Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Multiple Issues.unsure of cause/HJT attached


  • This topic is locked This topic is locked
21 replies to this topic

#1 buckyswider

buckyswider

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:21 PM

Posted 19 April 2009 - 09:41 PM

Hi all, having various problems and I'm not sure of the root cause:

- Google search hit redirects
- various (previously stable) programs crashing
- can't get to mcafee dot com
- programs in 'startup' folder not processing
- mcafee not starting (?) on reboot (process may be running, but "M" not in tray)
- can't get to bleepingcomputer dot com from infected machine

however, i was able to get to trend to download HJT, but the "send log" doesn't complete. There's nothing fishy in my hosts file. Malwarebytes Anti-Malware found three things, but after removal nothing is better. Subsequent scans clean. All mcafee scans clean also.

Here's my HJT log, along with the uninstall_list. Thanks for any assistance provided.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:16:56 PM, on 4/19/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\PowerPanelPlus\upssrv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\PowerPanelPlus\upsio.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\FileZilla Server\FileZilla Server.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\NDAS\System\ndassvc.exe
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\PROGRA~1\SQUEEZ~1\server\Bin\MSWIN3~1\mysqld.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
C:\Program Files\UWIN\usr\etc\ums.exe
C:\Program Files\UWIN\usr\etc\init.exe
C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\Elservice.exe
C:\Program Files\UWIN\usr\etc\inetd.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\UWIN\usr\lib\cs\tcp\at\at.svc
C:\Program Files\UWIN\usr\lib\cs\tcp\at\at.svc
C:\Program Files\UWIN\usr\sbin\sshd.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Norton Ghost\Agent\VProTray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe
C:\Program Files\Razer Pro Solutions\ProType\razerhid.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
C:\Software\fPDW\PDW2_16.exe
C:\Program Files\McAfee\MSC\mcshell.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\mmc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=3071004
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=3071004
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=3071004
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Cole2k Media Toolbar Helper - {C672F4AB-780B-45C0-BAEC-91F455C86F8D} - C:\Program Files\Cole2k Media Toolbar\v3.2.0.0\Cole2k_Media_Toolbar.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: Cole2k Media Toolbar - {2D2DE234-AB9F-4345-9D17-94FA78BA37E3} - C:\Program Files\Cole2k Media Toolbar\v3.2.0.0\Cole2k_Media_Toolbar.dll
O3 - Toolbar: Refresh Bar - {6F2DB0CA-D4CA-455B-9F0B-DB135C875345} - C:\Program Files\Refresh Bar\IERefresh.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Norton Ghost 12.0] "C:\Program Files\Norton Ghost\Agent\VProTray.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [TotalRecorderScheduler] "C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [ProType] "C:\Program Files\Razer Pro Solutions\ProType\razerhid.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [FileZilla Server Interface] "C:\Program Files\FileZilla Server\FileZilla Server Interface.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [MediaFace Integration] C:\Program Files\Fellowes\MediaFACE 5.0\SetHook.exe
O4 - HKLM\..\Run: [PC Pitstop Optimize Reminder] C:\Program Files\PCPitstop\Optimize2\Reminder.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MoneyBackgoundBanking] "C:\Program Files\Microsoft Money Plus\MNYCoreFiles\mnybbsvc.exe"
O4 - HKCU\..\Run: [TivoTransfer] "C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe" /service /registry /auto:TivoTransfer
O4 - HKCU\..\Run: [TivoNotify] "C:\Program Files\TiVo\Desktop\TiVoNotify.exe" /service /registry /auto:TivoNotify
O4 - HKCU\..\Run: [TivoServer] "C:\Program Files\TiVo\Desktop\TiVoServer.exe" /service /registry /auto:TivoServer
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [Gizmo5] "C:\Program Files\Gizmo5\Gizmo5.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [DriverCure] C:\Program Files\ParetoLogic\DriverCure\DriverCure.exe -scan
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: Outlook Express.lnk = C:\Program Files\Outlook Express\msimn.exe
O4 - Startup: Shortcut to PDW2_16.lnk = C:\Software\fPDW\PDW2_16.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: NDAS Device Management.lnk = C:\Program Files\NDAS\System\ndasmgmt.exe
O4 - Global Startup: SqueezeCenter Tray Tool.lnk = C:\Program Files\SqueezeCenter\SqueezeTray.exe
O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Refresh Bar - {F009BAD5-2FAF-4E10-B7AA-61A22524AC30} - C:\Program Files\Refresh Bar\IERefresh.dll
O9 - Extra 'Tools' menuitem: Refresh Bar - {F009BAD5-2FAF-4E10-B7AA-61A22524AC30} - C:\Program Files\Refresh Bar\IERefresh.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/Optimize2/pcpitstop2.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{3017DDE9-5F11-42EF-B6B7-380BA331FE0B}: NameServer = 4.2.2.1,66.93.87.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{D15B63C3-03C7-45FA-AABC-6137BB6D1C71}: NameServer = 192.168.1.1
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: UPS Service (CyberPowerUPS) - Cyber Power Systems, Inc. - C:\PowerPanelPlus\upssrv.exe
O23 - Service: Intel® Quick Resume technology (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\Elservice.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - C:\Program Files\FileZilla Server\FileZilla Server.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\WildTangent\Apps\Dell Game Console\GameConsoleService.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate1c9aa868c83e144) (gupdate1c9aa868c83e144) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\ISO Recorder\ImapiHelper.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NDAS Service (ndassvc) - XIMETA, Inc. - C:\Program Files\NDAS\System\ndassvc.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SqueezeMySQL - Unknown owner - C:\PROGRA~1\SQUEEZ~1\server\Bin\MSWIN3~1\mysqld.exe
O23 - Service: SqueezeCenter (squeezesvc) - SlimDevices - A Logitech Company - C:\Program Files\SqueezeCenter\server\squeezecenter.exe
O23 - Service: TiVo Beacon (TivoBeacon2) - TiVo Inc. - C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
O23 - Service: Uwin Master (UWIN_MS) - Unknown owner - C:\Program Files\UWIN\usr\etc\ums.exe

--
End of file - 17539 bytes

**************************************************************************************************************************************************

2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
7.9
ABC (remove only)
Adobe Flash Player 10 ActiveX
Adobe Reader 7.1.0
Amazon MP3 Downloader 1.0.3
Anagram Genius version 9 trial
AOLIcon
Apple Mobile Device Support
Apple Software Update
Autodesk Inventor Plug-In 7.0
Autodesk Volo View 3.0
Big Action Construction
Bonjour
Brother MFL-Pro Suite
BuildOS
CCleaner (remove only)
Centra Client
Chartcross GPSTest
Cole2k Media - Codec Pack (Standard) 6.0.9
Cole2k Media Toolbar
Conexant D850 56K V.9x DFVc Modem
Corel Snapfire Plus
Critical Update for Windows Media Player 11 (KB959772)
Crystal Reports for .NET Framework 2.0 (x86)
DeductionPro 2007
Dell CinePlayer
Dell Driver Reset Tool
Dell Game Console
Dell Support 3.2.1
Dell Support Center (Support Software)
Digital Content Portal
Digital Line Detect
DirectShow Dump
Documentation & Support Launcher
DTCLookup
EducateU
eMusic Download Manager 3.0
EncSpot Basic 2.0
EncSpot Professional 2.2
ESPNMotion
EVEREST Corporate Edition v4.20
FileZilla Server (remove only)
FIREHOUSE Software 7
FIREHOUSE Software 7 Documentation
Games, Music, & Photos Launcher
Garmin City Navigator North America v8
Garmin WebUpdater
GemMaster Mystic
Gizmo5
Google Desktop
Google Earth
Google Earth Plugin
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
GpsViewer
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Intel® Matrix Storage Manager
Intel® PRO Network Connections 11.2.1.69
Intel® Quick Resume Technology Drivers
Intel® Viiv™ Software
ISO Recorder
iTunes
J2SE Runtime Environment 5.0 Update 6
Java 2 Runtime Environment, SE v1.4.1_02
Java Advanced Imaging 1.1.2-rc For JRE
Java Web Start
Java™ 6 Update 3
Java™ 6 Update 5
Java™ 6 Update 7
Learn2 Player (Uninstall Only)
LiveUpdate 3.2 (Symantec Corporation)
Luxor
Luxor - Amun Rising
Malwarebytes' Anti-Malware
McAfee SecurityCenter
MediaFACE 5.0
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft ActiveSync
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money Plus
Microsoft Money Shared Libraries
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Excel Viewer 2003
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Live Meeting 2005
Microsoft Office Live Meeting 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Report Viewer Redistributable 2005
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Voice Command US PPC 1.60 for M2M
Microsoft Works
Minitor V PPS
Mixxx
MobileMe Control Panel
Modem Helper
Mozilla Firefox (2.0)
MP3Test
MSN
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
Navisphere CLI 6.28.10.3.11
NDAS Software 3.40.1604-r12108
NetWaiting
Norton Ghost
NotePager Pro v3.0
NVIDIA Drivers
Organizer And Filing Cabinet
Otto
Palm Desktop
PaperPort
ParetoLogic DriverCure
PC Pitstop Optimize2 2.0
Pdf995 (installed by TaxCut)
PdfEdit995 (installed by TaxCut)
PHM Registry Editor
PowerPanel Plus
Precision Tile 2.1.1
QuickTime
Razer Pro|Type
RealPlayer
Refresh Bar
Roxio DLA
Roxio RecordNow Audio
Roxio RecordNow Copy
Roxio RecordNow Data
sala's WinXP SP2 Terminal Server Patch
SearchAssist
SeaTools for Windows
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB960003)
Security Update for Microsoft Office Excel 2007 (KB959997)
Security Update for Microsoft Office OneNote 2007 (KB950130)
Security Update for Microsoft Office PowerPoint 2007 (KB951338)
Security Update for Microsoft Office Publisher 2007 (KB950114)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB956828)
Security Update for Microsoft Office Word 2007 (KB956358)
Security Update for Visio 2007 (KB947590)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
SlingPlayer
SlingPlayer Mobile
SmartGlobe Deluxe
Softsqueeze 3.5
Song List Generator
Sonic Activation Module
Sonic Encoders
Sonic Express Labeler
Sonic MyDVD 6 TiVo Trial Edition
Sonic MyDVD-VR
Sonic Update Manager
Spb Pocket Plus
Spb Weather
SqueezeCenter 7.3.0
STPNavigator
SymmMerge
SymmMergeSW
TaxCut Pennsylvania 2007
TaxCut Premium + State + Efile 2008
TaxCut Premium + State 2007
TeamSpeak 2 RC2
TelCanto for SlimServer 1.6.0
TiVo Desktop 2.5.1
Total Recorder 6.1
UBCD4Win 3.20
Universal Powerline Bus Setup Tool
Update for Microsoft Office Outlook 2007 (KB952142)
Update for Office 2007 (KB946691)
Update for Outlook 2007 Junk Email Filter (kb962871)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update Rollup 2 for Windows XP Media Center Edition 2005
URL Assistant
UWIN 4.2
VeryPDF PDFcamp Printer v2.1
Viewpoint Media Player
VMware Infrastructure Update
VNC Free Edition 4.1.3
WD Diagnostics
WIDCOMM Bluetooth Software
WildTangent Web Driver
Winamp
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
Windows Media Player 11
Windows Media Player 11
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB925766
Windows XP Service Pack 3
WinRAR archiver
WinZip 11.2
WMWifiRouter
XV6800 User Manual
Yahoo! Music Jukebox
Zuma Deluxe

BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:10:21 PM

Posted 21 April 2009 - 05:10 PM

Hello! :thumbup2:
My name is Sam and I will be helping you.

In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.


We need to create an OTListIt2 Report
  • Please download OTListIt2 from here
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the "Run Scan" button.
  • The scan should take just a few minutes.
  • Copy the log that opens up and paste it back here in your next reply.



=============


The next log will show us any hidden files that are present.

Download GMER from here:
  • Unzip it to the desktop.
  • Open the program and click on the Rootkit tab.
  • Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
  • Click on Scan.
  • When the scan has run click Copy and paste the results (if any) into this thread.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 buckyswider

buckyswider
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:21 PM

Posted 05 May 2009 - 01:53 PM

Hello Buckeye Sam! I am so sorry (for mutliple reasons) that I did not see your reply! I thought I had enabled email notifications and none had arrived....

Anyway, I came back with the intent to discouteously "bump" this topic with a new symptom. After about 5 minutes after starting windows, I BSOD with "BAD_POOL_HEADER". I initially thought it was an unrelated hardware problem, but the "about 5 minute" timing is way too consisent. So I'm guessing that it's virus related. I will attempt to install and run the routines you suggested above and will report back with the results (hopefully I have enough time before BSOD to run them).

Again, thanks for your reply, and I apologize for missing it until now!!!

Bucky

#4 buckyswider

buckyswider
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:21 PM

Posted 05 May 2009 - 03:27 PM

Hello again, I had to go into safe mode in order to buy enought time to run these. Funny, last time I went to Safe mode I think it was "shift-shift" :thumbup2:

Here is the result of the OtListIt2 scan. GMER is still running (a long time now) and I will post that when complete.

OTListIt logfile created on: 5/5/2009 3:33:56 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.15.3 Folder = C:\Documents and Settings\Bucky\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 228.13 Gb Total Space | 62.96 Gb Free Space | 27.60% Space Free | Partition Type: NTFS
Drive D: | 116.73 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BUCKY2
Current User Name: Bucky
Logged in as Administrator.

Current Boot Mode: SafeMode
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - [2008/04/13 20:12:33 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\savedump.exe
PRC - [2008/01/09 16:50:22 | 00,767,976 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
PRC - [2008/04/13 20:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2009/05/05 14:55:12 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bucky\Desktop\OTListIt2.exe

========== Win32 Services (SafeList) ==========

SRV - [2008/09/05 22:26:28 | 00,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Stopped])
SRV - [2007/10/24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2007/09/12 19:27:24 | 00,554,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler [Auto | Stopped])
SRV - [2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Stopped])
SRV - [2006/06/07 17:57:46 | 00,266,295 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe -- (btwdins [Auto | Stopped])
SRV - [2007/10/24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2004/12/17 19:10:54 | 00,348,160 | ---- | M] (Cyber Power Systems, Inc.) -- C:\PowerPanelPlus\upssrv.exe -- (CyberPowerUPS [Auto | Stopped])
SRV - [2006/10/09 17:16:56 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehRecvr.exe -- (ehRecvr [Auto | Stopped])
SRV - [2005/08/05 14:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehSched.exe -- (ehSched [Auto | Stopped])
SRV - [2006/06/01 17:25:00 | 00,180,224 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\Elservice.exe -- (ELService [Auto | Stopped])
SRV - [2008/07/30 04:53:08 | 00,587,776 | ---- | M] (FileZilla Project) -- C:\Program Files\FileZilla Server\FileZilla Server.exe -- (FileZilla Server [Auto | Stopped])
SRV - [2008/10/02 21:20:50 | 00,242,424 | ---- | M] (WildTangent, Inc.) -- C:\Program Files\WildTangent\Apps\Dell Game Console\GameConsoleService.exe -- (GameConsoleService [On_Demand | Stopped])
SRV - [2008/09/03 16:41:08 | 00,029,744 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-061008-081103 [On_Demand | Stopped])
SRV - [2009/03/21 20:38:36 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1c9aa868c83e144 [Auto | Stopped])
SRV - [2009/03/21 01:39:59 | 00,183,280 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [Auto | Stopped])
SRV - [2008/04/13 20:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2006/07/06 08:14:30 | 00,090,112 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe -- (IAANTMON [Auto | Stopped])
SRV - [2005/11/14 01:06:04 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2006/01/05 00:06:02 | 00,163,840 | ---- | M] (Alex Feinman) -- C:\Program Files\ISO Recorder\ImapiHelper.exe -- (Imapi Helper [On_Demand | Stopped])
SRV - [2008/09/08 23:02:00 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Stopped])
SRV - [2007/09/12 19:27:24 | 02,999,664 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate [On_Demand | Stopped])
SRV - [2008/01/09 16:50:22 | 00,767,976 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc [Auto | Running])
SRV - [2008/01/25 01:38:12 | 02,458,128 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc [Auto | Stopped])
SRV - [2007/11/07 09:35:40 | 00,378,184 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS [On_Demand | Stopped])
SRV - [2007/08/15 12:36:04 | 00,359,248 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy [Auto | Stopped])
SRV - [2005/08/05 14:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe -- (McrdSvc [Auto | Stopped])
SRV - [2007/07/24 12:02:14 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield [Unknown | Stopped])
SRV - [2007/12/05 10:04:10 | 00,695,624 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon [On_Demand | Stopped])
SRV - [2004/08/10 05:11:50 | 00,085,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mhn.dll -- (MHN [On_Demand | Stopped])
SRV - [2007/08/24 06:59:20 | 00,068,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service [On_Demand | Stopped])
SRV - [2007/07/18 15:54:42 | 00,856,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService [Auto | Stopped])
SRV - [2008/10/31 16:47:12 | 00,411,112 | ---- | M] (XIMETA, Inc.) -- C:\Program Files\NDAS\System\ndassvc.exe -- (ndassvc [Auto | Stopped])
SRV - [2007/10/05 12:33:32 | 03,372,384 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton Ghost\Agent\VProSvc.exe -- (Norton Ghost [Auto | Stopped])
SRV - [2007/06/10 19:37:02 | 00,143,427 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Auto | Stopped])
SRV - [2007/08/24 03:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
SRV - [2006/10/26 15:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2008/08/13 18:32:40 | 00,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter [Auto | Stopped])
SRV - [2008/12/11 15:38:28 | 04,149,248 | ---- | M] () -- C:\Program Files\SqueezeCenter\server\Bin\MSWin32-x86-multi-thread\mysqld.exe -- (SqueezeMySQL [Auto | Stopped])
SRV - [2008/12/11 15:39:20 | 08,998,999 | ---- | M] (SlimDevices - A Logitech Company) -- C:\Program Files\SqueezeCenter\server\squeezecenter.exe -- (squeezesvc [Auto | Stopped])
SRV - [2007/09/25 11:33:18 | 00,867,328 | ---- | M] (TiVo Inc.) -- C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe -- (TivoBeacon2 [Auto | Stopped])
SRV - [2007/11/04 23:55:28 | 00,061,440 | ---- | M] () -- C:\Program Files\UWIN\usr\etc\ums.exe -- (UWIN_MS [Auto | Stopped])
SRV - [2006/10/18 21:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2001/08/17 14:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde [Disabled | Stopped])
DRV - [2008/04/13 14:36:39 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp [Disabled | Stopped])
DRV - [2001/08/17 14:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc [Disabled | Stopped])
DRV - [2001/08/17 14:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550 [Disabled | Stopped])
DRV - [2006/06/07 23:06:58 | 00,329,901 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio [On_Demand | Stopped])
DRV - [2006/06/07 17:29:10 | 00,030,459 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\system32\DRIVERS\btport.sys -- (BTDriver [On_Demand | Stopped])
DRV - [2006/06/07 17:33:34 | 00,855,018 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\system32\DRIVERS\btkrnl.sys -- (BTKRNL [On_Demand | Stopped])
DRV - [2006/06/07 17:28:20 | 00,149,028 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\system32\DRIVERS\btwdndis.sys -- (BTWDNDIS [On_Demand | Stopped])
DRV - [2006/06/07 17:23:20 | 00,047,811 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\system32\DRIVERS\btwhid.sys -- (btwhid [On_Demand | Stopped])
DRV - [2006/06/07 17:26:52 | 00,067,384 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\System32\Drivers\btwusb.sys -- (BTWUSB [On_Demand | Stopped])
DRV - [2001/08/17 14:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde [Disabled | Stopped])
DRV - [2001/08/17 14:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k [Disabled | Stopped])
DRV - [2005/09/08 06:20:00 | 00,025,628 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLABOIOM.SYS -- (DLABOIOM [Auto | Stopped])
DRV - [2005/08/25 13:16:52 | 00,005,628 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\DLACDBHM.SYS -- (DLACDBHM [System | Running])
DRV - [2005/09/08 06:20:00 | 00,002,496 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLADResN.SYS -- (DLADResN [Auto | Stopped])
DRV - [2005/09/08 06:20:00 | 00,086,524 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLAIFS_M.SYS -- (DLAIFS_M [Auto | Stopped])
DRV - [2005/09/08 06:20:00 | 00,014,684 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLAOPIOM.SYS -- (DLAOPIOM [Auto | Stopped])
DRV - [2005/09/08 06:20:00 | 00,006,364 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLAPoolM.SYS -- (DLAPoolM [Auto | Stopped])
DRV - [2005/08/25 13:16:16 | 00,022,684 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\DLARTL_N.SYS -- (DLARTL_N [System | Running])
DRV - [2005/09/08 06:20:00 | 00,094,332 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLAUDFAM.SYS -- (DLAUDFAM [Auto | Stopped])
DRV - [2005/09/08 06:20:00 | 00,087,036 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLAUDF_M.SYS -- (DLAUDF_M [Auto | Stopped])
DRV - [2005/09/12 04:30:00 | 00,089,264 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB [Boot | Running])
DRV - [2005/08/12 06:20:00 | 00,040,544 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\DRVNDDM.SYS -- (DRVNDDM [Auto | Stopped])
DRV - [2006/01/10 12:07:58 | 00,004,864 | ---- | M] (GTek Technologies Ltd.) -- C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys -- (DSproct [On_Demand | Stopped])
DRV - [2001/08/17 13:12:10 | 00,117,760 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\DRIVERS\e100b325.sys -- (E100B [On_Demand | Stopped])
DRV - [2006/11/01 11:39:16 | 00,246,680 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\DRIVERS\e1e5132.sys -- (e1express [On_Demand | Stopped])
DRV - [2006/05/09 16:36:44 | 00,009,728 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\DRIVERS\ELacpi.sys -- (ELacpi [On_Demand | Running])
DRV - [2006/05/09 16:36:18 | 00,010,112 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\Drivers\Elhid.sys -- (ELhid [System | Running])
DRV - [2006/05/09 16:36:22 | 00,006,912 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\Drivers\Elkbd.sys -- (ELkbd [System | Running])
DRV - [2006/05/09 16:36:42 | 00,007,040 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\Drivers\Elmon.sys -- (ELmon [System | Stopped])
DRV - [2006/05/09 16:36:20 | 00,006,400 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\Drivers\Elmou.sys -- (ELmou [System | Running])
DRV - [2008/04/17 13:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
DRV - [2007/01/05 16:51:36 | 00,023,208 | ---- | M] (GARMIN Corp.) -- C:\WINDOWS\System32\Drivers\grmn0200.sys -- (grmn0200 [On_Demand | Stopped])
DRV - [2007/01/05 16:51:38 | 00,017,448 | ---- | M] (GARMIN Corp.) -- C:\WINDOWS\System32\Drivers\grmn1200.sys -- (grmn1200 [On_Demand | Stopped])
DRV - [2008/04/13 12:36:05 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])
DRV - [2003/11/17 15:59:20 | 00,212,224 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys -- (HSFHWBS2 [On_Demand | Stopped])
DRV - [2003/11/17 15:56:26 | 01,042,432 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\DRIVERS\HSF_DP.sys -- (HSF_DP [On_Demand | Stopped])
DRV - [2006/07/06 07:59:42 | 00,246,784 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor [Boot | Running])
DRV - [2008/10/31 16:47:40 | 00,317,928 | ---- | M] (XIMETA, Inc.) -- C:\WINDOWS\system32\DRIVERS\lfsfilt.sys -- (lfsfilt [Boot | Running])
DRV - [2008/10/31 16:47:56 | 00,106,344 | ---- | M] (XIMETA, Inc.) -- C:\WINDOWS\system32\DRIVERS\lpx.sys -- (lpx [Boot | Running])
DRV - [2003/04/09 12:48:08 | 00,011,043 | ---- | M] (Conexant) -- C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys -- (mdmxsdk [Auto | Stopped])
DRV - [2007/11/22 06:44:08 | 00,079,304 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk [On_Demand | Stopped])
DRV - [2007/11/22 06:44:08 | 00,035,240 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk [On_Demand | Stopped])
DRV - [2007/11/22 06:44:08 | 00,201,320 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk [System | Stopped])
DRV - [2007/11/22 06:44:04 | 00,033,832 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk [On_Demand | Stopped])
DRV - [2007/12/02 12:51:42 | 00,040,488 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk [On_Demand | Stopped])
DRV - [2001/08/17 14:57:38 | 00,016,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA [On_Demand | Stopped])
DRV - [2007/07/13 06:20:24 | 00,113,952 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\Drivers\Mpfp.sys -- (MPFP [System | Stopped])
DRV - [2001/08/17 14:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x [Disabled | Stopped])
DRV - [2001/08/17 14:53:42 | 00,004,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\loop.sys -- (msloop [On_Demand | Stopped])
DRV - [2008/10/31 16:47:58 | 00,138,088 | ---- | M] (XIMETA, Inc.) -- C:\WINDOWS\system32\DRIVERS\ndasbus.sys -- (ndasbus [On_Demand | Running])
DRV - [2008/10/31 16:47:46 | 00,452,584 | ---- | M] (XIMETA, Inc.) -- C:\WINDOWS\system32\DRIVERS\ndasfat.sys -- (ndasfat [System | Running])
DRV - [2008/10/31 16:47:44 | 00,329,192 | ---- | M] (XIMETA, Inc.) -- C:\WINDOWS\system32\DRIVERS\ndasfs.sys -- (ndasfs [Boot | Running])
DRV - [2008/10/31 16:47:48 | 00,773,736 | ---- | M] (XIMETA, Inc.) -- C:\WINDOWS\system32\DRIVERS\ndasrofs.sys -- (ndasrofs [System | Running])
DRV - [2008/10/31 16:48:00 | 00,355,048 | ---- | M] (XIMETA, Inc.) -- C:\WINDOWS\system32\DRIVERS\ndasscsi.sys -- (ndasscsi [On_Demand | Stopped])
DRV - [2007/06/10 19:36:52 | 03,581,888 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Stopped])
DRV - [2004/08/18 07:46:22 | 00,016,256 | R--- | M] (ODM Manufacturer) -- C:\WINDOWS\system32\DRIVERS\oxmf.sys -- (oxmf [System | Stopped])
DRV - [2004/08/15 23:43:26 | 00,004,992 | R--- | M] (ODM Manufacturer) -- C:\WINDOWS\system32\DRIVERS\oxmfuf.sys -- (Oxmfuf [On_Demand | Stopped])
DRV - [2004/08/15 23:43:28 | 00,049,920 | R--- | M] (ODM Manufacturer) -- C:\WINDOWS\system32\DRIVERS\oxser.sys -- (oxser [System | Stopped])
DRV - [2004/04/13 18:03:46 | 00,016,509 | ---- | M] (Palm, Inc.) -- C:\WINDOWS\system32\drivers\PalmUSBD.sys -- (PalmUSBD [On_Demand | Stopped])
DRV - [2006/11/27 18:39:32 | 00,028,416 | ---- | M] (Waytech Development, Inc.) -- C:\WINDOWS\System32\Drivers\Protype.sys -- (ProFltr [On_Demand | Stopped])
DRV - [2004/08/10 06:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Stopped])
DRV - [2007/03/07 19:51:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2001/08/17 14:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080 [Disabled | Stopped])
DRV - [2001/08/17 14:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160 [Disabled | Stopped])
DRV - [2001/08/17 14:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280 [Disabled | Stopped])
DRV - [2009/03/23 14:07:26 | 00,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV [System | Stopped])
DRV - [2009/03/23 14:07:28 | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM [On_Demand | Stopped])
DRV - [2009/03/23 14:07:26 | 00,072,944 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys -- (SASKUTIL [System | Stopped])
DRV - [2007/11/13 06:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2005/08/21 20:59:34 | 00,062,080 | ---- | M] (Windows ® 2000 DDK provider) -- C:\WINDOWS\system32\DRIVERS\slicer.sys -- (Serial [System | Stopped])
DRV - [2008/04/13 14:36:39 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp [Disabled | Stopped])
DRV - [2006/07/07 15:10:22 | 00,016,000 | ---- | M] (Sonix Technology Co., Ltd.) -- C:\WINDOWS\system32\DRIVERS\9kdUSBXP.sys -- (SNL320XP [On_Demand | Stopped])
DRV - [2001/08/17 15:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow [Disabled | Stopped])
DRV - [2006/07/24 11:20:00 | 01,156,648 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA [On_Demand | Stopped])
DRV - [2001/08/17 14:53:32 | 00,006,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\serscan.sys -- (StillCam [On_Demand | Stopped])
DRV - [2001/08/17 15:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810 [Disabled | Stopped])
DRV - [2001/08/17 15:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx [Disabled | Stopped])
DRV - [2007/10/05 12:20:44 | 00,132,320 | ---- | M] (StorageCraft) -- C:\WINDOWS\system32\DRIVERS\symsnap.sys -- (symsnap [Boot | Running])
DRV - [2001/08/17 15:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi [Disabled | Stopped])
DRV - [2001/08/17 15:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3 [Disabled | Stopped])
DRV - [2004/09/14 18:46:38 | 00,069,120 | ---- | M] (PACE Anti-Piracy, Inc.) -- C:\WINDOWS\System32\drivers\TPkd.sys -- (TPkd [Boot | Running])
DRV - [2001/08/17 14:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra [Disabled | Stopped])
DRV - [2008/04/13 14:56:49 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\usb8023x.sys -- (usb_rndisx [On_Demand | Stopped])
DRV - [2007/03/28 20:29:10 | 00,037,864 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\DRIVERS\v2imount.sys -- (v2imount [Auto | Stopped])
DRV - [2005/04/03 22:36:52 | 00,009,887 | ---- | M] (Ken Kato) -- C:\Software\Vfd\vfd.sys -- (VirtualFD [Auto | Stopped])
DRV - [2007/10/05 12:18:30 | 00,014,072 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\DRIVERS\vproeventmonitor.sys -- (VProEventMonitor [On_Demand | Stopped])
DRV - [2006/11/06 19:04:56 | 00,028,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\wceusbsh.sys -- (wceusbsh [On_Demand | Stopped])
DRV - [2007/03/28 20:49:42 | 00,128,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\wimfltr.sys -- (WimFltr [On_Demand | Stopped])
DRV - [2003/11/17 15:58:02 | 00,680,704 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys -- (winachsf [On_Demand | Stopped])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=3071004
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/hws/sb/dell-usuk-rel...html?channel=us
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=3071004


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=3071004
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=3071004
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=3071004
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=3071004
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-44841190-993897197-239473776-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=3071004
IE - HKU\S-1-5-21-44841190-993897197-239473776-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-44841190-993897197-239473776-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com/hws/sb/dell-usuk-rel...html?channel=us
IE - HKU\S-1-5-21-44841190-993897197-239473776-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-44841190-993897197-239473776-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKU\S-1-5-21-44841190-993897197-239473776-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=3071004
IE - HKU\S-1-5-21-44841190-993897197-239473776-1005\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-44841190-993897197-239473776-1005\S-1-5-21-44841190-993897197-239473776-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-44841190-993897197-239473776-1005\S-1-5-21-44841190-993897197-239473776-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official"


FF - HKLM\software\mozilla\Mozilla Firefox 2.0\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2008/09/10 12:48:10 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 2.0\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/02/07 15:36:35 | 00,000,000 | ---D | M]

[2008/05/09 09:56:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bucky\Application Data\mozilla\Firefox\Profiles\x47y4wsl.default\extensions
[2008/05/09 09:56:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bucky\Application Data\mozilla\Firefox\Profiles\x47y4wsl.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2008/10/22 07:40:17 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2008/05/09 09:40:21 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2008/05/09 09:40:15 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008/10/22 07:40:17 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2008/05/09 09:40:15 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\real-networks@partners.mozilla.com
[2008/05/09 09:40:17 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\talkback@mozilla.org
[2006/10/11 04:04:58 | 00,061,036 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jar50.dll
[2006/10/11 04:04:59 | 00,048,742 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jsd3250.dll
[2006/10/11 04:05:03 | 00,029,313 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\myspell.dll
[2006/10/11 04:05:03 | 00,041,082 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\spellchk.dll
[2006/10/11 04:04:58 | 00,166,510 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\xpinstal.dll
[2006/10/11 04:05:04 | 00,001,514 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2006/10/11 04:05:04 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2006/10/11 04:05:04 | 00,001,038 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2006/10/11 04:05:04 | 00,001,046 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2006/10/11 04:05:04 | 00,002,320 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2008/09/03 16:41:08 | 00,000,686 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\GoogleDesktopMozilla.png
[2008/09/03 16:41:08 | 00,000,531 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\GoogleDesktopMozilla.src
[2006/10/11 04:05:04 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - Reg Error: Key error. File not found
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (Cole2k Media Toolbar Helper) - {C672F4AB-780B-45C0-BAEC-91F455C86F8D} - C:\Program Files\Cole2k Media Toolbar\v3.2.0.0\Cole2k_Media_Toolbar.dll ()
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Cole2k Media Toolbar) - {2D2DE234-AB9F-4345-9D17-94FA78BA37E3} - C:\Program Files\Cole2k Media Toolbar\v3.2.0.0\Cole2k_Media_Toolbar.dll ()
O3 - HKLM\..\Toolbar: (Refresh Bar) - {6F2DB0CA-D4CA-455B-9F0B-DB135C875345} - C:\Program Files\Refresh Bar\IERefresh.dll ()
O3 - HKU\S-1-5-21-44841190-993897197-239473776-1005\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKU\S-1-5-21-44841190-993897197-239473776-1005\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKU\S-1-5-21-44841190-993897197-239473776-1005\..\Toolbar\WebBrowser: (no name) - {2D2DE234-AB9F-4345-9D17-94FA78BA37E3} - C:\Program Files\Cole2k Media Toolbar\v3.2.0.0\Cole2k_Media_Toolbar.dll ()
O3 - HKU\S-1-5-21-44841190-993897197-239473776-1005\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - Reg Error: Key error. File not found
O3 - HKU\S-1-5-21-44841190-993897197-239473776-1005\..\Toolbar\WebBrowser: (no name) - {6F2DB0CA-D4CA-455B-9F0B-DB135C875345} - C:\Program Files\Refresh Bar\IERefresh.dll ()
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun (Brother Industries, Ltd.)
O4 - HKLM..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter (SupportSoft, Inc.)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
O4 - HKLM..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" ( )
O4 - HKLM..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKLM..\Run: [FileZilla Server Interface] "C:\Program Files\FileZilla Server\FileZilla Server Interface.exe" (FileZilla Project)
O4 - HKLM..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup (Google)
O4 - HKLM..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" (Microsoft Corporation)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start (InstallShield Software Corporation)
O4 - HKLM..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey (McAfee, Inc.)
O4 - HKLM..\Run: [MediaFace Integration] C:\Program Files\Fellowes\MediaFACE 5.0\SetHook.exe (Fellowes, Inc.)
O4 - HKLM..\Run: [Norton Ghost 12.0] "C:\Program Files\Norton Ghost\Agent\VProTray.exe" (Symantec Corporation)
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [PC Pitstop Optimize Reminder] C:\Program Files\PCPitstop\Optimize2\Reminder.exe ()
O4 - HKLM..\Run: [ProType] "C:\Program Files\Razer Pro Solutions\ProType\razerhid.exe" ()
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot (Scansoft, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot (RealNetworks, Inc.)
O4 - HKLM..\Run: [TotalRecorderScheduler] "C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe" (High Criteria inc.)
O4 - HKU\S-1-5-21-44841190-993897197-239473776-1005..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter (SupportSoft, Inc.)
O4 - HKU\S-1-5-21-44841190-993897197-239473776-1005..\Run: [DriverCure] C:\Program Files\ParetoLogic\DriverCure\DriverCure.exe -scan (ParetoLogic)
O4 - HKU\S-1-5-21-44841190-993897197-239473776-1005..\Run: [Gizmo5] "C:\Program Files\Gizmo5\Gizmo5.exe" ()
O4 - HKU\S-1-5-21-44841190-993897197-239473776-1005..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" (Microsoft Corporation)
O4 - HKU\S-1-5-21-44841190-993897197-239473776-1005..\Run: [MoneyBackgoundBanking] "C:\Program Files\Microsoft Money Plus\MNYCoreFiles\mnybbsvc.exe" (Microsoft® Corporation)
O4 - HKU\S-1-5-21-44841190-993897197-239473776-1005..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation)
O4 - HKU\S-1-5-21-44841190-993897197-239473776-1005..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-21-44841190-993897197-239473776-1005..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\S-1-5-21-44841190-993897197-239473776-1005..\Run: [TivoNotify] "C:\Program Files\TiVo\Desktop\TiVoNotify.exe" /service /registry /auto:TivoNotify (TiVo Inc.)
O4 - HKU\S-1-5-21-44841190-993897197-239473776-1005..\Run: [TivoServer] "C:\Program Files\TiVo\Desktop\TiVoServer.exe" /service /registry /auto:TivoServer (TiVo Inc.)
O4 - HKU\S-1-5-21-44841190-993897197-239473776-1005..\Run: [TivoTransfer] "C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe" /service /registry /auto:TivoTransfer (TiVo Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NDAS Device Management.lnk = C:\Program Files\NDAS\System\ndasmgmt.exe (XIMETA, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SqueezeCenter Tray Tool.lnk = C:\Program Files\SqueezeCenter\SqueezeTray.exe (SlimDevices - A Logitech Company)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe (Yahoo! Inc.)
O4 - Startup: C:\Documents and Settings\Bucky\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Bucky\Start Menu\Programs\Startup\Outlook Express.lnk = C:\Program Files\Outlook Express\msimn.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Bucky\Start Menu\Programs\Startup\Shortcut to PDW2_16.lnk = C:\Software\fPDW\PDW2_16.exe (WitWarez)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-44841190-993897197-239473776-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 153
O7 - HKU\S-1-5-21-44841190-993897197-239473776-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O7 - HKU\S-1-5-21-44841190-993897197-239473776-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKU\S-1-5-21-44841190-993897197-239473776-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogOff = 0
O7 - HKU\S-1-5-21-44841190-993897197-239473776-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000 (Microsoft Corporation)
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Refresh Bar - {F009BAD5-2FAF-4E10-B7AA-61A22524AC30} - C:\Program Files\Refresh Bar\IERefresh.dll ()
O9 - Extra 'Tools' menuitem : Refresh Bar - {F009BAD5-2FAF-4E10-B7AA-61A22524AC30} - Reg Error: Value error. File not found
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-44841190-993897197-239473776-1005\..Trusted Domains: //@surf.mar@ ([]money in Local intranet)
O15 - HKU\S-1-5-21-44841190-993897197-239473776-1005\..Trusted Domains: //@surf.mar@/ ([]money in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/products/plugin/1.4/ji...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} http://java.sun.com/products/plugin/1.4/ji...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcpitstop.com/Optimize2/pcpitstop2.dll (PCPitstop Exam)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Interfaces\{3017DDE9-5F11-42EF-B6B7-380BA331FE0B}\\NameServer = 4.2.2.1,66.93.87.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Interfaces\{D15B63C3-03C7-45FA-AABC-6137BB6D1C71}\\NameServer = 192.168.1.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - x-sdch - Reg Error: Key error. File not found
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 05:43:04 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun\command - "" = E:\setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/05/05 15:20:07 | 00,286,208 | ---- | C] () -- C:\Documents and Settings\Bucky\Desktop\vxsmo1bt.exe
[2009/05/05 15:13:15 | 00,000,000 | ---D | C] -- C:\_OTListIt
[2009/05/05 15:12:32 | 00,501,248 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Bucky\Desktop\OTListIt2.exe
[2009/05/05 15:12:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bucky\Desktop\NDAS Data 300GB (Y)
[2009/05/05 15:11:08 | 00,001,487 | ---- | C] () -- C:\Documents and Settings\Bucky\Desktop\Windows Explorer.lnk
[2009/05/05 14:25:36 | 17,769,070 | R--- | C] () -- C:\Documents and Settings\Bucky\My Documents\My Money Backup_2009-05-05_142535.mbf
[2009/05/05 14:18:23 | 17,703,518 | R--- | C] () -- C:\Documents and Settings\Bucky\My Documents\My Money Backup_2009-05-05_141821.mbf
[2009/05/05 14:17:29 | 03,853,300 | R--- | C] () -- C:\Documents and Settings\Bucky\My Documents\My Money5 Backup.mbf
[2009/05/03 01:21:23 | 00,016,086 | ---- | C] () -- C:\Documents and Settings\Bucky\My Documents\CDC2_Ph1_FLASH_List.csv
[2009/04/29 21:19:35 | 17,769,071 | R--- | C] () -- C:\Documents and Settings\Bucky\My Documents\My Money Backup_2009-04-29_211933.mbf
[2009/04/28 00:45:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2009/04/28 00:44:44 | 00,000,780 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/04/28 00:44:30 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2009/04/28 00:44:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bucky\Application Data\SUPERAntiSpyware.com
[2009/04/23 07:22:28 | 00,011,125 | ---- | C] () -- C:\Documents and Settings\Bucky\My Documents\Copy of Hardware Organization.xlsx
[2009/04/19 17:45:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bucky\Application Data\Malwarebytes
[2009/04/19 17:45:49 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/04/19 17:45:49 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/04/19 17:45:47 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/04/19 17:45:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/04/19 17:45:45 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/04/19 11:31:40 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Bucky\Desktop\HijackThis.lnk
[2009/04/19 11:31:40 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/04/17 12:04:41 | 00,010,579 | ---- | C] () -- C:\Documents and Settings\Bucky\My Documents\After EMC.docx
[2009/04/14 19:53:45 | 00,401,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcss.dll
[2009/04/14 19:53:45 | 00,284,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pdh.dll
[2009/04/14 19:53:45 | 00,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\services.exe
[2009/04/14 19:53:45 | 00,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sc.exe
[2009/04/14 19:53:44 | 00,729,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lsasrv.dll
[2009/04/14 19:53:44 | 00,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\advapi32.dll
[2009/04/14 19:53:44 | 00,473,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fastprox.dll
[2009/04/14 19:53:44 | 00,453,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvsd.dll
[2009/04/14 19:53:44 | 00,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvse.exe
[2009/04/14 19:53:43 | 00,714,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntdll.dll
[2009/04/14 19:46:46 | 01,203,922 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sysmain.sdb
[2009/04/14 19:46:46 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsp4res.dll
[2009/04/14 19:46:45 | 00,215,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wordpad.exe
[2009/04/07 20:56:31 | 00,000,000 | ---D | C] -- C:\Program Files\TaxCut08
[2009/03/30 14:51:28 | 00,630,784 | ---- | C] () -- C:\WINDOWS\System32\ast54.dll
[2009/03/30 14:51:28 | 00,585,728 | ---- | C] () -- C:\WINDOWS\System32\posix.dll
[2008/11/19 16:11:49 | 00,154,624 | ---- | C] () -- C:\WINDOWS\System32\ch_notification.dll
[2008/11/19 16:11:30 | 00,010,688 | ---- | C] () -- C:\WINDOWS\System32\drivers\packet.sys
[2008/11/04 15:22:50 | 00,000,466 | ---- | C] () -- C:\WINDOWS\DcmLtBox.ini
[2008/10/08 10:04:14 | 00,000,104 | ---- | C] () -- C:\WINDOWS\POSTER.INI
[2008/04/28 18:49:17 | 00,000,090 | ---- | C] () -- C:\WINDOWS\ka.ini
[2008/04/28 18:49:11 | 00,063,488 | ---- | C] () -- C:\WINDOWS\System32\xobglu16.dll
[2008/04/28 18:49:11 | 00,023,552 | ---- | C] () -- C:\WINDOWS\System32\xobglu32.dll
[2008/04/11 00:00:15 | 00,000,028 | ---- | C] () -- C:\WINDOWS\pdf995.ini
[2008/04/09 21:43:26 | 00,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2008/04/09 21:43:26 | 00,000,142 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2008/03/21 18:29:30 | 01,022,828 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/12/29 10:56:38 | 00,000,110 | ---- | C] () -- C:\WINDOWS\System32\winsdengzs.dll
[2007/11/27 22:39:20 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\pdfxp.dll
[2007/11/17 00:54:28 | 00,000,031 | ---- | C] () -- C:\WINDOWS\precision_tile.ini
[2007/11/10 01:02:24 | 00,002,828 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2007/11/10 01:02:24 | 00,000,088 | RHS- | C] () -- C:\WINDOWS\System32\5674D3220D.sys
[2007/11/07 23:58:07 | 00,000,426 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2007/11/07 23:57:47 | 00,001,116 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2007/11/07 23:57:47 | 00,000,148 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2007/11/07 23:57:34 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\BRTCPCON.DLL
[2007/11/07 23:57:33 | 00,000,114 | ---- | C] () -- C:\WINDOWS\System32\BRLMW03A.INI
[2007/11/07 23:57:10 | 00,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll
[2007/11/07 23:55:34 | 00,027,019 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2007/10/20 23:52:49 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/10/19 23:06:54 | 00,215,144 | R--- | C] () -- C:\WINDOWS\patchw32.dll
[2007/10/19 23:06:38 | 00,215,144 | R--- | C] () -- C:\WINDOWS\pw32a.dll
[2007/10/19 21:17:24 | 00,210,944 | ---- | C] () -- C:\WINDOWS\System32\Msvcrt10.dll
[2007/10/12 13:10:02 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2007/10/04 21:08:55 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2007/10/04 21:02:26 | 00,000,126 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/10/04 20:38:34 | 00,090,112 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2007/10/04 20:37:41 | 00,001,123 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2007/02/26 17:24:20 | 00,220,672 | ---- | C] () -- C:\WINDOWS\System32\dxr.dll
[2007/02/26 17:22:42 | 00,150,528 | ---- | C] () -- C:\WINDOWS\System32\mkx.dll
[2007/02/26 17:22:36 | 00,110,592 | ---- | C] () -- C:\WINDOWS\System32\avi.dll
[2007/02/26 17:22:34 | 00,106,496 | ---- | C] () -- C:\WINDOWS\System32\avss.dll
[2007/02/26 17:22:30 | 00,141,312 | ---- | C] () -- C:\WINDOWS\System32\mp4.dll
[2007/02/26 17:22:24 | 00,123,392 | ---- | C] () -- C:\WINDOWS\System32\ogm.dll
[2007/02/26 17:22:14 | 00,159,744 | ---- | C] () -- C:\WINDOWS\System32\mmfinfo.dll
[2007/02/26 17:22:04 | 00,151,552 | ---- | C] () -- C:\WINDOWS\System32\ts.dll
[2007/02/26 17:21:46 | 00,099,840 | ---- | C] () -- C:\WINDOWS\System32\avs.dll
[2007/02/26 17:21:38 | 00,079,360 | ---- | C] () -- C:\WINDOWS\System32\mkzlib.dll
[2007/02/26 17:21:38 | 00,023,552 | ---- | C] () -- C:\WINDOWS\System32\mkunicode.dll
[2007/02/12 15:21:22 | 01,196,544 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2007/02/12 15:21:22 | 00,200,192 | ---- | C] () -- C:\WINDOWS\System32\audxlib.dll
[2007/02/12 15:21:22 | 00,125,952 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2007/02/12 15:21:22 | 00,123,904 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2007/02/12 15:21:22 | 00,122,880 | ---- | C] () -- C:\WINDOWS\System32\ff_samplerate.dll
[2007/02/12 15:21:22 | 00,096,256 | ---- | C] () -- C:\WINDOWS\System32\ff_libdts.dll
[2007/02/12 15:21:22 | 00,064,000 | ---- | C] () -- C:\WINDOWS\System32\ff_realaac.dll
[2007/02/12 15:21:22 | 00,059,904 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll
[2007/02/12 15:21:22 | 00,054,784 | ---- | C] () -- C:\WINDOWS\System32\ff_libmad.dll
[2007/02/12 15:21:22 | 00,039,424 | ---- | C] () -- C:\WINDOWS\System32\ff_kernelDeint.dll
[2007/02/12 15:21:22 | 00,038,400 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2007/02/12 15:21:22 | 00,038,400 | ---- | C] () -- C:\WINDOWS\System32\ff_unrar.dll
[2007/02/12 15:21:22 | 00,036,352 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2007/02/12 15:21:22 | 00,019,456 | ---- | C] () -- C:\WINDOWS\System32\ff_liba52.dll
[2007/02/12 15:21:22 | 00,015,360 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2007/02/12 15:21:22 | 00,010,752 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2007/02/12 15:21:22 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2006/06/07 17:52:08 | 00,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2005/08/16 05:37:24 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/08/16 05:18:43 | 00,000,624 | ---- | C] () -- C:\WINDOWS\win.ini
[2005/08/16 05:18:41 | 00,000,231 | ---- | C] () -- C:\WINDOWS\system.ini
[2005/08/05 15:01:54 | 00,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/02/17 13:41:32 | 00,000,603 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2005/02/17 13:41:30 | 00,000,593 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
[2005/01/13 11:19:52 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/05/24 18:04:00 | 00,147,456 | ---- | C] () -- C:\WINDOWS\System32\lttls13n.dll
[2004/05/24 18:03:00 | 00,708,608 | ---- | C] () -- C:\WINDOWS\System32\ltcry13n.dll
[2004/05/24 18:01:00 | 00,118,784 | ---- | C] () -- C:\WINDOWS\System32\lfkodak.dll
[2004/05/24 18:00:00 | 00,338,944 | ---- | C] () -- C:\WINDOWS\System32\lffpx7.dll
[2002/03/04 11:16:34 | 00,110,592 | R--- | C] () -- C:\WINDOWS\System32\Jpeg32.dll
[2001/11/14 14:56:00 | 01,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
[1999/01/22 14:46:58 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1998/01/12 04:00:00 | 00,040,448 | ---- | C] () -- C:\WINDOWS\System32\REGOBJ.DLL

========== Files - Modified Within 30 Days ==========

[3 C:\WINDOWS\System32\*.tmp files]
[1 C:\WINDOWS\*.tmp files]
[5 C:\Documents and Settings\Bucky\My Documents\*.tmp files]
[2009/05/05 15:33:25 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\Bucky\Local Settings\desktop.ini
[2009/05/05 15:33:14 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/05/05 15:31:05 | 00,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{0EF1AC25-DDCF-4AC4-8B15-BBB0FA820EE3}.job
[2009/05/05 15:30:34 | 00,410,574 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/05/05 15:30:34 | 00,065,044 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/05/05 15:30:33 | 00,483,924 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/05/05 15:27:19 | 00,039,370 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2009/05/05 15:26:50 | 00,039,472 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/05/05 15:26:17 | 00,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2009/05/05 15:26:15 | 00,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachine.job
[2009/05/05 15:25:54 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/05/05 15:20:13 | 00,286,208 | ---- | M] () -- C:\Documents and Settings\Bucky\Desktop\vxsmo1bt.exe
[2009/05/05 14:55:12 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bucky\Desktop\OTListIt2.exe
[2009/05/05 14:25:40 | 17,764,352 | ---- | M] () -- C:\Documents and Settings\Bucky\My Documents\My Money5.mny
[2009/05/05 14:25:37 | 17,769,070 | R--- | M] () -- C:\Documents and Settings\Bucky\My Documents\My Money Backup_2009-05-05_142535.mbf
[2009/05/05 14:18:24 | 17,703,518 | R--- | M] () -- C:\Documents and Settings\Bucky\My Documents\My Money Backup_2009-05-05_141821.mbf
[2009/05/05 14:17:42 | 03,853,300 | R--- | M] () -- C:\Documents and Settings\Bucky\My Documents\My Money5 Backup.mbf
[2009/05/04 20:08:29 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/05/03 13:25:51 | 00,004,096 | -HS- | M] () -- C:\VSNAP.IDX
[2009/05/03 13:23:08 | 00,001,732 | -H-- | M] () -- C:\Documents and Settings\Bucky\My Documents\Default.rdp
[2009/05/03 09:11:18 | 00,011,167 | ---- | M] () -- C:\Documents and Settings\Bucky\My Documents\Hardware Organization.xlsx
[2009/05/03 04:22:09 | 00,000,380 | ---- | M] () -- C:\WINDOWS\tasks\DriverCure.job
[2009/05/03 01:21:24 | 00,016,086 | ---- | M] () -- C:\Documents and Settings\Bucky\My Documents\CDC2_Ph1_FLASH_List.csv
[2009/05/03 00:33:10 | 00,000,416 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Update Version2.job
[2009/05/02 18:00:19 | 00,000,442 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Registration.job
[2009/05/01 01:03:36 | 00,000,332 | ---- | M] () -- C:\WINDOWS\tasks\McQcTask.job
[2009/04/29 21:19:36 | 17,769,071 | R--- | M] () -- C:\Documents and Settings\Bucky\My Documents\My Money Backup_2009-04-29_211933.mbf
[2009/04/29 12:44:14 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/04/28 00:44:44 | 00,000,780 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/04/23 07:22:28 | 00,011,125 | ---- | M] () -- C:\Documents and Settings\Bucky\My Documents\Copy of Hardware Organization.xlsx
[2009/04/22 17:59:07 | 00,000,213 | ---- | M] () -- C:\Documents and Settings\Bucky\My Documents\NDAS 300GB Data drive.ndas
[2009/04/19 17:45:49 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/04/19 17:38:44 | 00,062,976 | ---- | M] () -- C:\Documents and Settings\Bucky\My Documents\philiesphans_phrases.doc
[2009/04/19 17:38:39 | 00,009,191 | ---- | M] () -- C:\Documents and Settings\Bucky\My Documents\Verizon_Wireless_Minutes.xlsx
[2009/04/19 11:31:40 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Bucky\Desktop\HijackThis.lnk
[2009/04/17 12:16:03 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/04/17 12:04:47 | 00,010,579 | ---- | M] () -- C:\Documents and Settings\Bucky\My Documents\After EMC.docx
[2009/04/16 15:10:39 | 00,000,426 | ---- | M] () -- C:\WINDOWS\BRWMARK.INI
[2009/04/15 01:50:38 | 00,000,340 | ---- | M] () -- C:\WINDOWS\tasks\McDefragTask.job
[2009/04/14 21:39:58 | 00,000,624 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/04/06 15:32:54 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/04/06 15:32:46 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/04/06 10:57:24 | 24,921,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Bucky\Desktop\Shortcut to dj.exe.pif:SummaryInformation
@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Bucky\Desktop\Advisor II Programming.pif:SummaryInformation
@Alternate Data Stream - 846 bytes -> C:\Documents and Settings\All Users\Application Data\DRM:uFTUnEfoW8HbhZzI01
< End of report >

#5 buckyswider

buckyswider
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:21 PM

Posted 05 May 2009 - 08:02 PM

And here is the GMER log:

GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-05-05 20:54:40
Windows 5.1.2600 Service Pack 3


---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\winlogon.exe[312] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 1000398C
.text C:\WINDOWS\system32\winlogon.exe[312] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 100038B8
.text C:\WINDOWS\system32\winlogon.exe[312] WS2_32.dll!send 71AB4C27 5 Bytes JMP 10002FFC
.text C:\WINDOWS\system32\winlogon.exe[312] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 10002744
.text C:\WINDOWS\system32\winlogon.exe[312] WS2_32.dll!recv 71AB676F 5 Bytes JMP 100026BC
.text C:\WINDOWS\system32\winlogon.exe[312] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10003880
.text C:\WINDOWS\system32\savedump.exe[368] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 1000398C
.text C:\WINDOWS\system32\savedump.exe[368] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 100038B8
.text C:\WINDOWS\system32\savedump.exe[368] ws2_32.dll!send 71AB4C27 5 Bytes JMP 10002FFC
.text C:\WINDOWS\system32\savedump.exe[368] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 10002744
.text C:\WINDOWS\system32\savedump.exe[368] ws2_32.dll!recv 71AB676F 5 Bytes JMP 100026BC
.text C:\WINDOWS\system32\savedump.exe[368] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10003880
.text C:\WINDOWS\system32\lsass.exe[376] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 1000398C
.text C:\WINDOWS\system32\lsass.exe[376] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 100038B8
.text C:\WINDOWS\system32\lsass.exe[376] WS2_32.dll!send 71AB4C27 5 Bytes JMP 10002FFC
.text C:\WINDOWS\system32\lsass.exe[376] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 10002744
.text C:\WINDOWS\system32\lsass.exe[376] WS2_32.dll!recv 71AB676F 5 Bytes JMP 100026BC
.text C:\WINDOWS\system32\lsass.exe[376] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10003880
.text C:\WINDOWS\system32\svchost.exe[556] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 1000398C
.text C:\WINDOWS\system32\svchost.exe[556] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 100038B8
.text C:\WINDOWS\system32\svchost.exe[556] ws2_32.dll!send 71AB4C27 5 Bytes JMP 10002FFC
.text C:\WINDOWS\system32\svchost.exe[556] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 10002744
.text C:\WINDOWS\system32\svchost.exe[556] ws2_32.dll!recv 71AB676F 5 Bytes JMP 100026BC
.text C:\WINDOWS\system32\svchost.exe[556] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10003880
.text C:\WINDOWS\system32\svchost.exe[608] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 1000398C
.text C:\WINDOWS\system32\svchost.exe[608] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 100038B8
.text C:\WINDOWS\system32\svchost.exe[608] ws2_32.dll!send 71AB4C27 5 Bytes JMP 10002FFC
.text C:\WINDOWS\system32\svchost.exe[608] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 10002744
.text C:\WINDOWS\system32\svchost.exe[608] ws2_32.dll!recv 71AB676F 5 Bytes JMP 100026BC
.text C:\WINDOWS\system32\svchost.exe[608] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10003880
.text C:\WINDOWS\system32\svchost.exe[696] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 1000398C
.text C:\WINDOWS\system32\svchost.exe[696] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 100038B8
.text C:\WINDOWS\system32\svchost.exe[696] ws2_32.dll!send 71AB4C27 5 Bytes JMP 10002FFC
.text C:\WINDOWS\system32\svchost.exe[696] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 10002744
.text C:\WINDOWS\system32\svchost.exe[696] ws2_32.dll!recv 71AB676F 5 Bytes JMP 100026BC
.text C:\WINDOWS\system32\svchost.exe[696] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10003880
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[744] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 1000398C
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[744] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 100038B8
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[744] WS2_32.dll!send 71AB4C27 5 Bytes JMP 10002FFC
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[744] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 10002744
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[744] WS2_32.dll!recv 71AB676F 5 Bytes JMP 100026BC
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[744] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10003880
.text C:\WINDOWS\Explorer.EXE[1020] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 1000398C
.text C:\WINDOWS\Explorer.EXE[1020] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 100038B8
.text C:\WINDOWS\Explorer.EXE[1020] ws2_32.dll!send 71AB4C27 5 Bytes JMP 10002FFC
.text C:\WINDOWS\Explorer.EXE[1020] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 10002744
.text C:\WINDOWS\Explorer.EXE[1020] ws2_32.dll!recv 71AB676F 5 Bytes JMP 100026BC
.text C:\WINDOWS\Explorer.EXE[1020] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10003880
.text C:\WINDOWS\notepad.exe[1400] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 1000398C
.text C:\WINDOWS\notepad.exe[1400] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 100038B8
.text C:\WINDOWS\notepad.exe[1400] ws2_32.dll!send 71AB4C27 5 Bytes JMP 10002FFC
.text C:\WINDOWS\notepad.exe[1400] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 10002744
.text C:\WINDOWS\notepad.exe[1400] ws2_32.dll!recv 71AB676F 5 Bytes JMP 100026BC
.text C:\WINDOWS\notepad.exe[1400] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10003880

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs ndasfs.sys (NDAS LFS Filter/XIMETA, Inc.)

AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 symsnap.sys (StorageCraft Volume Snap-Shot/StorageCraft)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 symsnap.sys (StorageCraft Volume Snap-Shot/StorageCraft)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 symsnap.sys (StorageCraft Volume Snap-Shot/StorageCraft)

Device \FileSystem\ndasrofs \Device\NdasRofsControl ndasfs.sys (NDAS LFS Filter/XIMETA, Inc.)
Device \FileSystem\Fastfat \Fat B9884D20

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat symsnap.sys (StorageCraft Volume Snap-Shot/StorageCraft)

Device \FileSystem\Cdfs \Cdfs B9A8D400
Device \FileSystem\ndasrofs \NdasRofs ndasfs.sys (NDAS LFS Filter/XIMETA, Inc.)

---- EOF - GMER 1.0.15 ----

#6 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:10:21 PM

Posted 06 May 2009 - 08:51 AM

Please download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
  • Open JavaRa.exe again and select Search For Updates.
  • Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.

===============


Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
  • Doubleclick the drweb-cureit.exe file and Allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, mark the drives that you want to scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow at the right, and the scan will start.
  • Click 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, in the menu, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.
Please post the contents of the log from DrWeb in your next reply.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#7 buckyswider

buckyswider
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:21 PM

Posted 07 May 2009 - 07:58 PM

Hello again Sam! Weird, I have "enable email notification" checked, but I still didn't get an email! I'm glad I came back to look!!!

Anyhow, I was able to uninstall all the previous Java. Upon reinstall, I received a pop-up:

"(Windows Installer) ! The System administrator has set policies to prevent this installation"

Undaundted, I proceded with Dr. Web. He seems to have identified some stuff. Hopefully they're not false positives and my demons are gone!!

Here is the log....I won't do anything else with the system until I get further instructions....

Thanks again!

gameconsoleservice.exe;c:\program files\wildtangent\apps\dell game console;Probably MULDROP.Trojan;Incurable.Deleted.;
SetupGamesClient.exe\data004;C:\Documents and Settings\All Users\Application Data\WildTangent\Dell Game Console\Downloads\Installers\SetupGamesClient.exe;Probably MULDROP.Trojan;;
SetupGamesClient.exe;C:\Documents and Settings\All Users\Application Data\WildTangent\Dell Game Console\Downloads\Installers;Archive contains infected objects;;
TivoDesktop.exe\data005;C:\Software\TivoDesktop.exe;Trojan.LydraSpy.origin;;
TivoDesktop.exe;C:\Software;Container contains infected objects;;
TivoDesktop2.exe\data005;C:\Software\TivoDesktop2.exe;Trojan.LydraSpy.origin;;
TivoDesktop2.exe;C:\Software;Container contains infected objects;;
vncviewer.exe;C:\Software;Program.RemoteAdmin;;
UBCD4WinV320.exe\data922;C:\Software\BootCD Stuff\UBCD4WinV320.exe;Trojan.MulDrop.origin;;
UBCD4WinV320.exe;C:\Software\BootCD Stuff;Archive contains infected objects;;
OrbSetup.exe\data012;C:\Software\DVD Software\OrbSetup.exe;Probably BACKDOOR.Trojan;;
OrbSetup.exe;C:\Software\DVD Software;Archive contains infected objects;;
A0094847.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP546;Probably MULDROP.Trojan;;
CurrProcess.exe;C:\UBCD4Win\BartPE\PROGRAMS\Applications;Tool.CurrProcess.110;;
ipscan.exe;C:\UBCD4Win\BartPE\PROGRAMS\IPScan;Tool.AngryIpscan;;
CurrProcess.exe;C:\UBCD4Win\oem1\GeoShell\files\Applications;Tool.CurrProcess.110;;
ipscan.exe;C:\UBCD4Win\plugin\Network\ipscan;Tool.AngryIpscan;;
vncviewer.exe;C:\UBCD4Win\plugin\Network\VNCServer;Program.RemoteAdmin.51;;
jwe.qbf;C:\WINDOWS;Trojan.DownLoad.36189;Deleted.;

#8 buckyswider

buckyswider
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:21 PM

Posted 07 May 2009 - 10:45 PM

FOLLOW UP: When I went to close Dr. Web, he informed me I had a few unresolved problems. I had given it the OK to repair two of the problems, but I got no other pop ups. So Dr. Web is still siting there waiting to be closed...

#9 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:10:21 PM

Posted 08 May 2009 - 11:19 AM

Just close DrWeb. What issues are you still having?

Please download GooredFix and save it to your Desktop. Double-click Goored.exe to run it. Select 1. Find Goored (no fix) by typing 1 and pressing Enter. A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called Goored.txt). Note: Do not run Option #2 yet.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#10 buckyswider

buckyswider
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:21 PM

Posted 08 May 2009 - 01:03 PM

Hi Sam, thanks once again. I don't know what issues I'm still having- I'm leaving the machine untouched until you give me that go-ahead to try to boot in normal mode.

Here is Goored:


GooredFix v1.92 by jpshortstuff
Log created at 13:57 on 08/05/2009 running Option #1 (Bucky)
Firefox version 2.0 (en-US)

=====Suspect Goored Entries=====

=====Dumping Registry Values=====

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 2.0\extensions]
"Plugins"="C:\Program Files\Mozilla Firefox\plugins"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 2.0\extensions]
"Components"="C:\Program Files\Mozilla Firefox\components"

#11 buckyswider

buckyswider
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:21 PM

Posted 08 May 2009 - 01:09 PM

Oh, one other thing- DrWeb is advising a need a restart. I will let it sit at the prompt awaiting further instructions.

Thanks again!

#12 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:10:21 PM

Posted 09 May 2009 - 01:06 PM

In that case, go ahead and reboot.

How is your computer behaving now?
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#13 buckyswider

buckyswider
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:21 PM

Posted 09 May 2009 - 03:07 PM

I rebooted into normal mode and it's still hosed...McAfee starts out in the tray, and then goes away. None of my programs in the strartup folder ran. Then BSOD. I'm back up in SAFE mode now.

Edited by buckyswider, 09 May 2009 - 08:07 PM.


#14 buckyswider

buckyswider
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:21 PM

Posted 09 May 2009 - 03:09 PM

Interesting. I can't get to McAfee.com even in safe mode.

#15 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:10:21 PM

Posted 10 May 2009 - 11:09 AM

I'm not entirely convinced that this is a malware issue.

Please click Start -> Run -> msconfig
Under the General tab select Diagnostic Startup.
Click Apply and then reboot your computer into normal mode.

If possible, run OTListIt in normal mode and post the resulting log.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users