.the [C:\WINDOWS\Resources\Themes\Royale.theme] -> File not found
\\"DisableRegistryTools" ->  [0] -> File not found
< CurrentVersion Policy Settings - Explorer [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [323] -> File not found
\\"ForceClassicControlPanel" ->  [1] -> File not found
\\"NoDrives" ->  [0] -> File not found
\\"NoDriveAutoRun" ->  [67108863] -> File not found
< CurrentVersion Policy Settings - System [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
\\"DisableTaskMgr" ->  [0] -> File not found
\\"DisableRegistryTools" ->  [0] -> File not found
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> 
&Yahoo! Search -> %ProgramFiles%\Yahoo!\Common [file:///C:\Program Files\Yahoo!\Common/ycsrch.htm] -> [2005/10/20 18:06:25 | 00,000,000 | ---D | M]
Download All by FlashGet -> %UserProfile%\My Documents\AD\FlashGet\jc_all.htm [C:\Documents and Settings\owner\My Documents\AD\FlashGet\jc_all.htm] -> [2000/02/06 12:06:06 | 00,000,575 | ---- | M] ()
Download using FlashGet -> %UserProfile%\My Documents\AD\FlashGet\jc_link.htm [C:\Documents and Settings\owner\My Documents\AD\FlashGet\jc_link.htm] -> [2000/02/06 12:06:34 | 00,001,898 | ---- | M] ()
E&xport to Microsoft Excel -> %ProgramFiles%\Microsoft Office\OFFICE11\EXCEL.EXE [res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000] -> [2008/10/13 12:29:28 | 10,351,944 | ---- | M] (Microsoft Corporation)
Yahoo! &Dictionary -> %ProgramFiles%\Yahoo!\Common [file:///C:\Program Files\Yahoo!\Common/ycdict.htm] -> [2005/10/20 18:06:25 | 00,000,000 | ---D | M]
Yahoo! &Maps -> %ProgramFiles%\Yahoo!\Common [file:///C:\Program Files\Yahoo!\Common/ycmap.htm] -> [2005/10/20 18:06:25 | 00,000,000 | ---D | M]
Yahoo! &SMS -> %ProgramFiles%\Yahoo!\Common [file:///C:\Program Files\Yahoo!\Common/ycsms.htm] -> [2005/10/20 18:06:25 | 00,000,000 | ---D | M]
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}:{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKLM] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Button: Yahoo! Services] -> [2005/05/26 11:38:44 | 00,181,352 | ---- | M] (Yahoo!)
{85d1f590-48f4-11d9-9669-0800200c9a66}:Exec [HKLM] -> %SystemRoot%\bdoscandel.exe [Menu: Uninstall BitDefender Online Scanner v8] -> [2008/01/09 15:01:48 | 00,053,248 | ---- | M] ()
{92780B25-18CC-41C8-B9BE-3C9C571A8263}:{FF059E31-CC5A-4E2E-BF3B-96E929D65503} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Button: Research] -> [2007/04/19 15:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation)
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Menu: Spybot - Search & Destroy Configuration] -> [2008/09/15 15:25:44 | 01,562,960 | RHS- | M] (Safer Networking Limited)
{e2e2dd38-d088-4134-82b7-f2ba38496583}:Exec [HKLM] -> %SystemRoot%\Network Diagnostic\xpnetdiag.exe [Menu: @xpsp3res.dll,-20001] -> [2008/04/13 14:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Button: Messenger] -> [2008/04/13 20:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Menu: Windows Messenger] -> [2008/04/13 20:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> 
{28AF5171-19DD-41CA-B714-FA611DC5FD08}\\"ButtonText" [HKLM] ->  [Reg Error: Key error.] -> File not found
{28AF5171-19DD-41CA-B714-FA611DC5FD08}\\"CLSID" [HKLM] ->  [{0000031A-0000-0000-C000-000000000046}] -> File not found
{28AF5171-19DD-41CA-B714-FA611DC5FD08}\\"Default Visible" [HKLM] ->  [Reg Error: Key error.] -> File not found
{28AF5171-19DD-41CA-B714-FA611DC5FD08}\\"Exec" [HKLM] ->  [Reg Error: Key error.] -> File not found
{28AF5171-19DD-41CA-B714-FA611DC5FD08}\\"HotIcon" [HKLM] ->  [Reg Error: Key error.] -> File not found
{28AF5171-19DD-41CA-B714-FA611DC5FD08}\\"Icon" [HKLM] ->  [Reg Error: Key error.] -> File not found
{FCF05CCD-CBFB-4EA2-B68D-7FDB8DA5BC43}\\"ButtonText" [HKLM] ->  [Reg Error: Key error.] -> File not found
{FCF05CCD-CBFB-4EA2-B68D-7FDB8DA5BC43}\\"CLSID" [HKLM] ->  [{0000031A-0000-0000-C000-000000000046}] -> File not found
{FCF05CCD-CBFB-4EA2-B68D-7FDB8DA5BC43}\\"Default Visible" [HKLM] ->  [Reg Error: Key error.] -> File not found
{FCF05CCD-CBFB-4EA2-B68D-7FDB8DA5BC43}\\"Exec" [HKLM] ->  [Reg Error: Key error.] -> File not found
{FCF05CCD-CBFB-4EA2-B68D-7FDB8DA5BC43}\\"HotIcon" [HKLM] ->  [Reg Error: Key error.] -> File not found
{FCF05CCD-CBFB-4EA2-B68D-7FDB8DA5BC43}\\"Icon" [HKLM] ->  [Reg Error: Key error.] -> File not found
{FE75A239-4EB9-47C5-AF22-A25EC64BF505}\\"ButtonText" [HKLM] ->  [Reg Error: Key error.] -> File not found
{FE75A239-4EB9-47C5-AF22-A25EC64BF505}\\"CLSID" [HKLM] ->  [{0000031A-0000-0000-C000-000000000046}] -> File not found
{FE75A239-4EB9-47C5-AF22-A25EC64BF505}\\"Default Visible" [HKLM] ->  [Reg Error: Key error.] -> File not found
{FE75A239-4EB9-47C5-AF22-A25EC64BF505}\\"Exec" [HKLM] ->  [Reg Error: Key error.] -> File not found
{FE75A239-4EB9-47C5-AF22-A25EC64BF505}\\"HotIcon" [HKLM] ->  [Reg Error: Key error.] -> File not found
{FE75A239-4EB9-47C5-AF22-A25EC64BF505}\\"Icon" [HKLM] ->  [Reg Error: Key error.] -> File not found
CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] ->  [Reg Error: Value error.] -> File not found
CmdMapping\\"{28AF5171-19DD-41CA-B714-FA611DC5FD08}" [HKLM] ->  [Reg Error: Key error.] -> File not found
CmdMapping\\"{39FD89BF-D3F1-45b6-BB56-3582CCF489E1}" [HKLM] ->  [Reg Error: Key error.] -> File not found
CmdMapping\\"{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}" [HKLM] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [UberButton Class] -> [2005/05/26 11:38:44 | 00,181,352 | ---- | M] (Yahoo!)
CmdMapping\\"{92780B25-18CC-41C8-B9BE-3C9C571A8263}" [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2007/04/19 15:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation)
CmdMapping\\"{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}" [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> [2008/09/15 15:25:44 | 01,562,960 | RHS- | M] (Safer Networking Limited)
CmdMapping\\"{e2e2dd38-d088-4134-82b7-f2ba38496583}" [HKLM] -> %SystemRoot%\Network Diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 14:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 20:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
CmdMapping\\"{FCF05CCD-CBFB-4EA2-B68D-7FDB8DA5BC43}" [HKLM] ->  [Reg Error: Key error.] -> File not found
CmdMapping\\"{FE75A239-4EB9-47C5-AF22-A25EC64BF505}" [HKLM] ->  [Reg Error: Key error.] -> File not found
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> 
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 5215 domain(s) found. -> 
50 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. -> 
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4818 domain(s) found. -> 
turbotax.com .[https] -> Trusted sites -> 
25 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{01A88BB1-1174-41EC-ACCB-963509EAE56B} [HKLM] -> http://support.dell.com/systemprofiler/SysPro.CAB [SysProWmi Class] -> 
{11260943-421B-11D0-8EAC-0000C07D88CF} [HKLM] -> http://www.ipix.com/download/ipixx.cab [iPIX ActiveX Control] -> 
{166B1BCA-3F9C-11CF-8075-444553540000} [HKLM] -> http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab [Shockwave ActiveX Control] -> 
{17492023-C23A-453E-A040-C7C580BBF700} [HKLM] -> http://download.microsoft.com/download/3/9/8/398422c0-8d3e-40e1-a617-af65a72a0465/LegitCheckControl.cab [Windows Genuine Advantage Validation Tool] -> 
{215B8138-A3CF-44C5-803F-8226143CFC0A} [HKLM] -> http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab [Trend Micro ActiveX Scan Agent 6.6] -> 
{233C1507-6A77-46A4-9443-F871F945D258} [HKLM] -> http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab [Shockwave ActiveX Control] -> 
{2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} [HKLM] -> http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab [ActiveScan 2.0 Installer Class] -> 
{31435657-9980-0010-8000-00AA00389B71} [HKLM] -> http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab [Reg Error: Key error.] -> 
{3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} [HKLM] -> http://dl.tvunetworks.com/TVUAx.cab [CTVUAxCtrl Object] -> 
{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} [HKLM] -> http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,90/mcinsctl.cab [Reg Error: Key error.] -> 
{56762DEC-6B0D-4AB4-A8AD-989993B5D08B} [HKLM] -> http://www.eset.eu/OnlineScanner.cab [OnlineScanner Control] -> 
{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} [HKLM] -> http://download.bitdefender.com/resources/scan8/oscan8.cab [BDSCANONLINE Control] -> 
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} [HKLM] -> http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1196447399734 [MUWebControl Class] -> 
{7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} [HKLM] -> http://chill.comcast.net/gameshell/online/en/chainz2/mjolauncher.cab [MJLauncherCtrl Class] -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab [Java Plug-in 1.6.0_13] -> 
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [HKLM] -> http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab [Reg Error: Key error.] -> 
{BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} [HKLM] -> http://ax.emsisoft.com/asquared.cab [a-squared Scanner] -> 
{BCC0FF27-31D9-4614-A68E-C18E1ADA4389} [HKLM] -> http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,23/mcgdmgr.cab [Reg Error: Key error.] -> 
{BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} [HKLM] -> http://support.f-secure.com/ols/fscax.cab [F-Secure Online Scanner 3.3] -> 
{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab [Java Plug-in 1.6.0_13] -> 
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab [Java Plug-in 1.6.0_13] -> 
{D0C0F75C-683A-4390-A791-1ACFD5599AB8} [HKLM] -> http://playgames.comcast.net/Gameshell/GameHost/1.0/OberonGameHost.cab [Oberon Flash Game Host] -> 
{D27CDB6E-AE6D-11CF-96B8-444553540000} [HKLM] -> http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab [Shockwave Flash Object] -> 
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{5649B83D-1FCA-4498-80A8-EB1E69806D6E} ->	(Intel(R) PRO/Wireless 2200BG Network Connection) -> 
{77E6BAE9-7857-451B-B0A3-1169C95587B3} ->	(1394 Net Adapter) -> 
{F9280D23-FA95-495E-B97B-84899CF850EA} ->	(Broadcom 440x 10/100 Integrated Controller) -> 
IE Styles -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Styles
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
Explorer.exe -> %SystemRoot%\Explorer.exe -> [2008/04/13 20:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 
!SASWinLogon -> %ProgramFiles%\SUPERAntiSpyware\SASWINLO.dll -> File not found
AtiExtEvent -> %SystemRoot%\system32\Ati2evxx.dll -> [2004/12/04 04:32:40 | 00,090,112 | ---- | M] (ATI Technologies Inc.)
IntelWireless -> %ProgramFiles%\Intel\Wireless\Bin\LgNotify.dll -> [2004/09/07 17:08:06 | 00,110,592 | ---- | M] (Intel Corporation)
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> 
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}" [HKLM] -> %ProgramFiles%\SUPERAntiSpyware\SASSEH.DLL [] -> File not found
< Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List -> 
"%windir%\Network Diagnostic\xpnetdiag.exe" -> C:\WINDOWS\Network Diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> [2008/04/13 14:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> [2008/04/13 20:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation)
"C:\Program Files\America Online 9.0\waol.exe" -> C:\Program Files\America Online 9.0\waol.exe [C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL] -> File not found
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" -> C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe [C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL] -> File not found
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" -> C:\Program Files\Common Files\AOL\ACS\AOLDial.exe [C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL] -> File not found
"C:\Program Files\MSN Messenger\livecall.exe" -> C:\Program Files\MSN Messenger\livecall.exe [C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)] -> [2007/01/04 16:10:02 | 00,297,752 | ---- | M] (Microsoft Corporation)
"C:\Program Files\MSN Messenger\msnmsgr.exe" -> C:\Program Files\MSN Messenger\msnmsgr.exe [C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1] -> [2007/01/19 12:54:56 | 05,674,352 | ---- | M] (Microsoft Corporation)
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List -> 
"%windir%\Network Diagnostic\xpnetdiag.exe" -> C:\WINDOWS\Network Diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> [2008/04/13 14:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> [2008/04/13 20:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Bonjour\mDNSResponder.exe" -> C:\Program Files\Bonjour\mDNSResponder.exe [C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour] -> [2008/12/12 12:17:38 | 00,238,888 | ---- | M] (Apple Inc.)
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" -> C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe [C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent] -> [2008/01/25 01:38:12 | 02,458,128 | ---- | M] (McAfee, Inc.)
"C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe" -> C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe [C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe:*:Enabled:ifrmewrk] -> [2004/10/30 15:59:54 | 00,385,024 | ---- | M] (Intel Corporation)
"C:\Program Files\iTunes\iTunes.exe" -> C:\Program Files\iTunes\iTunes.exe [C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes] -> [2009/03/12 20:56:54 | 13,498,664 | ---- | M] (Apple Inc.)
"C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe" -> C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe [C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe:*:Enabled:McAfee Data Backup] -> [2007/01/16 13:59:50 | 04,838,952 | ---- | M] (McAfee)
"C:\Program Files\Messenger\msmsgs.exe" -> C:\Program Files\Messenger\msmsgs.exe [C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger] -> [2008/04/13 20:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
"C:\Program Files\MSN Messenger\livecall.exe" -> C:\Program Files\MSN Messenger\livecall.exe [C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)] -> [2007/01/04 16:10:02 | 00,297,752 | ---- | M] (Microsoft Corporation)
"C:\Program Files\MSN Messenger\msnmsgr.exe" -> C:\Program Files\MSN Messenger\msnmsgr.exe [C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1] -> [2007/01/19 12:54:56 | 05,674,352 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Support.com\bin\tgcmd.exe" -> C:\Program Files\Support.com\bin\tgcmd.exe [C:\Program Files\Support.com\bin\tgcmd.exe:*:Disabled:ComcastSUPPORT / Support.com Agent] -> File not found
"C:\Program Files\VideoLAN\VLC\vlc.exe" -> C:\Program Files\VideoLAN\VLC\vlc.exe [C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player] -> [2006/05/06 12:42:04 | 00,093,184 | ---- | M] ()
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -> C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger] -> [2009/02/04 17:57:42 | 04,363,504 | ---- | M] (Yahoo! Inc.)
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> 
"AlternateShell" -> cmd.exe -> 
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 -> 
"DisplayName" -> CD-ROM Driver -> 
"ImagePath" -> %SystemRoot%\system32\DRIVERS\cdrom.sys [system32\DRIVERS\cdrom.sys] -> [2008/04/13 14:40:46 | 00,062,976 | ---- | M] (Microsoft Corporation)
< Drives with AutoRun files > ->  -> 
C:\AUTOEXEC.BAT [] -> %SystemDrive%\AUTOEXEC.BAT [ NTFS ] -> [2004/08/19 17:07:14 | 00,000,000 | ---- | M] ()
E:\autorun.inf [[autorun] | icon = .\mxoicon4.ico | Open=.\Encryption Tool\MaxtorEncryption.exe | Action=Open Maxtor Encryption from here | ] -> E:\autorun.inf [ NTFS ] -> [2007/05/31 15:17:24 | 00,000,118 | ---- | M] ()
F:\autorun.inf [[autorun] | icon = .\mxoicon4.ico | Open=.\Encryption Tool\MaxtorEncryption.exe | Action=Open Maxtor Encryption from here | ] -> F:\autorun.inf [ NTFS ] -> [2007/05/31 15:17:24 | 00,000,118 | ---- | M] ()
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> 
 
 
[Files/Folders - Created Within 30 Days]
2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
My Videos -> %UserProfile%\My Documents\My Videos -> [2009/04/14 11:50:14 | 00,000,000 | R--D | C]
xing shared -> %CommonProgramFiles%\xing shared -> [2009/04/14 11:49:20 | 00,000,000 | ---D | C]
pnup0.dll -> %SystemRoot%\System32\pnup0.dll -> [2009/04/14 11:48:26 | 00,348,160 | ---- | C] (Microsoft Corporation)
Mozilla Thunderbird.lnk -> %AllUsersProfile%\Desktop\Mozilla Thunderbird.lnk -> [2009/04/14 11:44:03 | 00,001,668 | ---- | C] ()
Mozilla Firefox.lnk -> %AllUsersProfile%\Desktop\Mozilla Firefox.lnk -> [2009/04/14 11:42:01 | 00,001,602 | ---- | C] ()
iTunes -> %ProgramFiles%\iTunes -> [2009/04/14 11:31:40 | 00,000,000 | ---D | C]
{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3} -> %AllUsersProfile%\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3} -> [2009/04/14 11:31:40 | 00,000,000 | ---D | C]
LastGood -> %SystemRoot%\LastGood -> [2009/04/14 11:28:47 | 00,000,000 | ---D | C]
QuickTime -> %ProgramFiles%\QuickTime -> [2009/04/14 11:21:29 | 00,000,000 | ---D | C]
tmcomm.sys -> %SystemRoot%\System32\drivers\tmcomm.sys -> [2009/04/14 11:02:15 | 00,153,104 | ---- | C] (Trend Micro Inc.)
RootkitBuster_2.52.1013.zip -> %UserProfile%\Desktop\RootkitBuster_2.52.1013.zip -> [2009/04/14 11:01:59 | 01,055,648 | ---- | C] ()
WinRAR.lnk -> %UserProfile%\Desktop\WinRAR.lnk -> [2009/04/13 02:20:35 | 00,000,528 | ---- | C] ()
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [2009/04/07 20:28:16 | 10,731,80672 | -HS- | C] ()
lsdelete.exe -> %SystemRoot%\System32\lsdelete.exe -> [2009/04/07 20:02:25 | 00,015,688 | ---- | C] ()
Lbd.sys -> %SystemRoot%\System32\drivers\Lbd.sys -> [2009/04/07 19:42:28 | 00,064,160 | ---- | C] (Lavasoft AB)
Ad-Aware Update (Weekly).job -> %SystemRoot%\tasks\Ad-Aware Update (Weekly).job -> [2009/04/07 19:42:27 | 00,000,472 | ---- | C] ()
{7972B2E5-3E09-4E5E-81B7-FE5819D6772F} -> %AllUsersProfile%\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F} -> [2009/04/07 19:41:21 | 00,000,000 | -H-D | C]
Ad-Aware.lnk -> %AllUsersProfile%\Desktop\Ad-Aware.lnk -> [2009/04/07 19:41:20 | 00,000,867 | ---- | C] ()
Lavasoft -> %ProgramFiles%\Lavasoft -> [2009/04/07 19:41:07 | 00,000,000 | ---D | C]
Lavasoft -> %AllUsersProfile%\Application Data\Lavasoft -> [2009/04/07 19:41:06 | 00,000,000 | ---D | C]
Ad-AwareAE.exe -> %UserProfile%\Desktop\Ad-AwareAE.exe -> [2009/04/07 19:39:30 | 37,452,296 | ---- | C] (Lavasoft																																																																									)
.housecall6.6 -> %UserProfile%\.housecall6.6 -> [2009/04/07 19:32:38 | 00,000,000 | ---D | C]
pavboot.sys -> %SystemRoot%\System32\drivers\pavboot.sys -> [2009/04/07 17:40:11 | 00,028,544 | ---- | C] (Panda Security, S.L.)
Panda Security -> %ProgramFiles%\Panda Security -> [2009/04/07 17:39:43 | 00,000,000 | ---D | C]
BitDefender -> %UserProfile%\My Documents\BitDefender -> [2009/04/06 23:11:30 | 00,000,000 | ---D | C]
BDOSCAN8 -> %SystemRoot%\BDOSCAN8 -> [2009/04/06 20:49:06 | 00,000,000 | ---D | C]
Acrobat.com.lnk -> %AllUsersProfile%\Desktop\Acrobat.com.lnk -> [2009/04/06 20:42:13 | 00,000,734 | ---- | C] ()
Adobe AIR -> %CommonProgramFiles%\Adobe AIR -> [2009/04/06 20:41:52 | 00,000,000 | ---D | C]
Adobe Reader 9.lnk -> %AllUsersProfile%\Desktop\Adobe Reader 9.lnk -> [2009/04/06 20:40:28 | 00,001,729 | ---- | C] ()
Adobe -> %AllUsersProfile%\Application Data\Adobe -> [2009/04/06 20:39:44 | 00,000,000 | ---D | C]
Adobe Reader 9 Installer -> %UserProfile%\Desktop\Adobe Reader 9 Installer -> [2009/04/06 20:35:03 | 00,000,000 | ---D | C]
NOS -> %AllUsersProfile%\Application Data\NOS -> [2009/04/06 20:32:13 | 00,000,000 | ---D | C]
NOS -> %ProgramFiles%\NOS -> [2009/04/06 20:32:10 | 00,000,000 | ---D | C]
FLV Player.lnk -> %AllUsersProfile%\Desktop\FLV Player.lnk -> [2009/04/05 20:19:54 | 00,000,701 | ---- | C] ()
FLV Player -> %ProgramFiles%\FLV Player -> [2009/04/05 20:19:53 | 00,000,000 | ---D | C]
For_Summers.zip -> %UserProfile%\Desktop\For_Summers.zip -> [2009/03/30 01:33:22 | 02,829,650 | ---- | C] ()
H_J_T.zip -> %UserProfile%\Desktop\H_J_T.zip -> [2009/03/30 01:16:16 | 00,314,563 | ---- | C] ()
M_B_A_M.zip -> %UserProfile%\Desktop\M_B_A_M.zip -> [2009/03/30 01:15:53 | 02,514,621 | ---- | C] ()
Flash2X -> %ProgramFiles%\Flash2X -> [2009/03/28 15:52:30 | 00,000,000 | ---D | C]
SpywareBlaster.lnk -> %UserProfile%\Desktop\SpywareBlaster.lnk -> [2009/03/24 22:15:38 | 00,000,690 | ---- | C] ()
SUPERAntiSpyware.com -> %AllUsersProfile%\Application Data\SUPERAntiSpyware.com -> [2009/03/24 20:49:43 | 00,000,000 | ---D | C]
S_A_S.lnk -> %UserProfile%\Desktop\S_A_S.lnk -> [2009/03/24 20:48:07 | 00,000,640 | ---- | C] ()
SUPERAntiSpyware.com -> %AppData%\SUPERAntiSpyware.com -> [2009/03/24 20:48:06 | 00,000,000 | ---D | C]
S_A_S -> %ProgramFiles%\S_A_S -> [2009/03/24 20:48:06 | 00,000,000 | ---D | C]
S_A_S.exe -> %UserProfile%\Desktop\S_A_S.exe -> [2009/03/24 20:46:12 | 06,068,768 | ---- | C] ()
Mal_B_A_Mwre -> %ProgramFiles%\Mal_B_A_Mwre -> [2009/03/24 19:43:36 | 00,000,000 | ---D | C]
uactmp.db -> %SystemRoot%\System32\uactmp.db -> [2009/03/24 19:18:16 | 01,896,749 | ---- | C] ()
UACexqnxrda.db -> %SystemRoot%\System32\UACexqnxrda.db -> [2009/03/24 18:38:59 | 00,414,144 | ---- | C] ()
Attach.zip -> %UserProfile%\Desktop\Attach.zip -> [2009/03/22 23:34:41 | 00,003,787 | ---- | C] ()
dds.scr -> %UserProfile%\Desktop\dds.scr -> [2009/03/22 23:04:18 | 00,360,002 | ---- | C] ()
SpywareBlaster -> %ProgramFiles%\SpywareBlaster -> [2009/03/21 19:56:53 | 00,000,000 | ---D | C]
 
[Files/Folders - Modified Within 30 Days]
2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
2 C:\Documents and Settings\owner\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\owner\Local Settings\Temp\*.tmp -> 
2 C:\Documents and Settings\owner\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\owner\Local Settings\Temp\*.tmp -> 
1 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp -> 
Au_.exe -> %UserProfile%\Local Settings\Temp\~nsu.tmp\Au_.exe -> [2009/04/14 11:52:43 | 00,084,661 | ---- | M] (Adobe Systems Incorporated)
NTUSER.DAT -> %UserProfile%\NTUSER.DAT -> [2009/04/14 11:49:42 | 15,728,640 | -H-- | M] ()
pnup0.dll -> %SystemRoot%\System32\pnup0.dll -> [2009/04/14 11:48:26 | 00,348,160 | ---- | M] (Microsoft Corporation)
pncrt.dll -> %SystemRoot%\System32\pncrt.dll -> [2009/04/14 11:48:26 | 00,278,528 | ---- | M] (Real Networks, Inc)
control.dll -> %UserProfile%\Local Settings\Temp\rninst~0\RUP\control.dll -> [2009/04/14 11:46:22 | 00,083,464 | ---- | M] (RealNetworks, Inc.)
Mozilla Thunderbird.lnk -> %AllUsersProfile%\Desktop\Mozilla Thunderbird.lnk -> [2009/04/14 11:44:03 | 00,001,668 | ---- | M] ()
Mozilla Firefox.lnk -> %AllUsersProfile%\Desktop\Mozilla Firefox.lnk -> [2009/04/14 11:42:01 | 00,001,602 | ---- | M] ()
secuniasi8736840379605148924.dll -> %UserProfile%\Local Settings\Temp\secuniasi8736840379605148924.dll -> [2009/04/14 11:07:22 | 00,192,512 | ---- | M] ()
tmcomm.sys -> %SystemRoot%\System32\drivers\tmcomm.sys -> [2009/04/14 11:02:15 | 00,153,104 | ---- | M] (Trend Micro Inc.)
RootkitBuster_2.52.1013.zip -> %UserProfile%\Desktop\RootkitBuster_2.52.1013.zip -> [2009/04/14 11:02:01 | 01,055,648 | ---- | M] ()
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %UserProfile%\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2009/04/14 01:22:42 | 00,215,040 | ---- | M] ()
qmgr1.dat -> %AllUsersProfile%\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [2009/04/13 23:04:30 | 00,004,792 | ---- | M] ()
qmgr0.dat -> %AllUsersProfile%\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [2009/04/13 23:04:29 | 00,006,845 | ---- | M] ()
Ad-Aware Update (Weekly).job -> %SystemRoot%\tasks\Ad-Aware Update (Weekly).job -> [2009/04/13 19:42:13 | 00,000,472 | ---- | M] ()
index.dat -> %UserProfile%\Local Settings\Temp\UserData\index.dat -> [2009/04/13 18:27:11 | 00,032,768 | -HS- | M] ()
eHomeLog-27.dat -> %AllUsersProfile%\Application Data\Microsoft\eHome\logs\eHomeLog-27.dat -> [2009/04/13 18:25:05 | 00,000,268 | -H-- | M] ()
wpa.dbl -> %SystemRoot%\System32\wpa.dbl -> [2009/04/13 18:24:45 | 00,002,206 | ---- | M] ()
eHomeLog-26.dat -> %AllUsersProfile%\Application Data\Microsoft\eHome\logs\eHomeLog-26.dat -> [2009/04/13 18:23:35 | 00,000,268 | -H-- | M] ()
Config.MPF -> %SystemRoot%\System32\Config.MPF -> [2009/04/13 18:23:16 | 00,026,841 | ---- | M] ()
Perflib_Perfdata_3fc.dat -> %SystemRoot%\Temp\Perflib_Perfdata_3fc.dat -> [2009/04/13 18:22:32 | 00,016,384 | ---- | M] ()
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [2009/04/13 18:22:18 | 00,000,006 | -H-- | M] ()
bootstat.dat -> %SystemRoot%\bootstat.dat -> [2009/04/13 18:21:56 | 00,002,048 | --S- | M] ()
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [2009/04/13 18:21:54 | 10,731,80672 | -HS- | M] ()
ntuser.ini -> %UserProfile%\ntuser.ini -> [2009/04/13 18:20:11 | 00,000,278 | -HS- | M] ()
WinRAR.lnk -> %UserProfile%\Desktop\WinRAR.lnk -> [2009/04/13 02:20:35 | 00,000,528 | ---- | M] ()
SpywareBlaster.lnk -> %UserProfile%\Desktop\SpywareBlaster.lnk -> [2009/04/10 23:35:28 | 00,000,690 | ---- | M] ()
eHomeLog-25.dat -> %AllUsersProfile%\Application Data\Microsoft\eHome\logs\eHomeLog-25.dat -> [2009/04/10 19:34:55 | 00,000,268 | -H-- | M] ()
eHomeLog-24.dat -> %AllUsersProfile%\Application Data\Microsoft\eHome\logs\eHomeLog-24.dat -> [2009/04/07 20:31:10 | 00,000,268 | -H-- | M] ()
eHomeLog-23.dat -> %AllUsersProfile%\Application Data\Microsoft\eHome\logs\eHomeLog-23.dat -> [2009/04/07 19:48:41 | 00,000,268 | -H-- | M] ()
Ad-Aware.lnk -> %AllUsersProfile%\Desktop\Ad-Aware.lnk -> [2009/04/07 19:41:20 | 00,000,867 | ---- | M] ()
Ad-AwareAE.exe -> %UserProfile%\Desktop\Ad-AwareAE.exe -> [2009/04/07 19:39:33 | 37,452,296 | ---- | M] (Lavasoft																																																																									)
eHomeLog-22.dat -> %AllUsersProfile%\Application Data\Microsoft\eHome\logs\eHomeLog-22.dat -> [2009/04/06 23:22:56 | 00,000,268 | -H-- | M] ()
Acrobat.com.lnk -> %AllUsersProfile%\Desktop\Acrobat.com.lnk -> [2009/04/06 20:42:13 | 00,000,734 | ---- | M] ()
Adobe Reader 9.lnk -> %AllUsersProfile%\Desktop\Adobe Reader 9.lnk -> [2009/04/06 20:40:28 | 00,001,729 | ---- | M] ()
mbamswissarmy.sys -> %SystemRoot%\System32\drivers\mbamswissarmy.sys -> [2009/04/06 15:32:54 | 00,038,496 | ---- | M] (Malwarebytes Corporation)
mbam.sys -> %SystemRoot%\System32\drivers\mbam.sys -> [2009/04/06 15:32:46 | 00,015,504 | ---- | M] (Malwarebytes Corporation)
eHomeLog-21.dat -> %AllUsersProfile%\Application Data\Microsoft\eHome\logs\eHomeLog-21.dat -> [2009/04/05 21:42:01 | 00,000,268 | -H-- | M] ()
FLV Player.lnk -> %AllUsersProfile%\Desktop\FLV Player.lnk -> [2009/04/05 20:19:54 | 00,000,701 | ---- | M] ()
win.ini -> %SystemRoot%\win.ini -> [2009/04/05 17:14:39 | 00,000,548 | ---- | M] ()
sqmnoopt13.sqm -> %SystemDrive%\sqmnoopt13.sqm -> [2009/04/05 15:41:29 | 00,000,244 | -H-- | M] ()
sqmdata13.sqm -> %SystemDrive%\sqmdata13.sqm -> [2009/04/05 15:41:29 | 00,000,232 | -H-- | M] ()
sqmnoopt12.sqm -> %SystemDrive%\sqmnoopt12.sqm -> [2009/04/05 15:30:41 | 00,000,244 | -H-- | M] ()
sqmdata12.sqm -> %SystemDrive%\sqmdata12.sqm -> [2009/04/05 15:30:41 | 00,000,232 | -H-- | M] ()
eHomeLog-20.dat -> %AllUsersProfile%\Application Data\Microsoft\eHome\logs\eHomeLog-20.dat -> [2009/04/04 20:43:44 | 00,000,268 | -H-- | M] ()
sqmnoopt11.sqm -> %SystemDrive%\sqmnoopt11.sqm -> [2009/04/04 19:15:43 | 00,000,244 | -H-- | M] ()
sqmdata11.sqm -> %SystemDrive%\sqmdata11.sqm -> [2009/04/04 19:15:43 | 00,000,232 | -H-- | M] ()
sqmnoopt10.sqm -> %SystemDrive%\sqmnoopt10.sqm -> [2009/04/04 19:10:44 | 00,000,244 | -H-- | M] ()
sqmdata10.sqm -> %SystemDrive%\sqmdata10.sqm -> [2009/04/04 19:10:44 | 00,000,232 | -H-- | M] ()
McQcTask.job -> %SystemRoot%\tasks\McQcTask.job -> [2009/04/01 01:03:09 | 00,000,332 | ---- | M] ()
For_Summers.zip -> %UserProfile%\Desktop\For_Summers.zip -> [2009/03/30 01:33:22 | 02,829,650 | ---- | M] ()
H_J_T.zip -> %UserProfile%\Desktop\H_J_T.zip -> [2009/03/30 01:16:17 | 00,314,563 | ---- | M] ()
M_B_A_M.zip -> %UserProfile%\Desktop\M_B_A_M.zip -> [2009/03/30 01:15:53 | 02,514,621 | ---- | M] ()
orun32.ini -> %SystemRoot%\orun32.ini -> [2009/03/28 13:06:55 | 00,000,791 | ---- | M] ()
S_A_S.lnk -> %UserProfile%\Desktop\S_A_S.lnk -> [2009/03/25 21:12:53 | 00,000,640 | ---- | M] ()
Malwarebytes' Anti-Malware.lnk -> %AllUsersProfile%\Desktop\Malwarebytes' Anti-Malware.lnk -> [2009/03/24 21:27:42 | 00,000,626 | ---- | M] ()
S_A_S.exe -> %UserProfile%\Desktop\S_A_S.exe -> [2009/03/24 20:46:20 | 06,068,768 | ---- | M] ()
eHomeLog-19.dat -> %AllUsersProfile%\Application Data\Microsoft\eHome\logs\eHomeLog-19.dat -> [2009/03/24 20:05:29 | 00,000,268 | -H-- | M] ()
eHomeLog-18.dat -> %AllUsersProfile%\Application Data\Microsoft\eHome\logs\eHomeLog-18.dat -> [2009/03/24 20:04:26 | 00,000,268 | -H-- | M] ()
uactmp.db -> %SystemRoot%\System32\uactmp.db -> [2009/03/24 20:02:51 | 01,896,749 | ---- | M] ()
eHomeLog-17.dat -> %AllUsersProfile%\Application Data\Microsoft\eHome\logs\eHomeLog-17.dat -> [2009/03/24 19:25:26 | 00,000,268 | -H-- | M] ()
eHomeLog-16.dat -> %AllUsersProfile%\Application Data\Microsoft\eHome\logs\eHomeLog-16.dat -> [2009/03/24 19:24:34 | 00,000,000 | -H-- | M] ()
UACexqnxrda.db -> %SystemRoot%\System32\UACexqnxrda.db -> [2009/03/24 18:39:01 | 00,414,144 | ---- | M] ()
Attach.zip -> %UserProfile%\Desktop\Attach.zip -> [2009/03/22 23:34:41 | 00,003,787 | ---- | M] ()
dds.scr -> %UserProfile%\Desktop\dds.scr -> [2009/03/22 23:04:19 | 00,360,002 | ---- | M] ()
hosts -> %SystemRoot%\System32\drivers\etc\hosts -> [2009/03/21 18:39:15 | 00,000,031 | ---- | M] ()
eHomeLog-15.dat -> %AllUsersProfile%\Application Data\Microsoft\eHome\logs\eHomeLog-15.dat -> [2009/03/21 18:03:08 | 00,000,268 | -H-- | M] ()
eHomeLog-14.dat -> %AllUsersProfile%\Application Data\Microsoft\eHome\logs\eHomeLog-14.dat -> [2009/03/19 20:36:27 | 00,000,268 | -H-- | M] ()
eHomeLog-13.dat -> %AllUsersProfile%\Application Data\Microsoft\eHome\logs\eHomeLog-13.dat -> [2009/03/18 18:00:11 | 00,000,268 | -H-- | M] ()
eHomeLog-12.dat -> %AllUsersProfile%\Application Data\Microsoft\eHome\logs\eHomeLog-12.dat -> [2009/03/18 17:58:54 | 00,000,268 | -H-- | M] ()
eHomeLog-11.dat -> %AllUsersProfile%\Application Data\Microsoft\eHome\logs\eHomeLog-11.dat -> [2009/03/16 00:03:29 | 00,000,268 | -H-- | M] ()
sqmnoopt09.sqm -> %SystemDrive%\sqmnoopt09.sqm -> [2009/03/15 21:53:23 | 00,000,244 | -H-- | M] ()
sqmdata09.sqm -> %SystemDrive%\sqmdata09.sqm -> [2009/03/15 21:53:23 | 00,000,232 | -H-- | M] ()
sqmnoopt08.sqm -> %SystemDrive%\sqmnoopt08.sqm -> [2009/03/15 16:34:10 | 00,000,244 | -H-- | M] ()
sqmdata08.sqm -> %SystemDrive%\sqmdata08.sqm -> [2009/03/15 16:34:10 | 00,000,232 | -H-- | M] ()
sqmnoopt07.sqm -> %SystemDrive%\sqmnoopt07.sqm -> [2009/03/15 15:50:08 | 00,000,244 | -H-- | M] ()
sqmdata07.sqm -> %SystemDrive%\sqmdata07.sqm -> [2009/03/15 15:50:08 | 00,000,232 | -H-- | M] ()
sqmnoopt06.sqm -> %SystemDrive%\sqmnoopt06.sqm -> [2009/03/15 14:54:46 | 00,000,244 | -H-- | M] ()
sqmdata06.sqm -> %SystemDrive%\sqmdata06.sqm -> [2009/03/15 14:54:46 | 00,000,232 | -H-- | M] ()
eHomeLog-10.dat -> %AllUsersProfile%\Application Data\Microsoft\eHome\logs\eHomeLog-10.dat -> [2009/03/14 21:31:24 | 00,000,268 | -H-- | M] ()
eHomeLog-9.dat -> %AllUsersProfile%\Application Data\Microsoft\eHome\logs\eHomeLog-9.dat -> [2009/03/10 22:52:12 | 00,000,268 | -H-- | M] ()
eHomeLog-8.dat -> %AllUsersProfile%\Application Data\Microsoft\eHome\logs\eHomeLog-8.dat -> [2009/03/10 22:43:58 | 00,000,268 | -H-- | M] ()
eHomeLog-7.dat -> %AllUsersProfile%\Application Data\Microsoft\eHome\logs\eHomeLog-7.dat -> [2009/03/10 22:41:16 | 00,000,268 | -H-- | M] ()
eHomeLog-6.dat -> %AllUsersProfile%\Application Data\Microsoft\eHome\logs\eHomeLog-6.dat -> [2009/03/10 20:01:01 | 00,000,268 | -H-- | M] ()
eHomeLog-5.dat -> %AllUsersProfile%\Application Data\Microsoft\eHome\logs\eHomeLog-5.dat -> [2009/03/10 17:56:16 | 00,000,268 | -H-- | M] ()
eHomeLog-4.dat -> %AllUsersProfile%\Application Data\Microsoft\eHome\logs\eHomeLog-4.dat -> [2009/03/09 17:57:22 | 00,000,268 | -H-- | M] ()
eHomeLog-3.dat -> %AllUsersProfile%\Application Data\Microsoft\eHome\logs\eHomeLog-3.dat -> [2009/03/08 17:49:48 | 00,000,268 | -H-- | M] ()
eHomeLog-2.dat -> %AllUsersProfile%\Application Data\Microsoft\eHome\logs\eHomeLog-2.dat -> [2009/03/08 17:48:34 | 00,000,268 | -H-- | M] ()
eHomeLog-1.dat -> %AllUsersProfile%\Application Data\Microsoft\eHome\logs\eHomeLog-1.dat -> [2009/03/07 02:54:42 | 00,000,268 | -H-- | M] ()
RootkitBuster.exe -> %UserProfile%\Local Settings\Temp\Rar$EX00.234\RootkitBuster.exe -> [2009/03/03 10:55:44 | 02,342,912 | ---- | M] (Trend Micro Inc.)
eHomeLog-0.dat -> %AllUsersProfile%\Application Data\Microsoft\eHome\logs\eHomeLog-0.dat -> [2009/03/02 03:21:20 | 00,000,268 | -H-- | M] ()
eHomeLog-47.dat -> %AllUsersProfile%\Application Data\Microsoft\eHome\logs\eHomeLog-47.dat -> [2009/02/27 19:37:28 | 00,000,268 | -H-- | M] ()
eHomeLog-46.dat -> %AllUsersProfile%\Application Data\Microsoft\eHome\logs\eHomeLog-46.dat -> [2009/02/24 15:29:12 | 00,000,268 | -H-- | M] ()
eHomeLog-45.dat -> %AllUsersProfile%\Application Data\Microsoft\eHome\logs\eHomeLog-45.dat -> [2009/02/22 19:43:52 | 00,000,268 | -H-- | M] ()
eHomeLog-44.dat -> %AllUsersProfile%\Application Data\Microsoft\eHome\logs\eHomeLog-44.dat -> [2009/02/21 13:04:02 | 00,000,268 | -H-- | M] ()
eHomeLog-43.dat -> %AllUsersProfile%\Application Data\Microsoft\eHome\logs\eHomeLog-43.dat -> [2009/02/20 00:02:56 | 00,000,268 | -H-- | M] ()
eHomeLog-42.dat -> %AllUsersProfile%\Application Data\Microsoft\eHome\logs\eHomeLog-42.dat -> [2009/02/18 23:58:16 | 00,000,268 | -H-- | M] ()
eHomeLog-41.dat -> %AllUsersProfile%\Application Data\Microsoft\eHome\logs\eHomeLog-41.dat -> [2009/02/18 21:07:22 | 00,000,268 | -H-- | M] ()
SSUPDATE.EXE -> %UserProfile%\Local Settings\Temp\SSUPDATE.EXE -> [2009/02/17 11:43:24 | 00,158,960 | ---- | M] (SUPERAntiSpyware.com)
eHomeLog-40.dat -> %AllUsersProfile%\Application Data\Microsoft\eHome\logs\eHomeLog-40.dat -> [2009/02/16 06:33:15 | 00,000,268 | -H-- | M] ()
eHomeLog-39.dat -> %AllUsersProfile%\Application Data\Microsoft\eHome\logs\eHomeLog-39.dat -> [2009/02/16 06:31:56 | 00,000,268 | -H-- | M] ()
eHomeLog-38.dat -> %AllUsersProfile%\Application Data\Microsoft\eHome\logs\eHomeLog-38.dat -> [2009/02/13 22:33:13 | 00,000,268 | -H-- | M] ()
eHomeLog-37.dat -> %AllUsersProfile%\Application Data\Microsoft\eHome\logs\eHomeLog-37.dat -> [2009/02/10 19:08:44 | 00,000,268 | -H-- | M] ()
eHomeLog-36.dat -> %AllUsersProfile%\Application Data\Microsoft\eHome\logs\eHomeLog-36.dat -> [2009/02/08 03:30:11 | 00,000,268 | -H-- | M] ()
eHomeLog-35.dat -> %AllUsersProfile%\Application Data\Microsoft\eHome\logs\eHomeLog-35.dat -> [2009/02/08 03:28:47 | 00,000,268 | -H-- | M] ()
eHomeLog-34.dat -> %AllUsersProfile%\Application Data\Microsoft\eHome\logs\eHomeLog-34.dat -> [2009/02/08 03:12:29 | 00,000,268 | -H-- | M] ()
eHomeLog-33.dat -> %AllUsersProfile%\Application Data\Microsoft\eHome\logs\eHomeLog-33.dat -> [2009/02/06 21:40:18 | 00,000,268 | -H-- | M] ()
eHomeLog-32.dat -> %AllUsersProfile%\Application Data\Microsoft\eHome\logs\eHomeLog-32.dat -> [2009/02/04 21:54:37 | 00,000,268 | -H-- | M] ()
eHomeLog-31.dat -> %AllUsersProfile%\Application Data\Microsoft\eHome\logs\eHomeLog-31.dat -> [2009/02/04 18:48:59 | 00,000,268 | -H-- | M] ()
eHomeLog-30.dat -> %AllUsersProfile%\Application Data\Microsoft\eHome\logs\eHomeLog-30.dat -> [2009/01/31 21:06:38 | 00,000,268 | -H-- | M] ()
eHomeLog-29.dat -> %AllUsersProfile%\Application Data\Microsoft\eHome\logs\eHomeLog-29.dat -> [2009/01/31 16:35:59 | 00,000,268 | -H-- | M] ()
eHomeLog-28.dat -> %AllUsersProfile%\Application Data\Microsoft\eHome\logs\eHomeLog-28.dat -> [2009/01/31 16:35:16 | 00,000,268 | -H-- | M] ()
hhcolreg.dat -> %AllUsersProfile%\Application Data\Microsoft\HTML Help\hhcolreg.dat -> [2006/09/27 19:57:37 | 00,009,158 | ---- | M] ()
opa11.dat -> %AllUsersProfile%\Application Data\Microsoft\OFFICE\DATA\opa11.dat -> [2005/08/17 22:00:13 | 00,011,098 | ---- | M] ()
 
[Alternate Data Streams]
@Alternate Data Stream - 104 bytes -> %AllUsersProfile%\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 114 bytes -> %AllUsersProfile%\Application Data\TEMP:0F8F5844
@Alternate Data Stream - 125 bytes -> %AllUsersProfile%\Application Data\TEMP:5C321E34
< End of report >


#10 Bossy22

Bossy22
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:42 PM

Posted 16 April 2009 - 06:47 PM

Whew! :thumbup2:

That was a lot of work but I am so grateful for you having me peform them all.
I think I posted the results as you'd want to see them, but let me know if I need to modify anything.
I learned a lot and hope that there's not too many problems and if there are, can be fixed easily.

I just wanted to add that the other day I was alarmed to see that periodically my McAfee was getting turned off and I had to turn it back on manually.
This happened several times but not in the past couple of days.

Again, thank you very much for dedicating your time to helping me and I look forward to your reply.

#11 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:05:42 PM

Posted 20 April 2009 - 12:19 PM

I was diagnosed Friday with Trigger thumb which is a condition in which my thumb catches in a bent position. My thumb straightens with a snap — like a trigger being pulled and released. It can cause my finger to become locked in a bent position. It is very painful. I am wearing a brace on my left hand.

I can still type and plan to continue working your log. Please be patient as it does slow me down.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#12 Bossy22

Bossy22
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:42 PM

Posted 20 April 2009 - 05:07 PM

Hi Sue-

I'm sorry to hear about your affliction as it's possibly the worst type for someone working in technology.
I completely understand that it will slow you down and I am in no position to complain (not that I was even thinking along those lines).
I know you have many others you are attending to as well as me and I will be patient.

Thank you for the update and I hope you're not in too much distress.

#13 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:05:42 PM

Posted 24 April 2009 - 03:57 PM

By fixing the "Optional Fixes", you will remove the program from your startup but you will not remove the program itself. Note the large number of startup items. This adversely affects the bootup time and computer speed with this large amount of unnecessary programs loading at startup and then running in the background.

Please run HijackThis and click Scan. Place checks next to the HijackThis entries that are Optional Fixes that you have chosen to remove from your startup list.

ehtray.exe (Media Center) process can be removed to free up resources without compromising system performance. This startup loads a system tray icon that allows you to control various aspects of Media Center. Enables the user to access Windows Messenger from within Media Center. This is a valid program, but it is up to you whether or not you want it to run on startup. Whether or not you need to run this program on startup must be decided by you. If you feel that you want this program starting automatically so that you have it available as needed, then do not disable it. This program is not required to start automatically as you can start it manually if you need it. It is advised that you disable this program so that it does not take up necessary resources. Many users have reported this process slows their boot time. It may be worthwhile to fix it with HijackThis. Item(s) to fix in HijackThis:

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

Apoint.exe (Touchpad software for laptops) process can be removed to free up resources without compromising system performance. Touchpad software for laptop personal computers. For instance it is found on the Panasonic machines and allows part of the touchpad to be used for document or Web-page scrolling. Required for proper functioning of the pointing software but not required for the laptop to work. Whether or not you need to run this program on startup must be decided by you. If you feel that you want this program starting automatically so that you have it available as needed, then do not disable it. This program is not required to start automatically as you can start it manually if you need it. It is advised that you disable this program so that it does not take up necessary resources. Many users have reported this process slows their boot time. It may be worthwhile to fix it with HijackThis. Item(s) to fix in HijackThis:

O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe

ATIPtaxx.exe is the tray bar process for your ATI graphics card drivers. It gives you easy access to your graphic card settings. It is the control panel for the ATI series of video cards allowing access to such features as display resolution, color depth, etc. Available via Start -> Settings -> Control Panel -> Display. Some users may need it if they have optimized their settings. This process can be removed to free up system resources. It may be worthwhile to fix it with HijackThis. Item(s) to fix in HijackThis:

O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe

quickset.exe (Dell QuickSet) process can be removed to free up resources without compromising system performance. quickset.exe (Dell QuickSet) is the Dell taskbar icon allowing you to quickly change settings. This program is not required to start automatically as you can start it manually if you need it. It is advised that you disable this program so that it does not take up necessary resources. Many users have reported this process slows their boot time. It may be worthwhile to fix it with HijackThis. Item(s) to fix in HijackThis:

O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe

DVDLauncher.exe (Cyberlink PowerCinema) process can be removed to free up resources without compromising system performance. A process belonging to the Cyberlink PowerCinema video viewing software which allows you to play DVDs upon insertion. Non-essential process - and is installed for ease of use. Whether or not you need to run this program on startup must be decided by you. If you feel that you want this program starting automatically so that you have it available as needed, then do not disable it. This program is not required to start automatically as you can start it manually if you need it. It is advised that you disable this program so that it does not take up necessary resources. Many users have reported this process slows their boot time. It may be worthwhile to fix it with HijackThis. Item(s) to fix in HijackThis:

O4 - HKLM\..\Run: [DVDLauncher] "C:\Program\CyberLink\PowerDVD\DVDLauncher.exe"

ISUSPM Startup ISUSPM.exe ( InstallShield Update Service Scheduler) process can be removed to free up resources without compromising system performance. It automatically searches for and performs any updates to the software so you’re always working with the most current version. This program is not required to start automatically as you can start it manually if you need it. It is advised that you disable this program so that it does not take up necessary resources. Many users have reported this process slows their boot time. It may be worthwhile to fix it with HijackThis. Item(s) to fix in HijackThis:

ISUSPM Startup ISUSPM.exe ( InstallShield Update Service Scheduler) process can be removed to free up resources without compromising system performance. It automatically searches for and performs any updates to the software so you’re always working with the most current version. This program is not required to start automatically as you can start it manually if you need it. It is advised that you disable this program so that it does not take up necessary resources. Many users have reported this process slows their boot time. It may be worthwhile to fix it with HijackThis. Item(s) to fix in HijackThis:

O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup


issch.exe ISUSScheduler ( InstallShield Update Service Scheduler) process can be removed to free up resources without compromising system performance. It automatically searches for and performs any updates to the software so you’re always working with the most current version. This program is not required to start automatically as you can start it manually if you need it. It is advised that you disable this program so that it does not take up necessary resources. Many users have reported this process slows their boot time. It may be worthwhile to fix it with HijackThis. Item(s) to fix in HijackThis:

O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

You have Broadjump Client Foundation software installed. This is a memory and resource hog. Answersthatwork says:

Again on XP, CFD has been seen to slowly but surely gobble up resources and memory, ending up running at 95% of CPU resources and an impossibly slow PC. You’ve guessed it : de-install "Broadjump Client Foundation" through "Add/Remove Programs" in the Control Panel, and/or disable BJCFD, or its newer incarnation, CFD. ...... Those users who have done so have reported no ill-effects whatsoever.

Please uninstall Broadjump Client Foundation. To uninstall the Client Foundation:
  • Click Start, point to Settings, and then click Control Panel.
  • In Control Panel, double-click Add or Remove Programs.
  • In Add or Remove Programs, highlight Client Foundation, click Remove.
  • Close the Add or Remove Programs and the Control Panel windows.
Item(s) to fix in HijackThis:

O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe

dsca.exe (Dell dscactivate - Remote Support Program) process can be removed to free up resources without compromising system performance. Dell Support Agent offers additional support and update features for your Dell computer or laptop. Starts Dell's remote support program. This is a valid program but it is not required to start automatically as you can start it manually if you need it. It is advised that you disable this program so that it does not take up necessary resources. Many users have reported this process slows their boot time. It may be worthwhile to fix it with HijackThis. Item(s) to fix in HijackThis:

O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"

maxmenumgr.exe (MSS and OneTouch™ MFC Application from Maxtor Corp.) process can be removed to free up resources without compromising system performance. Maxtor one touch External HDD manager, is a program that allows one to backup, synchronize, create an image of the computer to be cloned, lock the external hard disk drive, and encrypt files. Not required to run on startup as the external hard disk drive will not always be plugged in. This program is not required to start automatically as you can start it manually if you need it. It is advised that you disable this program so that it does not take up necessary resources. Many users have reported this process slows their boot time. It may be worthwhile to fix it with HijackThis. Item(s) to fix in HijackThis:

O4 - HKLM\..\RUN: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe

You have jusched.exe running at Startup. It checks with Sun's Java updates site to see if newer Java versions are available. This program is not required to start automatically. You can do this manually by visiting http://java.sun.com or just run the Java Plug-In Control Panel. It is advised that you disable this program so that it does not take up necessary resources. It may be worthwhile to fix it with HijackThis. Item(s) to fix in HijackThis:

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

You have reader_sl.exe running at Startup. This is a process associated with the Adobe Reader. It is used to decrease the load time for the reader when a PDF document is selected. This is a non-essential process. You will still be able to start it manually if you need it. You can fix this with HijackThis. Item(s) to fix in HijackThis:

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

You have QuickTime running at Startup. This is QuickTime's system tray icon and not necessary for the program to function properly. It is considered to be a resource hog. You can fix this with HijackThis, but you will need to change the setting in QuickTime Player itself to keep it from resetting itself. To Remove The QuickTime Icon From System Tray:
  • Right-click the icon and select QuickTime Preferences.
  • Select Advanced tab (farthest to right)
  • Locate the option Install QuickTime icon in system tray in the Tray Icon area near the bottom and uncheck the box next to it.
  • Exit the Preferences by selecting OK.
  • This should remove the icon from your tray and it should not be there the next time you restart your computer.
Item(s) to fix in HijackThis:

O4 ‑ HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" ‑atboottime

You have iTunesHelper.exe running at Startup. iTunesHelper.exe is a process belonging to Itunes MP3 streaming tool by Apple which allows you to play MP3's. This process speeds up iTunes when it starts, and the program also monitors for connected iPod devices. This program is not required to start automatically as you can start it manually if you need it. It is advised that you disable this program so that it does not take up necessary resources. It may be worthwhile to fix it with HijackThis. Item(s) to fix in HijackThis:

O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe

You have realsched.exe (RealPlayer's autoupdate program) running at Startup. This is RealPlayer's autoupdate program and is not necessary for the program to function properly. realsched.exe is a program which schedules for manual update checks for Real Networks products. This is a non-essential process. Disabling or enabling this is down to user preference however disabling may prevent notification of updates. It is considered to be a resource hog. You will still be able to start it manually if you need it. You can fix this with HijackThis, but you will need to change the setting in RealPlayer itself to keep it from resetting itself. Item(s) to fix in HijackThis:

O4 ‑ HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" ‑osboot

DSAgnt.exe (Dell Support Agent ) process can be removed to free up resources without compromising system performance. Dell Support Agent offers additional support and update features for your Dell computer or laptop. Whether or not you need to run this program on startup must be decided by you. If you feel that you want this program starting automatically so that you have it available as needed, then do not disable it. This program is not required to start automatically as you can start it manually if you need it. It is advised that you disable this program so that it does not take up necessary resources. Many users have reported this process slows their boot time. It may be worthwhile to fix it with HijackThis. Item(s) to fix in HijackThis:

O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup

O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup

yahoomessenger.exe (YAHOOM~1.EXE) (Yahoo! Messenger process can be removed to free up resources without compromising system performance. yahoomessenger.exe is the executable for Yahoo! Messenger, a free instant messenging software from Yahoo! Inc.. It allows you to send and receive messages from online contacts. Other features include LAUNCHcast radio, Yahoo! Weather and Yahoo! Games. Disabling or enabling it is down to user preference. This program is not required to start automatically as you can start it manually if you need it. It is advised that you disable this program so that it does not take up necessary resources. Many users have reported this process slows their boot time. It may be worthwhile to fix it with HijackThis. Item(s) to fix in HijackThis:

O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

DLG.exe (Digital Line Detect.Ink) process can be removed to free up resources without compromising system performance. It detects whether your are plugged into a digital telephone line and displays the information graphically. Installed by Dell (and maybe others) and is included with all Connexant V.92 and Broadcom modems. This program is not required to start automatically as you can start it manually if you need it. It is advised that you disable this program so that it does not take up necessary resources. Many users have reported this process slows their boot time. It may be worthwhile to fix it with HijackThis. Item(s) to fix in HijackThis:

O4 - Global Startup: Digital Line Detect.lnk = ?

qbupdate.exe (Quickbooks Update Agent) process can be removed to free up resources without compromising system performance. Associated with Intuit's Quickbooks but not required. Possibly to do with the payroll update service but you're prompted to check for updates when appropriate whether this is running or not This program is not required to start automatically as you can start it manually if you need it. It is advised that you disable this program so hat it does not take up necessary resources. Many users have reported this process slows their boot time. It may be worthwhile to fix it with HijackThis. This is the item to fix in HijackThis:

O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe

msmsgs.exe (MSN Messenger Internet chat tool) is the main process relating to the MSN Messenger Internet chat tool installed by default on most Windows computers. The Windows Messenger (IM, MSN Messenger) from Microsoft provides Online Chat and Instant Messaging. If you don't use Windows Messenger, you can
  • Rename the "Messenger" folder.
  • Uninstall, Stop, Disable or Remove "Windows Messenger (IM, MSN Messenger)".
A tray bar is also installed alongside this process for easy access to its features which include Internet chat, file sharing and audio/video conferencing. This is a non-essential process. Disabling or enabling it is down to user preference. process can be removed to free up resources without compromising system performance. This program is not required to start automatically as you can start it manually if you need it. It is advised that you disable this program so that it does not take up necessary resources. Many users have reported this process slows their boot time. It may be worthwhile to fix it with HijackThis. Item(s) to fix in HijackThis:

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

AppleMobileDeviceService.exe (Apple Mobile Device) process can be removed to free up resources without compromising system performance. Used by iTunes to communicate with the Apple iPhone when it is connected to your computer. This is a valid program, but it is up to you whether or not you want it to run on startup. Whether or not you need to run this program on startup must be decided by you. If you feel that you want this program starting automatically so that you have it available as needed, then do not disable it. This program is not required to start automatically as you can start it manually if you need it. It is advised that you disable this program so that it does not take up necessary resources. Many users have reported this process slows their boot time. To change the service to Manual.
  • Right-click on My Computer and choose Manage.
  • Expand the Services and Applications section and click on Services.
  • On the right-side of the screen, find the entry for Apple Mobile Device and double-click on it.
  • Change the Startup Type: to Manual.
  • Hit the OK button and close the Computer Management screen.
It may be worthwhile to fix it with HijackThis. Item(s) to fix in HijackThis:

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

ati2evxx.exe is the ATI External Event Utility for your ATI display drivers. It manages the ATI Hotkey feature. This process can be removed to free up resources without compromising system performance. ati2evxx.exe is a process which provides optional features that the majority of us really do not use. The XT's overdrive feature uses this. If you have an XT you'll probably want to leave this on. This program is not required to start automatically as you can start it manually if you need it. It is advised that you disable this program so that it does not take up necessary resources. Many users have reported this process slows their boot time. It may be worthwhile to fix it with HijackThis.
To change the service to Manual.
  • Right-click on My Computer and choose Manage.
  • Expand the Services and Applications section and click on Services.
  • On the right-side of the screen, find the entry for Ati HotKey Poller and double-click on it.
  • Change the Startup Type: to Manual.
  • Hit the OK button and close the Computer Management screen.
Item(s) to fix in HijackThis:

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

mdnsresponder.exe (Bonjour for Windows Component) process can be removed to free up resources without compromising system performance. mdnsresponder.exe is a process associated with "Bonjour for Windows" software. It is used by ITunes for music sharing. This is a non-essential process. Disabling or enabling it is down to user preference. This program is not required to start automatically as you can start it manually if you need it. It is advised that you remove or disable this program so that it does not take up necessary resources. To remove Bonjour, use TurnOffBonjour.exe which will remove the Apple Bonjour Service from Windows computers. To change Startup Type: to Manual or Disable:
  • Right-click on My Computer and choose Manage.
  • Expand the Services and Applications section and click on Services.
  • On the right-side of the screen, find the entry for Bonjour and double-click on it.
  • Change the Startup Type: to Manual or Disable.
  • Hit the OK button and close the Computer Management screen.
Many users have reported this process slows their boot time. It may be worthwhile to fix it with HijackThis. Item(s) to fix in HijackThis:

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

IDriverT.exe (InstallDriver Table Manager) process can be removed to free up resources without compromising system performance. IDriverT.exe is a process which belongs to the InstallShield product installation service which should only appear when you are installing a new piece of software. This program is not required to start automatically as you can start it manually if you need it. To change to Manual:
  • Right-click on My Computer and choose Manage.
  • Expand the Services and Applications section and click on Services.
  • On the right-side of the screen, find the entry for InstallDriver Table Manager and double-click on it.
  • Change the Startup Type: to Manual.
  • Hit the OK button and close the Computer Management screen.
Many users have reported this process slows their boot time. It may be worthwhile to fix it with HijackThis. Item(s) to fix in HijackThis:

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

ipodservice.exe is a process belonging to Apple's iTunes peer-to-peer download tool. The ipodservice.exe process is a utility used to download mp3 files for your iPod. If you do not use it, or do not have an iPod, you can safely disable this process. This process can be removed to free up resources without compromising system performance. It is advised that you disable this program so that it does not take up necessary resources. To disable ipodservice, click Start > Settings > Control Panel > Performance and Maintenance > Administrative Tools > Services. Find the IpodService, Right-click and select Properties. Change the setting in StartUp type: to Disabled or click Start > Run. Type services.msc Find the IpodService, Right-click and select Properties. Change the setting in StartUp type to Disabled to disable the service. Item(s) to fix in HijackThis:

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

Close all browsers and other windows except for HijackThis, and click Fix Checked to have HijackThis fix the entries you checked.

Please post a new HijackThis log. Thanks.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#14 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:05:42 PM

Posted 01 May 2009 - 03:00 PM

Tips To Protect Your Computer
  • Avoid clicking on links in instant messages.
  • Avoid opening email attachments.
  • Avoid visiting every poker site on the net.
  • Avoid downloading all that free cute junk.
  • Avoid using the peer-to-peer file sharing.
  • Avoid getting those handy toolbar doodads for your browsers.
  • Malware is out there just waiting to pounce on your system if you only pass by where they are lurking which may be at some seemingly innocent web site. Be careful because some of the malware are so vicious that no one can possibly save you once you let them in.
  • Remember that new malware emerges every week of the year. Take responsibility for protecting your system because you are its first and best defense.
Tools Downloaded To Clean Your Computer

I may have asked you to install some tools. Whether or not you need to keep these programs must be decided by you. If you choose to uninstall them, follow these directions:
  • Click Start > Control Panel.
  • In Control Panel, double-click Add or Remove Programs.
  • In Add or Remove Programs, highlight the program, click Remove.
  • Close the Add or Remove Programs and the Control Panel windows.
Optional Tools:
  • Ad-Aware 2008 scans, detects, and removes spyware on your computer.
  • ATF-Cleaner cleans all user temp folders, Java cache, (which seems to be harboring more and more malware), the cache, cookies, history, download history, visited links and saved passwords. Scan weekly if you have high Internet use.
  • Trend Micro's HijackThis or random's System Information Tool (RSIT) may be uninstalled; however, if you should ever encounter another problem and seek help in this forum or others like it, you will need to download this application.
  • SUPERAntiSpyware scans, detects, and removes spyware on your computer.
  • Malwarebytes ' Anti-Malware scans, detects, and removes malware on your computer.
  • a-squared Free scans, detects, and removes trojans, worms, spyware on your computer.
  • Spybot S&D scans, detects, and removes malware on your computer.
If you have changed the default settings for files/folders, please restore the default settings for files/folders.
  • Go to My Computer.
  • Select the Tools menu and click Folder Options.
  • Click the View tab.
  • Under Advanced Settings, click the Restore Defaults button in the lower right corner.
  • Click Apply and then the OK and close My Computer.
Please take the time to read the "Steps To Keep Your Computer Clean And Secure" below.

STEPS TO KEEP YOUR COMPUTER CLEAN AND SECURE:

Please follow these simple steps in order to keep your computer clean and secure:
  • Disable and Enable System Restore. After cleaning, you will need to disable the System Restore function For Windows XP.
    Files placed in the System volume information folder are source files for the System Restore function that is available in Windows XP operating system. Files that were healed were moved in their original INFECTED state into this folder and it is necessary to DELETE them by following these steps:
    • Close all open programs. Then right-click My Computer on the Windows' desktop
    • Click on Properties.
    • Click on the System Restore tab.
    • Check Turn off System Restore on all drives.
    • Restart the system.
    • Enable System Restore by going through the first four steps again and uncheck the item mentioned in Step d.
    • You can find instructions on how to disable and enable system restore in the Windows XP System Restore Guide.
  • Make your Internet Explorer more secure: This can be done by following these simple instructions:
    • From within Internet Explorer click on the Tools menu and then click on Options.
    • Click once on the Security tab
    • Click once on the Internet icon so it becomes highlighted.
    • Click once on the Custom Level button.
      • Change the Download signed ActiveX controls to Prompt
      • Change the Download unsigned ActiveX controls to Disable
      • Change the Initialize and script ActiveX controls not marked as safe to Disable
      • Change the Installation of desktop items to Prompt
      • Change the Launching programs and files in an IFRAME to Prompt
      • Change the Navigate sub frames across different domains to Prompt
    • When all these settings have been made, click on the OK button.
    • If it asks you if you want to save the settings, press the Yes button.
    • Click Apply > OK button and then the OK to exit the Internet Properties page.
  • Use a Firewall: - I cannot stress how important it is that you use a Firewall on your computer.  Without a firewall your computer is susceptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly. For an article on Firewalls and a listing of some available ones see the link below:
    Computer Safety On line - Software Firewalls. For more information about firewalls, and why a two-way firewall is better than the Windows XP one-way firewall, please read Understanding and Using Firewalls.
  • Use An Antivirus Software and Keep It Updated: - It is very important that your computer has an antivirus software running on your machine.  This alone can save you a lot of trouble with malware in the future.  It is imperative that you update your antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software, then it will not be able to catch any of the new variants that may come out. For an article on antivirus programs and a listing of some available ones see the link below:
    Computer Safety On line - Anti-Virus
  • Visit Microsoft's Windows Update Site Frequently: It is important that you visit Microsoft Windows Update regularly. This will ensure your computer has the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
  • You should scan your computer with Spybot S&D on a regular basis just as you would an anti- virus software. A tutorial on installing & using this product can be found here:
    Using Spybot - Search & Destroy to remove Spyware from Your Computer
  • You should scan your computer with Ad-Aware 2007/2008 as well as Spybot S&D and your anti-virus program on a regular basis. A tutorial on installing & using this product can be found here:
    Ad-Aware 2008.
  • Update SpywareBlaster (at least weekly): SpywareBlaster will add a large list of programs and sites into your Internet Explorer and Firec settings that will protect you from running and downloading known malicious programs. An article on anti-malware products with links for this program and others can be found here:
    Computer Safety on line Anti Malware
  • Use the hosts file: Every version of windows has a hosts file as part of them. In a very basic sense, they are used to locate web pages. We can customize a hosts file so that it blocks certain web pages. However, it can slow down certain computers. This is why using a hosts file is optional. Download mvps hosts file Make sure you read the instructions on how to install the hosts file. There is a good tutorial HERE If you decide to download the hosts file, the slowdown problems can usually be avoided by following these steps:
    • Click the start button on the task bar at the bottom of your screen
    • Click run
    • In the dialog box, type services.msc
    • hit enter, then locate dns client
    • Highlight it, then doubleclick it.
    • On the dropdown box, change the setting from automatic to manual.
    • Click OK.
  • Use an alternative instant messenger program:.Trillian and Miranda IM These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)
  • Please read Tony Klein's excellent article: How I got Infected in the First Place
  • Please read Understanding Spyware, Browser Hijackers, and Dialers
  • Please read Simple and easy ways to keep your computer safe and secure on the Internet.
  • If you are using Internet Explorer, please consider using an alternate browser: Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built in popup blocker (as an added benefit!) that I have ever seen.
    Another good browser is Opera . Opera 9 comes loaded with the tools to keep you productive and safe. Try it today, it's absolutely free. Some of the Opera features are: Customization, BitTorrent, Content blocker, Add your favorite search engines, Thumbnail preview of tabs, Widgets, Transfer manager, Tabbed browsing, Password manager, Sessions (You can save a collection of open tabs as a session, for later retrieval, or start with the pages you had open when Opera was last closed.), Keyboard Shortcuts, Cookie control, a multitude of languages, Validate code, Toggle graphics and style sheets, and Special features such as Full-screen mode, Kiosk mode.
  • Update all these programs regularly: Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
  • If your computer was infected by a website, a program, IM, MSN, or p2p, check this site because it is Time To Fight Back.
Follow these steps and your potential for being infected again will reduce dramatically.
Good luck!

This subject is now closed. If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request. If you should have a new issue, please start a new topic. This applies only to the original topic starter. Everyone else please begin a New Topic.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users