Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Search Results Redirects


  • This topic is locked This topic is locked
18 replies to this topic

#1 ExtremelyFrustrated

ExtremelyFrustrated

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:41 PM

Posted 28 November 2009 - 06:38 PM

Somehow along the way, I got infected with a redirect virus. It seems to specifically affect Google and Yahoo results. When I click on a result link, I get redirected to some advertisement or search results from a different search provider. It does not seem to affect Alta Vista, at least from what I can tell. I ran HiJackThis and the following is the log. Any help would be greatly appreciated as Mcafee, Norton, Ad-Aware, Malwarebytes and other are not finding or fixing the problem.

ExtremelyFrustrated!

>>>>>>>Start Log Paste <<<<<<<<<<

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:45:39 PM, on 11/22/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Apache Group\Apache2\bin\Apache.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\Program Files\Apache Group\Apache2\bin\Apache.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\dlcxcoms.exe
C:\PROGRA~1\Ixia\Endpoint\endpoint.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\IBM\Lotus\Notes\nsd.exe
C:\Program Files\IBM\Lotus\Notes\nslsvice.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\IBM\Lotus\Notes\ntmulti.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\ICWM\Printer\RDIConverterService.exe
C:\WINDOWS\system32\StacSV.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\NETGEAR\NETGEAR Storage Central Manager Utility\Z-SANService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe
C:\Program Files\Dell Photo AIO Printer 926\memcard.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Apache Group\Apache2\bin\ApacheMonitor.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\IBM\Lotus\Notes\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.app.win32_3.0.0.20070725-1652\soffice.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=6080324
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.altavista.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=6080324
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://ncs-www.gdc.com/proxy.pac
O1 - Hosts: ::1 localhost
O1 - Hosts: 91.212.127.226 osguard-pro.microsoft.com
O1 - Hosts: 91.212.127.226 osguard-pro.com
O1 - Hosts: 91.212.127.226 www.osguard-pro.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {d0ceae28-3ee6-4688-afbe-c06c5ce6b62f} - supilime.dll (file missing)
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [dlcxmon.exe] "C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe"
O4 - HKLM\..\Run: [MemoryCardManager] "C:\Program Files\Dell Photo AIO Printer 926\memcard.exe"
O4 - HKLM\..\Run: [DLCXCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCXtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SODCPreLoad] C:\Program Files\IBM\Lotus\Notes\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.app.win32_3.0.0.20070725-1652\preload.exe C:\DOCUME~1\KOuellet\LOCALS~1\APPLIC~1\Lotus\Notes\Data\WORKSP~1\.sodc\
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe" -s
O4 - HKCU\..\Run: [SafeChat] C:\Program Files\Zihtec\Safe Chat\SafeChat.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~2.EXE -Update -1100465 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; InfoPath.2)" -"http://highered.mcgraw-hill.com/sites/0073530638/student_view0/chapter1/flashcards.html"
O4 - HKUS\S-1-5-21-516019477-3756168135-91704663-1005\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Monitor Apache Servers.lnk = C:\Program Files\Apache Group\Apache2\bin\ApacheMonitor.exe
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {2202D225-22C1-4B8C-A4B8-6A7E7B7E1524} (ICWMInstallObj Class) - https://gdc.on.intercall.com/confmgr/instal...ICWMInstall.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.5.0.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1207149899037
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1238503222605
O16 - DPF: {983A9C21-8207-4B58-BBB8-0EBC3D7C5505} (Domino Web Access 8 Control) - https://dominogate.gdc.com/dwa8W.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - http://www.sibelius.com/download/software/...tiveXPlugin.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://mwmus.webex.com/client/v_mywebex-mw...bex/ieatgpc.cab
O17 - HKLM\Software\..\Telephony: DomainName = gdc.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{2FBC6BB7-45E4-4060-886A-4CC551B20508}: Domain = gdc.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = gdc.com
O17 - HKLM\System\CS1\Services\Tcpip\..\{2FBC6BB7-45E4-4060-886A-4CC551B20508}: Domain = gdc.com
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: SearchList = gdc.com
O17 - HKLM\System\CS3\Services\Tcpip\..\{2FBC6BB7-45E4-4060-886A-4CC551B20508}: Domain = gdc.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = gdc.com
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: rilajezo.dll
O20 - Winlogon Notify: gemsafe - C:\Program Files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll
O23 - Service: Apache2 - Apache Software Foundation - C:\Program Files\Apache Group\Apache2\bin\Apache.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Broadcom ASF IP and SMBIOS Mailbox Monitor (ASFIPmon) - Broadcom Corporation - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: DHCP Turbo - Weird Solutions, Inc. - C:\Program Files\DHCP Turbo\dhcpt.exe
O23 - Service: dlcx_device - - C:\WINDOWS\system32\dlcxcoms.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Ixia Endpoint (IxiaEndpoint) - Ixia - C:\PROGRA~1\Ixia\Endpoint\endpoint.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Lotus Notes Diagnostics - IBM - C:\Program Files\IBM\Lotus\Notes\nsd.exe
O23 - Service: Lotus Notes Single Logon - IBM Corp - C:\Program Files\IBM\Lotus\Notes\nslsvice.exe
O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\Program Files\IBM\Lotus\Notes\ntmulti.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: RDI Document Conversion Helper (RDIConverterPrintHelper) - Web Meeting - C:\Program Files\Common Files\ICWM\Printer\RDIConverterService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE
O23 - Service: SolarWinds TFTP Server - SolarWinds - C:\Program Files\SolarWinds\TFTPServer\SolarWinds TFTP Server.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\StacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
O23 - Service: WaveEnrollmentService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Authentication Manager\WaveEnrollmentService.exe
O23 - Service: WhatsUp Gold Syslog - Ipswitch, Inc. 10 Maguire Road - Suite 220 Lexington, MA 02421 - C:\Program Files\WhatsUp\IPSyslog.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
O23 - Service: Z-SAN Service (Z-SANService) - Zetera Corporation - C:\Program Files\NETGEAR\NETGEAR Storage Central Manager Utility\Z-SANService.exe

--
End of file - 15866 bytes

BC AdBot (Login to Remove)

 


#2 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:10:41 PM

Posted 06 December 2009 - 02:18 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#3 ExtremelyFrustrated

ExtremelyFrustrated
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:41 PM

Posted 07 December 2009 - 08:49 AM

I have attached the Attached.zip and below is the content of DDS.txt:


DDS (Ver_09-12-01.01) - NTFSx86
Run by KOuellet at 8:41:05.39 on Mon 12/07/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.844 [GMT -5:00]

AV: Symantec Endpoint Protection *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Endpoint Protection *enabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
c:\windows\system32\svchost.exe -k netsvcs
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Apache Group\Apache2\bin\Apache.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\Program Files\Apache Group\Apache2\bin\Apache.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\dlcxcoms.exe
C:\PROGRA~1\Ixia\Endpoint\endpoint.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\IBM\Lotus\Notes\nsd.exe
C:\Program Files\IBM\Lotus\Notes\nslsvice.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\IBM\Lotus\Notes\ntmulti.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Common Files\ICWM\Printer\RDIConverterService.exe
C:\WINDOWS\system32\StacSV.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\NETGEAR\NETGEAR Storage Central Manager Utility\Z-SANService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe
C:\Program Files\Dell Photo AIO Printer 926\memcard.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Apache Group\Apache2\bin\ApacheMonitor.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\IBM\Lotus\Notes\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.app.win32_3.0.0.20070725-1652\soffice.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Pidgin\pidgin.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\KOuellet\Desktop\dds.pif

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.altavista.com/
uDefault_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=6080324
uSearch Bar =
mDefault_Page_URL = hxxp://www.yahoo.com/
mDefault_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
mSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: {d0ceae28-3ee6-4688-afbe-c06c5ce6b62f} - supilime.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [SODCPreLoad] c:\program

files\ibm\lotus\notes\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.app.win32_3.0.0.20070725-1652\preload.exe

c:\docume~1\kouellet\locals~1\applic~1\lotus\notes\data\worksp~1\.sodc\
uRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\HOMERunner.exe" -s
uRun: [SafeChat] c:\program files\zihtec\safe chat\SafeChat.exe
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRunOnce: [Shockwave Updater] c:\windows\system32\adobe\shockw~1\SWHELP~2.EXE -Update -1100465 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1;

Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; InfoPath.2)"

-"http://highered.mcgraw-hill.com/sites/0073530638/student_view0/chapter1/flashcards.html"
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /installquiet
mRun: [NVHotkey] rundll32.exe nvHotkey.dll,Start
mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [RoxioDragToDisc] "c:\program files\roxio\drag-to-disc\DrgToDsc.exe"
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [dlcxmon.exe] "c:\program files\dell photo aio printer 926\dlcxmon.exe"
mRun: [MemoryCardManager] "c:\program files\dell photo aio printer 926\memcard.exe"
mRun: [DLCXCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCXtime.dll,_RunDLLEntry@16
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\FINDFAST.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\monito~1.lnk - c:\program files\apache group\apache2\bin\ApacheMonitor.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\office~1.lnk - c:\program files\microsoft office\office\OSA.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} - hxxp://www.musicnotes.com/download/mnviewer.cab
DPF: {2202D225-22C1-4B8C-A4B8-6A7E7B7E1524} - hxxps://gdc.on.intercall.com/confmgr/installs/ICWMInstall.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1207149899037
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1238503222605
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {983A9C21-8207-4B58-BBB8-0EBC3D7C5505} - hxxps://dominogate.gdc.com/dwa8W.cab
DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - hxxp://www.sibelius.com/download/software/win/ActiveXPlugin.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://mwmus.webex.com/client/v_mywebex-mwm/mywebex/ieatgpc.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: gemsafe - c:\program files\gemplus\gemsafe libraries\bin\WLEventNotify.dll
AppInit_DLLs: rilajezo.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Notification Packages = scecli fetabeke.dll
Hosts: 127.0.0.1 www.spywareinfo.com
Hosts: 91.212.127.226 osguard-pro.microsoft.com
Hosts: 91.212.127.226 osguard-pro.com
Hosts: 91.212.127.226 www.osguard-pro.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\kouellet\applic~1\mozilla\firefox\profiles\4ed2bzh4.default\
FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50-ff-aim-ab-en-us&query=
FF - prefs.js: network.proxy.http - 172.16.3.175
FF - prefs.js: network.proxy.http_port - 3128
FF - prefs.js: network.proxy.type - 1
FF - component: c:\documents and settings\kouellet\application

data\mozilla\firefox\profiles\4ed2bzh4.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\winnt_x86-msvc\components\ipc.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows

presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true);user_pref(network.protocol-handler.warn-external.dnupdate,

false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false
============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-11-5 64288]
R0 ZetSFD;ZetSFD;c:\windows\system32\drivers\ZetSFD.sys [2008-10-11 12800]
R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [2009-4-1 116368]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [2009-4-1 41424]
R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\broadcom\asfipmon\AsfIpMon.exe [2006-12-19 79432]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2007-11-9 108392]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2007-11-9 108392]
R2 dlcx_device;dlcx_device;c:\windows\system32\dlcxcoms.exe -service --> c:\windows\system32\dlcxcoms.exe -service [?]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-9-24 1184912]
R2 Lotus Notes Diagnostics;Lotus Notes Diagnostics;c:\program files\ibm\lotus\notes\nsd.exe [2008-12-6 3315080]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-6 34064]
R2 RDIConverterPrintHelper;RDI Document Conversion Helper;c:\program files\common files\icwm\printer\RDIConverterService.exe [2008-10-1 64888]
R2 SFSZ;DataPlow SFS for Zetera Storage Devices;c:\windows\system32\drivers\sfsz.sys [2008-10-11 345984]
R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\Rtvscan.exe [2007-12-18 2189240]
R2 Wave UCSPlus;Wave UCSPlus;c:\windows\system32\dllhost.exe [2004-8-11 5120]
R2 Z-SANService;Z-SAN Service;c:\program files\netgear\netgear storage central manager utility\Z-SANService.exe [2008-10-11 376891]
R3 DXEC01;DXEC01;c:\windows\system32\drivers\dxec01.sys [2006-11-2 97536]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-8-26 102448]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20091203.052\NAVENG.SYS [2009-12-4 84912]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20091203.052\NAVEX15.SYS [2009-12-4 1323568]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [2009-4-13 95376]
R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\drivers\VBoxNetFlt.sys [2009-10-29 103888]
R3 ZetBus;Zetera Virtual Bus;c:\windows\system32\drivers\ZetBus.sys [2008-10-11 15488]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2007-5-29 23888]
S3 DHCP Turbo;DHCP Turbo;c:\program files\dhcp turbo\dhcpt.exe [2003-6-10 1556480]
S3 SolarWinds TFTP Server;SolarWinds TFTP Server;c:\program files\solarwinds\tftpserver\SolarWinds TFTP Server.exe [2008-5-16 61440]
S3 ZetMPD;ZetMPD;c:\windows\system32\drivers\ZetMPD.sys [2008-10-11 5120]
S4 vsdatant;vsdatant;a --> a [?]

=============== Created Last 30 ================

2009-12-01 19:28:52 0 d-----w- c:\docume~1\kouellet\applic~1\FoxyTunes
2009-12-01 19:28:49 0 d-----w- c:\program files\FoxyTunes
2009-11-30 21:21:50 0 d-----w- c:\docume~1\kouellet\applic~1\Bitcricket
2009-11-30 21:21:37 0 d-----w- c:\program files\Bitcricket
2009-11-28 22:26:07 161296 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2009-11-28 22:04:15 38 ----a-w- C:\gone.bat
2009-11-23 03:45:09 0 d-----w- c:\program files\Trend Micro
2009-11-11 12:56:38 0 d-----w- c:\program files\Sun

==================== Find3M ====================

2009-12-07 13:13:16 62716 ----a-w- c:\windows\system32\nvModes.dat
2009-12-03 21:14:06 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-03 21:13:56 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-05 21:08:33 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-10-29 19:48:46 133648 ----a-w- c:\windows\system32\VBoxNetFltNotify.dll
2009-10-29 19:48:42 95376 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys
2009-10-29 19:48:42 41424 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2009-10-29 19:48:42 103888 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys
2009-10-29 19:48:40 116368 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2009-10-29 12:46:49 2713 --sh--w- c:\windows\system32\beyamata.exe
2009-10-25 01:43:17 2713 --sh--w- c:\windows\system32\diyufigo.exe
2009-10-24 01:42:41 2713 --sh--w- c:\windows\system32\segorado.exe
2009-10-24 00:46:35 39424 ---ha-w- c:\windows\system32\BIT3B.tmp
2009-09-11 14:18:39 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-11 14:18:39 136192 ------w- c:\windows\system32\dllcache\msv1_0.dll
2009-09-10 16:52:28 1085 ----a-w- C:\vnc-4_1_3-x86_win32.zip
2008-05-02 18:09:28 32768 -csha-w- c:\windows\system32\config\systemprofile\local

settings\history\history.ie5\mshist012008050220080503\index.dat
2008-10-06 12:37:49 32768 -csha-w- c:\windows\system32\config\systemprofile\local

settings\history\history.ie5\mshist012008100620081007\index.dat

============= FINISH: 8:43:47.77 ===============

Attached Files



#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:02:41 AM

Posted 08 December 2009 - 07:43 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

----------------------------------------------

Hey ExtremelyFrustrated,

You have visible signs of the Vundo trojan which is the stubborn one to remove.

There may not be anything more but before we attempt to remove it let's make sure there isn't.

We Need to check for Rootkits with RootRepeal
  • Download RootRepeal from the following location and save it to your desktop.

    First Location
    Second Location
    Third Location

  • Open Posted Image on your desktop.
  • Click the Posted Image tab.
  • Click the Posted Image button.
  • Check all seven boxes: Posted Image
  • Push Ok
  • Check the box for your main system drive (Usually C:), and press Ok.
  • Allow RootRepeal to run a scan of your system. This may take some time.
  • Once the scan completes, push the Posted Image button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.
Thanks :(
Posted Image
m0le is a proud member of UNITE

#5 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:02:41 AM

Posted 12 December 2009 - 01:29 PM

Hi,

I have not had a reply from you for 3 days. Can you please tell me if you still need help with your computer as I am unable to help other members with their problems while I have your topic still open. The time taken between posts can also change the situation with your PC making it more difficult to help you.

If you like you can PM me.

Thanks,


m0le
Posted Image
m0le is a proud member of UNITE

#6 ExtremelyFrustrated

ExtremelyFrustrated
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:41 PM

Posted 12 December 2009 - 02:52 PM

Sorry mOLe, I did not receive an e-mail notification on your post on the 8th. I did receive one for the post today.

Just to be up front, someone did look at my computer yesterday and mentioned the same Vundo virus and remove two entries in registry that refered to the following two files.

rilajezo.dll
supilime.dll

He did not delete any files, but the redirects appeared to stop. I am not confident that he removed thw whole thing. I undrstand having someone doing something in the middle of what your process, can confuse things so if this is a problem, just go ahead and close out the incident, but if you are still willing to continue, then I pasted the log below. I just wanted to be upfront with you.


ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/12/12 13:58
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xB74A8000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xBA65A000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xB1BF3000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

Path: c:\documents and settings\kouellet\local settings\temp\~df69.tmp
Status: Allocation size mismatch (API: 131072, Raw: 16384)

Path: c:\documents and settings\kouellet\local settings\temp\~dfd555.tmp
Status: Allocation size mismatch (API: 40960, Raw: 0)

Path: C:\Documents and Settings\KOuellet\Local Settings\Apps\2.0\VO4OC4L1.ZNK\0Y6QLYYZ.LHB\manifests\clickonce_bootstrap.exe.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\KOuellet\Local Settings\Apps\2.0\VO4OC4L1.ZNK\0Y6QLYYZ.LHB\manifests\clickonce_bootstrap.exe.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\KOuellet\Local Settings\Apps\2.0\VO4OC4L1.ZNK\0Y6QLYYZ.LHB\manifests\Dell.eSupport.DownloadManager.Localization.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\KOuellet\Local Settings\Apps\2.0\VO4OC4L1.ZNK\0Y6QLYYZ.LHB\manifests\Dell.eSupport.DownloadManager.Localization.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\KOuellet\Local Settings\Apps\2.0\VO4OC4L1.ZNK\0Y6QLYYZ.LHB\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\KOuellet\Local Settings\Apps\2.0\VO4OC4L1.ZNK\0Y6QLYYZ.LHB\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\KOuellet\Local Settings\Apps\2.0\VO4OC4L1.ZNK\0Y6QLYYZ.LHB\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\KOuellet\Local Settings\Apps\2.0\VO4OC4L1.ZNK\0Y6QLYYZ.LHB\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\KOuellet\Local Settings\Apps\2.0\VO4OC4L1.ZNK\0Y6QLYYZ.LHB\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\KOuellet\Local Settings\Apps\2.0\VO4OC4L1.ZNK\0Y6QLYYZ.LHB\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\KOuellet\Local Settings\Apps\2.0\VO4OC4L1.ZNK\0Y6QLYYZ.LHB\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\KOuellet\Local Settings\Apps\2.0\VO4OC4L1.ZNK\0Y6QLYYZ.LHB\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\KOuellet\Local Settings\Apps\2.0\VO4OC4L1.ZNK\0Y6QLYYZ.LHB\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\KOuellet\Local Settings\Apps\2.0\VO4OC4L1.ZNK\0Y6QLYYZ.LHB\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\KOuellet\Local Settings\Apps\2.0\VO4OC4L1.ZNK\0Y6QLYYZ.LHB\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\KOuellet\Local Settings\Apps\2.0\VO4OC4L1.ZNK\0Y6QLYYZ.LHB\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\KOuellet\Local Settings\Apps\2.0\VO4OC4L1.ZNK\0Y6QLYYZ.LHB\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\KOuellet\Local Settings\Apps\2.0\VO4OC4L1.ZNK\0Y6QLYYZ.LHB\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\KOuellet\Local Settings\Apps\2.0\VO4OC4L1.ZNK\0Y6QLYYZ.LHB\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\KOuellet\Local Settings\Apps\2.0\VO4OC4L1.ZNK\0Y6QLYYZ.LHB\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\KOuellet\Local Settings\Apps\2.0\VO4OC4L1.ZNK\0Y6QLYYZ.LHB\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\KOuellet\Local Settings\Apps\2.0\VO4OC4L1.ZNK\0Y6QLYYZ.LHB\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\KOuellet\Local Settings\Apps\2.0\VO4OC4L1.ZNK\0Y6QLYYZ.LHB\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\KOuellet\Local Settings\Apps\2.0\VO4OC4L1.ZNK\0Y6QLYYZ.LHB\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\KOuellet\Local Settings\Apps\2.0\VO4OC4L1.ZNK\0Y6QLYYZ.LHB\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\KOuellet\Local Settings\Apps\2.0\VO4OC4L1.ZNK\0Y6QLYYZ.LHB\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\KOuellet\Local Settings\Apps\2.0\VO4OC4L1.ZNK\0Y6QLYYZ.LHB\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\KOuellet\Local Settings\Apps\2.0\VO4OC4L1.ZNK\0Y6QLYYZ.LHB\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\KOuellet\Local Settings\Apps\2.0\VO4OC4L1.ZNK\0Y6QLYYZ.LHB\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\KOuellet\Local Settings\Apps\2.0\VO4OC4L1.ZNK\0Y6QLYYZ.LHB\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\KOuellet\Local Settings\Apps\2.0\VO4OC4L1.ZNK\0Y6QLYYZ.LHB\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\KOuellet\Local Settings\Apps\2.0\VO4OC4L1.ZNK\0Y6QLYYZ.LHB\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\KOuellet\Local Settings\Apps\2.0\VO4OC4L1.ZNK\0Y6QLYYZ.LHB\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\KOuellet\Local Settings\Apps\2.0\VO4OC4L1.ZNK\0Y6QLYYZ.LHB\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\KOuellet\Local Settings\Apps\2.0\VO4OC4L1.ZNK\0Y6QLYYZ.LHB\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\KOuellet\Local Settings\Apps\2.0\VO4OC4L1.ZNK\0Y6QLYYZ.LHB\manifests\DellDriverDownloadManager.exe.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\KOuellet\Local Settings\Apps\2.0\VO4OC4L1.ZNK\0Y6QLYYZ.LHB\manifests\DellDriverDownloadManager.exe.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\KOuellet\Local Settings\Apps\2.0\VO4OC4L1.ZNK\0Y6QLYYZ.LHB\manifests\DellDriverDownloadManager.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\KOuellet\Local Settings\Apps\2.0\VO4OC4L1.ZNK\0Y6QLYYZ.LHB\manifests\DellDriverDownloadManager.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\KOuellet\Local Settings\Apps\2.0\VO4OC4L1.ZNK\0Y6QLYYZ.LHB\manifests\Dell.eSupport.DownloadManager.Core.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\KOuellet\Local Settings\Apps\2.0\VO4OC4L1.ZNK\0Y6QLYYZ.LHB\manifests\Dell.eSupport.DownloadManager.Core.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\KOuellet\Local Settings\Apps\2.0\VO4OC4L1.ZNK\0Y6QLYYZ.LHB\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\KOuellet\Local Settings\Apps\2.0\VO4OC4L1.ZNK\0Y6QLYYZ.LHB\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\KOuellet\Local Settings\Apps\2.0\VO4OC4L1.ZNK\0Y6QLYYZ.LHB\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\KOuellet\Local Settings\Apps\2.0\VO4OC4L1.ZNK\0Y6QLYYZ.LHB\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\KOuellet\Local Settings\Apps\2.0\VO4OC4L1.ZNK\0Y6QLYYZ.LHB\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\KOuellet\Local Settings\Apps\2.0\VO4OC4L1.ZNK\0Y6QLYYZ.LHB\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\KOuellet\Local Settings\Apps\2.0\VO4OC4L1.ZNK\0Y6QLYYZ.LHB\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\KOuellet\Local Settings\Apps\2.0\VO4OC4L1.ZNK\0Y6QLYYZ.LHB\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\KOuellet\Local Settings\Apps\2.0\VO4OC4L1.ZNK\0Y6QLYYZ.LHB\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\KOuellet\Local Settings\Apps\2.0\VO4OC4L1.ZNK\0Y6QLYYZ.LHB\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\KOuellet\Local Settings\Apps\2.0\VO4OC4L1.ZNK\0Y6QLYYZ.LHB\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\KOuellet\Local Settings\Apps\2.0\VO4OC4L1.ZNK\0Y6QLYYZ.LHB\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\KOuellet\Local Settings\Apps\2.0\VO4OC4L1.ZNK\0Y6QLYYZ.LHB\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\KOuellet\Local Settings\Apps\2.0\VO4OC4L1.ZNK\0Y6QLYYZ.LHB\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\KOuellet\Local Settings\Apps\2.0\VO4OC4L1.ZNK\0Y6QLYYZ.LHB\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\KOuellet\Local Settings\Apps\2.0\VO4OC4L1.ZNK\0Y6QLYYZ.LHB\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\KOuellet\Local Settings\Apps\2.0\VO4OC4L1.ZNK\0Y6QLYYZ.LHB\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\KOuellet\Local Settings\Apps\2.0\VO4OC4L1.ZNK\0Y6QLYYZ.LHB\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\KOuellet\Local Settings\Apps\2.0\VO4OC4L1.ZNK\0Y6QLYYZ.LHB\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\KOuellet\Local Settings\Apps\2.0\VO4OC4L1.ZNK\0Y6QLYYZ.LHB\manifests\Interop.IWshRuntimeLibrary.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\KOuellet\Local Settings\Apps\2.0\VO4OC4L1.ZNK\0Y6QLYYZ.LHB\manifests\Interop.IWshRuntimeLibrary.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\KOuellet\Local Settings\Apps\2.0\VO4OC4L1.ZNK\0Y6QLYYZ.LHB\manifests\stdole.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\KOuellet\Local Settings\Apps\2.0\VO4OC4L1.ZNK\0Y6QLYYZ.LHB\manifests\stdole.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\KOuellet\Local Settings\Apps\2.0\VO4OC4L1.ZNK\0Y6QLYYZ.LHB\manifests\Xceed.Compression.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\KOuellet\Local Settings\Apps\2.0\VO4OC4L1.ZNK\0Y6QLYYZ.LHB\manifests\Xceed.Compression.manifest
Status: Locked to the Windows API!

SSDT
-------------------
#: 012 Function Name: NtAlertResumeThread
Status: Hooked by "<unknown>" at address 0x8a7d6a28

#: 013 Function Name: NtAlertThread
Status: Hooked by "<unknown>" at address 0x8a7fda58

#: 017 Function Name: NtAllocateVirtualMemory
Status: Hooked by "<unknown>" at address 0x8a79f868

#: 031 Function Name: NtConnectPort
Status: Hooked by "<unknown>" at address 0x8a7c6bc0

#: 041 Function Name: NtCreateKey
Status: Hooked by "Lbd.sys" at address 0xba0f887e

#: 043 Function Name: NtCreateMutant
Status: Hooked by "<unknown>" at address 0x8a035330

#: 053 Function Name: NtCreateThread
Status: Hooked by "<unknown>" at address 0x8a707008

#: 083 Function Name: NtFreeVirtualMemory
Status: Hooked by "<unknown>" at address 0x8a6ba868

#: 089 Function Name: NtImpersonateAnonymousToken
Status: Hooked by "<unknown>" at address 0x8a709570

#: 091 Function Name: NtImpersonateThread
Status: Hooked by "<unknown>" at address 0x8a7fc368

#: 108 Function Name: NtMapViewOfSection
Status: Hooked by "<unknown>" at address 0x8a7e6ba0

#: 114 Function Name: NtOpenEvent
Status: Hooked by "<unknown>" at address 0x8a6237a0

#: 123 Function Name: NtOpenProcessToken
Status: Hooked by "<unknown>" at address 0x8a812ab0

#: 129 Function Name: NtOpenThreadToken
Status: Hooked by "<unknown>" at address 0x8a636fc0

#: 137 Function Name: NtProtectVirtualMemory
Status: Hooked by "C:\WINDOWS\system32\drivers\wpsdrvnt.sys" at address 0xb97a7280

#: 143 Function Name: NtQueryDefaultLocale
Status: Hooked by "SysPlant.sys" at address 0xb9dbc7b0

#: 206 Function Name: NtResumeThread
Status: Hooked by "<unknown>" at address 0x8a5fa2d0

#: 213 Function Name: NtSetContextThread
Status: Hooked by "<unknown>" at address 0x8a6e7b80

#: 228 Function Name: NtSetInformationProcess
Status: Hooked by "<unknown>" at address 0x8a7bef80

#: 229 Function Name: NtSetInformationThread
Status: Hooked by "<unknown>" at address 0x8a636888

#: 247 Function Name: NtSetValueKey
Status: Hooked by "Lbd.sys" at address 0xba0f8bfe

#: 253 Function Name: NtSuspendProcess
Status: Hooked by "<unknown>" at address 0x89fe62c0

#: 254 Function Name: NtSuspendThread
Status: Hooked by "<unknown>" at address 0x8a7fdad8

#: 257 Function Name: NtTerminateProcess
Status: Hooked by "<unknown>" at address 0x8a79f360

#: 258 Function Name: NtTerminateThread
Status: Hooked by "<unknown>" at address 0x8a7d7798

#: 267 Function Name: NtUnmapViewOfSection
Status: Hooked by "<unknown>" at address 0x8a7059b0

#: 277 Function Name: NtWriteVirtualMemory
Status: Hooked by "<unknown>" at address 0x8a6cd540

Shadow SSDT
-------------------
#: 383 Function Name: NtUserGetAsyncKeyState
Status: Hooked by "<unknown>" at address 0x89b09e30

==EOF==

#7 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:02:41 AM

Posted 12 December 2009 - 03:33 PM

Thanks for letting me know. :(

There was only a trace on the PC but I still see malicious temp files so we'd better make sure that it has gone.

Please download ComboFix from one of these locations:* IMPORTANT !!! Save ComboFix.exe to your Desktop making sure you rename it comfix.exe
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.


Next

Please download Posted Image Malwarebytes Anti-Malware and save it to your desktop.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application or, if you are using Vista, right-click and select Run As Administrator on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Full Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes, they may alert you after scanning with MBAM. Please permit the program to allow the changes.

That should pretty much finish the job. :(
Posted Image
m0le is a proud member of UNITE

#8 ExtremelyFrustrated

ExtremelyFrustrated
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:41 PM

Posted 14 December 2009 - 10:23 AM

Thank you mOLe,

I tried downloading combofix, but I got a webpage that stated that it was unavailable due to some bug that needed to be fix and not to download if from anywhere else. Not sure what is going on there. I did do the second part as I already have Malwarebytes and it did not find anything: Attached log

Malwarebytes' Anti-Malware 1.42
Database version: 3357
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

12/14/2009 10:19:19 AM
mbam-log-2009-12-14 (10-19-19).txt

Scan type: Full Scan (C:\|)
Objects scanned: 271676
Time elapsed: 1 hour(s), 19 minute(s), 34 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#9 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:02:41 AM

Posted 14 December 2009 - 10:39 AM

Combofix has been temporarily pulled while it is being fixed.

MBAM is clean which is encouraging. The temp files will have been purged by now so the PC looks better. Is it running well at the moment?

We'd better run a bigger scan so I can take a better look at the PC. If Combofix comes back on line I will contact you.

Please download
OTS
and save it to your desktop:
- Double click Posted Image and run
If you are running on Vista then right-click the program and choose Run as Administrator.


- Please check Posted Image & Posted Image
- Next press
Posted Image
- When the scan is complete Notepad will open with the report file loaded in it.
- Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
- Use the Add Reply button in the forum and Attach the scan back here (do not copy/paste it as it will be too big to fit)
- The log will be located in the OTS folder and named OTS.txt.

Thanks :(
Posted Image
m0le is a proud member of UNITE

#10 ExtremelyFrustrated

ExtremelyFrustrated
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:41 PM

Posted 14 December 2009 - 12:33 PM

Thank you again mOLe,

Attached is the OTS log.

Attached Files

  • Attached File  OTS.Txt   186.05KB   8 downloads

Edited by ExtremelyFrustrated, 14 December 2009 - 12:37 PM.


#11 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:02:41 AM

Posted 14 December 2009 - 02:26 PM

Could you paste the log please, ExtremelyFrustrated.

Thanks :(
Posted Image
m0le is a proud member of UNITE

#12 ExtremelyFrustrated

ExtremelyFrustrated
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:41 PM

Posted 14 December 2009 - 02:42 PM

Log pasted below:


OTS logfile created on: 12/14/2009 12:26:05 PM - Run 1
OTS by OldTimer - Version 3.1.10.0	 Folder = C:\Documents and Settings\KOuellet\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
2.00 Gb Total Physical Memory | 0.74 Gb Available Physical Memory | 37.07% Memory free
3.85 Gb Paging File | 2.79 Gb Available in Paging File | 72.55% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.70 Gb Total Space | 76.44 Gb Free Space | 68.44% Space Free | Partition Type: NTFS
Drive D: | 191.04 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive R: | 3276.80 Gb Total Space | 875.79 Gb Free Space | 26.73% Space Free | Partition Type: NTFS
Drive S: | 3276.80 Gb Total Space | 875.79 Gb Free Space | 26.73% Space Free | Partition Type: NTFS
Drive T: | 3276.80 Gb Total Space | 875.79 Gb Free Space | 26.73% Space Free | Partition Type: NTFS
Drive W: | 3276.80 Gb Total Space | 875.79 Gb Free Space | 26.73% Space Free | Partition Type: FAT
Drive Y: | 3276.80 Gb Total Space | 875.79 Gb Free Space | 26.73% Space Free | Partition Type: NTFS
Drive Z: | 3276.80 Gb Total Space | 875.79 Gb Free Space | 26.73% Space Free | Partition Type: NTFS
 
Computer Name: KOUELLETTE01
Current User Name: KOuellet
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
 
[Processes - Safe List]
ots.exe -> C:\Documents and Settings\KOuellet\Desktop\OTS.exe -> [2009/12/14 12:25:20 | 00,534,528 | ---- | M] (OldTimer Tools)
ymsgr_tray.exe -> C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe -> [2009/05/26 20:06:32 | 00,079,088 | ---- | M] (Yahoo! Inc.)
winword.exe -> C:\Program Files\Microsoft Office\Office12\WINWORD.EXE -> [2009/04/17 02:35:18 | 00,408,424 | ---- | M] (Microsoft Corporation)
winpatrol.exe -> C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe -> [2009/04/07 14:16:51 | 00,337,216 | ---- | M] (BillP Studios)
ituneshelper.exe -> C:\Program Files\iTunes\iTunesHelper.exe -> [2009/03/12 19:56:58 | 00,342,312 | ---- | M] (Apple Inc.)
ipodservice.exe -> C:\Program Files\iPod\bin\iPodService.exe -> [2009/03/12 19:56:52 | 00,656,168 | ---- | M] (Apple Inc.)
iexplore.exe -> C:\Program Files\Internet Explorer\iexplore.exe -> [2009/03/08 13:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation)
applemobiledeviceservice.exe -> C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> [2009/03/05 23:04:30 | 00,132,424 | ---- | M] (Apple Inc.)
mdnsresponder.exe -> C:\Program Files\Bonjour\mDNSResponder.exe -> [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.)
homerunner.exe -> C:\Program Files\TomTom HOME 2\HOMERunner.exe -> [2008/12/09 05:12:30 | 00,234,856 | ---- | M] (TomTom)
ntmulti.exe -> C:\Program Files\IBM\Lotus\Notes\ntmulti.exe -> [2008/12/06 07:37:30 | 00,058,760 | ---- | M] (IBM Corp)
ntaskldr.exe -> C:\Program Files\IBM\Lotus\Notes\ntaskldr.exe -> [2008/12/06 07:37:08 | 00,015,752 | ---- | M] (IBM Corp)
nslsvice.exe -> C:\Program Files\IBM\Lotus\Notes\nslsvice.exe -> [2008/12/06 07:36:56 | 00,031,624 | ---- | M] (IBM Corp)
nsd.exe -> C:\Program Files\IBM\Lotus\Notes\nsd.exe -> [2008/12/06 07:36:38 | 03,315,080 | ---- | M] (IBM)
nlnotes.exe -> C:\Program Files\IBM\Lotus\Notes\nlnotes.exe -> [2008/12/06 07:35:26 | 02,647,432 | ---- | M] (IBM Corp)
notes2.exe -> C:\Program Files\IBM\Lotus\Notes\framework\rcp\eclipse\plugins\com.ibm.rcp.base_6.2.0.200811140851\win32\x86\notes2.exe -> [2008/11/14 10:23:12 | 00,079,120 | ---- | M] (IBM)
jqs.exe -> C:\Program Files\Java\jre6\bin\jqs.exe -> [2008/11/10 05:43:40 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.)
rdiconverterservice.exe -> C:\Program Files\Common Files\ICWM\Printer\RDIConverterService.exe -> [2008/10/01 14:52:36 | 00,064,888 | ---- | M] (Web Meeting)
realsched.exe -> C:\Program Files\Common Files\Real\Update_OB\realsched.exe -> [2008/07/21 07:15:01 | 00,185,896 | ---- | M] (RealNetworks, Inc.)
explorer.exe -> C:\WINDOWS\explorer.exe -> [2008/04/13 19:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation)
soffice.exe -> C:\Program Files\IBM\Lotus\Notes\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.app.win32_3.0.0.20070725-1652\soffice.exe -> [2008/04/03 09:39:21 | 00,888,902 | ---- | M] ()
apachemonitor.exe -> C:\Program Files\Apache Group\Apache2\bin\ApacheMonitor.exe -> [2008/01/17 21:59:58 | 00,041,042 | ---- | M] (Apache Software Foundation)
apache.exe -> C:\Program Files\Apache Group\Apache2\bin\Apache.exe -> [2008/01/17 21:58:36 | 00,020,541 | ---- | M] (Apache Software Foundation)
rtvscan.exe -> C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -> [2007/12/18 20:08:08 | 02,189,240 | ---- | M] (Symantec Corporation)
smcgui.exe -> C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe -> [2007/12/18 18:03:10 | 01,643,904 | ---- | M] (Symantec Corporation)
smc.exe -> C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe -> [2007/12/18 18:03:08 | 02,569,600 | ---- | M] (Symantec Corporation)
stsystra.exe -> C:\Program Files\Sigmatel\C-Major Audio\WDM\stsystra.exe -> [2007/12/05 18:24:46 | 00,405,504 | ---- | M] (SigmaTel, Inc.)
stacsv.exe -> C:\WINDOWS\system32\stacsv.exe -> [2007/12/05 18:24:44 | 00,094,208 | ---- | M] (SigmaTel, Inc.)
ccapp.exe -> C:\Program Files\Common Files\Symantec Shared\ccApp.exe -> [2007/11/09 14:15:34 | 00,115,560 | ---- | M] (Symantec Corporation)
ccsvchst.exe -> C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -> [2007/11/09 14:15:18 | 00,108,392 | ---- | M] (Symantec Corporation)
wltray.exe -> C:\WINDOWS\system32\WLTRAY.EXE -> [2007/10/09 05:17:44 | 02,183,168 | ---- | M] (Dell Inc.)
wltrysvc.exe -> C:\WINDOWS\system32\WLTRYSVC.EXE -> [2007/10/09 05:17:44 | 00,024,064 | ---- | M] ()
bcmwltry.exe -> C:\WINDOWS\system32\BCMWLTRY.EXE -> [2007/10/09 05:17:40 | 01,921,024 | ---- | M] (Dell Inc.)
z-sanservice.exe -> C:\Program Files\NETGEAR\NETGEAR Storage Central Manager Utility\Z-SANService.exe -> [2007/08/08 18:54:24 | 00,376,891 | ---- | M] (Zetera Corporation)
nvsvc32.exe -> C:\WINDOWS\system32\nvsvc32.exe -> [2007/05/31 16:50:40 | 00,163,908 | ---- | M] (NVIDIA Corporation)
nicconfigsvc.exe -> C:\Program Files\Dell\QuickSet\NicConfigSvc.exe -> [2007/05/14 15:21:40 | 00,475,136 | ---- | M] (Dell Inc.)
hidfind.exe -> C:\Program Files\Apoint\hidfind.exe -> [2007/04/15 22:49:16 | 00,040,960 | ---- | M] (Alps Electric Co., Ltd.)
apoint.exe -> C:\Program Files\Apoint\Apoint.exe -> [2007/04/15 22:49:08 | 00,159,744 | ---- | M] (Alps Electric Co., Ltd.)
apmsgfwd.exe -> C:\Program Files\Apoint\ApMsgFwd.exe -> [2007/04/15 22:49:08 | 00,050,736 | ---- | M] (Alps Electric Co., Ltd.)
apntex.exe -> C:\Program Files\Apoint\ApntEx.exe -> [2007/04/15 22:49:08 | 00,040,960 | ---- | M] (Alps Electric Co., Ltd.)
dlcxmon.exe -> C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe -> [2007/01/12 10:57:28 | 00,292,336 | ---- | M] ()
asfipmon.exe -> C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe -> [2006/12/19 15:21:48 | 00,079,432 | ---- | M] (Broadcom Corporation)
memcard.exe -> C:\Program Files\Dell Photo AIO Printer 926\memcard.exe -> [2006/11/03 16:04:46 | 00,304,008 | ---- | M] ()
pdvddxsrv.exe -> C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe -> [2006/10/20 18:23:38 | 00,118,784 | ---- | M] (CyberLink Corp.)
dlcxcoms.exe -> C:\WINDOWS\system32\dlcxcoms.exe -> [2006/10/11 15:48:50 | 00,532,480 | ---- | M] ( )
drgtodsc.exe -> C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe -> [2006/08/17 10:00:00 | 01,116,920 | ---- | M] (Roxio)
cidaemon.exe -> C:\WINDOWS\system32\cidaemon.exe -> [2004/08/04 06:00:00 | 00,008,192 | ---- | M] (Microsoft Corporation)
issch.exe -> C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe -> [2004/07/27 17:50:18 | 00,081,920 | ---- | M] (InstallShield Software Corporation)
endpoint.exe -> C:\Program Files\Ixia\Endpoint\endpoint.exe -> [2003/12/01 04:00:00 | 00,700,492 | ---- | M] (Ixia)
osa.exe -> C:\Program Files\Microsoft Office\Office\OSA.EXE -> [1998/04/06 23:00:00 | 00,051,984 | ---- | M] ()
 
[Modules - Safe List]
ots.exe -> C:\Documents and Settings\KOuellet\Desktop\OTS.exe -> [2009/12/14 12:25:20 | 00,534,528 | ---- | M] (OldTimer Tools)
patrolpro.dll -> C:\Program Files\BillP Studios\WinPatrol\patrolpro.dll -> [2009/04/07 14:17:03 | 00,062,776 | ---- | M] (BillP Studios)
sysfer.dll -> C:\WINDOWS\system32\sysfer.dll -> [2007/12/18 18:04:08 | 00,329,088 | ---- | M] (Symantec Corporation)
 
[Win32 Services - Safe List]
(Lavasoft Ad-Aware Service) Lavasoft Ad-Aware Service [Auto | Stopped] -> C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -> [2009/11/19 16:01:30 | 01,184,912 | ---- | M] (Lavasoft)
(iPod Service) iPod Service [On_Demand | Running] -> C:\Program Files\iPod\bin\iPodService.exe -> [2009/03/12 19:56:52 | 00,656,168 | ---- | M] (Apple Inc.)
(Apple Mobile Device) Apple Mobile Device [Auto | Running] -> C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> [2009/03/05 23:04:30 | 00,132,424 | ---- | M] (Apple Inc.)
(Bonjour Service) Bonjour Service [Auto | Running] -> C:\Program Files\Bonjour\mDNSResponder.exe -> [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.)
(Multi-user Cleanup Service) Multi-user Cleanup Service [Auto | Running] -> C:\Program Files\IBM\Lotus\Notes\ntmulti.exe -> [2008/12/06 07:37:30 | 00,058,760 | ---- | M] (IBM Corp)
(Lotus Notes Single Logon) Lotus Notes Single Logon [Auto | Running] -> C:\Program Files\IBM\Lotus\Notes\nslsvice.exe -> [2008/12/06 07:36:56 | 00,031,624 | ---- | M] (IBM Corp)
(Lotus Notes Diagnostics) Lotus Notes Diagnostics [Auto | Running] -> C:\Program Files\IBM\Lotus\Notes\nsd.exe -> [2008/12/06 07:36:38 | 03,315,080 | ---- | M] (IBM)
(JavaQuickStarterService) Java Quick Starter [Auto | Running] -> C:\Program Files\Java\jre6\bin\jqs.exe -> [2008/11/10 05:43:40 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.)
(RDIConverterPrintHelper) RDI Document Conversion Helper [Auto | Running] -> C:\Program Files\Common Files\ICWM\Printer\RDIConverterService.exe -> [2008/10/01 14:52:36 | 00,064,888 | ---- | M] (Web Meeting)
(SolidWorks Licensing Service) SolidWorks Licensing Service [On_Demand | Stopped] -> C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe -> [2008/07/11 12:07:12 | 00,079,360 | ---- | M] (SolidWorks)
(SolarWinds TFTP Server) SolarWinds TFTP Server [On_Demand | Stopped] -> C:\Program Files\SolarWinds\TFTPServer\SolarWinds TFTP Server.exe -> [2008/05/16 12:40:02 | 00,061,440 | ---- | M] (SolarWinds)
(Apache2) Apache2 [Auto | Running] -> C:\Program Files\Apache Group\Apache2\bin\Apache.exe -> [2008/01/17 21:58:36 | 00,020,541 | ---- | M] (Apache Software Foundation)
(Symantec AntiVirus) Symantec Endpoint Protection [Auto | Running] -> C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -> [2007/12/18 20:08:08 | 02,189,240 | ---- | M] (Symantec Corporation)
(SNAC) Symantec Network Access Control [On_Demand | Stopped] -> C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE -> [2007/12/18 18:04:36 | 00,234,888 | ---- | M] (Symantec Corporation)
(SmcService) Symantec Management Client [Auto | Running] -> C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe -> [2007/12/18 18:03:08 | 02,569,600 | ---- | M] (Symantec Corporation)
(STacSV) SigmaTel Audio Service [Auto | Running] -> C:\WINDOWS\system32\stacsv.exe -> [2007/12/05 18:24:44 | 00,094,208 | ---- | M] (SigmaTel, Inc.)
(ccSetMgr) Symantec Settings Manager [Auto | Running] -> C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -> [2007/11/09 14:15:18 | 00,108,392 | ---- | M] (Symantec Corporation)
(ccEvtMgr) Symantec Event Manager [Auto | Running] -> C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -> [2007/11/09 14:15:18 | 00,108,392 | ---- | M] (Symantec Corporation)
(rpcapd) Remote Packet Capture Protocol v.0 (experimental) [On_Demand | Stopped] -> C:\Program Files\WinPcap\rpcapd.exe -> [2007/11/06 15:22:26 | 00,092,792 | ---- | M] (CACE Technologies)
(wltrysvc) Dell Wireless WLAN Tray Service [Auto | Running] -> C:\WINDOWS\System32\WLTRYSVC.EXE -> [2007/10/09 05:17:44 | 00,024,064 | ---- | M] ()
(WaveEnrollmentService) WaveEnrollmentService [On_Demand | Stopped] -> C:\Program Files\Wave Systems Corp\Authentication Manager\WaveEnrollmentService.exe -> [2007/09/13 15:31:44 | 00,192,512 | ---- | M] (Wave Systems Corp.)
(odserv) Microsoft Office Diagnostics Service [On_Demand | Stopped] -> C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -> [2007/08/24 02:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation)
(LiveUpdate) LiveUpdate [On_Demand | Stopped] -> C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -> [2007/08/11 19:05:27 | 03,093,872 | ---- | M] (Symantec Corporation)
(Z-SANService) Z-SAN Service [Auto | Running] -> C:\Program Files\NETGEAR\NETGEAR Storage Central Manager Utility\Z-SANService.exe -> [2007/08/08 18:54:24 | 00,376,891 | ---- | M] (Zetera Corporation)
(NVSvc) NVIDIA Display Driver Service [Auto | Running] -> C:\WINDOWS\system32\nvsvc32.exe -> [2007/05/31 16:50:40 | 00,163,908 | ---- | M] (NVIDIA Corporation)
(NICCONFIGSVC) NICCONFIGSVC [Auto | Running] -> C:\Program Files\Dell\QuickSet\NicConfigSvc.exe -> [2007/05/14 15:21:40 | 00,475,136 | ---- | M] (Dell Inc.)
(ASFIPmon) Broadcom ASF IP and SMBIOS Mailbox Monitor [Auto | Running] -> C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe -> [2006/12/19 15:21:48 | 00,079,432 | ---- | M] (Broadcom Corporation)
(ose) Office Source Engine [On_Demand | Stopped] -> C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -> [2006/10/26 13:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation)
(dlcx_device) dlcx_device [Auto | Running] -> C:\WINDOWS\System32\dlcxcoms.exe -> [2006/10/11 15:48:50 | 00,532,480 | ---- | M] ( )
(stllssvr) stllssvr [On_Demand | Stopped] -> C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -> [2006/09/14 15:54:34 | 00,073,728 | ---- | M] (MicroVision Development, Inc.)
(Pml Driver HPZ12) Pml Driver HPZ12 [Auto | Stopped] -> C:\WINDOWS\system32\HPZIPM12.DLL -> [2006/05/11 17:15:50 | 00,052,736 | ---- | M] (Hewlett-Packard)
(IDriverT) InstallDriver Table Manager [On_Demand | Stopped] -> C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -> [2004/10/22 02:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation)
(IxiaEndpoint) Ixia Endpoint [Auto | Running] -> C:\Program Files\Ixia\Endpoint\endpoint.exe -> [2003/12/01 04:00:00 | 00,700,492 | ---- | M] (Ixia)
(WhatsUp Gold Syslog) WhatsUp Gold Syslog [On_Demand | Stopped] -> C:\Program Files\WhatsUp\IPSyslog.exe -> [2003/11/03 15:25:30 | 00,204,800 | ---- | M] (Ipswitch, Inc. 10 Maguire Road - Suite 220 Lexington, MA 02421)
(DHCP Turbo) DHCP Turbo [On_Demand | Stopped] -> C:\Program Files\DHCP Turbo\dhcpt.exe -> [2003/06/10 08:05:29 | 01,556,480 | ---- | M] (Weird Solutions, Inc.)
 
[Driver Services - Safe List]
(NAVEX15) NAVEX15 [Kernel | On_Demand | Running] -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20091212.004\NAVEX15.SYS -> [2009/11/16 10:11:36 | 01,323,568 | ---- | M] (Symantec Corporation)
(NAVENG) NAVENG [Kernel | On_Demand | Running] -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20091212.004\NAVENG.SYS -> [2009/11/16 10:11:36 | 00,084,912 | ---- | M] (Symantec Corporation)
(VBoxNetFlt) VBoxNetFlt Service [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\VBoxNetFlt.sys -> [2009/10/29 14:48:42 | 00,103,888 | ---- | M] (Sun Microsystems, Inc.)
(VBoxNetAdp) VirtualBox Host-Only Ethernet Adapter [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\VBoxNetAdp.sys -> [2009/10/29 14:48:42 | 00,095,376 | ---- | M] (Sun Microsystems, Inc.)
(VBoxUSBMon) VirtualBox USB Monitor Driver [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\VBoxUSBMon.sys -> [2009/10/29 14:48:42 | 00,041,424 | ---- | M] (Sun Microsystems, Inc.)
(VBoxDrv) VirtualBox Service [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\VBoxDrv.sys -> [2009/10/29 14:48:40 | 00,116,368 | ---- | M] (Sun Microsystems, Inc.)
(Lbd) Lbd [File_System | Boot | Running] -> C:\WINDOWS\system32\DRIVERS\Lbd.sys -> [2009/09/23 07:55:23 | 00,064,288 | ---- | M] (Lavasoft AB)
(eeCtrl) Symantec Eraser Control driver [Kernel | System | Running] -> C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -> [2009/08/26 03:00:00 | 00,371,248 | ---- | M] (Symantec Corporation)
(EraserUtilRebootDrv) EraserUtilRebootDrv [Kernel | On_Demand | Running] -> C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -> [2009/08/26 03:00:00 | 00,102,448 | ---- | M] (Symantec Corporation)
(WpsHelper) WpsHelper [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\WpsHelper.sys -> [2009/04/20 22:12:14 | 00,149,768 | ---- | M] (Symantec Corporation)
(USBAAPL) Apple Mobile USB Driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\usbaapl.sys -> [2009/03/05 22:59:00 | 00,036,864 | ---- | M] (Apple, Inc.)
(GEARAspiWDM) GEAR ASPI Filter Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -> [2009/01/15 11:19:36 | 00,023,848 | ---- | M] (GEAR Software Inc.)
(hamachi) Hamachi Network Interface [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\hamachi.sys -> [2008/12/11 10:39:07 | 00,025,280 | ---- | M] (LogMeIn, Inc.)
(COH_Mon) COH_Mon [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\COH_Mon.sys -> [2008/10/08 14:30:32 | 00,023,888 | ---- | M] (Symantec Corporation)
(SymEvent) SymEvent [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\SYMEVENT.SYS -> [2008/05/20 15:47:38 | 00,136,496 | ---- | M] (Symantec Corporation)
(nm) Network Monitor Driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\nmnt.sys -> [2008/04/13 13:53:09 | 00,040,320 | ---- | M] (Microsoft Corporation)
(amdagp) AMD AGP Bus Filter Driver [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\amdagp.sys -> [2008/04/13 13:36:39 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.)
(sisagp) SIS AGP Bus Filter [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\sisagp.sys -> [2008/04/13 13:36:39 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation)
(HDAudBus) Microsoft UAA Bus Driver for High Definition Audio [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\hdaudbus.sys -> [2008/04/13 11:36:05 | 00,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider)
(SysPlant) SysPlant for NT [Kernel | Boot | Running] -> C:\WINDOWS\SYSTEM32\Drivers\SysPlant.sys -> [2007/12/18 18:06:14 | 00,091,008 | ---- | M] (Symantec Corporation)
(WPS) WPS [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\WPSDRVnt.sys -> [2007/12/18 18:04:16 | 00,040,832 | ---- | M] (Symantec Corporation)
(STHDA) SigmaTel High Definition Audio CODEC [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\sthda.sys -> [2007/12/05 18:24:44 | 01,222,840 | ---- | M] (SigmaTel, Inc.)
(mdmxsdk) mdmxsdk [Kernel | Auto | Running] -> C:\WINDOWS\system32\drivers\mdmxsdk.sys -> [2007/12/02 19:26:28 | 00,012,672 | ---- | M] (Conexant)
(HSF_DPV) HSF_DPV [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\HSF_DPV.sys -> [2007/12/02 19:26:22 | 00,989,952 | ---- | M] (Conexant Systems, Inc.)
(winachsf) winachsf [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\HSF_CNXT.sys -> [2007/12/02 19:26:20 | 00,731,136 | ---- | M] (Conexant Systems, Inc.)
(HSFHWAZL) HSFHWAZL [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\HSFHWAZL.sys -> [2007/12/02 19:26:20 | 00,211,200 | ---- | M] (Conexant Systems, Inc.)
(SRTSPL) SRTSPL [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\srtspl.sys -> [2007/11/30 22:57:12 | 00,317,616 | ---- | M] (Symantec Corporation)
(SRTSP) SRTSP [File_System | System | Running] -> C:\WINDOWS\system32\drivers\srtsp.sys -> [2007/11/30 22:57:12 | 00,279,088 | ---- | M] (Symantec Corporation)
(SRTSPX) SRTSPX [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\srtspx.sys -> [2007/11/30 22:57:12 | 00,043,696 | ---- | M] (Symantec Corporation)
(guardian2) guardian2 [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\oz776.sys -> [2007/11/28 17:18:24 | 00,062,208 | ---- | M] (O2Micro)
(Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\secdrv.sys -> [2007/11/13 05:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
(NPF) NetGroup Packet Filter Driver [Kernel | Auto | Running] -> C:\WINDOWS\system32\drivers\npf.sys -> [2007/11/06 15:22:06 | 00,034,064 | ---- | M] (CACE Technologies)
(BCM43XX) Dell Wireless WLAN Card Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\BCMWL5.SYS -> [2007/10/09 05:17:42 | 01,123,328 | ---- | M] (Broadcom Corp.)
(PBADRV) PBADRV [Kernel | Boot | Running] -> C:\WINDOWS\system32\DRIVERS\PBADRV.sys -> [2007/09/07 10:57:14 | 00,026,608 | ---- | M] (Dell Inc)
(SFSZ) DataPlow SFS for Zetera Storage Devices [File_System | Auto | Running] -> C:\WINDOWS\system32\drivers\sfsz.sys -> [2007/08/14 20:29:46 | 00,345,984 | ---- | M] (DataPlow, Incorporated)
(ZetBus) Zetera Virtual Bus [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\ZetBus.sys -> [2007/08/08 18:57:18 | 00,015,488 | ---- | M] (Zetera Corporation)
(ZetSFD) ZetSFD [Kernel | Boot | Running] -> C:\WINDOWS\system32\DRIVERS\ZetSFD.sys -> [2007/08/08 18:57:18 | 00,012,800 | ---- | M] (Zetera Corporation)
(ZetMPD) ZetMPD [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\ZetMPD.sys -> [2007/08/08 18:57:16 | 00,005,120 | ---- | M] (Zetera Corporation)
(Teefer2) Teefer2 Miniport [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\teefer2.sys -> [2007/08/06 14:29:28 | 00,049,024 | ---- | M] (Symantec Corporation)
(SPBBCDrv) SPBBCDrv [Kernel | System | Running] -> C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -> [2007/07/31 01:17:26 | 00,418,864 | ---- | M] (Symantec Corporation)
(nv) nv [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\nv4_mini.sys -> [2007/05/31 16:50:20 | 06,727,136 | ---- | M] (NVIDIA Corporation)
(ApfiltrService) Alps Touch Pad Filter Driver for Windows 2000/XP/Vista [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\Apfiltr.sys -> [2007/04/15 22:49:08 | 00,132,608 | ---- | M] (Alps Electric Co., Ltd.)
(b57w2k) Broadcom NetXtreme Gigabit Ethernet [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\b57xp32.sys -> [2007/03/18 16:44:38 | 00,160,256 | ---- | M] (Broadcom Corporation)
(SYMTDI) SYMTDI [Kernel | System | Running] -> C:\WINDOWS\System32\Drivers\SYMTDI.SYS -> [2007/01/09 15:46:26 | 00,191,544 | ---- | M] (Symantec Corporation)
(SYMREDRV) SYMREDRV [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -> [2007/01/09 15:46:26 | 00,027,576 | ---- | M] (Symantec Corporation)
(BASFND) BASFND [Kernel | Auto | Running] -> C:\Program Files\Broadcom\ASFIPMon\BASFND.sys -> [2006/12/19 15:21:52 | 00,010,480 | ---- | M] (Broadcom Corporation)
(DXEC01) DXEC01 [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\dxec01.sys -> [2006/11/02 13:32:32 | 00,097,536 | ---- | M] (Knowles Acoustics)
(DLADResM) DLADResM [File_System | Auto | Running] -> C:\WINDOWS\system32\DLA\DLADResM.SYS -> [2006/08/18 14:18:08 | 00,009,400 | ---- | M] (Roxio)
(DLABMFSM) DLABMFSM [File_System | Auto | Running] -> C:\WINDOWS\system32\DLA\DLABMFSM.SYS -> [2006/08/18 14:17:46 | 00,035,096 | ---- | M] (Roxio)
(DLAUDF_M) DLAUDF_M [File_System | Auto | Running] -> C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -> [2006/08/18 14:17:44 | 00,097,848 | ---- | M] (Roxio)
(DLAUDFAM) DLAUDFAM [File_System | Auto | Running] -> C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -> [2006/08/18 14:17:44 | 00,094,648 | ---- | M] (Roxio)
(DLAOPIOM) DLAOPIOM [File_System | Auto | Running] -> C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -> [2006/08/18 14:17:42 | 00,026,008 | ---- | M] (Roxio)
(DLABOIOM) DLABOIOM [File_System | Auto | Running] -> C:\WINDOWS\system32\DLA\DLABOIOM.SYS -> [2006/08/18 14:17:40 | 00,032,472 | ---- | M] (Roxio)
(DLAIFS_M) DLAIFS_M [File_System | Auto | Running] -> C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -> [2006/08/18 14:17:38 | 00,104,472 | ---- | M] (Roxio)
(DLAPoolM) DLAPoolM [File_System | Auto | Running] -> C:\WINDOWS\system32\DLA\DLAPoolM.SYS -> [2006/08/18 14:17:38 | 00,014,520 | ---- | M] (Roxio)
(DRVNDDM) DRVNDDM [File_System | Auto | Running] -> C:\WINDOWS\system32\drivers\DRVNDDM.SYS -> [2006/08/11 12:05:58 | 00,051,768 | ---- | M] (Roxio)
(DLACDBHM) DLACDBHM [File_System | System | Running] -> C:\WINDOWS\system32\drivers\DLACDBHM.SYS -> [2006/08/11 11:35:18 | 00,012,920 | ---- | M] (Roxio)
(DLARTL_M) DLARTL_M [File_System | System | Running] -> C:\WINDOWS\system32\drivers\DLARTL_M.SYS -> [2006/08/11 11:35:16 | 00,028,184 | ---- | M] (Roxio)
(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> C:\WINDOWS\System32\Drivers\PxHelp20.sys -> [2006/07/24 04:00:00 | 00,036,528 | ---- | M] (Sonic Solutions)
(DRVMCDB) DRVMCDB [Kernel | Boot | Running] -> C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -> [2006/07/21 12:21:26 | 00,099,176 | ---- | M] (Sonic Solutions)
(APPDRV) APPDRV [Kernel | System | Running] -> C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -> [2005/08/12 18:50:46 | 00,016,128 | ---- | M] (Dell Inc)
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\ptilink.sys -> [2004/08/04 06:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.)
(Ser2pl) Prolific Serial port driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\ser2pl.sys -> [2003/07/16 01:27:40 | 00,043,264 | R--- | M] (Prolific Technology Inc.)
(Sparrow) Sparrow [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\sparrow.sys -> [2001/08/17 15:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.)
(sym_u3) sym_u3 [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\sym_u3.sys -> [2001/08/17 15:07:42 | 00,030,688 | ---- | M] (LSI Logic)
(sym_hi) sym_hi [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\sym_hi.sys -> [2001/08/17 15:07:40 | 00,028,384 | ---- | M] (LSI Logic)
(symc8xx) symc8xx [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\symc8xx.sys -> [2001/08/17 15:07:36 | 00,032,640 | ---- | M] (LSI Logic)
(symc810) symc810 [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\symc810.sys -> [2001/08/17 15:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.)
(ultra) ultra [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\ultra.sys -> [2001/08/17 14:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.)
(ql12160) ql12160 [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\ql12160.sys -> [2001/08/17 14:52:20 | 00,045,312 | ---- | M] (QLogic Corporation)
(ql1080) ql1080 [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\ql1080.sys -> [2001/08/17 14:52:20 | 00,040,320 | ---- | M] (QLogic Corporation)
(ql1280) ql1280 [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\ql1280.sys -> [2001/08/17 14:52:18 | 00,049,024 | ---- | M] (QLogic Corporation)
(dac2w2k) dac2w2k [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -> [2001/08/17 14:52:16 | 00,179,584 | ---- | M] (Mylex Corporation)
(mraid35x) mraid35x [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\mraid35x.sys -> [2001/08/17 14:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.)
(asc) asc [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\asc.sys -> [2001/08/17 14:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.)
(asc3550) asc3550 [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\asc3550.sys -> [2001/08/17 14:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.)
(AliIde) AliIde [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\aliide.sys -> [2001/08/17 14:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.)
(CmdIde) CmdIde [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\cmdide.sys -> [2001/08/17 14:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.)
(E100B) Intel(R) PRO Adapter Driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\e100b325.sys -> [2001/08/17 13:12:10 | 00,117,760 | ---- | M] (Intel Corporation)
 
[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://www.yahoo.com/ -> 
HKEY_LOCAL_MACHINE\: Main\\"Default_Search_URL" -> http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com -> 
HKEY_LOCAL_MACHINE\: Main\\"Search Page" -> http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com -> 
HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://www.yahoo.com/ -> 
HKEY_LOCAL_MACHINE\: Search\\"CustomSearch" -> http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr9/*http://www.yahoo.com/ext/search/search.html -> 
HKEY_LOCAL_MACHINE\: Search\\"Default_Page_URL" -> partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=6080324 -> 
HKEY_LOCAL_MACHINE\: Search\\"Start Page" -> partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=6080324 -> 
< Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> 
HKEY_USERS\.DEFAULT\: Main\\"Default_Page_URL" -> partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=6080324 -> 
HKEY_USERS\.DEFAULT\: Main\\"Start Page" -> partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=6080324 -> 
HKEY_USERS\.DEFAULT\: "ProxyEnable" -> 0 -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> 
HKEY_USERS\S-1-5-18\: Main\\"Default_Page_URL" -> partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=6080324 -> 
HKEY_USERS\S-1-5-18\: Main\\"Start Page" -> partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=6080324 -> 
HKEY_USERS\S-1-5-18\: "ProxyEnable" -> 0 -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> 
HKEY_USERS\S-1-5-19\: "ProxyEnable" -> 0 -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-21-2133283647-616262522-18564361-3713\] > -> -> 
HKEY_USERS\S-1-5-21-2133283647-616262522-18564361-3713\: Main\\"Default_Page_URL" -> partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=6080324 -> 
HKEY_USERS\S-1-5-21-2133283647-616262522-18564361-3713\: Main\\"Start Page" -> http://www.google.com/ -> 
HKEY_USERS\S-1-5-21-2133283647-616262522-18564361-3713\: SearchURL\\"" -> http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com -> 
HKEY_USERS\S-1-5-21-2133283647-616262522-18564361-3713\: "ProxyEnable" -> 0 -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-21-516019477-3756168135-91704663-1005\] > -> -> 
HKEY_USERS\S-1-5-21-516019477-3756168135-91704663-1005\: Main\\"Default_Page_URL" -> partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=6080324 -> 
HKEY_USERS\S-1-5-21-516019477-3756168135-91704663-1005\: Main\\"Search Page" -> about:blank -> 
HKEY_USERS\S-1-5-21-516019477-3756168135-91704663-1005\: Main\\"Start Page" -> partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=6080324 -> 
HKEY_USERS\S-1-5-21-516019477-3756168135-91704663-1005\: SearchURL\\"" -> about:blank -> 
HKEY_USERS\S-1-5-21-516019477-3756168135-91704663-1005\: "ProxyEnable" -> 0 -> 
< FireFox Settings [Prefs.js] > -> C:\Documents and Settings\KOuellet\Application Data\Mozilla\FireFox\Profiles\4ed2bzh4.default\prefs.js -> 
browser.search.defaultenginename -> "AIM Search" ->
browser.search.defaulturl -> "http://aim.search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us" ->
browser.search.useDBForOrder -> true ->
browser.startup.homepage -> "www.google.com" ->
extensions.enabledItems -> autopager@mozilla.org:0.5.2.2 ->
extensions.enabledItems -> {89506680-e3f4-484c-a2c0-ed711d481eda}:0.9.5 ->
extensions.enabledItems -> {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.4 ->
extensions.enabledItems -> jqs@sun.com:1.0 ->
extensions.enabledItems -> {dc572301-7619-498c-a57d-39143191b318}:0.3.8.1 ->
extensions.enabledItems -> tabscope@xuldev.org:0.2.2.11 ->
extensions.enabledItems -> {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.6.20090220 ->
extensions.enabledItems -> {c2f863cd-0429-48c7-bb54-db756a951760}:5.96.5.1 ->
extensions.enabledItems -> {07b2a769-ed19-4483-87ce-c643914c81bb}:3.0.0.34 ->
keyword.URL -> "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50-ff-aim-ab-en-us&query=" ->
network.proxy.autoconfig_url -> "http://ncs-www.gdc.com/proxy.pac" ->
network.proxy.http -> "172.16.3.175" ->
network.proxy.http_port -> 3128 ->
network.proxy.type -> 1 ->
< FireFox Settings [User.js] > -> C:\Documents and Settings\KOuellet\Application Data\Mozilla\FireFox\Profiles\4ed2bzh4.default\user.js -> 
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
HKLM\software\mozilla\Firefox\Extensions ->  -> 
HKLM\software\mozilla\Mozilla Firefox 3.0.12\extensions ->  -> 
HKLM\software\mozilla\Mozilla Firefox 3.0.12\extensions\\Components -> C:\Program Files\Mozilla Firefox\components [C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS] -> [2009/08/04 21:08:39 | 00,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 3.0.12\extensions\\Plugins -> C:\Program Files\Mozilla Firefox\plugins [C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS] -> [2009/11/02 11:09:15 | 00,000,000 | ---D | M]
< FireFox Extensions [User Folders] > -> 
  -> C:\Documents and Settings\KOuellet\Application Data\Mozilla\Extensions -> [2009/01/16 19:40:10 | 00,000,000 | ---D | M]
  -> C:\Documents and Settings\KOuellet\Application Data\Mozilla\Extensions\home2@tomtom.com -> [2009/01/03 15:02:56 | 00,000,000 | ---D | M]
  -> C:\Documents and Settings\KOuellet\Application Data\Mozilla\Firefox\Profiles\4ed2bzh4.default\extensions -> [2009/11/05 09:37:34 | 00,000,000 | ---D | M]
Vista-aero   -> C:\Documents and Settings\KOuellet\Application Data\Mozilla\Firefox\Profiles\4ed2bzh4.default\extensions\{07b2a769-ed19-4483-87ce-c643914c81bb} -> [2009/04/30 09:21:53 | 00,000,000 | ---D | M]
Yahoo! Toolbar   -> C:\Documents and Settings\KOuellet\Application Data\Mozilla\Firefox\Profiles\4ed2bzh4.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} -> [2009/06/09 08:06:36 | 00,000,000 | ---D | M]
Firefox Showcase   -> C:\Documents and Settings\KOuellet\Application Data\Mozilla\Firefox\Profiles\4ed2bzh4.default\extensions\{89506680-e3f4-484c-a2c0-ed711d481eda} -> [2009/01/17 10:02:16 | 00,000,000 | ---D | M]
FireFTP   -> C:\Documents and Settings\KOuellet\Application Data\Mozilla\Firefox\Profiles\4ed2bzh4.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f} -> [2009/03/03 13:03:00 | 00,000,000 | ---D | M]
AIM Toolbar   -> C:\Documents and Settings\KOuellet\Application Data\Mozilla\Firefox\Profiles\4ed2bzh4.default\extensions\{c2f863cd-0429-48c7-bb54-db756a951760} -> [2009/10/06 14:23:27 | 00,000,000 | ---D | M]
No name found   -> C:\Documents and Settings\KOuellet\Application Data\Mozilla\Firefox\Profiles\4ed2bzh4.default\extensions\{dc572301-7619-498c-a57d-39143191b318} -> [2009/08/30 19:35:26 | 00,000,000 | ---D | M]
  -> C:\Documents and Settings\KOuellet\Application Data\Mozilla\Firefox\Profiles\4ed2bzh4.default\extensions\autopager@mozilla.org -> [2009/08/30 19:35:27 | 00,000,000 | ---D | M]
  -> C:\Documents and Settings\KOuellet\Application Data\Mozilla\Firefox\Profiles\4ed2bzh4.default\extensions\tabscope@xuldev.org -> [2009/05/07 07:30:00 | 00,000,000 | ---D | M]
< FireFox SearchPlugins [User Folders] > -> 
< FireFox Extensions [Program Folders] > -> 
  -> C:\Program Files\Mozilla Firefox\extensions -> [2009/11/03 08:24:39 | 00,000,000 | ---D | M]
< HOSTS File > (348265 bytes and 11992 lines) -> C:\WINDOWS\system32\drivers\etc\hosts -> 
First 25 entries...
Reset Hosts
127.0.0.1 localhost
::1 localhost
91.212.127.226 osguard-pro.microsoft.com
91.212.127.226 osguard-pro.com
91.212.127.226 www.osguard-pro.com
127.0.0.1	www.007guard.com
127.0.0.1	007guard.com
127.0.0.1	008i.com
127.0.0.1	www.008k.com
127.0.0.1	008k.com
127.0.0.1	www.00hq.com
127.0.0.1	00hq.com
127.0.0.1	010402.com
127.0.0.1	www.032439.com
127.0.0.1	032439.com
127.0.0.1	www.0scan.com
127.0.0.1	0scan.com
127.0.0.1	www.1000gratisproben.com
127.0.0.1	1000gratisproben.com
127.0.0.1	www.1001namen.com
127.0.0.1	1001namen.com
127.0.0.1	100888290cs.com
127.0.0.1	www.100888290cs.com
127.0.0.1	100sexlinks.com
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{02478D38-C3F9-4efb-9B51-7695ECA05670} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> [2006/10/22 22:08:42 | 00,062,080 | ---- | M] (Adobe Systems Incorporated)
{22BF413B-C6D2-4d91-82A9-A0F997BA588C} [HKLM] -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [Skype add-on (mastermind)] -> [2008/09/23 14:17:08 | 01,088,296 | ---- | M] (Skype Technologies S.A.)
{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> [2009/01/26 15:31:02 | 01,879,896 | ---- | M] (Safer Networking Limited)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> C:\Program Files\Java\jre6\bin\ssv.dll [Java(tm) Plug-In SSV Helper] -> [2008/11/10 05:43:31 | 00,320,920 | ---- | M] (Sun Microsystems, Inc.)
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} [HKLM] -> C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [JQSIEStartDetectorImpl Class] -> [2008/11/10 05:43:17 | 00,073,728 | ---- | M] (Sun Microsystems, Inc.)
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"Apoint" -> C:\Program Files\Apoint\Apoint.exe [C:\Program Files\Apoint\Apoint.exe] -> [2007/04/15 22:49:08 | 00,159,744 | ---- | M] (Alps Electric Co., Ltd.)
"Broadcom Wireless Manager UI" -> C:\WINDOWS\system32\WLTRAY.EXE [C:\WINDOWS\system32\WLTRAY.exe] -> [2007/10/09 05:17:44 | 02,183,168 | ---- | M] (Dell Inc.)
"ccApp" -> C:\Program Files\Common Files\Symantec Shared\ccApp.exe ["C:\Program Files\Common Files\Symantec Shared\ccApp.exe"] -> [2007/11/09 14:15:34 | 00,115,560 | ---- | M] (Symantec Corporation)
"DLCXCATS" -> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCXtime.DLL [rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCXtime.dll,_RunDLLEntry@16] -> [2006/10/15 23:31:56 | 00,106,496 | ---- | M] ()
"dlcxmon.exe" -> C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe ["C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe"] -> [2007/01/12 10:57:28 | 00,292,336 | ---- | M] ()
"ISUSPM Startup" -> c:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup] -> [2004/07/27 17:50:42 | 00,221,184 | ---- | M] (InstallShield Software Corporation)
"ISUSScheduler" -> C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe ["C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start] -> [2004/07/27 17:50:18 | 00,081,920 | ---- | M] (InstallShield Software Corporation)
"iTunesHelper" -> C:\Program Files\iTunes\iTunesHelper.exe ["C:\Program Files\iTunes\iTunesHelper.exe"] -> [2009/03/12 19:56:58 | 00,342,312 | ---- | M] (Apple Inc.)
"MemoryCardManager" -> C:\Program Files\Dell Photo AIO Printer 926\memcard.exe ["C:\Program Files\Dell Photo AIO Printer 926\memcard.exe"] -> [2006/11/03 16:04:46 | 00,304,008 | ---- | M] ()
"NvCplDaemon" -> C:\WINDOWS\System32\NvCpl.DLL [RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup] -> [2007/05/31 16:50:22 | 08,429,568 | ---- | M] (NVIDIA Corporation)
"NVHotkey" -> C:\WINDOWS\System32\nvhotkey.dll [rundll32.exe nvHotkey.dll,Start] -> [2007/05/31 16:50:32 | 00,067,584 | ---- | M] (NVIDIA Corporation)
"NvMediaCenter" -> C:\WINDOWS\System32\nvmctray.dll [RunDLL32.exe NvMCTray.dll,NvTaskbarInit] -> [2007/05/31 16:50:34 | 00,081,920 | ---- | M] (NVIDIA Corporation)
"nwiz" -> C:\WINDOWS\System32\nwiz.exe [nwiz.exe /installquiet] -> [2007/05/31 16:50:48 | 01,626,112 | ---- | M] ()
"PDVDDXSrv" -> C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe ["C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"] -> [2006/10/20 18:23:38 | 00,118,784 | ---- | M] (CyberLink Corp.)
"QuickTime Task" -> C:\Program Files\QuickTime\qttask.exe ["C:\Program Files\QuickTime\qttask.exe" -atboottime] -> [2009/05/26 16:18:30 | 00,413,696 | ---- | M] (Apple Inc.)
"RoxioDragToDisc" -> C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe ["C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"] -> [2006/08/17 10:00:00 | 01,116,920 | ---- | M] (Roxio)
"SigmatelSysTrayApp" -> C:\Program Files\Sigmatel\C-Major Audio\WDM\stsystra.exe [%ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe] -> [2007/12/05 18:24:46 | 00,405,504 | ---- | M] (SigmaTel, Inc.)
"TkBellExe" -> C:\Program Files\Common Files\Real\Update_OB\realsched.exe ["C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot] -> [2008/07/21 07:15:01 | 00,185,896 | ---- | M] (RealNetworks, Inc.)
"WinPatrol" -> C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe [C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot] -> [2009/04/07 14:16:51 | 00,337,216 | ---- | M] (BillP Studios)
< Run [HKEY_USERS\S-1-5-21-2133283647-616262522-18564361-3713\] > -> HKEY_USERS\S-1-5-21-2133283647-616262522-18564361-3713\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"Messenger (Yahoo!)" -> C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe ["C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet] -> [2009/05/26 20:06:32 | 04,351,216 | ---- | M] (Yahoo! Inc.)
"SafeChat" -> C:\Program Files\Zihtec\Safe Chat\SafeChat.exe [C:\Program Files\Zihtec\Safe Chat\SafeChat.exe] -> File not found
"SODCPreLoad" -> C:\Program Files\IBM\Lotus\Notes\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.app.win32_3.0.0.20070725-1652\preload.exe [C:\Program Files\IBM\Lotus\Notes\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.app.win32_3.0.0.20070725-1652\preload.exe C:\DOCUME~1\KOuellet\LOCALS~1\APPLIC~1\Lotus\Notes\Data\WORKSP~1\.sodc\] -> [2008/04/03 09:39:21 | 00,040,960 | ---- | M] ()
"SpybotSD TeaTimer" -> C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe] -> [2009/03/05 16:07:20 | 02,260,480 | RHS- | M] (Safer-Networking Ltd.)
"TomTomHOME.exe" -> C:\Program Files\TomTom HOME 2\HOMERunner.exe ["C:\Program Files\TomTom HOME 2\HOMERunner.exe" -s] -> [2008/12/09 05:12:30 | 00,234,856 | ---- | M] (TomTom)
< RunOnce [HKEY_USERS\S-1-5-21-2133283647-616262522-18564361-3713\] > -> HKEY_USERS\S-1-5-21-2133283647-616262522-18564361-3713\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce -> 
"Shockwave Updater" -> C:\WINDOWS\System32\Adobe\SHOCKW~1\SWHELP~2.EXE -Update -1100465 -Mozilla\4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident\4.0;  [C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~2.EXE -Update -1100465 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; InfoPath.2)" -"http://highered.mcgraw-hill.com/sites/0073530638/student_view0/chapter1/flashcards.html"] -> File not found
< Administrator Startup Folder > -> C:\Documents and Settings\Administrator\Start Menu\Programs\Startup -> 
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> 
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Find Fast.lnk -> C:\Program Files\Microsoft Office\Office\FINDFAST.EXE -> [1998/04/06 23:00:00 | 00,111,376 | ---- | M] ()
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Monitor Apache Servers.lnk -> C:\Program Files\Apache Group\Apache2\bin\ApacheMonitor.exe -> [2008/01/17 21:59:58 | 00,041,042 | ---- | M] (Apache Software Foundation)
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Office Startup.lnk -> C:\Program Files\Microsoft Office\Office\OSA.EXE -> [1998/04/06 23:00:00 | 00,051,984 | ---- | M] ()
< Default User Startup Folder > -> C:\Documents and Settings\Default User\Start Menu\Programs\Startup -> 
< KOuellet Startup Folder > -> C:\Documents and Settings\KOuellet\Start Menu\Programs\Startup -> 
< localadmin Startup Folder > -> C:\Documents and Settings\localadmin\Start Menu\Programs\Startup -> 
< Software Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Main
\Main\\"DisableFirstRunCustomize" ->  [1] -> File not found
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [8] -> File not found
\\"NoCDBurning" ->  [0] -> File not found
\\"HonorAutoRunSetting" ->  [1] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
< CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-2133283647-616262522-18564361-3713] > -> HKEY_USERS\S-1-5-21-2133283647-616262522-18564361-3713\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_USERS\S-1-5-21-2133283647-616262522-18564361-3713\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-516019477-3756168135-91704663-1005] > -> HKEY_USERS\S-1-5-21-516019477-3756168135-91704663-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_USERS\S-1-5-21-516019477-3756168135-91704663-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [145] -> File not found
< Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-2133283647-616262522-18564361-3713\] > -> HKEY_USERS\S-1-5-21-2133283647-616262522-18564361-3713\Software\Microsoft\Internet Explorer\MenuExt\ -> 
E&xport to Microsoft Excel -> C:\Program Files\Microsoft Office\Office12\EXCEL.EXE [res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000] -> [2009/05/04 07:40:04 | 18,333,536 | ---- | M] (Microsoft Corporation)
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{77BF5300-1474-4EC7-9980-D32B190E9B07}:{77BF5300-1474-4EC7-9980-D32B190E9B07} [HKLM] -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [Button: Skype] -> [2008/09/23 14:17:08 | 01,088,296 | ---- | M] (Skype Technologies S.A.)
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [Menu: Spybot - Search & Destroy Configuration] -> [2009/01/26 15:31:02 | 01,879,896 | ---- | M] (Safer Networking Limited)
< Internet Explorer Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] ->  [Reg Error: Value error.] -> File not found
< Internet Explorer Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] ->  [Reg Error: Value error.] -> File not found
< Internet Explorer Extensions [HKEY_USERS\S-1-5-21-516019477-3756168135-91704663-1005\] > -> HKEY_USERS\S-1-5-21-516019477-3756168135-91704663-1005\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] ->  [Reg Error: Value error.] -> File not found
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 6200 domain(s) found. -> 
58 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 6199 domain(s) found. -> 
57 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 6199 domain(s) found. -> 
57 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-21-2133283647-616262522-18564361-3713\] > -> HKEY_USERS\S-1-5-21-2133283647-616262522-18564361-3713\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-21-2133283647-616262522-18564361-3713\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 6199 domain(s) found. -> 
57 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_USERS\S-1-5-21-2133283647-616262522-18564361-3713\] > -> HKEY_USERS\S-1-5-21-2133283647-616262522-18564361-3713\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-21-2133283647-616262522-18564361-3713\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-21-516019477-3756168135-91704663-1005\] > -> HKEY_USERS\S-1-5-21-516019477-3756168135-91704663-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-21-516019477-3756168135-91704663-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 6199 domain(s) found. -> 
57 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_USERS\S-1-5-21-516019477-3756168135-91704663-1005\] > -> HKEY_USERS\S-1-5-21-516019477-3756168135-91704663-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-21-516019477-3756168135-91704663-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. -> 
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{02BCC737-B171-4746-94C9-0D8A0B2C0089} [HKLM] -> http://office.microsoft.com/templates/ieawsdc.cab [Microsoft Office Template and Media Control] -> 
{05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} [HKLM] -> http://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab [Office Genuine Advantage Validation Tool] -> 
{1239CC52-59EF-4DFA-8C61-90FFA846DF7E} [HKLM] -> http://www.musicnotes.com/download/mnviewer.cab [Musicnotes Viewer] -> 
{2202D225-22C1-4B8C-A4B8-6A7E7B7E1524} [HKLM] -> https://gdc.on.intercall.com/confmgr/installs/ICWMInstall.cab [ICWMInstallObj Class] -> 
{233C1507-6A77-46A4-9443-F871F945D258} [HKLM] -> http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab [Shockwave ActiveX Control] -> 
{4871A87A-BFDD-4106-8153-FFDE2BAC2967} [HKLM] -> http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab [DLM Control] -> 
{6414512B-B978-451D-A0D8-FCFDF33E833C} [HKLM] -> http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1207149899037 [WUWebControl Class] -> 
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} [HKLM] -> http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1238503222605 [MUWebControl Class] -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab [Java Plug-in 1.6.0_11] -> 
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [HKLM] -> http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab [Reg Error: Key error.] -> 
{983A9C21-8207-4B58-BBB8-0EBC3D7C5505} [HKLM] -> https://dominogate.gdc.com/dwa8W.cab [Domino Web Access 8 Control] -> 
{A8F2B9BD-A6A0-486A-9744-18920D898429} [HKLM] -> http://www.sibelius.com/download/software/win/ActiveXPlugin.cab [Reg Error: Key error.] -> 
{C7DB51B4-BCF7-4923-8874-7F1A0DC92277} [HKLM] -> http://office.microsoft.com/officeupdate/content/opuc4.cab [Office Update Installation Engine] -> 
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab [Reg Error: Key error.] -> 
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab [Reg Error: Key error.] -> 
{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab [Java Plug-in 1.6.0_11] -> 
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab [Java Plug-in 1.6.0_11] -> 
{E06E2E99-0AA1-11D4-ABA6-0060082AA75C} [HKLM] -> https://mwmus.webex.com/client/v_mywebex-mwm/mywebex/ieatgpc.cab [GpcContainer Class] -> 
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ -> 
DhcpNameServer -> 172.16.0.186 172.16.5.140 -> 
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{630D610D-4331-4A5F-BEC8-AED7A10E9A8D}\\DhcpNameServer -> 172.16.0.186 172.16.5.140   (Dell Wireless 1505 Draft 802.11n WLAN Mini-Card) -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
Explorer.exe -> C:\WINDOWS\explorer.exe -> [2008/04/13 19:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 
gemsafe -> C:\Program Files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll -> [2006/11/16 16:20:28 | 00,073,728 | ---- | M] (Gemplus)
< Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List -> 
"C:\Program Files\Axence\NetTools\3.2\nVision.exe" -> C:\Program Files\Axence\NetTools\3.2\nVision.exe [C:\Program Files\Axence\NetTools\3.2\nVision.exe:*:Enabled:nVision] -> File not found
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List -> 
"C:\Program Files\AIM\aim.exe" -> C:\Program Files\AIM\aim.exe [C:\Program Files\AIM\aim.exe:*:Enabled:AIM] -> File not found
"C:\Program Files\AIM6\aim6.exe" -> C:\Program Files\AIM6\aim6.exe [C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM] -> File not found
"C:\Program Files\Axence\NetTools\3.2\nVision.exe" -> C:\Program Files\Axence\NetTools\3.2\nVision.exe [C:\Program Files\Axence\NetTools\3.2\nVision.exe:*:Enabled:nVision] -> File not found
"C:\Program Files\Bonjour\mDNSResponder.exe" -> C:\Program Files\Bonjour\mDNSResponder.exe [C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour] -> [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.)
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" -> C:\Program Files\Common Files\AOL\Loader\aolload.exe [C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader] -> File not found
"C:\Program Files\Common Files\Symantec Shared\ccApp.exe" -> C:\Program Files\Common Files\Symantec Shared\ccApp.exe [C:\Program Files\Common Files\Symantec Shared\ccApp.exe:*:Enabled:Symantec Email] -> [2007/11/09 14:15:34 | 00,115,560 | ---- | M] (Symantec Corporation)
"C:\Program Files\iTunes\iTunes.exe" -> C:\Program Files\iTunes\iTunes.exe [C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes] -> [2009/03/12 19:56:54 | 13,498,664 | ---- | M] (Apple Inc.)
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" -> C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE [C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook] -> [2009/08/17 21:54:54 | 12,957,536 | ---- | M] (Microsoft Corporation)
"C:\Program Files\OpenCase\OpenCASE Media Agent\PandoBinaries\NBCPandoREST.exe" -> C:\Program Files\OpenCase\OpenCASE Media Agent\PandoBinaries\NBCPandoREST.exe [C:\Program Files\OpenCase\OpenCASE Media Agent\PandoBinaries\NBCPandoREST.exe:*:Enabled:PandoRest Application Name] -> File not found
"C:\Program Files\Ruckus Player\Ruckus.exe" -> C:\Program Files\Ruckus Player\Ruckus.exe [C:\Program Files\Ruckus Player\Ruckus.exe:*:Enabled:Ruckus] -> File not found
"C:\Program Files\Skype\Phone\Skype.exe" -> C:\Program Files\Skype\Phone\Skype.exe [C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype] -> [2008/09/23 14:17:06 | 21,755,688 | R--- | M] (Skype Technologies S.A.)
"C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe" -> C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe [C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe:*:Enabled:SMC Service] -> [2007/12/18 18:03:08 | 02,569,600 | ---- | M] (Symantec Corporation)
"C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE" -> C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE [C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE:*:Enabled:SNAC Service] -> [2007/12/18 18:04:36 | 00,234,888 | ---- | M] (Symantec Corporation)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -> C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger] -> [2009/05/26 20:06:32 | 04,351,216 | ---- | M] (Yahoo! Inc.)
"C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe" -> C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe [C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe:*:Enabled:Remote Assistance - Windows Messenger and Voice] -> [2008/04/13 19:12:21 | 00,769,024 | ---- | M] (Microsoft Corporation)
"C:\WINDOWS\system32\dlcxcoms.exe" -> C:\WINDOWS\System32\dlcxcoms.exe [C:\WINDOWS\system32\dlcxcoms.exe:*:Enabled:Dell 926 Server] -> [2006/10/11 15:48:50 | 00,532,480 | ---- | M] ( )
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> 
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 -> 
"DisplayName" -> CD-ROM Driver -> 
"ImagePath" ->  [system32\DRIVERS\cdrom.sys] -> File not found
< Drives with AutoRun files > ->  -> 
C:\AUTOEXEC.BAT [] -> C:\AUTOEXEC.BAT [ NTFS ] -> [2004/08/11 18:15:00 | 00,000,000 | ---- | M] ()
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> 
\{23c413b2-d9d1-11dd-8267-001d09c32d63}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{23c413b2-d9d1-11dd-8267-001d09c32d63}\Shell\AutoRun\command
\{23c413b2-d9d1-11dd-8267-001d09c32d63}\Shell\AutoRun\command\\"" -> F:\InstallTomTomHOME.exe [F:\InstallTomTomHOME.exe] -> File not found
\{42163544-1aa8-11dd-8034-001d09c32d63}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{42163544-1aa8-11dd-8034-001d09c32d63}\Shell
\{42163544-1aa8-11dd-8034-001d09c32d63}\Shell\\"" ->  [AutoRun] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{42163544-1aa8-11dd-8034-001d09c32d63}\Shell\AutoRun
\{42163544-1aa8-11dd-8034-001d09c32d63}\Shell\AutoRun\\"" ->  [Auto&Play] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{42163544-1aa8-11dd-8034-001d09c32d63}\Shell\AutoRun\command
\{42163544-1aa8-11dd-8034-001d09c32d63}\Shell\AutoRun\command\\"" -> F:\LaunchU3.exe [F:\LaunchU3.exe -a] -> File not found
\{42163546-1aa8-11dd-8034-001d09c32d63}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{42163546-1aa8-11dd-8034-001d09c32d63}\Shell
\{42163546-1aa8-11dd-8034-001d09c32d63}\Shell\\"" ->  [AutoRun] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{42163546-1aa8-11dd-8034-001d09c32d63}\Shell\AutoRun
\{42163546-1aa8-11dd-8034-001d09c32d63}\Shell\AutoRun\\"" ->  [Auto&Play] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{42163546-1aa8-11dd-8034-001d09c32d63}\Shell\AutoRun\command
\{42163546-1aa8-11dd-8034-001d09c32d63}\Shell\AutoRun\command\\"" -> E:\LaunchU3.exe [E:\LaunchU3.exe -a] -> File not found
\{faae5d22-a2f5-11dd-81b1-001f3a56e7d1}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{faae5d22-a2f5-11dd-81b1-001f3a56e7d1}\Shell
\{faae5d22-a2f5-11dd-81b1-001f3a56e7d1}\Shell\\"" ->  [AutoRun] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{faae5d22-a2f5-11dd-81b1-001f3a56e7d1}\Shell\AutoRun
\{faae5d22-a2f5-11dd-81b1-001f3a56e7d1}\Shell\AutoRun\\"" ->  [Auto&Play] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{faae5d22-a2f5-11dd-81b1-001f3a56e7d1}\Shell\AutoRun\command
\{faae5d22-a2f5-11dd-81b1-001f3a56e7d1}\Shell\AutoRun\command\\"" -> F:\LaunchU3.exe [F:\LaunchU3.exe -a] -> File not found
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command -> 
comfile [open] -> "%1" %* -> 
exefile [open] -> "%1" %* -> 
 
 
[Files/Folders - Created Within 30 Days]
 OTS.exe -> C:\Documents and Settings\KOuellet\Desktop\OTS.exe -> [2009/12/14 12:25:19 | 00,534,528 | ---- | C] (OldTimer Tools)
 smkits -> C:\Documents and Settings\KOuellet\Application Data\smkits -> [2009/12/14 10:39:40 | 00,000,000 | ---D | C]
 RootRepeal.exe -> C:\Documents and Settings\KOuellet\Desktop\RootRepeal.exe -> [2009/12/12 13:57:29 | 00,472,064 | ---- | C] ( )
 Spyware Doctor -> C:\Program Files\Spyware Doctor -> [2009/12/11 08:18:22 | 00,000,000 | ---D | C]
 WinPatrol -> C:\Documents and Settings\KOuellet\Application Data\WinPatrol -> [2009/12/11 06:21:14 | 00,000,000 | ---D | C]
 BillP Studios -> C:\Program Files\BillP Studios -> [2009/12/11 06:21:03 | 00,000,000 | ---D | C]
 ipv6 -> C:\Documents and Settings\KOuellet\My Documents\ipv6 -> [2009/12/09 22:03:47 | 00,000,000 | ---D | C]
 vpls -> C:\Documents and Settings\KOuellet\My Documents\vpls -> [2009/12/08 22:45:48 | 00,000,000 | ---D | C]
 smartgrid -> C:\Documents and Settings\KOuellet\My Documents\smartgrid -> [2009/12/08 14:06:08 | 00,000,000 | ---D | C]
 Mangrove -> C:\Documents and Settings\KOuellet\My Documents\Mangrove -> [2009/12/07 09:01:15 | 00,000,000 | ---D | C]
 PTC -> C:\Documents and Settings\KOuellet\My Documents\PTC -> [2009/12/03 14:32:32 | 00,000,000 | ---D | C]
 FoxyTunes -> C:\Documents and Settings\KOuellet\Application Data\FoxyTunes -> [2009/12/01 14:28:52 | 00,000,000 | ---D | C]
 FoxyTunes -> C:\Program Files\FoxyTunes -> [2009/12/01 14:28:49 | 00,000,000 | ---D | C]
 Bitcricket -> C:\Documents and Settings\KOuellet\Application Data\Bitcricket -> [2009/11/30 16:21:50 | 00,000,000 | ---D | C]
 Bitcricket -> C:\Program Files\Bitcricket -> [2009/11/30 16:21:37 | 00,000,000 | ---D | C]
 tmcomm.sys -> C:\WINDOWS\System32\drivers\tmcomm.sys -> [2009/11/28 17:26:07 | 00,161,296 | ---- | C] (Trend Micro Inc.)
 Trend Micro -> C:\Program Files\Trend Micro -> [2009/11/22 22:45:09 | 00,000,000 | ---D | C]
 customer -> C:\Documents and Settings\KOuellet\My Documents\customer -> [2009/11/18 08:39:12 | 00,000,000 | ---D | C]
 NTRU Cryptosystems -> C:\Documents and Settings\NetworkService\Local Settings\Application Data\NTRU Cryptosystems -> [2009/11/02 09:36:03 | 00,000,000 | ---D | M]
 dlcxserv.dll -> C:\WINDOWS\System32\dlcxserv.dll -> [2009/09/08 20:40:15 | 01,224,704 | ---- | C] ( )
 dlcxusb1.dll -> C:\WINDOWS\System32\dlcxusb1.dll -> [2009/09/08 20:40:15 | 00,991,232 | ---- | C] ( )
 dlcxpmui.dll -> C:\WINDOWS\System32\dlcxpmui.dll -> [2009/09/08 20:40:15 | 00,643,072 | ---- | C] ( )
 dlcxinpa.dll -> C:\WINDOWS\System32\dlcxinpa.dll -> [2009/09/08 20:40:15 | 00,413,696 | ---- | C] ( )
 dlcxiesc.dll -> C:\WINDOWS\System32\dlcxiesc.dll -> [2009/09/08 20:40:15 | 00,397,312 | ---- | C] ( )
 dlcxhcp.dll -> C:\WINDOWS\System32\dlcxhcp.dll -> [2009/09/08 20:40:15 | 00,323,584 | ---- | C] ( )
 dlcxprox.dll -> C:\WINDOWS\System32\dlcxprox.dll -> [2009/09/08 20:40:15 | 00,163,840 | ---- | C] ( )
 dlcxpplc.dll -> C:\WINDOWS\System32\dlcxpplc.dll -> [2009/09/08 20:40:15 | 00,094,208 | ---- | C] ( )
 dlcxhbn3.dll -> C:\WINDOWS\System32\dlcxhbn3.dll -> [2009/09/08 20:40:14 | 00,696,320 | ---- | C] ( )
 dlcxcomc.dll -> C:\WINDOWS\System32\dlcxcomc.dll -> [2009/09/08 20:40:14 | 00,684,032 | ---- | C] ( )
 dlcxlmpm.dll -> C:\WINDOWS\System32\dlcxlmpm.dll -> [2009/09/08 20:40:14 | 00,585,728 | ---- | C] ( )
 dlcxcomm.dll -> C:\WINDOWS\System32\dlcxcomm.dll -> [2009/09/08 20:40:14 | 00,421,888 | ---- | C] ( )
 Tiny DHCP Server -> C:\Documents and Settings\NetworkService\Application Data\Tiny DHCP Server -> [2009/02/05 19:29:33 | 00,000,000 | ---D | M]
 Tiny DHCP Server -> C:\Documents and Settings\LocalService\Application Data\Tiny DHCP Server -> [2009/02/05 17:01:11 | 00,000,000 | ---D | M]
 Microsoft -> C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft -> [2008/10/06 07:38:58 | 00,000,000 | ---D | M]
 Implode.dll -> C:\WINDOWS\System32\Implode.dll -> [2008/08/21 13:46:28 | 00,018,944 | ---- | C] ( )
 Apple -> C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple -> [2008/08/11 11:18:01 | 00,000,000 | ---D | M]
 Adobe -> C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe -> [2008/05/29 11:12:19 | 00,000,000 | ---D | M]
 Microsoft -> C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft -> [2008/04/03 10:21:22 | 00,000,000 | ---D | M]
 Microsoft -> C:\Documents and Settings\NetworkService\Application Data\Microsoft -> [2004/08/11 18:06:56 | 00,000,000 | --SD | M]
 Microsoft -> C:\Documents and Settings\LocalService\Application Data\Microsoft -> [2004/08/11 18:06:56 | 00,000,000 | --SD | M]
 2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
 1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
 1 C:\*.tmp files -> C:\*.tmp -> 
 
[Files/Folders - Modified Within 30 Days]
 OTS.exe -> C:\Documents and Settings\KOuellet\Desktop\OTS.exe -> [2009/12/14 12:25:20 | 00,534,528 | ---- | M] (OldTimer Tools)
 User_Feed_Synchronization-{80AFC1B1-0F8D-4651-B28B-B2DE89AB814E}.job -> C:\WINDOWS\tasks\User_Feed_Synchronization-{80AFC1B1-0F8D-4651-B28B-B2DE89AB814E}.job -> [2009/12/14 11:53:37 | 00,000,428 | -H-- | M] ()
 nvModes.dat -> C:\WINDOWS\System32\nvModes.dat -> [2009/12/14 10:33:36 | 00,062,676 | ---- | M] ()
 nvModes.001 -> C:\WINDOWS\System32\nvModes.001 -> [2009/12/14 10:33:36 | 00,062,676 | ---- | M] ()
 NTUSER.DAT -> C:\Documents and Settings\KOuellet\NTUSER.DAT -> [2009/12/14 10:28:02 | 11,272,192 | -H-- | M] ()
 Ad-Aware Update (Weekly).job -> C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job -> [2009/12/14 08:47:42 | 00,000,472 | ---- | M] ()
 wpa.dbl -> C:\WINDOWS\System32\wpa.dbl -> [2009/12/14 08:45:52 | 00,001,158 | ---- | M] ()
 SA.DAT -> C:\WINDOWS\tasks\SA.DAT -> [2009/12/14 08:44:52 | 00,000,006 | -H-- | M] ()
 bootstat.dat -> C:\WINDOWS\bootstat.dat -> [2009/12/14 08:44:37 | 00,002,048 | --S- | M] ()
 hiberfil.sys -> C:\hiberfil.sys -> [2009/12/14 08:44:31 | 21,453,49632 | -HS- | M] ()
 settings.dat -> C:\Documents and Settings\KOuellet\Desktop\settings.dat -> [2009/12/12 13:57:36 | 00,000,000 | ---- | M] ()
 RootRepeal.exe -> C:\Documents and Settings\KOuellet\Desktop\RootRepeal.exe -> [2009/12/12 13:57:30 | 00,472,064 | ---- | M] ( )
 virus.doc -> C:\Documents and Settings\KOuellet\My Documents\virus.doc -> [2009/12/11 17:05:14 | 00,046,592 | ---- | M] ()
 CFC_Resign.docx -> C:\Documents and Settings\KOuellet\My Documents\CFC_Resign.docx -> [2009/12/11 16:51:56 | 00,010,609 | ---- | M] ()
 Air 1, the Positive Alternative Media Player.url -> C:\Documents and Settings\KOuellet\Desktop\Air 1, the Positive Alternative Media Player.url -> [2009/12/11 13:20:50 | 00,000,205 | ---- | M] ()
 Xedge7_2_2v2.zip -> C:\Documents and Settings\KOuellet\Desktop\Xedge7_2_2v2.zip -> [2009/12/11 09:43:33 | 05,021,087 | ---- | M] ()
 Xedge7_2_2v2.comp -> C:\Documents and Settings\KOuellet\Desktop\Xedge7_2_2v2.comp -> [2009/12/11 09:43:33 | 05,021,087 | ---- | M] ()
 hpbafd.ini -> C:\WINDOWS\hpbafd.ini -> [2009/12/11 09:17:32 | 00,000,166 | ---- | M] ()
 PCL upgrade procedures.doc -> C:\Documents and Settings\KOuellet\My Documents\PCL upgrade procedures.doc -> [2009/12/10 16:06:15 | 00,300,544 | ---- | M] ()
 Resource Report 12_09_09.xls -> C:\Documents and Settings\KOuellet\My Documents\Resource Report 12_09_09.xls -> [2009/12/10 09:23:47 | 00,036,352 | ---- | M] ()
 Dickey Rural remaining tasks.docx -> C:\Documents and Settings\KOuellet\My Documents\Dickey Rural remaining tasks.docx -> [2009/12/09 14:40:34 | 00,011,679 | ---- | M] ()
 GDC credit application.pdf -> C:\Documents and Settings\KOuellet\My Documents\GDC credit application.pdf -> [2009/12/08 16:10:31 | 00,065,363 | ---- | M] ()
 PrimoPDFSet.xml -> C:\Documents and Settings\KOuellet\Application Data\PrimoPDFSet.xml -> [2009/12/08 14:06:35 | 00,006,138 | ---- | M] ()
 APUSet.xml -> C:\Documents and Settings\KOuellet\Application Data\APUSet.xml -> [2009/12/07 14:58:30 | 00,000,310 | ---- | M] ()
 GDC Markets.ppt -> C:\Documents and Settings\KOuellet\My Documents\GDC Markets.ppt -> [2009/12/07 10:26:54 | 00,166,400 | ---- | M] ()
 CFC Storehouse 2003.mdb -> C:\Documents and Settings\KOuellet\Desktop\CFC Storehouse 2003.mdb -> [2009/12/07 09:02:42 | 03,522,560 | ---- | M] ()
 Attach.zip -> C:\Documents and Settings\KOuellet\Desktop\Attach.zip -> [2009/12/07 08:46:44 | 00,004,997 | ---- | M] ()
 dds.pif -> C:\Documents and Settings\KOuellet\Desktop\dds.pif -> [2009/12/07 08:40:55 | 00,524,288 | ---- | M] ()
 LTE_UMTS.pdf -> C:\Documents and Settings\KOuellet\Desktop\LTE_UMTS.pdf -> [2009/12/03 17:00:52 | 00,213,331 | ---- | M] ()
 mbamswissarmy.sys -> C:\WINDOWS\System32\drivers\mbamswissarmy.sys -> [2009/12/03 16:14:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation)
 mbam.sys -> C:\WINDOWS\System32\drivers\mbam.sys -> [2009/12/03 16:13:56 | 00,019,160 | ---- | M] (Malwarebytes Corporation)
 AppleSoftwareUpdate.job -> C:\WINDOWS\tasks\AppleSoftwareUpdate.job -> [2009/12/02 17:14:01 | 00,000,284 | ---- | M] ()
 _viminfo -> C:\Documents and Settings\KOuellet\_viminfo -> [2009/12/02 09:28:30 | 00,009,257 | ---- | M] ()
 win.ini -> C:\WINDOWS\win.ini -> [2009/12/01 14:29:43 | 00,000,848 | ---- | M] ()
 Questions- Miles 12-01-09ver3.doc -> C:\Documents and Settings\KOuellet\My Documents\Questions- Miles 12-01-09ver3.doc -> [2009/12/01 12:24:11 | 00,134,144 | ---- | M] ()
 GDC-Supplier Fill Out and Return.xls -> C:\Documents and Settings\KOuellet\My Documents\GDC-Supplier Fill Out and Return.xls -> [2009/11/30 13:52:55 | 00,033,792 | ---- | M] ()
 tmcomm.sys -> C:\WINDOWS\System32\drivers\tmcomm.sys -> [2009/11/28 17:26:06 | 00,161,296 | ---- | M] (Trend Micro Inc.)
 gone.bat -> C:\gone.bat -> [2009/11/28 17:04:15 | 00,000,038 | ---- | M] ()
 Default.rdp -> C:\Documents and Settings\KOuellet\My Documents\Default.rdp -> [2009/11/28 15:16:58 | 00,001,774 | -H-- | M] ()
 Nortel6400FeatureCompare.xls -> C:\Documents and Settings\KOuellet\My Documents\Nortel6400FeatureCompare.xls -> [2009/11/24 18:47:57 | 00,037,376 | ---- | M] ()
 LADWP.xlsx -> C:\Documents and Settings\KOuellet\My Documents\LADWP.xlsx -> [2009/11/24 09:57:55 | 00,012,272 | ---- | M] ()
 Summery of Mississippi Trial.docx -> C:\Documents and Settings\KOuellet\My Documents\Summery of Mississippi Trial.docx -> [2009/11/23 22:36:05 | 00,012,792 | ---- | M] ()
 HijackThis.lnk -> C:\Documents and Settings\KOuellet\Desktop\HijackThis.lnk -> [2009/11/22 22:45:10 | 00,001,734 | ---- | M] ()
 seth2.xlsx -> C:\Documents and Settings\KOuellet\My Documents\seth2.xlsx -> [2009/11/22 22:40:39 | 00,010,192 | ---- | M] ()
 Seth.xlsx -> C:\Documents and Settings\KOuellet\My Documents\Seth.xlsx -> [2009/11/22 22:40:27 | 00,014,658 | ---- | M] ()
 Bubble Gum Experiment.doc -> C:\Documents and Settings\KOuellet\My Documents\Bubble Gum Experiment.doc -> [2009/11/22 22:29:51 | 00,048,640 | ---- | M] ()
 seth1.docx -> C:\Documents and Settings\KOuellet\My Documents\seth1.docx -> [2009/11/22 22:21:48 | 00,011,445 | ---- | M] ()
 Conclusion of Bubble Gum Experiment.docx -> C:\Documents and Settings\KOuellet\My Documents\Conclusion of Bubble Gum Experiment.docx -> [2009/11/22 21:26:24 | 00,011,234 | ---- | M] ()
 10 Study Questions.docx -> C:\Documents and Settings\KOuellet\My Documents\10 Study Questions.docx -> [2009/11/22 17:17:47 | 00,013,830 | ---- | M] ()
 Comparing Different levels of Toleration.docx -> C:\Documents and Settings\KOuellet\My Documents\Comparing Different levels of Toleration.docx -> [2009/11/18 20:13:26 | 00,012,592 | ---- | M] ()
 PerfStringBackup.INI -> C:\WINDOWS\System32\PerfStringBackup.INI -> [2009/11/18 12:04:46 | 00,530,912 | ---- | M] ()
 perfh009.dat -> C:\WINDOWS\System32\perfh009.dat -> [2009/11/18 12:04:46 | 00,447,690 | ---- | M] ()
 perfc009.dat -> C:\WINDOWS\System32\perfc009.dat -> [2009/11/18 12:04:46 | 00,074,014 | ---- | M] ()
 Integrators.xls -> C:\Documents and Settings\KOuellet\My Documents\Integrators.xls -> [2009/11/18 08:48:14 | 00,083,968 | ---- | M] ()
 letter to prospects_kjo.doc -> C:\Documents and Settings\KOuellet\Desktop\letter to prospects_kjo.doc -> [2009/11/16 14:17:43 | 00,025,600 | ---- | M] ()
 5 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp -> 
 44 C:\Documents and Settings\KOuellet\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\KOuellet\Local Settings\Temp\*.tmp -> 
 2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
 1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
 1 C:\*.tmp files -> C:\*.tmp -> 
 
[Files - No Company Name]
 settings.dat -> C:\Documents and Settings\KOuellet\Desktop\settings.dat -> [2009/12/12 13:57:36 | 00,000,000 | ---- | C] ()
 virus.doc -> C:\Documents and Settings\KOuellet\My Documents\virus.doc -> [2009/12/11 17:05:13 | 00,046,592 | ---- | C] ()
 CFC_Resign.docx -> C:\Documents and Settings\KOuellet\My Documents\CFC_Resign.docx -> [2009/12/11 16:49:35 | 00,010,609 | ---- | C] ()
 Xedge7_2_2v2.comp -> C:\Documents and Settings\KOuellet\Desktop\Xedge7_2_2v2.comp -> [2009/12/11 12:11:03 | 05,021,087 | ---- | C] ()
 Xedge7_2_2v2.zip -> C:\Documents and Settings\KOuellet\Desktop\Xedge7_2_2v2.zip -> [2009/12/11 09:43:09 | 05,021,087 | ---- | C] ()
 Dickey Rural remaining tasks.docx -> C:\Documents and Settings\KOuellet\My Documents\Dickey Rural remaining tasks.docx -> [2009/12/09 14:40:34 | 00,011,679 | ---- | C] ()
 Resource Report 12_09_09.xls -> C:\Documents and Settings\KOuellet\My Documents\Resource Report 12_09_09.xls -> [2009/12/09 13:44:24 | 00,036,352 | ---- | C] ()
 GDC credit application.pdf -> C:\Documents and Settings\KOuellet\My Documents\GDC credit application.pdf -> [2009/12/08 16:10:31 | 00,065,363 | ---- | C] ()
 Attach.zip -> C:\Documents and Settings\KOuellet\Desktop\Attach.zip -> [2009/12/07 08:46:44 | 00,004,997 | ---- | C] ()
 dds.pif -> C:\Documents and Settings\KOuellet\Desktop\dds.pif -> [2009/12/07 08:40:55 | 00,524,288 | ---- | C] ()
 GDC Markets.ppt -> C:\Documents and Settings\KOuellet\My Documents\GDC Markets.ppt -> [2009/12/04 12:53:38 | 00,166,400 | ---- | C] ()
 Air 1, the Positive Alternative Media Player.url -> C:\Documents and Settings\KOuellet\Desktop\Air 1, the Positive Alternative Media Player.url -> [2009/12/04 09:07:03 | 00,000,205 | ---- | C] ()
 LTE_UMTS.pdf -> C:\Documents and Settings\KOuellet\Desktop\LTE_UMTS.pdf -> [2009/12/03 17:00:52 | 00,213,331 | ---- | C] ()
 Questions- Miles 12-01-09ver3.doc -> C:\Documents and Settings\KOuellet\My Documents\Questions- Miles 12-01-09ver3.doc -> [2009/12/01 12:24:10 | 00,134,144 | ---- | C] ()
 GDC-Supplier Fill Out and Return.xls -> C:\Documents and Settings\KOuellet\My Documents\GDC-Supplier Fill Out and Return.xls -> [2009/11/30 13:52:54 | 00,033,792 | ---- | C] ()
 gone.bat -> C:\gone.bat -> [2009/11/28 17:04:15 | 00,000,038 | ---- | C] ()
 Nortel6400FeatureCompare.xls -> C:\Documents and Settings\KOuellet\My Documents\Nortel6400FeatureCompare.xls -> [2009/11/24 18:47:55 | 00,037,376 | ---- | C] ()
 LADWP.xlsx -> C:\Documents and Settings\KOuellet\My Documents\LADWP.xlsx -> [2009/11/24 09:57:54 | 00,012,272 | ---- | C] ()
 Summery of Mississippi Trial.docx -> C:\Documents and Settings\KOuellet\My Documents\Summery of Mississippi Trial.docx -> [2009/11/23 22:09:59 | 00,012,792 | ---- | C] ()
 HijackThis.lnk -> C:\Documents and Settings\KOuellet\Desktop\HijackThis.lnk -> [2009/11/22 22:45:10 | 00,001,734 | ---- | C] ()
 seth2.xlsx -> C:\Documents and Settings\KOuellet\My Documents\seth2.xlsx -> [2009/11/22 22:40:39 | 00,010,192 | ---- | C] ()
 seth1.docx -> C:\Documents and Settings\KOuellet\My Documents\seth1.docx -> [2009/11/22 22:21:47 | 00,011,445 | ---- | C] ()
 Bubble Gum Experiment.doc -> C:\Documents and Settings\KOuellet\My Documents\Bubble Gum Experiment.doc -> [2009/11/22 21:51:32 | 00,048,640 | ---- | C] ()
 Conclusion of Bubble Gum Experiment.docx -> C:\Documents and Settings\KOuellet\My Documents\Conclusion of Bubble Gum Experiment.docx -> [2009/11/22 21:26:24 | 00,011,234 | ---- | C] ()
 Seth.xlsx -> C:\Documents and Settings\KOuellet\My Documents\Seth.xlsx -> [2009/11/22 21:25:47 | 00,014,658 | ---- | C] ()
 10 Study Questions.docx -> C:\Documents and Settings\KOuellet\My Documents\10 Study Questions.docx -> [2009/11/19 23:55:03 | 00,013,830 | ---- | C] ()
 Integrators.xls -> C:\Documents and Settings\KOuellet\My Documents\Integrators.xls -> [2009/11/18 08:48:13 | 00,083,968 | ---- | C] ()
 Comparing Different levels of Toleration.docx -> C:\Documents and Settings\KOuellet\My Documents\Comparing Different levels of Toleration.docx -> [2009/11/17 22:24:09 | 00,012,592 | ---- | C] ()
 letter to prospects_kjo.doc -> C:\Documents and Settings\KOuellet\Desktop\letter to prospects_kjo.doc -> [2009/11/16 13:56:34 | 00,025,600 | ---- | C] ()
 pdf995.ini -> C:\WINDOWS\pdf995.ini -> [2009/11/03 20:32:24 | 00,000,028 | ---- | C] ()
 FontCache3.0.0.0.dat -> C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat -> [2009/11/03 09:25:46 | 00,656,120 | ---- | C] ()
 dlcxvs.dll -> C:\WINDOWS\System32\dlcxvs.dll -> [2009/09/08 20:40:53 | 00,040,960 | ---- | C] ()
 dlcxcoin.dll -> C:\WINDOWS\System32\dlcxcoin.dll -> [2009/09/08 20:40:51 | 00,344,064 | ---- | C] ()
 dlcxdrs.dll -> C:\WINDOWS\System32\dlcxdrs.dll -> [2009/09/08 20:40:38 | 00,692,224 | ---- | C] ()
 dlcxcaps.dll -> C:\WINDOWS\System32\dlcxcaps.dll -> [2009/09/08 20:40:38 | 00,065,536 | ---- | C] ()
 dlcxcnv4.dll -> C:\WINDOWS\System32\dlcxcnv4.dll -> [2009/09/08 20:40:38 | 00,061,440 | ---- | C] ()
 dlcxutil.dll -> C:\WINDOWS\System32\dlcxutil.dll -> [2009/09/08 20:40:15 | 00,454,656 | ---- | C] ()
 dlcxinst.dll -> C:\WINDOWS\System32\dlcxinst.dll -> [2009/09/08 20:40:15 | 00,274,432 | ---- | C] ()
 dlcxgrd.dll -> C:\WINDOWS\System32\dlcxgrd.dll -> [2009/09/08 20:40:14 | 00,188,416 | ---- | C] ()
 dlcxinsb.dll -> C:\WINDOWS\System32\dlcxinsb.dll -> [2009/09/08 20:40:14 | 00,176,128 | ---- | C] ()
 dlcxins.dll -> C:\WINDOWS\System32\dlcxins.dll -> [2009/09/08 20:40:14 | 00,176,128 | ---- | C] ()
 dlcxjswr.dll -> C:\WINDOWS\System32\dlcxjswr.dll -> [2009/09/08 20:40:14 | 00,139,264 | ---- | C] ()
 dlcxinsr.dll -> C:\WINDOWS\System32\dlcxinsr.dll -> [2009/09/08 20:40:14 | 00,106,496 | ---- | C] ()
 dlcxcub.dll -> C:\WINDOWS\System32\dlcxcub.dll -> [2009/09/08 20:40:14 | 00,086,016 | ---- | C] ()
 dlcxcu.dll -> C:\WINDOWS\System32\dlcxcu.dll -> [2009/09/08 20:40:14 | 00,073,728 | ---- | C] ()
 DLCXcfg.dll -> C:\WINDOWS\System32\DLCXcfg.dll -> [2009/09/08 20:40:14 | 00,073,728 | ---- | C] ()
 dlcxcur.dll -> C:\WINDOWS\System32\dlcxcur.dll -> [2009/09/08 20:40:14 | 00,036,864 | ---- | C] ()
 wpd99.drv -> C:\WINDOWS\wpd99.drv -> [2009/08/18 10:21:47 | 00,000,059 | ---- | C] ()
 pdf995mon.dll -> C:\WINDOWS\System32\pdf995mon.dll -> [2009/08/18 10:21:45 | 00,051,716 | ---- | C] ()
 SigPlus.ini -> C:\WINDOWS\SigPlus.ini -> [2009/08/15 09:00:16 | 00,004,738 | ---- | C] ()
 GemSignPdf.ini -> C:\WINDOWS\GemSignPdf.ini -> [2009/08/15 08:59:34 | 00,000,142 | ---- | C] ()
 notes.ini -> C:\WINDOWS\notes.ini -> [2009/07/20 10:03:36 | 00,000,052 | ---- | C] ()
 _win32_system_info.dll -> C:\WINDOWS\_win32_system_info.dll -> [2009/03/14 05:19:59 | 00,000,007 | ---- | C] ()
 _win32_system_data.dll -> C:\WINDOWS\_win32_system_data.dll -> [2009/03/14 05:19:59 | 00,000,002 | ---- | C] ()
 _win32_system.dll -> C:\WINDOWS\_win32_system.dll -> [2009/03/14 05:19:59 | 00,000,000 | ---- | C] ()
 xvidcore.dll -> C:\WINDOWS\System32\xvidcore.dll -> [2008/12/04 06:29:05 | 00,524,288 | ---- | C] ()
 xvidvfw.dll -> C:\WINDOWS\System32\xvidvfw.dll -> [2008/12/04 06:29:05 | 00,139,264 | ---- | C] ()
 MSMAIL32.INI -> C:\WINDOWS\MSMAIL32.INI -> [2008/10/15 21:11:24 | 00,000,019 | ---- | C] ()
 ZSANCoInst.dll -> C:\WINDOWS\System32\ZSANCoInst.dll -> [2008/10/11 20:38:22 | 00,163,927 | ---- | C] ()
 tailyn.ini -> C:\WINDOWS\tailyn.ini -> [2008/09/05 08:00:36 | 00,000,291 | ---- | C] ()
 MibBrowser.INI -> C:\WINDOWS\MibBrowser.INI -> [2008/08/21 06:52:53 | 00,000,190 | ---- | C] ()
 info6.ini -> C:\WINDOWS\info6.ini -> [2008/08/21 06:27:55 | 00,000,019 | ---- | C] ()
 info8.ini -> C:\WINDOWS\info8.ini -> [2008/08/21 06:27:51 | 00,000,019 | ---- | C] ()
 info5.ini -> C:\WINDOWS\info5.ini -> [2008/08/21 06:27:51 | 00,000,019 | ---- | C] ()
 info10.ini -> C:\WINDOWS\info10.ini -> [2008/08/21 06:27:51 | 00,000,019 | ---- | C] ()
 info4.ini -> C:\WINDOWS\info4.ini -> [2008/08/21 06:27:50 | 00,000,019 | ---- | C] ()
 info2.ini -> C:\WINDOWS\info2.ini -> [2008/08/21 06:27:06 | 00,000,019 | ---- | C] ()
 info12.ini -> C:\WINDOWS\info12.ini -> [2008/08/21 06:27:06 | 00,000,019 | ---- | C] ()
 info9.ini -> C:\WINDOWS\info9.ini -> [2008/08/21 06:27:05 | 00,000,019 | ---- | C] ()
 info7.ini -> C:\WINDOWS\info7.ini -> [2008/08/21 06:27:05 | 00,000,019 | ---- | C] ()
 info11.ini -> C:\WINDOWS\info11.ini -> [2008/08/21 06:27:05 | 00,000,019 | ---- | C] ()
 info1.ini -> C:\WINDOWS\info1.ini -> [2008/08/21 06:27:05 | 00,000,019 | ---- | C] ()
 NDSnmpMgr3ps.dll -> C:\WINDOWS\System32\NDSnmpMgr3ps.dll -> [2008/08/20 13:21:25 | 00,045,056 | ---- | C] ()
 PERFMIB.INI -> C:\WINDOWS\System32\PERFMIB.INI -> [2008/08/20 06:59:50 | 00,020,504 | ---- | C] ()
 PERFMIB.DLL -> C:\WINDOWS\System32\PERFMIB.DLL -> [2008/08/20 06:59:50 | 00,013,072 | ---- | C] ()
 eDrawingOfficeAutomator.INI -> C:\WINDOWS\eDrawingOfficeAutomator.INI -> [2008/07/11 12:07:13 | 00,000,000 | ---- | C] ()
 hpbafd.ini -> C:\WINDOWS\hpbafd.ini -> [2008/06/06 13:25:27 | 00,000,166 | ---- | C] ()
 ODBC.INI -> C:\WINDOWS\ODBC.INI -> [2008/05/02 13:21:49 | 00,000,766 | ---- | C] ()
 Primomonnt.dll -> C:\WINDOWS\System32\Primomonnt.dll -> [2008/04/03 10:00:04 | 00,176,235 | ---- | C] ()
 smscfg.ini -> C:\WINDOWS\smscfg.ini -> [2008/03/24 09:43:43 | 00,000,061 | ---- | C] ()
 DLAAPI_W.DLL -> C:\WINDOWS\System32\DLAAPI_W.DLL -> [2008/03/24 09:41:04 | 00,056,056 | ---- | C] ()
 wininit.ini -> C:\WINDOWS\wininit.ini -> [2008/03/24 09:41:03 | 00,001,177 | ---- | C] ()
 GDIPFONTCACHEV1.DAT -> C:\Documents and Settings\NetworkService\Local Settings\Application Data\GDIPFONTCACHEV1.DAT -> [2008/03/24 09:35:13 | 00,097,328 | ---- | C] ()
 pbadrvdll.dll -> C:\WINDOWS\System32\pbadrvdll.dll -> [2008/03/24 09:29:48 | 00,080,368 | ---- | C] ()
 bioapi_mds300.dll -> C:\WINDOWS\System32\bioapi_mds300.dll -> [2008/03/24 09:27:13 | 00,143,360 | ---- | C] ()
 bioapi100.dll -> C:\WINDOWS\System32\bioapi100.dll -> [2008/03/24 09:27:13 | 00,106,496 | ---- | C] ()
 preflib.dll -> C:\WINDOWS\System32\preflib.dll -> [2008/03/24 09:23:06 | 00,139,264 | ---- | C] ()
 bcm1xsup.dll -> C:\WINDOWS\System32\bcm1xsup.dll -> [2008/03/24 09:23:04 | 00,753,664 | ---- | C] ()
 nvwdmcpl.dll -> C:\WINDOWS\System32\nvwdmcpl.dll -> [2008/03/24 09:02:10 | 01,703,936 | ---- | C] ()
 nvwimg.dll -> C:\WINDOWS\System32\nvwimg.dll -> [2008/03/24 09:02:10 | 01,019,904 | ---- | C] ()
 nvshell.dll -> C:\WINDOWS\System32\nvshell.dll -> [2008/03/24 09:02:10 | 00,466,944 | ---- | C] ()
 nview.dll -> C:\WINDOWS\System32\nview.dll -> [2008/03/24 09:02:09 | 01,474,560 | ---- | C] ()
 OEMINFO.INI -> C:\WINDOWS\System32\OEMINFO.INI -> [2008/03/24 09:00:48 | 00,001,120 | ---- | C] ()
 AGISSI.DLL -> C:\WINDOWS\System32\AGISSI.DLL -> [2008/03/06 21:40:32 | 00,749,568 | ---- | C] ()
 ZHHP_RES.DLL -> C:\WINDOWS\System32\ZHHP_RES.DLL -> [2008/03/06 21:40:23 | 11,194,368 | ---- | C] ()
 OGACheckControl.DLL -> C:\WINDOWS\System32\OGACheckControl.DLL -> [2008/02/04 17:23:10 | 00,693,792 | ---- | C] ()
 pthreadVC.dll -> C:\WINDOWS\System32\pthreadVC.dll -> [2007/11/06 15:19:28 | 00,053,299 | ---- | C] ()
 AmRes_ru.dll -> C:\WINDOWS\System32\AmRes_ru.dll -> [2007/09/13 15:42:30 | 00,499,712 | ---- | C] ()
 AmRes_pt-BR.dll -> C:\WINDOWS\System32\AmRes_pt-BR.dll -> [2007/09/13 15:42:30 | 00,471,040 | ---- | C] ()
 AmRes_it.dll -> C:\WINDOWS\System32\AmRes_it.dll -> [2007/09/13 15:42:28 | 00,487,424 | ---- | C] ()
 AmRes_fr.dll -> C:\WINDOWS\System32\AmRes_fr.dll -> [2007/09/13 15:42:28 | 00,487,424 | ---- | C] ()
 AmRes_ko.dll -> C:\WINDOWS\System32\AmRes_ko.dll -> [2007/09/13 15:42:28 | 00,462,848 | ---- | C] ()
 AmRes_ja.dll -> C:\WINDOWS\System32\AmRes_ja.dll -> [2007/09/13 15:42:28 | 00,458,752 | ---- | C] ()
 AmRes_es.dll -> C:\WINDOWS\System32\AmRes_es.dll -> [2007/09/13 15:42:26 | 00,487,424 | ---- | C] ()
 AmRes_de.dll -> C:\WINDOWS\System32\AmRes_de.dll -> [2007/09/13 15:42:26 | 00,487,424 | ---- | C] ()
 AmRes_en.dll -> C:\WINDOWS\System32\AmRes_en.dll -> [2007/09/13 15:42:26 | 00,466,944 | ---- | C] ()
 AmRes_zh-CHT.dll -> C:\WINDOWS\System32\AmRes_zh-CHT.dll -> [2007/09/13 15:42:26 | 00,434,176 | ---- | C] ()
 AmRes_zh-CHS.dll -> C:\WINDOWS\System32\AmRes_zh-CHS.dll -> [2007/09/13 15:36:24 | 00,438,272 | ---- | C] ()
 Internationalization_pt.dll -> C:\WINDOWS\System32\Internationalization_pt.dll -> [2007/09/12 16:05:08 | 00,102,400 | ---- | C] ()
 Internationalization_zh-CHT.dll -> C:\WINDOWS\System32\Internationalization_zh-CHT.dll -> [2007/09/12 16:04:46 | 00,086,016 | ---- | C] ()
 Internationalization_ko.dll -> C:\WINDOWS\System32\Internationalization_ko.dll -> [2007/09/12 16:04:26 | 00,090,112 | ---- | C] ()
 Internationalization_es.dll -> C:\WINDOWS\System32\Internationalization_es.dll -> [2007/09/12 16:04:06 | 00,102,400 | ---- | C] ()
 Internationalization_ru.dll -> C:\WINDOWS\System32\Internationalization_ru.dll -> [2007/09/12 16:03:44 | 00,098,304 | ---- | C] ()
 Internationalization_ja.dll -> C:\WINDOWS\System32\Internationalization_ja.dll -> [2007/09/12 16:03:24 | 00,090,112 | ---- | C] ()
 Internationalization_it.dll -> C:\WINDOWS\System32\Internationalization_it.dll -> [2007/09/12 16:03:04 | 00,102,400 | ---- | C] ()
 Internationalization_de.dll -> C:\WINDOWS\System32\Internationalization_de.dll -> [2007/09/12 16:02:44 | 00,102,400 | ---- | C] ()
 Internationalization_fr.dll -> C:\WINDOWS\System32\Internationalization_fr.dll -> [2007/09/12 16:02:22 | 00,102,400 | ---- | C] ()
 Internationalization_zh-CHS.dll -> C:\WINDOWS\System32\Internationalization_zh-CHS.dll -> [2007/09/12 16:02:02 | 00,086,016 | ---- | C] ()
 DemoLicense.dll -> C:\WINDOWS\System32\DemoLicense.dll -> [2007/06/15 11:19:20 | 00,835,584 | ---- | C] ()
 ArmAccess.dll -> C:\WINDOWS\System32\ArmAccess.dll -> [2007/02/09 05:15:36 | 00,053,248 | ---- | C] ()
 px.ini -> C:\WINDOWS\System32\px.ini -> [2006/11/07 05:25:58 | 00,000,000 | ---- | C] ()
 primopdf.ini -> C:\WINDOWS\primopdf.ini -> [2006/11/06 17:49:36 | 00,000,310 | ---- | C] ()
 CddbPlaylist2Roxio.dll -> C:\WINDOWS\System32\CddbPlaylist2Roxio.dll -> [2006/09/17 00:36:50 | 00,520,192 | ---- | C] ()
 CddbFileTaggerRoxio.dll -> C:\WINDOWS\System32\CddbFileTaggerRoxio.dll -> [2006/09/17 00:36:50 | 00,204,800 | ---- | C] ()
 xltZlib.dll -> C:\WINDOWS\System32\xltZlib.dll -> [2006/08/14 12:02:10 | 00,072,192 | ---- | C] ()
 GlobalUserInterface.CompositeFont -> C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont -> [2006/06/29 13:58:52 | 00,030,808 | ---- | C] ()
 GlobalSansSerif.CompositeFont -> C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont -> [2006/06/29 13:53:56 | 00,026,489 | ---- | C] ()
 tsp.dll -> C:\WINDOWS\tsp.dll -> [2006/06/12 09:01:16 | 00,348,160 | ---- | C] ()
 GlobalSerif.CompositeFont -> C:\WINDOWS\Fonts\GlobalSerif.CompositeFont -> [2006/04/18 14:39:28 | 00,029,779 | ---- | C] ()
 GlobalMonospace.CompositeFont -> C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont -> [2006/04/18 14:39:28 | 00,026,040 | ---- | C] ()
 atnt40k.sys -> C:\WINDOWS\System32\drivers\atnt40k.sys -> [2005/10/14 16:09:48 | 00,051,304 | ---- | C] ()
 lmgr10.dll -> C:\WINDOWS\System32\lmgr10.dll -> [2004/09/10 14:34:00 | 00,917,504 | ---- | C] ()
 ADsSecurity.dll -> C:\WINDOWS\System32\ADsSecurity.dll -> [2004/09/10 14:34:00 | 00,057,344 | ---- | C] ()
 orun32.ini -> C:\WINDOWS\orun32.ini -> [2004/08/11 18:24:19 | 00,000,791 | ---- | C] ()
 fxsperf.ini -> C:\WINDOWS\System32\fxsperf.ini -> [2004/08/11 18:11:31 | 00,001,793 | ---- | C] ()
 qt-mt305.dll -> C:\WINDOWS\System32\qt-mt305.dll -> [2002/10/02 08:47:44 | 03,276,800 | ---- | C] ()
 ODBCMON.DLL -> C:\WINDOWS\System32\ODBCMON.DLL -> [2000/02/24 00:03:04 | 00,061,502 | ---- | C] ()
 DOCOBJ.DLL -> C:\WINDOWS\System32\DOCOBJ.DLL -> [1998/04/06 23:00:00 | 00,022,016 | ---- | C] ()
 HLINKPRX.DLL -> C:\WINDOWS\System32\HLINKPRX.DLL -> [1998/04/06 23:00:00 | 00,012,288 | ---- | C] ()
 
[Alternate Data Streams]
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AB510B94
< End of report >


#13 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:02:41 AM

Posted 14 December 2009 - 03:15 PM

Thanks sorry about that. I'm running a Linux machine and it read the file as a binary file. Unreadable. :(

The log looks very good. No Vundo showing and nothing else live that I can see.

I think we'll reset your hosts file which should stop the redirects. Let me know if it does.

Please download HostsXpert 4.3
  • Extract (unzip) HostsXpert.zip to a permanent folder on your hard drive such as C:\HostsXpert
  • Double-click HostsXpert.exe to run the program.
  • Click "Restore MS Hosts File".
  • Click OK at the confirmation box.
  • Click "Make Read Only".
  • Click the X to exit the program.
-- Note: If you were using a custom Hosts file you will need to replace any of those entries yourself.
Posted Image
m0le is a proud member of UNITE

#14 ExtremelyFrustrated

ExtremelyFrustrated
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:41 PM

Posted 14 December 2009 - 08:31 PM

I tried using HostsXpert, but when I selected the "Restore MS Host file", I get the following error:

"ERROR: Cannot create file C:\WINDOWS\system32\DRIVERS\hosts" as a popup box.

I am running an XP (as I am sure you figured out by now) and I am part of the administrators group.

Also just to let you know, The redirects stopped when the entries were deleted out of registry earlier. Although there is a lot of entries in the hosts file, but remarks in it say that "Spybot" added those in. Should I manually edit the file to remove all that? That is if it will let me.

Edited by ExtremelyFrustrated, 14 December 2009 - 08:54 PM.


#15 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:02:41 AM

Posted 15 December 2009 - 07:45 AM

The hosts file may already have been replaced.

If the redirects have stopped then we can do an online scan and clean up any other files

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image
Thanks :(
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users