Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

possibly infected with malware, has hijacked my gmail account


  • This topic is locked This topic is locked
16 replies to this topic

#1 gotterfunken

gotterfunken

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:46 AM

Posted 16 May 2009 - 05:43 PM

Hi, recently my Gmail account sent out the following email to everyone in my contacts list.

***************

Dear friend:
i would like to introduce a good company who trades mainly in electornic products.Now the company is under sales promotion,all the products are sold nearly at its cost.Original Products + Best Quality + Brand New + Warranty + Quick Shipping + 100% Secure . the price is a surprising happiness to you! It is realy a good chance for shopping, please contact them as soon as possible!!!!

The web address: <hxxp://www.electronics-brand.com>


**************

I am concerned that my computer might be infected or hijacked (I have changed all the passwords, etc. on that account but am not sure if the computer itself is infected. As you can probably tell, I am not very informed about these things and got here via several other links on this topic...apologies if it's not the appropriate place to post it!).
Here's the DDS log.I'd really appreciate any information or advice you could offer. Thank you!


DDS (Ver_09-05-14.01) - NTFSx86
Run by Dr. Josh at 17:32:56.44 on Sat 05/16/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13
Microsoft® Windows Vistaâ„¢ Home Basic 6.0.6001.1.1252.1.1033.18.3545.1744 [GMT -5:00]

AV: McAfee VirusScan Enterprise *On-access scanning enabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
SP: Lavasoft Ad-Watch Live! *enabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\STacSV.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\aestsrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\RUNDLL32.EXE
C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\Dr. Josh\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Program Files\McAfee\VirusScan Enterprise\scan32.exe
C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Last.fm\LastFM.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Users\Dr. Josh\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Dr. Josh\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://google.com/
uWindow Title = Internet Explorer provided by Dell
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan enterprise\scriptcl.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.19.0\gears.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [Google Update] "c:\users\dr. josh\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [Aim6]
uRun: [DW6] "c:\program files\the weather channel fw\desktop\DesktopWeather.exe"
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [QuickSet] c:\program files\dell\quickset\QuickSet.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [Dell DataSafe Online] "c:\program files\dell datasafe online\DataSafeOnline.exe" /m
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [ShStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE
mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\UdaterUI.exe" /StartedFromRunKey
mRun: [Dell Webcam Central] "c:\program files\dell webcam\dell webcam central\WebcamDell.exe" /mode2
mRun: [OA009Cfg.exe] OA009Cfg.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{14fcfe7c-ab86-428a-9d2e-bfb6f5a7aa6e}\Icon3E5562ED7.ico
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.19.0\gears.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
Notify: igfxcui - igfxdev.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\dr5bc6~1.jos\appdata\roaming\mozilla\firefox\profiles\vct331th.default\
FF - prefs.js: browser.startup.homepage - nytimes.com
FF - component: c:\program files\google\google gears\firefox\components\gears.dll
FF - plugin: c:\program files\google\update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\dr. josh\appdata\local\google\update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\users\dr. josh\appdata\roaming\mozilla\firefox\profiles\vct331th.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071303000006.dll
FF - plugin: c:\users\dr. josh\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\dr. josh\program files\dna\plugins\npbtdna.dll

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-5-3 64160]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_ae0b52e0\AEstSrv.exe [2009-3-8 81920]
R2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-9-23 155648]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-9 953168]
R2 SeaPort;SeaPort;c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-1-14 226656]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-3-12 24652]
R2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx32coinst,serviceStartProc --> RUNDLL32.EXE ykx32coinst,serviceStartProc [?]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2009-3-8 29736]
R3 NETw5v32;Intel® Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\system32\drivers\NETw5v32.sys [2009-3-8 3663360]
R3 OA009Ufd;Creative Camera OA009 Upper Filter Driver;c:\windows\system32\drivers\OA009Ufd.sys [2009-3-6 133632]
R3 OA009Vid;Creative Camera OA009 Function Driver;c:\windows\system32\drivers\OA009Vid.sys [2009-3-19 271552]
S2 gupdate1c9ab0c9fe741a0;Google Update Service (gupdate1c9ab0c9fe741a0);c:\program files\google\update\GoogleUpdate.exe [2009-3-22 133104]

=============== Created Last 30 ================

2009-05-16 17:19 <DIR> --d----- c:\program files\Trend Micro
2009-05-13 10:25 <DIR> --d----- c:\programdata\Spybot - Search & Destroy
2009-05-13 10:25 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-05-13 10:25 <DIR> --d----- c:\progra~2\Spybot - Search & Destroy
2009-05-08 17:19 <DIR> --d----- c:\program files\DivX
2009-05-08 17:19 <DIR> --d----- c:\program files\common files\DivX Shared
2009-05-07 07:37 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-05-03 12:05 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-05-03 08:29 <DIR> --d----- c:\program files\Netflix
2009-05-02 20:12 57,656 -------- c:\windows\system32\drivers\FilterPC.bmp
2009-05-02 20:12 24,995 -------- c:\windows\system32\drivers\FilterPC.jpg
2009-05-02 20:11 <DIR> --d----- c:\program files\Creative Live! Cam

==================== Find3M ====================

2009-05-16 17:09 51,200 a------- c:\windows\inf\infpub.dat
2009-05-16 17:09 143,360 a------- c:\windows\inf\infstrng.dat
2009-05-16 17:09 86,016 a------- c:\windows\inf\infstor.dat
2009-05-03 12:05 15,688 a------- c:\windows\system32\lsdelete.exe
2009-04-15 15:24 90,112 a------- c:\windows\system32\dpl100.dll
2009-04-15 15:24 823,296 a------- c:\windows\system32\divx_xx0c.dll
2009-04-15 15:24 823,296 a------- c:\windows\system32\divx_xx07.dll
2009-04-15 15:24 815,104 a------- c:\windows\system32\divx_xx0a.dll
2009-04-15 15:24 802,816 a------- c:\windows\system32\divx_xx11.dll
2009-04-15 15:24 684,032 a------- c:\windows\system32\DivX.dll
2009-04-07 15:01 514 a------- c:\users\dr5bc6~1.jos\appdata\roaming\wklnhst.dat
2009-04-06 12:30 410,984 a------- c:\windows\system32\deploytk.dll
2009-03-26 08:00 64,000 a------- c:\windows\system32\drivers\RTSTOR.sys
2009-03-22 12:18 56 a---h--- c:\programdata\ezsidmv.dat
2009-03-22 12:18 56 a---h--- c:\progra~2\ezsidmv.dat
2009-03-19 17:02 271,552 a------- c:\windows\system32\drivers\OA009Vid.sys
2009-03-19 16:32 23,400 a------- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-16 22:38 40,960 a------- c:\windows\apppatch\apihex86.dll
2009-03-16 22:38 13,824 a------- c:\windows\system32\apilogen.dll
2009-03-16 22:38 24,064 a------- c:\windows\system32\amxread.dll
2009-03-08 13:23 665,600 a------- c:\windows\inf\drvindex.dat
2009-03-08 13:23 15,872 a------- c:\windows\system32\hcrstco.dll
2009-03-08 13:23 8,704 a------- c:\windows\system32\hccoin.dll
2009-03-08 13:22 26,112 a------- c:\windows\system32\hidserv.dll
2009-03-08 13:22 22,016 a------- c:\windows\system32\hid.dll
2009-03-08 13:21 1,191,936 a------- c:\windows\system32\msxml3.dll
2009-03-08 13:20 468,992 a------- c:\windows\system32\newdev.dll
2009-03-08 13:20 74,752 a------- c:\windows\system32\newdev.exe
2009-03-08 13:20 180,224 a------- c:\windows\system32\scrobj.dll
2009-03-08 13:20 172,032 a------- c:\windows\system32\scrrun.dll
2009-03-08 13:20 155,648 a------- c:\windows\system32\wscript.exe
2009-03-08 13:20 135,168 a------- c:\windows\system32\cscript.exe
2009-03-08 13:20 90,112 a------- c:\windows\system32\wshext.dll
2009-03-08 13:18 1,645,568 a------- c:\windows\system32\connect.dll
2009-03-08 13:18 296,960 a------- c:\windows\system32\gdi32.dll
2009-03-08 13:17 2,927,104 a------- c:\windows\explorer.exe
2009-03-08 13:16 738,304 a------- c:\windows\system32\inetcomm.dll
2009-03-08 13:16 269,312 a------- c:\windows\system32\es.dll
2009-03-08 13:14 2,048 a------- c:\windows\system32\tzres.dll
2009-03-08 13:13 361,984 a------- c:\windows\system32\IPSECSVC.DLL
2009-03-08 13:11 303,616 a------- c:\windows\system32\wmpeffects.dll
2009-03-08 13:10 885,248 a------- c:\windows\system32\RacEngn.dll
2009-03-08 13:09 1,314,816 a------- c:\windows\system32\quartz.dll
2009-03-08 13:08 425,472 a------- c:\windows\system32\PhotoMetadataHandler.dll
2009-03-08 13:08 712,704 a------- c:\windows\system32\WindowsCodecs.dll
2009-03-08 13:08 347,648 a------- c:\windows\system32\WindowsCodecsExt.dll
2009-03-08 13:07 12,240,896 a------- c:\windows\system32\NlsLexicons0007.dll
2009-03-08 13:07 2,644,480 a------- c:\windows\system32\NlsLexicons0009.dll
2009-03-08 13:07 801,280 a------- c:\windows\system32\NaturalLanguage6.dll
2009-03-08 13:06 181,760 a------- c:\windows\system32\fsquirt.exe
2009-03-08 13:03 1,334,272 a------- c:\windows\system32\msxml6.dll
2009-03-08 13:02 2,868,736 a------- c:\windows\system32\mf.dll
2009-03-08 13:02 996,352 a------- c:\windows\system32\WMNetMgr.dll
2009-03-08 13:02 94,720 a------- c:\windows\system32\logagent.exe
2009-03-08 13:02 28,672 a------- c:\windows\system32\Apphlpdm.dll
2009-03-08 13:02 4,240,384 a------- c:\windows\system32\GameUXLegacyGDFs.dll
2009-03-08 13:02 2,154,496 a------- c:\windows\apppatch\AcGenral.dll
2009-03-08 13:02 1,695,744 a------- c:\windows\system32\gameux.dll
2009-03-08 13:02 541,696 a------- c:\windows\apppatch\AcLayers.dll
2009-03-08 13:02 460,288 a------- c:\windows\apppatch\AcSpecfc.dll
2009-03-08 13:02 173,056 a------- c:\windows\apppatch\AcXtrnal.dll
2009-03-08 13:02 52,736 a------- c:\windows\apppatch\iebrshim.dll
2009-03-08 13:00 408,064 a------- c:\windows\system32\msinfo32.exe
2009-03-08 12:59 2,560 a------- c:\windows\apppatch\AcRes.dll
2009-03-08 12:59 246,840 a------- c:\windows\system32\clfs.sys
2009-03-08 12:59 320,512 a------- c:\windows\system32\imapi2.dll
2009-03-08 12:59 177,208 a------- c:\windows\system32\halmacpi.dll
2009-03-08 12:59 141,880 a------- c:\windows\system32\halacpi.dll
2009-03-08 06:34 914,944 a------- c:\windows\system32\wininet.dll
2009-03-08 06:34 43,008 a------- c:\windows\system32\licmgr10.dll
2009-03-08 06:33 18,944 a------- c:\windows\system32\corpol.dll
2009-03-08 06:33 109,056 a------- c:\windows\system32\iesysprep.dll
2009-03-08 06:33 109,568 a------- c:\windows\system32\PDMSetup.exe
2009-03-08 06:33 132,608 a------- c:\windows\system32\ieUnatt.exe
2009-03-08 06:33 107,520 a------- c:\windows\system32\RegisterIEPKEYs.exe
2009-03-08 06:33 107,008 a------- c:\windows\system32\SetIEInstalledDate.exe
2009-03-08 06:33 103,936 a------- c:\windows\system32\SetDepNx.exe
2009-03-08 06:33 420,352 a------- c:\windows\system32\vbscript.dll
2009-03-08 06:32 72,704 a------- c:\windows\system32\admparse.dll
2009-03-08 06:32 71,680 a------- c:\windows\system32\iesetup.dll
2009-03-08 06:32 66,560 a------- c:\windows\system32\wextract.exe
2009-03-08 06:32 169,472 a------- c:\windows\system32\iexpress.exe
2009-03-08 06:31 34,816 a------- c:\windows\system32\imgutil.dll
2009-03-08 06:31 48,128 a------- c:\windows\system32\mshtmler.dll
2009-03-08 06:31 45,568 a------- c:\windows\system32\mshta.exe
2009-03-08 06:22 156,160 a------- c:\windows\system32\msls31.dll
2009-03-05 23:59 1,900,544 a------- c:\windows\system32\usbaaplrc.dll
2009-03-02 23:39 183,296 a------- c:\windows\system32\sdohlp.dll
2009-03-02 23:39 551,424 a------- c:\windows\system32\rpcss.dll
2009-03-02 23:39 26,112 a------- c:\windows\system32\printfilterpipelineprxy.dll
2009-03-02 23:37 3,600,880 a------- c:\windows\system32\ntkrnlpa.exe
2009-03-02 23:37 3,548,656 a------- c:\windows\system32\ntoskrnl.exe
2009-03-02 23:37 98,304 a------- c:\windows\system32\iasrecst.dll
2009-03-02 23:37 54,784 a------- c:\windows\system32\iasads.dll
2009-03-02 23:37 44,032 a------- c:\windows\system32\iasdatastore.dll
2009-03-02 22:04 666,624 a------- c:\windows\system32\printfilterpipelinesvc.exe
2009-03-02 21:38 17,408 a------- c:\windows\system32\iashost.exe
2008-01-20 21:57 174 a--sh--- c:\program files\desktop.ini
2006-11-02 07:39 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 07:39:34 A------- 287,440 c:\windows\inf\perflib\0409\perfh.dat

============= FINISH: 17:33:52.49 ===============

Attached Files


Edited by Orange Blossom, 11 February 2013 - 04:59 AM.
Deactivate link. ~ OB


BC AdBot (Login to Remove)

 


#2 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Staff Emeritus
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the &quot;Logic Free Zone&quot;, in Md, USA
  • Local time:01:46 AM

Posted 31 May 2009 - 01:41 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

R,
K
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)

#3 gotterfunken

gotterfunken
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:46 AM

Posted 31 May 2009 - 11:14 AM

DDS (Ver_09-05-14.01) - NTFSx86
Run by Dr. Josh at 11:07:29.97 on Sun 05/31/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1033.18.3545.1998 [GMT -5:00]

AV: McAfee VirusScan Enterprise *On-access scanning disabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
SP: Lavasoft Ad-Watch Live! *enabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\STacSV.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\Explorer.EXE
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\aestsrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\Dr. Josh\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\RUNDLL32.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Last.fm\LastFM.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Dr. Josh\Desktop\dds(2).scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://google.com/
uWindow Title = Internet Explorer provided by Dell
uInternet Settings,ProxyOverride = *.local
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan enterprise\scriptcl.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.21.0\gears.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [Google Update] "c:\users\dr. josh\appdata\local\google\update\GoogleUpdate.exe" /c
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [QuickSet] c:\program files\dell\quickset\QuickSet.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [ShStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE
mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\UdaterUI.exe" /StartedFromRunKey
mRun: [Dell Webcam Central] "c:\program files\dell webcam\dell webcam central\WebcamDell.exe" /mode2
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.21.0\gears.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
Notify: igfxcui - igfxdev.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\dr5bc6~1.jos\appdata\roaming\mozilla\firefox\profiles\vct331th.default\
FF - prefs.js: browser.search.selectedEngine - YouTube
FF - prefs.js: browser.startup.homepage - nytimes.com
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&q=
FF - component: c:\program files\google\google gears\firefox\components\gears.dll
FF - plugin: c:\program files\google\google updater\2.4.1591.6512\npCIDetect13.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\dr. josh\appdata\local\google\update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\users\dr. josh\appdata\roaming\mozilla\firefox\profiles\vct331th.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071303000006.dll
FF - plugin: c:\users\dr. josh\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\dr. josh\program files\dna\plugins\npbtdna.dll

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-5-3 64160]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-5-16 130424]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_ae0b52e0\AEstSrv.exe [2009-3-8 81920]
R2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-9-23 155648]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-9 1005904]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-5-16 348752]
R2 SeaPort;SeaPort;c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-5-19 240512]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-3-12 24652]
R2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx32coinst,serviceStartProc --> RUNDLL32.EXE ykx32coinst,serviceStartProc [?]
R3 NETw5v32;Intel® Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\system32\drivers\NETw5v32.sys [2009-3-8 3663360]
R3 OA009Ufd;Creative Camera OA009 Upper Filter Driver;c:\windows\system32\drivers\OA009Ufd.sys [2009-3-6 133632]
R3 OA009Vid;Creative Camera OA009 Function Driver;c:\windows\system32\drivers\OA009Vid.sys [2009-3-19 271552]
S2 gupdate1c9ab0c9fe741a0;Google Update Service (gupdate1c9ab0c9fe741a0);c:\program files\google\update\GoogleUpdate.exe [2009-3-22 133104]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2009-3-8 29736]

=============== Created Last 30 ================

2009-05-30 18:12 <DIR> --d----- c:\program files\VideoLAN
2009-05-29 09:45 <DIR> --d----- c:\programdata\Soulseek
2009-05-29 09:45 <DIR> --d----- c:\progra~2\Soulseek
2009-05-29 09:44 <DIR> --d----- c:\program files\SoulseekNS
2009-05-17 11:15 <DIR> --d----- c:\users\dr5bc6~1.jos\appdata\roaming\Foxit
2009-05-17 11:15 <DIR> --d----- c:\program files\Foxit Software
2009-05-17 09:59 <DIR> --d----- c:\programdata\NOS
2009-05-17 08:27 <DIR> --d----- c:\program files\Windows Installer Clean Up
2009-05-17 08:26 <DIR> --d----- c:\program files\MSECACHE
2009-05-17 08:05 <DIR> --d----- c:\windows\pss
2009-05-16 18:43 <DIR> --d----- c:\programdata\Symantec
2009-05-16 18:43 <DIR> --d----- c:\progra~2\Symantec
2009-05-16 18:37 159,600 a------- c:\windows\system32\drivers\pctgntdi.sys
2009-05-16 18:37 130,424 a------- c:\windows\system32\drivers\PCTCore.sys
2009-05-16 18:37 73,840 a------- c:\windows\system32\drivers\PCTAppEvent.sys
2009-05-16 18:37 64,392 a------- c:\windows\system32\drivers\pctplsg.sys
2009-05-16 18:37 <DIR> --d----- c:\program files\common files\PC Tools
2009-05-16 18:37 <DIR> --d----- c:\users\dr5bc6~1.jos\appdata\roaming\PC Tools
2009-05-16 18:37 <DIR> --d----- c:\programdata\PC Tools
2009-05-16 18:37 <DIR> --d----- c:\program files\Spyware Doctor
2009-05-16 18:37 <DIR> --d----- c:\progra~2\PC Tools
2009-05-16 18:36 <DIR> --d----- c:\program files\common files\Symantec Shared
2009-05-16 18:35 <DIR> --d----- c:\program files\Norton Security Scan
2009-05-16 18:35 <DIR> --d----- c:\programdata\Google
2009-05-16 18:34 <DIR> --d----- c:\programdata\Google Updater
2009-05-16 17:19 <DIR> --d----- c:\program files\Trend Micro
2009-05-13 10:25 <DIR> --d----- c:\programdata\Spybot - Search & Destroy
2009-05-13 10:25 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-05-13 10:25 <DIR> --d----- c:\progra~2\Spybot - Search & Destroy
2009-05-08 17:19 <DIR> --d----- c:\program files\DivX
2009-05-08 17:19 <DIR> --d----- c:\program files\common files\DivX Shared
2009-05-07 07:37 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-05-03 12:05 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-05-03 08:29 <DIR> --d----- c:\program files\Netflix
2009-05-02 20:12 57,656 -------- c:\windows\system32\drivers\FilterPC.bmp
2009-05-02 20:12 24,995 -------- c:\windows\system32\drivers\FilterPC.jpg
2009-05-02 20:11 <DIR> --d----- c:\program files\Creative Live! Cam

==================== Find3M ====================

2009-05-27 13:13 15,688 a------- c:\windows\system32\lsdelete.exe
2009-05-16 17:09 51,200 a------- c:\windows\inf\infpub.dat
2009-05-16 17:09 143,360 a------- c:\windows\inf\infstrng.dat
2009-05-16 17:09 86,016 a------- c:\windows\inf\infstor.dat
2009-04-15 15:24 90,112 a------- c:\windows\system32\dpl100.dll
2009-04-15 15:24 823,296 a------- c:\windows\system32\divx_xx0c.dll
2009-04-15 15:24 823,296 a------- c:\windows\system32\divx_xx07.dll
2009-04-15 15:24 815,104 a------- c:\windows\system32\divx_xx0a.dll
2009-04-15 15:24 802,816 a------- c:\windows\system32\divx_xx11.dll
2009-04-15 15:24 684,032 a------- c:\windows\system32\DivX.dll
2009-04-08 16:25 3,366,912 a------- c:\windows\system32\GPhotos.scr
2009-04-07 15:01 514 a------- c:\users\dr5bc6~1.jos\appdata\roaming\wklnhst.dat
2009-04-06 12:30 410,984 a------- c:\windows\system32\deploytk.dll
2009-03-22 12:18 56 a---h--- c:\programdata\ezsidmv.dat
2009-03-22 12:18 56 a---h--- c:\progra~2\ezsidmv.dat
2009-03-16 22:38 40,960 a------- c:\windows\apppatch\apihex86.dll
2009-03-16 22:38 13,824 a------- c:\windows\system32\apilogen.dll
2009-03-16 22:38 24,064 a------- c:\windows\system32\amxread.dll
2009-03-08 13:23 665,600 a------- c:\windows\inf\drvindex.dat
2009-03-08 13:23 15,872 a------- c:\windows\system32\hcrstco.dll
2009-03-08 13:23 8,704 a------- c:\windows\system32\hccoin.dll
2009-03-08 13:22 26,112 a------- c:\windows\system32\hidserv.dll
2009-03-08 13:22 22,016 a------- c:\windows\system32\hid.dll
2009-03-08 13:21 1,191,936 a------- c:\windows\system32\msxml3.dll
2009-03-08 13:20 468,992 a------- c:\windows\system32\newdev.dll
2009-03-08 13:20 74,752 a------- c:\windows\system32\newdev.exe
2009-03-08 13:20 180,224 a------- c:\windows\system32\scrobj.dll
2009-03-08 13:20 172,032 a------- c:\windows\system32\scrrun.dll
2009-03-08 13:20 155,648 a------- c:\windows\system32\wscript.exe
2009-03-08 13:20 135,168 a------- c:\windows\system32\cscript.exe
2009-03-08 13:20 90,112 a------- c:\windows\system32\wshext.dll
2009-03-08 13:18 1,645,568 a------- c:\windows\system32\connect.dll
2009-03-08 13:18 296,960 a------- c:\windows\system32\gdi32.dll
2009-03-08 13:17 2,927,104 a------- c:\windows\explorer.exe
2009-03-08 13:16 738,304 a------- c:\windows\system32\inetcomm.dll
2009-03-08 13:16 269,312 a------- c:\windows\system32\es.dll
2009-03-08 13:14 2,048 a------- c:\windows\system32\tzres.dll
2009-03-08 13:13 361,984 a------- c:\windows\system32\IPSECSVC.DLL
2009-03-08 13:11 303,616 a------- c:\windows\system32\wmpeffects.dll
2009-03-08 13:10 885,248 a------- c:\windows\system32\RacEngn.dll
2009-03-08 13:09 1,314,816 a------- c:\windows\system32\quartz.dll
2009-03-08 13:08 425,472 a------- c:\windows\system32\PhotoMetadataHandler.dll
2009-03-08 13:08 712,704 a------- c:\windows\system32\WindowsCodecs.dll
2009-03-08 13:08 347,648 a------- c:\windows\system32\WindowsCodecsExt.dll
2009-03-08 13:07 12,240,896 a------- c:\windows\system32\NlsLexicons0007.dll
2009-03-08 13:07 2,644,480 a------- c:\windows\system32\NlsLexicons0009.dll
2009-03-08 13:07 801,280 a------- c:\windows\system32\NaturalLanguage6.dll
2009-03-08 13:06 181,760 a------- c:\windows\system32\fsquirt.exe
2009-03-08 13:03 1,334,272 a------- c:\windows\system32\msxml6.dll
2009-03-08 13:02 2,868,736 a------- c:\windows\system32\mf.dll
2009-03-08 13:02 996,352 a------- c:\windows\system32\WMNetMgr.dll
2009-03-08 13:02 94,720 a------- c:\windows\system32\logagent.exe
2009-03-08 13:02 28,672 a------- c:\windows\system32\Apphlpdm.dll
2009-03-08 13:02 4,240,384 a------- c:\windows\system32\GameUXLegacyGDFs.dll
2009-03-08 13:02 2,154,496 a------- c:\windows\apppatch\AcGenral.dll
2009-03-08 13:02 1,695,744 a------- c:\windows\system32\gameux.dll
2009-03-08 13:02 541,696 a------- c:\windows\apppatch\AcLayers.dll
2009-03-08 13:02 460,288 a------- c:\windows\apppatch\AcSpecfc.dll
2009-03-08 13:02 173,056 a------- c:\windows\apppatch\AcXtrnal.dll
2009-03-08 13:02 52,736 a------- c:\windows\apppatch\iebrshim.dll
2009-03-08 13:00 408,064 a------- c:\windows\system32\msinfo32.exe
2009-03-08 12:59 2,560 a------- c:\windows\apppatch\AcRes.dll
2009-03-08 12:59 246,840 a------- c:\windows\system32\clfs.sys
2009-03-08 12:59 320,512 a------- c:\windows\system32\imapi2.dll
2009-03-08 12:59 177,208 a------- c:\windows\system32\halmacpi.dll
2009-03-08 12:59 141,880 a------- c:\windows\system32\halacpi.dll
2009-03-08 06:34 914,944 a------- c:\windows\system32\wininet.dll
2009-03-08 06:34 43,008 a------- c:\windows\system32\licmgr10.dll
2009-03-08 06:33 18,944 a------- c:\windows\system32\corpol.dll
2009-03-08 06:33 109,056 a------- c:\windows\system32\iesysprep.dll
2009-03-08 06:33 109,568 a------- c:\windows\system32\PDMSetup.exe
2009-03-08 06:33 132,608 a------- c:\windows\system32\ieUnatt.exe
2009-03-08 06:33 107,520 a------- c:\windows\system32\RegisterIEPKEYs.exe
2009-03-08 06:33 107,008 a------- c:\windows\system32\SetIEInstalledDate.exe
2009-03-08 06:33 103,936 a------- c:\windows\system32\SetDepNx.exe
2009-03-08 06:33 420,352 a------- c:\windows\system32\vbscript.dll
2009-03-08 06:32 72,704 a------- c:\windows\system32\admparse.dll
2009-03-08 06:32 71,680 a------- c:\windows\system32\iesetup.dll
2009-03-08 06:32 66,560 a------- c:\windows\system32\wextract.exe
2009-03-08 06:32 169,472 a------- c:\windows\system32\iexpress.exe
2009-03-08 06:31 34,816 a------- c:\windows\system32\imgutil.dll
2009-03-08 06:31 48,128 a------- c:\windows\system32\mshtmler.dll
2009-03-08 06:31 45,568 a------- c:\windows\system32\mshta.exe
2009-03-08 06:22 156,160 a------- c:\windows\system32\msls31.dll
2009-03-05 23:59 1,900,544 a------- c:\windows\system32\usbaaplrc.dll
2009-03-02 23:40 499,200 a------- c:\windows\system32\wbem\WmiPrvSD.dll
2009-03-02 23:40 129,024 a------- c:\windows\system32\wbem\WmiDcPrv.dll
2009-03-02 23:39 183,296 a------- c:\windows\system32\sdohlp.dll
2009-03-02 23:39 551,424 a------- c:\windows\system32\rpcss.dll
2009-03-02 23:39 26,112 a------- c:\windows\system32\printfilterpipelineprxy.dll
2009-03-02 23:37 3,600,880 a------- c:\windows\system32\ntkrnlpa.exe
2009-03-02 23:37 3,548,656 a------- c:\windows\system32\ntoskrnl.exe
2009-03-02 23:37 98,304 a------- c:\windows\system32\iasrecst.dll
2009-03-02 23:37 54,784 a------- c:\windows\system32\iasads.dll
2009-03-02 23:37 44,032 a------- c:\windows\system32\iasdatastore.dll
2009-03-02 23:36 615,424 a------- c:\windows\system32\wbem\fastprox.dll
2009-03-02 22:04 666,624 a------- c:\windows\system32\printfilterpipelinesvc.exe
2009-03-02 21:38 17,408 a------- c:\windows\system32\iashost.exe
2009-03-02 21:16 247,296 a------- c:\windows\system32\wbem\WmiPrvSE.exe
2008-01-20 21:57:01 A--SH--- 174 c:\program files\desktop.ini

============= FINISH: 11:08:55.80 ===============

Attached Files



#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:05:46 AM

Posted 01 June 2009 - 07:08 PM

Hi gotterfunken,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.

Please give me a little time to go through your log and I will get back to you with your first instructions. Don't worry I won't abandon you.
  • Please subscribe to this topic, if you haven't already, and wait for me to get back to you.
  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.
  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day then I will close the topic.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#5 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:05:46 AM

Posted 02 June 2009 - 03:21 PM

Hi gotterfunken,

The log looks clean to me however I always double check.

Firstly,

The log shows that you have been using so called peer-to-peer or file-sharing programmes (in your case BitTorrent and Soulseek). These programmes allow to share files between users as the name(s) suggest. In today's world the cyber crime has come a long way and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of their malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."

It is also important to note that sharing entertainment files and proprietary software infringes the copyright laws in many countries over the world and you are putting yourself at risk of being indicted through organisations watching over the rights of the authors of such files (i.e. the RIAA for music files, or the MPAA for movie files in the USA) or the authors of the files themselves.

Naturally there are also legal ways to use these services, such as downloading Linux distributions or office suites such as "Open Office."

and

Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This changed from what we know in 2006 read this article:

http://www.clickz.com/news/article.php/3561546

I suggest you remove the program now. Click on start > run > and then paste the following into the "open" field: appwiz.cpl and press OK. From within Add or Remove Programs uninstall the following if they exist: Viewpoint, Viewpoint Manager, Viewpoint Media Player.


Okay, let's do some deeper scanning.

We need to scan for Rootkits with GMER
  • Please download GMER from one of the following locations, and save it to your desktop:
    • Main Mirror
      This version will download a randomly named file (Recommended)
    • Zip Mirror
      This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Close any and all open programs, as this process may crash your computer.
  • Double click Posted Image or Posted Image on your desktop.
  • Allow the gmer.sys driver to load if asked.
  • You may see this window. If you do, click No.
    Posted Image
  • Click on Posted Image and wait for the scan to finish.
  • If you see a rootkit warning window, click OK.
  • Push Posted Image and save the logfile to your desktop.
  • Copy and Paste the contents of that file in your next post.


and then

Download and Run OTViewit
  • Please download OTViewIt by OldTimer.
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
  • OTViewIt.txt <-- Will be opened
  • Extra.txt <-- Will be minimized
Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:05:46 AM

Posted 05 June 2009 - 09:28 AM

Hi gotterfunken,

I have not had a reply from you for 3 days. Can you please tell me if you still need help with your computer as I am unable to help other members with their problems while I have your topic still open.

If you like you can PM me.

Thanks,


m0le
Posted Image
m0le is a proud member of UNITE

#7 gotterfunken

gotterfunken
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:46 AM

Posted 05 June 2009 - 09:32 AM

Hi m0le,
Apologies for being delayed on this! I'll get to it right away. Thanks so much for your help!

#8 gotterfunken

gotterfunken
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:46 AM

Posted 05 June 2009 - 10:05 AM

Hi m0le,

the GMER program crashed my computer 3 times...any thoughts?

I've copied and pasted the OTViewIt logs below. I shut down all my programs (including anti-spyware programs) and disconnected from the internet before running the scans...let me know if I need to do it differently.

Thanks again for your help! It's much appreciated.

=======================

OTViewIt logfile created on: 6/5/2009 9:57:35 AM - Run 2
OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Users\Dr. Josh\Desktop
Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys;

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 283.40 Gb Total Space | 114.55 Gb Free Space | 40.42% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 14.65 Gb Total Space | 9.00 Gb Free Space | 61.41% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DRJOSH-PC
Current User Name: Dr. Josh
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2008/01/20 21:33:13 | 00,096,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wininit.exe
[2008/01/20 21:33:15 | 00,229,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lsm.exe
[2008/12/14 23:13:46 | 00,241,746 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\stacsv.exe
[2008/01/20 21:34:50 | 02,623,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLsvc.exe
[2008/09/23 22:09:52 | 00,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
[2008/01/20 21:34:32 | 00,081,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwm.exe
[2008/12/14 23:13:30 | 00,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\AEstSrv.exe
[2009/03/06 00:04:30 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
[2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
[2008/01/20 21:34:32 | 00,169,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskeng.exe
[2008/06/05 19:07:00 | 00,518,696 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
[2009/03/22 11:38:08 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe
[2007/07/16 11:58:02 | 01,524,512 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
[2008/01/20 21:34:32 | 00,169,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskeng.exe
[2008/05/07 17:41:14 | 00,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
[2007/10/25 10:03:28 | 00,103,744 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe
[2008/05/22 20:50:00 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
[2008/05/22 20:50:00 | 00,054,608 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
[2003/06/19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
[2009/05/19 11:36:18 | 00,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
[2009/03/08 13:19:55 | 00,439,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchIndexer.exe
[2006/11/02 04:45:37 | 00,044,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rundll32.exe
[2007/10/25 10:05:40 | 00,136,512 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
[2008/01/20 21:33:24 | 00,037,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\unsecapp.exe
[2009/03/02 21:16:04 | 00,247,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\WmiPrvSE.exe
[2008/01/20 21:33:00 | 01,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
[2008/09/04 00:29:10 | 00,200,704 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
[2008/12/14 23:13:50 | 00,483,420 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
[2008/12/09 00:25:36 | 00,150,040 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxtray.exe
[2008/12/09 00:25:12 | 00,178,712 | ---- | M] (Intel Corporation) -- C:\Windows\System32\hkcmd.exe
[2008/12/09 00:25:20 | 00,154,136 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxpers.exe
[2008/08/27 00:29:00 | 01,662,032 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\quickset.exe
[2008/05/07 17:41:12 | 00,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
[2008/10/04 13:58:02 | 00,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
[2009/04/06 12:30:44 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
[2008/05/22 20:50:00 | 00,111,952 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
[2007/10/25 10:04:56 | 00,136,512 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\UdaterUI.exe
[2008/06/03 15:54:56 | 00,446,635 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe
[2008/01/20 21:32:56 | 01,233,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Sidebar\sidebar.exe
[2009/03/12 20:41:55 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Users\Dr. Josh\AppData\Local\Google\Update\GoogleUpdate.exe
[2008/01/20 21:35:20 | 00,202,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe
[2008/01/20 21:35:20 | 00,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe
[2008/12/09 00:25:34 | 00,256,536 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxsrvc.exe
[2007/10/25 15:06:00 | 00,086,016 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\Mctray.exe
[2008/09/04 00:29:10 | 00,046,376 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
[2008/09/04 00:29:10 | 00,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
[2008/09/04 00:29:18 | 00,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
[2008/10/04 13:58:04 | 00,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
[2009/03/08 13:19:54 | 00,184,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchProtocolHost.exe
[2009/03/08 13:19:54 | 00,184,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchProtocolHost.exe
[2009/03/08 13:19:54 | 00,087,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchFilterHost.exe
[2009/06/03 12:02:07 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Users\Dr. Josh\Desktop\OTViewIt.exe

========== (O23) Win32 Services ==========

[2008/12/14 23:13:30 | 00,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\AEstSrv.exe -- (AESTFilters [Auto | Running])
[2009/03/06 00:04:30 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
[2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
[2008/06/05 19:07:00 | 00,518,696 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe -- (btwdins [Auto | Running])
File not found -- -- (CertPropSvc [Unknown | Stopped])
[2008/07/27 13:03:13 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2007/07/16 11:58:02 | 01,524,512 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND [Auto | Running])
File not found -- -- (DcomLaunch [Unknown | Running])
[2008/01/20 21:33:11 | 02,091,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dfsr.exe -- (DFSR [On_Demand | Stopped])
[2008/09/23 22:09:52 | 00,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService [Auto | Running])
[2008/01/20 21:34:19 | 00,134,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dps.dll -- (DPS [Unknown | Running])
[2008/06/19 20:14:44 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
[2009/03/08 11:01:36 | 00,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist [On_Demand | Stopped])
[2009/03/22 11:38:08 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1c9ab0c9fe741a0 [Auto | Stopped])
[2009/05/16 18:34:40 | 00,183,280 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [Auto | Stopped])
[2008/05/07 17:41:14 | 00,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON [Auto | Running])
[2009/04/02 16:10:56 | 00,656,168 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Stopped])
[2009/05/27 13:12:51 | 01,005,904 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service [Auto | Stopped])
[2007/10/25 10:03:28 | 00,103,744 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework [Auto | Running])
[2008/05/22 20:50:00 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe -- (McShield [Auto | Paused])
[2008/05/22 20:50:00 | 00,054,608 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe -- (McTaskManager [Auto | Running])
[2003/06/19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\VS7DEBUG\MDM.EXE -- (MDM [Auto | Running])
[2006/11/02 08:01:50 | 00,000,000 | ---D | M] -- C:\Windows\System32\Msdtc -- (MSDTC [Unknown | Stopped])
[2008/06/19 20:14:31 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
[2003/07/28 12:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
[2008/01/20 21:34:01 | 00,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SCardSvr.dll -- (SCardSvr [Unknown | Stopped])
File not found -- -- (Schedule [Unknown | Running])
File not found -- -- (SCPolicySvc [Unknown | Stopped])
[2009/01/07 13:40:56 | 00,348,752 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService [On_Demand | Stopped])
[2009/01/21 14:08:06 | 01,095,560 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService [On_Demand | Stopped])
[2009/05/19 11:36:18 | 00,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort [Auto | Running])
[2008/01/20 21:34:50 | 02,623,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLsvc.exe -- (slsvc [Auto | Running])
[2006/11/02 04:45:46 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\snmptrap.exe -- (SNMPTRAP [On_Demand | Stopped])
[2008/10/04 13:58:04 | 00,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter [Auto | Running])
[2008/12/14 23:13:46 | 00,241,746 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\stacsv.exe -- (STacSV [Auto | Running])
[2008/03/24 07:35:22 | 00,074,384 | R--- | M] (MicroVision Development, Inc.) -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- (stllssvr [On_Demand | Stopped])
[2008/01/20 21:33:45 | 00,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\UI0Detect.exe -- (UI0Detect [On_Demand | Stopped])
[2008/01/20 21:34:50 | 00,382,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vds.exe -- (vds [On_Demand | Stopped])
File not found -- -- (WdiServiceHost [Unknown | Stopped])
File not found -- -- (WdiSystemHost [Unknown | Running])
[2008/01/20 21:35:20 | 00,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Running])
[2009/03/08 13:19:55 | 00,439,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchIndexer.exe -- (WSearch [Auto | Running])
[2006/11/02 04:45:37 | 00,044,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rundll32.exe -- (yksvc [Auto | Running])

========== Driver Services ==========

[2008/01/20 21:32:46 | 00,422,968 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\adp94xx.sys -- (adp94xx [Disabled | Stopped])
[2008/01/20 21:32:51 | 00,300,600 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\adpahci.sys -- (adpahci [Disabled | Stopped])
[2008/01/20 21:32:52 | 00,101,432 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\adpu160m.sys -- (adpu160m [Disabled | Stopped])
[2008/01/20 21:32:53 | 00,149,560 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\adpu320.sys -- (adpu320 [Disabled | Stopped])
[2006/11/02 04:50:11 | 00,071,272 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\djsvs.sys -- (aic78xx [Disabled | Stopped])
[2008/01/20 21:32:21 | 00,017,464 | ---- | M] (Acer Laboratories Inc.) -- C:\Windows\System32\drivers\aliide.sys -- (aliide [Disabled | Stopped])
[2008/01/20 21:32:22 | 00,057,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\AMDAGP.SYS -- (amdagp [On_Demand | Stopped])
[2008/01/20 21:32:21 | 00,017,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\amdide.sys -- (amdide [Disabled | Stopped])
[2008/01/20 21:32:21 | 00,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\amdk7.sys -- (AmdK7 [Disabled | Stopped])
[2008/01/20 21:32:21 | 00,044,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\amdk8.sys -- (AmdK8 [Disabled | Stopped])
[2008/09/04 00:29:08 | 00,170,032 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService [On_Demand | Running])
[2008/01/20 21:32:49 | 00,079,416 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\arc.sys -- (arc [Disabled | Stopped])
[2008/01/20 21:32:50 | 00,079,928 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\arcsas.sys -- (arcsas [Disabled | Stopped])
[2008/01/20 21:32:22 | 00,045,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive [Disabled | Stopped])
[2008/01/20 21:33:26 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\bowser.sys -- (bowser [On_Demand | Running])
[2006/11/02 03:24:45 | 00,013,568 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\System32\drivers\BrFiltLo.sys -- (BrFiltLo [On_Demand | Stopped])
[2006/11/02 03:24:46 | 00,005,248 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\System32\drivers\BrFiltUp.sys -- (BrFiltUp [On_Demand | Stopped])
[2006/11/02 03:25:24 | 00,071,808 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\BrSerId.sys -- (Brserid [Disabled | Stopped])
[2006/11/02 03:24:44 | 00,062,336 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\BrSerWdm.sys -- (BrSerWdm [Disabled | Stopped])
[2006/11/02 03:24:44 | 00,012,160 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\BrUsbMdm.sys -- (BrUsbMdm [Disabled | Stopped])
[2006/11/02 03:24:47 | 00,011,904 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\BrUsbSer.sys -- (BrUsbSer [On_Demand | Stopped])
[2009/03/08 13:06:39 | 00,019,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\bthenum.sys -- (BthEnum [On_Demand | Stopped])
[2006/11/02 03:55:23 | 00,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\bthmodem.sys -- (BTHMODEM [Disabled | Stopped])
[2008/01/20 21:32:45 | 00,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\bthpan.sys -- (BthPan [On_Demand | Stopped])
[2009/03/08 13:06:39 | 00,220,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\bthport.sys -- (BthPort [On_Demand | Stopped])
[2009/03/08 13:06:39 | 00,029,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\BTHUSB.SYS -- (BTHUSB [On_Demand | Stopped])
[2008/06/12 00:59:24 | 00,081,960 | ---- | M] (Broadcom Corporation.) -- C:\Windows\System32\drivers\btwaudio.sys -- (btwaudio [On_Demand | Stopped])
[2008/06/12 00:59:26 | 00,100,392 | ---- | M] (Broadcom Corporation.) -- C:\Windows\System32\drivers\btwavdt.sys -- (btwavdt [On_Demand | Stopped])
[2008/06/12 00:59:28 | 00,029,736 | ---- | M] (Broadcom Corporation.) -- C:\Windows\System32\drivers\btwl2cap.sys -- (btwl2cap [On_Demand | Stopped])
[2008/06/12 00:59:32 | 00,017,320 | ---- | M] (Broadcom Corporation.) -- C:\Windows\System32\drivers\btwrchid.sys -- (btwrchid [On_Demand | Stopped])
[2008/01/20 21:32:51 | 00,035,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\circlass.sys -- (circlass [Disabled | Stopped])
[2009/03/08 12:59:54 | 00,246,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\clfs.sys -- (CLFS [Unknown | Running])
[2008/01/20 21:32:21 | 00,019,000 | ---- | M] (CMD Technology, Inc.) -- C:\Windows\System32\drivers\cmdide.sys -- (cmdide [Disabled | Stopped])
[2008/01/20 21:32:48 | 00,024,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\crcdisk.sys -- (crcdisk [Boot | Running])
[2008/01/20 21:32:21 | 00,040,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\crusoe.sys -- (Crusoe [Disabled | Stopped])
[2007/01/18 15:28:02 | 00,005,275 | ---- | M] (Cisco Systems, Inc.) -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA [On_Demand | Stopped])
[2007/07/16 11:57:12 | 00,306,299 | ---- | M] (Cisco Systems, Inc.) -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA [Auto | Running])
[2008/01/20 21:34:44 | 00,075,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\dfsc.sys -- (DfsC [System | Running])
[2007/01/31 13:45:06 | 00,127,376 | ---- | M] (Deterministic Networks, Inc.) -- C:\Windows\System32\drivers\dne2000.sys -- (DNE [On_Demand | Running])
[2009/03/08 13:19:24 | 00,625,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgkrnl.sys -- (DXGKrnl [On_Demand | Running])
[2008/01/20 21:32:51 | 00,220,672 | ---- | M] (Intel Corporation) -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express [On_Demand | Stopped])
[2008/01/20 21:32:50 | 00,118,784 | ---- | M] (Intel Corporation) -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60 [On_Demand | Stopped])
[2008/01/20 21:33:07 | 00,143,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ecache.sys -- (Ecache [Boot | Running])
[2008/01/20 21:32:48 | 00,342,584 | ---- | M] (Emulex) -- C:\Windows\System32\drivers\elxstor.sys -- (elxstor [Disabled | Stopped])
[2008/01/20 21:32:21 | 00,006,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\errdev.sys -- (ErrDev [Disabled | Stopped])
[2008/01/20 21:34:54 | 00,136,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\exfat.sys -- (exfat [On_Demand | Stopped])
[2008/01/20 21:33:40 | 00,058,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\fileinfo.sys -- (FileInfo [Boot | Running])
[2008/01/20 21:34:01 | 00,027,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\filetrace.sys -- (Filetrace [On_Demand | Stopped])
[2008/01/20 21:32:47 | 00,061,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\GAGP30KX.SYS -- (gagp30kx [On_Demand | Stopped])
[2009/03/19 16:32:48 | 00,023,400 | ---- | M] (GEAR Software Inc.) -- C:\Windows\System32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
[2008/01/20 21:32:47 | 00,053,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\hdaudbus.sys -- (HDAudBus [On_Demand | Running])
[2006/11/02 03:55:22 | 00,029,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidbth.sys -- (HidBth [Disabled | Stopped])
[2006/11/02 03:55:01 | 00,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidir.sys -- (HidIr [Disabled | Stopped])
[2008/01/20 21:32:52 | 00,040,504 | ---- | M] (Hewlett-Packard Company) -- C:\Windows\System32\drivers\HpCISSs.sys -- (HpCISSs [Disabled | Stopped])
[2008/09/01 05:15:54 | 00,317,976 | ---- | M] (Intel Corporation) -- C:\Windows\System32\drivers\iaStor.sys -- (iaStor [Boot | Running])
[2008/01/20 21:32:49 | 00,235,064 | ---- | M] (Intel Corporation) -- C:\Windows\System32\drivers\iaStorV.sys -- (iaStorV [Disabled | Stopped])
[2008/12/09 00:25:14 | 02,473,472 | ---- | M] (Intel Corporation) -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx [On_Demand | Running])
[2006/11/02 04:50:17 | 00,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) -- C:\Windows\System32\drivers\iirsp.sys -- (iirsp [Disabled | Stopped])
[2008/01/20 21:32:48 | 00,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\IPMIDrv.sys -- (IPMIDRV [Disabled | Stopped])
[2008/01/20 21:32:22 | 00,181,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msiscsi.sys -- (iScsiPrt [On_Demand | Running])
[2006/11/02 04:50:07 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\System32\drivers\iteatapi.sys -- (iteatapi [Disabled | Stopped])
[2006/11/02 04:50:09 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\System32\drivers\iteraid.sys -- (iteraid [Disabled | Stopped])
[2008/01/20 21:32:49 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\kbdhid.sys -- (kbdhid [System | Running])
[2009/05/03 12:05:27 | 00,064,160 | ---- | M] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys -- (Lbd [Boot | Running])
[2008/01/20 21:34:21 | 00,047,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\lltdio.sys -- (lltdio [Auto | Running])
[2008/01/20 21:32:49 | 00,096,312 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\lsi_fc.sys -- (LSI_FC [Disabled | Stopped])
[2008/01/20 21:32:51 | 00,089,656 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\lsi_sas.sys -- (LSI_SAS [Disabled | Stopped])
[2008/01/20 21:32:48 | 00,096,312 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\lsi_scsi.sys -- (LSI_SCSI [Disabled | Stopped])
[2008/01/20 21:34:22 | 00,084,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\luafv.sys -- (luafv [Auto | Running])
[2008/01/20 21:32:53 | 00,031,288 | ---- | M] (LSI Corporation) -- C:\Windows\System32\drivers\megasas.sys -- (megasas [Disabled | Stopped])
[2008/01/20 21:32:52 | 00,386,616 | ---- | M] (LSI Corporation, Inc.) -- C:\Windows\System32\drivers\MegaSR.sys -- (MegaSR [Disabled | Stopped])
[2008/05/22 20:50:00 | 00,064,232 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfeapfk.sys -- (mfeapfk [On_Demand | Running])
[2008/05/22 20:50:00 | 00,072,936 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk [On_Demand | Running])
[2008/05/22 20:50:00 | 00,033,960 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk [On_Demand | Running])
[2008/05/22 20:50:00 | 00,174,952 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk [On_Demand | Running])
[2008/05/22 20:50:00 | 00,052,104 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfetdik.sys -- (mfetdik [System | Stopped])
[2008/01/20 21:32:47 | 00,041,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\monitor.sys -- (monitor [On_Demand | Running])
[2008/01/20 21:32:45 | 00,105,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mpio.sys -- (mpio [Disabled | Stopped])
[2008/01/20 21:34:35 | 00,064,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mpsdrv.sys -- (mpsdrv [On_Demand | Running])
[2006/11/02 04:49:59 | 00,033,384 | ---- | M] (LSI Logic Corporation) -- C:\Windows\System32\drivers\Mraid35x.sys -- (Mraid35x [Disabled | Stopped])
[2009/03/08 13:03:13 | 00,212,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb10.sys -- (mrxsmb10 [On_Demand | Running])
[2008/01/20 21:34:15 | 00,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb20.sys -- (mrxsmb20 [On_Demand | Running])
[2009/03/08 12:59:41 | 00,028,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msahci.sys -- (msahci [Disabled | Stopped])
[2008/01/20 21:32:47 | 00,094,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msdsm.sys -- (msdsm [Disabled | Stopped])
[2008/01/20 21:32:22 | 00,016,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msisadrv.sys -- (msisadrv [Boot | Running])
[2008/01/20 21:34:07 | 00,163,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msrpc.sys -- (MsRPC [On_Demand | Stopped])
[2009/03/08 13:19:24 | 00,148,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\nwifi.sys -- (NativeWifiP [On_Demand | Running])
[2008/07/04 00:35:48 | 03,663,360 | ---- | M] (Intel Corporation) -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32 [On_Demand | Running])
[2006/11/02 04:50:19 | 00,045,160 | ---- | M] (IBM Corporation) -- C:\Windows\System32\drivers\nfrd960.sys -- (nfrd960 [Disabled | Stopped])
[2008/01/20 21:34:35 | 00,016,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\nsiproxy.sys -- (nsiproxy [System | Running])
[2006/11/02 02:36:50 | 00,020,608 | ---- | M] (N-trig Innovative Technologies) -- C:\Windows\System32\drivers\ntrigdigi.sys -- (ntrigdigi [Disabled | Stopped])
[2008/01/20 21:32:47 | 00,102,968 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvraid.sys -- (nvraid [Disabled | Stopped])
[2008/01/20 21:32:47 | 00,045,112 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvstor.sys -- (nvstor [Disabled | Stopped])
[2008/01/20 21:32:22 | 00,109,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\NV_AGP.SYS -- (nv_agp [On_Demand | Stopped])
[2009/03/06 07:30:08 | 00,133,632 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\System32\drivers\OA009Ufd.sys -- (OA009Ufd [On_Demand | Running])
[2009/03/19 17:02:00 | 00,271,552 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\System32\drivers\OA009Vid.sys -- (OA009Vid [On_Demand | Running])
[2009/03/06 16:45:06 | 00,130,424 | ---- | M] (PC Tools) -- C:\Windows\System32\drivers\PCTCore.sys -- (PCTCore [Boot | Running])
[2006/11/02 04:04:35 | 00,878,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\PEAuth.sys -- (PEAUTH [Auto | Running])
[2009/03/08 13:04:41 | 00,072,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\pacer.sys -- (PSched [System | Running])
[2008/08/20 12:58:58 | 00,044,944 | ---- | M] (Sonic Solutions) -- C:\Windows\System32\drivers\pxhelp20.sys -- (PxHelp20 [Boot | Running])
[2008/01/20 21:32:50 | 01,122,360 | ---- | M] (QLogic Corporation) -- C:\Windows\System32\drivers\ql2300.sys -- (ql2300 [Disabled | Stopped])
[2006/11/02 04:50:35 | 00,106,088 | ---- | M] (QLogic Corporation) -- C:\Windows\System32\drivers\ql40xx.sys -- (ql40xx [Disabled | Stopped])
[2008/01/20 21:32:58 | 00,031,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\qwavedrv.sys -- (QWAVEdrv [On_Demand | Stopped])
[2006/11/02 02:36:43 | 02,028,032 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\System32\drivers\atikmdag.sys -- (R300 [On_Demand | Stopped])
[2008/01/20 21:34:56 | 00,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\rassstp.sys -- (RasSstp [On_Demand | Running])
[2008/01/20 21:34:38 | 00,006,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\RDPENCDD.sys -- (RDPENCDD [System | Running])
[2009/03/08 12:59:20 | 00,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\rfcomm.sys -- (RFCOMM [On_Demand | Stopped])
[2008/01/20 21:34:21 | 00,060,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\rspndr.sys -- (rspndr [Auto | Running])
[2009/03/26 08:00:02 | 00,064,000 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\System32\drivers\RTSTOR.sys -- (RTSTOR [On_Demand | Running])
[2006/11/02 04:50:16 | 00,076,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sbp2port.sys -- (sbp2port [Disabled | Stopped])
[2006/11/02 01:37:21 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv [Auto | Running])
[2008/01/20 21:32:45 | 00,019,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sermouse.sys -- (sermouse [Disabled | Stopped])
[2008/01/20 21:32:49 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sffdisk.sys -- (sffdisk [Disabled | Stopped])
[2008/01/20 21:32:49 | 00,012,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sffp_mmc.sys -- (sffp_mmc [On_Demand | Stopped])
[2008/01/20 21:32:49 | 00,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sffp_sd.sys -- (sffp_sd [On_Demand | Stopped])
[2008/01/20 21:32:22 | 00,055,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\SISAGP.SYS -- (sisagp [On_Demand | Stopped])
[2008/01/20 21:32:51 | 00,041,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sisraid2.sys -- (SiSRaid2 [Disabled | Stopped])
[2008/01/20 21:32:52 | 00,074,808 | ---- | M] (Silicon Integrated Systems) -- C:\Windows\System32\drivers\sisraid4.sys -- (SiSRaid4 [Disabled | Stopped])
[2008/01/20 21:34:49 | 00,066,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\smb.sys -- (Smb [System | Running])
[2008/01/20 21:33:48 | 00,021,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\spldr.sys -- (spldr [Boot | Running])
[2008/01/20 21:34:49 | 00,144,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\srv2.sys -- (srv2 [On_Demand | Running])
[2008/01/20 21:33:17 | 00,098,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\srvnet.sys -- (srvnet [On_Demand | Running])
[2008/12/14 23:13:54 | 00,393,216 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA [On_Demand | Running])
[2006/11/02 04:50:05 | 00,035,944 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\symc8xx.sys -- (Symc8xx [Disabled | Stopped])
[2006/11/02 04:49:56 | 00,031,848 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\sym_hi.sys -- (Sym_hi [Disabled | Stopped])
[2006/11/02 04:50:03 | 00,034,920 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\sym_u3.sys -- (Sym_u3 [Disabled | Stopped])
[2008/01/20 21:33:13 | 00,030,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tcpipreg.sys -- (tcpipreg [Auto | Running])
[2008/01/20 21:34:42 | 00,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tdx.sys -- (tdx [System | Running])
[2008/01/20 21:34:49 | 00,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tssecsrv.sys -- (tssecsrv [On_Demand | Stopped])
[2008/01/20 21:34:06 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\TUNMP.SYS -- (tunmp [On_Demand | Running])
[2008/01/20 21:34:06 | 00,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tunnel.sys -- (tunnel [On_Demand | Running])
[2008/01/20 21:32:47 | 00,059,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\UAGP35.SYS -- (uagp35 [On_Demand | Stopped])
[2008/01/20 21:32:22 | 00,060,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ULIAGPKX.SYS -- (uliagpkx [On_Demand | Stopped])
[2008/01/20 21:32:45 | 00,238,648 | ---- | M] (ULi Electronics Inc.) -- C:\Windows\System32\drivers\uliahci.sys -- (uliahci [Disabled | Stopped])
[2006/11/02 04:50:35 | 00,098,408 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\System32\drivers\ulsata.sys -- (UlSata [Disabled | Stopped])
[2008/01/20 21:32:49 | 00,115,816 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\System32\drivers\ulsata2.sys -- (ulsata2 [Disabled | Stopped])
[2008/01/20 21:32:48 | 00,034,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\umbus.sys -- (umbus [On_Demand | Running])
[2009/03/05 23:59:00 | 00,036,864 | ---- | M] (Apple, Inc.) -- C:\Windows\System32\drivers\usbaapl.sys -- (USBAAPL [On_Demand | Stopped])
[2006/11/02 03:55:09 | 00,068,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbcir.sys -- (usbcir [Disabled | Stopped])
[2008/01/20 21:32:23 | 00,026,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\vgapnp.sys -- (vga [On_Demand | Stopped])
[2008/01/20 21:32:21 | 00,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\viac7.sys -- (ViaC7 [Disabled | Stopped])
[2008/01/20 21:32:21 | 00,020,024 | ---- | M] (VIA Technologies, Inc.) -- C:\Windows\System32\drivers\viaide.sys -- (viaide [Disabled | Stopped])
[2008/01/20 21:32:22 | 00,052,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\volmgr.sys -- (volmgr [Boot | Running])
[2008/01/20 21:34:08 | 00,294,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\volmgrx.sys -- (volmgrx [Boot | Running])
[2008/01/20 21:32:49 | 00,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) -- C:\Windows\System32\drivers\vsmraid.sys -- (vsmraid [Disabled | Stopped])
[2006/11/02 03:52:52 | 00,020,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\wacompen.sys -- (WacomPen [Disabled | Stopped])
[2008/01/20 21:32:50 | 00,022,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\wd.sys -- (Wd [Disabled | Stopped])
[2008/01/20 21:33:23 | 00,503,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\Wdf01000.sys -- (Wdf01000 [Boot | Running])
[2008/01/20 21:32:21 | 00,011,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\wmiacpi.sys -- (WmiAcpi [On_Demand | Running])
[2008/01/20 21:34:35 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ws2ifsl.sys -- (ws2ifsl [Disabled | Stopped])
[2008/09/01 05:19:40 | 00,304,128 | ---- | M] (Marvell) -- C:\Windows\System32\drivers\yk60x86.sys -- (yukonwlh [On_Demand | Running])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=C:\Windows\System32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://g.msn.com/USCON/1
"Local Page"=C:\Windows\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Start Page"=http://google.com/
"StartPageCache"=

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\Windows\System32\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\Windows\System32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\Windows\System32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3966021205-2984334215-164664013-1001\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://g.msn.com/USCON/1
"Local Page"=C:\Windows\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Start Page"=http://google.com/
"StartPageCache"=

[HKEY_USERS\S-1-5-21-3966021205-2984334215-164664013-1001\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\Windows\System32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3966021205-2984334215-164664013-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

========== (O1) Hosts File ==========

HOSTS File = (761 bytes) - C:\Windows\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost
::1 localhost

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} (HKLM) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
{5C255C8A-E604-49b4-9D64-90988571CECB} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} (HKLM) -- C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
{7DB2D5A0-7241-4E79-B68D-6309F01C5231} (HKLM) -- C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll (McAfee, Inc.)
{9030D464-4C02-4ABF-8ECC-5164760863C6} (HKLM) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (HKLM) -- C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
{DBC80044-A445-435b-BC74-9C25C1C588A9} (HKLM) -- C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
{E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} (HKLM) -- C:\Program Files\Google\Google Gears\Internet Explorer\0.5.21.0\gears.dll (Google Inc.)
{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} (HKLM) -- C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{21FA44EF-376D-4D53-9B0F-8A89D3229068}" (HKLM) -- C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{21FA44EF-376D-4D53-9B0F-8A89D3229068}" (HKLM) -- C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3966021205-2984334215-164664013-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{21FA44EF-376D-4D53-9B0F-8A89D3229068}" (HKLM) -- C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
"Ad-Watch"=C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
"Apoint"=C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
"Dell Webcam Central"="C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe" /mode2 (Creative Technology Ltd.)
"dellsupportcenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter (SupportSoft, Inc.)
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe (Intel Corporation)
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
"IgfxTray"=C:\Windows\system32\igfxtray.exe (Intel Corporation)
"McAfeeUpdaterUI"="C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey (McAfee, Inc.)
"Persistence"=C:\Windows\system32\igfxpers.exe (Intel Corporation)
"QuickSet"=C:\Program Files\Dell\QuickSet\QuickSet.exe (Dell Inc.)
"ShStatEXE"="C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE (McAfee, Inc.)
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
"SysTrayApp"=%ProgramFiles%\IDT\WDM\sttray.exe (IDT, Inc.)
"Windows Defender"=%ProgramFiles%\Windows Defender\MSASCui.exe -hide (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="C:\Users\Dr. Josh\AppData\Local\Google\Update\GoogleUpdate.exe" /c File not found
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (Microsoft Corporation)

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=%ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (Microsoft Corporation)
"WindowsWelcomeCenter"=rundll32.exe oobefldr.dll,ShowWelcomeCenter (Microsoft Corporation)

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=%ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (Microsoft Corporation)
"WindowsWelcomeCenter"=rundll32.exe oobefldr.dll,ShowWelcomeCenter (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3966021205-2984334215-164664013-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="C:\Users\Dr. Josh\AppData\Local\Google\Update\GoogleUpdate.exe" /c File not found
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (Microsoft Corporation)

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"ConsentPromptBehaviorAdmin"=2
"ConsentPromptBehaviorUser"=1
"EnableInstallerDetection"=1
"EnableLUA"=1
"EnableSecureUIAPaths"=1
"EnableVirtualization"=1
"PromptOnSecureDesktop"=1
"ValidateAdminCodeSignatures"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"scforceoption"=0
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"FilterAdministratorToken"=0
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats]
"CF_TEXT"=1
"CF_BITMAP"=2
"CF_OEMTEXT"=7
"CF_DIB"=8
"CF_PALETTE"=9
"CF_UNICODETEXT"=13
"CF_DIBV5"=17

========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
Add to Google Photos Screensa&ver: C:\Windows\System32\GPhotos.scr [2009/04/08 16:25:00 | 03,366,912 | ---- | M] (Google Inc.)
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2009/03/02 15:09:56 | 10,351,440 | ---- | M] (Microsoft Corporation)
Send image to &Bluetooth Device...: C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm [2008/02/13 12:29:12 | 00,001,225 | ---- | M] ()
Send page to &Bluetooth Device...: C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm [2008/02/13 12:29:10 | 00,002,784 | ---- | M] ()

[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2009/03/02 15:09:56 | 10,351,440 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2009/03/02 15:09:56 | 10,351,440 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\MenuExt\]
Add to Google Photos Screensa&ver: C:\Windows\System32\GPhotos.scr [2009/04/08 16:25:00 | 03,366,912 | ---- | M] (Google Inc.)

[HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\MenuExt\]
Add to Google Photos Screensa&ver: C:\Windows\System32\GPhotos.scr [2009/04/08 16:25:00 | 03,366,912 | ---- | M] (Google Inc.)

[HKEY_USERS\S-1-5-21-3966021205-2984334215-164664013-1001\Software\Microsoft\Internet Explorer\MenuExt\]
Add to Google Photos Screensa&ver: C:\Windows\System32\GPhotos.scr [2009/04/08 16:25:00 | 03,366,912 | ---- | M] (Google Inc.)
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2009/03/02 15:09:56 | 10,351,440 | ---- | M] (Microsoft Corporation)
Send image to &Bluetooth Device...: C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm [2008/02/13 12:29:12 | 00,001,225 | ---- | M] ()
Send page to &Bluetooth Device...: C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm [2008/02/13 12:29:10 | 00,002,784 | ---- | M] ()

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5}: Menu: &Gears Settings -- %ProgramFiles%\Google\Google Gears\Internet Explorer\0.5.21.0\gears.dll [2009/05/19 12:03:20 | 02,097,152 | ---- | M] (Google Inc.)
{219C3416-8CB2-491a-A3C7-D9FCDDC9D600}: Button: Blog This -- %ProgramFiles%\Windows Live\Writer\WriterBrowserExtension.dll [2008/12/02 22:27:36 | 00,187,224 | ---- | M] (Microsoft Corporation)
{219C3416-8CB2-491a-A3C7-D9FCDDC9D600}: Menu: &Blog This in Windows Live Writer -- %ProgramFiles%\Windows Live\Writer\WriterBrowserExtension.dll [2008/12/02 22:27:36 | 00,187,224 | ---- | M] (Microsoft Corporation)
{92780B25-18CC-41C8-B9BE-3C9C571A8263}: Button: Research -- %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [2007/04/19 14:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation)
{CCA281CA-C863-46ef-9331-5C8D4460577F}: Button: @btrez.dll,-4015 -- %ProgramFiles%\WIDCOMM\Bluetooth Software\btsendto_ie.htm [2008/02/13 12:29:10 | 00,002,784 | ---- | M] ()
{CCA281CA-C863-46ef-9331-5C8D4460577F}: Menu: @btrez.dll,-12650 -- %ProgramFiles%\WIDCOMM\Bluetooth Software\btsendto_ie.htm [2008/02/13 12:29:10 | 00,002,784 | ---- | M] ()

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{CCA281CA-C863-46ef-9331-5C8D4460577F} [HKLM] -> [@btrez.dll,-4015] -> File not found

[HKEY_USERS\S-1-5-21-3966021205-2984334215-164664013-1001\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{CCA281CA-C863-46ef-9331-5C8D4460577F} [HKLM] -> [@btrez.dll,-4015] -> File not found

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
93 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
48 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-21-3966021205-2984334215-164664013-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
48 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_13
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_13
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_13
{CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}: http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab -- Reg Error: Key does not exist or could not be opened.

========== (O17) DNS Name Servers ==========

{1F602C06-D589-4ED8-BBC5-865746DD8FF4} (Servers: | Description: Intel® WiFi Link 5100)
{31EA5B79-F945-4E9C-8C11-21110A6B9093} (Servers: | Description: )
{3FB07094-CEBF-4111-98C5-F115D552BF0B} (Servers: | Description: )
{9065AEA5-08FC-4C9A-B4D0-203DBE2B779A} (Servers: | Description: Marvell Yukon 88E8040 PCI-E Fast Ethernet Controller)

========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
GoToAssist: "DllName" = C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll -- C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
igfxcui: "DllName" = igfxdev.dll -- C:\Windows\System32\igfxdev.dll (Intel Corporation)

========== HKLM *SecurityProviders* ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders]
"SecurityProviders"=credssp.dll
>[2008/01/20 21:34:21 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\credssp.dll

========== LSA *Security Packages* ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Security Packages"=kerberos,msv1_0,schannel,wdigest,tspkg,
>[2008/01/20 21:34:21 | 00,062,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\TSpkg.dll

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

autoexec.bat [REM Dummy file for NTVDM | ]
[2006/09/18 16:43:36 | 00,000,024 | ---- | M] () -- C:\autoexec.bat -- [ NTFS ]

========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{57a90a05-0bcb-11de-a9a9-806e6f6e6963}\Shell]
""=AutoRun


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{57a90a05-0bcb-11de-a9a9-806e6f6e6963}\Shell\AutoRun\command]
""=F:\AUTORUN.EXE -- File not found


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a4c6f911-0f62-11de-9210-00234decb639}\Shell\AutoRun\command]
""=wdsync.exe


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\Shell\AutoRun\command]
""=wdsync.exe

========== Files/Folders - Created Within 30 Days ==========

[4 C:\Windows\*.tmp files]
[2 C:\ProgramData\*.tmp files]
[2009/06/05 09:53:40 | 00,286,208 | ---- | C] () -- C:\Users\Dr. Josh\Desktop\u545d9m1.exe
[2009/06/05 09:43:59 | 00,000,000 | ---D | C] -- C:\Windows\Minidump
[2009/06/05 09:43:30 | 30,829,6195 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2009/06/05 09:30:56 | 00,081,664 | ---- | C] (GMER) -- C:\inyafakj.sys
[2009/06/03 12:02:02 | 00,422,912 | ---- | C] (OldTimer Tools) -- C:\Users\Dr. Josh\Desktop\OTViewIt.exe
[2009/06/02 10:54:13 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2009/06/02 10:53:05 | 00,001,889 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2009/06/02 10:52:35 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2009/05/31 15:00:43 | 00,057,344 | ---- | C] () -- C:\Users\Dr. Josh\Documents\Music and lit.doc
[2009/05/31 14:13:48 | 00,036,352 | ---- | C] () -- C:\Users\Dr. Josh\Documents\Write a paper.doc
[2009/05/30 18:13:08 | 00,000,000 | ---D | C] -- C:\Users\Dr. Josh\AppData\Roaming\vlc
[2009/05/30 18:12:13 | 00,000,861 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2009/05/30 18:12:03 | 00,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2009/05/29 19:06:18 | 00,147,695 | ---- | C] () -- C:\Users\Dr. Josh\Documents\bookmarks.html
[2009/05/29 09:45:42 | 00,000,000 | ---D | C] -- C:\ProgramData\Soulseek
[2009/05/29 09:44:57 | 00,000,000 | ---D | C] -- C:\Program Files\SoulseekNS
[2009/05/27 08:57:14 | 00,000,954 | ---- | C] () -- C:\Users\Public\Desktop\Yahoo! Messenger.lnk
[2009/05/19 11:39:37 | 00,000,000 | ---D | C] -- C:\Users\Dr. Josh\Documents\Academic AV
[2009/05/17 11:15:59 | 00,000,000 | ---D | C] -- C:\Users\Dr. Josh\AppData\Roaming\Foxit
[2009/05/17 11:15:58 | 00,000,000 | ---D | C] -- C:\Program Files\Foxit Software
[2009/05/17 11:14:21 | 00,000,000 | ---D | C] -- C:\Users\Dr. Josh\Documents\Updater5
[2009/05/17 09:59:19 | 00,000,000 | ---D | C] -- C:\ProgramData\NOS
[2009/05/17 09:59:19 | 00,000,000 | ---D | C] -- C:\Program Files\NOS
[2009/05/17 08:27:16 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Installer Clean Up
[2009/05/17 08:26:38 | 00,000,000 | ---D | C] -- C:\Program Files\MSECACHE
[2009/05/17 08:05:24 | 00,000,000 | ---D | C] -- C:\Windows\pss
[2009/05/16 18:43:00 | 00,000,000 | ---D | C] -- C:\ProgramData\Symantec
[2009/05/16 18:37:58 | 00,159,600 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctgntdi.sys
[2009/05/16 18:37:51 | 00,130,424 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTCore.sys
[2009/05/16 18:37:51 | 00,073,840 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTAppEvent.sys
[2009/05/16 18:37:38 | 00,064,392 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctplsg.sys
[2009/05/16 18:37:38 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2009/05/16 18:37:23 | 00,000,000 | ---D | C] -- C:\Users\Dr. Josh\AppData\Roaming\PC Tools
[2009/05/16 18:37:23 | 00,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2009/05/16 18:37:23 | 00,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2009/05/16 18:36:03 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2009/05/16 18:36:02 | 00,000,414 | ---- | C] () -- C:\Windows\tasks\Norton Security Scan for Dr. Josh.job
[2009/05/16 18:35:53 | 00,000,000 | ---D | C] -- C:\Program Files\Norton Security Scan
[2009/05/16 17:19:03 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/05/15 22:21:27 | 00,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2009/05/15 14:55:08 | 00,000,280 | -HS- | C] () -- C:\Users\Public\Documents\desktop.ini
[2009/05/13 10:25:56 | 00,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2009/05/13 10:25:56 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2009/05/13 10:25:51 | 00,001,744 | ---- | C] () -- C:\Users\Dr. Josh\Desktop\Mozilla Firefox.lnk
[2009/05/09 16:30:04 | 00,182,784 | ---- | C] () -- C:\Users\Dr. Josh\Documents\Joyce chapter, revising for JJQ.doc
[2009/05/08 17:20:06 | 00,000,000 | ---D | C] -- C:\Users\Dr. Josh\AppData\Roaming\DivX
[2009/05/08 17:19:36 | 00,000,000 | ---D | C] -- C:\Program Files\DivX
[2009/05/08 17:19:36 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared
[2009/05/08 10:31:52 | 00,818,818 | ---- | C] () -- C:\Users\Dr. Josh\Documents\space between society poster.pdf
[2009/05/07 07:37:46 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard

========== Files - Modified Within 30 Days ==========

[4 C:\Windows\*.tmp files]
[2 C:\ProgramData\*.tmp files]
[2009/06/05 09:53:45 | 00,286,208 | ---- | M] () -- C:\Users\Dr. Josh\Desktop\u545d9m1.exe
[2009/06/05 09:51:03 | 00,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/06/05 09:51:03 | 00,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/06/05 09:51:00 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/06/05 09:50:56 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/06/05 09:50:49 | 37,186,31424 | -HS- | M] () -- C:\hiberfil.sys
[2009/06/05 09:50:48 | 30,829,6195 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2009/06/05 09:30:56 | 00,081,664 | ---- | M] (GMER) -- C:\inyafakj.sys
[2009/06/04 19:13:41 | 00,057,344 | ---- | M] () -- C:\Users\Dr. Josh\Documents\Music and lit.doc
[2009/06/04 10:47:38 | 00,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2009/06/04 10:47:32 | 03,158,810 | -H-- | M] () -- C:\Users\Dr. Josh\AppData\Local\IconCache.db
[2009/06/03 12:02:07 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Users\Dr. Josh\Desktop\OTViewIt.exe
[2009/06/03 11:58:00 | 00,182,784 | ---- | M] () -- C:\Users\Dr. Josh\Documents\Joyce chapter, revising for JJQ.doc
[2009/06/02 16:19:23 | 00,001,889 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2009/06/01 17:26:38 | 00,006,958 | ---- | M] () -- C:\Users\Dr. Josh\AppData\Roaming\PrimoPDFSet.xml
[2009/06/01 12:06:22 | 00,000,472 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2009/06/01 08:50:03 | 00,054,272 | ---- | M] () -- C:\Users\Dr. Josh\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/05/31 14:13:48 | 00,036,352 | ---- | M] () -- C:\Users\Dr. Josh\Documents\Write a paper.doc
[2009/05/30 18:12:13 | 00,000,861 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2009/05/29 19:06:18 | 00,147,695 | ---- | M] () -- C:\Users\Dr. Josh\Documents\bookmarks.html
[2009/05/27 13:13:50 | 00,015,688 | ---- | M] () -- C:\Windows\System32\lsdelete.exe
[2009/05/27 08:57:14 | 00,000,954 | ---- | M] () -- C:\Users\Public\Desktop\Yahoo! Messenger.lnk
[2009/05/22 17:08:24 | 00,000,414 | ---- | M] () -- C:\Windows\tasks\Norton Security Scan for Dr. Josh.job
[2009/05/15 14:55:08 | 00,000,280 | -HS- | M] () -- C:\Users\Public\Documents\desktop.ini
[2009/05/12 15:14:07 | 00,006,080 | ---- | M] () -- C:\Users\Dr. Josh\AppData\Local\d3d9caps.dat
[2009/05/08 10:31:52 | 00,818,818 | ---- | M] () -- C:\Users\Dr. Josh\Documents\space between society poster.pdf
[2009/05/07 07:43:41 | 00,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/05/07 07:43:41 | 00,595,684 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/05/07 07:43:41 | 00,101,350 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/05/07 02:16:29 | 24,699,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mrt.exe
< End of report >
OTViewIt Extras logfile created on: 6/5/2009 9:57:35 AM - Run 2
OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Users\Dr. Josh\Desktop
Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys;

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 283.40 Gb Total Space | 114.55 Gb Free Space | 40.42% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 14.65 Gb Total Space | 9.00 Gb Free Space | 61.41% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DRJOSH-PC
Current User Name: Dr. Josh
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride"=0
"AntiSpywareOverride"=0
"FirewallOverride"=0
"VistaSp1"=
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall"=1
"DisableNotifications"=0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2009/02/17 14:10:02 | 00,637,232 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

========== (O10) Winsock2 Catalogs ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]
NameSpace_Catalog5\Catalog_Entries\000000000001 [@%SystemRoot%\system32\nlasvc.dll,-1000] -- C:\Windows\System32\nlaapi.dll (Microsoft Corporation)
NameSpace_Catalog5\Catalog_Entries\000000000002 [@%SystemRoot%\system32\napinsp.dll,-1000] -- C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
NameSpace_Catalog5\Catalog_Entries\000000000003 [@%SystemRoot%\system32\pnrpnsp.dll,-1000] -- C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
NameSpace_Catalog5\Catalog_Entries\000000000004 [@%SystemRoot%\system32\pnrpnsp.dll,-1001] -- C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
NameSpace_Catalog5\Catalog_Entries\000000000007 [Bluetooth Namespace] -- C:\Windows\System32\wshbth.dll (Microsoft Corporation)
NameSpace_Catalog5\Catalog_Entries\000000000008 [mdnsNSP] -- C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

========== HKEY_LOCAL_MACHINE Protocol Defaults ==========


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults - Default Protocols
ldap -- 4 = Restricted sites (Not a Default Protocol)
news -- 4 = Restricted sites (Not a Default Protocol)
nntp -- 4 = Restricted sites (Not a Default Protocol)
oecmd -- 4 = Restricted sites (Not a Default Protocol)
snews -- 4 = Restricted sites (Not a Default Protocol)

========== HKEY_USERS Protocol Defaults ==========


[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
@ivt -- @ivt protocol not assigned
file -- file protocol not assigned
ftp -- ftp protocol not assigned
http -- http protocol not assigned
https -- https protocol not assigned
shell -- shell protocol not assigned

========== HKEY_USERS Protocol Defaults ==========


[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
@ivt -- @ivt protocol not assigned
file -- file protocol not assigned
ftp -- ftp protocol not assigned
http -- http protocol not assigned
https -- https protocol not assigned
shell -- shell protocol not assigned

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2009/02/06 18:52:44 | 00,062,304 | ---- | M] (Microsoft Corporation) C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (livecall:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
msdaipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2005/09/20 12:33:58 | 00,843,984 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2005/09/20 12:33:58 | 00,843,984 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/08/24 03:16:22 | 00,230,760 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll (ms-itss:{0A9007C0-4076-11D3-8789-0000F8105754} (HKLM) [Microsoft Infotech Storage Protocol for IE 4.0])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2009/02/06 18:52:44 | 00,062,304 | ---- | M] (Microsoft Corporation) C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (msnim:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/05/10 13:45:34 | 08,069,464 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Web Components\11\OWC11.DLL (mso-offdap11:{32505114-5902-49B2-880A-1F7738E5A384} (HKLM) [Data Page Plugable Protocal mso-offdap11 Handler])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2009/03/16 18:47:50 | 01,942,824 | R--- | M] (Skype Technologies) C:\Program Files\Common Files\Skype\Skype4COM.dll (skype4com:{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} (HKLM) [IEProtocolHandler Class])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2009/02/06 18:53:40 | 00,791,392 | ---- | M] (Microsoft Corporation) C:\Program Files\Windows Live\Mail\mailcomm.dll (wlmailhtml:{03C514A3-1EFB-4856-9F99-10D7BE1653C0} (HKLM) [Windows Live Mail HTML Asynchronous Pluggable Protocol Handler])

========== (O18) Protocol Filters ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
[2007/04/19 13:57:40 | 00,046,432 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL text/xml:{807553E5-5146-11D5-A672-00B0D022E945} (HKLM) [Reg Error: Value does not exist or could not be read.]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00C62B23-9336-4AF2-8DD4-BBDBE599DD76}"=Google Photos Screensaver
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}"=WIDCOMM Bluetooth Software 6.1.0.4502
"{07287123-B8AC-41CE-8346-3D777245C35B}"=Bonjour
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}"=Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}"=Roxio Creator DE
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}"=Windows Live Messenger
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}"=Windows Installer Clean Up
"{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}"=Dell DataSafe Online
"{13F3917B56CD4C25848BDC69916971BB}"=DivX Converter
"{14FCFE7C-AB86-428A-9D2E-BFB6F5A7AA6E}"=Cisco Systems VPN Client 5.0.01.0600
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}"=Microsoft Works
"{18D10072035C4515918F7E37EAFAACFC}"=AutoUpdate
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}"=Roxio Creator Tools
"{205C6BDD-7B73-42DE-8505-9A093F35A238}"=Windows Live Upload Tool
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}"=QuickTime
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}"=MSVCRT
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}"=Skype™ 4.0
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}"=Java™ 6 Update 13
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}"=Acrobat.com
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}"=Roxio Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160070}"=Java™ 6 Update 7
"{35C03C04-3F1F-42C2-A989-A757EE691F65}"=McAfee VirusScan Enterprise
"{3B4E636E-9D65-4D67-BA61-189800823F52}"=Windows Live Communications Platform
"{3C52E7DA-C431-4239-B66B-1BF703D5B194}"=Windows Live Photo Gallery
"{3FC7CBBC4C1E11DCA1A752EA55D89593}"=DivX Version Checker
"{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}"=Banctec Service Agreement
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}"=Microsoft Search Enhancement Pack
"{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}"=Junk Mail filter update
"{5012BC0C-7E1A-329A-8F02-B6846070C5F8}"=Google Talk Plugin
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}"=Microsoft Office Live Add-in 1.3
"{5EFCBB42-36AB-4FF9-B90C-E78C7B9EE7B3}"=iTunes
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}"=Windows Live Mail
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}"=Live! Cam Avatar Creator
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}"=Roxio Express Labeler 3
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}"=PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}"=Apple Software Update
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}"=Windows Live Writer
"{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}"=EDocs
"{7299052b-02a4-4627-81f2-1818da5d550d}"=Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}"=Roxio Creator Audio
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}"=VC80CRTRedist - 8.0.50727.762
"{795AF20A-51C5-4BAF-9EF5-AA38105C6141}"=Norton Security Scan
"{7B63B2922B174135AFC0E1377DD81EC2}"=DivX Codec
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}"=Dell Getting Started Guide
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}"=Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}"=Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8ADFC4160D694100B5B8A22DE9DCABD9}"=DivX Player
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}"=Choice Guard
"{90120000-0020-0409-0000-0000000FF1CE}"=Compatibility Pack for the 2007 Office system
"{901B0409-6000-11D3-8CFE-0150048383C9}"=Microsoft Office Word 2003
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}"=Intel® Matrix Storage Manager
"{91110409-6000-11D3-8CFE-0150048383C9}"=Microsoft Office Professional Edition 2003
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}"=Windows Live Sign-in Assistant
"{95120000-00AF-0409-0000-0000000FF1CE}"=Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}"=Microsoft Application Error Reporting
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}"=Windows Live Toolbar
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}"=Dell Touchpad
"{A11138F6-31A2-34D9-93E9-3F5BC0EB2F8C}"=Google Gears
"{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}"=Windows Live Sync
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}"=Adobe AIR
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}"=Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}"=H.264 Decoder
"{A9FE08B0-7804-43FF-8B90-04EEC285FFF6}"=Microsoft Office Live Add-in Patches
"{AAC389499AEF40428987B3D30CFC76C9}"=MKV Splitter
"{AC76BA86-7AD7-1033-7B44-A91000000001}"=Adobe Reader 9.1.1
"{AC76BA86-7AD7-5464-3428-900000000004}"=Spelling Dictionaries Support For Adobe Reader 9
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}"=AAC Decoder
"{AFA20D47-69C3-4030-8DF8-D37466E70F13}"=Apple Mobile Device Support
"{B13A7C41581B411290FBC0395694E2A9}"=DivX Converter
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}"=Roxio Creator Copy
"{B7050CBDB2504B34BC2A9CA0A692CC29}"=DivX Web Player
"{BCE72AED-3332-4863-9567-C5DCB9052CA2}"=Netflix Movie Viewer
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}"=Microsoft Sync Framework Services Native v1.0 (x86)
"{C4972073-2BFE-475D-8441-564EA97DA161}"=QuickSet
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}"=Windows Live Essentials
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}"=Microsoft .NET Framework 3.5 SP1
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}"=Ad-Aware
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}"=Dell Support Center (Support Software)
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}"=Roxio Creator DE
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}"=Microsoft SQL Server 2005 Compact Edition [ENU]
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}"=Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01"=Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F44DA61E-720D-4E79-871F-F6E628B33242}"=OpenOffice.org 3.0
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}"=Windows Live Call
"{F6CB42B9-F033-4152-8813-FF11DA8E6A78}"=Dell Dock
"7-Zip"=7-Zip 4.65
"Ad-Aware"=Ad-Aware
"Adobe AIR"=Adobe AIR
"Adobe Flash Player ActiveX"=Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin"=Adobe Flash Player 10 Plugin
"Advanced Audio FX Engine"=Advanced Audio FX Engine
"Amazon MP3 Downloader"=Amazon MP3 Downloader 1.0.3
"Creative OA009"=Integrated Webcam Driver (1.02.01.0320)
"Dell Video Chat"=Dell Video Chat (remove only)
"Dell Webcam Central"=Dell Webcam Central
"DivX Plus DirectShow Filters"=DivX Plus DirectShow Filters
"Google Chrome"=Google Chrome
"Google Updater"=Google Updater
"GoToAssist"=GoToAssist 8.0.0.514
"HijackThis"=HijackThis 2.0.2
"InFlac"=InFlac 1.1.1
"LastFM_is1"=Last.fm 1.5.4.24567
"Microsoft .NET Framework 3.5 SP1"=Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.0.10)"=Mozilla Firefox (3.0.10)
"NSSSetup.{795AF20A-51C5-4BAF-9EF5-AA38105C6141}"=Norton Security Scan (Symantec Corporation)
"Picasa 3"=Picasa 3
"PrimoPDF4.1.0.9"=PrimoPDF
"Soulseek2"=SoulSeek 157 NS 13d
"Spyware Doctor"=Spyware Doctor 6.0
"VLC media player"=VLC media player 0.9.9
"Winamp"=Winamp
"WinLiveSuite_Wave3"=Windows Live Essentials
"Xvid_is1"=Xvid 1.2.1 final uninstall
"Yahoo! Messenger"=Yahoo! Messenger

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent"=BitTorrent
"BitTorrent DNA"=DNA

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3966021205-2984334215-164664013-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent"=BitTorrent
"BitTorrent DNA"=DNA

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/30/2009 6:52:22 AM | Computer Name = DrJosh-PC | Source = Google Update | ID = 20
Description =

Error - 5/30/2009 6:58:33 AM | Computer Name = DrJosh-PC | Source = Google Update | ID = 20
Description =

Error - 5/30/2009 4:56:21 PM | Computer Name = DrJosh-PC | Source = WinMgmt | ID = 10
Description =

Error - 5/30/2009 6:37:03 PM | Computer Name = DrJosh-PC | Source = WinMgmt | ID = 10
Description =

Error - 5/31/2009 2:30:59 PM | Computer Name = DrJosh-PC | Source = WinMgmt | ID = 10
Description =

Error - 5/31/2009 8:29:33 PM | Computer Name = DrJosh-PC | Source = WinMgmt | ID = 10
Description =

Error - 5/31/2009 8:42:20 PM | Computer Name = DrJosh-PC | Source = Google Update | ID = 20
Description =

Error - 6/1/2009 12:13:29 PM | Computer Name = DrJosh-PC | Source = WinMgmt | ID = 10
Description =

Error - 6/1/2009 4:23:36 PM | Computer Name = DrJosh-PC | Source = Application Error | ID = 1000
Description = Faulting application firefox.exe, version 1.9.0.3399, time stamp 0x49f1091d,
faulting module FOXITR~1.OCX, version 1.0.0.1, time stamp 0x495057f6, exception
code 0xc0000005, fault offset 0x00002c8e, process id 0x1690, application start time
0x01c9e2f676abe9e0.

Error - 6/1/2009 4:27:38 PM | Computer Name = DrJosh-PC | Source = Application Hang | ID = 1002
Description = The program firefox.exe version 1.9.0.3399 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 1690 Start Time: 01c9e2f676abe9e0 Termination Time: 108

[ System Events ]
Error - 5/6/2009 10:55:53 AM | Computer Name = DrJosh-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 5/6/2009 10:55:53 AM | Computer Name = DrJosh-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 5/6/2009 10:55:53 AM | Computer Name = DrJosh-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 5/6/2009 10:55:53 AM | Computer Name = DrJosh-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 5/6/2009 11:12:29 AM | Computer Name = DrJosh-PC | Source = HTTP | ID = 15016
Description =

Error - 5/6/2009 11:13:12 AM | Computer Name = DrJosh-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 5/6/2009 11:13:12 AM | Computer Name = DrJosh-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 5/6/2009 11:13:12 AM | Computer Name = DrJosh-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 5/6/2009 11:13:12 AM | Computer Name = DrJosh-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 5/6/2009 11:13:12 AM | Computer Name = DrJosh-PC | Source = Service Control Manager | ID = 7026
Description =


< End of report >

#9 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:05:46 AM

Posted 05 June 2009 - 10:40 AM

the GMER program crashed my computer 3 times...any thoughts?


Yes, the malware picks up on certain tools. Please rename the file to Gamer.exe when you download it.

Post the results in your next reply. :thumbup2:
Posted Image
m0le is a proud member of UNITE

#10 gotterfunken

gotterfunken
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:46 AM

Posted 05 June 2009 - 11:58 AM

Hi m0le -- I tried redownloading it and renaming it to Gamer.exe, but it still crashed my computer. :-(

#11 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:05:46 AM

Posted 05 June 2009 - 12:05 PM

Hmm, let's try a different tool to check for rootkits.

Please download Rooter.exe and save it to your desktop
  • Double-click it to start the tool. If you are using Vista, please right-click and choose Run As Administrator...
  • Alow it to run when you get a Security Warning
  • A black Command Windows will open saying: "Please Wait..."
  • It will now begin to scan, please be paitent. The scan should not take more than 2 minutes
  • A Notepad file containing the report will open soon. It can also be found at %systemdrive%\Rooter.txt
  • Please post the contents of that log in your next reply

Posted Image
m0le is a proud member of UNITE

#12 gotterfunken

gotterfunken
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:46 AM

Posted 05 June 2009 - 12:11 PM

Thanks for your patience--this seems to have worked. Huzzah! Here's the log...

================

Microsoft Windows XP Home Edition (5.1.2600) Service Pack 2

C:\ [Fixed] - NTFS - (Total:290204 Mo/Free:3717 Mo)
E:\ [Fixed] - NTFS - (Total:14999 Mo/Free:1019 Mo)
F:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)

Fri 06/05/2009|12:09

----------------------\\ Processes..

--Locked-- [System Process]
--Locked-- System
---------- \SystemRoot\System32\smss.exe
---------- C:\Windows\system32\csrss.exe
---------- C:\Windows\system32\wininit.exe
---------- C:\Windows\system32\csrss.exe
---------- C:\Windows\system32\services.exe
---------- C:\Windows\system32\lsass.exe
---------- C:\Windows\system32\lsm.exe
---------- C:\Windows\system32\winlogon.exe
---------- C:\Windows\system32\svchost.exe
---------- C:\Windows\system32\svchost.exe
---------- C:\Windows\System32\svchost.exe
---------- C:\Windows\System32\svchost.exe
---------- C:\Windows\System32\svchost.exe
---------- C:\Windows\system32\svchost.exe
---------- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\STacSV.exe
--Locked-- audiodg.exe
---------- C:\Windows\system32\svchost.exe
---------- C:\Windows\system32\SLsvc.exe
---------- C:\Windows\system32\svchost.exe
---------- C:\Program Files\Dell\DellDock\DockLogin.exe
---------- C:\Windows\system32\svchost.exe
---------- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
---------- C:\Windows\system32\Dwm.exe
---------- C:\Windows\Explorer.EXE
---------- C:\Windows\System32\spoolsv.exe
---------- C:\Windows\system32\svchost.exe
---------- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\aestsrv.exe
---------- C:\Windows\system32\taskeng.exe
---------- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
---------- C:\Program Files\Bonjour\mDNSResponder.exe
---------- C:\Windows\system32\svchost.exe
---------- C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
---------- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
---------- C:\Program Files\Google\Update\GoogleUpdate.exe
---------- C:\Windows\system32\taskeng.exe
---------- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
---------- C:\Program Files\McAfee\Common Framework\FrameworkService.exe
---------- C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
---------- C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
---------- C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
---------- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
---------- C:\Windows\system32\svchost.exe
---------- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
---------- C:\Windows\system32\svchost.exe
---------- C:\Windows\System32\svchost.exe
---------- C:\Windows\system32\SearchIndexer.exe
---------- C:\Windows\system32\RUNDLL32.EXE
---------- C:\Windows\system32\wbem\unsecapp.exe
---------- C:\Windows\system32\wbem\wmiprvse.exe
---------- C:\Program Files\Windows Defender\MSASCui.exe
---------- C:\Program Files\DellTPad\Apoint.exe
---------- C:\Program Files\IDT\WDM\sttray.exe
---------- C:\Windows\System32\igfxtray.exe
---------- C:\Windows\System32\hkcmd.exe
---------- C:\Windows\System32\igfxpers.exe
---------- C:\Program Files\Dell\QuickSet\quickset.exe
---------- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
---------- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
---------- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
---------- C:\Program Files\Java\jre6\bin\jusched.exe
---------- C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
---------- C:\Program Files\McAfee\Common Framework\UdaterUI.exe
---------- C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe
---------- C:\Program Files\Windows Sidebar\sidebar.exe
---------- C:\Users\Dr. Josh\AppData\Local\Google\Update\GoogleUpdate.exe
---------- C:\Windows\system32\igfxsrvc.exe
---------- C:\Program Files\McAfee\Common Framework\McTray.exe
---------- C:\Program Files\DellTPad\ApMsgFwd.exe
---------- C:\Program Files\DellTPad\HidFind.exe
---------- C:\Program Files\DellTPad\Apntex.exe
---------- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
---------- C:\Windows\system32\taskeng.exe
---------- C:\Windows\system32\taskeng.exe
---------- C:\Windows\system32\SearchProtocolHost.exe
---------- C:\Windows\system32\SearchFilterHost.exe
---------- C:\Windows\system32\cmd.exe
---------- C:\Rooter$\RK.exe

----------------------\\ Search..

----------------------\\ ROOTKIT !!



1 - "C:\Rooter$\Rooter_1.txt" - Fri 06/05/2009|12:08
2 - "C:\Rooter$\Rooter_2.txt" - Fri 06/05/2009|12:10

----------------------\\ Scan completed at 12:10

#13 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:05:46 AM

Posted 05 June 2009 - 12:51 PM

I think this may be a Firefox issue. Nothing came up on the Rooter and OTViewIt logs.

Let's run an online scan to see if its hiding elsewhere.

Please go to Kaspersky website and perform an online antivirus scan.

  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Please post this log in your next reply.

Posted Image
m0le is a proud member of UNITE

#14 gotterfunken

gotterfunken
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:46 AM

Posted 06 June 2009 - 01:38 PM

Hi m0le,
the online scan reports that there are no files infected...maybe I'm fine now and just being paranoid? ;)

#15 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:05:46 AM

Posted 06 June 2009 - 02:18 PM

Nothing wrong with being paranoid, some of this stuff is well disguised.

However, yes, I think you have a clean system here :thumbup2:

Let's firstly do some housekeeping

Please reactivate your antivirus, antispyware and firewall programs.

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "Java Runtime Environment (JRE)" JRE 6 Update 14.
  • Click the Download button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u14-windows-i586-p.exe to install the newest version.
-- If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
-- If you choose to update via the Java applet in Control Panel, uncheck the option to install the Toolbar unless you want it.
-- The uninstaller incorporated in this release removes previous Updates 10 and above, but does not remove older versions, so they still need to be removed manually.


Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.


Please download OTCleanIt and save it to Desktop.

Make sure you have internet connection.
  • Double-click OTCleanIt.exe
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes

Please set your system to hide all hidden files.
Click Start, open My Computer, select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden files and folders heading, uncheck Show hidden files and folders.
Check: Hide file extensions for known file types
Check the Hide protected operating system files (recommended) option.
Click Yes to confirm.

Now you should Set a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since System Restore is a protected directory, your tools can not access it to delete these bad files which sometimes can reinfect your system. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then go to Start > Run and type: Cleanmgr
  • Click "OK".
  • Click the "More Options" Tab.
  • Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one.
Here's a list of ways you can avoid problems in the future:

Update your AntiVirus Software

It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out. If you use a commercial antivirus program you must make sure you keep renewing your subscription. Otherwise, once your subscription runs out, you may not be able to update the programs virus definitions.


Make sure your applications have all of their updates

It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you. Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector and Calendar of Updates.


Use a Firewall

I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

For a tutorial on Firewalls and a listing of some available ones see the link below:

Understanding and Using Firewalls

That's it gotterfunken, happy surfing!

Cheers,


m0le
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users