Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HijackThis log - malware link redirects .. please help !


  • This topic is locked This topic is locked
25 replies to this topic

#1 florgat91

florgat91

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:05:06 AM

Posted 28 October 2009 - 10:57 PM

Hi -I got the Antivirus System Pro malware (FakeAlert-IE ?) and used Combofix to clean out most of it per the instructions .. but, I'm still getting link redirects when Googling in IE and Firefox .. I upgraded to IE8 but that didn't help .. Hijackthis log follows -- I'd really apprecite any help -- thanks ! - g



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:39:53 PM, on 10/28/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\WINDOWS\MXOALDR.EXE
C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe
C:\Program Files\Dell\AccessDirect\dadapp.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Roland\VSC32\vsc32cnf.exe
C:\Program Files\Roland\VSC32\vscvol.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Dell AIO Printer A940\dlbabmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
C:\Program Files\MOTU\FireWire Audio\MFWAKeys.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Dantz\Retrospect\retrorun.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5CA3D70E-1895-11CF-8E15-001234567890} - (no file)
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: (no name) - {EF45B8E6-C662-4819-88B5-3C2AC20EF9DE} - (no file)
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MXO Auto Loader] C:\WINDOWS\MXOALDR.EXE
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [Dell AIO Printer A940] "C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe"
O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [vsc32cnf.exe] C:\Program Files\Roland\VSC32\vsc32cnf.exe
O4 - HKLM\..\Run: [vscvol.exe] C:\Program Files\Roland\VSC32\vscvol.exe
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Microsoft Office Outlook 2003.lnk = ?
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Image Transfer.lnk = ?
O4 - Global Startup: MFWAKeys.lnk = C:\Program Files\MOTU\FireWire Audio\MFWAKeys.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.line6.net
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {0191ABF4-9421-435E-9FFD-CD827A2A82D8} -
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase8942.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://bin.mcafee.com/molbin/shared/mcgdmg...,16/mcgdmgr.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://berklee.webex.com/client/T27L/nbr/ieatgpc.cab
O16 - DPF: {EEECA057-AD0F-44A7-8BE5-8634CEDBDBD1} -
O16 - DPF: {F57D17AE-CE37-4BC8-B232-EA57747BE5E7} -
O20 - Winlogon Notify: iifdDtrO - C:\WINDOWS\
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Defragmentation-Service (DfSdkS) - mst software GmbH, Germany - C:\Program Files\Ashampoo\Ashampoo WinOptimizer 6\Dfsdks.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\retrorun.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/GREGMA~1/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg
O24 - Desktop Component 1: (no name) - file:///C:/DOCUME~1/GREGMA~1/LOCALS~1/Temp/msohtml1/01/clip_image001.gif
O24 - Desktop Component 2: (no name) - file:///C:/DOCUME~1/GREGMA~1/LOCALS~1/Temp/msohtml1/01/clip_image002.gif

--
End of file - 12590 bytes

BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:06 AM

Posted 03 November 2009 - 06:28 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :(
Posted Image
m0le is a proud member of UNITE

#3 florgat91

florgat91
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:05:06 AM

Posted 04 November 2009 - 10:30 AM

ok - I'm here - thanks ...

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:06 AM

Posted 04 November 2009 - 08:15 PM

Hi florgat91,


Okay, please run the following two scans for me
  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

Then

We Need to check for Rootkits with RootRepeal
  • Download RootRepeal from the following location and save it to your desktop.

    First Location
    Second Location
    Third Location

  • Open Posted Image on your desktop.
  • Click the Posted Image tab.
  • Click the Posted Image button.
  • Check all seven boxes: Posted Image
  • Push Ok
  • Check the box for your main system drive (Usually C:), and press Ok.
  • Allow RootRepeal to run a scan of your system. This may take some time.
  • Once the scan completes, push the Posted Image button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.
Thanks :(
Posted Image
m0le is a proud member of UNITE

#5 florgat91

florgat91
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:05:06 AM

Posted 05 November 2009 - 10:51 PM

******** RSIT log.txt **************

Logfile of random's system information tool 1.06 (written by random/random)
Run by Greg Matses at 2009-11-05 22:28:00
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 17 GB (29%) free of 57 GB
Total RAM: 1279 MB (45% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:28:32 PM, on 11/5/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\WINDOWS\MXOALDR.EXE
C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe
C:\Program Files\Dell\AccessDirect\dadapp.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Roland\VSC32\vsc32cnf.exe
C:\Program Files\Roland\VSC32\vscvol.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Dell AIO Printer A940\dlbabmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
C:\Program Files\MOTU\FireWire Audio\MFWAKeys.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Dantz\Retrospect\retrorun.exe
c:\progra~1\common~1\instal~1\update~1\isuspm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Greg Matses\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Greg Matses.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
O2 - BHO: (no name) - {5CA3D70E-1895-11CF-8E15-001234567890} - (no file)
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: (no name) - {EF45B8E6-C662-4819-88B5-3C2AC20EF9DE} - (no file)
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MXO Auto Loader] C:\WINDOWS\MXOALDR.EXE
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [Dell AIO Printer A940] "C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe"
O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [vsc32cnf.exe] C:\Program Files\Roland\VSC32\vsc32cnf.exe
O4 - HKLM\..\Run: [vscvol.exe] C:\Program Files\Roland\VSC32\vscvol.exe
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Microsoft Office Outlook 2003.lnk = ?
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Image Transfer.lnk = ?
O4 - Global Startup: MFWAKeys.lnk = C:\Program Files\MOTU\FireWire Audio\MFWAKeys.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.line6.net
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {0191ABF4-9421-435E-9FFD-CD827A2A82D8} -
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase8942.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos-beta/OnlineScanner.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://bin.mcafee.com/molbin/shared/mcgdmg...,16/mcgdmgr.cab
O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} (Java Plug-in 1.4.2) -
O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} (Java Plug-in 1.5.0_04) -
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} (Java Plug-in 1.5.0_06) -
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} (Java Plug-in 1.5.0_09) -
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} (Java Plug-in 1.5.0_10) -
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} (Java Plug-in 1.5.0_11) -
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} (Java Plug-in 1.6.0_01) -
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} (Java Plug-in 1.6.0_03) -
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} (Java Plug-in 1.6.0_05) -
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} (Java Plug-in 1.6.0_07) -
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} (Java Plug-in 1.6.0_15) -
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://berklee.webex.com/client/T27L/nbr/ieatgpc.cab
O16 - DPF: {EEECA057-AD0F-44A7-8BE5-8634CEDBDBD1} -
O16 - DPF: {F57D17AE-CE37-4BC8-B232-EA57747BE5E7} -
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: iifdDtrO - C:\WINDOWS\
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Defragmentation-Service (DfSdkS) - mst software GmbH, Germany - C:\Program Files\Ashampoo\Ashampoo WinOptimizer 6\Dfsdks.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\retrorun.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/GREGMA~1/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg
O24 - Desktop Component 1: (no name) - file:///C:/DOCUME~1/GREGMA~1/LOCALS~1/Temp/msohtml1/01/clip_image001.gif
O24 - Desktop Component 2: (no name) - file:///C:/DOCUME~1/GREGMA~1/LOCALS~1/Temp/msohtml1/01/clip_image002.gif

--
End of file - 13624 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\McDefragTask.job
C:\WINDOWS\tasks\McQcTask.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - C:\Program Files\McAfee\VirusScan\scriptsn.dll [2009-09-16 62784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
AcroIEToolbarHelper Class - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2004-12-14 225280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EF45B8E6-C662-4819-88B5-3C2AC20EF9DE}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{4E7BD74F-2B8D-469E-C0FF-FD60B590A87D}
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2004-12-14 225280]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [2004-05-13 98304]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2004-05-14 536576]
"PCMService"=C:\Program Files\Dell\Media Experience\PCMService.exe [2003-09-23 204800]
"nwiz"=nwiz.exe /installquiet []
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2004-08-19 4554752]
"MXO Auto Loader"=C:\WINDOWS\MXOALDR.EXE [2003-04-07 118784]
"MaxtorOneTouch"=C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe [2003-05-21 45056]
"DVDSentry"=C:\WINDOWS\System32\DSentry.exe [2003-08-13 28672]
"Dell AIO Printer A940"=C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe [2003-06-25 294998]
"DadApp"=C:\Program Files\Dell\AccessDirect\dadapp.exe [2003-03-07 209800]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2004-07-27 81920]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2007-03-13 185896]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2009-08-13 177440]
"Broadcom Wireless Manager UI"=C:\WINDOWS\system32\WLTRAY.exe [2005-12-19 1347584]
"vsc32cnf.exe"=C:\Program Files\Roland\VSC32\vsc32cnf.exe [2000-02-07 36864]
"vscvol.exe"=C:\Program Files\Roland\VSC32\vscvol.exe [2000-02-08 36864]
"mcagent_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2009-09-17 645328]
"Acrobat Assistant 7.0"=C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe [2004-12-14 483328]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-09-05 417792]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-09-21 305440]
"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080]
""= []
"ISUSPM Startup"=c:\progra~1\common~1\instal~1\update~1\isuspm.exe [2004-07-27 221184]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe
Adobe Gamma Loader.exe.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe
Image Transfer.lnk - C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
MFWAKeys.lnk - C:\Program Files\MOTU\FireWire Audio\MFWAKeys.exe
QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe

C:\Documents and Settings\Greg Matses\Start Menu\Programs\Startup
Microsoft Office Outlook 2003.lnk - C:\WINDOWS\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\outicon.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2009-09-03 548352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\iifdDtrO]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"SpecifyDefaultButtons"=0
"Btn_Search"=0
"NoBandCustomize"=0
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoResolveTrack"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer"
"C:\Program Files\Dell Computer\Dell Picture Studio v2.0\launch.exe"="C:\Program Files\Dell Computer\Dell Picture Studio v2.0\launch.exe:*:Enabled:Jasc Paint Shop Photo Album Application"
"C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE"="C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE:*:Enabled:Microsoft Office Word"
"C:\Program Files\Macromedia\Dreamweaver MX\Dreamweaver.exe"="C:\Program Files\Macromedia\Dreamweaver MX\Dreamweaver.exe:*:Enabled:Dreamweaver MX"
"C:\StubInstaller.exe"="C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
"C:\Program Files\Ares\Ares.exe"="C:\Program Files\Ares\Ares.exe:*:Enabled:Ares p2p for windows"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\hmremote\WinVNC.exe"="C:\hmremote\WinVNC.exe:*:Enabled:TightVNC Win32 Server"
"C:\Program Files\Dell TrueMobile 2300\ControlUtility.exe"="C:\Program Files\Dell TrueMobile 2300\ControlUtility.exe:*:Enabled:ControlUtility"
"C:\Program Files\Intuit\QuickBooks 2007\QBDBMgrN.exe"="C:\Program Files\Intuit\QuickBooks 2007\QBDBMgrN.exe:*:Enabled:QuickBooks 2007 Data Manager"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe"="C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

65535-65535-31889 411:31889:475 ----N---- C:\WINDOWS\system32\usrgfil.dll
65535-65535-31889 411:31889:475 ----N---- C:\WINDOWS\system32\usrfil.dll
65535-65535-31889 411:31889:475 ----N---- C:\WINDOWS\system32\srchout.dll
65535-65535-31889 411:31889:475 ----N---- C:\WINDOWS\system32\srchin.dll
65535-65535-31889 411:31889:475 ----N---- C:\WINDOWS\system32\gdwfil.dll
65535-65535-31889 411:31889:475 ----N---- C:\WINDOWS\system32\adwfil.dll
2009-11-05 22:28:00 ----D---- C:\rsit
2009-11-03 22:51:41 ----A---- C:\WINDOWS\system32\javaws.exe
2009-11-03 22:51:41 ----A---- C:\WINDOWS\system32\javaw.exe
2009-11-03 22:51:41 ----A---- C:\WINDOWS\system32\java.exe
2009-11-02 19:44:23 ----A---- C:\WINDOWS\OEWABLog.txt
2009-10-31 16:43:11 ----D---- C:\Program Files\ESET
2009-10-30 23:37:29 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2009-10-30 23:37:07 ----D---- C:\Program Files\SUPERAntiSpyware
2009-10-30 23:37:07 ----D---- C:\Documents and Settings\Greg Matses\Application Data\SUPERAntiSpyware.com
2009-10-28 22:37:49 ----D---- C:\Program Files\Trend Micro
2009-10-28 20:03:22 ----D---- C:\Documents and Settings\Greg Matses\Application Data\McAfee
2009-10-25 14:47:21 ----D---- C:\WINDOWS\ie8updates
2009-10-25 14:42:30 ----HDC---- C:\WINDOWS\ie8
2009-10-24 20:39:16 ----A---- C:\ComboFix.txt
2009-10-24 20:19:49 ----A---- C:\WINDOWS\system32\proquota.exe
2009-10-24 20:04:19 ----A---- C:\Boot.bak
2009-10-24 20:04:11 ----RASHD---- C:\cmdcons
2009-10-24 20:00:29 ----A---- C:\WINDOWS\zip.exe
2009-10-24 20:00:29 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-10-24 20:00:29 ----A---- C:\WINDOWS\SWSC.exe
2009-10-24 20:00:29 ----A---- C:\WINDOWS\SWREG.exe
2009-10-24 20:00:29 ----A---- C:\WINDOWS\sed.exe
2009-10-24 20:00:29 ----A---- C:\WINDOWS\PEV.exe
2009-10-24 20:00:29 ----A---- C:\WINDOWS\NIRCMD.exe
2009-10-24 20:00:29 ----A---- C:\WINDOWS\grep.exe
2009-10-24 20:00:05 ----D---- C:\WINDOWS\ERDNT
2009-10-24 19:58:39 ----D---- C:\Qoobox
2009-10-24 14:57:10 ----D---- C:\Program Files\TeaTimer (Spybot - Search & Destroy)
2009-10-24 14:52:15 ----D---- C:\Program Files\File Scanner Library (Spybot - Search & Destroy)
2009-10-24 14:52:12 ----D---- C:\Program Files\Misc. Support Library (Spybot - Search & Destroy)
2009-10-24 14:52:08 ----D---- C:\Program Files\SDHelper (Spybot - Search & Destroy)
2009-10-24 14:49:03 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-10-24 14:48:47 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-10-24 08:37:14 ----D---- C:\Documents and Settings\Greg Matses\Application Data\Malwarebytes
2009-10-24 08:37:02 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-10-24 08:37:02 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-10-19 22:12:02 ----D---- C:\Program Files\iPod
2009-10-19 22:11:57 ----D---- C:\Program Files\iTunes
2009-10-19 22:11:57 ----D---- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-10-19 22:08:31 ----D---- C:\Program Files\QuickTime
2009-10-17 00:13:18 ----HDC---- C:\WINDOWS\$NtUninstallKB958869$
2009-10-17 00:10:22 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$
2009-10-17 00:10:12 ----HDC---- C:\WINDOWS\$NtUninstallKB954155_WM9$
2009-10-17 00:10:04 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$
2009-10-17 00:09:51 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$
2009-10-17 00:09:41 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$
2009-10-17 00:08:29 ----HDC---- C:\WINDOWS\$NtUninstallKB971486$
2009-10-17 00:08:16 ----HDC---- C:\WINDOWS\$NtUninstallKB973525$
2009-10-17 00:08:02 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$

======List of files/folders modified in the last 1 months======

2009-11-05 22:28:05 ----D---- C:\WINDOWS\Temp
2009-11-05 21:11:16 ----D---- C:\WINDOWS\system32\CatRoot2
2009-11-05 20:12:53 ----D---- C:\WINDOWS\SYSTEM32
2009-11-05 20:12:53 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-11-05 20:08:37 ----D---- C:\WINDOWS
2009-11-04 01:08:49 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-11-04 01:06:04 ----A---- C:\WINDOWS\MusEdit.INI
2009-11-04 01:04:55 ----A---- C:\WINDOWS\DELLSTAT.INI
2009-11-03 22:56:09 ----HD---- C:\WINDOWS\INF
2009-11-03 22:55:58 ----RSHD---- C:\WINDOWS\system32\DLLCACHE
2009-11-03 22:54:21 ----HD---- C:\WINDOWS\$hf_mig$
2009-11-03 22:51:58 ----SHD---- C:\WINDOWS\Installer
2009-11-03 22:51:46 ----D---- C:\Config.Msi
2009-11-03 22:51:36 ----D---- C:\Program Files\Java
2009-11-02 23:17:20 ----SHD---- C:\System Volume Information
2009-11-02 23:17:20 ----D---- C:\WINDOWS\system32\Restore
2009-11-02 22:52:47 ----RASH---- C:\boot.ini
2009-11-02 22:52:47 ----A---- C:\WINDOWS\WIN.INI
2009-11-02 22:52:47 ----A---- C:\WINDOWS\system.ini
2009-11-02 19:54:23 ----D---- C:\Documents and Settings
2009-11-02 10:58:16 ----A---- C:\WINDOWS\system32\MPFServiceFailureCount.txt
2009-10-31 21:10:39 ----D---- C:\Music Instruction
2009-10-31 16:43:17 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-10-31 16:43:11 ----AD---- C:\Program Files
2009-10-30 23:36:13 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-10-30 19:35:42 ----AD---- C:\Program Files\Common Files
2009-10-29 20:01:16 ----D---- C:\Program Files\Windows Live Safety Center
2009-10-28 22:21:25 ----D---- C:\audio downloads (old)
2009-10-28 20:02:37 ----D---- C:\Program Files\McAfee
2009-10-28 20:02:37 ----D---- C:\Documents and Settings\All Users\Application Data\McAfee
2009-10-27 23:37:51 ----D---- C:\Program Files\Mozilla Firefox
2009-10-27 11:03:12 ----D---- C:\WINDOWS\system32\DRIVERS
2009-10-26 12:13:13 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2009-10-25 15:08:57 ----A---- C:\WINDOWS\imsins.BAK
2009-10-25 14:52:04 ----D---- C:\WINDOWS\system32\en-US
2009-10-25 14:52:03 ----D---- C:\WINDOWS\Media
2009-10-25 14:52:03 ----D---- C:\Program Files\Internet Explorer
2009-10-25 14:52:02 ----D---- C:\WINDOWS\Help
2009-10-25 12:25:37 ----D---- C:\Internet Downloads
2009-10-24 20:21:14 ----D---- C:\WINDOWS\system32\CONFIG
2009-10-24 20:14:07 ----D---- C:\WINDOWS\AppPatch
2009-10-24 19:58:33 ----D---- C:\WINDOWS\Prefetch
2009-10-24 15:24:03 ----SD---- C:\WINDOWS\Tasks
2009-10-24 08:49:15 ----D---- C:\WINDOWS\system32\WBEM
2009-10-22 04:19:04 ----A---- C:\WINDOWS\system32\mshtml.dll
2009-10-19 22:19:28 ----D---- C:\Documents and Settings\Greg Matses\Application Data\Apple Computer
2009-10-19 22:13:02 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-10-19 22:12:00 ----D---- C:\Program Files\Common Files\Apple
2009-10-19 16:46:25 ----D---- C:\Documents and Settings\All Users\Application Data\Retrospect
2009-10-17 08:53:21 ----RSD---- C:\WINDOWS\assembly
2009-10-17 08:49:43 ----D---- C:\WINDOWS\Microsoft.NET
2009-10-17 00:15:38 ----D---- C:\WINDOWS\WinSxS
2009-10-14 23:30:11 ----A---- C:\WINDOWS\cdplayer.ini
2009-10-13 23:16:53 ----D---- C:\My Shared Folder
2009-10-11 04:17:27 ----A---- C:\WINDOWS\system32\deploytk.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Asapi;Asapi; C:\WINDOWS\system32\drivers\Asapi.sys [2002-04-17 11264]
R1 Cdr4_xp;Cdr4_xp; C:\WINDOWS\system32\drivers\Cdr4_xp.sys [2005-11-03 2432]
R1 Cdralw2k;Cdralw2k; C:\WINDOWS\system32\drivers\Cdralw2k.sys [2005-11-03 2560]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 mfehidk;McAfee Inc. mfehidk; C:\WINDOWS\system32\drivers\mfehidk.sys [2009-09-16 214664]
R1 MPFP;MPFP; C:\WINDOWS\System32\Drivers\Mpfp.sys [2009-04-09 120136]
R1 omci;OMCI WDM Device Driver; C:\WINDOWS\System32\DRIVERS\omci.sys [2003-01-07 17217]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2002-08-29 12032]
R2 Aspi32;Aspi32; C:\WINDOWS\system32\drivers\Aspi32.sys [1999-09-10 25244]
R2 MCSTRM;MCSTRM; C:\WINDOWS\system32\drivers\MCSTRM.sys [2007-08-13 8413]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys [2003-04-09 11043]
R2 RVIEGVST;VSC VST Engine; \??\C:\Program Files\Roland\Virtual Sound Canvas VST\RVIEg01VST.sys []
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 BCM43XX;Dell Wireless WLAN Card Driver; C:\WINDOWS\System32\DRIVERS\bcmwl5.sys [2006-12-18 424448]
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\System32\DRIVERS\bcm4sbxp.sys [2003-06-02 43136]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\System32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2009-05-18 26600]
R3 HSF_DP;HSF_DP; C:\WINDOWS\System32\DRIVERS\HSF_DP.sys [2003-07-03 1063936]
R3 HSFHWICH;HSFHWICH; C:\WINDOWS\System32\DRIVERS\HSFHWICH.sys [2003-07-03 189056]
R3 L6DP;L6DP; C:\WINDOWS\System32\Drivers\l6dp.sys [2002-07-15 26496]
R3 mfeavfk;McAfee Inc. mfeavfk; C:\WINDOWS\system32\drivers\mfeavfk.sys [2009-09-16 79816]
R3 mfebopk;McAfee Inc. mfebopk; C:\WINDOWS\system32\drivers\mfebopk.sys [2009-09-16 35272]
R3 mfesmfk;McAfee Inc. mfesmfk; C:\WINDOWS\system32\drivers\mfesmfk.sys [2009-09-16 40552]
R3 motubus;MOTU Audio MIDI Extension; C:\WINDOWS\system32\drivers\MotuBus.sys [2003-07-10 15488]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2004-08-19 2973568]
R3 STAC97;Audio Driver (WDM) - SigmaTel CODEC; C:\WINDOWS\system32\drivers\STAC97.sys [2004-11-15 264440]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\System32\DRIVERS\SynTP.sys [2004-05-13 182688]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 vsc32;Virtual Sound Canvas 3.2; C:\WINDOWS\system32\DRIVERS\vsc.sys [2001-04-16 951284]
R3 winachsf;winachsf; C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys [2003-07-03 631680]
S1 P3;Intel PentiumIII Processor Driver; C:\WINDOWS\System32\DRIVERS\p3.sys [2008-04-13 42752]
S3 bvrp_pci;bvrp_pci; C:\WINDOWS\system32\drivers\bvrp_pci.sys []
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 EL90XBC;3Com EtherLink XL 90XB/C Adapter Driver; C:\WINDOWS\System32\DRIVERS\el90xbc5.sys [2001-08-17 66591]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 i81x;i81x; C:\WINDOWS\System32\DRIVERS\i81xnt5.sys [2004-08-04 161020]
S3 iAimFP0;iAimFP0; C:\WINDOWS\System32\DRIVERS\wADV01nt.sys [2004-08-04 12415]
S3 iAimFP1;iAimFP1; C:\WINDOWS\System32\DRIVERS\wADV02NT.sys [2004-08-04 12127]
S3 iAimFP2;iAimFP2; C:\WINDOWS\System32\DRIVERS\wADV05NT.sys [2004-08-04 11775]
S3 iAimFP3;iAimFP3; C:\WINDOWS\System32\DRIVERS\wSiINTxx.sys [2004-08-04 12063]
S3 iAimFP4;iAimFP4; C:\WINDOWS\System32\DRIVERS\wVchNTxx.sys [2004-08-04 19455]
S3 iAimTV0;iAimTV0; C:\WINDOWS\System32\DRIVERS\wATV01nt.sys [2004-08-04 29311]
S3 iAimTV1;iAimTV1; C:\WINDOWS\System32\DRIVERS\wATV02NT.sys [2004-08-04 19551]
S3 iAimTV2;iAimTV2; C:\WINDOWS\System32\DRIVERS\wATV03nt.sys []
S3 iAimTV3;iAimTV3; C:\WINDOWS\System32\DRIVERS\wATV04nt.sys [2004-08-04 33599]
S3 iAimTV4;iAimTV4; C:\WINDOWS\System32\DRIVERS\wCh7xxNT.sys [2004-08-04 23615]
S3 L6POD;L6 PODxt Service; C:\WINDOWS\System32\Drivers\L6POD.sys [2008-10-23 530560]
S3 mferkdk;McAfee Inc. mferkdk; C:\WINDOWS\system32\drivers\mferkdk.sys [2009-09-16 34248]
S3 MFWAGSIF;MOTU FireWire Audio GSIF; C:\WINDOWS\system32\drivers\MFWAGSIF.sys [2004-02-25 12800]
S3 MFWAMIDI;MOTU FireWire Audio MIDI; C:\WINDOWS\system32\drivers\MFWAMIDI.sys [2004-02-25 18560]
S3 MFWAWAVE;MOTU FireWire Audio Wave; C:\WINDOWS\system32\drivers\MFWAWAVE.sys [2004-02-25 24320]
S3 MotuFWA;MotuFWA; C:\WINDOWS\system32\drivers\MotuFWA.sys [2004-03-22 131456]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 MXOFX;USB Storage Adapter FX (MXO); C:\WINDOWS\System32\DRIVERS\MXOFX.SYS [2003-04-14 32512]
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-08-28 40448]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\System32\DRIVERS\wanatw4.sys []
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\System32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 cbidf;cbidf; C:\WINDOWS\System32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\viaagp.sys [2008-04-13 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-09-10 611664]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-06-05 144712]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-11 153376]
R2 LexBceS;LexBce Server; C:\WINDOWS\system32\LEXBCES.EXE [2003-06-25 303104]
R2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2009-07-09 865832]
R2 McNASvc;McAfee Network Agent; c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe [2009-07-07 2482848]
R2 McProxy;McAfee Proxy Service; c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [2009-07-08 359952]
R2 McShield;McAfee Real-time Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2009-09-16 144704]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
R2 MpfService;McAfee Personal Firewall Service; C:\Program Files\McAfee\MPF\MPFSrv.exe [2009-09-15 894136]
R2 RetroLauncher;Retrospect Launcher; C:\Program Files\Dantz\Retrospect\retrorun.exe [2003-01-03 29184]
R2 WLTRYSVC;WLTRYSVC; C:\WINDOWS\System32\WLTRYSVC.EXE [2005-12-19 18944]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-09-21 545568]
R3 McSysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [2009-09-16 606736]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2009-08-24 69632]
S3 AresChatServer;Ares Chatroom server; C:\Program Files\Ares\chatServer.exe [2007-02-06 263168]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 DfSdkS;Defragmentation-Service; C:\Program Files\Ashampoo\Ashampoo WinOptimizer 6\Dfsdks.exe [2009-01-09 410976]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MBackMonitor;MBackMonitor; C:\Program Files\McAfee\MBK\MBackMonitor.exe [2009-07-08 68112]
S3 McODS;McAfee Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [2009-09-16 365072]
S3 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2004-08-19 127042]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 QBFCService;Intuit QuickBooks FCS; C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [2006-11-09 65536]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 QBCFMonitorService;QBCFMonitorService; C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [2009-09-16 20480]

-----------------EOF-----------------


*************** RSIT info.txt ******************

info.txt logfile of random's system information tool 1.06 2009-11-05 22:28:37

======Uninstall list======

-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {637099FB-45FD-4BC7-9651-6FB540DBB749}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
-->MsiExec.exe /I{71EEA108-09C9-4D81-8FA2-D48C70681242}
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{410438A3-B591-4028-B70A-3CC0B33FBCD1}\Setup.exe" -l0x9 -L0x9anything
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ABBYY FineReader 5.0 Sprint-->MsiExec.exe /X{4468EF97-A253-4699-9E1C-88CAE2C6832D}
AccessDirect-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{417B79C9-CDB4-477F-952D-840CEFC57A6C}\setup.exe" -l0x9
Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Acrobat 7.0 Professional-->msiexec /I {AC76BA86-1033-0000-7760-000000000002}
Adobe Atmosphere Player for Acrobat and Adobe Reader-->C:\WINDOWS\atmoUn.exe
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Photoshop 5.5-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop 5.5\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 5.5\Uninst.dll"
Adobe Photoshop Album 2.0 Starter Edition-->MsiExec.exe /I{11B569C2-4BF6-4ED0-9D17-A4273943CB24}
Antares Hyperprism v1.5.6 DX-->C:\Audio\HYPERP~1\UNWISE.EXE C:\Audio\HYPERP~1\INSTALL.LOG
Antares Microphone Modeler - ZONE-->C:\PROGRA~1\Antares\MicMod\UNWISE.EXE C:\PROGRA~1\Antares\MicMod\INSTALL.LOG
Apple Application Support-->MsiExec.exe /I{0C34B801-6AEC-4667-B053-03A67E2D0415}
Apple Mobile Device Support-->MsiExec.exe /I{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Arboretum Raygun v1.3 DX & Stand-alone-->C:\Audio\RAYGUN~1.3\UNWISE.EXE C:\Audio\RAYGUN~1.3\INSTALL.LOG
Ares 2.0.5-->"C:\Program Files\Ares\uninstall.exe"
ASAPI Update-->C:\WINDOWS\System32\IWUNIN~1.EXE -uninstall C:\WINDOWS\ISUNINST.EXE -fC:\PROGRA~1\VOB\ASAPIU~1\ASAPI.isu
Ashampoo WinOptimizer 6.30-->"C:\Program Files\Ashampoo\Ashampoo WinOptimizer 6\unins000.exe"
BBE Sonic Maximizer Plugin-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\BBE\BBE Sonic Maximizer Plugin\Uninst.isu"
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Broadcom Advanced Control Suite-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{89EE857B-8970-4F9F-AB58-A1C873AC72B3} /l1033
C-Major Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x9 -remove -removeonly
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Conexant D480 MDC V.9x Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1\HXFSETUP.EXE -U -Idel5422k.inf
Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
Dell AIO Printer A940-->C:\WINDOWS\System32\spool\drivers\w32x86\3\DLBAUN5C.EXE -dDell AIO Printer A940
Dell Digital Jukebox Driver-->C:\Program Files\Dell\Digital Jukebox Drivers\DrvUnins.exe /s
Dell Media Experience-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\setup.exe" -uninstall
Dell Solution Center-->MsiExec.exe /X{11F1920A-56A2-4642-B6E0-3B31A12C9288}
Dell TrueMobile 2300 Control Utility-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{06B8DAD8-2809-475E-BA9D-C34479A0D58A}\Setup.exe" DTM23H
Dell Wireless WLAN Card-->"C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Program Files\Dell\Dell Wireless WLAN Card"
Digital Line Detect-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DS21Patch-->MsiExec.exe /I{9B79DCB0-AAD7-456B-8D07-433C936FA24B}
DVDSentry-->MsiExec.exe /I{98DF85D9-96C0-4F57-A92E-C3539477EF5E}
ESET Online Scanner v3-->C:\Program Files\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe
FaxTools-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F45298E5-0083-426F-A668-1A2C5F04B8A0}\setup.exe" -l0x9 ControlPanel
FLV Player Ver 1.00-->"C:\Program Files\FLV Hosting\FLV Player\unins000.exe"
GuitarPort 2.51 (Remove Only)-->C:\Program Files\Line6\GuitarPort\Uninstall.exe
HighMAT Extension to Microsoft Windows XP CD Writing Wizard-->MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
IK Multimedia AmpliTube v1.1.1-->C:\PROGRA~1\STEINB~1\VSTPLU~1\IKMULT~1\UNINST~1\UNWISE.EXE C:\PROGRA~1\STEINB~1\VSTPLU~1\IKMULT~1\UNINST~1\INSTALL.LOG
IK Multimedia Sampletank XL v2.0.2.R1-->C:\PROGRA~1\SAMPLE~1\UNWISE.EXE C:\PROGRA~1\SAMPLE~1\INSTALL.LOG
Image Transfer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{564A8DD3-70BC-4018-A5C3-7CEB10BBB6E9}\Setup.exe" UNINSTALL
ImageMixer for Sony-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1B4AA674-F5CA-4BB5-831A-CD37B4021959}\setup.exe"
Internet Explorer Default Page-->MsiExec.exe /I{35BDEFF1-A610-4956-A00D-15453C116395}
iTunes-->MsiExec.exe /I{DA34FE93-5DC5-48E0-ACC8-A5389E05BB51}
Jasc Paint Shop Photo Album-->MsiExec.exe /I{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}
Jasc Paint Shop Pro 8-->MsiExec.exe /I{81A34902-9D0B-4920-A25C-4CDC5D14B328}
Java™ 6 Update 17-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216016FF}
Learn2 Player (Uninstall Only)-->C:\Program Files\Learn2.com\StRunner\stuninst.exe
Line 6 Edit (remove only)-->"C:\Program Files\Line6\Line 6 Edit\Uninstall.exe"
Line 6 Uninstaller-->C:\Program Files\Line6\Tools\Line 6 Uninstaller.exe
Macromedia Dreamweaver MX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8B4AB829-DFD3-436D-B808-D9733D76C590}\Setup.exe" -l0x9 mmUninstall
Macromedia Extension Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A5BA14E0-7384-11D4-BAE7-00409631A2C8}\setup.exe" -l0x9 mmUninstall
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
McAfee SecurityCenter-->C:\Program Files\McAfee\MSC\mcuninst.exe
McAfee Virtual Technician-->MsiExec.exe /I{49FA793C-785E-47E9-93DF-BD442B0B45D1}
Microsoft .NET Framework 1.1 Security Update (KB953297)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Data Access Components KB870669-->C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Money 2004 System Pack-->MsiExec.exe /I{8C64E145-54BA-11D6-91B1-00500462BE80}
Microsoft Money 2004-->MsiExec.exe /I{1D643CD7-4DD6-11D7-A4E0-000874180BB3}
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Basic Edition 2003-->MsiExec.exe /I{91130409-6000-11D3-8CFE-0150048383C9}
Microsoft Office PowerPoint Viewer 2003-->MsiExec.exe /X{90AF0409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
MIDI-OX-->MsiExec.exe /I{ABC52CF9-2D43-4278-A152-CB2CD3ED8FE9}
MobileMe Control Panel-->MsiExec.exe /I{3AC54383-31D1-4907-961B-B12CBB1D0AE8}
Modem Helper-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
MOTU FireWire Audio-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\MOTU\FireWire Audio\Uninst.isu"
Mozilla Firefox (3.0.13)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
MusEdit-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\MusEdit\Uninst.isu"
Napster Burn Engine-->MsiExec.exe /I{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}
Napster-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BBBCAE4B-B416-4182-A6F2-438180894A81}\setup.exe" -l0x9
NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
QuickBooks Pro 2007-->msiexec.exe /I {71EEA108-09C9-4D81-8FA2-D48C70681242} UNIQUE_NAME="pro" QBFULLNAME="QuickBooks Pro 2007" ADDREMOVE=1
QuickBooks Product Listing Service-->MsiExec.exe /I{054C3038-FFAC-446D-9682-E25891DC2E05}
QuickSet-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C5074CC4-0E26-4716-A307-960272A90040}\setup.exe" -l0x9 UNINSTALL
QuickTime-->MsiExec.exe /I{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Retrospect 6.0-->MsiExec.exe /I{C4354214-B919-4C8F-84EB-4F9B84ACC02C}
Revo Uninstaller 1.83-->C:\Program Files\VS Revo Group\Revo Uninstaller\uninst.exe
Rhapsody Player Engine-->MsiExec.exe /I{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}
Rhapsody-->C:\PROGRA~1\Rhapsody\Unwise32.exe /A C:\PROGRA~1\Rhapsody\install.log
Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB969897)-->"C:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB972260)-->"C:\WINDOWS\ie7updates\KB972260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB974455)-->"C:\WINDOWS\ie7updates\KB974455-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB974455)-->"C:\WINDOWS\ie8updates\KB974455-IE8\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971961)-->"C:\WINDOWS\$NtUninstallKB971961$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
SlingPlayer-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1150\INTEL3~1\IDriver.exe /M{004B0DCB-4C60-465B-8F01-44B0A4111187} /l1033
Sonic Backup MyPC Deluxe-->MsiExec.exe /I{637099FB-45FD-4BC7-9651-6FB540DBB749}
Sonic Copy Module-->MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Sonic Data Module-->MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Sonic Foundry Noise Reduction DX v2.0-->C:\WINDOWS\UNWISE.EXE C:\Audio\SONICF~2\NoiseDX\INSTALL.LOG
Sonic Foundry Sound Forge 6.0-->MsiExec.exe /I{62FC357F-022B-4F90-9376-7A0DF9FBE7A1}
Sonic MyDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5E835305-63BB-4E55-BBB7-EEBBE67774DB}\SETUP.EXE" -l0x9 -L0x9 /SMAINT
Sonic RecordNow!-->MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
Sonic Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
SPL De-Esser v1.0-->C:\Audio\SPL-DE~1\unwise.exe C:\Audio\SPL-DE~1\INSTALL.LOG
Spybot - Search & Destroy 1.2-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins001.exe"
Steinberg HALion v2.0-->C:\PROGRA~1\STEINB~1\VSTPLU~1\HALION~1\UNWISE.EXE C:\PROGRA~1\STEINB~1\VSTPLU~1\HALION~1\INSTALL.LOG
Steinberg Model-E v1.0-->C:\PROGRA~1\STEINB~1\VSTPLU~1\Model-E\UNMODE.EXE C:\PROGRA~1\STEINB~1\VSTPLU~1\Model-E\SMODELE.LOG
Steinberg WaveLab 4.0g-->C:\PROGRA~1\STEINB~1\Wavelab\UNWISE.EXE C:\PROGRA~1\STEINB~1\Wavelab\INSTALL.LOG
Steinberg Wavelab v4.01a-->C:\PROGRA~1\Wavelab\UNWISE.EXE C:\PROGRA~1\Wavelab\INSTALL.LOG
SUPER Version 2009.bld.36 (June 10, 2009)-->C:\PROGRA~1\eRightSoft\SUPER\Setup.exe /remove /q0
SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
SupportSoft Assisted Service-->MsiExec.exe /I{5A3F6A80-7913-475E-8B96-477A952CFA43}
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
TC.Works.Native.Bundle.v3.0.VST.WinAll-cRime-->C:\PROGRA~1\TCNATI~1\UNWISE.EXE C:\PROGRA~1\TCNATI~1\INSTALL.LOG
TEFView 2.64-->"C:\Program Files\TablEdit\unins000.exe"
Timeworks Millenium Pack-->C:\Audio\TIMEWO~1\UNWISE.EXE C:\Audio\TIMEWO~1\INSTALL.LOG
T-RackS 24 v2.0.1-->C:\Audio\IKMULT~1\T-RACK~1\UNWISE.EXE C:\Audio\IKMULT~1\T-RACK~1\INSTALL.LOG
T-Racks v1.1-->C:\WINDOWS\UNWISE.EXE C:\Audio\OLDT-R~1\INSTALL.LOG
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Windows Internet Explorer 8 (KB973874)-->"C:\WINDOWS\ie8updates\KB973874-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB976749)-->"C:\WINDOWS\ie8updates\KB976749-IE8\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
USB Storage Adapter FX (MXO)-->MXOun.exe MXOFX
Vegas Pro v1.0b 208-->C:\WINDOWS\UNWISE.EXE C:\Audio\Vegas\INSTALL.LOG
Virtual Sound Canvas 3.2-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Roland\VSC32\DeIsL1.isu" -c"C:\Program Files\Roland\VSC32\uninst.dll"
Virtual Sound Canvas VST-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DA22A6BB-10B5-4595-BD59-1AD4023C8536}\setup.exe" MAINTENANCE_XXX
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Live OneCare safety scanner-->RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

======Security center information======

AV: McAfee VirusScan
FW: McAfee Personal Firewall

======System event log======

Computer Name: GREGLAPTOP
Event Code: 20
Message: Printer Driver Amyuni Document Converter 2.51 for Windows NT x86 Version-3 was added or updated. Files:- acpdf251.dll, acpdfui251.dll, acfpdf.txt, cdintf251.dll.

Record Number: 588
Source Name: Print
Time Written: 20091020102656.000000-240
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: GREGLAPTOP
Event Code: 3
Message: Printer QuickBooks PDF Converter was deleted.

Record Number: 587
Source Name: Print
Time Written: 20091020102647.000000-240
Event Type: warning
User: GREGLAPTOP\Greg Matses

Computer Name: GREGLAPTOP
Event Code: 4
Message: Printer QuickBooks PDF Converter is pending deletion.

Record Number: 586
Source Name: Print
Time Written: 20091020102646.000000-240
Event Type: warning
User: GREGLAPTOP\Greg Matses

Computer Name: GREGLAPTOP
Event Code: 263
Message: The service "Apple Mobile Device" may not have unregistered for device event notifications before it was stopped.

Record Number: 534
Source Name: PlugPlayManager
Time Written: 20091019230528.000000-240
Event Type: warning
User:

Computer Name: GREGLAPTOP
Event Code: 19
Message: Sharing printer failed + 1722, Printer Dell AIO Printer A940 share name Printer2.

Record Number: 493
Source Name: Print
Time Written: 20091019124224.000000-240
Event Type: error
User: NT AUTHORITY\SYSTEM

=====Application event log=====

Computer Name: GREGLAPTOP
Event Code: 1517
Message: Windows saved user GREGLAPTOP\Greg Matses registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 45
Source Name: Userenv
Time Written: 20090824001912.000000-240
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: GREGLAPTOP
Event Code: 1517
Message: Windows saved user GREGLAPTOP\Greg Matses registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 36
Source Name: Userenv
Time Written: 20090823194707.000000-240
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: GREGLAPTOP
Event Code: 1517
Message: Windows saved user GREGLAPTOP\Greg Matses registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 31
Source Name: Userenv
Time Written: 20090823191437.000000-240
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: GREGLAPTOP
Event Code: 1517
Message: Windows saved user GREGLAPTOP\Greg Matses registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 13
Source Name: Userenv
Time Written: 20090822233306.000000-240
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: GREGLAPTOP
Event Code: 2001
Message: Rejected Safe Mode action : Microsoft Office Outlook.

Record Number: 8
Source Name: Microsoft Office 11
Time Written: 20090822212056.000000-240
Event Type: error
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;C:\Program Files\Common Files\Sonic Shared;C:\Program Files\QuickTime\QTSystem
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 9, GenuineIntel
"PROCESSOR_REVISION"=0209
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------


ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/11/05 22:39
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xB4DD2000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: c:\windows\temp\mcmsc_bwnwppanrnkjizp
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\documents and settings\greg matses\local settings\temp\~df8bb2.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\documents and settings\greg matses\local settings\temp\~dff9ba.tmp
Status: Allocation size mismatch (API: 655360, Raw: 16384)

==EOF==

thanks - g

#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:06 AM

Posted 06 November 2009 - 05:50 AM

used Combofix to clean out most of it per the instructions


Please note: ComboFix is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained. ComboFix is intended by its creator to be "used under the guidance and supervision of an expert." It is NOT for private use. Please read Combofix's Disclaimer.

Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.


The log still shows some malware temp files so we are going to try and remove these and anything else I find with OTM


Backup Your Registry with ERUNT
  • Please use the following link and scroll down to ERUNT and download it.
    http://aumha.org/freeware/freeware.php
  • For version with the Installer:
    Use the setup program to install ERUNT on your computer
  • For the zipped version:
    Unzip all the files into a folder of your choice.
Click Erunt.exe to backup your registry to the folder of your choice.

Note: to restore your registry, go to the folder and start ERDNT.exe

We need to execute an OTM script
  • Please download OTM by OldTimer and save it to your desktop.
  • Double click the Posted Image icon on your desktop.
  • Paste the following code under the Posted Image area. Do not include the word "Code".
    :files
    c:\windows\temp\mcmsc_bwnwppanrnkjizp
    c:\documents and settings\greg matses\local settings\temp\~df8bb2.tmp
    c:\documents and settings\greg matses\local settings\temp\~dff9ba.tmp
    :reg
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EF45B8E6-C662-4819-88B5-3C2AC20EF9DE}]
    [-HKEY_CLASSES_ROOT\CLSID\{4E7BD74F-2B8D-469E-C0FF-FD60B590A87D}]
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar]
    "4E7BD74F-2B8D-469E-C0FF-FD60B590A87D"=-
    :Commands
    [EmptyTemp]
  • Push the large Posted Image button.
  • OTM may ask to reboot the machine. Please do so if asked.
  • Copy/Paste the contents under the Posted Image line here in your next reply.
  • If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
Post the OTM log.

Let me know if the redirects stop after this tool has been run.

Thanks :(
Posted Image
m0le is a proud member of UNITE

#7 florgat91

florgat91
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:05:06 AM

Posted 06 November 2009 - 08:54 PM

below is the log from OTM - the redirects stopped for a few trys and then started up again .. thx- g


All processes killed
========== FILES ==========
File/Folder c:\windows\temp\mcmsc_bwnwppanrnkjizp not found.
File/Folder c:\documents and settings\greg matses\local settings\temp\~df8bb2.tmp not found.
File/Folder c:\documents and settings\greg matses\local settings\temp\~dff9ba.tmp not found.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EF45B8E6-C662-4819-88B5-3C2AC20EF9DE}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF45B8E6-C662-4819-88B5-3C2AC20EF9DE}\ not found.
Registry key HKEY_CLASSES_ROOT\CLSID\{4E7BD74F-2B8D-469E-C0FF-FD60B590A87D}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4E7BD74F-2B8D-469E-C0FF-FD60B590A87D}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\4E7BD74F-2B8D-469E-C0FF-FD60B590A87D not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

User: Administrator.GREGLAPTOP
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Greg Matses
->Temp folder emptied: 4986133 bytes
->Temporary Internet Files folder emptied: 6792454 bytes
->Java cache emptied: 14808740 bytes
->FireFox cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 74386 bytes
RecycleBin emptied: 39274500 bytes

Total Files Cleaned = 62.91 mb


OTM by OldTimer - Version 3.0.0.6 log created on 11062009_203623

Files moved on Reboot...

Registry entries deleted on Reboot...

#8 florgat91

florgat91
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:05:06 AM

Posted 06 November 2009 - 09:28 PM

UPDATE: I only seem to be getting redirects when using the Yahoo search bar - no redirects when using the Google search bar ...

also - not sure if it's related but I cannot boot up in Safe mode - I get the blue screen with "A problem has been detected and windows has been shut down to prevent damage to your computer ..... " message followed by a:

*** STOP: 0x0000007E (0xC0000005, 0x8A3E34C9, 0xF78A5C4C, 0xF78A5948)

thx - g

#9 florgat91

florgat91
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:05:06 AM

Posted 07 November 2009 - 01:09 AM

Update #2 - it seems that now I get browser redirects when I use the Google search bar in IE8 .. but if I search from the google site I don't get redirects ... thx- g

#10 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:06 AM

Posted 07 November 2009 - 05:25 AM

Okay, let's run Combofix and see if we can stop these permanently.


First, let's see if we can deal with the safe mode problem

We Need to Repair Safe Mode
  • Please download Safe Boot Key Repair and save it to your desktop.
  • Open Posted Image on your desktop.
  • Copy and paste the resultant log here in your next reply.

Next

Please download ComboFix from one of these locations:* IMPORTANT !!! Save ComboFix.exe to your Desktop making sure you rename it comfix.exe
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Thanks :(
Posted Image
m0le is a proud member of UNITE

#11 florgat91

florgat91
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:05:06 AM

Posted 07 November 2009 - 10:52 AM

Reg export of SafeBoot key after repair:
========================

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot]
"AlternateShell"="cmd.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\AppMgmt]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Base]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Boot Bus Extender]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Boot file system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\CryptSvc]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\DcomLaunch]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmadmin]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmboot.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmio.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmload.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmserver]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\EventLog]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\File system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Filter]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\HelpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Netlogon]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\PCI Configuration]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\PEVSystemStart]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\PlugPlay]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\PNP Filter]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Primary disk]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\procexp90.Sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\RpcSs]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\SCSI Class]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\sermouse.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\sr.sys]
@="FSFilter System Recovery"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\SRService]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\System Bus Extender]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\vga.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\vgasave.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\WinMgmt]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}]
@="Universal Serial Bus controllers"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}]
@="CD-ROM Drive"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}]
@="Standard floppy disk controller"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}]
@="PCMCIA Adapters"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}]
@="SCSIAdapter"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}]
@="Floppy disk drive"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
@="Human Interface Devices"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\AFD]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\AppMgmt]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Base]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Boot Bus Extender]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Boot file system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Browser]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\CryptSvc]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\DcomLaunch]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Dhcp]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmadmin]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmboot.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmio.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmload.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmserver]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\DnsCache]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\EventLog]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\File system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Filter]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\HelpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\ip6fw.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\ipnat.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\LanmanServer]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\LanmanWorkstation]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\LmHosts]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\MCODS]
@=""

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Messenger]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\MpfService]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NDIS]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NDIS Wrapper]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Ndisuio]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetBIOS]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetBIOSGroup]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetBT]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetDDEGroup]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Netlogon]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetMan]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Network]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetworkProvider]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NtLmSsp]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PCI Configuration]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PEVSystemStart]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PlugPlay]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PNP Filter]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PNP_TDI]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Primary disk]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\procexp90.Sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdpcdd.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdpdd.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdpwd.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdsessmgr]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\RpcSs]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\SCSI Class]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\sermouse.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\SharedAccess]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\sr.sys]
@="FSFilter System Recovery"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\SRService]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Streams Drivers]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\System Bus Extender]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Tcpip]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\TDI]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\tdpipe.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\tdtcp.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\termservice]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\UploadMgr]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\vga.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\vgasave.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\WinMgmt]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\WZCSVC]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{36FC9E60-C465-11CF-8056-444553540000}]
@="Universal Serial Bus controllers"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E965-E325-11CE-BFC1-08002BE10318}]
@="CD-ROM Drive"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E969-E325-11CE-BFC1-08002BE10318}]
@="Standard floppy disk controller"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}]
@="Net"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}]
@="NetClient"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}]
@="NetService"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}]
@="NetTrans"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E977-E325-11CE-BFC1-08002BE10318}]
@="PCMCIA Adapters"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E97B-E325-11CE-BFC1-08002BE10318}]
@="SCSIAdapter"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E980-E325-11CE-BFC1-08002BE10318}]
@="Floppy disk drive"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
@="Human Interface Devices"

========================

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\aawservice
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\mcmscsvc
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\PEVSystemStart
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\procexp90.Sys

#12 florgat91

florgat91
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:05:06 AM

Posted 07 November 2009 - 11:51 AM

ComboFix 09-11-06.03 - Greg Matses 11/07/2009 11:12.2.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1279.803 [GMT -5:00]
Running from: c:\documents and settings\Greg Matses\Desktop\ComFix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

Infected copy of c:\windows\System32\DRIVERS\atapi.sys was found and disinfected
Restored copy from - Kitty ate it :(
.
((((((((((((((((((((((((( Files Created from 2009-10-07 to 2009-11-07 )))))))))))))))))))))))))))))))
.

2009-11-07 01:36 . 2009-11-07 01:36 -------- d-----w- C:\_OTM
2009-11-07 01:27 . 2009-11-07 01:30 -------- d-----w- C:\registry bkup temp
2009-11-06 03:28 . 2009-11-06 03:28 -------- d-----w- C:\rsit
2009-11-04 03:50 . 2009-11-04 03:50 152576 ----a-w- c:\documents and settings\Greg Matses\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-10-31 21:43 . 2009-10-31 21:43 -------- d-----w- c:\program files\ESET
2009-10-31 04:38 . 2009-11-03 04:19 117760 ----a-w- c:\documents and settings\Greg Matses\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-10-31 04:37 . 2009-10-31 04:37 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-10-31 04:37 . 2009-10-31 04:37 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-10-31 04:37 . 2009-10-31 04:37 -------- d-----w- c:\documents and settings\Greg Matses\Application Data\SUPERAntiSpyware.com
2009-10-29 03:37 . 2009-10-29 03:37 -------- d-----w- c:\program files\Trend Micro
2009-10-29 01:05 . 2009-09-30 16:11 288096 ----a-r- c:\documents and settings\Greg Matses\Application Data\McAfee\Supportability\MVTLogs\Results\detect.dll
2009-10-29 01:03 . 2009-10-29 01:03 -------- d-----w- c:\documents and settings\Greg Matses\Application Data\McAfee
2009-10-27 13:44 . 2009-10-27 13:44 -------- d-sh--w- c:\documents and settings\Greg Matses\IECompatCache
2009-10-27 02:42 . 2009-10-27 02:42 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-10-25 19:57 . 2009-10-25 19:57 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-10-25 19:56 . 2009-10-25 19:56 -------- d-sh--w- c:\documents and settings\Greg Matses\PrivacIE
2009-10-25 19:52 . 2009-10-25 19:52 -------- d-sh--w- c:\documents and settings\Greg Matses\IETldCache
2009-10-25 19:47 . 2009-10-25 19:47 -------- d-----w- c:\windows\ie8updates
2009-10-25 19:42 . 2009-10-25 19:44 -------- dc-h--w- c:\windows\ie8
2009-10-25 19:39 . 2009-08-29 08:08 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2009-10-25 19:39 . 2009-08-29 08:08 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
2009-10-25 19:37 . 2009-08-07 08:48 100352 ------w- c:\windows\system32\dllcache\iecompat.dll
2009-10-25 01:19 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\proquota.exe
2009-10-25 01:19 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\dllcache\proquota.exe
2009-10-24 19:57 . 2009-10-24 19:57 -------- d-----w- c:\program files\TeaTimer (Spybot - Search & Destroy)
2009-10-24 19:52 . 2009-10-24 19:52 -------- d-----w- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2009-10-24 19:52 . 2009-10-24 19:52 -------- d-----w- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2009-10-24 19:52 . 2009-10-24 19:52 -------- d-----w- c:\program files\SDHelper (Spybot - Search & Destroy)
2009-10-24 19:49 . 2009-10-24 20:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-10-24 19:48 . 2009-10-25 00:48 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-10-24 13:37 . 2009-10-24 13:37 -------- d-----w- c:\documents and settings\Greg Matses\Application Data\Malwarebytes
2009-10-24 13:37 . 2009-09-10 18:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-24 13:37 . 2009-10-24 13:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-24 13:37 . 2009-10-24 13:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-10-24 13:37 . 2009-09-10 18:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-20 03:26 . 2009-10-20 03:26 152576 ----a-w- c:\documents and settings\Greg Matses\Application Data\Sun\Java\jre1.6.0_15\lzma.dll
2009-10-20 03:12 . 2009-10-20 03:12 -------- d-----w- c:\program files\iPod
2009-10-20 03:11 . 2009-10-20 03:13 -------- d-----w- c:\program files\iTunes
2009-10-20 03:11 . 2009-10-20 03:13 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-10-20 03:08 . 2009-10-20 03:09 -------- d-----w- c:\program files\QuickTime
2009-10-20 02:57 . 2009-10-20 02:57 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.1.8\SetupAdmin.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-04 03:51 . 2003-12-08 12:59 -------- d-----w- c:\program files\Java
2009-11-03 00:47 . 2003-12-08 12:54 17384 ----a-w- c:\windows\system32\nvModes.dat
2009-10-31 04:36 . 2009-08-30 01:35 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-10-30 01:01 . 2008-12-15 02:49 -------- d-----w- c:\program files\Windows Live Safety Center
2009-10-29 01:02 . 2009-07-28 19:35 -------- d-----w- c:\program files\McAfee
2009-10-29 01:02 . 2009-07-28 19:21 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-10-20 14:35 . 2007-07-02 03:07 3692 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2007\qbbackup.sys
2009-10-20 03:19 . 2005-11-21 16:32 -------- d-----w- c:\documents and settings\Greg Matses\Application Data\Apple Computer
2009-10-20 03:12 . 2007-10-20 13:36 -------- d-----w- c:\program files\Common Files\Apple
2009-10-19 21:46 . 2004-07-08 18:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Retrospect
2009-10-11 09:17 . 2008-12-13 05:50 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-02 02:43 . 2009-10-02 02:44 816392 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2007\Components\DownloadQB17\Patch\qbpatch2.exe
2009-09-19 01:25 . 2007-02-23 05:24 -------- d-----w- c:\program files\MusEdit
2009-09-16 14:22 . 2009-07-28 19:36 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2009-09-16 14:22 . 2009-07-28 19:36 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2009-09-16 14:22 . 2009-07-28 19:36 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2009-09-16 14:22 . 2009-05-14 03:25 214664 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2009-09-16 14:22 . 2009-07-28 19:30 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2009-09-11 14:18 . 2002-08-29 11:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03 . 2002-08-29 11:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 14:16 . 2003-12-27 15:40 106912 ----a-w- c:\documents and settings\Greg Matses\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-29 08:08 . 2004-02-06 22:05 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-28 23:42 . 2009-06-13 21:01 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-08-28 23:42 . 2009-06-13 21:01 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-08-26 08:00 . 2002-08-29 11:00 247326 ------w- c:\windows\system32\strmdll.dll
2006-05-03 09:06 . 2009-08-31 01:24 163328 --sh--r- c:\windows\SYSTEM32\flvDX.dll
2007-02-21 10:47 . 2009-08-31 01:24 31232 --sh--r- c:\windows\SYSTEM32\msfDX.dll
2008-03-16 12:30 . 2009-08-31 01:24 216064 --sh--r- c:\windows\SYSTEM32\nbDX.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-10-25_01.25.40 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-11-07 16:10 . 2009-11-07 16:10 16384 c:\windows\Temp\Perflib_Perfdata_7f0.dat
+ 2004-08-24 22:07 . 2009-01-07 22:21 26144 c:\windows\SYSTEM32\spupdsvc.exe
+ 2006-12-27 21:54 . 2009-01-07 22:20 16928 c:\windows\SYSTEM32\spmsg.dll
+ 2002-08-29 11:00 . 2009-03-08 08:31 46592 c:\windows\SYSTEM32\pngfilt.dll
- 2003-12-08 12:51 . 2009-10-17 05:16 73496 c:\windows\SYSTEM32\PERFC009.DAT
+ 2003-12-08 12:51 . 2009-11-07 16:15 73496 c:\windows\SYSTEM32\PERFC009.DAT
+ 2006-06-29 13:05 . 2009-01-07 22:20 23552 c:\windows\SYSTEM32\normaliz.dll
- 2006-06-29 13:05 . 2006-06-29 13:05 23552 c:\windows\SYSTEM32\normaliz.dll
+ 2006-06-28 22:59 . 2009-01-07 22:20 24576 c:\windows\SYSTEM32\nlsdl.dll
- 2006-06-28 22:59 . 2006-06-28 22:59 24576 c:\windows\SYSTEM32\nlsdl.dll
+ 2002-08-29 11:00 . 2009-03-08 08:31 48128 c:\windows\SYSTEM32\mshtmler.dll
- 2002-08-29 11:00 . 2006-10-17 16:28 48128 c:\windows\SYSTEM32\mshtmler.dll
+ 2002-08-29 11:00 . 2009-03-08 08:31 66560 c:\windows\SYSTEM32\mshtmled.dll
- 2002-08-29 11:00 . 2006-10-17 16:56 45568 c:\windows\SYSTEM32\mshta.exe
+ 2002-08-29 11:00 . 2009-03-08 08:31 45568 c:\windows\SYSTEM32\mshta.exe
+ 2006-10-17 16:58 . 2009-03-08 08:31 13312 c:\windows\SYSTEM32\msfeedssync.exe
+ 2006-11-08 02:03 . 2009-08-29 08:08 55296 c:\windows\SYSTEM32\msfeedsbs.dll
+ 2002-08-29 11:00 . 2009-03-08 08:34 43008 c:\windows\SYSTEM32\licmgr10.dll
+ 2002-08-29 11:00 . 2009-08-29 08:08 25600 c:\windows\SYSTEM32\jsproxy.dll
+ 2002-08-29 11:00 . 2009-03-08 08:32 94720 c:\windows\SYSTEM32\inseng.dll
+ 2002-08-29 11:00 . 2009-03-08 08:31 34816 c:\windows\SYSTEM32\imgutil.dll
+ 2006-11-07 08:26 . 2009-03-08 08:32 36864 c:\windows\SYSTEM32\ieudinit.exe
+ 2002-08-29 11:00 . 2009-03-08 08:32 71680 c:\windows\SYSTEM32\iesetup.dll
+ 2002-08-29 11:00 . 2009-03-08 08:32 55808 c:\windows\SYSTEM32\iernonce.dll
- 2006-06-29 13:05 . 2006-06-29 13:05 26112 c:\windows\SYSTEM32\idndl.dll
+ 2006-06-29 13:05 . 2009-01-07 22:20 26112 c:\windows\SYSTEM32\idndl.dll
+ 2006-10-17 16:58 . 2009-03-08 08:31 59904 c:\windows\SYSTEM32\icardie.dll
- 2003-04-23 15:29 . 2008-04-13 18:40 96512 c:\windows\SYSTEM32\DRIVERS\atapi.sys
+ 2003-04-23 15:29 . 2008-04-13 19:40 96512 c:\windows\SYSTEM32\DRIVERS\atapi.sys
+ 2002-08-29 11:00 . 2009-03-08 08:31 46592 c:\windows\SYSTEM32\DLLCACHE\pngfilt.dll
- 2002-08-29 11:00 . 2006-10-17 16:28 48128 c:\windows\SYSTEM32\DLLCACHE\mshtmler.dll
+ 2002-08-29 11:00 . 2009-03-08 08:31 48128 c:\windows\SYSTEM32\DLLCACHE\mshtmler.dll
+ 2002-08-29 11:00 . 2009-03-08 08:31 66560 c:\windows\SYSTEM32\DLLCACHE\mshtmled.dll
- 2006-10-17 16:56 . 2006-10-17 16:56 45568 c:\windows\SYSTEM32\DLLCACHE\mshta.exe
+ 2006-10-17 16:56 . 2009-03-08 08:31 45568 c:\windows\SYSTEM32\DLLCACHE\mshta.exe
+ 2007-05-09 02:44 . 2009-08-29 08:08 55296 c:\windows\SYSTEM32\DLLCACHE\msfeedsbs.dll
+ 2002-08-29 11:00 . 2009-03-08 08:34 43008 c:\windows\SYSTEM32\DLLCACHE\licmgr10.dll
+ 2006-05-10 05:22 . 2009-08-29 08:08 25600 c:\windows\SYSTEM32\DLLCACHE\jsproxy.dll
+ 2002-08-29 11:00 . 2009-03-08 08:32 94720 c:\windows\SYSTEM32\DLLCACHE\inseng.dll
+ 2002-08-29 11:00 . 2009-03-08 08:31 34816 c:\windows\SYSTEM32\DLLCACHE\imgutil.dll
+ 2006-11-07 08:26 . 2009-03-08 08:32 71680 c:\windows\SYSTEM32\DLLCACHE\iesetup.dll
+ 2006-11-07 08:26 . 2009-03-08 08:32 55808 c:\windows\SYSTEM32\DLLCACHE\iernonce.dll
+ 2007-08-20 10:04 . 2009-03-08 08:31 59904 c:\windows\SYSTEM32\DLLCACHE\icardie.dll
+ 2006-10-17 16:44 . 2009-03-08 08:24 68608 c:\windows\SYSTEM32\DLLCACHE\hmmapi.dll
+ 2009-06-29 16:12 . 2009-03-08 08:33 18944 c:\windows\SYSTEM32\DLLCACHE\corpol.dll
+ 2003-04-23 15:29 . 2008-04-13 19:40 96512 c:\windows\SYSTEM32\DLLCACHE\atapi.sys
+ 2006-11-07 08:26 . 2009-03-08 08:32 72704 c:\windows\SYSTEM32\DLLCACHE\admparse.dll
+ 2002-08-29 11:00 . 2009-03-08 08:33 18944 c:\windows\SYSTEM32\corpol.dll
- 2002-09-03 08:08 . 2009-10-25 00:48 32768 c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\INDEX.DAT
+ 2002-09-03 08:08 . 2009-11-07 14:59 32768 c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\INDEX.DAT
+ 2002-09-03 08:08 . 2009-11-07 14:59 32768 c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\INDEX.DAT
- 2002-09-03 08:08 . 2009-10-25 00:48 32768 c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\INDEX.DAT
+ 2002-09-03 08:08 . 2009-11-07 14:59 32768 c:\windows\SYSTEM32\CONFIG\systemprofile\Cookies\INDEX.DAT
- 2002-09-03 08:08 . 2009-10-25 00:48 32768 c:\windows\SYSTEM32\CONFIG\systemprofile\Cookies\INDEX.DAT
+ 2002-08-29 11:00 . 2009-03-08 08:32 72704 c:\windows\SYSTEM32\admparse.dll
+ 2009-10-31 04:37 . 2009-10-31 04:37 65024 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
+ 2009-10-31 04:37 . 2009-10-31 04:37 18944 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
- 2009-08-24 22:04 . 2009-08-24 22:04 25214 c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Distiller.exe
+ 2009-08-24 22:04 . 2009-10-26 17:14 25214 c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Distiller.exe
- 2009-08-24 22:04 . 2009-08-24 22:04 25214 c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat_Standard.exe
+ 2009-08-24 22:04 . 2009-10-26 17:14 25214 c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat_Standard.exe
- 2009-08-24 22:04 . 2009-08-24 22:04 25214 c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe
+ 2009-08-24 22:04 . 2009-10-26 17:14 25214 c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe
- 2009-08-24 22:04 . 2009-08-24 22:04 65536 c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\PM_Designer.exe
+ 2009-08-24 22:04 . 2009-10-26 17:14 65536 c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\PM_Designer.exe
+ 2009-10-29 01:03 . 2009-10-29 01:03 49152 c:\windows\Installer\{49FA793C-785E-47E9-93DF-BD442B0B45D1}\Icon49FA793C.exe
+ 2009-10-25 19:47 . 2009-03-08 08:33 12288 c:\windows\ie8updates\KB974455-IE8\xpshims.dll
+ 2009-10-25 19:47 . 2009-03-08 08:31 55296 c:\windows\ie8updates\KB974455-IE8\msfeedsbs.dll
+ 2009-10-25 19:47 . 2009-03-08 08:33 25600 c:\windows\ie8updates\KB974455-IE8\jsproxy.dll
+ 2009-10-25 19:44 . 2009-03-08 18:23 58464 c:\windows\ie8\spuninst\iecustom.dll
+ 2009-10-25 19:42 . 2009-08-29 07:36 44544 c:\windows\ie8\pngfilt.dll
+ 2009-10-25 19:42 . 2006-10-17 16:28 48128 c:\windows\ie8\mshtmler.dll
+ 2009-10-25 19:42 . 2006-10-17 16:56 45568 c:\windows\ie8\mshta.exe
+ 2009-10-25 19:42 . 2006-10-17 16:58 12288 c:\windows\ie8\msfeedssync.exe
+ 2009-10-25 19:42 . 2009-08-29 07:36 52224 c:\windows\ie8\msfeedsbs.dll
+ 2009-10-25 19:42 . 2006-10-17 17:05 40960 c:\windows\ie8\licmgr10.dll
+ 2009-10-25 19:42 . 2009-08-29 07:36 27648 c:\windows\ie8\jsproxy.dll
+ 2009-10-25 19:42 . 2006-11-07 08:26 92672 c:\windows\ie8\inseng.dll
+ 2009-10-25 19:42 . 2006-10-17 16:57 36352 c:\windows\ie8\imgutil.dll
+ 2009-10-25 19:42 . 2006-11-07 08:26 55296 c:\windows\ie8\iesetup.dll
+ 2009-10-25 19:42 . 2009-08-29 07:36 44544 c:\windows\ie8\iernonce.dll
+ 2009-10-25 19:42 . 2009-08-29 07:36 78336 c:\windows\ie8\ieencode.dll
+ 2009-10-25 19:42 . 2009-08-28 10:28 70656 c:\windows\ie8\ie4uinit.exe
+ 2009-10-25 19:42 . 2009-08-29 07:36 63488 c:\windows\ie8\icardie.dll
+ 2009-10-25 19:42 . 2006-10-17 16:44 60416 c:\windows\ie8\hmmapi.dll
+ 2009-10-25 19:42 . 2009-08-29 07:36 17408 c:\windows\ie8\corpol.dll
+ 2009-10-25 19:42 . 2006-11-07 08:26 71680 c:\windows\ie8\admparse.dll
+ 2009-10-31 04:37 . 2009-10-31 04:37 5120 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF16.exe
- 2009-08-24 22:04 . 2009-08-24 22:04 7278 c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_ELEMENTS_DT.exe
+ 2009-08-24 22:04 . 2009-10-26 17:14 7278 c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_ELEMENTS_DT.exe
+ 2009-10-25 19:47 . 2009-03-08 08:35 2048 c:\windows\ie8updates\KB973874-IE8\iecompat.dll
+ 2007-02-23 04:53 . 2009-01-07 22:21 121856 c:\windows\SYSTEM32\xmllite.dll
- 2007-02-23 04:53 . 2008-04-14 00:12 121856 c:\windows\SYSTEM32\xmllite.dll
+ 2006-10-17 17:05 . 2009-03-08 08:34 208384 c:\windows\SYSTEM32\WinFXDocObj.exe
+ 2002-08-29 11:00 . 2009-03-08 08:34 236544 c:\windows\SYSTEM32\webcheck.dll
+ 2002-08-29 11:00 . 2009-03-08 08:33 420352 c:\windows\SYSTEM32\vbscript.dll
- 2002-08-29 11:00 . 2009-08-29 07:36 105984 c:\windows\SYSTEM32\url.dll
+ 2002-08-29 11:00 . 2009-03-08 08:34 105984 c:\windows\SYSTEM32\url.dll
- 2003-12-08 12:51 . 2009-10-17 05:16 446814 c:\windows\SYSTEM32\PERFH009.DAT
+ 2003-12-08 12:51 . 2009-11-07 16:15 446814 c:\windows\SYSTEM32\PERFH009.DAT
+ 2002-08-29 11:00 . 2009-08-29 08:08 206848 c:\windows\SYSTEM32\occache.dll
+ 2002-08-29 11:00 . 2009-03-08 08:32 611840 c:\windows\SYSTEM32\mstime.dll
+ 2002-08-29 11:00 . 2009-03-08 08:34 193536 c:\windows\SYSTEM32\msrating.dll
+ 2002-08-29 11:00 . 2009-03-08 08:22 156160 c:\windows\SYSTEM32\msls31.dll
- 2002-08-29 11:00 . 2006-11-08 02:03 156160 c:\windows\SYSTEM32\msls31.dll
+ 2006-11-08 02:03 . 2009-08-29 08:08 594432 c:\windows\SYSTEM32\msfeeds.dll
+ 2009-01-07 22:20 . 2009-01-07 22:20 265720 c:\windows\SYSTEM32\msdbg2.dll
+ 2003-01-13 19:57 . 2009-06-22 06:44 726528 c:\windows\SYSTEM32\jscript.dll
+ 2009-11-04 03:51 . 2009-10-11 09:17 149280 c:\windows\SYSTEM32\javaws.exe
- 2009-10-20 03:27 . 2009-07-25 09:23 149280 c:\windows\SYSTEM32\javaws.exe
+ 2009-11-04 03:51 . 2009-10-11 09:17 145184 c:\windows\SYSTEM32\javaw.exe
- 2009-10-20 03:27 . 2009-07-25 09:23 145184 c:\windows\SYSTEM32\javaw.exe
- 2009-10-20 03:27 . 2009-07-25 09:23 145184 c:\windows\SYSTEM32\java.exe
+ 2009-11-04 03:51 . 2009-10-11 09:17 145184 c:\windows\SYSTEM32\java.exe
+ 2006-11-08 02:03 . 2009-03-08 08:22 164352 c:\windows\SYSTEM32\ieui.dll
+ 2002-08-29 11:00 . 2009-08-29 08:08 184320 c:\windows\SYSTEM32\iepeers.dll
+ 2002-08-29 11:00 . 2009-08-29 08:08 387584 c:\windows\SYSTEM32\iedkcs32.dll
+ 2006-10-17 16:27 . 2009-03-08 08:11 445952 c:\windows\SYSTEM32\ieapfltr.dll
+ 2002-08-29 11:00 . 2009-03-08 08:32 163840 c:\windows\SYSTEM32\ieakui.dll
+ 2002-08-29 11:00 . 2009-03-08 08:33 229376 c:\windows\SYSTEM32\ieaksie.dll
+ 2002-08-29 11:00 . 2009-03-08 08:33 125952 c:\windows\SYSTEM32\ieakeng.dll
+ 2002-08-29 11:00 . 2009-08-28 10:35 173056 c:\windows\SYSTEM32\ie4uinit.exe
+ 2002-08-29 11:00 . 2009-03-08 08:31 216064 c:\windows\SYSTEM32\dxtrans.dll
+ 2002-08-29 11:00 . 2009-03-08 08:31 348160 c:\windows\SYSTEM32\dxtmsft.dll
+ 2004-02-06 22:05 . 2009-08-29 08:08 916480 c:\windows\SYSTEM32\DLLCACHE\wininet.dll
+ 2002-08-29 11:00 . 2009-03-08 08:34 236544 c:\windows\SYSTEM32\DLLCACHE\webcheck.dll
+ 2006-09-18 14:15 . 2009-03-08 08:33 759296 c:\windows\SYSTEM32\DLLCACHE\VGX.dll
+ 2008-05-09 10:53 . 2009-03-08 08:33 420352 c:\windows\SYSTEM32\DLLCACHE\vbscript.dll
+ 2002-08-29 11:00 . 2009-03-08 08:34 105984 c:\windows\SYSTEM32\DLLCACHE\url.dll
- 2002-08-29 11:00 . 2009-08-29 07:36 105984 c:\windows\SYSTEM32\DLLCACHE\url.dll
+ 2009-01-07 22:20 . 2009-01-07 22:20 134144 c:\windows\SYSTEM32\DLLCACHE\sqmapi.dll
+ 2009-01-07 22:20 . 2009-01-07 22:20 474112 c:\windows\SYSTEM32\DLLCACHE\shlwapi.dll
+ 2006-10-17 17:04 . 2009-08-29 08:08 206848 c:\windows\SYSTEM32\DLLCACHE\occache.dll
+ 2006-05-10 05:23 . 2009-03-08 08:32 611840 c:\windows\SYSTEM32\DLLCACHE\mstime.dll
+ 2002-08-29 11:00 . 2009-03-08 08:34 193536 c:\windows\SYSTEM32\DLLCACHE\msrating.dll
+ 2002-08-29 11:00 . 2009-03-08 08:22 156160 c:\windows\SYSTEM32\DLLCACHE\msls31.dll
- 2002-08-29 11:00 . 2006-11-08 02:03 156160 c:\windows\SYSTEM32\DLLCACHE\msls31.dll
+ 2007-05-09 02:44 . 2009-08-29 08:08 594432 c:\windows\SYSTEM32\DLLCACHE\msfeeds.dll
+ 2008-05-09 10:53 . 2009-06-22 06:44 726528 c:\windows\SYSTEM32\DLLCACHE\jscript.dll
+ 2002-08-29 11:00 . 2009-03-08 18:09 638816 c:\windows\SYSTEM32\DLLCACHE\iexplore.exe
+ 2002-08-29 11:00 . 2009-08-29 08:08 184320 c:\windows\SYSTEM32\DLLCACHE\iepeers.dll
+ 2006-11-07 08:27 . 2009-08-29 08:08 387584 c:\windows\SYSTEM32\DLLCACHE\iedkcs32.dll
+ 2007-05-09 02:44 . 2009-03-08 08:11 445952 c:\windows\SYSTEM32\DLLCACHE\ieapfltr.dll
+ 2006-11-07 08:25 . 2009-03-08 08:32 163840 c:\windows\SYSTEM32\DLLCACHE\ieakui.dll
+ 2006-11-07 08:27 . 2009-03-08 08:33 229376 c:\windows\SYSTEM32\DLLCACHE\ieaksie.dll
+ 2006-11-07 08:26 . 2009-03-08 08:33 125952 c:\windows\SYSTEM32\DLLCACHE\ieakeng.dll
+ 2006-11-07 08:26 . 2009-08-28 10:35 173056 c:\windows\SYSTEM32\DLLCACHE\ie4uinit.exe
+ 2002-08-29 11:00 . 2009-03-08 08:31 216064 c:\windows\SYSTEM32\DLLCACHE\dxtrans.dll
+ 2002-08-29 11:00 . 2009-03-08 08:31 348160 c:\windows\SYSTEM32\DLLCACHE\dxtmsft.dll
+ 2002-08-29 11:00 . 2009-03-08 08:32 128512 c:\windows\SYSTEM32\DLLCACHE\advpack.dll
+ 2009-10-25 19:57 . 2009-11-07 14:59 245760 c:\windows\SYSTEM32\CONFIG\systemprofile\IETldCache\index.dat
+ 2002-08-29 11:00 . 2009-03-08 08:32 128512 c:\windows\SYSTEM32\advpack.dll
+ 2009-11-04 03:55 . 2008-07-08 13:02 382840 c:\windows\ie8updates\KB976749-IE8\spuninst\updspapi.dll
+ 2009-11-04 03:55 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB976749-IE8\spuninst\spuninst.exe
+ 2009-10-25 19:47 . 2009-03-08 08:34 914944 c:\windows\ie8updates\KB974455-IE8\wininet.dll
+ 2009-10-25 19:47 . 2009-05-26 11:40 382840 c:\windows\ie8updates\KB974455-IE8\spuninst\updspapi.dll
+ 2009-10-25 19:47 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB974455-IE8\spuninst\spuninst.exe
+ 2009-10-25 19:47 . 2009-03-08 08:34 109568 c:\windows\ie8updates\KB974455-IE8\occache.dll
+ 2009-10-25 19:47 . 2009-03-08 08:32 594432 c:\windows\ie8updates\KB974455-IE8\msfeeds.dll
+ 2009-10-25 19:47 . 2009-03-08 08:33 246784 c:\windows\ie8updates\KB974455-IE8\ieproxy.dll
+ 2009-10-25 19:47 . 2009-03-08 08:31 183808 c:\windows\ie8updates\KB974455-IE8\iepeers.dll
+ 2009-10-25 19:47 . 2009-03-08 18:09 391536 c:\windows\ie8updates\KB974455-IE8\iedkcs32.dll
+ 2009-10-25 19:47 . 2009-03-08 08:32 173056 c:\windows\ie8updates\KB974455-IE8\ie4uinit.exe
+ 2009-10-25 19:47 . 2008-07-08 13:02 382840 c:\windows\ie8updates\KB973874-IE8\spuninst\updspapi.dll
+ 2009-10-25 19:47 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB973874-IE8\spuninst\spuninst.exe
+ 2009-10-25 20:08 . 2008-07-08 13:02 382840 c:\windows\ie8updates\KB971961-IE8\spuninst\updspapi.dll
+ 2009-10-25 20:08 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB971961-IE8\spuninst\spuninst.exe
+ 2009-10-25 20:08 . 2009-03-08 08:33 726528 c:\windows\ie8updates\KB971961-IE8\jscript.dll
+ 2009-10-25 19:42 . 2009-08-29 07:36 832512 c:\windows\ie8\wininet.dll
+ 2009-10-25 19:42 . 2006-10-17 17:05 206336 c:\windows\ie8\winfxdocobj.exe
+ 2009-10-25 19:42 . 2009-08-29 07:36 233472 c:\windows\ie8\webcheck.dll
+ 2009-10-25 19:42 . 2007-07-12 23:31 765952 c:\windows\ie8\vgx.dll
+ 2009-10-25 19:42 . 2008-05-09 10:53 430080 c:\windows\ie8\vbscript.dll
+ 2009-10-25 19:42 . 2009-08-29 07:36 105984 c:\windows\ie8\url.dll
+ 2009-10-25 19:44 . 2009-01-07 22:21 382496 c:\windows\ie8\spuninst\updspapi.dll
+ 2009-10-25 19:44 . 2009-01-07 22:20 231456 c:\windows\ie8\spuninst\spuninst.exe
+ 2009-10-25 19:42 . 2006-09-06 21:43 213216 c:\windows\ie8\spuninst.exe
+ 2009-10-25 19:42 . 2009-08-29 07:36 102912 c:\windows\ie8\occache.dll
+ 2009-10-25 19:42 . 2009-08-29 07:36 671232 c:\windows\ie8\mstime.dll
+ 2009-10-25 19:42 . 2009-08-29 07:36 193024 c:\windows\ie8\msrating.dll
+ 2009-10-25 19:42 . 2006-11-08 02:03 156160 c:\windows\ie8\msls31.dll
+ 2009-10-25 19:42 . 2009-08-29 07:36 477696 c:\windows\ie8\mshtmled.dll
+ 2009-10-25 19:42 . 2009-08-29 07:36 459264 c:\windows\ie8\msfeeds.dll
+ 2009-10-25 19:42 . 2009-08-13 15:16 512000 c:\windows\ie8\jscript.dll
+ 2009-10-25 19:42 . 2009-08-27 05:18 634648 c:\windows\ie8\iexplore.exe
+ 2009-10-25 19:42 . 2006-11-08 02:03 180736 c:\windows\ie8\ieui.dll
+ 2009-10-25 19:42 . 2009-08-29 07:36 268288 c:\windows\ie8\iertutil.dll
+ 2009-10-25 19:42 . 2006-11-08 02:03 287744 c:\windows\ie8\ieproxy.dll
+ 2009-10-25 19:42 . 2006-11-08 02:03 191488 c:\windows\ie8\iepeers.dll
+ 2009-10-25 19:42 . 2009-08-29 07:36 385024 c:\windows\ie8\iedkcs32.dll
+ 2009-10-25 19:42 . 2009-08-29 07:36 380928 c:\windows\ie8\ieapfltr.dll
+ 2009-10-25 19:42 . 2009-08-27 05:18 161792 c:\windows\ie8\ieakui.dll
+ 2009-10-25 19:42 . 2009-08-29 07:36 230400 c:\windows\ie8\ieaksie.dll
+ 2009-10-25 19:42 . 2009-08-29 07:36 153088 c:\windows\ie8\ieakeng.dll
+ 2009-10-25 19:42 . 2009-08-29 07:36 214528 c:\windows\ie8\dxtrans.dll
+ 2009-10-25 19:42 . 2009-08-29 07:36 347136 c:\windows\ie8\dxtmsft.dll
+ 2009-10-25 19:42 . 2009-08-29 07:36 124928 c:\windows\ie8\advpack.dll
+ 2004-01-21 21:20 . 2009-08-29 08:08 1208832 c:\windows\SYSTEM32\urlmon.dll
+ 2004-07-07 22:37 . 2009-10-22 09:19 5939712 c:\windows\SYSTEM32\mshtml.dll
+ 2006-10-17 16:57 . 2009-08-29 08:08 1985536 c:\windows\SYSTEM32\iertutil.dll
+ 2006-09-06 04:01 . 2009-02-07 01:07 3698584 c:\windows\SYSTEM32\ieapfltr.dat
+ 2004-01-21 21:20 . 2009-08-29 08:08 1208832 c:\windows\SYSTEM32\DLLCACHE\urlmon.dll
+ 2009-01-07 22:20 . 2009-01-07 22:20 1497088 c:\windows\SYSTEM32\DLLCACHE\shdocvw.dll
+ 2004-07-07 22:37 . 2009-10-22 09:19 5939712 c:\windows\SYSTEM32\DLLCACHE\mshtml.dll
+ 2007-05-09 02:44 . 2009-08-29 08:08 1985536 c:\windows\SYSTEM32\DLLCACHE\iertutil.dll
+ 2007-05-09 02:44 . 2009-02-07 01:07 3698584 c:\windows\SYSTEM32\DLLCACHE\ieapfltr.dat
+ 2009-01-07 22:20 . 2009-01-07 22:20 1022976 c:\windows\SYSTEM32\DLLCACHE\browseui.dll
+ 2009-10-31 04:37 . 2009-10-31 04:37 1583616 c:\windows\Installer\c3eccf.msi
+ 2009-10-29 01:03 . 2009-10-29 01:03 1611776 c:\windows\Installer\6f81f8.msi
+ 2009-10-31 00:41 . 2009-10-31 00:41 1757696 c:\windows\Installer\40e57.msi
+ 2009-11-04 03:55 . 2009-08-29 08:08 5940224 c:\windows\ie8updates\KB976749-IE8\mshtml.dll
+ 2009-10-25 19:47 . 2009-03-08 08:34 1206784 c:\windows\ie8updates\KB974455-IE8\urlmon.dll
+ 2009-10-25 19:47 . 2009-03-08 08:41 5937152 c:\windows\ie8updates\KB974455-IE8\mshtml.dll
+ 2009-10-25 19:47 . 2009-03-08 08:32 1985024 c:\windows\ie8updates\KB974455-IE8\iertutil.dll
+ 2009-10-25 19:42 . 2009-08-29 07:36 1168384 c:\windows\ie8\urlmon.dll
+ 2009-10-25 19:42 . 2009-08-29 07:36 3598336 c:\windows\ie8\mshtml.dll
+ 2009-10-25 19:42 . 2009-08-29 07:36 6067200 c:\windows\ie8\ieframe.dll
+ 2009-10-25 19:42 . 2009-06-29 08:33 2452872 c:\windows\ie8\ieapfltr.dat
+ 2006-11-08 02:03 . 2009-08-29 08:08 11069440 c:\windows\SYSTEM32\ieframe.dll
+ 2007-05-09 02:44 . 2009-08-29 08:08 11069440 c:\windows\SYSTEM32\DLLCACHE\ieframe.dll
+ 2009-10-25 19:47 . 2009-03-08 08:39 11063808 c:\windows\ie8updates\KB974455-IE8\ieframe.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-05-13 98304]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-05-14 536576]
"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2003-09-23 204800]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-08-19 4554752]
"MXO Auto Loader"="c:\windows\MXOALDR.EXE" [2003-04-07 118784]
"MaxtorOneTouch"="c:\progra~1\Maxtor\OneTouch\Utils\OneTouch.exe" [2003-05-21 45056]
"DVDSentry"="c:\windows\System32\DSentry.exe" [2003-08-13 28672]
"Dell AIO Printer A940"="c:\program files\Dell AIO Printer A940\dlbabmgr.exe" [2003-06-25 294998]
"DadApp"="c:\program files\Dell\AccessDirect\dadapp.exe" [2003-03-07 209800]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-03-13 185896]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2005-12-19 1347584]
"vsc32cnf.exe"="c:\program files\Roland\VSC32\vsc32cnf.exe" [2000-02-07 36864]
"vscvol.exe"="c:\program files\Roland\VSC32\vscvol.exe" [2000-02-09 36864]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-09-17 645328]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 483328]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"ISUSPM Startup"="c:\progra~1\common~1\instal~1\update~1\isuspm.exe" [2004-07-27 221184]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"nwiz"="nwiz.exe" - c:\windows\SYSTEM32\nwiz.exe [2004-08-19 921600]

c:\documents and settings\Greg Matses\Start Menu\Programs\Startup\
Microsoft Office Outlook 2003.lnk - c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\outicon.exe [2003-12-8 794624]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2009-8-24 25214]
Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-5-16 113664]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2003-12-8 24576]
Image Transfer.lnk - c:\program files\Sony Corporation\Image Transfer\SonyTray.exe [2004-5-18 73728]
MFWAKeys.lnk - c:\program files\MOTU\FireWire Audio\MFWAKeys.exe [2004-6-21 126976]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2009-9-16 972064]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"SpecifyDefaultButtons"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iifdDtrO]
[BU]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WgaLogon]
[BU]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MIDI6"=vscapi.dll
"WAVE6"=vscapi.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Dell Computer\\Dell Picture Studio v2.0\\launch.exe"=
"c:\\Program Files\\Microsoft Office\\OFFICE11\\WINWORD.EXE"=
"c:\\Program Files\\Macromedia\\Dreamweaver MX\\Dreamweaver.exe"=
"c:\\StubInstaller.exe"=
"c:\\Program Files\\Ares\\Ares.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\hmremote\\WinVNC.exe"=
"c:\\Program Files\\Dell TrueMobile 2300\\ControlUtility.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2007\\QBDBMgrN.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R1 Asapi;Asapi;c:\windows\SYSTEM32\DRIVERS\asapi.sys [12/28/2003 11:46 PM 11264]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [10/12/2009 8:24 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10/12/2009 8:24 PM 74480]
R2 RVIEGVST;VSC VST Engine;c:\program files\Roland\Virtual Sound Canvas VST\RVIEg01VST.sys [4/12/2009 10:38 PM 188276]
R3 L6DP;L6DP;c:\windows\SYSTEM32\DRIVERS\l6dp.sys [7/15/2002 10:39 PM 26496]
R3 motubus;MOTU Audio MIDI Extension;c:\windows\SYSTEM32\DRIVERS\motubus.sys [6/21/2004 10:00 AM 15488]
R3 vsc32;Virtual Sound Canvas 3.2;c:\windows\SYSTEM32\DRIVERS\vsc.sys [4/12/2009 8:27 PM 951284]
S3 DfSdkS;Defragmentation-Service;c:\program files\Ashampoo\Ashampoo WinOptimizer 6\DfSdkS.exe [8/24/2009 2:12 PM 410976]
S3 MFWAGSIF;MOTU FireWire Audio GSIF;c:\windows\SYSTEM32\DRIVERS\mfwagsif.sys [6/21/2004 10:00 AM 12800]
S3 MFWAMIDI;MOTU FireWire Audio MIDI;c:\windows\SYSTEM32\DRIVERS\MFWAMIDI.sys [6/21/2004 10:00 AM 18560]
S3 MFWAWAVE;MOTU FireWire Audio Wave;c:\windows\SYSTEM32\DRIVERS\MFWAWave.sys [6/21/2004 10:00 AM 24320]
S3 MotuFWA;MotuFWA;c:\windows\SYSTEM32\DRIVERS\motufwa.sys [6/21/2004 10:00 AM 131456]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [10/12/2009 8:24 PM 7408]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - MBR
*Deregistered* - mbr
*Deregistered* - PROCEXP113
.
Contents of the 'Scheduled Tasks' folder

2009-10-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 16:34]

2009-09-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-07-28 16:22]

2009-07-28 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-07-28 16:22]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://my.yahoo.com/
uInternet Connection Wizard,ShellNext = hxxp://www.dell4me.com/myway
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
Trusted Zone: internet
Trusted Zone: line6.net
Trusted Zone: mcafee.com
DPF: {0191ABF4-9421-435E-9FFD-CD827A2A82D8}
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
DPF: {EEECA057-AD0F-44A7-8BE5-8634CEDBDBD1}
DPF: {F57D17AE-CE37-4BC8-B232-EA57747BE5E7}
FF - ProfilePath - c:\documents and settings\Greg Matses\Application Data\Mozilla\Firefox\Profiles\b88qdql9.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - plugin: c:\documents and settings\Greg Matses\Application Data\Move Networks\plugins\npqmp071500000347.dll
FF - plugin: c:\program files\McAfee\Supportability\MVT\NPMVTPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin8.dll
FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-<NO NAME> - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-07 11:21
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(816)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
.
Completion time: 2009-11-07 11:23
ComboFix-quarantined-files.txt 2009-11-07 16:23
ComboFix2.txt 2009-10-25 01:39

Pre-Run: 17,265,766,400 bytes free
Post-Run: 17,352,982,528 bytes free

- - End Of File - - A34CE6259F4B0174472F73D5F5126920

#13 florgat91

florgat91
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:05:06 AM

Posted 07 November 2009 - 01:29 PM

UPDATE #3:

it appears that Safeboot Key Repair and Combofix may have done the trick ! ... I can boot in safe mode now and I'm getting no redirects in IE 8 or Firefox ... THANK YOU ! ... if I am indeed all fixed, do I need to uninstall any of these programs that I loaded onto my computer and if so, how ?

thanks for all your help - VERY MUCH APPRECIATED !

#14 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:06 AM

Posted 07 November 2009 - 04:07 PM

You're welcome. The Safebootkeyrepair is brilliant.

Combofix has replaced the infected system file which was causing the redirections. We just need to remove a registry entry which keeps popping back up after being removed. Now that the rootkit has gone this will too after the registry fix.

Backup Your Registry with ERUNT
  • Please use the following link and scroll down to ERUNT and download it.
    http://aumha.org/freeware/freeware.php
  • For version with the Installer:
    Use the setup program to install ERUNT on your computer
  • For the zipped version:
    Unzip all the files into a folder of your choice.
Click Erunt.exe to backup your registry to the folder of your choice.

Note: to restore your registry, go to the folder and start ERDNT.exe

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it to your desktop (click file, save as) as fixit.reg In the same open notepad, at the bottom select:(filetype = any).

REGEDIT4

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iifdDtrO]

NOTICE: This file was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Locate fixit.reg on your Desktop and double-click on it.
You will receive a prompt similar to: "Do you wish to merge the information into the registry?".
Answer "Yes" and wait for a message to appear similar to "Merged Successfully".

Please reply back letting me know if it merged correctly.


Finally let's clean up with MBAM

Please download Posted Image Malwarebytes Anti-Malware and save it to your desktop.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application or, if you are using Vista, right-click and select Run As Administrator on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Full Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes, they may alert you after scanning with MBAM. Please permit the program to allow the changes.

Thanks, we're nearly done :(
Posted Image
m0le is a proud member of UNITE

#15 florgat91

florgat91
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:05:06 AM

Posted 07 November 2009 - 05:39 PM

Hi m0le - I'm not sure what you mean by your above statement: "In the same open notepad, at the bottom select:(filetype = any)."

do I add "select:(filetype = any)" at the bottom of fixit.reg or ?

thx - g




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users