Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Vimax virus/malware?


  • This topic is locked This topic is locked
12 replies to this topic

#1 geojohn13

geojohn13

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:38 AM

Posted 02 April 2009 - 05:36 PM

Hi, recently I have been getting adds for vimax on most web pages I visit, my computer has been freezing a couple times a day, and whenever I click on google search results, I am sent to a site I did not click on. I don't know if all these are related, and I'm not sure exactly when I picked up this virus or whatever it is. Any help would be greatly appreciated!


DDS (Ver_09-03-16.01) - NTFSx86
Run by Mr. Geoff at 15:16:20.57 on Thu 04/02/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1022.533 [GMT -7:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated)
FW: Norton Internet Worm Protection *disabled*
FW: McAfee Personal Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Dell Network Assistant\hnm_svc.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\KADxMain.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\ComcastUI\Universal Installer\uinstaller.exe
C:\Program Files\DNA\btdna.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Dell Network Assistant\ezi_hnm2.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Mr. Geoff\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.wwu.edu/
uSearch Page = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us
uDefault_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4070907
uSearch Bar = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us
mDefault_Page_URL = hxxp://www.dell.com
mStart Page = hxxp://www.dell.com
uInternet Settings,ProxyOverride = *.local
mSearchAssistant = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us
uURLSearchHooks: AOLTBSearch Class: {ea756889-2338-43db-8f07-d1ca6fb9c90d} - c:\program files\aol\aim toolbar 5.0\aoltb.dll
mURLSearchHooks: AOLTBSearch Class: {ea756889-2338-43db-8f07-d1ca6fb9c90d} - c:\program files\aol\aim toolbar 5.0\aoltb.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: AOL Toolbar Launcher: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol\aim toolbar 5.0\aoltb.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar2.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\2.0.301.7164\swg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll
TB: AIM Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol\aim toolbar 5.0\aoltb.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
EB: &Discuss: {bdeade7f-c265-11d0-bced-00a0c90ab50f} - shdocvw.dll
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp
uRun: [SVCHOST.EXE] c:\windows\system32\drivers\svchost.exe
uRun: [Universal Installer] "c:\program files\comcastui\universal installer\uinstaller.exe" /fromrun /starthidden
uRun: [BitTorrent DNA] "c:\program files\dna\btdna.exe"
uRun: [GetModule30] c:\program files\getmodule\GetModule30.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /installquiet
mRun: [NVHotkey] rundll32.exe nvHotkey.dll,Start
mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe"
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [KADxMain] c:\windows\system32\KADxMain.exe
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [<NO NAME>]
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [RoxioDragToDisc] "c:\program files\roxio\drag-to-disc\DrgToDsc.exe"
mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [OpwareSE4] "c:\program files\scansoft\omnipagese4\OpwareSE4.exe"
mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [mcagent_exe] c:\program files\mcafee.com\agent\mcagent.exe /runkey
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\dellne~1.lnk - c:\windows\installer\{0240bdfb-2995-4a3f-8c96-18d41282b716}\Icon0240BDFB3.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
IE: &AOL Toolbar Search - c:\program files\aol\aim toolbar 5.0\resources\en-us\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {3369AF0D-62E9-4bda-8103-B4C75499B578} - {DE9C389F-3316-41A7-809B-AA305ED9D922} - c:\program files\aol\aim toolbar 5.0\aoltb.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} - hxxp://disney.go.com/pirates/online/testActiveX/built/signed/DisneyOnlineGames.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader3.cab
DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1189664809968
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
TCP: NameServer = 85.255.112.78,85.255.112.12
TCP: {8BBDBB6C-302B-434B-89C8-55A008C52F99} = 85.255.112.78,85.255.112.12
TCP: {E0A2C051-49BF-409E-95B5-50B0CBFD6613} = 85.255.112.78,85.255.112.12
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, digeste.dll

============= SERVICES / DRIVERS ===============

R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2007-12-16 201320]
R2 BCMWLNPF;Broadcom Netgroup Packet Filter;c:\windows\system32\drivers\BCMWLNPF.SYS [2007-9-7 33664]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2007-12-16 359248]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2007-12-16 144704]
R2 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2007-9-7 1247600]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-10-6 24652]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2007-12-16 695624]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2007-12-16 79304]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2007-12-16 35240]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2007-12-16 40488]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2007-12-16 33832]

=============== Created Last 30 ================

2009-04-02 13:55 <DIR> --d----- c:\program files\Trend Micro
2009-04-01 23:33 <DIR> --d----- c:\program files\common files\L&H
2009-03-24 17:10 <DIR> --d----- C:\Combo-Fix
2009-03-24 17:10 388,608 a------- c:\windows\system32\CF681.exe
2009-03-22 23:19 57,398 a------- c:\windows\system32\dllcache\imjpdadm.exe

==================== Find3M ====================

2009-03-15 18:33 80,391 a------- c:\windows\system32\nvModes.dat
2009-02-09 03:19 1,846,272 a------- c:\windows\system32\win32k.sys
2009-02-09 03:19 1,846,272 -------- c:\windows\system32\dllcache\win32k.sys
2009-02-02 17:41 33,019 a------- c:\windows\system32\CoreAAC-uninstall.exe
2008-09-08 23:25 22,328 a------- c:\docume~1\mr72a9~1.geo\applic~1\PnkBstrK.sys
2007-11-06 21:00 184 a------- c:\docume~1\mr72a9~1.geo\applic~1\wklnhst.dat

============= FINISH: 15:16:56.28 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:38 PM

Posted 10 April 2009 - 05:04 PM

Hi

My name is Extremeboy (or EB for short), and I will be helping you with your log.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.

If you do not make a reply in 5 days, we will need to close your topic.

You may want to keep the link to this topic in your favourites. Alternatively, you can click the Posted Image button at the top bar of this topic and Track this Topic. The topics you are tracking can be found here.

Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
  • Please reply using the Posted Image button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply.
  • Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just post back here so that we know you're still here.


Download and run MalwareBytes Anti-Malware

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on Download_mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

For complete or visual instructions on installing and running Malwarebytes Anti-Malware please read this link

Download and run OTListIT2

We need to create an OTListIt2 Report
  • Please download OTListIt2 from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
  • Post both logs in your next reply please.
In your next reply please include the following:
  • MBAM log
  • OTListIt.txt
  • Description of Problems you still have

Important Note: For other users who are reading this topic,the instructions provided in this topic are for the original topic starter ONLY. Even if you have similar problems or even log entries to those given here, please do not follow the directions, especially those involving specific tools and scripts. Doing so can result in serious damage to your computer. Instead, please start your own topic and feel free to link to any relevant topics as needed.Please Do NOT follow the instructions provided for this topic.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#3 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:38 PM

Posted 13 April 2009 - 12:25 PM

Hello.

Are you still there?

If you are please follow the instructions in my previous post.

If you still need help, follow the instructions I have given in my response. If you have since had your problem solved, we would appreciate you letting us know so we can close the topic.

Please reply back telling us so. If you don't reply within 5-7 from the day I replied, the topic will need to be closed.

Thanks for understanding. :thumbup2:

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#4 geojohn13

geojohn13
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:38 AM

Posted 15 April 2009 - 12:18 AM

Hi, I couldn't get the MalwareBytes program to open. When I double click on the icon, it shows the hourglass for a split second then it disappears and nothing happens. But I got the OTListIt2 to work, so here are the two logs. Thanks for your help.


OTListIt logfile created on: 4/14/2009 10:02:29 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.14.0 Folder = C:\Documents and Settings\Mr. Geoff\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.11 Mb Total Physical Memory | 407.95 Mb Available Physical Memory | 39.91% Memory free
2.40 Gb Paging File | 1.87 Gb Available in Paging File | 77.69% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 146.46 Gb Total Space | 51.71 Gb Free Space | 35.31% Space Free | Partition Type: NTFS
Drive D: | 7.65 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: GEOFF
Current User Name: Mr. Geoff
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - [2007/03/16 01:10:54 | 00,020,480 | ---- | M] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
PRC - [2007/03/16 01:10:52 | 01,253,376 | ---- | M] (Dell Inc.) -- C:\WINDOWS\System32\bcmwltry.exe
PRC - [2008/11/07 15:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2006/07/25 18:03:42 | 00,100,032 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
PRC - [2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2007/05/25 09:38:46 | 00,112,176 | ---- | M] (SingleClick Systems) -- C:\Program Files\Dell Network Assistant\hnm_svc.exe
PRC - [2007/04/13 09:20:22 | 00,097,432 | ---- | M] () -- C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
PRC - [2007/03/12 18:30:14 | 00,517,768 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
PRC - [2008/01/09 16:50:22 | 00,767,976 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
PRC - [2008/01/25 01:38:12 | 02,458,128 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2007/06/13 03:23:07 | 01,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2007/08/15 12:36:04 | 00,359,248 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2007/07/24 12:02:14 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe
PRC - [2007/07/18 15:54:42 | 00,856,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MPFSrv.exe
PRC - [2007/06/06 13:35:02 | 00,163,908 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
PRC - [2008/09/09 21:20:53 | 00,066,872 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe
PRC - [2007/09/19 18:11:51 | 01,247,600 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
PRC - [2007/01/04 14:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2007/06/03 12:20:58 | 00,851,968 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2008/06/10 04:27:04 | 00,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
PRC - [2007/03/16 01:10:54 | 01,392,640 | ---- | M] (Dell Inc.) -- C:\WINDOWS\system32\WLTRAY.exe
PRC - [2007/05/14 12:23:32 | 01,191,936 | ---- | M] (Dell Inc) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2007/06/06 13:28:18 | 00,405,504 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2006/11/02 12:05:50 | 00,282,624 | ---- | M] (Knowles Acoustics) -- C:\WINDOWS\system32\KADxMain.exe
PRC - [2007/11/01 19:12:38 | 00,582,992 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2005/02/16 16:15:20 | 00,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
PRC - [2006/11/05 09:22:16 | 00,221,184 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
PRC - [2006/08/17 07:00:00 | 01,116,920 | ---- | M] (Roxio) -- C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
PRC - [2007/08/20 11:58:52 | 00,184,320 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Dell\MediaDirect\PCMService.exe
PRC - [2007/09/07 00:35:56 | 01,862,144 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
PRC - [2007/03/12 18:30:14 | 00,517,768 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
PRC - [2007/02/04 12:02:14 | 00,079,400 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe
PRC - [2007/04/03 18:50:00 | 01,603,152 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
PRC - [2008/11/20 14:20:54 | 00,290,088 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2004/10/13 09:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
PRC - [2008/01/03 09:15:06 | 00,050,528 | ---- | M] (AOL LLC) -- C:\Program Files\AIM6\aim6.exe
PRC - [2008/03/18 14:50:54 | 00,984,616 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\ComcastUI\Universal Installer\uinstaller.exe
PRC - [2008/12/18 21:25:41 | 00,342,848 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\DNA\btdna.exe
PRC - [2007/05/25 09:39:38 | 00,964,144 | ---- | M] (SingleClick Systems) -- C:\Program Files\Dell Network Assistant\ezi_hnm2.exe
PRC - [2006/11/03 16:02:14 | 00,050,688 | ---- | M] (Avanquest Software ) -- C:\Program Files\Digital Line Detect\DLG.exe
PRC - [2007/05/25 10:16:08 | 00,042,032 | ---- | M] (AOL LLC) -- C:\Program Files\AIM6\aolsoftware.exe
PRC - [2004/08/04 03:00:00 | 00,218,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe
PRC - [2008/11/20 14:20:44 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2006/11/05 08:55:48 | 00,010,752 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
PRC - [2007/12/05 10:04:10 | 00,695,624 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe
PRC - [2007/11/01 19:12:38 | 00,265,040 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\MSC\mcuimgr.exe
PRC - [2004/08/04 03:00:00 | 00,093,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\IEXPLORE.EXE
PRC - [2004/08/04 03:00:00 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Speech\sapisvr.exe
PRC - [2009/04/14 21:59:14 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mr. Geoff\Desktop\OTListIt2.exe

========== Win32 Services (SafeList) ==========

SRV - [2008/11/07 15:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2007/10/24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2006/07/25 18:03:42 | 00,100,032 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler [Auto | Running])
SRV - [2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2007/10/24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2007/09/07 00:35:56 | 01,862,144 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager [On_Demand | Stopped])
SRV - [2007/09/13 17:36:08 | 00,138,168 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
SRV - [2004/08/04 03:00:00 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2007/05/25 09:38:46 | 00,112,176 | ---- | M] (SingleClick Systems) -- C:\Program Files\Dell Network Assistant\hnm_svc.exe -- (hnmsvc [Auto | Running])
SRV - [2004/10/22 01:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2007/04/13 09:20:22 | 00,097,432 | ---- | M] () -- C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE -- (IJPLMSVC [Auto | Running])
SRV - [2008/11/20 14:20:44 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
SRV - [2006/07/25 18:03:42 | 02,119,360 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE -- (LiveUpdate [On_Demand | Stopped])
SRV - [2007/03/12 18:30:14 | 00,517,768 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service [Auto | Running])
SRV - [2008/01/09 16:50:22 | 00,767,976 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc [Auto | Running])
SRV - [2008/01/25 01:38:12 | 02,458,128 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc [Auto | Running])
SRV - [2007/11/07 09:35:40 | 00,378,184 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS [On_Demand | Stopped])
SRV - [2007/08/15 12:36:04 | 00,359,248 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy [Auto | Running])
SRV - [2007/07/24 12:02:14 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield [Unknown | Running])
SRV - [2007/12/05 10:04:10 | 00,695,624 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon [On_Demand | Running])
SRV - [2007/07/18 15:54:42 | 00,856,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService [Auto | Running])
SRV - [2007/06/06 13:35:02 | 00,163,908 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Auto | Running])
SRV - [2003/07/28 12:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2008/09/09 21:20:53 | 00,066,872 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe -- (PnkBstrA [Auto | Running])
SRV - [2006/11/05 09:15:12 | 00,880,640 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe -- (RoxMediaDB9 [On_Demand | Stopped])
SRV - [2006/11/05 09:13:00 | 00,159,744 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe -- (RoxWatch9 [Auto | Stopped])
SRV - [2006/09/14 12:54:34 | 00,073,728 | ---- | M] (MicroVision Development, Inc.) -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- (stllssvr [On_Demand | Stopped])
SRV - [2007/09/19 18:11:51 | 01,247,600 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC [Auto | Running])
SRV - [2007/01/04 14:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service [Auto | Running])
SRV - [2007/03/16 01:10:54 | 00,020,480 | ---- | M] () -- C:\WINDOWS\System32\WLTRYSVC.EXE -- (wltrysvc [Auto | Running])
SRV - [2006/10/18 21:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2001/08/17 11:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde [Disabled | Stopped])
DRV - [2004/08/03 21:07:44 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp [Disabled | Stopped])
DRV - [2005/08/12 15:50:46 | 00,016,128 | ---- | M] (Dell Inc) -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV [System | Running])
DRV - [2001/08/17 11:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc [Disabled | Stopped])
DRV - [2001/08/17 11:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550 [Disabled | Stopped])
DRV - [2007/03/16 01:10:56 | 00,604,928 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\DRIVERS\bcmwl5.sys -- (BCM43XX [On_Demand | Running])
DRV - [2007/05/08 19:49:02 | 00,045,568 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys -- (bcm4sbxp [On_Demand | Running])
DRV - [2007/03/16 01:10:52 | 00,033,664 | ---- | M] (CACE Technologies) -- C:\WINDOWS\system32\drivers\bcmwlnpf.sys -- (BCMWLNPF [Auto | Running])
DRV - [2001/08/17 11:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde [Disabled | Stopped])
DRV - [2001/08/17 11:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k [Disabled | Stopped])
DRV - [2006/08/18 11:17:46 | 00,035,096 | ---- | M] (Roxio) -- C:\WINDOWS\System32\DLA\DLABMFSM.SYS -- (DLABMFSM [Auto | Running])
DRV - [2006/08/18 11:17:40 | 00,032,472 | ---- | M] (Roxio) -- C:\WINDOWS\System32\DLA\DLABOIOM.SYS -- (DLABOIOM [Auto | Running])
DRV - [2006/08/11 08:35:18 | 00,012,920 | ---- | M] (Roxio) -- C:\WINDOWS\System32\Drivers\DLACDBHM.SYS -- (DLACDBHM [System | Running])
DRV - [2006/08/18 11:18:08 | 00,009,400 | ---- | M] (Roxio) -- C:\WINDOWS\System32\DLA\DLADResM.SYS -- (DLADResM [Auto | Running])
DRV - [2006/08/18 11:17:38 | 00,104,472 | ---- | M] (Roxio) -- C:\WINDOWS\System32\DLA\DLAIFS_M.SYS -- (DLAIFS_M [Auto | Running])
DRV - [2006/08/18 11:17:42 | 00,026,008 | ---- | M] (Roxio) -- C:\WINDOWS\System32\DLA\DLAOPIOM.SYS -- (DLAOPIOM [Auto | Running])
DRV - [2006/08/18 11:17:38 | 00,014,520 | ---- | M] (Roxio) -- C:\WINDOWS\System32\DLA\DLAPoolM.SYS -- (DLAPoolM [Auto | Running])
DRV - [2006/08/11 08:35:16 | 00,028,184 | ---- | M] (Roxio) -- C:\WINDOWS\System32\Drivers\DLARTL_M.SYS -- (DLARTL_M [System | Running])
DRV - [2006/08/18 11:17:44 | 00,094,648 | ---- | M] (Roxio) -- C:\WINDOWS\System32\DLA\DLAUDFAM.SYS -- (DLAUDFAM [Auto | Running])
DRV - [2006/08/18 11:17:44 | 00,097,848 | ---- | M] (Roxio) -- C:\WINDOWS\System32\DLA\DLAUDF_M.SYS -- (DLAUDF_M [Auto | Running])
DRV - [2006/07/21 09:21:26 | 00,099,176 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB [Boot | Running])
DRV - [2006/08/11 09:05:58 | 00,051,768 | ---- | M] (Roxio) -- C:\WINDOWS\System32\Drivers\DRVNDDM.SYS -- (DRVNDDM [Auto | Running])
DRV - [2006/11/02 10:31:38 | 00,103,168 | ---- | M] (Knowles Acoustics) -- C:\WINDOWS\system32\drivers\dxec02.sys -- (DXEC02 [On_Demand | Running])
DRV - [2001/08/17 10:12:10 | 00,117,760 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\DRIVERS\e100b325.sys -- (E100B [On_Demand | Stopped])
DRV - [2008/04/17 13:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
DRV - [2004/08/12 15:45:54 | 00,137,728 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])
DRV - [2007/04/23 19:15:44 | 00,209,152 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys -- (HSFHWAZL [On_Demand | Running])
DRV - [2007/04/23 19:15:46 | 00,989,696 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys -- (HSF_DPV [On_Demand | Running])
DRV - [2007/05/08 18:22:58 | 00,277,784 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor [Boot | Running])
DRV - [2007/04/23 19:15:48 | 00,012,672 | ---- | M] (Conexant) -- C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys -- (mdmxsdk [Auto | Running])
DRV - [2007/11/22 06:44:08 | 00,079,304 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk [On_Demand | Running])
DRV - [2007/11/22 06:44:08 | 00,035,240 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk [On_Demand | Running])
DRV - [2007/11/22 06:44:08 | 00,201,320 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk [System | Running])
DRV - [2007/11/22 06:44:04 | 00,033,832 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk [On_Demand | Stopped])
DRV - [2007/12/02 12:51:42 | 00,040,488 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk [On_Demand | Running])
DRV - [2007/07/13 06:20:24 | 00,113,952 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\Drivers\Mpfp.sys -- (MPFP [System | Running])
DRV - [2001/08/17 11:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x [Disabled | Stopped])
DRV - [2007/06/06 13:34:38 | 06,345,472 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running])
DRV - [2006/12/18 17:01:20 | 00,012,672 | ---- | M] (SingleClick Systems) -- C:\WINDOWS\system32\DRIVERS\packet.sys -- (Packet [Auto | Running])
DRV - [2004/08/04 03:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2008/03/21 13:30:04 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2001/08/17 11:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080 [Disabled | Stopped])
DRV - [2001/08/17 11:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160 [Disabled | Stopped])
DRV - [2001/08/17 11:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280 [Disabled | Stopped])
DRV - [2007/05/08 19:46:06 | 00,032,256 | ---- | M] (REDC) -- C:\WINDOWS\system32\DRIVERS\rimmptsk.sys -- (rimmptsk [Auto | Running])
DRV - [2007/05/08 19:46:08 | 00,043,520 | ---- | M] (REDC) -- C:\WINDOWS\system32\DRIVERS\rimsptsk.sys -- (rimsptsk [Auto | Running])
DRV - [2007/05/08 19:46:12 | 00,037,376 | ---- | M] (REDC) -- C:\WINDOWS\system32\DRIVERS\rixdptsk.sys -- (rismxdp [Auto | Running])
DRV - [2007/11/13 03:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2004/08/03 21:07:44 | 00,041,088 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp [Disabled | Stopped])
DRV - [2001/08/17 12:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow [Disabled | Stopped])
DRV - [2007/06/06 13:28:16 | 01,222,840 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA [On_Demand | Running])
DRV - [2001/08/17 12:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810 [Disabled | Stopped])
DRV - [2001/08/17 12:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx [Disabled | Stopped])
DRV - [2007/09/07 00:37:50 | 00,010,344 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd [Auto | Running])
DRV - [2001/08/17 12:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi [Disabled | Stopped])
DRV - [2001/08/17 12:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3 [Disabled | Stopped])
DRV - [2007/06/03 12:20:58 | 00,202,912 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\DRIVERS\SynTP.sys -- (SynTP [On_Demand | Running])
DRV - [2001/08/17 11:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra [Disabled | Stopped])
DRV - [2007/04/23 19:15:46 | 00,730,112 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys -- (winachsf [On_Demand | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4070907
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/hws/sb/dell-usuk/en/...html?channel=us
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4070907


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4070907
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4070907
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4070907
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4070907
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-21-376864874-2411757074-1447001364-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4070907
IE - HKU\S-1-5-21-376864874-2411757074-1447001364-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-376864874-2411757074-1447001364-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\S-1-5-21-376864874-2411757074-1447001364-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com/hws/sb/dell-usuk/en/...html?channel=us
IE - HKU\S-1-5-21-376864874-2411757074-1447001364-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.wwu.edu/
IE - HKU\S-1-5-21-376864874-2411757074-1447001364-1006\S-1-5-21-376864874-2411757074-1447001364-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-376864874-2411757074-1447001364-1006\S-1-5-21-376864874-2411757074-1447001364-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AOL Toolbar Launcher) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (AOL LLC)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll File not found
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll File not found
O3 - HKLM\..\Toolbar: (AIM Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (AOL LLC)
O3 - HKU\S-1-5-21-376864874-2411757074-1447001364-1006\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - Reg Error: Key error. File not found
O3 - HKU\S-1-5-21-376864874-2411757074-1447001364-1006\..\Toolbar\WebBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - Reg Error: Key error. File not found
O3 - HKU\S-1-5-21-376864874-2411757074-1447001364-1006\..\Toolbar\WebBrowser: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (AOL LLC)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe (Dell Inc.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon (CANON INC.)
O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc)
O4 - HKLM..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup (Google)
O4 - HKLM..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup (Macrovision Corporation)
O4 - HKLM..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start (InstallShield Software Corporation)
O4 - HKLM..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
O4 - HKLM..\Run: [KADxMain] C:\WINDOWS\system32\KADxMain.exe (Knowles Acoustics)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey (McAfee, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] nwiz.exe /installquiet ()
O4 - HKLM..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe" (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe" (CyberLink Corp.)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe" (Roxio)
O4 - HKLM..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" (Sonic Solutions)
O4 - HKLM..\Run: [SigmatelSysTrayApp] stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot (Nuance Communications, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" (Symantec Corporation)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKU\S-1-5-21-376864874-2411757074-1447001364-1006..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp (AOL LLC)
O4 - HKU\S-1-5-21-376864874-2411757074-1447001364-1006..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe" (BitTorrent, Inc.)
O4 - HKU\S-1-5-21-376864874-2411757074-1447001364-1006..\Run: [GetModule30] C:\Program Files\GetModule\GetModule30.exe File not found
O4 - HKU\S-1-5-21-376864874-2411757074-1447001364-1006..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation)
O4 - HKU\S-1-5-21-376864874-2411757074-1447001364-1006..\Run: [SVCHOST.EXE] C:\WINDOWS\system32\drivers\svchost.exe File not found
O4 - HKU\S-1-5-21-376864874-2411757074-1447001364-1006..\Run: [Universal Installer] "C:\Program Files\ComcastUI\Universal Installer\uinstaller.exe" /fromrun /starthidden (SupportSoft, Inc.)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent (Malwarebytes Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Dell Network Assistant.lnk = C:\WINDOWS\Installer\{0240BDFB-2995-4A3F-8C96-18D41282B716}\Icon0240BDFB3.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (Avanquest Software )
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-376864874-2411757074-1447001364-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-376864874-2411757074-1447001364-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html ()
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra Button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (AOL LLC)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} http://disney.go.com/pirates/online/testAc...OnlineGames.cab (Disney Online Games ActiveX Control)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} http://upload.facebook.com/controls/Facebo...toUploader3.cab (Facebook Photo Uploader 4 Control)
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} http://upload.facebook.com/controls/Facebo...otoUploader.cab (Facebook Photo Uploader Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftu...b?1189664809968 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.78,85.255.112.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Interfaces\{8BBDBB6C-302B-434B-89C8-55A008C52F99}\\NameServer = 85.255.112.78,85.255.112.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Interfaces\{E0A2C051-49BF-409E-95B5-50B0CBFD6613}\\NameServer = 85.255.112.78,85.255.112.12
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O29 - HKLM SecurityProviders - (digeste.dll) - File not found
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 11:04:08 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2000/09/14 14:29:16 | 00,000,094 | R--- | M] () - D:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{7da3402d-adc8-11dc-96b1-001c239732f2}\Shell - "" = AutoRun
O33 - MountPoints2\{7da3402d-adc8-11dc-96b1-001c239732f2}\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/04/14 21:59:12 | 00,501,248 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Mr. Geoff\Desktop\OTListIt2.exe
[2009/04/12 23:30:27 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/04/12 23:30:27 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/04/12 23:30:25 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/04/12 23:30:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/04/12 23:30:23 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/04/12 23:28:19 | 02,967,800 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Mr. Geoff\Desktop\mbam-setup.exe
[2009/04/05 00:22:23 | 00,003,532 | ---- | C] () -- C:\drmHeader.bin
[2009/04/02 15:15:53 | 00,360,002 | ---- | C] () -- C:\Documents and Settings\Mr. Geoff\Desktop\dds.scr
[2009/04/02 13:55:24 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Mr. Geoff\Desktop\HijackThis.lnk
[2009/04/02 13:55:24 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/04/01 23:33:35 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\L&H
[2009/03/27 11:57:32 | 00,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2009/03/24 17:10:29 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/03/24 17:10:29 | 00,000,000 | ---D | C] -- C:\Combo-Fix
[2009/03/24 17:10:28 | 00,388,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CF681.exe
[2009/03/24 17:01:24 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/03/24 17:00:58 | 02,934,667 | R--- | C] () -- C:\Documents and Settings\Mr. Geoff\Desktop\Combo-Fix.exe
[2009/03/22 23:20:44 | 01,677,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chsbrkr.dll
[2009/03/22 23:20:44 | 01,677,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\chsbrkr.dll
[2009/03/22 23:20:44 | 00,838,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtbrkr.dll
[2009/03/22 23:20:44 | 00,838,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\chtbrkr.dll
[2009/03/22 23:20:43 | 01,875,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msir3jp.lex
[2009/03/22 23:20:43 | 01,875,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msir3jp.lex
[2009/03/22 23:20:43 | 01,158,818 | ---- | C] () -- C:\WINDOWS\System32\korwbrkr.lex
[2009/03/22 23:20:43 | 01,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2009/03/22 23:20:43 | 00,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msir3jp.dll
[2009/03/22 23:20:43 | 00,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msir3jp.dll
[2009/03/22 23:20:43 | 00,070,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\korwbrkr.dll
[2009/03/22 23:20:43 | 00,070,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\korwbrkr.dll
[2009/03/22 23:20:43 | 00,002,060 | ---- | C] () -- C:\WINDOWS\System32\noise.jpn
[2009/03/22 23:20:43 | 00,001,486 | ---- | C] () -- C:\WINDOWS\System32\noise.kor
[2009/03/22 23:20:42 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0404.dll
[2009/03/22 23:20:35 | 10,096,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxcht.dll
[2009/03/22 23:20:29 | 00,211,938 | ---- | C] () -- C:\WINDOWS\System32\lcphrase.tbl
[2009/03/22 23:20:29 | 00,146,126 | ---- | C] () -- C:\WINDOWS\System32\array30.tab
[2009/03/22 23:20:29 | 00,110,566 | ---- | C] () -- C:\WINDOWS\System32\arphr.tbl
[2009/03/22 23:20:29 | 00,024,114 | ---- | C] () -- C:\WINDOWS\System32\lcptr.tbl
[2009/03/22 23:20:29 | 00,018,600 | ---- | C] () -- C:\WINDOWS\System32\arrayhw.tab
[2009/03/22 23:20:29 | 00,016,312 | ---- | C] () -- C:\WINDOWS\System32\arptr.tbl
[2009/03/22 23:20:29 | 00,002,714 | ---- | C] () -- C:\WINDOWS\System32\phonptr.tbl
[2009/03/22 23:20:28 | 00,195,618 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10002.nls
[2009/03/22 23:20:28 | 00,195,618 | ---- | C] () -- C:\WINDOWS\System32\c_10002.nls
[2009/03/22 23:20:28 | 00,116,285 | ---- | C] () -- C:\WINDOWS\System32\msdayi.tbl
[2009/03/22 23:20:28 | 00,044,370 | ---- | C] () -- C:\WINDOWS\System32\acode.tbl
[2009/03/22 23:20:28 | 00,044,370 | ---- | C] () -- C:\WINDOWS\System32\a234.tbl
[2009/03/22 23:20:28 | 00,043,242 | ---- | C] () -- C:\WINDOWS\System32\phoncode.tbl
[2009/03/22 23:20:28 | 00,004,071 | ---- | C] () -- C:\WINDOWS\System32\phon.tbl
[2009/03/22 23:20:28 | 00,001,460 | ---- | C] () -- C:\WINDOWS\System32\a15.tbl
[2009/03/22 23:20:28 | 00,000,700 | ---- | C] () -- C:\WINDOWS\System32\dayiptr.tbl
[2009/03/22 23:20:28 | 00,000,520 | ---- | C] () -- C:\WINDOWS\System32\dayiphr.tbl
[2009/03/22 23:20:27 | 00,082,172 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bopomofo.nls
[2009/03/22 23:20:27 | 00,082,172 | ---- | C] () -- C:\WINDOWS\System32\bopomofo.nls
[2009/03/22 23:20:27 | 00,066,728 | ---- | C] () -- C:\WINDOWS\System32\dllcache\big5.nls
[2009/03/22 23:20:27 | 00,066,728 | ---- | C] () -- C:\WINDOWS\System32\big5.nls
[2009/03/22 23:20:27 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0804.dll
[2009/03/22 23:20:26 | 00,016,254 | ---- | C] () -- C:\WINDOWS\System32\PINTLPAE.HLP
[2009/03/22 23:20:26 | 00,014,821 | ---- | C] () -- C:\WINDOWS\System32\PINTLPAD.HLP
[2009/03/22 23:20:17 | 01,223,500 | ---- | C] () -- C:\WINDOWS\System32\WINZM.MB
[2009/03/22 23:20:16 | 01,783,864 | ---- | C] () -- C:\WINDOWS\System32\WINPY.MB
[2009/03/22 23:20:16 | 01,564,868 | ---- | C] () -- C:\WINDOWS\System32\WINSP.MB
[2009/03/22 23:20:16 | 00,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\WINGB.IME
[2009/03/22 23:20:16 | 00,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wingb.ime
[2009/03/22 23:20:15 | 00,218,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_g18030.dll
[2009/03/22 23:20:15 | 00,218,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\c_g18030.dll
[2009/03/22 23:20:15 | 00,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10008.nls
[2009/03/22 23:20:15 | 00,173,602 | ---- | C] () -- C:\WINDOWS\System32\c_10008.nls
[2009/03/22 23:20:15 | 00,083,748 | ---- | C] () -- C:\WINDOWS\System32\prcp.nls
[2009/03/22 23:20:15 | 00,083,748 | ---- | C] () -- C:\WINDOWS\System32\prc.nls
[2009/03/22 23:20:15 | 00,083,748 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prcp.nls
[2009/03/22 23:20:15 | 00,083,748 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prc.nls
[2009/03/22 23:20:15 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs412.dll
[2009/03/22 23:20:15 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd101a.dll
[2009/03/22 23:20:15 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101a.dll
[2009/03/22 23:20:11 | 10,129,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxkor.dll
[2009/03/22 23:20:11 | 00,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2009/03/22 23:20:11 | 00,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2009/03/22 23:20:11 | 00,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hanjadic.dll
[2009/03/22 23:20:10 | 00,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imkrinst.exe
[2009/03/22 23:20:10 | 00,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrmig.exe
[2009/03/22 23:20:09 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0412.dll
[2009/03/22 23:20:06 | 00,189,986 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1361.nls
[2009/03/22 23:20:06 | 00,189,986 | ---- | C] () -- C:\WINDOWS\System32\c_1361.nls
[2009/03/22 23:20:06 | 00,177,698 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10003.nls
[2009/03/22 23:20:06 | 00,177,698 | ---- | C] () -- C:\WINDOWS\System32\c_10003.nls
[2009/03/22 23:20:05 | 00,311,359 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imepadsv.exe
[2009/03/22 23:20:05 | 00,229,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\multibox.dll
[2009/03/22 23:20:05 | 00,143,422 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\softkey.dll
[2009/03/22 23:20:05 | 00,102,463 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imepadsm.dll
[2009/03/22 23:20:05 | 00,047,066 | ---- | C] () -- C:\WINDOWS\System32\ksc.nls
[2009/03/22 23:20:05 | 00,047,066 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ksc.nls
[2009/03/22 23:20:05 | 00,036,927 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs411.dll
[2009/03/22 23:20:05 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0411.dll
[2009/03/22 23:20:05 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdnecAT.dll
[2009/03/22 23:20:05 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnecat.dll
[2009/03/22 23:20:05 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdnecNT.dll
[2009/03/22 23:20:05 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnecnt.dll
[2009/03/22 23:20:05 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdnec95.dll
[2009/03/22 23:20:05 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdibm02.dll
[2009/03/22 23:20:05 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\f3ahvoas.dll
[2009/03/22 23:20:05 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnec95.dll
[2009/03/22 23:20:05 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdibm02.dll
[2009/03/22 23:20:05 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\f3ahvoas.dll
[2009/03/22 23:20:05 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlk41a.dll
[2009/03/22 23:20:05 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlk41a.dll
[2009/03/22 23:20:05 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlk41j.dll
[2009/03/22 23:20:05 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdax2.dll
[2009/03/22 23:20:05 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd106n.dll
[2009/03/22 23:20:05 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd101.dll
[2009/03/22 23:20:05 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlk41j.dll
[2009/03/22 23:20:05 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdax2.dll
[2009/03/22 23:20:05 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd106n.dll
[2009/03/22 23:20:05 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101.dll
[2009/03/22 23:20:04 | 00,471,102 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imskdic.dll
[2009/03/22 23:20:04 | 00,315,452 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imskf.dll
[2009/03/22 23:20:03 | 13,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
[2009/03/22 23:19:54 | 00,057,398 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdadm.exe
[2009/03/22 23:19:54 | 00,045,109 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpuex.exe
[2009/03/22 23:19:49 | 00,180,770 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20932.nls
[2009/03/22 23:19:49 | 00,180,770 | ---- | C] () -- C:\WINDOWS\System32\c_20932.nls
[2009/03/22 23:19:49 | 00,180,258 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20000.nls
[2009/03/22 23:19:49 | 00,180,258 | ---- | C] () -- C:\WINDOWS\System32\c_20000.nls
[2009/03/22 23:19:49 | 00,177,698 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20949.nls
[2009/03/22 23:19:49 | 00,177,698 | ---- | C] () -- C:\WINDOWS\System32\c_20949.nls
[2009/03/22 23:19:49 | 00,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20936.nls
[2009/03/22 23:19:49 | 00,173,602 | ---- | C] () -- C:\WINDOWS\System32\c_20936.nls
[2009/03/22 23:19:49 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_21027.nls
[2009/03/22 23:19:49 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20290.nls
[2009/03/22 23:19:49 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_21027.nls
[2009/03/22 23:19:49 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_20290.nls
[2009/03/22 23:19:49 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_is2022.dll
[2009/03/22 23:19:49 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\c_is2022.dll
[2009/03/22 23:19:48 | 00,480,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintsetp.exe
[2009/03/22 23:19:48 | 00,455,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintsetp.exe
[2009/03/22 23:19:48 | 00,198,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintime.dll
[2009/03/22 23:19:48 | 00,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2009/03/22 23:19:48 | 00,162,850 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10001.nls
[2009/03/22 23:19:48 | 00,162,850 | ---- | C] () -- C:\WINDOWS\System32\c_10001.nls
[2009/03/22 23:19:48 | 00,097,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtmbx.dll
[2009/03/22 23:19:48 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtskdic.dll
[2009/03/22 23:19:48 | 00,028,288 | ---- | C] () -- C:\WINDOWS\System32\xjis.nls
[2009/03/22 23:19:48 | 00,028,288 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xjis.nls
[2009/03/22 23:19:48 | 00,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintlgnt.ime
[2009/03/22 23:19:48 | 00,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CINTLGNT.IME
[2009/03/22 23:19:48 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs404.dll
[2009/03/22 23:19:48 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tmigrate.dll
[2009/03/22 23:19:46 | 00,571,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\TINTLGNT.IME
[2009/03/22 23:19:46 | 00,571,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlgnt.ime
[2009/03/22 23:19:46 | 00,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winar30.ime
[2009/03/22 23:19:46 | 00,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winar30.ime
[2009/03/22 23:19:46 | 00,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\quick.ime
[2009/03/22 23:19:46 | 00,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quick.ime
[2009/03/22 23:19:46 | 00,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winime.ime
[2009/03/22 23:19:46 | 00,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winime.ime
[2009/03/22 23:19:46 | 00,065,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\unicdime.ime
[2009/03/22 23:19:46 | 00,065,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\unicdime.ime
[2009/03/22 23:19:46 | 00,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlphr.exe
[2009/03/22 23:19:46 | 00,011,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\miniime.tpl
[2009/03/22 23:19:45 | 00,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll
[2009/03/22 23:19:45 | 00,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\phon.ime
[2009/03/22 23:19:45 | 00,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\phon.ime
[2009/03/22 23:19:45 | 00,078,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dayi.ime
[2009/03/22 23:19:45 | 00,078,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dayi.ime
[2009/03/22 23:19:45 | 00,078,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chajei.ime
[2009/03/22 23:19:45 | 00,078,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\chajei.ime
[2009/03/22 23:19:45 | 00,076,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\uniime.dll
[2009/03/22 23:19:45 | 00,076,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uniime.dll
[2009/03/22 23:19:45 | 00,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlcsd.dll
[2009/03/22 23:19:45 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\romanime.ime
[2009/03/22 23:19:45 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\romanime.ime
[2009/03/22 23:19:45 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs804.dll
[2009/03/22 23:19:44 | 00,070,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlphr.exe
[2009/03/22 23:19:44 | 00,067,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmigrate.dll
[2009/03/22 23:19:44 | 00,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2009/03/22 23:19:43 | 00,811,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\imjp81k.dll
[2009/03/22 23:19:43 | 00,811,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjp81k.dll
[2009/03/22 23:19:43 | 00,482,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\PINTLGNT.IME
[2009/03/22 23:19:43 | 00,482,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlgnt.ime
[2009/03/22 23:19:43 | 00,340,023 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\imjp81.ime
[2009/03/22 23:19:43 | 00,340,023 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjp81.ime
[2009/03/22 23:19:43 | 00,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\WINZM.IME
[2009/03/22 23:19:43 | 00,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\WINSP.IME
[2009/03/22 23:19:43 | 00,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\WINPY.IME
[2009/03/22 23:19:43 | 00,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winzm.ime
[2009/03/22 23:19:43 | 00,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winsp.ime
[2009/03/22 23:19:43 | 00,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winpy.ime
[2009/03/22 23:19:43 | 00,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrcic.dll
[2009/03/22 23:19:43 | 00,102,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imlang.dll
[2009/03/22 23:19:43 | 00,094,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\imekr61.ime
[2009/03/22 23:19:43 | 00,094,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekr61.ime
[2009/03/22 23:19:43 | 00,086,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrmbx.dll
[2009/03/22 23:19:42 | 00,716,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpcus.dll
[2009/03/22 23:19:42 | 00,426,041 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\voicepad.dll
[2009/03/22 23:19:42 | 00,307,257 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdct.exe
[2009/03/22 23:19:42 | 00,274,489 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjputyc.dll
[2009/03/22 23:19:42 | 00,262,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjputy.exe
[2009/03/22 23:19:42 | 00,233,527 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjprw.exe
[2009/03/22 23:19:42 | 00,208,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpmig.exe
[2009/03/22 23:19:42 | 00,196,665 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe
[2009/03/22 23:19:42 | 00,155,705 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdsvr.exe
[2009/03/22 23:19:42 | 00,086,073 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\voicesub.dll
[2009/03/22 23:19:42 | 00,081,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdct.dll
[2009/03/22 23:19:40 | 00,368,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpcic.dll
[2009/03/22 23:19:39 | 00,057,399 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cplexe.exe
[2009/03/22 23:19:39 | 00,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdjpn.dll
[2009/03/22 23:19:39 | 00,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdjpn.dll
[2009/03/22 23:19:39 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdkor.dll
[2009/03/22 23:19:39 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdkor.dll
[2009/03/22 23:19:39 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd106.dll
[2009/03/22 23:19:39 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd101c.dll
[2009/03/22 23:19:39 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd106.dll
[2009/03/22 23:19:39 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101c.dll
[2009/03/22 23:19:39 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd103.dll
[2009/03/22 23:19:39 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd103.dll
[2009/03/22 23:19:36 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd101b.dll
[2009/03/22 23:19:36 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101b.dll
[2009/03/17 17:14:28 | 15,441,976 | ---- | C] () -- C:\Documents and Settings\Mr. Geoff\Desktop\Breakaway (Teaser Demo).wav
[2009/02/01 21:18:20 | 00,000,000 | ---- | C] () -- C:\WINDOWS\pcfriend.INI
[2008/11/21 14:47:52 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/11/21 14:45:16 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008/11/21 14:45:16 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2008/11/21 14:44:16 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2007/11/17 23:20:13 | 00,138,560 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2007/11/17 23:18:26 | 00,000,319 | ---- | C] () -- C:\WINDOWS\game.ini
[2007/10/08 14:10:38 | 00,000,412 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2007/09/16 20:40:38 | 00,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2007/09/12 22:43:21 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/09/07 00:44:36 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2007/09/07 00:34:06 | 00,198,144 | ---- | C] () -- C:\WINDOWS\System32\_psisdecd.dll
[2007/09/07 00:33:40 | 00,056,056 | ---- | C] () -- C:\WINDOWS\System32\DLAAPI_W.DLL
[2007/09/07 00:33:40 | 00,000,120 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/09/07 00:25:32 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2007/09/07 00:25:29 | 00,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2007/09/07 00:02:14 | 00,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2007/09/07 00:01:56 | 01,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2007/09/07 00:01:56 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2007/09/07 00:01:55 | 01,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2007/09/07 00:01:55 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2007/09/07 00:00:55 | 00,001,118 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/11/07 02:25:58 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/09/16 21:36:50 | 00,520,192 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Roxio.dll
[2006/09/16 21:36:50 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll
[2004/08/10 11:12:05 | 00,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 11:01:18 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/10 10:51:28 | 00,000,603 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/10 10:51:26 | 00,000,231 | ---- | C] () -- C:\WINDOWS\system.ini
[2004/08/10 10:51:09 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2003/01/07 15:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[1998/10/11 01:07:38 | 00,088,576 | ---- | C] () -- C:\WINDOWS\System32\Iticheck.dll
[1988/11/07 22:11:26 | 00,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll

========== Files - Modified Within 30 Days ==========

[6 C:\WINDOWS\System32\*.tmp files]
[2009/04/14 21:59:14 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mr. Geoff\Desktop\OTListIt2.exe
[2009/04/14 21:54:38 | 00,017,048 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2009/04/14 21:53:56 | 00,080,391 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2009/04/14 21:16:54 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/04/14 21:16:21 | 02,967,800 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Mr. Geoff\Desktop\mbam-setup.exe
[2009/04/14 13:42:48 | 00,002,333 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Dell Network Assistant.lnk
[2009/04/14 13:42:26 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/04/14 13:42:24 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/04/14 13:42:20 | 10,718,37184 | -HS- | M] () -- C:\hiberfil.sys
[2009/04/06 23:26:34 | 00,080,391 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat
[2009/04/06 15:32:54 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/04/06 15:32:46 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/04/05 00:27:53 | 00,182,272 | ---- | M] () -- C:\Documents and Settings\Mr. Geoff\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/05 00:22:23 | 00,003,532 | ---- | M] () -- C:\drmHeader.bin
[2009/04/02 15:16:19 | 00,360,002 | ---- | M] () -- C:\Documents and Settings\Mr. Geoff\Desktop\dds.scr
[2009/04/02 13:55:24 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Mr. Geoff\Desktop\HijackThis.lnk
[2009/03/24 18:32:04 | 00,075,416 | ---- | M] () -- C:\Documents and Settings\Mr. Geoff\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/03/24 17:01:21 | 00,388,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\CF681.exe
[2009/03/24 17:00:58 | 02,934,667 | R--- | M] () -- C:\Documents and Settings\Mr. Geoff\Desktop\Combo-Fix.exe
[2009/03/22 23:36:09 | 00,281,336 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/03/20 23:46:03 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/03/20 20:19:34 | 00,483,924 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/03/20 20:19:34 | 00,411,142 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/03/20 20:19:34 | 00,065,446 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/03/15 23:47:00 | 15,441,976 | ---- | M] () -- C:\Documents and Settings\Mr. Geoff\Desktop\Breakaway (Teaser Demo).wav

========== Alternate Data Streams ==========

@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:62E2D794
< End of report >






OTListIt logfile created on: 4/14/2009 10:02:29 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.14.0 Folder = C:\Documents and Settings\Mr. Geoff\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.11 Mb Total Physical Memory | 407.95 Mb Available Physical Memory | 39.91% Memory free
2.40 Gb Paging File | 1.87 Gb Available in Paging File | 77.69% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 146.46 Gb Total Space | 51.71 Gb Free Space | 35.31% Space Free | Partition Type: NTFS
Drive D: | 7.65 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: GEOFF
Current User Name: Mr. Geoff
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - [2007/03/16 01:10:54 | 00,020,480 | ---- | M] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
PRC - [2007/03/16 01:10:52 | 01,253,376 | ---- | M] (Dell Inc.) -- C:\WINDOWS\System32\bcmwltry.exe
PRC - [2008/11/07 15:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2006/07/25 18:03:42 | 00,100,032 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
PRC - [2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2007/05/25 09:38:46 | 00,112,176 | ---- | M] (SingleClick Systems) -- C:\Program Files\Dell Network Assistant\hnm_svc.exe
PRC - [2007/04/13 09:20:22 | 00,097,432 | ---- | M] () -- C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
PRC - [2007/03/12 18:30:14 | 00,517,768 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
PRC - [2008/01/09 16:50:22 | 00,767,976 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
PRC - [2008/01/25 01:38:12 | 02,458,128 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2007/06/13 03:23:07 | 01,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2007/08/15 12:36:04 | 00,359,248 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2007/07/24 12:02:14 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe
PRC - [2007/07/18 15:54:42 | 00,856,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MPFSrv.exe
PRC - [2007/06/06 13:35:02 | 00,163,908 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
PRC - [2008/09/09 21:20:53 | 00,066,872 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe
PRC - [2007/09/19 18:11:51 | 01,247,600 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
PRC - [2007/01/04 14:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2007/06/03 12:20:58 | 00,851,968 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2008/06/10 04:27:04 | 00,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
PRC - [2007/03/16 01:10:54 | 01,392,640 | ---- | M] (Dell Inc.) -- C:\WINDOWS\system32\WLTRAY.exe
PRC - [2007/05/14 12:23:32 | 01,191,936 | ---- | M] (Dell Inc) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2007/06/06 13:28:18 | 00,405,504 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2006/11/02 12:05:50 | 00,282,624 | ---- | M] (Knowles Acoustics) -- C:\WINDOWS\system32\KADxMain.exe
PRC - [2007/11/01 19:12:38 | 00,582,992 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2005/02/16 16:15:20 | 00,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
PRC - [2006/11/05 09:22:16 | 00,221,184 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
PRC - [2006/08/17 07:00:00 | 01,116,920 | ---- | M] (Roxio) -- C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
PRC - [2007/08/20 11:58:52 | 00,184,320 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Dell\MediaDirect\PCMService.exe
PRC - [2007/09/07 00:35:56 | 01,862,144 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
PRC - [2007/03/12 18:30:14 | 00,517,768 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
PRC - [2007/02/04 12:02:14 | 00,079,400 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe
PRC - [2007/04/03 18:50:00 | 01,603,152 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
PRC - [2008/11/20 14:20:54 | 00,290,088 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2004/10/13 09:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
PRC - [2008/01/03 09:15:06 | 00,050,528 | ---- | M] (AOL LLC) -- C:\Program Files\AIM6\aim6.exe
PRC - [2008/03/18 14:50:54 | 00,984,616 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\ComcastUI\Universal Installer\uinstaller.exe
PRC - [2008/12/18 21:25:41 | 00,342,848 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\DNA\btdna.exe
PRC - [2007/05/25 09:39:38 | 00,964,144 | ---- | M] (SingleClick Systems) -- C:\Program Files\Dell Network Assistant\ezi_hnm2.exe
PRC - [2006/11/03 16:02:14 | 00,050,688 | ---- | M] (Avanquest Software ) -- C:\Program Files\Digital Line Detect\DLG.exe
PRC - [2007/05/25 10:16:08 | 00,042,032 | ---- | M] (AOL LLC) -- C:\Program Files\AIM6\aolsoftware.exe
PRC - [2004/08/04 03:00:00 | 00,218,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe
PRC - [2008/11/20 14:20:44 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2006/11/05 08:55:48 | 00,010,752 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
PRC - [2007/12/05 10:04:10 | 00,695,624 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe
PRC - [2007/11/01 19:12:38 | 00,265,040 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\MSC\mcuimgr.exe
PRC - [2004/08/04 03:00:00 | 00,093,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\IEXPLORE.EXE
PRC - [2004/08/04 03:00:00 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Speech\sapisvr.exe
PRC - [2009/04/14 21:59:14 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mr. Geoff\Desktop\OTListIt2.exe

========== Win32 Services (SafeList) ==========

SRV - [2008/11/07 15:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2007/10/24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2006/07/25 18:03:42 | 00,100,032 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler [Auto | Running])
SRV - [2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2007/10/24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2007/09/07 00:35:56 | 01,862,144 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager [On_Demand | Stopped])
SRV - [2007/09/13 17:36:08 | 00,138,168 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
SRV - [2004/08/04 03:00:00 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2007/05/25 09:38:46 | 00,112,176 | ---- | M] (SingleClick Systems) -- C:\Program Files\Dell Network Assistant\hnm_svc.exe -- (hnmsvc [Auto | Running])
SRV - [2004/10/22 01:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2007/04/13 09:20:22 | 00,097,432 | ---- | M] () -- C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE -- (IJPLMSVC [Auto | Running])
SRV - [2008/11/20 14:20:44 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
SRV - [2006/07/25 18:03:42 | 02,119,360 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE -- (LiveUpdate [On_Demand | Stopped])
SRV - [2007/03/12 18:30:14 | 00,517,768 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service [Auto | Running])
SRV - [2008/01/09 16:50:22 | 00,767,976 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc [Auto | Running])
SRV - [2008/01/25 01:38:12 | 02,458,128 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc [Auto | Running])
SRV - [2007/11/07 09:35:40 | 00,378,184 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS [On_Demand | Stopped])
SRV - [2007/08/15 12:36:04 | 00,359,248 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy [Auto | Running])
SRV - [2007/07/24 12:02:14 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield [Unknown | Running])
SRV - [2007/12/05 10:04:10 | 00,695,624 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon [On_Demand | Running])
SRV - [2007/07/18 15:54:42 | 00,856,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService [Auto | Running])
SRV - [2007/06/06 13:35:02 | 00,163,908 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Auto | Running])
SRV - [2003/07/28 12:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2008/09/09 21:20:53 | 00,066,872 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe -- (PnkBstrA [Auto | Running])
SRV - [2006/11/05 09:15:12 | 00,880,640 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe -- (RoxMediaDB9 [On_Demand | Stopped])
SRV - [2006/11/05 09:13:00 | 00,159,744 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe -- (RoxWatch9 [Auto | Stopped])
SRV - [2006/09/14 12:54:34 | 00,073,728 | ---- | M] (MicroVision Development, Inc.) -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- (stllssvr [On_Demand | Stopped])
SRV - [2007/09/19 18:11:51 | 01,247,600 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC [Auto | Running])
SRV - [2007/01/04 14:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service [Auto | Running])
SRV - [2007/03/16 01:10:54 | 00,020,480 | ---- | M] () -- C:\WINDOWS\System32\WLTRYSVC.EXE -- (wltrysvc [Auto | Running])
SRV - [2006/10/18 21:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2001/08/17 11:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde [Disabled | Stopped])
DRV - [2004/08/03 21:07:44 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp [Disabled | Stopped])
DRV - [2005/08/12 15:50:46 | 00,016,128 | ---- | M] (Dell Inc) -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV [System | Running])
DRV - [2001/08/17 11:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc [Disabled | Stopped])
DRV - [2001/08/17 11:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550 [Disabled | Stopped])
DRV - [2007/03/16 01:10:56 | 00,604,928 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\DRIVERS\bcmwl5.sys -- (BCM43XX [On_Demand | Running])
DRV - [2007/05/08 19:49:02 | 00,045,568 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys -- (bcm4sbxp [On_Demand | Running])
DRV - [2007/03/16 01:10:52 | 00,033,664 | ---- | M] (CACE Technologies) -- C:\WINDOWS\system32\drivers\bcmwlnpf.sys -- (BCMWLNPF [Auto | Running])
DRV - [2001/08/17 11:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde [Disabled | Stopped])
DRV - [2001/08/17 11:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k [Disabled | Stopped])
DRV - [2006/08/18 11:17:46 | 00,035,096 | ---- | M] (Roxio) -- C:\WINDOWS\System32\DLA\DLABMFSM.SYS -- (DLABMFSM [Auto | Running])
DRV - [2006/08/18 11:17:40 | 00,032,472 | ---- | M] (Roxio) -- C:\WINDOWS\System32\DLA\DLABOIOM.SYS -- (DLABOIOM [Auto | Running])
DRV - [2006/08/11 08:35:18 | 00,012,920 | ---- | M] (Roxio) -- C:\WINDOWS\System32\Drivers\DLACDBHM.SYS -- (DLACDBHM [System | Running])
DRV - [2006/08/18 11:18:08 | 00,009,400 | ---- | M] (Roxio) -- C:\WINDOWS\System32\DLA\DLADResM.SYS -- (DLADResM [Auto | Running])
DRV - [2006/08/18 11:17:38 | 00,104,472 | ---- | M] (Roxio) -- C:\WINDOWS\System32\DLA\DLAIFS_M.SYS -- (DLAIFS_M [Auto | Running])
DRV - [2006/08/18 11:17:42 | 00,026,008 | ---- | M] (Roxio) -- C:\WINDOWS\System32\DLA\DLAOPIOM.SYS -- (DLAOPIOM [Auto | Running])
DRV - [2006/08/18 11:17:38 | 00,014,520 | ---- | M] (Roxio) -- C:\WINDOWS\System32\DLA\DLAPoolM.SYS -- (DLAPoolM [Auto | Running])
DRV - [2006/08/11 08:35:16 | 00,028,184 | ---- | M] (Roxio) -- C:\WINDOWS\System32\Drivers\DLARTL_M.SYS -- (DLARTL_M [System | Running])
DRV - [2006/08/18 11:17:44 | 00,094,648 | ---- | M] (Roxio) -- C:\WINDOWS\System32\DLA\DLAUDFAM.SYS -- (DLAUDFAM [Auto | Running])
DRV - [2006/08/18 11:17:44 | 00,097,848 | ---- | M] (Roxio) -- C:\WINDOWS\System32\DLA\DLAUDF_M.SYS -- (DLAUDF_M [Auto | Running])
DRV - [2006/07/21 09:21:26 | 00,099,176 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB [Boot | Running])
DRV - [2006/08/11 09:05:58 | 00,051,768 | ---- | M] (Roxio) -- C:\WINDOWS\System32\Drivers\DRVNDDM.SYS -- (DRVNDDM [Auto | Running])
DRV - [2006/11/02 10:31:38 | 00,103,168 | ---- | M] (Knowles Acoustics) -- C:\WINDOWS\system32\drivers\dxec02.sys -- (DXEC02 [On_Demand | Running])
DRV - [2001/08/17 10:12:10 | 00,117,760 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\DRIVERS\e100b325.sys -- (E100B [On_Demand | Stopped])
DRV - [2008/04/17 13:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
DRV - [2004/08/12 15:45:54 | 00,137,728 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])
DRV - [2007/04/23 19:15:44 | 00,209,152 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys -- (HSFHWAZL [On_Demand | Running])
DRV - [2007/04/23 19:15:46 | 00,989,696 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys -- (HSF_DPV [On_Demand | Running])
DRV - [2007/05/08 18:22:58 | 00,277,784 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor [Boot | Running])
DRV - [2007/04/23 19:15:48 | 00,012,672 | ---- | M] (Conexant) -- C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys -- (mdmxsdk [Auto | Running])
DRV - [2007/11/22 06:44:08 | 00,079,304 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk [On_Demand | Running])
DRV - [2007/11/22 06:44:08 | 00,035,240 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk [On_Demand | Running])
DRV - [2007/11/22 06:44:08 | 00,201,320 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk [System | Running])
DRV - [2007/11/22 06:44:04 | 00,033,832 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk [On_Demand | Stopped])
DRV - [2007/12/02 12:51:42 | 00,040,488 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk [On_Demand | Running])
DRV - [2007/07/13 06:20:24 | 00,113,952 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\Drivers\Mpfp.sys -- (MPFP [System | Running])
DRV - [2001/08/17 11:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x [Disabled | Stopped])
DRV - [2007/06/06 13:34:38 | 06,345,472 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running])
DRV - [2006/12/18 17:01:20 | 00,012,672 | ---- | M] (SingleClick Systems) -- C:\WINDOWS\system32\DRIVERS\packet.sys -- (Packet [Auto | Running])
DRV - [2004/08/04 03:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2008/03/21 13:30:04 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2001/08/17 11:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080 [Disabled | Stopped])
DRV - [2001/08/17 11:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160 [Disabled | Stopped])
DRV - [2001/08/17 11:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280 [Disabled | Stopped])
DRV - [2007/05/08 19:46:06 | 00,032,256 | ---- | M] (REDC) -- C:\WINDOWS\system32\DRIVERS\rimmptsk.sys -- (rimmptsk [Auto | Running])
DRV - [2007/05/08 19:46:08 | 00,043,520 | ---- | M] (REDC) -- C:\WINDOWS\system32\DRIVERS\rimsptsk.sys -- (rimsptsk [Auto | Running])
DRV - [2007/05/08 19:46:12 | 00,037,376 | ---- | M] (REDC) -- C:\WINDOWS\system32\DRIVERS\rixdptsk.sys -- (rismxdp [Auto | Running])
DRV - [2007/11/13 03:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2004/08/03 21:07:44 | 00,041,088 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp [Disabled | Stopped])
DRV - [2001/08/17 12:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow [Disabled | Stopped])
DRV - [2007/06/06 13:28:16 | 01,222,840 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA [On_Demand | Running])
DRV - [2001/08/17 12:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810 [Disabled | Stopped])
DRV - [2001/08/17 12:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx [Disabled | Stopped])
DRV - [2007/09/07 00:37:50 | 00,010,344 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd [Auto | Running])
DRV - [2001/08/17 12:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi [Disabled | Stopped])
DRV - [2001/08/17 12:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3 [Disabled | Stopped])
DRV - [2007/06/03 12:20:58 | 00,202,912 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\DRIVERS\SynTP.sys -- (SynTP [On_Demand | Running])
DRV - [2001/08/17 11:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra [Disabled | Stopped])
DRV - [2007/04/23 19:15:46 | 00,730,112 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys -- (winachsf [On_Demand | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4070907
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/hws/sb/dell-usuk/en/...html?channel=us
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4070907


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4070907
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4070907
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4070907
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4070907
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-21-376864874-2411757074-1447001364-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4070907
IE - HKU\S-1-5-21-376864874-2411757074-1447001364-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-376864874-2411757074-1447001364-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\S-1-5-21-376864874-2411757074-1447001364-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com/hws/sb/dell-usuk/en/...html?channel=us
IE - HKU\S-1-5-21-376864874-2411757074-1447001364-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.wwu.edu/
IE - HKU\S-1-5-21-376864874-2411757074-1447001364-1006\S-1-5-21-376864874-2411757074-1447001364-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-376864874-2411757074-1447001364-1006\S-1-5-21-376864874-2411757074-1447001364-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AOL Toolbar Launcher) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (AOL LLC)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll File not found
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll File not found
O3 - HKLM\..\Toolbar: (AIM Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (AOL LLC)
O3 - HKU\S-1-5-21-376864874-2411757074-1447001364-1006\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - Reg Error: Key error. File not found
O3 - HKU\S-1-5-21-376864874-2411757074-1447001364-1006\..\Toolbar\WebBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - Reg Error: Key error. File not found
O3 - HKU\S-1-5-21-376864874-2411757074-1447001364-1006\..\Toolbar\WebBrowser: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (AOL LLC)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe (Dell Inc.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon (CANON INC.)
O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc)
O4 - HKLM..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup (Google)
O4 - HKLM..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup (Macrovision Corporation)
O4 - HKLM..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start (InstallShield Software Corporation)
O4 - HKLM..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
O4 - HKLM..\Run: [KADxMain] C:\WINDOWS\system32\KADxMain.exe (Knowles Acoustics)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey (McAfee, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] nwiz.exe /installquiet ()
O4 - HKLM..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe" (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe" (CyberLink Corp.)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe" (Roxio)
O4 - HKLM..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" (Sonic Solutions)
O4 - HKLM..\Run: [SigmatelSysTrayApp] stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot (Nuance Communications, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" (Symantec Corporation)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKU\S-1-5-21-376864874-2411757074-1447001364-1006..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp (AOL LLC)
O4 - HKU\S-1-5-21-376864874-2411757074-1447001364-1006..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe" (BitTorrent, Inc.)
O4 - HKU\S-1-5-21-376864874-2411757074-1447001364-1006..\Run: [GetModule30] C:\Program Files\GetModule\GetModule30.exe File not found
O4 - HKU\S-1-5-21-376864874-2411757074-1447001364-1006..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation)
O4 - HKU\S-1-5-21-376864874-2411757074-1447001364-1006..\Run: [SVCHOST.EXE] C:\WINDOWS\system32\drivers\svchost.exe File not found
O4 - HKU\S-1-5-21-376864874-2411757074-1447001364-1006..\Run: [Universal Installer] "C:\Program Files\ComcastUI\Universal Installer\uinstaller.exe" /fromrun /starthidden (SupportSoft, Inc.)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent (Malwarebytes Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Dell Network Assistant.lnk = C:\WINDOWS\Installer\{0240BDFB-2995-4A3F-8C96-18D41282B716}\Icon0240BDFB3.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (Avanquest Software )
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-376864874-2411757074-1447001364-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-376864874-2411757074-1447001364-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html ()
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra Button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (AOL LLC)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} http://disney.go.com/pirates/online/testAc...OnlineGames.cab (Disney Online Games ActiveX Control)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} http://upload.facebook.com/controls/Facebo...toUploader3.cab (Facebook Photo Uploader 4 Control)
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} http://upload.facebook.com/controls/Facebo...otoUploader.cab (Facebook Photo Uploader Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftu...b?1189664809968 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.78,85.255.112.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Interfaces\{8BBDBB6C-302B-434B-89C8-55A008C52F99}\\NameServer = 85.255.112.78,85.255.112.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Interfaces\{E0A2C051-49BF-409E-95B5-50B0CBFD6613}\\NameServer = 85.255.112.78,85.255.112.12
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O29 - HKLM SecurityProviders - (digeste.dll) - File not found
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 11:04:08 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2000/09/14 14:29:16 | 00,000,094 | R--- | M] () - D:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{7da3402d-adc8-11dc-96b1-001c239732f2}\Shell - "" = AutoRun
O33 - MountPoints2\{7da3402d-adc8-11dc-96b1-001c239732f2}\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/04/14 21:59:12 | 00,501,248 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Mr. Geoff\Desktop\OTListIt2.exe
[2009/04/12 23:30:27 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/04/12 23:30:27 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/04/12 23:30:25 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/04/12 23:30:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/04/12 23:30:23 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/04/12 23:28:19 | 02,967,800 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Mr. Geoff\Desktop\mbam-setup.exe
[2009/04/05 00:22:23 | 00,003,532 | ---- | C] () -- C:\drmHeader.bin
[2009/04/02 15:15:53 | 00,360,002 | ---- | C] () -- C:\Documents and Settings\Mr. Geoff\Desktop\dds.scr
[2009/04/02 13:55:24 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Mr. Geoff\Desktop\HijackThis.lnk
[2009/04/02 13:55:24 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/04/01 23:33:35 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\L&H
[2009/03/27 11:57:32 | 00,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2009/03/24 17:10:29 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/03/24 17:10:29 | 00,000,000 | ---D | C] -- C:\Combo-Fix
[2009/03/24 17:10:28 | 00,388,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CF681.exe
[2009/03/24 17:01:24 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/03/24 17:00:58 | 02,934,667 | R--- | C] () -- C:\Documents and Settings\Mr. Geoff\Desktop\Combo-Fix.exe
[2009/03/22 23:20:44 | 01,677,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chsbrkr.dll
[2009/03/22 23:20:44 | 01,677,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\chsbrkr.dll
[2009/03/22 23:20:44 | 00,838,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtbrkr.dll
[2009/03/22 23:20:44 | 00,838,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\chtbrkr.dll
[2009/03/22 23:20:43 | 01,875,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msir3jp.lex
[2009/03/22 23:20:43 | 01,875,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msir3jp.lex
[2009/03/22 23:20:43 | 01,158,818 | ---- | C] () -- C:\WINDOWS\System32\korwbrkr.lex
[2009/03/22 23:20:43 | 01,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2009/03/22 23:20:43 | 00,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msir3jp.dll
[2009/03/22 23:20:43 | 00,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msir3jp.dll
[2009/03/22 23:20:43 | 00,070,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\korwbrkr.dll
[2009/03/22 23:20:43 | 00,070,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\korwbrkr.dll
[2009/03/22 23:20:43 | 00,002,060 | ---- | C] () -- C:\WINDOWS\System32\noise.jpn
[2009/03/22 23:20:43 | 00,001,486 | ---- | C] () -- C:\WINDOWS\System32\noise.kor
[2009/03/22 23:20:42 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0404.dll
[2009/03/22 23:20:35 | 10,096,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxcht.dll
[2009/03/22 23:20:29 | 00,211,938 | ---- | C] () -- C:\WINDOWS\System32\lcphrase.tbl
[2009/03/22 23:20:29 | 00,146,126 | ---- | C] () -- C:\WINDOWS\System32\array30.tab
[2009/03/22 23:20:29 | 00,110,566 | ---- | C] () -- C:\WINDOWS\System32\arphr.tbl
[2009/03/22 23:20:29 | 00,024,114 | ---- | C] () -- C:\WINDOWS\System32\lcptr.tbl
[2009/03/22 23:20:29 | 00,018,600 | ---- | C] () -- C:\WINDOWS\System32\arrayhw.tab
[2009/03/22 23:20:29 | 00,016,312 | ---- | C] () -- C:\WINDOWS\System32\arptr.tbl
[2009/03/22 23:20:29 | 00,002,714 | ---- | C] () -- C:\WINDOWS\System32\phonptr.tbl
[2009/03/22 23:20:28 | 00,195,618 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10002.nls
[2009/03/22 23:20:28 | 00,195,618 | ---- | C] () -- C:\WINDOWS\System32\c_10002.nls
[2009/03/22 23:20:28 | 00,116,285 | ---- | C] () -- C:\WINDOWS\System32\msdayi.tbl
[2009/03/22 23:20:28 | 00,044,370 | ---- | C] () -- C:\WINDOWS\System32\acode.tbl
[2009/03/22 23:20:28 | 00,044,370 | ---- | C] () -- C:\WINDOWS\System32\a234.tbl
[2009/03/22 23:20:28 | 00,043,242 | ---- | C] () -- C:\WINDOWS\System32\phoncode.tbl
[2009/03/22 23:20:28 | 00,004,071 | ---- | C] () -- C:\WINDOWS\System32\phon.tbl
[2009/03/22 23:20:28 | 00,001,460 | ---- | C] () -- C:\WINDOWS\System32\a15.tbl
[2009/03/22 23:20:28 | 00,000,700 | ---- | C] () -- C:\WINDOWS\System32\dayiptr.tbl
[2009/03/22 23:20:28 | 00,000,520 | ---- | C] () -- C:\WINDOWS\System32\dayiphr.tbl
[2009/03/22 23:20:27 | 00,082,172 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bopomofo.nls
[2009/03/22 23:20:27 | 00,082,172 | ---- | C] () -- C:\WINDOWS\System32\bopomofo.nls
[2009/03/22 23:20:27 | 00,066,728 | ---- | C] () -- C:\WINDOWS\System32\dllcache\big5.nls
[2009/03/22 23:20:27 | 00,066,728 | ---- | C] () -- C:\WINDOWS\System32\big5.nls
[2009/03/22 23:20:27 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0804.dll
[2009/03/22 23:20:26 | 00,016,254 | ---- | C] () -- C:\WINDOWS\System32\PINTLPAE.HLP
[2009/03/22 23:20:26 | 00,014,821 | ---- | C] () -- C:\WINDOWS\System32\PINTLPAD.HLP
[2009/03/22 23:20:17 | 01,223,500 | ---- | C] () -- C:\WINDOWS\System32\WINZM.MB
[2009/03/22 23:20:16 | 01,783,864 | ---- | C] () -- C:\WINDOWS\System32\WINPY.MB
[2009/03/22 23:20:16 | 01,564,868 | ---- | C] () -- C:\WINDOWS\System32\WINSP.MB
[2009/03/22 23:20:16 | 00,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\WINGB.IME
[2009/03/22 23:20:16 | 00,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wingb.ime
[2009/03/22 23:20:15 | 00,218,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_g18030.dll
[2009/03/22 23:20:15 | 00,218,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\c_g18030.dll
[2009/03/22 23:20:15 | 00,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10008.nls
[2009/03/22 23:20:15 | 00,173,602 | ---- | C] () -- C:\WINDOWS\System32\c_10008.nls
[2009/03/22 23:20:15 | 00,083,748 | ---- | C] () -- C:\WINDOWS\System32\prcp.nls
[2009/03/22 23:20:15 | 00,083,748 | ---- | C] () -- C:\WINDOWS\System32\prc.nls
[2009/03/22 23:20:15 | 00,083,748 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prcp.nls
[2009/03/22 23:20:15 | 00,083,748 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prc.nls
[2009/03/22 23:20:15 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs412.dll
[2009/03/22 23:20:15 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd101a.dll
[2009/03/22 23:20:15 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101a.dll
[2009/03/22 23:20:11 | 10,129,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxkor.dll
[2009/03/22 23:20:11 | 00,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2009/03/22 23:20:11 | 00,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2009/03/22 23:20:11 | 00,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hanjadic.dll
[2009/03/22 23:20:10 | 00,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imkrinst.exe
[2009/03/22 23:20:10 | 00,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrmig.exe
[2009/03/22 23:20:09 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0412.dll
[2009/03/22 23:20:06 | 00,189,986 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1361.nls
[2009/03/22 23:20:06 | 00,189,986 | ---- | C] () -- C:\WINDOWS\System32\c_1361.nls
[2009/03/22 23:20:06 | 00,177,698 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10003.nls
[2009/03/22 23:20:06 | 00,177,698 | ---- | C] () -- C:\WINDOWS\System32\c_10003.nls
[2009/03/22 23:20:05 | 00,311,359 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imepadsv.exe
[2009/03/22 23:20:05 | 00,229,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\multibox.dll
[2009/03/22 23:20:05 | 00,143,422 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\softkey.dll
[2009/03/22 23:20:05 | 00,102,463 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imepadsm.dll
[2009/03/22 23:20:05 | 00,047,066 | ---- | C] () -- C:\WINDOWS\System32\ksc.nls
[2009/03/22 23:20:05 | 00,047,066 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ksc.nls
[2009/03/22 23:20:05 | 00,036,927 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs411.dll
[2009/03/22 23:20:05 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0411.dll
[2009/03/22 23:20:05 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdnecAT.dll
[2009/03/22 23:20:05 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnecat.dll
[2009/03/22 23:20:05 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdnecNT.dll
[2009/03/22 23:20:05 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnecnt.dll
[2009/03/22 23:20:05 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdnec95.dll
[2009/03/22 23:20:05 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdibm02.dll
[2009/03/22 23:20:05 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\f3ahvoas.dll
[2009/03/22 23:20:05 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnec95.dll
[2009/03/22 23:20:05 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdibm02.dll
[2009/03/22 23:20:05 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\f3ahvoas.dll
[2009/03/22 23:20:05 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlk41a.dll
[2009/03/22 23:20:05 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlk41a.dll
[2009/03/22 23:20:05 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlk41j.dll
[2009/03/22 23:20:05 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdax2.dll
[2009/03/22 23:20:05 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd106n.dll
[2009/03/22 23:20:05 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd101.dll
[2009/03/22 23:20:05 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlk41j.dll
[2009/03/22 23:20:05 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdax2.dll
[2009/03/22 23:20:05 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd106n.dll
[2009/03/22 23:20:05 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101.dll
[2009/03/22 23:20:04 | 00,471,102 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imskdic.dll
[2009/03/22 23:20:04 | 00,315,452 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imskf.dll
[2009/03/22 23:20:03 | 13,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
[2009/03/22 23:19:54 | 00,057,398 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdadm.exe
[2009/03/22 23:19:54 | 00,045,109 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpuex.exe
[2009/03/22 23:19:49 | 00,180,770 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20932.nls
[2009/03/22 23:19:49 | 00,180,770 | ---- | C] () -- C:\WINDOWS\System32\c_20932.nls
[2009/03/22 23:19:49 | 00,180,258 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20000.nls
[2009/03/22 23:19:49 | 00,180,258 | ---- | C] () -- C:\WINDOWS\System32\c_20000.nls
[2009/03/22 23:19:49 | 00,177,698 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20949.nls
[2009/03/22 23:19:49 | 00,177,698 | ---- | C] () -- C:\WINDOWS\System32\c_20949.nls
[2009/03/22 23:19:49 | 00,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20936.nls
[2009/03/22 23:19:49 | 00,173,602 | ---- | C] () -- C:\WINDOWS\System32\c_20936.nls
[2009/03/22 23:19:49 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_21027.nls
[2009/03/22 23:19:49 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20290.nls
[2009/03/22 23:19:49 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_21027.nls
[2009/03/22 23:19:49 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_20290.nls
[2009/03/22 23:19:49 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_is2022.dll
[2009/03/22 23:19:49 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\c_is2022.dll
[2009/03/22 23:19:48 | 00,480,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintsetp.exe
[2009/03/22 23:19:48 | 00,455,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintsetp.exe
[2009/03/22 23:19:48 | 00,198,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintime.dll
[2009/03/22 23:19:48 | 00,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2009/03/22 23:19:48 | 00,162,850 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10001.nls
[2009/03/22 23:19:48 | 00,162,850 | ---- | C] () -- C:\WINDOWS\System32\c_10001.nls
[2009/03/22 23:19:48 | 00,097,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtmbx.dll
[2009/03/22 23:19:48 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtskdic.dll
[2009/03/22 23:19:48 | 00,028,288 | ---- | C] () -- C:\WINDOWS\System32\xjis.nls
[2009/03/22 23:19:48 | 00,028,288 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xjis.nls
[2009/03/22 23:19:48 | 00,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintlgnt.ime
[2009/03/22 23:19:48 | 00,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CINTLGNT.IME
[2009/03/22 23:19:48 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs404.dll
[2009/03/22 23:19:48 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tmigrate.dll
[2009/03/22 23:19:46 | 00,571,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\TINTLGNT.IME
[2009/03/22 23:19:46 | 00,571,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlgnt.ime
[2009/03/22 23:19:46 | 00,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winar30.ime
[2009/03/22 23:19:46 | 00,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winar30.ime
[2009/03/22 23:19:46 | 00,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\quick.ime
[2009/03/22 23:19:46 | 00,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quick.ime
[2009/03/22 23:19:46 | 00,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winime.ime
[2009/03/22 23:19:46 | 00,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winime.ime
[2009/03/22 23:19:46 | 00,065,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\unicdime.ime
[2009/03/22 23:19:46 | 00,065,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\unicdime.ime
[2009/03/22 23:19:46 | 00,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlphr.exe
[2009/03/22 23:19:46 | 00,011,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\miniime.tpl
[2009/03/22 23:19:45 | 00,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll
[2009/03/22 23:19:45 | 00,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\phon.ime
[2009/03/22 23:19:45 | 00,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\phon.ime
[2009/03/22 23:19:45 | 00,078,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dayi.ime
[2009/03/22 23:19:45 | 00,078,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dayi.ime
[2009/03/22 23:19:45 | 00,078,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chajei.ime
[2009/03/22 23:19:45 | 00,078,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\chajei.ime
[2009/03/22 23:19:45 | 00,076,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\uniime.dll
[2009/03/22 23:19:45 | 00,076,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uniime.dll
[2009/03/22 23:19:45 | 00,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlcsd.dll
[2009/03/22 23:19:45 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\romanime.ime
[2009/03/22 23:19:45 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\romanime.ime
[2009/03/22 23:19:45 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs804.dll
[2009/03/22 23:19:44 | 00,070,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlphr.exe
[2009/03/22 23:19:44 | 00,067,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmigrate.dll
[2009/03/22 23:19:44 | 00,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2009/03/22 23:19:43 | 00,811,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\imjp81k.dll
[2009/03/22 23:19:43 | 00,811,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjp81k.dll
[2009/03/22 23:19:43 | 00,482,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\PINTLGNT.IME
[2009/03/22 23:19:43 | 00,482,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlgnt.ime
[2009/03/22 23:19:43 | 00,340,023 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\imjp81.ime
[2009/03/22 23:19:43 | 00,340,023 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjp81.ime
[2009/03/22 23:19:43 | 00,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\WINZM.IME
[2009/03/22 23:19:43 | 00,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\WINSP.IME
[2009/03/22 23:19:43 | 00,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\WINPY.IME
[2009/03/22 23:19:43 | 00,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winzm.ime
[2009/03/22 23:19:43 | 00,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winsp.ime
[2009/03/22 23:19:43 | 00,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winpy.ime
[2009/03/22 23:19:43 | 00,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrcic.dll
[2009/03/22 23:19:43 | 00,102,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imlang.dll
[2009/03/22 23:19:43 | 00,094,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\imekr61.ime
[2009/03/22 23:19:43 | 00,094,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekr61.ime
[2009/03/22 23:19:43 | 00,086,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrmbx.dll
[2009/03/22 23:19:42 | 00,716,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpcus.dll
[2009/03/22 23:19:42 | 00,426,041 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\voicepad.dll
[2009/03/22 23:19:42 | 00,307,257 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdct.exe
[2009/03/22 23:19:42 | 00,274,489 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjputyc.dll
[2009/03/22 23:19:42 | 00,262,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjputy.exe
[2009/03/22 23:19:42 | 00,233,527 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjprw.exe
[2009/03/22 23:19:42 | 00,208,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpmig.exe
[2009/03/22 23:19:42 | 00,196,665 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe
[2009/03/22 23:19:42 | 00,155,705 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdsvr.exe
[2009/03/22 23:19:42 | 00,086,073 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\voicesub.dll
[2009/03/22 23:19:42 | 00,081,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdct.dll
[2009/03/22 23:19:40 | 00,368,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpcic.dll
[2009/03/22 23:19:39 | 00,057,399 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cplexe.exe
[2009/03/22 23:19:39 | 00,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdjpn.dll
[2009/03/22 23:19:39 | 00,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdjpn.dll
[2009/03/22 23:19:39 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdkor.dll
[2009/03/22 23:19:39 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdkor.dll
[2009/03/22 23:19:39 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd106.dll
[2009/03/22 23:19:39 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd101c.dll
[2009/03/22 23:19:39 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd106.dll
[2009/03/22 23:19:39 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101c.dll
[2009/03/22 23:19:39 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd103.dll
[2009/03/22 23:19:39 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd103.dll
[2009/03/22 23:19:36 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd101b.dll
[2009/03/22 23:19:36 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101b.dll
[2009/03/17 17:14:28 | 15,441,976 | ---- | C] () -- C:\Documents and Settings\Mr. Geoff\Desktop\Breakaway (Teaser Demo).wav
[2009/02/01 21:18:20 | 00,000,000 | ---- | C] () -- C:\WINDOWS\pcfriend.INI
[2008/11/21 14:47:52 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/11/21 14:45:16 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008/11/21 14:45:16 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2008/11/21 14:44:16 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2007/11/17 23:20:13 | 00,138,560 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2007/11/17 23:18:26 | 00,000,319 | ---- | C] () -- C:\WINDOWS\game.ini
[2007/10/08 14:10:38 | 00,000,412 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2007/09/16 20:40:38 | 00,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2007/09/12 22:43:21 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/09/07 00:44:36 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2007/09/07 00:34:06 | 00,198,144 | ---- | C] () -- C:\WINDOWS\System32\_psisdecd.dll
[2007/09/07 00:33:40 | 00,056,056 | ---- | C] () -- C:\WINDOWS\System32\DLAAPI_W.DLL
[2007/09/07 00:33:40 | 00,000,120 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/09/07 00:25:32 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2007/09/07 00:25:29 | 00,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2007/09/07 00:02:14 | 00,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2007/09/07 00:01:56 | 01,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2007/09/07 00:01:56 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2007/09/07 00:01:55 | 01,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2007/09/07 00:01:55 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2007/09/07 00:00:55 | 00,001,118 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/11/07 02:25:58 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/09/16 21:36:50 | 00,520,192 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Roxio.dll
[2006/09/16 21:36:50 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll
[2004/08/10 11:12:05 | 00,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 11:01:18 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/10 10:51:28 | 00,000,603 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/10 10:51:26 | 00,000,231 | ---- | C] () -- C:\WINDOWS\system.ini
[2004/08/10 10:51:09 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2003/01/07 15:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[1998/10/11 01:07:38 | 00,088,576 | ---- | C] () -- C:\WINDOWS\System32\Iticheck.dll
[1988/11/07 22:11:26 | 00,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll

========== Files - Modified Within 30 Days ==========

[6 C:\WINDOWS\System32\*.tmp files]
[2009/04/14 21:59:14 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mr. Geoff\Desktop\OTListIt2.exe
[2009/04/14 21:54:38 | 00,017,048 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2009/04/14 21:53:56 | 00,080,391 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2009/04/14 21:16:54 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/04/14 21:16:21 | 02,967,800 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Mr. Geoff\Desktop\mbam-setup.exe
[2009/04/14 13:42:48 | 00,002,333 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Dell Network Assistant.lnk
[2009/04/14 13:42:26 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/04/14 13:42:24 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/04/14 13:42:20 | 10,718,37184 | -HS- | M] () -- C:\hiberfil.sys
[2009/04/06 23:26:34 | 00,080,391 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat
[2009/04/06 15:32:54 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/04/06 15:32:46 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/04/05 00:27:53 | 00,182,272 | ---- | M] () -- C:\Documents and Settings\Mr. Geoff\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/05 00:22:23 | 00,003,532 | ---- | M] () -- C:\drmHeader.bin
[2009/04/02 15:16:19 | 00,360,002 | ---- | M] () -- C:\Documents and Settings\Mr. Geoff\Desktop\dds.scr
[2009/04/02 13:55:24 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Mr. Geoff\Desktop\HijackThis.lnk
[2009/03/24 18:32:04 | 00,075,416 | ---- | M] () -- C:\Documents and Settings\Mr. Geoff\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/03/24 17:01:21 | 00,388,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\CF681.exe
[2009/03/24 17:00:58 | 02,934,667 | R--- | M] () -- C:\Documents and Settings\Mr. Geoff\Desktop\Combo-Fix.exe
[2009/03/22 23:36:09 | 00,281,336 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/03/20 23:46:03 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/03/20 20:19:34 | 00,483,924 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/03/20 20:19:34 | 00,411,142 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/03/20 20:19:34 | 00,065,446 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/03/15 23:47:00 | 15,441,976 | ---- | M] () -- C:\Documents and Settings\Mr. Geoff\Desktop\Breakaway (Teaser Demo).wav

========== Alternate Data Streams ==========

@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:62E2D794
< End of report >

#5 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:38 PM

Posted 15 April 2009 - 03:01 PM

Hello.

Did you run Combofix or something? Seems it was created around March 24th.. You still have that dns hijack on your machine.

Anyways, since you ran it already, please delete Combo-fix.exe you have on your desktop right now and follow the instructions below.

Download and Run ComboFix (Rename Before Saving)

Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

Link 1
Link 2
Link 3

Posted Image

Posted Image

*NOTE:* If you could not download Combofix from neither of those 3 links please using your clean computer, download it and transfer it on to your infected computer. If you are going to use a removable drive please run this tool below.

Download and Run FlashDisinfector
  • Please download Flash_Disinfector.exe by sUBs and save it to your desktop.
  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.
Note: Flash_Disinfector will create a hidden file named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder. It will help protect your drives from future infection.


Refer to the page below for further instructions on running ComboFix. This includes installing the Recovery Console. Note that you do not need your Windows XP disk to install it. Refer to this page if you are unsure how.

Double click on Combo-Fix.exe & follow the prompts.

When finished, it will produce a open a report for you. Post back with it. It is at C:\ComboFix.txt.

Do not mouseclick the ComboFix window while it's running. That may cause it to stall.

With regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#6 geojohn13

geojohn13
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:38 AM

Posted 16 April 2009 - 12:21 AM

Hi, here's my combofix log



ComboFix 09-04-15.08 - Mr. Geoff 04/15/2009 21:52.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1022.697 [GMT -7:00]
Running from: c:\documents and settings\Mr. Geoff\Desktop\Combo-Fix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Outdated)
FW: McAfee Personal Firewall *disabled*
FW: Norton Internet Worm Protection *disabled*
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Mr. Geoff\Application Data\GetModule
c:\program files\GetModule
c:\program files\iCheck
c:\program files\iCheck\Uninstall.exe
c:\recycler\S-0-1-55-100020151-100026211-100022997-6001.com
c:\windows\system32\drivers\gaopdxoitucborddtkavxoxdneoqpfmmlabodx.sys
c:\windows\system32\gaopdxcounter
c:\windows\system32\gaopdxjcyyulaiboynkrihlxjecwjemsjsgscp.dll
c:\windows\wiaserviv.log

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_gaopdxserv.sys
-------\Legacy_PACKET
-------\Service_Packet


((((((((((((((((((((((((( Files Created from 2009-03-16 to 2009-04-16 )))))))))))))))))))))))))))))))
.

2009-04-16 05:02 . 2009-04-16 05:02 -------- d-----w c:\windows\LastGood
2009-04-13 06:30 . 2009-04-06 22:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-13 06:30 . 2009-04-06 22:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-13 06:30 . 2009-04-13 06:30 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-05 07:22 . 2009-04-05 07:22 3532 ----a-w C:\drmHeader.bin
2009-03-23 06:19 . 2004-08-04 10:00 57398 ----a-w c:\windows\system32\dllcache\imjpdadm.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-16 05:01 . 2007-09-07 07:43 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-04-16 05:00 . 2008-10-19 03:44 -------- d-----w c:\program files\DNA
2009-04-16 05:00 . 2008-10-19 03:44 -------- d-----w c:\documents and settings\Mr. Geoff\Application Data\DNA
2009-04-15 04:16 . 2009-04-13 06:30 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-13 00:16 . 2008-10-19 03:45 -------- d-----w c:\documents and settings\Mr. Geoff\Application Data\BitTorrent
2009-04-07 06:26 . 2007-09-07 07:08 80391 ----a-w c:\windows\system32\nvModes.dat
2009-04-02 20:55 . 2009-04-02 20:55 -------- d-----w c:\program files\Trend Micro
2009-04-02 06:33 . 2009-04-02 06:33 -------- d-----w c:\program files\Common Files\L&H
2009-03-25 01:32 . 2007-09-12 21:10 75416 ----a-w c:\documents and settings\Mr. Geoff\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-03-01 23:42 . 2007-09-19 04:55 -------- d-----w c:\program files\Microsoft Silverlight
2009-02-09 10:19 . 2007-09-07 07:20 1846272 ------w c:\windows\system32\dllcache\win32k.sys
2009-02-09 10:19 . 2004-08-10 17:51 1846272 ----a-w c:\windows\system32\win32k.sys
2009-02-03 00:41 . 2009-02-03 00:41 33019 ----a-w c:\windows\system32\CoreAAC-uninstall.exe
2008-09-09 06:25 . 2007-11-18 06:19 22328 ----a-w c:\documents and settings\Mr. Geoff\Application Data\PnkBstrK.sys
2007-11-07 04:00 . 2007-10-04 23:52 184 ----a-w c:\documents and settings\Mr. Geoff\Application Data\wklnhst.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EA756889-2338-43DB-8F07-D1CA6FB9C90D}"= "c:\program files\AOL\AIM Toolbar 5.0\aoltb.dll" [2007-10-10 1090912]

[HKEY_CLASSES_ROOT\clsid\{ea756889-2338-43db-8f07-d1ca6fb9c90d}]
[HKEY_CLASSES_ROOT\AOLTB.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{371A6A18-2D6A-4DF8-A4AA-61CA349B3C70}]
[HKEY_CLASSES_ROOT\AOLTB.AOLTBSearch]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"Aim6"="c:\program files\AIM6\aim6.exe" [2008-01-03 50528]
"Universal Installer"="c:\program files\ComcastUI\Universal Installer\uinstaller.exe" [2008-03-18 984616]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2008-12-19 342848]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-06-03 851968]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-06 8429568]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-03-16 1392640]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2007-05-14 1191936]
"KADxMain"="c:\windows\system32\KADxMain.exe" [2006-11-02 282624]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-05 221184]
"RoxioDragToDisc"="c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-08-17 1116920]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-08-20 184320]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-09-07 1862144]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-13 517768]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-15 644696]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-04 1603152]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-11-02 582992]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-04 111936]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2007-06-06 1626112]
"NVHotkey"="nvHotkey.dll" - c:\windows\system32\nvhotkey.dll [2007-06-06 67584]
"NvMediaCenter"="NvMCTray.dll" - c:\windows\system32\nvmctray.dll [2007-06-06 81920]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2007-06-06 405504]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
Dell Network Assistant.lnk - c:\windows\Installer\{0240BDFB-2995-4A3F-8C96-18D41282B716}\Icon0240BDFB3.exe [2007-9-7 7168]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-9-7 50688]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ac3filter"= ac3filter.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\DC++\\DCPlusPlus.exe"=
"c:\\Program Files\\Dell\\MediaDirect\\PCMService.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Dell Network Assistant\\ezi_hnm2.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10421:UDP"= 10421:UDP:SingleClick Discovery Protocol
"10426:UDP"= 10426:UDP:SingleClick ICC

S2 BCMWLNPF;Broadcom Netgroup Packet Filter;c:\windows\system32\drivers\bcmwlnpf.sys [2007-03-16 33664]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7da3402d-adc8-11dc-96b1-001c239732f2}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL CAISS/CAInstallationMenu.html
.
Contents of the 'Scheduled Tasks' folder

2009-03-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 19:34]

2009-03-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-16 20:32]

2009-02-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-16 20:32]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-GetModule30 - c:\program files\GetModule\GetModule30.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.wwu.edu/
mStart Page = hxxp://www.dell.com
uInternet Settings,ProxyOverride = *.local
IE: &AOL Toolbar Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-15 22:07
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(888)
c:\windows\System32\BCMLogon.dll

- - - - - - - > 'explorer.exe'(2460)
c:\program files\ScanSoft\OmniPageSE4\OpHookSE4.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Roxio\Drag-to-Disc\Shellex.dll
c:\windows\system32\DLAAPI_W.DLL
c:\windows\system32\CDRTC.DLL
c:\program files\Roxio\Drag-to-Disc\ShellRes.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\WLTRYSVC.EXE
c:\windows\system32\BCMWLTRY.EXE
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Dell Network Assistant\hnm_svc.exe
c:\program files\Canon\IJPLM\ijplmsvc.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\COMMON~1\McAfee\MNA\McNASvc.exe
c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe
c:\program files\McAfee\MPF\MpfSrv.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\program files\AIM6\aolsoftware.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
c:\progra~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\progra~1\McAfee\MSC\mcuimgr.exe
.
**************************************************************************
.
Completion time: 2009-04-16 22:09 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-16 05:09

Pre-Run: 59,224,588,288 bytes free
Post-Run: 60,692,664,320 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

214 --- E O F --- 2009-04-05 06:56

#7 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:38 PM

Posted 16 April 2009 - 12:12 PM

Hello.

The rootkit TDSSserv was removed but you should be warned by the nature of this infection. Let me know what you decide to do in your next reply.


Posted ImageBackdoor Threat

IMPORTANT NOTE: Unfortunatly One or more of the identified infections is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#8 geojohn13

geojohn13
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:38 AM

Posted 16 April 2009 - 02:57 PM

Hey.

I don't have any personal or banking information, patient information, or anything else I would consider hugely important saved on the computer. I am a student, however, and while I don't have anything saved directly into files on the computer, I have logged in and used my password to view payment options. Would the hacker be able to find out my password if I have only typed it directly into the school website? Also, I have ordered things online using my debit card, would the hacker be able to find the card number somehow and use it?

#9 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:38 PM

Posted 16 April 2009 - 03:02 PM

Hello.

Would the hacker be able to find out my password if I have only typed it directly into the school website? Also, I have ordered things online using my debit card, would the hacker be able to find the card number somehow and use it?

Perhaps. Best would be change all online information. Regarding your credit-card you might want to keep an close eye on it. Only this computer and maybe other computers connected to this network can allow hackers find information but if it's another computer on a separate computer then it should be fine. Please note that the infection is removed but it may no longer be trustworthy any longer.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#10 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:38 PM

Posted 19 April 2009 - 09:32 AM

Hello.

Are you still there?

If you are please follow the instructions in my previous post.

If you still need help, follow the instructions I have given in my response. If you have since had your problem solved, we would appreciate you letting us know so we can close the topic.

Please reply back telling us so. If you don't reply within 5-7 from the day I replied, the topic will need to be closed.

Thanks for understanding. :thumbup2:

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#11 geojohn13

geojohn13
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:38 AM

Posted 19 April 2009 - 10:15 PM

Hey I am changing all of my important passwords and it seems like everything is behaving normally again.

Thanks for all your help

#12 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:38 PM

Posted 20 April 2009 - 02:29 PM

Hello.

I believe you do not wish to continue anymore? I can close this topic now?

Even if it looks better, there may still be things left. I suggest you format anyways if you want to since your computer was compromised.

Let me know.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#13 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:38 PM

Posted 24 April 2009 - 02:59 PM

Hello.

Since the problem appears to be resolved, this topic is now Closed. Glad I could help :thumbup2:
If you need this topic reopened, please Send Me a Message. In your message please include the address of this thread in your request.

This applies only to the original topic starter

Everyone else please start a new topic in the Hijackthis-Malware Removal Forum.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users