Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hupigon, TDSS, Artemis


  • This topic is locked This topic is locked
17 replies to this topic

#1 cbalduc

cbalduc

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:08 AM

Posted 28 March 2009 - 12:17 AM

Hi i scan religiously but I am getting repeated attacks by these three pests so i suspect something is lodged in my system. Thanks for your help in advance!

Attached Files



BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:05:08 AM

Posted 29 March 2009 - 03:33 PM

Hello! :thumbup2:
My name is Sam and I will be helping you.

In order to see what's going on with your computer I may ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.



Please download ComboFix from one of these locations:

Link 1
Link 2
Link 3

Important!
You should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert.
It is intended by its creator to be used under the guidance and supervision of an Malware Removal Expert, not for private use.
Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.



Make sure that you save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 cbalduc

cbalduc
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:08 AM

Posted 30 March 2009 - 12:09 AM

Hi Sam thanks for looking over my combofix log! you are much appreciated!!!

ComboFix 09-03-29.02 - Christopher 2009-03-29 21:58:02.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2814.1860 [GMT -7:00]
Running from: c:\documents and settings\Christopher Spank\Desktop\ComboFix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated)
FW: McAfee Personal Firewall *enabled*
FW: ZoneAlarm Firewall *enabled*
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2009-02-28 to 2009-03-30 )))))))))))))))))))))))))))))))
.

2009-03-25 22:27 . 2009-03-25 22:27 <DIR> d-------- c:\program files\AskBarDis
2009-03-22 08:17 . 2009-03-22 08:17 <DIR> d-------- C:\f6740a80a019ca3a56d96e16874e34
2009-03-21 15:45 . 2008-10-10 04:52 2,036,576 --a------ c:\windows\system32\D3DCompiler_40.dll
2009-03-21 15:45 . 2008-10-10 04:52 452,440 --a------ c:\windows\system32\d3dx10_40.dll
2009-03-21 15:45 . 2008-10-27 10:04 235,856 --a------ c:\windows\system32\xactengine3_3.dll
2009-03-21 15:16 . 2008-07-29 12:33 446,464 --a------ c:\windows\system32\nvunrm.exe
2009-03-21 15:16 . 2008-07-29 12:30 6,045 --a------ c:\windows\system32\nvnrm.nvu
2009-03-21 15:16 . 2008-07-08 00:45 4,984 --a------ c:\windows\system32\drivers\nvphy.bin
2009-03-19 17:57 . 2009-03-19 17:57 <DIR> d-------- c:\program files\stinger
2009-03-18 09:58 . 2009-03-18 09:58 <DIR> d-------- C:\42aa6c0b554e14b043f81d
2009-03-17 19:04 . 2009-03-17 19:04 <DIR> d-------- c:\program files\TeaTimer (Spybot - Search & Destroy)
2009-03-17 18:50 . 2006-07-17 06:38 565,248 --a------ c:\windows\system32\snapapi32.dll
2009-03-16 15:13 . 2009-03-16 15:13 <DIR> d-------- c:\program files\Wago
2009-03-15 22:09 . 2009-03-15 22:09 <DIR> d-------- C:\833b750fe6047e153abc4371
2009-03-13 22:35 . 2009-03-13 22:35 <DIR> d-------- C:\8e1bd4e5fbb7d69a710d19a16da059
2009-03-11 21:29 . 2009-03-11 21:30 <DIR> d-------- C:\b275590110cb6ef40f932c
2009-03-10 21:13 . 2008-06-11 15:14 89,896 --a------ c:\windows\system32\drivers\btwsecfl.sys
2009-03-10 13:31 . 2009-03-10 13:31 0 --a------ c:\windows\SetPointInstall.ini
2009-03-09 13:10 . 2009-03-09 13:10 <DIR> d-------- C:\ac1bc67562fe4ebc54dd9d117e
2009-03-09 12:16 . 2009-03-09 12:22 <DIR> d-------- c:\windows\NV48644336.TMP
2009-03-08 16:52 . 2009-03-08 16:52 <DIR> d-------- c:\program files\kaspersky
2009-03-08 16:52 . 2009-03-29 22:00 173,588,512 --ahs---- c:\windows\system32\drivers\fidbox.dat
2009-03-08 16:52 . 2009-03-29 08:55 1,994,012 --ahs---- c:\windows\system32\drivers\fidbox.idx
2009-03-08 16:52 . 2008-07-08 13:54 148,496 --a------ c:\windows\system32\drivers\44668583.sys
2009-03-08 08:11 . 2009-03-08 08:11 <DIR> d-------- C:\308ee3d31e3796de56
2009-03-06 17:19 . 2009-03-13 14:53 <DIR> d-------- C:\convert
2009-03-06 15:50 . 2009-03-06 16:48 <DIR> d-------- c:\program files\DWG TrueView 2009
2009-03-06 15:43 . 2009-03-06 15:43 <DIR> d-------- C:\install
2009-03-01 19:54 . 2008-10-10 05:52 4,379,984 --a------ c:\windows\system32\D3DX9_40.dll
2009-03-01 19:54 . 2008-10-27 11:04 514,384 --a------ c:\windows\system32\XAudio2_3.dll
2009-03-01 19:54 . 2008-10-27 11:04 70,992 --a------ c:\windows\system32\XAPOFX1_2.dll
2009-03-01 19:54 . 2008-10-27 11:04 23,376 --a------ c:\windows\system32\X3DAudio1_5.dll
2009-02-28 09:31 . 2009-02-16 00:10 1,221,512 --a------ c:\windows\system32\zpeng25.dll
2009-02-27 08:18 . 2009-02-27 08:18 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-27 08:18 . 2009-02-27 08:18 <DIR> d-------- c:\documents and settings\Christopher Spank\Application Data\Malwarebytes
2009-02-27 08:18 . 2009-02-27 08:18 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-27 08:18 . 2009-02-11 11:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-27 08:18 . 2009-02-11 11:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-26 22:38 . 2009-02-26 22:38 <DIR> d-------- c:\program files\Common Files\Data Dynamics
2009-02-26 22:38 . 1999-11-18 14:43 882,432 --a------ c:\windows\system32\ssdw3bo.ocx
2009-02-26 22:38 . 2001-03-12 23:39 561,664 --a------ c:\windows\system32\Sfttreex.ocx
2009-02-26 22:38 . 1998-04-24 21:09 368,912 --a------ c:\windows\system32\vbar332.dll
2009-02-26 22:38 . 2000-05-22 01:00 166,600 --a------ c:\windows\system32\Msmask32.ocx
2009-02-26 22:38 . 1998-06-24 11:56 103,744 --a------ c:\windows\system32\Mscomm32.ocx
2009-02-26 22:38 . 1999-11-18 13:26 94,208 --a------ c:\windows\system32\ssr2c.dll
2009-02-26 22:38 . 2002-03-06 14:58 45,056 --a------ c:\windows\system32\msxml4a.dll
2009-02-26 22:38 . 2008-05-29 13:11 652 --a------ c:\windows\ex.006
2009-02-26 22:37 . 2009-03-24 14:21 <DIR> d-------- c:\program files\PV6
2009-02-24 08:42 . 2009-02-24 08:42 <DIR> d-------- c:\program files\ZoneAlarmSB
2009-02-24 08:40 . 2009-02-24 08:40 <DIR> d-------- c:\documents and settings\All Users\Application Data\MailFrontier
2009-02-24 08:40 . 2008-07-09 10:05 75,248 --a------ c:\windows\zllsputility.exe
2009-02-24 08:40 . 2004-04-27 05:40 11,264 --a------ c:\windows\system32\SpOrder.dll
2009-02-24 08:40 . 2009-03-25 22:27 4,212 --ah----- c:\windows\system32\zllictbl.dat
2009-02-24 08:39 . 2009-02-24 08:39 <DIR> d-------- c:\program files\Zone Labs
2009-02-23 22:09 . 2009-02-23 22:09 <DIR> d-------- c:\program files\AVG
2009-02-23 07:20 . 2009-02-23 07:20 <DIR> d-------- C:\693a6f1b461a99a7aa03
2009-02-22 14:10 . 2009-02-22 14:10 <DIR> d-------- C:\aaefede0c2967d8751b229
2009-02-20 07:31 . 2002-12-28 18:14 81,920 --a------ c:\windows\system32\Startup.cpl
2009-02-20 07:31 . 2003-01-03 20:36 77,824 --a------ c:\windows\system32\StartupCPL.exe
2009-02-18 14:44 . 2009-02-18 14:44 401,408 --a------ c:\windows\system32\nvcuvid.dll
2009-02-13 15:13 . 2009-03-10 19:46 <DIR> d-------- c:\documents and settings\All Users\Application Data\Viewpoint
2009-02-11 22:31 . 2009-02-11 22:31 <DIR> d-------- c:\documents and settings\All Users\Application Data\Electronic Arts
2009-02-11 12:32 . 2009-02-11 12:32 <DIR> d-------- c:\windows\SQLTools9_KB960089_ENU
2009-02-11 12:30 . 2009-02-11 12:30 <DIR> d-------- c:\windows\SQL9_KB960089_ENU
2009-02-07 01:28 . 2009-02-07 01:28 2 --a------ C:\71771419

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-29 14:34 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2009-03-28 05:00 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-03-28 03:34 --------- d-----w c:\documents and settings\Christopher Spank\Application Data\Bioshock
2009-03-28 03:22 --------- d-----w c:\program files\Steam
2009-03-27 19:16 --------- d-----w c:\documents and settings\Christopher Spank\Application Data\SolidWorks
2009-03-27 17:06 --------- d-----w c:\program files\SolidWorks
2009-03-26 05:27 2,942,976 ----a-w c:\windows\Internet Logs\xDB4.tmp
2009-03-25 13:12 --------- d-----w c:\program files\Electronic Arts
2009-03-24 21:21 --------- d-----w c:\program files\a-squared Free
2009-03-24 14:14 --------- d-----w c:\program files\McAfee
2009-03-21 22:21 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-21 22:20 --------- d-----w c:\program files\NVIDIA Corporation
2009-03-21 22:12 --------- d-----w c:\documents and settings\Christopher Spank\Application Data\uTorrent
2009-03-20 10:09 --------- d-----w c:\program files\PeerGuardian2
2009-03-12 00:23 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-03-11 02:19 588,800 ----a-w c:\windows\Internet Logs\xDB3.tmp
2009-03-09 20:07 2,803,200 ----a-w c:\windows\Internet Logs\xDB2.tmp
2009-03-09 19:18 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-03-09 02:43 413,696 ----a-w c:\windows\system32\wrap_oal.dll
2009-03-09 02:43 110,592 ----a-w c:\windows\system32\OpenAL32.dll
2009-03-08 23:50 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-03-08 23:50 --------- d-----w c:\program files\Fraps
2009-03-06 22:53 --------- d-----w c:\documents and settings\Christopher Spank\Application Data\Autodesk
2009-03-06 22:52 --------- d-----w c:\program files\Common Files\Autodesk Shared
2009-03-06 22:50 --------- d-----w c:\documents and settings\All Users\Application Data\Autodesk
2009-03-06 18:12 --------- d-----w c:\program files\AutoCAD 2009
2009-03-04 20:40 15,688 ----a-w c:\windows\system32\lsdelete.exe
2009-03-02 02:57 2,675,712 ----a-w c:\windows\Internet Logs\xDB1.tmp
2009-02-17 15:18 --------- d-----w c:\program files\a-squared HiJackFree
2009-02-11 19:32 --------- d-----w c:\program files\Microsoft SQL Server
2009-02-09 11:13 1,846,784 ----a-w c:\windows\system32\win32k.sys
2009-02-08 00:09 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-02-07 08:07 --------- d-----w c:\program files\AGEIA Technologies
2009-02-05 12:31 --------- d-----w c:\documents and settings\Christopher Spank\Application Data\DAEMON Tools Pro
2009-01-27 04:30 9,518 ----a-w c:\windows\system32\ealregsnapshot1.reg
2009-01-15 16:19 453,152 ----a-w c:\windows\system32\nvudisp.exe
2009-01-07 19:28 453,152 ----a-w c:\windows\system32\NVUNINST.EXE
2008-12-20 23:15 826,368 ----a-w c:\windows\system32\wininet.dll
2008-12-19 06:42 76,304 ----a-w c:\windows\KHALMNPR.Exe
2008-12-18 19:04 281,120 ----a-w c:\windows\system32\nvLsp.dll
2008-12-05 06:54 144,896 ----a-w c:\windows\system32\schannel.dll
2008-11-10 22:27 22,328 ----a-w c:\documents and settings\Christopher Spank\Application Data\PnkBstrK.sys
2007-03-20 15:27 108 --sha-r c:\windows\neoqaz2.dll
.

------- Sigcheck -------

2006-04-20 04:51 359808 1dbf125862891817f374f407626967f4 c:\windows\$hf_mig$\KB917953\SP2GDR\tcpip.sys
2006-04-20 05:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
2008-06-20 04:59 361600 ad978a1b783b5719720cff204b666c8e c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
2006-04-20 04:38 340480 b8158e2a6112c0a5ca67bc158fc70218 c:\windows\$NtServicePackUninstall$\tcpip.sys
2008-04-14 00:50 361344 93ea8d04ec73a85db02eb8805988f733 c:\windows\ServicePackFiles\i386\tcpip.sys
2007-10-30 10:20 360064 90caff4b094573449a0872a0f919b178 c:\windows\SoftwareDistribution\Download\146ae5e7b51a37f45e0e5cf03d0d5e3c\sp2gdr\tcpip.sys
2007-10-30 09:53 360832 64798ecfa43d78c7178375fcdd16d8c8 c:\windows\SoftwareDistribution\Download\146ae5e7b51a37f45e0e5cf03d0d5e3c\sp2qfe\tcpip.sys
2008-06-20 04:51 361600 9aefa14bd6b182d61e3119fa5f436d3d c:\windows\system32\dllcache\tcpip.sys
2008-06-20 04:51 361600 cd00787894008369f56153b91fc28847 c:\windows\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-10-16 18:22 333192 --a------ c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-10-16 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-07-03 81920]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 102400]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
"Core Temp"="c:\program files\core temp\Core Temp.exe" [2009-01-23 319504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-01-08 645328]
"McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2009-01-09 1176808]
"Reclusa"="c:\program files\Razer\Reclusa\razerhid.exe" [2007-06-18 167936]
"CTSysVol"="c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-10-31 57344]
"ProfilerU"="c:\program files\Saitek\SD6\Software\ProfilerU.exe" [2007-10-02 233472]
"SaiMfd"="c:\program files\Saitek\SD6\Software\SaiMfd.exe" [2007-10-02 131072]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"DT GWY"="c:\program files\Common Files\Portrait Displays\Shared\DT_startup.exe" [2007-10-09 81920]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2009-02-27 38768]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2009-02-27 640376]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-02-18 13680640]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-03-04 515416]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-02-18 86016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-02-16 981384]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-12-18 c:\windows\KHALMNPR.Exe]
"P17Helper"="P17.dll" [2005-05-03 c:\windows\system32\P17.dll]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-12-18 c:\windows\KHALMNPR.Exe]
"nwiz"="nwiz.exe" [2009-02-18 c:\windows\system32\nwiz.exe]

c:\documents and settings\Christopher Spank\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440]
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2008-09-08 3581680]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
2008-07-13 10:39 210168 c:\program files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0autocheck sprestrt\0autocheck sprestrt\0autocheck lsdelete\0autocheck lsdelete\0autocheck lsdelete\0autocheck lsdelete\0autocheck lsdelete\0autocheck lsdelete\0autocheck lsdelete\0autocheck lsdelete\0autocheck lsdelete\0autocheck lsdelete\0autocheck lsdelete\0autocheck lsdelete\0autocheck lsdelete\0autocheck lsdelete\0autocheck lsdelete\0autocheck lsdelete\0autocheck lsdelete\0autocheck lsdelete\0autocheck lsdelete\0autocheck lsdelete\0autocheck lsdelete\0autocheck lsdelete\0autocheck lsdelete\0autocheck lsdelete\0autocheck lsdelete\0lsdelete

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, snapapi32.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\THQ\\Gas Powered Games\\Supreme Commander\\bin\\SupremeCommander.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2main.exe"=
"c:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2main_amdxp.exe"=
"c:\\Program Files\\Atari\\Neverwinter Nights 2\\nwupdate.exe"=
"c:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2server.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Mass Effect\\Binaries\\MassEffect.exe"=
"c:\\Program Files\\Mass Effect\\MassEffectLauncher.exe"=
"c:\\Program Files\\THQ\\Titan Quest\\Titan Quest.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Autodesk\\3ds Max 9\\3dsmax.exe"=
"c:\\Program Files\\Ubisoft\\Prince of Persia\\Prince of Persia.exe"=
"c:\\Program Files\\Ubisoft\\Prince of Persia\\PrinceOfPersia_Launcher.exe"=
"c:\\Program Files\\Vsk5\\Vsk5.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\manager.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\monitor.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\server.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Editor.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FarCry2.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Launcher.exe"=
"c:\\Program Files\\Stardock Games\\Sins of a Solar Empire\\Sins of a Solar Empire.exe"=
"c:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic.exe"=
"c:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic_ds.exe"=
"c:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic_online.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\bioshock\\Builds\\Release\\Bioshock.exe"=
"c:\\WINDOWS\\system32\\svchost.exe"=
"c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=
"c:\\WINDOWS\\System32\\wbem\\wmiprvse.exe"=
"c:\\WINDOWS\\system32\\nvsvc32.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
"4719:TCP"= 4719:TCP:4719

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-01-21 64160]
R1 is-E3DMJdrv;is-E3DMJdrv;c:\windows\system32\drivers\44668583.sys [2009-03-08 148496]
R2 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe [2009-03-25 464264]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2008-09-04 206096]
R3 ALSysIO;ALSysIO;\??\c:\docume~1\CHRIST~1\LOCALS~1\Temp\ALSysIO.sys --> c:\docume~1\CHRIST~1\LOCALS~1\Temp\ALSysIO.sys [?]
R3 RecFltr;Reclusa Keyboard;c:\windows\system32\drivers\RecFltr.sys [2008-07-14 41984]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 951632]
S3 p17filt;p17filt;c:\windows\system32\drivers\p17filt.sys [2006-03-20 1452032]
S3 SaiH80C0;SaiH80C0;c:\windows\system32\drivers\SaiH80C0.sys [2007-09-25 132232]
.
Contents of the 'Scheduled Tasks' folder

2009-03-29 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-28 08:58]

2008-07-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-01-09 10:53]

2008-09-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-01-09 10:53]

2009-03-24 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2008-12-26 19:41]

2009-02-05 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2008-12-26 19:41]

2009-03-23 c:\windows\Tasks\SyncBack as solutions.job
- c:\program files\2BrightSparks\SyncBack\SyncBack.exe [2008-08-12 13:00]

2009-03-23 c:\windows\Tasks\SyncBack auto solutions.job
- c:\program files\2BrightSparks\SyncBack\SyncBack.exe [2008-08-12 13:00]

2009-03-23 c:\windows\Tasks\SyncBack automation solutions.job
- c:\program files\2BrightSparks\SyncBack\SyncBack.exe [2008-08-12 13:00]
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
Notify-LBTWlgn - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: %SYSTEMROOT%\system32\nvLsp.dll
Trusted Zone: internet
Trusted Zone: mcafee.com
FF - ProfilePath - c:\documents and settings\Christopher Spank\Application Data\Mozilla\Firefox\Profiles\9xq1bza8.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.cnn.com/
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPZoneSB.dll
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
VBEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-29 22:00:29
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1177238915-2147126749-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:57,bd,58,1a,2e,78,87,98,38,9d,cb,72,3b,75,33,98,88,f2,db,da,0a,18,57,
71,d2,7a,44,11,86,9b,6e,99,9c,65,3f,54,a3,15,95,c2,8c,ba,a9,ff,83,87,66,5d,\
"??"=hex:82,16,10,b0,1a,28,8b,6c,99,d5,4e,07,5b,10,4e,32

[HKEY_USERS\S-1-5-21-1177238915-2147126749-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:ce,e8,0b,78,aa,c8,04,aa,d5,98,0d,5d,06,14,2b,93,6b,c8,34,19,3c,
fe,75,6b,98,23,56,e4,cd,c3,65,81,11,e0,0e,92,a4,85,35,99,c3,a2,d5,ba,41,be,\
"rkeysecu"=hex:3a,0d,e4,dc,2b,8d,a8,04,9b,c1,bd,f0,96,d6,ac,d6
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(772)
c:\program files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll

- - - - - - - > 'lsass.exe'(828)
c:\windows\system32\nvLsp.dll
.
Completion time: 2009-03-29 22:03:17
ComboFix-quarantined-files.txt 2009-03-30 05:03:13
ComboFix2.txt 2009-02-08 08:07:53

Pre-Run: 116,610,801,664 bytes free
Post-Run: 116,625,596,416 bytes free

Current=8 Default=8 Failed=5 LastKnownGood=7 Sets=1,2,3,4,5,6,7,8
329 --- E O F --- 2009-03-29 14:40:53

Attached Files


Edited by Buckeye_Sam, 30 March 2009 - 12:07 PM.


#4 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:05:08 AM

Posted 30 March 2009 - 12:16 PM

What indication are you getting that you are infected?

Please visit the online Jotti Virus Scanner
  • Click on Browse button.
  • Navigate to the following file and upload it.


    c:\windows\neoqaz2.dll


  • Click on the Posted Image button.
    The scanner will check the file with various AV companies.
  • Copy and paste the results box into a reply to this thread.

If Jotti's too busy, try here:
Go here: http://www.virustotal.com/en/virustotalf.html


Also scan this file:

c:\windows\system32\snapapi32.dll

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#5 cbalduc

cbalduc
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:08 AM

Posted 30 March 2009 - 12:46 PM

Hi Sam,
This morning I booted up and was for 2nd time bombarded by vundo.gen infections the Mcafee caught. Scan with Spybot revealed smitfraud, Deepdive, virtumonde, fraud.xpantivirus and more. Mcafee also caught several instances of generic trojan. I was able to clean out several more trojans, but these attacks are recurring.

I cannot locate c:\windows\neoqaz2.dll maybe one of my scans caught it.

results for snapapi32.dll:

jotti scan taken on 30 Mar 2009 17:39:56 (GMT)
A-Squared
Found nothing
AntiVir
Found nothing
ArcaVir
Found nothing
Avast
Found nothing
AVG Antivirus
Found nothing
BitDefender
Found nothing
ClamAV
Found nothing
CPsecure
Found nothing
Dr.Web
Found nothing
F-Prot Antivirus
Found nothing
F-Secure Anti-Virus
Found nothing
Ikarus
Found nothing
Kaspersky Anti-Virus
Found nothing
NOD32
Found nothing
Norman Virus Control
Found nothing
Panda Antivirus
Found nothing
Quick Heal
Found nothing
Sophos Antivirus
Found nothing
VirusBuster
Found nothing
VBA32
Found nothing

Chris

#6 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:05:08 AM

Posted 30 March 2009 - 05:20 PM

Hmmm...I'm just not seeing any sign of an active Vundo infection in your log.
Can you post specific info as to what is being detected?

I'm wondering if each program is detecting what is in the other's quarantine. Or possibly in system restore files.
Are you getting popups with your browser?
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#7 cbalduc

cbalduc
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:08 AM

Posted 30 March 2009 - 09:32 PM

i can't print out the mcafee detection log but the real time scan this morning found about 14 instances of generic downloader.x, in varoius places including my scanner folders.

12 instances of vundo.gen.t , generic PWS.y, Registry: c:\windows\system32\IjJDTKBU.dll Process: winlogon.exe

about 45 instances of Generic.dx were removed from registry: c:\program files\altcmd\altcmd32.dll process:c\windows\explorer.exe

Artemis was found in IBFS32.dll in the windows directory.

Teatimer is catching changes to my browser, one that got through was an ASK toolbar. no popups.


from a recent malwarebytes scan:


Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\altcompare (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\cs41275 (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\system32\acaptuser32.dll (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SecurityProviders (Trojan.Agent) -> Data: digest32.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\windows\system32\drivers\services.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: system32\drivers\services.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\drivers\services.exe) Good: (userinit.exe) -> Quarantined and deleted successfully.

Folders Infected:
C:\WINDOWS\system32\append.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xlib254.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\altcmd (Trojan.Agent) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\Christopher Spank\Local Settings\temp\tmp0000e5eb (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{21A4A947-6CAF-442F-B3A8-C9F8C9C8B2AF}\RP432\A0099296.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{21A4A947-6CAF-442F-B3A8-C9F8C9C8B2AF}\RP432\A0099308.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{21A4A947-6CAF-442F-B3A8-C9F8C9C8B2AF}\RP432\A0099314.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\altcmd\altcmd.inf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\altcmd\uninstall.bat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Christopher Spank\Start Menu\Programs\Startup\userinit.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\acaptuser32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\digest32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\IEXPLORE.EXE (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Christopher Spank\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\services.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rqRKEWMd.dll (Trojan.Vundo) -> Delete on reboot.

I think i use too many scanners, but they don't seem to help! Which scanners would you recommend i use all the time?

Thanks, Chris

#8 cbalduc

cbalduc
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:08 AM

Posted 31 March 2009 - 09:23 AM

This is last night's A squared log:

a-squared Free - Version 4.0
Last update: 3/30/2009 10:19:59 PM

Scan settings:

Objects: Memory, Traces, Cookies, C:\
Scan archives: On
Heuristics: Off
ADS Scan: On

Scan start: 3/30/2009 10:20:23 PM

Key: HKEY_USERS\S-1-5-21-1177238915-2147126749-839522115-1003\software\kazaa detected: Trace.Registry.KaZaA!A2
C:\Documents and Settings\Christopher Spank\Application Data\Mozilla\Firefox\Profiles\9xq1bza8.default\cookies.sqlite:1237921634890631 detected: Trace.TrackingCookie.com!A2
C:\Documents and Settings\Christopher Spank\Application Data\Mozilla\Firefox\Profiles\9xq1bza8.default\cookies.sqlite:1237943798984375 detected: Trace.TrackingCookie.preferences!A2
C:\Documents and Settings\Christopher Spank\Application Data\Mozilla\Firefox\Profiles\9xq1bza8.default\cookies.sqlite:1238023328984375 detected: Trace.TrackingCookie.webtrends!A2
C:\Documents and Settings\Christopher Spank\Application Data\Mozilla\Firefox\Profiles\9xq1bza8.default\cookies.sqlite:1238092050031250 detected: Trace.TrackingCookie.webtrends!A2
C:\Documents and Settings\Christopher Spank\Local Settings\Application Data\Mozilla\Firefox\Profiles\9xq1bza8.default\Cache\C9C2BD41d01/WMP11Integrator.exe detected: Trojan-Downloader.Win32.Banload!IK
C:\Documents and Settings\Christopher Spank\Local Settings\Temporary Internet Files\Content.IE5\QXYT6MZD\form[1] detected: Trojan.Win32.Vundo!IK
C:\WINDOWS\Fonts\vga127.fon detected: Trojan-Dropper.Win32.Cefyns.A!IK

Scanned

Files: 440345
Traces: 624765
Cookies: 1530
Processes: 59

Found

Files: 3
Traces: 1
Cookies: 4
Processes: 0
Registry keys: 0

Scan end: 3/31/2009 1:45:21 AM
Scan time: 3:24:58

C:\WINDOWS\Fonts\vga127.fon Deleted Trojan-Dropper.Win32.Cefyns.A!IK
C:\Documents and Settings\Christopher Spank\Local Settings\Temporary Internet Files\Content.IE5\QXYT6MZD\form[1] Deleted Trojan.Win32.Vundo!IK
C:\Documents and Settings\Christopher Spank\Local Settings\Application Data\Mozilla\Firefox\Profiles\9xq1bza8.default\Cache\C9C2BD41d01/WMP11Integrator.exe Deleted Trojan-Downloader.Win32.Banload!IK
C:\Documents and Settings\Christopher Spank\Application Data\Mozilla\Firefox\Profiles\9xq1bza8.default\cookies.sqlite:1238023328984375 Deleted Trace.TrackingCookie.webtrends!A2
C:\Documents and Settings\Christopher Spank\Application Data\Mozilla\Firefox\Profiles\9xq1bza8.default\cookies.sqlite:1238092050031250 Deleted Trace.TrackingCookie.webtrends!A2
C:\Documents and Settings\Christopher Spank\Application Data\Mozilla\Firefox\Profiles\9xq1bza8.default\cookies.sqlite:1237943798984375 Deleted Trace.TrackingCookie.preferences!A2
C:\Documents and Settings\Christopher Spank\Application Data\Mozilla\Firefox\Profiles\9xq1bza8.default\cookies.sqlite:1237921634890631 Deleted Trace.TrackingCookie.com!A2
Key: HKEY_USERS\S-1-5-21-1177238915-2147126749-839522115-1003\software\kazaa Deleted Trace.Registry.KaZaA!A2

Deleted

Files: 3
Traces: 1
Cookies: 4






This is yesterdays Malwarebite's log:


Malwarebytes' Anti-Malware 1.35
Database version: 1922
Windows 5.1.2600 Service Pack 3

3/30/2009 9:25:31 PM
mbam-log-2009-03-30 (21-25-31).txt

Scan type: Full Scan (C:\|G:\|)
Objects scanned: 312890
Time elapsed: 1 hour(s), 50 minute(s), 7 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 9

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\cs41275 (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SecurityProviders (Trojan.Agent) -> Data: digest32.dll -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Christopher Spank\Local Settings\temp\tmp00018e7f (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{21A4A947-6CAF-442F-B3A8-C9F8C9C8B2AF}\RP442\A0101628.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{21A4A947-6CAF-442F-B3A8-C9F8C9C8B2AF}\RP442\A0101641.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{21A4A947-6CAF-442F-B3A8-C9F8C9C8B2AF}\RP442\A0101653.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{21A4A947-6CAF-442F-B3A8-C9F8C9C8B2AF}\RP442\A0101643.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{21A4A947-6CAF-442F-B3A8-C9F8C9C8B2AF}\RP442\A0101661.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\digest32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\IEXPLORE.EXE (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nnnoLDVL.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

#9 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:05:08 AM

Posted 31 March 2009 - 02:04 PM

It's hard for me to figure out what's going on when you have so many different programs that are running and removing what's there. Keep Mcafee up and running for antivirus protection, but please refrain from running any other scans other than the ones I ask you to run. It's the only I'll be able to see what's working and what's not.

We need to create an OTListIt2 Report
  • Please download OTListIt2 from here
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the "Run Scan" button.
  • The scan should take just a few minutes.
  • Copy the log that opens up and paste it back here in your next reply.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#10 cbalduc

cbalduc
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:08 AM

Posted 31 March 2009 - 02:18 PM

:thumbup2: Sorry, I tend to get obsessed about cleaning this crap out...



OTListIt logfile created on: 3/31/2009 12:15:45 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.7.2 Folder = C:\Documents and Settings\Christopher Spank\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.30 Gb Available Physical Memory | 65.22% Memory free
4.00 Gb Paging File | 3.12 Gb Available in Paging File | 78.03% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 279.46 Gb Total Space | 107.33 Gb Free Space | 38.41% Space Free | Partition Type: NTFS
Drive D: | 7.00 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 1.89 Gb Total Space | 0.97 Gb Free Space | 51.15% Space Free | Partition Type: FAT
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BALDUC
Current User Name: Christopher
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - [2009/02/16 00:10:22 | 02,402,184 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe
PRC - [2008/09/05 23:29:58 | 00,917,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\WgaTray.exe
PRC - [2009/03/01 17:20:35 | 00,425,080 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\a-squared Free\a2service.exe
PRC - [2008/04/14 05:42:20 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2008/10/16 18:22:20 | 00,464,264 | ---- | M] () -- C:\Program Files\AskBarDis\bar\bin\AskService.exe
PRC - [2007/02/13 13:28:14 | 00,032,768 | ---- | M] (Autodesk) -- C:\Program Files\Autodesk\Data Management Server 2008\Server\Dispatch\Connectivity.WindowsService.JobDispatch.exe
PRC - [2007/10/04 20:57:12 | 00,085,096 | ---- | M] (Autodesk) -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
PRC - [1999/12/13 01:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTsvcCDA.exe
PRC - [2007/10/17 10:04:12 | 01,094,936 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
PRC - [2007/10/09 17:46:04 | 00,065,536 | ---- | M] () -- C:\Program Files\Common Files\Portrait Displays\Shared\dtsrvc.exe
PRC - [2008/04/14 05:42:24 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe
PRC - [2008/12/05 16:51:06 | 00,206,096 | ---- | M] () -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2009/01/08 20:30:26 | 00,797,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
PRC - [2009/01/09 11:31:16 | 02,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2009/01/08 20:30:26 | 00,645,328 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2009/01/09 14:41:12 | 01,176,808 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MHN\McENUI.exe
PRC - [2007/06/18 17:14:16 | 00,167,936 | ---- | M] (Razer USA Ltd.) -- C:\Program Files\Razer\Reclusa\razerhid.exe
PRC - [2005/10/31 11:51:52 | 00,057,344 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
PRC - [2007/10/02 10:10:14 | 00,233,472 | ---- | M] (Saitek) -- C:\Program Files\Saitek\SD6\Software\ProfilerU.exe
PRC - [2007/10/02 10:10:46 | 00,131,072 | ---- | M] (Saitek) -- C:\Program Files\Saitek\SD6\Software\SaiMfd.exe
PRC - [2007/08/24 07:00:48 | 00,033,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
PRC - [2009/01/09 08:06:52 | 00,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2009/02/27 12:14:26 | 00,640,376 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
PRC - [2009/01/16 20:03:48 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe
PRC - [2009/02/16 00:10:22 | 00,981,384 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2009/01/09 13:05:38 | 05,134,864 | ---- | M] (McAfee) -- C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
PRC - [2004/12/02 18:23:34 | 00,102,400 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
PRC - [2008/09/16 13:16:08 | 01,833,296 | RHS- | M] (Safer Networking Limited) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/09 13:48:02 | 00,884,360 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MPFSrv.exe
PRC - [2009/01/23 13:21:02 | 00,319,504 | ---- | M] () -- C:\Program Files\core temp\Core Temp.exe
PRC - [2009/01/09 09:22:10 | 00,026,640 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSK\MskSrver.exe
PRC - [2007/10/09 17:45:20 | 00,110,592 | ---- | M] (Portrait Displays Inc.) -- C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe
PRC - [2008/12/18 05:25:12 | 29,181,272 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
PRC - [2009/02/18 14:44:00 | 00,163,908 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
PRC - [2006/11/02 21:40:12 | 00,174,656 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe
PRC - [2007/01/23 20:15:02 | 00,217,088 | ---- | M] () -- C:\Program Files\Razer\Reclusa\razertra.exe
PRC - [2007/02/10 05:29:48 | 00,242,544 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
PRC - [2008/11/24 22:31:12 | 00,087,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2008/09/08 12:46:20 | 03,581,680 | ---- | M] (Stardock) -- C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
PRC - [2008/12/18 12:05:40 | 00,457,248 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
PRC - [2008/12/18 12:05:40 | 00,191,008 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
PRC - [2009/01/16 19:28:08 | 00,606,736 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe
PRC - [2009/03/28 08:38:41 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\program files\mozilla firefox\firefox.exe
PRC - [2008/05/21 04:37:24 | 12,844,576 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
PRC - [2008/02/10 00:09:07 | 10,150,040 | ---- | M] (Autodesk, Inc.) -- C:\Program Files\AutoCAD 2009\acad.exe
PRC - [2009/03/31 08:31:23 | 00,059,964 | ---- | M] (Macrovision Europe Ltd.) -- C:\Documents and Settings\Christopher Spank\Local Settings\temp\AdskCleanup.0001
PRC - [2008/02/10 00:29:20 | 00,167,576 | ---- | M] (Autodesk, Inc.) -- C:\Program Files\Common Files\Autodesk Shared\WSCommCntr1.exe
PRC - [2006/10/20 21:21:24 | 00,036,864 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
PRC - [2008/06/23 10:02:28 | 00,601,088 | ---- | M] (ZabKat) -- C:\Program Files\zabkat\xplorer2_lite\xplorer2_lite.exe
PRC - [2008/11/20 23:50:18 | 00,651,720 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2009/02/27 16:54:16 | 00,353,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat.exe
PRC - [2009/03/31 12:14:31 | 00,499,200 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Christopher Spank\Desktop\OTListIt2.exe

========== Win32 Services (SafeList) ==========

SRV - [2009/03/01 17:20:35 | 00,425,080 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\a-squared Free\a2service.exe -- (a2free [Auto | Running])
SRV - [2008/10/16 18:22:20 | 00,464,264 | ---- | M] () -- C:\Program Files\AskBarDis\bar\bin\AskService.exe -- (ASKService [Auto | Running])
SRV - [2007/04/13 03:20:52 | 00,033,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2007/02/13 13:28:14 | 00,032,768 | ---- | M] (Autodesk) -- C:\Program Files\Autodesk\Data Management Server 2008\Server\Dispatch\Connectivity.WindowsService.JobDispatch.exe -- (Autodesk Data Management Job Dispatch [Auto | Running])
SRV - File not found -- -- (Autodesk EDM Server [Auto | Stopped])
SRV - [2007/10/04 20:57:12 | 00,085,096 | ---- | M] (Autodesk) -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service [Auto | Running])
SRV - [2007/04/13 03:21:18 | 00,068,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [1999/12/13 01:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTsvcCDA.exe -- (Creative Service for CDROM Access [Auto | Running])
SRV - [2007/10/17 10:04:12 | 01,094,936 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper [Auto | Running])
SRV - [2007/10/09 17:46:04 | 00,065,536 | ---- | M] () -- C:\Program Files\Common Files\Portrait Displays\Shared\dtsrvc.exe -- (DTSRVC [Auto | Running])
SRV - [2008/11/20 23:50:18 | 00,651,720 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Running])
SRV - [2006/10/20 21:21:24 | 00,036,864 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Running])
SRV - [2008/12/18 12:05:40 | 00,457,248 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM) [Auto | Running])
SRV - [2009/03/28 08:58:12 | 00,183,280 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [Auto | Stopped])
SRV - [2004/10/22 04:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2006/10/30 03:33:58 | 00,741,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2008/04/14 05:42:24 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN [Auto | Running])
SRV - File not found -- -- (IOLO_SRV [Auto | Stopped])
SRV - [2009/03/09 12:41:37 | 00,951,632 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service [On_Demand | Stopped])
SRV - File not found -- -- (LBTServ [On_Demand | Stopped])
SRV - [2009/01/09 13:05:26 | 00,068,112 | ---- | M] (McAfee) -- C:\Program Files\McAfee\MBK\MBackMonitor.exe -- (MBackMonitor [On_Demand | Stopped])
SRV - [2008/12/05 16:51:06 | 00,206,096 | ---- | M] () -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service [Auto | Running])
SRV - [2009/01/08 20:30:26 | 00,797,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc [Auto | Running])
SRV - [2009/01/09 11:31:16 | 02,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc [Auto | Running])
SRV - [2009/01/17 07:33:02 | 00,365,072 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS [On_Demand | Stopped])
SRV - [2009/01/09 08:06:52 | 00,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy [Auto | Running])
SRV - [2009/01/16 20:03:48 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield [Unknown | Running])
SRV - [2009/01/16 19:28:08 | 00,606,736 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon [On_Demand | Running])
SRV - File not found -- -- (mi-raysat_3dsmax9_32 [Auto | Stopped])
SRV - [2007/08/24 06:59:20 | 00,068,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service [On_Demand | Stopped])
SRV - [2009/01/09 13:48:02 | 00,884,360 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService [Auto | Running])
SRV - [2009/01/09 09:22:10 | 00,026,640 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSK\MskSrver.exe -- (MSK80Service [Auto | Running])
SRV - [2008/12/18 05:25:12 | 29,181,272 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$AUTODESKVAULT [Auto | Running])
SRV - [2007/02/13 11:38:13 | 00,045,272 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper [Disabled | Stopped])
SRV - [2006/10/30 03:34:02 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2008/12/18 12:05:40 | 00,191,008 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe -- (nSvcIp [Auto | Running])
SRV - [2007/07/03 13:32:16 | 00,131,072 | ---- | M] (NVIDIA) -- C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe -- (nTuneService [Disabled | Stopped])
SRV - [2009/02/18 14:44:00 | 00,163,908 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Auto | Running])
SRV - [2007/08/24 03:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
SRV - [2006/10/26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2006/11/02 21:40:12 | 00,174,656 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe -- (ProtexisLicensing [Auto | Running])
SRV - File not found -- -- (RoxLiveShare9 [Auto | Stopped])
SRV - [2008/04/14 05:42:24 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (SMTPSVC [Auto | Running])
SRV - [2008/09/29 11:44:07 | 00,079,360 | ---- | M] (SolidWorks) -- C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe -- (SolidWorks Licensing Service [On_Demand | Stopped])
SRV - [2007/02/10 05:29:48 | 00,242,544 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser [Auto | Running])
SRV - [2008/11/24 22:31:12 | 00,087,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter [Auto | Running])
SRV - [2005/01/28 14:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfmgr.exe -- (UMWdf [On_Demand | Stopped])
SRV - [2009/02/16 00:10:22 | 02,402,184 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- (vsmon [Auto | Running])
SRV - [2008/04/14 05:42:24 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (W3SVC [Auto | Running])
SRV - [2007/10/25 15:27:54 | 00,266,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2008/09/27 22:30:13 | 00,279,712 | ---- | M] () -- C:\WINDOWS\system32\DRIVERS\atksgt.sys -- (atksgt [Auto | Running])
DRV - [2006/11/30 16:53:48 | 00,610,816 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\DRIVERS\bcmwl5.sys -- (BCM43XX [On_Demand | Stopped])
DRV - [2005/01/10 03:15:24 | 00,138,752 | R--- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys -- (ctsfm2k [On_Demand | Running])
DRV - [1996/04/03 12:33:26 | 00,005,248 | ---- | M] () -- C:\WINDOWS\system32\giveio.sys -- (giveio [Boot | Running])
DRV - [2008/04/13 22:06:06 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])
DRV - [2008/07/08 13:54:02 | 00,148,496 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\system32\DRIVERS\44668583.sys -- (is-E3DMJdrv [System | Running])
DRV - [2007/01/23 15:44:00 | 00,020,496 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys -- (L8042Kbd [On_Demand | Stopped])
DRV - [2007/01/23 15:44:00 | 00,062,992 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\DRIVERS\L8042mou.Sys -- (L8042mou [On_Demand | Stopped])
DRV - [2009/01/21 13:40:28 | 00,064,160 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd [Boot | Running])
DRV - [2008/12/18 23:43:40 | 00,035,472 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys -- (LHidFilt [On_Demand | Running])
DRV - [2008/09/27 22:30:12 | 00,025,888 | ---- | M] () -- C:\WINDOWS\system32\DRIVERS\lirsgt.sys -- (lirsgt [Auto | Running])
DRV - [2008/12/18 23:43:48 | 00,037,392 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys -- (LMouFilt [On_Demand | Running])
DRV - [2007/01/23 15:45:00 | 00,078,864 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\DRIVERS\LMouKE.Sys -- (LMouKE [On_Demand | Stopped])
DRV - [2009/01/09 12:03:40 | 00,079,304 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk [On_Demand | Running])
DRV - [2009/01/09 12:03:40 | 00,035,272 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk [On_Demand | Running])
DRV - [2009/01/09 12:03:40 | 00,213,640 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk [System | Running])
DRV - [2009/01/09 12:03:06 | 00,034,216 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk [On_Demand | Stopped])
DRV - [2009/01/09 12:03:40 | 00,040,552 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk [On_Demand | Running])
DRV - [2008/10/23 13:08:54 | 00,120,136 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\Drivers\Mpfp.sys -- (MPFP [System | Running])
DRV - [2009/02/18 14:44:00 | 06,308,224 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running])
DRV - [2008/08/01 10:36:20 | 00,054,784 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\NVENETFD.sys -- (NVENETFD [On_Demand | Running])
DRV - [2008/11/12 16:58:38 | 00,145,952 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nvgts.sys -- (nvgts [Boot | Running])
DRV - [2008/08/01 10:36:26 | 00,022,016 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nvnetbus.sys -- (nvnetbus [On_Demand | Running])
DRV - [2007/07/03 13:33:04 | 00,006,912 | ---- | M] (NVidia Corp.) -- C:\WINDOWS\nvoclock.sys -- (NVR0Dev [On_Demand | Stopped])
DRV - [2005/01/10 03:15:30 | 00,106,496 | R--- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\DRIVERS\ctoss2k.sys -- (ossrv [On_Demand | Running])
DRV - [2005/07/07 01:14:30 | 01,389,056 | R--- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\P17.sys -- (P17 [On_Demand | Running])
DRV - [2006/03/20 18:34:56 | 01,452,032 | ---- | M] (Sensaura) -- C:\WINDOWS\system32\drivers\p17filt.sys -- (p17filt [On_Demand | Stopped])
DRV - [2007/08/07 00:39:20 | 00,011,776 | ---- | M] (Portrait Displays, Inc.) -- C:\WINDOWS\System32\DRIVERS\pdiddcci.sys -- (pdiddcci [On_Demand | Stopped])
DRV - [2006/11/16 17:20:48 | 00,015,920 | ---- | M] (Portrait Displays, Inc.) -- C:\WINDOWS\System32\Drivers\PdiPorts.sys -- (PdiPorts [On_Demand | Running])
DRV - [2007/02/09 12:17:18 | 00,017,465 | ---- | M] (Portrait Displays, Inc.) -- C:\WINDOWS\System32\drivers\pivot.sys -- (Pivot [System | Stopped])
DRV - [2007/02/09 12:17:16 | 00,011,323 | ---- | M] (Portrait Displays, Inc.) -- C:\WINDOWS\System32\drivers\pivotmou.sys -- (pivotmou [On_Demand | Stopped])
DRV - [2002/09/16 17:14:32 | 00,004,228 | ---- | M] (PowerQuest Corporation) -- C:\WINDOWS\System32\drivers\PQNTDRV.sys -- (PQNTDrv [System | Running])
DRV - [2001/08/23 05:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2007/03/06 03:00:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2007/01/18 09:21:38 | 00,041,984 | ---- | M] () -- C:\WINDOWS\System32\Drivers\RecFltr.sys -- (RecFltr [On_Demand | Running])
DRV - [2006/11/07 18:02:04 | 00,022,272 | ---- | M] (Research In Motion Limited) -- C:\WINDOWS\System32\Drivers\RimUsb.sys -- (RimUsb [On_Demand | Stopped])
DRV - [2007/01/18 10:24:58 | 00,026,496 | R--- | M] (Research in Motion Ltd) -- C:\WINDOWS\system32\DRIVERS\RimSerial.sys -- (RimVSerPort [On_Demand | Running])
DRV - [2008/09/16 10:15:00 | 00,009,088 | ---- | M] () -- C:\Program Files\RivaTuner v2.11\RivaTuner32.sys -- (RivaTuner32 [On_Demand | Stopped])
DRV - [2001/08/23 05:00:00 | 00,005,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\Drivers\RootMdm.sys -- (ROOTMODEM [On_Demand | Running])
DRV - [2007/05/01 16:01:38 | 00,132,232 | ---- | M] (Saitek) -- C:\WINDOWS\system32\DRIVERS\SaiH80C0.sys -- (SaiH80C0 [On_Demand | Stopped])
DRV - [2007/10/05 10:19:26 | 00,014,080 | ---- | M] (Saitek) -- C:\WINDOWS\system32\DRIVERS\SaiMini.sys -- (SaiMini [On_Demand | Running])
DRV - [2007/10/05 10:19:26 | 00,035,200 | ---- | M] (Saitek) -- C:\WINDOWS\system32\drivers\SaiBus.sys -- (SaiNtBus [On_Demand | Running])
DRV - [2008/04/13 22:09:16 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2006/09/24 06:28:46 | 00,005,248 | ---- | M] (Windows ® 2000 DDK provider) -- C:\WINDOWS\system32\speedfan.sys -- (speedfan [Boot | Running])
DRV - [2008/07/26 23:31:37 | 00,717,296 | ---- | M] () -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd [Boot | Running])
DRV - [2008/11/17 02:24:00 | 00,051,688 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\system32\ZoneLabs\srescan.sys -- (srescan [Boot | Running])
DRV - [2009/02/16 00:10:26 | 00,353,672 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsdatant.sys -- (vsdatant [System | Running])
DRV - File not found -- -- (ALSysIO [On_Demand | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1177238915-2147126749-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\S-1-5-21-1177238915-2147126749-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-21-1177238915-2147126749-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-1177238915-2147126749-839522115-1003\S-1-5-21-1177238915-2147126749-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.cnn.com/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.0.1
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.2
FF - prefs.js..extensions.enabledItems: firefox@facebook.com:1.2.1
FF - prefs.js..extensions.enabledItems: {398e77b8-2304-11dc-8314-0800200c9a66}:0.3.10
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.28
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.7.3
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.8

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/03/28 08:38:46 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/03/28 08:38:46 | 00,000,000 | ---D | M]

[2008/09/12 23:37:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Christopher Spank\Application Data\mozilla\Extensions
[2008/09/12 23:37:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Christopher Spank\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/03/31 09:26:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Christopher Spank\Application Data\mozilla\Firefox\Profiles\9xq1bza8.default\extensions
[2009/01/30 07:53:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Christopher Spank\Application Data\mozilla\Firefox\Profiles\9xq1bza8.default\extensions\{398e77b8-2304-11dc-8314-0800200c9a66}
[2008/12/28 10:24:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Christopher Spank\Application Data\mozilla\Firefox\Profiles\9xq1bza8.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2009/03/06 23:43:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Christopher Spank\Application Data\mozilla\Firefox\Profiles\9xq1bza8.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2009/01/11 09:42:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Christopher Spank\Application Data\mozilla\Firefox\Profiles\9xq1bza8.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2008/12/26 20:44:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Christopher Spank\Application Data\mozilla\Firefox\Profiles\9xq1bza8.default\extensions\{dc572301-7619-498c-a57d-39143191b318}
[2008/12/28 10:24:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Christopher Spank\Application Data\mozilla\Firefox\Profiles\9xq1bza8.default\extensions\firefox@facebook.com
[2008/12/28 01:03:36 | 00,000,878 | ---- | M] () -- C:\Documents and Settings\Christopher Spank\Application Data\Mozilla\FireFox\Profiles\9xq1bza8.default\searchplugins\conduit.xml
[2008/12/26 18:39:54 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/03/28 08:38:46 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/03/28 08:38:39 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/03/28 08:38:39 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2008/12/02 01:04:40 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2008/12/02 01:04:40 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2008/12/02 01:04:40 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2008/12/02 01:04:40 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2008/12/02 01:04:40 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2008/12/02 01:04:40 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2008/12/02 01:04:40 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (291431 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 10060 more lines...
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 9\SnagItBHO.dll (TechSmith Corporation)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O3 - HKLM\..\Toolbar: (ZoneAlarm Spy Blocker Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (SnagIt) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 9\SnagItIEAddin.dll (TechSmith Corporation)
O3 - HKU\S-1-5-21-1177238915-2147126749-839522115-1003\..\Toolbar\ShellBrowser: (no name) - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - Reg Error: Key error. File not found
O3 - HKU\S-1-5-21-1177238915-2147126749-839522115-1003\..\Toolbar\WebBrowser: (no name) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKU\S-1-5-21-1177238915-2147126749-839522115-1003\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-1177238915-2147126749-839522115-1003\..\Toolbar\WebBrowser: (no name) - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - Reg Error: Key error. File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
O4 - HKLM..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r (Creative Technology Ltd)
O4 - HKLM..\Run: [DT GWY] C:\Program Files\Common Files\Portrait Displays\Shared\DT_startup.exe -GWY ()
O4 - HKLM..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" (Microsoft Corporation)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE (Logitech, Inc.)
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE (Logitech, Inc.)
O4 - HKLM..\Run: [McAfee Backup] "C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe" (McAfee)
O4 - HKLM..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey (McAfee, Inc.)
O4 - HKLM..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide (McAfee, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] nwiz.exe /install ()
O4 - HKLM..\Run: [P17Helper] Rundll32 P17.dll,P17Helper ()
O4 - HKLM..\Run: [ProfilerU] C:\Program Files\Saitek\SD6\Software\ProfilerU.exe (Saitek)
O4 - HKLM..\Run: [Reclusa] C:\Program Files\Razer\Reclusa\razerhid.exe (Razer USA Ltd.)
O4 - HKLM..\Run: [SaiMfd] C:\Program Files\Saitek\SD6\Software\SaiMfd.exe (Saitek)
O4 - HKLM..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u File not found
O4 - HKLM..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" (Check Point Software Technologies LTD)
O4 - HKU\S-1-5-21-1177238915-2147126749-839522115-1003..\Run: [Core Temp] "C:\Program Files\core temp\Core Temp.exe" ()
O4 - HKU\S-1-5-21-1177238915-2147126749-839522115-1003..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R (Creative Technology Ltd)
O4 - HKU\S-1-5-21-1177238915-2147126749-839522115-1003..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear (NVIDIA)
O4 - HKU\S-1-5-21-1177238915-2147126749-839522115-1003..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - Startup: C:\Documents and Settings\Christopher Spank\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Christopher Spank\Start Menu\Programs\Startup\Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe (Stardock)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1177238915-2147126749-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1177238915-2147126749-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1177238915-2147126749-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKU\S-1-5-21-1177238915-2147126749-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1177238915-2147126749-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1177238915-2147126749-839522115-1003_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\nvLsp.dll (NVIDIA)
O15 - HKLM\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-1177238915-2147126749-839522115-1003\..Trusted Sites: internet ([]about in Trusted sites)
O15 - HKU\S-1-5-21-1177238915-2147126749-839522115-1003\..Trusted Sites: mcafee.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1177238915-2147126749-839522115-1003\..Trusted Sites: mcafee.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-1177238915-2147126749-839522115-1003\..Trusted Domains: 46 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (wbsys.dll) - C:\WINDOWS\system32\wbsys.dll (Stardock.Net, Inc)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\WBSrv: DllName - C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll - C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll (Stardock Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - ( snapapi32.dll) - C:\WINDOWS\system32\snapapi32.dll ()
O29 - HKLM SecurityProviders - ( wowfx.dll) - File not found
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/09/25 17:30:58 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/13 15:11:22 | 00,000,073 | R--- | M] () - D:\AUTORUN.INF -- [ UDF ]
O32 - AutoRun File - [2008/12/21 18:31:56 | 00,079,872 | ---- | M] () - G:\Auto Solutions.cdc -- [ FAT ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (autocheck sprestrt) - File not found
O34 - HKLM BootExecute: (autocheck sprestrt) - File not found
O34 - HKLM BootExecute: (autocheck lsdelete) - File not found
O34 - HKLM BootExecute: (autocheck lsdelete) - File not found
O34 - HKLM BootExecute: (autocheck lsdelete) - File not found
O34 - HKLM BootExecute: (autocheck lsdelete) - File not found
O34 - HKLM BootExecute: (autocheck lsdelete) - File not found
O34 - HKLM BootExecute: (autocheck lsdelete) - File not found
O34 - HKLM BootExecute: (autocheck lsdelete) - File not found
O34 - HKLM BootExecute: (autocheck lsdelete) - File not found
O34 - HKLM BootExecute: (autocheck lsdelete) - File not found
O34 - HKLM BootExecute: (autocheck lsdelete) - File not found
O34 - HKLM BootExecute: (autocheck lsdelete) - File not found
O34 - HKLM BootExecute: (autocheck lsdelete) - File not found
O34 - HKLM BootExecute: (autocheck lsdelete) - File not found
O34 - HKLM BootExecute: (autocheck lsdelete) - File not found
O34 - HKLM BootExecute: (autocheck lsdelete) - File not found
O34 - HKLM BootExecute: (autocheck lsdelete) - File not found
O34 - HKLM BootExecute: (autocheck lsdelete) - File not found
O34 - HKLM BootExecute: (autocheck lsdelete) - File not found
O34 - HKLM BootExecute: (autocheck lsdelete) - File not found
O34 - HKLM BootExecute: (autocheck lsdelete) - File not found
O34 - HKLM BootExecute: (autocheck lsdelete) - File not found
O34 - HKLM BootExecute: (autocheck lsdelete) - File not found
O34 - HKLM BootExecute: (autocheck lsdelete) - File not found
O34 - HKLM BootExecute: (autocheck lsdelete) - File not found
O34 - HKLM BootExecute: (autocheck lsdelete) - File not found
O34 - HKLM BootExecute: (autocheck lsdelete) - File not found
O34 - HKLM BootExecute: (autocheck lsdelete) - File not found

========== Files/Folders - Created Within 30 Days ==========

[16 C:\WINDOWS\*.tmp files]
[2009/03/31 12:14:29 | 00,499,200 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Christopher Spank\Desktop\OTListIt2.exe
[2009/03/31 10:08:00 | 00,002,579 | ---- | C] () -- C:\Documents and Settings\Christopher Spank\Desktop\Roster contact list-033009.doc
[2009/03/30 21:50:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Christopher Spank\My Documents\Windows Updates Downloader
[2009/03/30 21:46:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Christopher Spank\Local Settings\Application Data\Supremus Corporation
[2009/03/30 21:46:12 | 00,001,669 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Windows Updates Downloader.lnk
[2009/03/30 21:46:11 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Updates Downloader
[2009/03/30 07:42:25 | 00,000,165 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/03/30 07:05:14 | 00,000,000 | ---D | C] -- C:\a2a57731e32cf6cdc47387
[2009/03/29 21:55:02 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/03/29 21:52:42 | 02,937,554 | R--- | C] () -- C:\Documents and Settings\Christopher Spank\Desktop\ComboFix.exe
[2009/03/28 08:58:13 | 00,000,868 | ---- | C] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2009/03/25 22:27:25 | 00,000,000 | ---D | C] -- C:\Program Files\AskBarDis
[2009/03/22 10:52:39 | 00,001,032 | ---- | C] () -- C:\Documents and Settings\Christopher Spank\Desktop\Shortcut to Bioshock.exe.lnk
[2009/03/22 08:17:52 | 00,000,000 | ---D | C] -- C:\f6740a80a019ca3a56d96e16874e34
[2009/03/21 15:55:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Christopher Spank\Local Settings\Application Data\Criterion Games
[2009/03/21 15:45:21 | 02,036,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_40.dll
[2009/03/21 15:45:21 | 00,452,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_40.dll
[2009/03/21 15:45:19 | 00,235,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_3.dll
[2009/03/21 15:16:38 | 00,006,045 | ---- | C] () -- C:\WINDOWS\System32\nvnrm.nvu
[2009/03/21 15:16:38 | 00,004,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin
[2009/03/19 17:57:12 | 00,000,000 | ---D | C] -- C:\Program Files\stinger
[2009/03/18 09:58:11 | 00,000,000 | ---D | C] -- C:\42aa6c0b554e14b043f81d
[2009/03/18 07:16:49 | 00,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2009/03/17 19:19:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\The Witcher
[2009/03/17 19:04:37 | 00,000,000 | ---D | C] -- C:\Program Files\TeaTimer (Spybot - Search & Destroy)
[2009/03/17 18:50:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\TimeGate Studios
[2009/03/17 18:50:30 | 00,565,248 | ---- | C] () -- C:\WINDOWS\System32\snapapi32.dll
[2009/03/17 11:30:01 | 00,000,000 | --SD | C] -- C:\Documents and Settings\Christopher Spank\My Documents\My Data Sources
[2009/03/16 15:20:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Christopher Spank\Local Settings\Application Data\Help
[2009/03/16 15:20:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Christopher Spank\Application Data\Help
[2009/03/16 15:13:01 | 00,000,000 | ---D | C] -- C:\Program Files\Wago
[2009/03/15 22:09:16 | 00,000,000 | ---D | C] -- C:\833b750fe6047e153abc4371
[2009/03/13 22:35:15 | 00,000,000 | ---D | C] -- C:\8e1bd4e5fbb7d69a710d19a16da059
[2009/03/11 21:29:59 | 00,000,000 | ---D | C] -- C:\b275590110cb6ef40f932c
[2009/03/10 21:15:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Christopher Spank\My Documents\Bluetooth Exchange Folder
[2009/03/10 13:31:47 | 00,000,000 | ---- | C] () -- C:\WINDOWS\SetPointInstall.ini
[2009/03/09 13:10:28 | 00,000,000 | ---D | C] -- C:\ac1bc67562fe4ebc54dd9d117e
[2009/03/09 12:24:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Saitek SD6 Profiles
[2009/03/09 12:16:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\NV48644336.TMP
[2009/03/08 16:52:30 | 18,489,9616 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2009/03/08 16:52:30 | 02,131,916 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2009/03/08 16:52:20 | 00,148,496 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\44668583.sys
[2009/03/08 16:52:19 | 00,000,000 | ---D | C] -- C:\Program Files\kaspersky
[2009/03/08 08:11:48 | 00,000,000 | ---D | C] -- C:\308ee3d31e3796de56
[2009/03/06 17:19:22 | 00,000,000 | ---D | C] -- C:\convert
[2009/03/06 15:50:34 | 00,000,000 | ---D | C] -- C:\Program Files\DWG TrueView 2009
[2009/03/06 15:43:09 | 00,000,000 | ---D | C] -- C:\install
[2009/03/02 11:20:40 | 03,302,579 | ---- | C] () -- C:\Documents and Settings\Christopher Spank\Desktop\PV6Manual.pdf
[2009/03/02 10:45:21 | 00,022,016 | ---- | C] () -- C:\Documents and Settings\Christopher Spank\Desktop\Copy of Current Job List.xls
[2009/03/01 20:00:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Christopher Spank\My Documents\WBGames
[2009/03/01 19:54:53 | 04,379,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_40.dll
[2009/03/01 19:54:53 | 00,514,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_3.dll
[2009/03/01 19:54:53 | 00,070,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_2.dll
[2009/03/01 19:54:52 | 00,023,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_5.dll

========== Files - Modified Within 30 Days ==========

[16 C:\WINDOWS\*.tmp files]
[2009/03/31 12:16:50 | 18,490,1664 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2009/03/31 12:14:31 | 00,499,200 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Christopher Spank\Desktop\OTListIt2.exe
[2009/03/31 10:16:52 | 00,001,772 | -H-- | M] () -- C:\Documents and Settings\Christopher Spank\My Documents\Default.rdp
[2009/03/31 10:08:00 | 00,002,579 | ---- | M] () -- C:\Documents and Settings\Christopher Spank\Desktop\Roster contact list-033009.doc
[2009/03/30 22:08:51 | 00,071,213 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2009/03/30 22:08:49 | 00,000,335 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2009/03/30 22:08:21 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/03/30 22:06:49 | 00,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2009/03/30 22:06:23 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/03/30 22:05:14 | 02,131,916 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2009/03/30 22:04:19 | 15,023,530 | -H-- | M] () -- C:\Documents and Settings\Christopher Spank\Local Settings\Application Data\IconCache.db
[2009/03/30 21:46:12 | 00,001,669 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Windows Updates Downloader.lnk
[2009/03/30 07:42:28 | 00,000,165 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2009/03/30 07:01:35 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/03/30 07:00:00 | 00,000,462 | ---- | M] () -- C:\WINDOWS\tasks\SyncBack auto solutions.job
[2009/03/30 06:55:51 | 00,000,462 | ---- | M] () -- C:\WINDOWS\tasks\RegCure Program Check.job
[2009/03/29 22:00:43 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/03/29 21:52:59 | 02,937,554 | R--- | M] () -- C:\Documents and Settings\Christopher Spank\Desktop\ComboFix.exe
[2009/03/27 10:22:24 | 00,119,296 | ---- | M] () -- C:\Documents and Settings\Christopher Spank\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/26 16:49:56 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/03/26 16:49:50 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/03/25 22:27:03 | 00,004,212 | -H-- | M] () -- C:\WINDOWS\System32\zllictbl.dat
[2009/03/22 21:00:00 | 00,000,474 | ---- | M] () -- C:\WINDOWS\tasks\SyncBack automation solutions.job
[2009/03/22 20:00:00 | 00,000,458 | ---- | M] () -- C:\WINDOWS\tasks\SyncBack as solutions.job
[2009/03/22 10:52:39 | 00,001,032 | ---- | M] () -- C:\Documents and Settings\Christopher Spank\Desktop\Shortcut to Bioshock.exe.lnk
[2009/03/21 15:28:44 | 00,572,358 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/03/21 15:28:44 | 00,116,636 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/03/21 15:28:43 | 00,703,292 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/03/19 21:48:22 | 00,026,404 | ---- | M] () -- C:\Documents and Settings\Christopher Spank\Application Data\mainhst.zgh
[2009/03/18 07:16:49 | 00,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2009/03/17 03:55:12 | 00,155,856 | ---- | M] () -- C:\Documents and Settings\Christopher Spank\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/03/17 03:53:05 | 00,478,744 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/03/16 08:38:49 | 00,022,016 | ---- | M] () -- C:\Documents and Settings\Christopher Spank\Desktop\Copy of Current Job List.xls
[2009/03/11 14:19:53 | 00,000,552 | ---- | M] () -- C:\WINDOWS\zipgenius.xml
[2009/03/10 22:24:22 | 00,000,584 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2009/03/10 22:24:22 | 00,000,584 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2009/03/10 13:31:47 | 00,000,000 | ---- | M] () -- C:\WINDOWS\SetPointInstall.ini
[2009/03/09 18:13:12 | 03,302,579 | ---- | M] () -- C:\Documents and Settings\Christopher Spank\Desktop\PV6Manual.pdf
[2009/03/08 19:43:43 | 00,413,696 | ---- | M] (Creative Labs) -- C:\WINDOWS\System32\wrap_oal.dll
[2009/03/08 19:43:43 | 00,110,592 | ---- | M] (Portions © Creative Labs Inc. and NVIDIA Corp.) -- C:\WINDOWS\System32\OpenAL32.dll
[2009/03/04 13:40:18 | 00,015,688 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\tmp:SummaryInformation
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Christopher Spank\My Documents\My Videos:Roxio EMC Stream
@Alternate Data Stream - 498 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB0AACC9
@Alternate Data Stream - 108 bytes -> C:\WINDOWS:
< End of report >

#11 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:05:08 AM

Posted 01 April 2009 - 09:47 AM

Run OTListIt2.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTLI
    PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O29 - HKLM SecurityProviders - ( snapapi32.dll) - C:\WINDOWS\system32\snapapi32.dll ()
    O29 - HKLM SecurityProviders - ( wowfx.dll) - File not found
    
    :Commands
    [purity]
    [emptytemp]
    [start explorer]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then post a new OTL2 log

================


Now let's run a scan with Malwarebytes.
  • Open Malwarebytes and select the Update tab.
  • Click on the Check for Updates button and allow the program to download the latest updates.
  • Once you have the latest updates, select the Scanner tab.
  • Select "Perform quick scan" and click the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#12 cbalduc

cbalduc
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:08 AM

Posted 01 April 2009 - 11:00 AM

========== OTLISTIT ==========
Process explorer.exe killed successfully!
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders:snapapi32.dll deleted successfully.
LoadLibrary failed for C:\WINDOWS\system32\snapapi32.dll
C:\WINDOWS\system32\snapapi32.dll NOT unregistered.
C:\WINDOWS\system32\snapapi32.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders:wowfx.dll deleted successfully.
========== COMMANDS ==========
File delete failed. C:\Documents and Settings\Christopher Spank\Local Settings\temp\etilqs_bxGqoSgREl2zQhdcHXXl scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Christopher Spank\Local Settings\temp\fb_3604.lck scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Christopher Spank\Local Settings\temp\~DF9048.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\Christopher Spank\Local Settings\Temporary Internet Files\Content.Word\~WRS{40942D62-6DFD-49B3-AAB4-F34B57CFDC37}.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Christopher Spank\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
User's Temporary Internet Files folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\Documents and Settings\NetworkService\Local Settings\Temp\Perflib_Perfdata_53c.dat scheduled to be deleted on reboot.
Network Service Temp folder emptied.
Network Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\mcafee_A75Gysr8A6efYpr scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\mcmsc_K8sfHeJE4WuLmA1 scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\mcmsc_OyVP7kHroZGBV11 scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_a4.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\sqlite_6CM3Fcg1cFzw3Ff scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\sqlite_7fa5weM7qhW3u8f scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\sqlite_DQqP5GNNTo28ZPD scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\sqlite_k9Sjz4w4QaFN9Vk scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\sqlite_PUFEdTZfSIamt9L scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\sqlite_R7xAMchzWBxgj7R scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\sqlite_vkhTF6U1PPOKjPy scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\ZLT05ae7.TMP scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\Christopher Spank\Local Settings\Application Data\Mozilla\Firefox\Profiles\9xq1bza8.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Christopher Spank\Local Settings\Application Data\Mozilla\Firefox\Profiles\9xq1bza8.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Christopher Spank\Local Settings\Application Data\Mozilla\Firefox\Profiles\9xq1bza8.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Christopher Spank\Local Settings\Application Data\Mozilla\Firefox\Profiles\9xq1bza8.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Christopher Spank\Local Settings\Application Data\Mozilla\Firefox\Profiles\9xq1bza8.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Christopher Spank\Local Settings\Application Data\Mozilla\Firefox\Profiles\9xq1bza8.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTListIt2 by OldTimer - Version 2.0.7.2 log created on 04012009_082110

Files moved on Reboot...
File C:\Documents and Settings\Christopher Spank\Local Settings\temp\etilqs_bxGqoSgREl2zQhdcHXXl not found!
File C:\Documents and Settings\Christopher Spank\Local Settings\temp\fb_3604.lck not found!
C:\Documents and Settings\Christopher Spank\Local Settings\temp\~DF9048.tmp moved successfully.
File C:\Documents and Settings\Christopher Spank\Local Settings\Temporary Internet Files\Content.Word\~WRS{40942D62-6DFD-49B3-AAB4-F34B57CFDC37}.tmp not found!
File move failed. C:\Documents and Settings\Christopher Spank\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
File C:\Documents and Settings\NetworkService\Local Settings\Temp\Perflib_Perfdata_53c.dat not found!
File C:\WINDOWS\temp\mcafee_A75Gysr8A6efYpr not found!
File C:\WINDOWS\temp\mcmsc_K8sfHeJE4WuLmA1 not found!
File C:\WINDOWS\temp\mcmsc_OyVP7kHroZGBV11 not found!
File C:\WINDOWS\temp\Perflib_Perfdata_a4.dat not found!
C:\WINDOWS\temp\sqlite_6CM3Fcg1cFzw3Ff moved successfully.
File C:\WINDOWS\temp\sqlite_7fa5weM7qhW3u8f not found!
File C:\WINDOWS\temp\sqlite_DQqP5GNNTo28ZPD not found!
File C:\WINDOWS\temp\sqlite_k9Sjz4w4QaFN9Vk not found!
C:\WINDOWS\temp\sqlite_PUFEdTZfSIamt9L moved successfully.
File C:\WINDOWS\temp\sqlite_R7xAMchzWBxgj7R not found!
C:\WINDOWS\temp\sqlite_vkhTF6U1PPOKjPy moved successfully.
File C:\WINDOWS\temp\ZLT05ae7.TMP not found!
C:\Documents and Settings\Christopher Spank\Local Settings\Application Data\Mozilla\Firefox\Profiles\9xq1bza8.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\Christopher Spank\Local Settings\Application Data\Mozilla\Firefox\Profiles\9xq1bza8.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\Christopher Spank\Local Settings\Application Data\Mozilla\Firefox\Profiles\9xq1bza8.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\Christopher Spank\Local Settings\Application Data\Mozilla\Firefox\Profiles\9xq1bza8.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\Christopher Spank\Local Settings\Application Data\Mozilla\Firefox\Profiles\9xq1bza8.default\urlclassifier3.sqlite moved successfully.
C:\Documents and Settings\Christopher Spank\Local Settings\Application Data\Mozilla\Firefox\Profiles\9xq1bza8.default\XUL.mfl moved successfully.

Registry entries deleted on Reboot...


Malwarebytes' Anti-Malware 1.35
Database version: 1929
Windows 5.1.2600 Service Pack 3

4/1/2009 8:58:09 AM
mbam-log-2009-04-01 (08-58-09).txt

Scan type: Quick Scan
Objects scanned: 95469
Time elapsed: 5 minute(s), 4 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#13 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:05:08 AM

Posted 02 April 2009 - 10:56 AM

Please post a new log from OTListIt2.
How is your computer behaving now?
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#14 cbalduc

cbalduc
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:08 AM

Posted 02 April 2009 - 11:28 AM

Sam,
Windows says it will install updates whenever I shut down. I used WUD (Windows Update Downloader) instead but I still get the message to install them. Otherwise I am not noticing anything strange.




OTListIt logfile created on: 4/2/2009 9:14:32 AM - Run 2
OTListIt2 by OldTimer - Version 2.0.7.2 Folder = C:\Documents and Settings\Christopher Spank\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.81 Gb Available Physical Memory | 90.51% Memory free
4.00 Gb Paging File | 3.72 Gb Available in Paging File | 92.98% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 279.46 Gb Total Space | 106.53 Gb Free Space | 38.12% Space Free | Partition Type: NTFS
Drive D: | 7.00 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 1.89 Gb Total Space | 0.97 Gb Free Space | 51.15% Space Free | Partition Type: FAT
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BALDUC
Current User Name: Christopher
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - [2009/02/16 00:10:22 | 02,402,184 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe
PRC - [2008/09/05 23:29:58 | 00,917,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\WgaTray.exe
PRC - [2008/04/14 05:42:20 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2009/03/01 17:20:35 | 00,425,080 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\a-squared Free\a2service.exe
PRC - [2008/10/16 18:22:20 | 00,464,264 | ---- | M] () -- C:\Program Files\AskBarDis\bar\bin\AskService.exe
PRC - [2007/02/13 13:28:14 | 00,032,768 | ---- | M] (Autodesk) -- C:\Program Files\Autodesk\Data Management Server 2008\Server\Dispatch\Connectivity.WindowsService.JobDispatch.exe
PRC - [2007/10/04 20:57:12 | 00,085,096 | ---- | M] (Autodesk) -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
PRC - [1999/12/13 01:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTsvcCDA.exe
PRC - [2007/10/17 10:04:12 | 01,094,936 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
PRC - [2007/10/09 17:46:04 | 00,065,536 | ---- | M] () -- C:\Program Files\Common Files\Portrait Displays\Shared\dtsrvc.exe
PRC - [2009/01/08 20:30:26 | 00,645,328 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2008/04/14 05:42:24 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe
PRC - [2009/01/09 14:41:12 | 01,176,808 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MHN\McENUI.exe
PRC - [2008/12/05 16:51:06 | 00,206,096 | ---- | M] () -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2009/01/08 20:30:26 | 00,797,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
PRC - [2007/06/18 17:14:16 | 00,167,936 | ---- | M] (Razer USA Ltd.) -- C:\Program Files\Razer\Reclusa\razerhid.exe
PRC - [2005/10/31 11:51:52 | 00,057,344 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
PRC - [2007/10/02 10:10:14 | 00,233,472 | ---- | M] (Saitek) -- C:\Program Files\Saitek\SD6\Software\ProfilerU.exe
PRC - [2007/10/02 10:10:46 | 00,131,072 | ---- | M] (Saitek) -- C:\Program Files\Saitek\SD6\Software\SaiMfd.exe
PRC - [2009/01/09 11:31:16 | 02,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2007/08/24 07:00:48 | 00,033,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
PRC - [2009/01/09 08:06:52 | 00,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2009/02/27 12:14:26 | 00,640,376 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
PRC - [2009/01/16 20:03:48 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe
PRC - [2009/02/16 00:10:22 | 00,981,384 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2007/10/09 17:45:20 | 00,110,592 | ---- | M] (Portrait Displays Inc.) -- C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe
PRC - [2009/01/09 13:05:38 | 05,134,864 | ---- | M] (McAfee) -- C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
PRC - [2009/01/09 13:48:02 | 00,884,360 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MPFSrv.exe
PRC - [2004/12/02 18:23:34 | 00,102,400 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
PRC - [2008/09/16 13:16:08 | 01,833,296 | RHS- | M] (Safer Networking Limited) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/23 13:21:02 | 00,319,504 | ---- | M] () -- C:\Program Files\core temp\Core Temp.exe
PRC - [2007/01/23 20:15:02 | 00,217,088 | ---- | M] () -- C:\Program Files\Razer\Reclusa\razertra.exe
PRC - [2009/01/09 09:22:10 | 00,026,640 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSK\MskSrver.exe
PRC - [2008/09/08 12:46:20 | 03,581,680 | ---- | M] (Stardock) -- C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
PRC - [2009/02/18 14:44:00 | 00,163,908 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
PRC - [2006/11/02 21:40:12 | 00,174,656 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe
PRC - [2007/02/10 05:29:48 | 00,242,544 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
PRC - [2008/11/24 22:31:12 | 00,087,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2008/12/18 12:05:40 | 00,457,248 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
PRC - [2008/12/18 12:05:40 | 00,191,008 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
PRC - [2009/01/16 19:28:08 | 00,606,736 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe
PRC - [2009/03/28 08:38:41 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\program files\mozilla firefox\firefox.exe
PRC - [2008/05/21 04:37:24 | 12,844,576 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
PRC - [2009/03/31 12:14:31 | 00,499,200 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Christopher Spank\Desktop\OTListIt2.exe

========== Win32 Services (SafeList) ==========

SRV - [2009/03/01 17:20:35 | 00,425,080 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\a-squared Free\a2service.exe -- (a2free [Auto | Running])
SRV - [2008/10/16 18:22:20 | 00,464,264 | ---- | M] () -- C:\Program Files\AskBarDis\bar\bin\AskService.exe -- (ASKService [Auto | Running])
SRV - [2007/04/13 03:20:52 | 00,033,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2007/02/13 13:28:14 | 00,032,768 | ---- | M] (Autodesk) -- C:\Program Files\Autodesk\Data Management Server 2008\Server\Dispatch\Connectivity.WindowsService.JobDispatch.exe -- (Autodesk Data Management Job Dispatch [Auto | Running])
SRV - File not found -- -- (Autodesk EDM Server [Auto | Stopped])
SRV - [2007/10/04 20:57:12 | 00,085,096 | ---- | M] (Autodesk) -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service [Auto | Running])
SRV - [2007/04/13 03:21:18 | 00,068,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [1999/12/13 01:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTsvcCDA.exe -- (Creative Service for CDROM Access [Auto | Running])
SRV - [2007/10/17 10:04:12 | 01,094,936 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper [Auto | Running])
SRV - [2007/10/09 17:46:04 | 00,065,536 | ---- | M] () -- C:\Program Files\Common Files\Portrait Displays\Shared\dtsrvc.exe -- (DTSRVC [Auto | Running])
SRV - [2008/11/20 23:50:18 | 00,651,720 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Stopped])
SRV - [2006/10/20 21:21:24 | 00,036,864 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2008/12/18 12:05:40 | 00,457,248 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM) [Auto | Running])
SRV - [2009/03/28 08:58:12 | 00,183,280 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [Auto | Stopped])
SRV - [2004/10/22 04:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2006/10/30 03:33:58 | 00,741,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2008/04/14 05:42:24 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN [Auto | Running])
SRV - File not found -- -- (IOLO_SRV [Auto | Stopped])
SRV - [2009/03/09 12:41:37 | 00,951,632 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service [On_Demand | Stopped])
SRV - File not found -- -- (LBTServ [On_Demand | Stopped])
SRV - [2009/01/09 13:05:26 | 00,068,112 | ---- | M] (McAfee) -- C:\Program Files\McAfee\MBK\MBackMonitor.exe -- (MBackMonitor [On_Demand | Stopped])
SRV - [2008/12/05 16:51:06 | 00,206,096 | ---- | M] () -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service [Auto | Running])
SRV - [2009/01/08 20:30:26 | 00,797,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc [Auto | Running])
SRV - [2009/01/09 11:31:16 | 02,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc [Auto | Running])
SRV - [2009/01/17 07:33:02 | 00,365,072 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS [On_Demand | Stopped])
SRV - [2009/01/09 08:06:52 | 00,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy [Auto | Running])
SRV - [2009/01/16 20:03:48 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield [Unknown | Running])
SRV - [2009/01/16 19:28:08 | 00,606,736 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon [On_Demand | Running])
SRV - File not found -- -- (mi-raysat_3dsmax9_32 [Auto | Stopped])
SRV - [2007/08/24 06:59:20 | 00,068,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service [On_Demand | Stopped])
SRV - [2009/01/09 13:48:02 | 00,884,360 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService [Auto | Running])
SRV - [2009/01/09 09:22:10 | 00,026,640 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSK\MskSrver.exe -- (MSK80Service [Auto | Running])
SRV - [2008/12/18 05:25:12 | 29,181,272 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$AUTODESKVAULT [Auto | Stopped])
SRV - [2007/02/13 11:38:13 | 00,045,272 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper [Disabled | Stopped])
SRV - [2006/10/30 03:34:02 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2008/12/18 12:05:40 | 00,191,008 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe -- (nSvcIp [Auto | Running])
SRV - [2007/07/03 13:32:16 | 00,131,072 | ---- | M] (NVIDIA) -- C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe -- (nTuneService [Disabled | Stopped])
SRV - [2009/02/18 14:44:00 | 00,163,908 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Auto | Running])
SRV - [2007/08/24 03:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
SRV - [2006/10/26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2006/11/02 21:40:12 | 00,174,656 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe -- (ProtexisLicensing [Auto | Running])
SRV - File not found -- -- (RoxLiveShare9 [Auto | Stopped])
SRV - [2008/04/14 05:42:24 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (SMTPSVC [Auto | Running])
SRV - [2008/09/29 11:44:07 | 00,079,360 | ---- | M] (SolidWorks) -- C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe -- (SolidWorks Licensing Service [On_Demand | Stopped])
SRV - [2007/02/10 05:29:48 | 00,242,544 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser [Auto | Running])
SRV - [2008/11/24 22:31:12 | 00,087,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter [Auto | Running])
SRV - [2005/01/28 14:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfmgr.exe -- (UMWdf [On_Demand | Stopped])
SRV - [2009/02/16 00:10:22 | 02,402,184 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- (vsmon [Auto | Running])
SRV - [2008/04/14 05:42:24 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (W3SVC [Auto | Running])
SRV - [2007/10/25 15:27:54 | 00,266,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2008/09/27 22:30:13 | 00,279,712 | ---- | M] () -- C:\WINDOWS\system32\DRIVERS\atksgt.sys -- (atksgt [Auto | Running])
DRV - [2006/11/30 16:53:48 | 00,610,816 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\DRIVERS\bcmwl5.sys -- (BCM43XX [On_Demand | Stopped])
DRV - [2005/01/10 03:15:24 | 00,138,752 | R--- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys -- (ctsfm2k [On_Demand | Running])
DRV - [1996/04/03 12:33:26 | 00,005,248 | ---- | M] () -- C:\WINDOWS\system32\giveio.sys -- (giveio [Boot | Running])
DRV - [2008/04/13 22:06:06 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])
DRV - [2008/07/08 13:54:02 | 00,148,496 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\system32\DRIVERS\44668583.sys -- (is-E3DMJdrv [System | Running])
DRV - [2007/01/23 15:44:00 | 00,020,496 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys -- (L8042Kbd [On_Demand | Stopped])
DRV - [2007/01/23 15:44:00 | 00,062,992 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\DRIVERS\L8042mou.Sys -- (L8042mou [On_Demand | Stopped])
DRV - [2009/01/21 13:40:28 | 00,064,160 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd [Boot | Running])
DRV - [2008/12/18 23:43:40 | 00,035,472 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys -- (LHidFilt [On_Demand | Running])
DRV - [2008/09/27 22:30:12 | 00,025,888 | ---- | M] () -- C:\WINDOWS\system32\DRIVERS\lirsgt.sys -- (lirsgt [Auto | Running])
DRV - [2008/12/18 23:43:48 | 00,037,392 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys -- (LMouFilt [On_Demand | Running])
DRV - [2007/01/23 15:45:00 | 00,078,864 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\DRIVERS\LMouKE.Sys -- (LMouKE [On_Demand | Stopped])
DRV - [2009/01/09 12:03:40 | 00,079,304 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk [On_Demand | Running])
DRV - [2009/01/09 12:03:40 | 00,035,272 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk [On_Demand | Running])
DRV - [2009/01/09 12:03:40 | 00,213,640 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk [System | Running])
DRV - [2009/01/09 12:03:06 | 00,034,216 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk [On_Demand | Stopped])
DRV - [2009/01/09 12:03:40 | 00,040,552 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk [On_Demand | Running])
DRV - [2008/10/23 13:08:54 | 00,120,136 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\Drivers\Mpfp.sys -- (MPFP [System | Running])
DRV - [2009/02/18 14:44:00 | 06,308,224 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running])
DRV - [2008/08/01 10:36:20 | 00,054,784 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\NVENETFD.sys -- (NVENETFD [On_Demand | Running])
DRV - [2008/11/12 16:58:38 | 00,145,952 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nvgts.sys -- (nvgts [Boot | Running])
DRV - [2008/08/01 10:36:26 | 00,022,016 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nvnetbus.sys -- (nvnetbus [On_Demand | Running])
DRV - [2007/07/03 13:33:04 | 00,006,912 | ---- | M] (NVidia Corp.) -- C:\WINDOWS\nvoclock.sys -- (NVR0Dev [On_Demand | Stopped])
DRV - [2005/01/10 03:15:30 | 00,106,496 | R--- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\DRIVERS\ctoss2k.sys -- (ossrv [On_Demand | Running])
DRV - [2005/07/07 01:14:30 | 01,389,056 | R--- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\P17.sys -- (P17 [On_Demand | Running])
DRV - [2006/03/20 18:34:56 | 01,452,032 | ---- | M] (Sensaura) -- C:\WINDOWS\system32\drivers\p17filt.sys -- (p17filt [On_Demand | Stopped])
DRV - [2007/08/07 00:39:20 | 00,011,776 | ---- | M] (Portrait Displays, Inc.) -- C:\WINDOWS\System32\DRIVERS\pdiddcci.sys -- (pdiddcci [On_Demand | Stopped])
DRV - [2006/11/16 17:20:48 | 00,015,920 | ---- | M] (Portrait Displays, Inc.) -- C:\WINDOWS\System32\Drivers\PdiPorts.sys -- (PdiPorts [On_Demand | Running])
DRV - [2007/02/09 12:17:18 | 00,017,465 | ---- | M] (Portrait Displays, Inc.) -- C:\WINDOWS\System32\drivers\pivot.sys -- (Pivot [System | Stopped])
DRV - [2007/02/09 12:17:16 | 00,011,323 | ---- | M] (Portrait Displays, Inc.) -- C:\WINDOWS\System32\drivers\pivotmou.sys -- (pivotmou [On_Demand | Stopped])
DRV - [2002/09/16 17:14:32 | 00,004,228 | ---- | M] (PowerQuest Corporation) -- C:\WINDOWS\System32\drivers\PQNTDRV.sys -- (PQNTDrv [System | Running])
DRV - [2001/08/23 05:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2007/03/06 03:00:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2007/01/18 09:21:38 | 00,041,984 | ---- | M] () -- C:\WINDOWS\System32\Drivers\RecFltr.sys -- (RecFltr [On_Demand | Running])
DRV - [2006/11/07 18:02:04 | 00,022,272 | ---- | M] (Research In Motion Limited) -- C:\WINDOWS\System32\Drivers\RimUsb.sys -- (RimUsb [On_Demand | Stopped])
DRV - [2007/01/18 10:24:58 | 00,026,496 | R--- | M] (Research in Motion Ltd) -- C:\WINDOWS\system32\DRIVERS\RimSerial.sys -- (RimVSerPort [On_Demand | Running])
DRV - [2008/09/16 10:15:00 | 00,009,088 | ---- | M] () -- C:\Program Files\RivaTuner v2.11\RivaTuner32.sys -- (RivaTuner32 [On_Demand | Stopped])
DRV - [2001/08/23 05:00:00 | 00,005,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\Drivers\RootMdm.sys -- (ROOTMODEM [On_Demand | Running])
DRV - [2007/05/01 16:01:38 | 00,132,232 | ---- | M] (Saitek) -- C:\WINDOWS\system32\DRIVERS\SaiH80C0.sys -- (SaiH80C0 [On_Demand | Stopped])
DRV - [2007/10/05 10:19:26 | 00,014,080 | ---- | M] (Saitek) -- C:\WINDOWS\system32\DRIVERS\SaiMini.sys -- (SaiMini [On_Demand | Running])
DRV - [2007/10/05 10:19:26 | 00,035,200 | ---- | M] (Saitek) -- C:\WINDOWS\system32\drivers\SaiBus.sys -- (SaiNtBus [On_Demand | Running])
DRV - [2008/04/13 22:09:16 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2006/09/24 06:28:46 | 00,005,248 | ---- | M] (Windows ® 2000 DDK provider) -- C:\WINDOWS\system32\speedfan.sys -- (speedfan [Boot | Running])
DRV - [2008/07/26 23:31:37 | 00,717,296 | ---- | M] () -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd [Boot | Running])
DRV - [2008/11/17 02:24:00 | 00,051,688 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\system32\ZoneLabs\srescan.sys -- (srescan [Boot | Running])
DRV - [2009/02/16 00:10:26 | 00,353,672 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsdatant.sys -- (vsdatant [System | Running])
DRV - File not found -- -- (ALSysIO [On_Demand | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1177238915-2147126749-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\S-1-5-21-1177238915-2147126749-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-21-1177238915-2147126749-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-1177238915-2147126749-839522115-1003\S-1-5-21-1177238915-2147126749-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.cnn.com/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.0.1
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.2
FF - prefs.js..extensions.enabledItems: firefox@facebook.com:1.2.1
FF - prefs.js..extensions.enabledItems: {398e77b8-2304-11dc-8314-0800200c9a66}:0.3.10
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.28
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.7.3
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.8


FF - HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/03/28 08:38:46 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/03/28 08:38:46 | 00,000,000 | ---D | M]

[2008/09/12 23:37:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Christopher Spank\Application Data\mozilla\Extensions
[2008/09/12 23:37:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Christopher Spank\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/04/01 22:25:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Christopher Spank\Application Data\mozilla\Firefox\Profiles\9xq1bza8.default\extensions
[2009/01/30 07:53:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Christopher Spank\Application Data\mozilla\Firefox\Profiles\9xq1bza8.default\extensions\{398e77b8-2304-11dc-8314-0800200c9a66}
[2008/12/28 10:24:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Christopher Spank\Application Data\mozilla\Firefox\Profiles\9xq1bza8.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2009/03/06 23:43:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Christopher Spank\Application Data\mozilla\Firefox\Profiles\9xq1bza8.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2009/01/11 09:42:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Christopher Spank\Application Data\mozilla\Firefox\Profiles\9xq1bza8.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2008/12/26 20:44:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Christopher Spank\Application Data\mozilla\Firefox\Profiles\9xq1bza8.default\extensions\{dc572301-7619-498c-a57d-39143191b318}
[2008/12/28 10:24:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Christopher Spank\Application Data\mozilla\Firefox\Profiles\9xq1bza8.default\extensions\firefox@facebook.com
[2008/12/28 01:03:36 | 00,000,878 | ---- | M] () -- C:\Documents and Settings\Christopher Spank\Application Data\Mozilla\FireFox\Profiles\9xq1bza8.default\searchplugins\conduit.xml
[2008/12/26 18:39:54 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/03/28 08:38:46 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/03/28 08:38:39 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/03/28 08:38:39 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2008/12/02 01:04:40 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2008/12/02 01:04:40 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2008/12/02 01:04:40 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2008/12/02 01:04:40 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2008/12/02 01:04:40 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2008/12/02 01:04:40 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2008/12/02 01:04:40 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (291431 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 10060 more lines...
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 9\SnagItBHO.dll (TechSmith Corporation)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O3 - HKLM\..\Toolbar: (ZoneAlarm Spy Blocker Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (SnagIt) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 9\SnagItIEAddin.dll (TechSmith Corporation)
O3 - HKU\S-1-5-21-1177238915-2147126749-839522115-1003\..\Toolbar\ShellBrowser: (no name) - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - Reg Error: Key error. File not found
O3 - HKU\S-1-5-21-1177238915-2147126749-839522115-1003\..\Toolbar\WebBrowser: (no name) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKU\S-1-5-21-1177238915-2147126749-839522115-1003\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-1177238915-2147126749-839522115-1003\..\Toolbar\WebBrowser: (no name) - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - Reg Error: Key error. File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
O4 - HKLM..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r (Creative Technology Ltd)
O4 - HKLM..\Run: [DT GWY] C:\Program Files\Common Files\Portrait Displays\Shared\DT_startup.exe -GWY ()
O4 - HKLM..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" (Microsoft Corporation)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE (Logitech, Inc.)
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE (Logitech, Inc.)
O4 - HKLM..\Run: [McAfee Backup] "C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe" (McAfee)
O4 - HKLM..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey (McAfee, Inc.)
O4 - HKLM..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide (McAfee, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] nwiz.exe /install ()
O4 - HKLM..\Run: [P17Helper] Rundll32 P17.dll,P17Helper ()
O4 - HKLM..\Run: [ProfilerU] C:\Program Files\Saitek\SD6\Software\ProfilerU.exe (Saitek)
O4 - HKLM..\Run: [Reclusa] C:\Program Files\Razer\Reclusa\razerhid.exe (Razer USA Ltd.)
O4 - HKLM..\Run: [SaiMfd] C:\Program Files\Saitek\SD6\Software\SaiMfd.exe (Saitek)
O4 - HKLM..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u File not found
O4 - HKLM..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" (Check Point Software Technologies LTD)
O4 - HKU\S-1-5-21-1177238915-2147126749-839522115-1003..\Run: [Core Temp] "C:\Program Files\core temp\Core Temp.exe" ()
O4 - HKU\S-1-5-21-1177238915-2147126749-839522115-1003..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R (Creative Technology Ltd)
O4 - HKU\S-1-5-21-1177238915-2147126749-839522115-1003..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear (NVIDIA)
O4 - HKU\S-1-5-21-1177238915-2147126749-839522115-1003..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - Startup: C:\Documents and Settings\Christopher Spank\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Christopher Spank\Start Menu\Programs\Startup\Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe (Stardock)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1177238915-2147126749-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1177238915-2147126749-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1177238915-2147126749-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKU\S-1-5-21-1177238915-2147126749-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1177238915-2147126749-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1177238915-2147126749-839522115-1003_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\nvLsp.dll (NVIDIA)
O15 - HKLM\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-1177238915-2147126749-839522115-1003\..Trusted Sites: internet ([]about in Trusted sites)
O15 - HKU\S-1-5-21-1177238915-2147126749-839522115-1003\..Trusted Sites: mcafee.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1177238915-2147126749-839522115-1003\..Trusted Sites: mcafee.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-1177238915-2147126749-839522115-1003\..Trusted Domains: 46 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (wbsys.dll) - C:\WINDOWS\system32\wbsys.dll (Stardock.Net, Inc)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\WBSrv: DllName - C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll - C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll (Stardock Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/09/25 17:30:58 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/13 15:11:22 | 00,000,073 | R--- | M] () - D:\AUTORUN.INF -- [ UDF ]
O32 - AutoRun File - [2008/12/21 18:31:56 | 00,079,872 | ---- | M] () - G:\Auto Solutions.cdc -- [ FAT ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (autocheck sprestrt) - File not found
O34 - HKLM BootExecute: (autocheck sprestrt) - File not found
O34 - HKLM BootExecute: (autocheck lsdelete) - File not found
O34 - HKLM BootExecute: (autocheck lsdelete) - File not found
O34 - HKLM BootExecute: (autocheck lsdelete) - File not found
O34 - HKLM BootExecute: (autocheck lsdelete) - File not found
O34 - HKLM BootExecute: (autocheck lsdelete) - File not found
O34 - HKLM BootExecute: (autocheck lsdelete) - File not found
O34 - HKLM BootExecute: (autocheck lsdelete) - File not found
O34 - HKLM BootExecute: (autocheck lsdelete) - File not found
O34 - HKLM BootExecute: (autocheck lsdelete) - File not found
O34 - HKLM BootExecute: (autocheck lsdelete) - File not found
O34 - HKLM BootExecute: (autocheck lsdelete) - File not found
O34 - HKLM BootExecute: (autocheck lsdelete) - File not found
O34 - HKLM BootExecute: (autocheck lsdelete) - File not found
O34 - HKLM BootExecute: (autocheck lsdelete) - File not found
O34 - HKLM BootExecute: (autocheck lsdelete) - File not found
O34 - HKLM BootExecute: (autocheck lsdelete) - File not found
O34 - HKLM BootExecute: (autocheck lsdelete) - File not found
O34 - HKLM BootExecute: (autocheck lsdelete) - File not found
O34 - HKLM BootExecute: (autocheck lsdelete) - File not found
O34 - HKLM BootExecute: (autocheck lsdelete) - File not found
O34 - HKLM BootExecute: (autocheck lsdelete) - File not found
O34 - HKLM BootExecute: (autocheck lsdelete) - File not found
O34 - HKLM BootExecute: (autocheck lsdelete) - File not found
O34 - HKLM BootExecute: (autocheck lsdelete) - File not found
O34 - HKLM BootExecute: (autocheck lsdelete) - File not found
O34 - HKLM BootExecute: (autocheck lsdelete) - File not found
O34 - HKLM BootExecute: (autocheck lsdelete) - File not found

========== Files/Folders - Created Within 30 Days ==========

[16 C:\WINDOWS\*.tmp files]
[2009/04/01 08:21:10 | 00,000,000 | ---D | C] -- C:\_OTListIt
[2009/03/31 12:14:29 | 00,499,200 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Christopher Spank\Desktop\OTListIt2.exe
[2009/03/31 10:08:00 | 00,038,330 | ---- | C] () -- C:\Documents and Settings\Christopher Spank\Desktop\Roster contact list-033009.doc
[2009/03/30 21:50:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Christopher Spank\My Documents\Windows Updates Downloader
[2009/03/30 21:46:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Christopher Spank\Local Settings\Application Data\Supremus Corporation
[2009/03/30 21:46:12 | 00,001,669 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Windows Updates Downloader.lnk
[2009/03/30 21:46:11 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Updates Downloader
[2009/03/30 07:42:25 | 00,000,165 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/03/30 07:05:14 | 00,000,000 | ---D | C] -- C:\a2a57731e32cf6cdc47387
[2009/03/29 21:55:02 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/03/29 21:52:42 | 02,937,554 | R--- | C] () -- C:\Documents and Settings\Christopher Spank\Desktop\ComboFix.exe
[2009/03/28 08:58:13 | 00,000,868 | ---- | C] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2009/03/25 22:27:25 | 00,000,000 | ---D | C] -- C:\Program Files\AskBarDis
[2009/03/22 10:52:39 | 00,001,032 | ---- | C] () -- C:\Documents and Settings\Christopher Spank\Desktop\Shortcut to Bioshock.exe.lnk
[2009/03/22 08:17:52 | 00,000,000 | ---D | C] -- C:\f6740a80a019ca3a56d96e16874e34
[2009/03/21 15:55:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Christopher Spank\Local Settings\Application Data\Criterion Games
[2009/03/21 15:45:21 | 02,036,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_40.dll
[2009/03/21 15:45:21 | 00,452,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_40.dll
[2009/03/21 15:45:19 | 00,235,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_3.dll
[2009/03/21 15:16:38 | 00,006,045 | ---- | C] () -- C:\WINDOWS\System32\nvnrm.nvu
[2009/03/21 15:16:38 | 00,004,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin
[2009/03/19 17:57:12 | 00,000,000 | ---D | C] -- C:\Program Files\stinger
[2009/03/18 09:58:11 | 00,000,000 | ---D | C] -- C:\42aa6c0b554e14b043f81d
[2009/03/18 07:16:49 | 00,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2009/03/17 19:19:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\The Witcher
[2009/03/17 19:04:37 | 00,000,000 | ---D | C] -- C:\Program Files\TeaTimer (Spybot - Search & Destroy)
[2009/03/17 18:50:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\TimeGate Studios
[2009/03/17 11:30:01 | 00,000,000 | --SD | C] -- C:\Documents and Settings\Christopher Spank\My Documents\My Data Sources
[2009/03/16 15:20:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Christopher Spank\Local Settings\Application Data\Help
[2009/03/16 15:20:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Christopher Spank\Application Data\Help
[2009/03/16 15:13:01 | 00,000,000 | ---D | C] -- C:\Program Files\Wago
[2009/03/15 22:09:16 | 00,000,000 | ---D | C] -- C:\833b750fe6047e153abc4371
[2009/03/13 22:35:15 | 00,000,000 | ---D | C] -- C:\8e1bd4e5fbb7d69a710d19a16da059
[2009/03/11 21:29:59 | 00,000,000 | ---D | C] -- C:\b275590110cb6ef40f932c
[2009/03/10 21:15:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Christopher Spank\My Documents\Bluetooth Exchange Folder
[2009/03/10 13:31:47 | 00,000,000 | ---- | C] () -- C:\WINDOWS\SetPointInstall.ini
[2009/03/09 13:10:28 | 00,000,000 | ---D | C] -- C:\ac1bc67562fe4ebc54dd9d117e
[2009/03/09 12:24:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Saitek SD6 Profiles
[2009/03/09 12:16:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\NV48644336.TMP
[2009/03/08 16:52:30 | 19,471,3632 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2009/03/08 16:52:30 | 02,276,564 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2009/03/08 16:52:20 | 00,148,496 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\44668583.sys
[2009/03/08 16:52:19 | 00,000,000 | ---D | C] -- C:\Program Files\kaspersky
[2009/03/08 08:11:48 | 00,000,000 | ---D | C] -- C:\308ee3d31e3796de56
[2009/03/06 15:50:34 | 00,000,000 | ---D | C] -- C:\Program Files\DWG TrueView 2009
[2009/03/06 15:43:09 | 00,000,000 | ---D | C] -- C:\install

========== Files - Modified Within 30 Days ==========

[16 C:\WINDOWS\*.tmp files]
[2009/04/02 09:14:32 | 19,471,3632 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2009/04/02 05:32:11 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/04/02 05:32:06 | 00,071,361 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2009/04/02 05:32:06 | 00,000,335 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2009/04/02 05:30:10 | 00,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2009/04/02 05:29:24 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/04/01 22:44:17 | 02,276,564 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2009/04/01 22:40:21 | 15,554,938 | -H-- | M] () -- C:\Documents and Settings\Christopher Spank\Local Settings\Application Data\IconCache.db
[2009/04/01 16:34:12 | 00,038,330 | ---- | M] () -- C:\Documents and Settings\Christopher Spank\Desktop\Roster contact list-033009.doc
[2009/04/01 12:36:20 | 00,001,772 | -H-- | M] () -- C:\Documents and Settings\Christopher Spank\My Documents\Default.rdp
[2009/03/31 12:14:31 | 00,499,200 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Christopher Spank\Desktop\OTListIt2.exe
[2009/03/30 21:46:12 | 00,001,669 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Windows Updates Downloader.lnk
[2009/03/30 07:42:28 | 00,000,165 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2009/03/30 07:01:35 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/03/30 07:00:00 | 00,000,462 | ---- | M] () -- C:\WINDOWS\tasks\SyncBack auto solutions.job
[2009/03/30 06:55:51 | 00,000,462 | ---- | M] () -- C:\WINDOWS\tasks\RegCure Program Check.job
[2009/03/29 22:00:43 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/03/29 21:52:59 | 02,937,554 | R--- | M] () -- C:\Documents and Settings\Christopher Spank\Desktop\ComboFix.exe
[2009/03/27 10:22:24 | 00,119,296 | ---- | M] () -- C:\Documents and Settings\Christopher Spank\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/26 16:49:56 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/03/26 16:49:50 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/03/25 22:27:03 | 00,004,212 | -H-- | M] () -- C:\WINDOWS\System32\zllictbl.dat
[2009/03/22 21:00:00 | 00,000,474 | ---- | M] () -- C:\WINDOWS\tasks\SyncBack automation solutions.job
[2009/03/22 20:00:00 | 00,000,458 | ---- | M] () -- C:\WINDOWS\tasks\SyncBack as solutions.job
[2009/03/22 10:52:39 | 00,001,032 | ---- | M] () -- C:\Documents and Settings\Christopher Spank\Desktop\Shortcut to Bioshock.exe.lnk
[2009/03/21 15:28:44 | 00,572,358 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/03/21 15:28:44 | 00,116,636 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/03/21 15:28:43 | 00,703,292 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/03/19 21:48:22 | 00,026,404 | ---- | M] () -- C:\Documents and Settings\Christopher Spank\Application Data\mainhst.zgh
[2009/03/18 07:16:49 | 00,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2009/03/17 03:55:12 | 00,155,856 | ---- | M] () -- C:\Documents and Settings\Christopher Spank\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/03/17 03:53:05 | 00,478,744 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/03/11 14:19:53 | 00,000,552 | ---- | M] () -- C:\WINDOWS\zipgenius.xml
[2009/03/10 22:24:22 | 00,000,584 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2009/03/10 22:24:22 | 00,000,584 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2009/03/10 13:31:47 | 00,000,000 | ---- | M] () -- C:\WINDOWS\SetPointInstall.ini
[2009/03/09 18:13:12 | 03,302,579 | ---- | M] () -- C:\Documents and Settings\Christopher Spank\Desktop\PV6Manual.pdf
[2009/03/08 19:43:43 | 00,413,696 | ---- | M] (Creative Labs) -- C:\WINDOWS\System32\wrap_oal.dll
[2009/03/08 19:43:43 | 00,110,592 | ---- | M] (Portions © Creative Labs Inc. and NVIDIA Corp.) -- C:\WINDOWS\System32\OpenAL32.dll
[2009/03/04 13:40:18 | 00,015,688 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\tmp:SummaryInformation
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Christopher Spank\My Documents\My Videos:Roxio EMC Stream
@Alternate Data Stream - 498 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB0AACC9
@Alternate Data Stream - 108 bytes -> C:\WINDOWS:
< End of report >

#15 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:05:08 AM

Posted 02 April 2009 - 11:43 AM

Your log looks pretty good. But it's never looked that bad to begin with so I'd like to have you run one more scan just to be sure we got it all.

Please do an online scan with Kaspersky WebScanner.
  • Please visit the Kaspersky Online Scanner website.
  • Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users