Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Right-click file menu

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Right-click file menu

Unread postby Screed92 » March 14th, 2009, 9:44 pm

I've got a little problem I hope you can help me out with. When I try to right-click on a file folder or program my computer freezes up. Mouse cursor turns into an hourglass, I can't access any other programs or folders, and that's the way it will stay until I ctrl-alt-del and restart. I've left it sitting like that for up to 2 hours thinking it might just be slow, but always with the same aggravating results. I was thinking that maybe it is a hardware problem, so I tried doing it under my wife's user profile and it worked fine. Please help if you can. Please let me know if it looks like it may be a hardware problem. Below is my original HijackThis log. Thanks very much.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:31:36 AM, on 3/15/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\lxctcoms.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\winlogon.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.geocaching.com/login/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: PE_IE_Helper Class - {0941C58F-E461-4E03-BD7D-44C27392ADE1} - C:\Program Files\IBM\Lotus Forms\Viewer\3.0\PEhelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - (no file)
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ErrorFix] C:\Program Files\ErrorFix\ErrorFix.exe -boot
O4 - HKUS\S-1-5-21-861567501-1592454029-682003330-1005\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.1\AOL.EXE" -b (User 'Kristy')
O4 - HKUS\S-1-5-21-861567501-1592454029-682003330-1005\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Kristy')
O4 - HKUS\S-1-5-21-861567501-1592454029-682003330-1005\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup (User 'Kristy')
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll/206 (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {26FCCDF9-A7E1-452A-A73D-7BF7B4D0BA6C} - http://o.aolcdn.com/pictures/ap/Resourc ... .6.0.4.cab
O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} (TTestGenXInstallObject) - http://asp.mathxl.com/wizmodules/testge ... nstall.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/ ... 2.1.87.cab
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - http://disney.go.com/pirates/online/tes ... eGames.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 5051106572
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 5326712609
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.com/books/_Players/Pe ... lAsst2.cab
O16 - DPF: {C228AEDD-FC47-11D3-AF87-D128A9381404} (LSICapture Control) - http://www.link-systems.com/~sdk/SDK/paste/lsiw2k.cab
O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} (Pearson MathXL Player) - http://asp.mathxl.com/books/_Players/MathPlayer.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: McAfee Application Installer Cleanup (0211041229988289) (0211041229988289mcinstcleanup) - - (no file)
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: lxct_device - - C:\WINDOWS\system32\lxctcoms.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 10461 bytes
Screed92
Regular Member
 
Posts: 23
Joined: August 29th, 2008, 9:56 pm
Advertisement
Register to Remove

Re: Right-click file menu

Unread postby Odd dude » March 21st, 2009, 10:00 am

Sorry to have kept you waiting. If you still need help please do this:

OTScanIt
Download OTScanIt by OldTimer to your desktop.
  • Double click the tool to run it
  • Click Extract. When it has finished, click OK, then Close
  • Open the OTScanIt folder and start OTScanIt.exe
  • Under the Drivers section, select Non-Microsoft
  • Click the Run Scan button (top-left corner)
  • Once the scan has finished, Notepad will open with the results. Post them in your next reply.
User avatar
Odd dude
Retired Graduate
 
Posts: 2819
Joined: May 18th, 2008, 11:16 am
Location: The Netherlands (GMT +1)

Re: Right-click file menu

Unread postby Odd dude » March 23rd, 2009, 4:08 pm

Do you still need help?
User avatar
Odd dude
Retired Graduate
 
Posts: 2819
Joined: May 18th, 2008, 11:16 am
Location: The Netherlands (GMT +1)

Re: Right-click file menu

Unread postby Screed92 » March 23rd, 2009, 4:45 pm

Yes, I still need help. I'll follow your directions above and post the results. Thanks.
Screed92
Regular Member
 
Posts: 23
Joined: August 29th, 2008, 9:56 pm

Re: Right-click file menu

Unread postby Screed92 » March 23rd, 2009, 4:54 pm

The link you posted for OTScanIt is either down or dead. Do you have an alternative link? Thanks.
Screed92
Regular Member
 
Posts: 23
Joined: August 29th, 2008, 9:56 pm

Re: Right-click file menu

Unread postby Screed92 » March 23rd, 2009, 5:03 pm

Okay, found an alternative link. I opened OTScanIt but didn't have a "non-Microsoft" option under the drivers sections. The only options I have are "None, Safe list, and all". Please advise. Thanks.
Screed92
Regular Member
 
Posts: 23
Joined: August 29th, 2008, 9:56 pm

Re: Right-click file menu

Unread postby Odd dude » March 24th, 2009, 2:42 am

Okay, this is going to sound really stupid, but I managed to give you the wrong instructions. :oops: :oops: :oops: :oops:
These should do the trick:

Please download OTScanIt2 from Geeks to Go or Bleeping Computer. Save it to your desktop.

  1. Double click on OTScanIt2.exe to run it.
  2. Click on Extract. Once done, you will be prompted. Click OK and click Close.
  3. Double click on the OTScanIt2 folder. Double click on OTScanIt2.exe to run it.
  4. Under Rookit Search, select Yes.
  5. Under Additional Scans, click on "Extras" button.
  6. Click on Run Scan at the top left hand corner.
  7. When done, Notepad will open. Please post this log in your next reply.
User avatar
Odd dude
Retired Graduate
 
Posts: 2819
Joined: May 18th, 2008, 11:16 am
Location: The Netherlands (GMT +1)

Re: Right-click file menu

Unread postby Screed92 » March 27th, 2009, 5:46 pm

No problem. I give bad instructions all the time. Sorry about taking so long to reply, work's been a real bear this week.

Okay, below is the log from OTScanIt2:

Code: Select all
OTScanIt2 logfile created on: 3/27/2009 8:08:58 PM - Run 4
OTScanIt2 by OldTimer - Version 1.0.9.0     Folder = C:\Documents and Settings\Scott\Desktop\OTScanIt2
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1015.37 Mb Total Physical Memory | 475.24 Mb Available Physical Memory | 46.80% Memory free
2.38 Gb Paging File | 1.87 Gb Available in Paging File | 78.26% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048;
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.47 Gb Total Space | 33.43 Gb Free Space | 46.78% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 931.28 Gb Total Space | 713.29 Gb Free Space | 76.59% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: LAPTOP
Current User Name: Scott
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On
File Age = 30 Days
 
[Processes - Safe List]
aolacsd.exe -> %CommonProgramFiles%\AOL\ACS\AOLAcsd.exe -> [2006/10/23 11:50:35 | 00,046,640 | R--- | M] (AOL LLC)
applemobiledeviceservice.exe -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> [2008/11/07 12:28:16 | 00,132,424 | ---- | M] (Apple Inc.)
bcmwltry.exe -> %SystemRoot%\System32\bcmwltry.exe -> [2006/11/02 01:48:10 | 01,253,376 | ---- | M] (Dell Inc.)
dsagnt.exe -> %ProgramFiles%\DellSupport\DSAgnt.exe -> [2007/03/15 15:09:36 | 00,460,784 | ---- | M] (Gteko Ltd.)
explorer.exe -> %SystemRoot%\explorer.exe -> [2008/04/13 23:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation)
explorer.exe -> %SystemRoot%\Explorer.EXE -> [2008/04/13 23:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation)
hkcmd.exe -> %SystemRoot%\system32\hkcmd.exe -> [2006/06/06 15:06:44 | 00,077,824 | ---- | M] (Intel Corporation)
igfxpers.exe -> %SystemRoot%\system32\igfxpers.exe -> [2006/06/06 15:10:40 | 00,118,784 | ---- | M] (Intel Corporation)
lvprcsrv.exe -> %CommonProgramFiles%\LogiShrd\LVMVFM\LVPrcSrv.exe -> [2008/12/16 19:59:50 | 00,150,040 | ---- | M] (Logitech Inc.)
lxctcoms.exe -> %SystemRoot%\system32\lxctcoms.exe -> [2006/07/13 16:27:16 | 00,528,384 | ---- | M] ( )
mcagent.exe -> %ProgramFiles%\McAfee.com\Agent\mcagent.exe -> [2007/11/01 16:12:38 | 00,582,992 | ---- | M] (McAfee, Inc.)
mcmscsvc.exe -> %ProgramFiles%\McAfee\MSC\mcmscsvc.exe -> [2008/01/09 13:50:22 | 00,767,976 | ---- | M] (McAfee, Inc.)
mcnasvc.exe -> %CommonProgramFiles%\McAfee\MNA\McNASvc.exe -> [2008/01/24 23:38:12 | 02,458,128 | ---- | M] (McAfee, Inc.)
mcproxy.exe -> %CommonProgramFiles%\McAfee\McProxy\McProxy.exe -> [2007/08/15 10:36:04 | 00,359,248 | ---- | M] (McAfee, Inc.)
mcshield.exe -> %ProgramFiles%\McAfee\VirusScan\Mcshield.exe -> [2007/07/24 10:02:14 | 00,144,704 | ---- | M] (McAfee, Inc.)
mdm.exe -> %CommonProgramFiles%\Microsoft Shared\VS7DEBUG\MDM.EXE -> [2003/06/20 03:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation)
mdnsresponder.exe -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> [2008/08/29 08:18:44 | 00,238,888 | ---- | M] (Apple Inc.)
mpfsrv.exe -> %ProgramFiles%\McAfee\MPF\MPFSrv.exe -> [2007/07/18 10:54:42 | 00,856,864 | ---- | M] (McAfee, Inc.)
otscanit2.exe -> %UserProfile%\Desktop\OTScanIt2\OTScanIt2.exe -> [2009/03/22 18:23:22 | 00,491,520 | ---- | M] (OldTimer Tools)
stsystra.exe -> %SystemRoot%\stsystra.exe -> [2005/09/09 16:19:34 | 00,393,216 | ---- | M] (SigmaTel, Inc.)
stsystra.exe -> %SystemRoot%\stsystra.exe -> [2005/09/09 16:19:34 | 00,393,216 | ---- | M] (SigmaTel, Inc.)
syntpenh.exe -> %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe -> [2006/03/08 16:48:02 | 00,761,947 | ---- | M] (Synaptics, Inc.)
wltray.exe -> %SystemRoot%\system32\WLTRAY.exe -> [2006/11/02 01:48:12 | 01,392,640 | ---- | M] (Dell Inc.)
wltrysvc.exe -> %SystemRoot%\System32\WLTRYSVC.EXE -> [2006/11/02 01:48:12 | 00,020,480 | ---- | M] ()
wmpnetwk.exe -> %ProgramFiles%\Windows Media Player\WMPNetwk.exe -> [2006/10/19 01:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation)
wmpnscfg.exe -> %ProgramFiles%\Windows Media Player\WMPNSCFG.exe -> [2006/10/19 01:05:26 | 00,204,288 | ---- | M] (Microsoft Corporation)
 
[Win32 Services - Safe List]
(0211041229988289mcinstcleanup) McAfee Application Installer Cleanup (0211041229988289) [Win32_Own | Auto | Stopped] ->  -> File not found
(AOL ACS) AOL Connectivity Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\AOL\ACS\AOLAcsd.exe -> [2006/10/23 11:50:35 | 00,046,640 | R--- | M] (AOL LLC)
(AOL TopSpeedMonitor) AOL TopSpeed Monitor [Win32_Own | Disabled | Stopped] -> %CommonProgramFiles%\AOL\TopSpeed\2.0\aoltsmon.exe -> [2004/10/15 19:54:14 | 00,100,016 | ---- | M] (America Online, Inc)
(Apple Mobile Device) Apple Mobile Device [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> [2008/11/07 12:28:16 | 00,132,424 | ---- | M] (Apple Inc.)
(aspnet_state) ASP.NET State Service [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -> [2007/10/24 06:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation)
(Bonjour Service) Bonjour Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> [2008/08/29 08:18:44 | 00,238,888 | ---- | M] (Apple Inc.)
(clr_optimization_v2.0.50727_32) .NET Runtime Optimization Service v2.0.50727_X86 [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -> [2007/10/24 06:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation)
(DSBrokerService) DSBrokerService [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\DellSupport\brkrsvc.exe -> [2007/03/07 19:47:46 | 00,076,848 | ---- | M] ()
(FontCache3.0.0.0) Windows Presentation Foundation Font Cache 3.0.0.0 [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe -> [2007/10/09 17:58:12 | 00,036,864 | ---- | M] (Microsoft Corporation)
(helpsvc) Help and Support [Win32_Shared | Auto | Running] -> %SystemRoot%\PCHealth\HelpCtr\Binaries\pchsvc.dll -> [2008/04/13 23:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation)
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> [2005/04/04 03:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation)
(idsvc) Windows CardSpace [Win32_Shared | Unknown | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -> [2007/10/11 14:55:10 | 00,864,256 | ---- | M] (Microsoft Corporation)
(iPod Service) iPod Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\iPod\bin\iPodService.exe -> [2008/11/20 11:20:44 | 00,536,872 | ---- | M] (Apple Inc.)
(LVPrcSrv) Process Monitor [Win32_Own | Auto | Running] -> %CommonProgramFiles%\LogiShrd\LVMVFM\LVPrcSrv.exe -> [2008/12/16 19:59:50 | 00,150,040 | ---- | M] (Logitech Inc.)
(lxct_device) lxct_device [Win32_Own | Auto | Running] -> %SystemRoot%\system32\lxctcoms.exe -> [2006/07/13 16:27:16 | 00,528,384 | ---- | M] ( )
(mcmscsvc) McAfee Services [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee\MSC\mcmscsvc.exe -> [2008/01/09 13:50:22 | 00,767,976 | ---- | M] (McAfee, Inc.)
(McNASvc) McAfee Network Agent [Win32_Own | Auto | Running] -> %CommonProgramFiles%\McAfee\MNA\McNASvc.exe -> [2008/01/24 23:38:12 | 02,458,128 | ---- | M] (McAfee, Inc.)
(McODS) McAfee Scanner [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\McAfee\VirusScan\mcods.exe -> [2007/11/07 07:35:40 | 00,378,184 | ---- | M] (McAfee, Inc.)
(McProxy) McAfee Proxy Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\McAfee\McProxy\McProxy.exe -> [2007/08/15 10:36:04 | 00,359,248 | ---- | M] (McAfee, Inc.)
(McShield) McAfee Real-time Scanner [Win32_Own | Unknown | Running] -> %ProgramFiles%\McAfee\VirusScan\Mcshield.exe -> [2007/07/24 10:02:14 | 00,144,704 | ---- | M] (McAfee, Inc.)
(McSysmon) McAfee SystemGuards [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\McAfee\VirusScan\mcsysmon.exe -> [2007/12/05 08:04:10 | 00,695,624 | ---- | M] (McAfee, Inc.)
(MDM) Machine Debug Manager [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Microsoft Shared\VS7DEBUG\MDM.EXE -> [2003/06/20 03:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation)
(MpfService) McAfee Personal Firewall Service [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee\MPF\MPFSrv.exe -> [2007/07/18 10:54:42 | 00,856,864 | ---- | M] (McAfee, Inc.)
(NetTcpPortSharing) Net.Tcp Port Sharing Service [Win32_Shared | Disabled | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -> [2007/10/11 14:55:14 | 00,122,880 | ---- | M] (Microsoft Corporation)
(ose) Office Source Engine [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Microsoft Shared\Source Engine\OSE.EXE -> [2003/07/28 16:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation)
(wltrysvc) Dell Wireless WLAN Tray Service [Win32_Own | Auto | Running] -> %SystemRoot%\System32\WLTRYSVC.EXE -> [2006/11/02 01:48:12 | 00,020,480 | ---- | M] ()
(WMPNetworkSvc) Windows Media Player Network Sharing Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Windows Media Player\WMPNetwk.exe -> [2006/10/19 01:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation)
(gusvc) Google Software Updater [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> [2009/03/21 01:29:30 | 00,183,280 | ---- | M] (Google)
 
[Driver Services - Safe List]
(Aspi32) Aspi32 [Kernel | Auto | Running] -> %SystemRoot%\System32\drivers\aspi32.sys -> [2005/11/21 04:48:21 | 00,016,512 | ---- | M] (Adaptec)
(avcgbdr) Adaptec GameBridge AVC-14X0/15X0 [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\avcgbdr.sys -> [2005/09/26 18:08:12 | 00,125,568 | ---- | M] (Adaptec, Inc.)
(avcgbfl) Adaptec GameBridge AVC-14X0/15X0 Loader [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\Drivers\avcgbfl.sys -> [2005/10/26 16:14:22 | 00,019,712 | ---- | M] (Adaptec, Inc)
(BCM43XX) Dell Wireless WLAN Card Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\bcmwl5.sys -> [2006/10/13 04:28:42 | 00,604,928 | ---- | M] (Broadcom Corporation)
(bcm4sbxp) Broadcom 440x 10/100 Integrated Controller XP Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\bcm4sbxp.sys -> [2005/08/05 15:32:16 | 00,045,312 | ---- | M] (Broadcom Corporation)
(cercsr6) cercsr6 [Kernel | Boot | Stopped] -> %SystemRoot%\System32\drivers\cercsr6.sys -> [2005/03/22 19:49:09 | 00,039,904 | ---- | M] (Adaptec, Inc.)
(DellBIOS) DellBIOS [Kernel | On_Demand | Stopped] -> %SystemRoot%\DellBIOS.Sys -> [2006/08/21 03:35:17 | 00,005,120 | ---- | M] ()
(DSproct) DSproct [Kernel | On_Demand | Stopped] -> %ProgramFiles%\DellSupport\GTAction\triggers\DSproct.sys -> [2006/10/05 20:07:28 | 00,004,736 | ---- | M] (Gteko Ltd.)
(dsunidrv) DellSupport UniDriver [Kernel | Auto | Running] -> %SystemRoot%\system32\DRIVERS\dsunidrv.sys -> [2007/02/25 16:10:48 | 00,005,376 | --S- | M] (Gteko Ltd.)
(FilterService) UVC Filter Service [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\DRIVERS\lvuvcflt.sys -> [2008/12/17 05:02:06 | 00,023,832 | ---- | M] (Logitech Inc.)
(GEARAspiWDM) GEAR ASPI Filter Driver [Kernel | On_Demand | Running] -> %SystemRoot%\System32\Drivers\GEARAspiWDM.sys -> [2008/04/17 11:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.)
(HDAudBus) Microsoft UAA Bus Driver for High Definition Audio [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\HDAudBus.sys -> [2008/04/13 15:36:05 | 00,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider)
(HSFHWAZL) HSFHWAZL [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\DRIVERS\HSFHWAZL.sys -> [2005/07/22 15:01:08 | 00,201,600 | ---- | M] (Conexant Systems, Inc.)
(HSF_DPV) HSF_DPV [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\HSX_DPV.sys -> [2005/12/01 05:40:56 | 00,936,960 | ---- | M] (Conexant Systems, Inc.)
(HSXHWAZL) HSXHWAZL [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\HSXHWAZL.sys -> [2005/12/01 05:40:12 | 00,192,512 | ---- | M] (Conexant Systems, Inc.)
(ialm) ialm [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\ialmnt5.sys -> [2006/06/06 15:32:54 | 01,168,860 | ---- | M] (Intel Corporation)
(Iviaspi) IVI ASPI Shell [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\iviaspi.sys -> [2003/12/25 22:48:14 | 00,010,752 | ---- | M] (InterVideo, Inc.)
(lvpopflt) Logitech POP Suppression Filter [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\DRIVERS\lvpopflt.sys -> [2008/12/17 04:58:30 | 00,114,712 | ---- | M] (Logitech Inc.)
(LVPr2Mon) Logitech LVPr2Mon Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\LVPr2Mon.sys -> [2008/12/16 19:58:54 | 00,025,624 | ---- | M] ()
(LVRS) Logitech RightSound Filter Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\DRIVERS\lvrs.sys -> [2008/12/17 05:00:12 | 00,768,024 | ---- | M] (Logitech Inc.)
(LVUSBSta) Logitech USB Monitor Filter [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\LVUSBSta.sys -> [2008/12/17 05:01:20 | 00,041,752 | ---- | M] (Logitech Inc.)
(LVUVC) QuickCam for Notebooks Deluxe(UVC) [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\DRIVERS\lvuvc.sys -> [2008/12/17 05:01:42 | 06,364,440 | ---- | M] (Logitech Inc.)
(Machnm32) Machnm32 Driver [Kernel | Auto | Running] -> %SystemRoot%\system32\Machnm32.sys -> [2003/08/13 04:27:00 | 00,002,304 | ---- | M] ()
(mdmxsdk) mdmxsdk [Kernel | Auto | Running] -> %SystemRoot%\system32\DRIVERS\mdmxsdk.sys -> [2005/10/05 03:57:08 | 00,012,544 | ---- | M] (Conexant)
(mfeavfk) McAfee Inc. mfeavfk [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\mfeavfk.sys -> [2007/11/22 04:44:08 | 00,079,304 | ---- | M] (McAfee, Inc.)
(mfebopk) McAfee Inc. mfebopk [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\mfebopk.sys -> [2007/11/22 04:44:08 | 00,035,240 | ---- | M] (McAfee, Inc.)
(mfehidk) McAfee Inc. mfehidk [Kernel | System | Running] -> %SystemRoot%\system32\drivers\mfehidk.sys -> [2007/11/22 04:44:08 | 00,201,320 | ---- | M] (McAfee, Inc.)
(mferkdk) McAfee Inc. mferkdk [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\mferkdk.sys -> [2007/11/22 04:44:04 | 00,033,832 | ---- | M] (McAfee, Inc.)
(mfesmfk) McAfee Inc. mfesmfk [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\mfesmfk.sys -> [2007/12/02 10:51:42 | 00,040,488 | ---- | M] (McAfee, Inc.)
(MPFP) MPFP [Kernel | System | Running] -> %SystemRoot%\System32\Drivers\Mpfp.sys -> [2007/07/13 04:20:24 | 00,113,952 | ---- | M] (McAfee, Inc.)
(OMCI) OMCI [Kernel | System | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\OMCI.SYS -> [2001/08/22 12:42:58 | 00,013,632 | ---- | M] (Dell Computer Corporation)
(oreans32) oreans32 [Kernel | System | Running] -> %SystemRoot%\system32\drivers\oreans32.sys -> [2006/10/17 01:02:41 | 00,033,952 | ---- | M] ()
(PalmUSBD) PalmUSBD [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\PalmUSBD.sys -> [2006/04/14 18:19:08 | 00,016,694 | ---- | M] (PalmSource, Inc.)
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\ptilink.sys -> [2004/08/04 11:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.)
(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %SystemRoot%\System32\Drivers\PxHelp20.sys -> [2007/11/29 21:30:24 | 00,043,528 | ---- | M] (Sonic Solutions)
(SCRx31 USB Reader) SCRx31 USB Reader [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\DRIVERS\stc2.sys -> [2002/07/03 17:32:02 | 00,056,320 | ---- | M] (SCM Microsystems Inc.)
(Secdrv) Secdrv [Kernel | Auto | Running] -> %SystemRoot%\system32\DRIVERS\secdrv.sys -> [2007/11/13 09:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
(Ser2pl) Prolific Serial port driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\DRIVERS\ser2pl.sys -> [2004/06/28 17:08:56 | 00,042,752 | ---- | M] (Prolific Technology Inc.)
(STHDA) SigmaTel High Definition Audio CODEC [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\sthda.sys -> [2005/09/09 16:15:32 | 01,032,472 | ---- | M] (SigmaTel, Inc.)
(SynTP) Synaptics TouchPad Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\SynTP.sys -> [2006/03/08 16:35:10 | 00,191,872 | ---- | M] (Synaptics, Inc.)
(usbaudio) USB Audio Driver (WDM) [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\usbaudio.sys -> [2008/04/13 11:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation)
(vncdrv) vncdrv [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\DRIVERS\vncdrv.sys -> [2004/06/26 18:22:00 | 00,004,736 | ---- | M] (RDV Soft)
(wanatw) WAN Miniport (ATW) [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\wanatw4.sys -> [2003/01/10 20:13:04 | 00,033,588 | R--- | M] (America Online, Inc.)
(winachsf) winachsf [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\HSX_CNXT.sys -> [2005/12/01 05:40:08 | 00,669,696 | ---- | M] (Conexant Systems, Inc.)
 
[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://go.microsoft.com/fwlink/?LinkId=69157 -> 
HKEY_LOCAL_MACHINE\: Main\\"Default_Search_URL" -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_LOCAL_MACHINE\: Main\\"Default_Secondary_Page_URL" -> Reg Error: Invalid data type. -> 
HKEY_LOCAL_MACHINE\: Main\\"Extensions Off Page" -> about:NoAdd-ons -> 
HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> %SystemRoot%\system32\blank.htm -> 
HKEY_LOCAL_MACHINE\: Main\\"Search Page" -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_LOCAL_MACHINE\: Main\\"Security Risk Page" -> about:SecurityRisk -> 
HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://go.microsoft.com/fwlink/?LinkId=69157 -> 
HKEY_LOCAL_MACHINE\: Search\\"CustomizeSearch" -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> 
HKEY_LOCAL_MACHINE\: Search\\"SearchAssistant" -> http://www.google.com/ie -> 
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 
HKEY_CURRENT_USER\: Main\\"Local Page" -> C:\WINDOWS\system32\blank.htm -> 
HKEY_CURRENT_USER\: Main\\"Search Page" -> http://www.google.com -> 
HKEY_CURRENT_USER\: Main\\"SearchMigratedDefaultName" -> Google -> 
HKEY_CURRENT_USER\: Main\\"SearchMigratedDefaultURL" -> http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 -> 
HKEY_CURRENT_USER\: Main\\"Secondary Start Pages" -> Reg Error: Invalid data type. -> 
HKEY_CURRENT_USER\: Main\\"Start Page" -> http://www.geocaching.com/login/ -> 
HKEY_CURRENT_USER\: "ProxyEnable" -> 0 -> 
HKEY_CURRENT_USER\: "ProxyOverride" -> *.local -> 
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
< FireFox Extensions [User Folders] > -> 
< HOSTS File > (302826 bytes and 10481 lines) -> C:\WINDOWS\System32\drivers\etc\Hosts -> 
First 25 entries...
Reset Hosts
127.0.0.1       localhost
127.0.0.1	www.007guard.com
127.0.0.1	007guard.com
127.0.0.1	008i.com
127.0.0.1	www.008k.com
127.0.0.1	008k.com
127.0.0.1	www.00hq.com
127.0.0.1	00hq.com
127.0.0.1	010402.com
127.0.0.1	www.032439.com
127.0.0.1	032439.com
127.0.0.1	www.100888290cs.com
127.0.0.1	100888290cs.com
127.0.0.1	www.100sexlinks.com
127.0.0.1	100sexlinks.com
127.0.0.1	www.10sek.com
127.0.0.1	10sek.com
127.0.0.1	www.123topsearch.com
127.0.0.1	123topsearch.com
127.0.0.1	www.132.com
127.0.0.1	132.com
127.0.0.1	www.136136.net
127.0.0.1	136136.net
127.0.0.1	www.163ns.com
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> [2008/06/11 20:33:22 | 00,061,816 | ---- | M] (Adobe Systems Incorporated)
{0941C58F-E461-4E03-BD7D-44C27392ADE1} [HKLM] -> %ProgramFiles%\IBM\Lotus Forms\Viewer\3.0\PEhelper.dll [PE_IE_Helper Class] -> [2008/08/05 14:57:04 | 00,075,144 | ---- | M] (IBM Corporation)
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} [HKLM] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [Adobe PDF Link Helper] -> [2008/06/11 20:33:16 | 00,075,128 | ---- | M] (Adobe Systems Incorporated)
{22BF413B-C6D2-4d91-82A9-A0F997BA588C} [HKLM] -> %ProgramFiles%\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [Skype add-on (mastermind)] -> [2008/09/23 12:17:08 | 01,088,296 | ---- | M] (Skype Technologies S.A.)
{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} [HKLM] -> %ProgramFiles%\BitComet\tools\BitCometBHO_1.2.8.7.dll [BitComet Helper] -> [2008/08/11 07:12:14 | 00,656,696 | ---- | M] (BitComet)
{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> [2008/09/15 13:25:44 | 01,562,960 | ---- | M] (Safer Networking Limited)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_03\bin\ssv.dll [SSVHelper Class] -> [2007/09/25 05:11:33 | 00,501,136 | ---- | M] (Sun Microsystems, Inc.)
{7C554162-8CB7-45A4-B8F4-8EA1C75885F9} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{7DB2D5A0-7241-4E79-B68D-6309F01C5231} [HKLM] -> %ProgramFiles%\McAfee\VirusScan\scriptsn.dll [scriptproxy] -> [2007/11/09 10:09:08 | 00,058,688 | ---- | M] (McAfee, Inc.)
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKLM] -> %ProgramFiles%\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [Google Toolbar Notifier BHO] -> [2009/03/21 01:29:39 | 00,668,656 | ---- | M] (Google Inc.)
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> 
WebBrowser\\"{DE9C389F-3316-41A7-809B-AA305ED9D922}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"Broadcom Wireless Manager UI" -> %SystemRoot%\system32\WLTRAY.exe [C:\WINDOWS\system32\WLTRAY.exe] -> [2006/11/02 01:48:12 | 01,392,640 | ---- | M] (Dell Inc.)
"igfxhkcmd" -> %SystemRoot%\system32\hkcmd.exe [C:\WINDOWS\system32\hkcmd.exe] -> [2006/06/06 15:06:44 | 00,077,824 | ---- | M] (Intel Corporation)
"igfxpers" -> %SystemRoot%\system32\igfxpers.exe [C:\WINDOWS\system32\igfxpers.exe] -> [2006/06/06 15:10:40 | 00,118,784 | ---- | M] (Intel Corporation)
"igfxtray" -> %SystemRoot%\system32\igfxtray.exe [C:\WINDOWS\system32\igfxtray.exe] -> [2006/06/06 15:09:58 | 00,094,208 | ---- | M] (Intel Corporation)
"mcagent_exe" -> %ProgramFiles%\McAfee.com\Agent\mcagent.exe [C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey] -> [2007/11/01 16:12:38 | 00,582,992 | ---- | M] (McAfee, Inc.)
"SigmatelSysTrayApp" -> %SystemRoot%\stsystra.exe [stsystra.exe] -> [2005/09/09 16:19:34 | 00,393,216 | ---- | M] (SigmaTel, Inc.)
"SynTPEnh" -> %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [C:\Program Files\Synaptics\SynTP\SynTPEnh.exe] -> [2006/03/08 16:48:02 | 00,761,947 | ---- | M] (Synaptics, Inc.)
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"ErrorFix" -> %ProgramFiles%\ErrorFix\ErrorFix.exe [C:\Program Files\ErrorFix\ErrorFix.exe -boot] -> File not found
"SpybotSD TeaTimer" -> %ProgramFiles%\Spybot - Search & Destroy\TeaTimer.exe [C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe] -> [2009/03/05 14:07:20 | 02,260,480 | RHS- | M] (Safer-Networking Ltd.)
"swg" -> %ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe] -> [2008/04/27 05:28:24 | 00,068,856 | ---- | M] (Google Inc.)
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> 
< Scott Startup Folder > -> C:\Documents and Settings\Scott\Start Menu\Programs\Startup -> 
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"HonorAutoRunSetting" ->  [1] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
\\"dontdisplaylastusername" ->  [0] -> File not found
\\"legalnoticecaption" ->  [] -> File not found
\\"legalnoticetext" ->  [] -> File not found
\\"shutdownwithoutlogon" ->  [1] -> File not found
\\"undockwithoutlogon" ->  [1] -> File not found
< CurrentVersion Policy Settings - Explorer [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [0] -> File not found
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> 
&AOL Toolbar Search -> %ProgramFiles%\aol\aol toolbar 5.0\resources\en-US\local\search.html [c:\program files\aol\aol toolbar 5.0\resources\en-US\local\search.html] -> File not found
&D&ownload &with BitComet -> %ProgramFiles%\BitComet\BitComet.exe [res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm] -> [2008/12/03 09:11:42 | 02,514,744 | ---- | M] (www.BitComet.com)
&D&ownload all video with BitComet -> %ProgramFiles%\BitComet\BitComet.exe [res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm] -> [2008/12/03 09:11:42 | 02,514,744 | ---- | M] (www.BitComet.com)
&D&ownload all with BitComet -> %ProgramFiles%\BitComet\BitComet.exe [res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm] -> [2008/12/03 09:11:42 | 02,514,744 | ---- | M] (www.BitComet.com)
E&xport to Microsoft Excel -> %ProgramFiles%\Microsoft Office\OFFICE11\EXCEL.EXE [res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000] -> [2008/10/13 09:29:28 | 10,351,944 | ---- | M] (Microsoft Corporation)
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_03\bin\npjpi160_03.dll [Menu: Sun Java Console] -> [2007/09/25 05:11:34 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
{77BF5300-1474-4EC7-9980-D32B190E9B07}:{77BF5300-1474-4EC7-9980-D32B190E9B07} [HKLM] -> %ProgramFiles%\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [Button: Skype] -> [2008/09/23 12:17:08 | 01,088,296 | ---- | M] (Skype Technologies S.A.)
{92780B25-18CC-41C8-B9BE-3C9C571A8263}:{FF059E31-CC5A-4E2E-BF3B-96E929D65503} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Button: Research] -> [2007/04/19 09:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation)
{D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A}:res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll/206 [HKLM] -> %ProgramFiles%\BitComet\tools\BitCometBHO_1.2.8.7.dll [Button: BitComet] -> [2008/08/11 07:12:14 | 00,656,696 | ---- | M] (BitComet)
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Menu: Spybot - Search & Destroy Configuration] -> [2008/09/15 13:25:44 | 01,562,960 | ---- | M] (Safer Networking Limited)
{e2e2dd38-d088-4134-82b7-f2ba38496583}:Exec [HKLM] -> %SystemRoot%\Network Diagnostic\xpnetdiag.exe [Menu: @xpsp3res.dll,-20001] -> [2008/04/13 17:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Button: Messenger] -> [2008/04/13 23:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Menu: Windows Messenger] -> [2008/04/13 23:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] -> %ProgramFiles%\Java\jre1.6.0_03\bin\npjpi160_03.dll [Sun Java Console] -> [2007/09/25 05:11:34 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
CmdMapping\\"{3369AF0D-62E9-4bda-8103-B4C75499B578}" [HKLM] ->  [Reg Error: Key error.] -> File not found
CmdMapping\\"{92780B25-18CC-41C8-B9BE-3C9C571A8263}" [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2007/04/19 09:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation)
CmdMapping\\"{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}" [HKLM] ->  [Reg Error: Value error.] -> File not found
CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 23:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> 
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 5446 domain(s) found. -> 
49 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> 
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 5515 domain(s) found. -> 
objects_aol.com [*] -> Out of zone range - ( 5 ) -> 
92 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> 
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} [HKLM] -> http://go.microsoft.com/fwlink/?linkid=58813 [Office Genuine Advantage Validation Tool] -> 
{166B1BCA-3F9C-11CF-8075-444553540000} [HKLM] -> http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab [Shockwave ActiveX Control] -> 
{17492023-C23A-453E-A040-C7C580BBF700} [HKLM] -> http://download.microsoft.com/download/3/9/8/398422c0-8d3e-40e1-a617-af65a72a0465/LegitCheckControl.cab [Windows Genuine Advantage Validation Tool] -> 
{233C1507-6A77-46A4-9443-F871F945D258} [HKLM] -> http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab [Shockwave ActiveX Control] -> 
{26FCCDF9-A7E1-452A-A73D-7BF7B4D0BA6C} [HKLM] -> http://o.aolcdn.com/pictures/ap/Resources/2.0.6.7/cab/aolpPlugins.10.6.0.4.cab [Reg Error: Key error.] -> 
{37A273C2-5129-11D5-BF37-00A0CCE8754B} [HKLM] -> http://asp.mathxl.com/wizmodules/testgen/installers/TestGenXInstall.cab [TTestGenXInstallObject] -> 
{39B0684F-D7BF-4743-B050-FDC3F48F7E3B} [HKLM] -> http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.2.1.87.cab [Reg Error: Key error.] -> 
{3DCEC959-378A-4922-AD7E-FD5C925D927F} [HKLM] -> http://disney.go.com/pirates/online/testActiveX/built/signed/DisneyOnlineGames.cab [Disney Online Games ActiveX Control] -> 
{3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} [HKLM] -> http://office.microsoft.com/officeupdate/content/opuc3.cab [Office Update Installation Engine] -> 
{48DD0448-9209-4F81-9F6D-D83562940134} [HKLM] -> http://lads.myspace.com/upload/MySpaceUploader1006.cab [MySpace Uploader Control] -> 
{6414512B-B978-451D-A0D8-FCFDF33E833C} [HKLM] -> http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1145051106572 [WUWebControl Class] -> 
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} [HKLM] -> http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1145326712609 [MUWebControl Class] -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab [Java Plug-in 1.6.0_03] -> 
{95D88B35-A521-472B-A182-BB1A98356421} [HKLM] -> http://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab [Pearson Installation Assistant 2] -> 
{C228AEDD-FC47-11D3-AF87-D128A9381404} [HKLM] -> http://www.link-systems.com/~sdk/SDK/paste/lsiw2k.cab [LSICapture Control] -> 
{C7DB51B4-BCF7-4923-8874-7F1A0DC92277} [HKLM] -> http://office.microsoft.com/officeupdate/content/opuc4.cab [Office Update Installation Engine] -> 
{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab [Java Plug-in 1.4.2_03] -> 
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab [Java Plug-in 1.6.0_02] -> 
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab [Java Plug-in 1.6.0_03] -> 
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab [Java Plug-in 1.6.0_03] -> 
{D27CDB6E-AE6D-11CF-96B8-444553540000} [HKLM] -> http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab [Shockwave Flash Object] -> 
{DE22A7AB-A739-4C58-AD52-21F9CD6306B7} [HKLM] -> http://download.microsoft.com/download/7/E/6/7E6A8567-DFE4-4624-87C3-163549BE2704/clearadj.cab [CTAdjust Class] -> 
{E6D23284-0E9B-417D-A782-03E4487FC947} [HKLM] -> http://asp.mathxl.com/books/_Players/MathPlayer.cab [Pearson MathXL Player] -> 
{FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} [HKLM] -> https://secure.logmein.com/activex/ractrl.cab?lmi=100 [Performance Viewer Activex Control] -> 
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{3F41AA5D-B36B-427F-915C-B72B0CEBF8C7} ->    () -> 
{552138F6-FC56-4726-8D41-6E839B04DF3C} ->    (Dell Wireless 1370 WLAN Mini-PCI Card) -> 
{CF570374-3755-43FE-99C3-0A1C5E180068} ->    (Broadcom 440x 10/100 Integrated Controller) -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
Explorer.exe -> %SystemRoot%\Explorer.exe -> [2008/04/13 23:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 
igfxcui -> %SystemRoot%\system32\igfxdev.dll -> [2006/06/06 15:05:50 | 00,139,264 | ---- | M] (Intel Corporation)
NavLogon -> %SystemRoot%\system32\NavLogon.dll -> [2001/09/24 11:59:00 | 00,045,056 | ---- | M] ()
< Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List -> 
"%windir%\Network Diagnostic\xpnetdiag.exe" -> C:\WINDOWS\Network Diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> [2008/04/13 17:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> [2008/04/13 23:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation)
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List -> 
"%windir%\Network Diagnostic\xpnetdiag.exe" -> C:\WINDOWS\Network Diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> [2008/04/13 17:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> [2008/04/13 23:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation)
"C:\Program Files\America Online 9.0\waol.exe" -> C:\Program Files\America Online 9.0\waol.exe [C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL] -> [2005/07/26 17:37:54 | 00,037,464 | ---- | M] (America Online, Inc.)
"C:\Program Files\America's Army\System\ArmyOps.exe" -> C:\Program Files\America's Army\System\ArmyOps.exe [C:\Program Files\America's Army\System\ArmyOps.exe:*:Enabled:ArmyOps] -> File not found
"C:\Program Files\AOL 9.1\waol.exe" -> C:\Program Files\AOL 9.1\waol.exe [C:\Program Files\AOL 9.1\waol.exe:*:Enabled:AOL] -> [2007/10/27 16:45:07 | 00,039,264 | ---- | M] (AOL, LLC.)
"C:\Program Files\BitComet\BitComet.exe" -> C:\Program Files\BitComet\BitComet.exe [C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client] -> [2008/12/03 09:11:42 | 02,514,744 | ---- | M] (www.BitComet.com)
"C:\Program Files\Bonjour\mDNSResponder.exe" -> C:\Program Files\Bonjour\mDNSResponder.exe [C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour] -> [2008/08/29 08:18:44 | 00,238,888 | ---- | M] (Apple Inc.)
"C:\Program Files\Common Files\AOL\1145157821\EE\AOLOpenRide.exe" -> C:\Program Files\Common Files\AOL\1145157821\EE\AOLOpenRide.exe [C:\Program Files\Common Files\AOL\1145157821\EE\AOLOpenRide.exe:*:Enabled:AOL OpenRide] -> File not found
"C:\Program Files\Common Files\AOL\1145157821\EE\AOLServiceHost.exe" -> C:\Program Files\Common Files\AOL\1145157821\EE\AOLServiceHost.exe [C:\Program Files\Common Files\AOL\1145157821\EE\AOLServiceHost.exe:*:Enabled:AOL] -> [2004/11/03 20:03:00 | 00,110,680 | ---- | M] (America Online, Inc.)
"C:\Program Files\Common Files\AOL\1145157821\EE\aolsoftware.exe" -> C:\Program Files\Common Files\AOL\1145157821\EE\aolsoftware.exe [C:\Program Files\Common Files\AOL\1145157821\EE\aolsoftware.exe:*:Enabled:AOL Services] -> [2008/06/24 17:34:50 | 00,041,824 | ---- | M] (AOL LLC)
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" -> C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe [C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL] -> [2006/10/23 11:50:35 | 00,046,640 | R--- | M] (AOL LLC)
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" -> C:\Program Files\Common Files\AOL\ACS\AOLDial.exe [C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL] -> [2006/10/23 11:50:37 | 00,071,216 | R--- | M] (AOL LLC)
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe" -> C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe [C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe:*:Enabled:AOL] -> File not found
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe" -> C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe [C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe:*:Enabled:AOL] -> File not found
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" -> C:\Program Files\Common Files\AOL\Loader\aolload.exe [C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Application Loader] -> [2006/11/03 06:17:27 | 00,010,800 | ---- | M] (AOL LLC)
"C:\Program Files\Common Files\AOL\System Information\sinf.exe" -> C:\Program Files\Common Files\AOL\System Information\sinf.exe [C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL] -> [2007/09/17 12:02:47 | 00,206,176 | ---- | M] (AOL LLC)
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe" -> C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe [C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe:*:Enabled:AOLTopSpeed] -> [2004/10/15 19:54:12 | 00,046,768 | ---- | M] (America Online Inc)
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe" -> C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe [C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe:*:Enabled:AOLTsMon] -> [2004/10/15 19:54:14 | 00,100,016 | ---- | M] (America Online, Inc)
"C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe" -> C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe [C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe:*:Enabled:AOL TopSpeed] -> [2007/04/02 11:33:32 | 00,063,120 | ---- | M] (AOL LLC)
"C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe" -> C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe [C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe:*:Enabled:AOL] -> [2004/10/14 20:34:06 | 00,059,992 | ---- | M] (Gteko Ltd.)
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" -> C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe [C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent] -> [2008/01/24 23:38:12 | 02,458,128 | ---- | M] (McAfee, Inc.)
"C:\Program Files\EA GAMES\The Battle for Middle-earth (tm)\game.dat" -> C:\Program Files\EA GAMES\The Battle for Middle-earth (tm)\game.dat [C:\Program Files\EA GAMES\The Battle for Middle-earth (tm)\game.dat:*:Enabled:The Battle for Middle-earth (tm)] -> [2005/11/28 16:18:19 | 17,945,597 | ---- | M] ()
"C:\Program Files\Internet Explorer\iexplore.exe" -> C:\Program Files\Internet Explorer\iexplore.exe [C:\Program Files\Internet Explorer\iexplore.exe:*:Disabled:Internet Explorer] -> [2008/12/19 04:25:25 | 00,634,024 | ---- | M] (Microsoft Corporation)
"C:\Program Files\InterVideo\DVD8\WinDVD.exe" -> C:\Program Files\InterVideo\DVD8\WinDVD.exe [C:\Program Files\InterVideo\DVD8\WinDVD.exe:*:Enabled:WinDVD] -> File not found
"C:\Program Files\iTunes\iTunes.exe" -> C:\Program Files\iTunes\iTunes.exe [C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes] -> [2008/11/20 11:20:48 | 14,294,824 | ---- | M] (Apple Inc.)
"C:\Program Files\LimeWire\LimeWire.exe" -> C:\Program Files\LimeWire\LimeWire.exe [C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire] -> File not found
"C:\Program Files\Skype\Phone\Skype.exe" -> C:\Program Files\Skype\Phone\Skype.exe [C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype] -> [2008/09/23 12:17:06 | 21,755,688 | R--- | M] (Skype Technologies S.A.)
"C:\Program Files\UltraVNC\vncviewer.exe" -> C:\Program Files\UltraVNC\vncviewer.exe [C:\Program Files\UltraVNC\vncviewer.exe:*:Enabled:VNCViewer] -> File not found
"C:\WINDOWS\system32\lxctcoms.exe" -> C:\WINDOWS\system32\lxctcoms.exe [C:\WINDOWS\system32\lxctcoms.exe:*:Enabled:Lexmark Communications System] -> [2006/07/13 16:27:16 | 00,528,384 | ---- | M] ( )
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> 
"AlternateShell" -> cmd.exe -> 
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 -> 
"DisplayName" -> CD-ROM Driver -> 
"ImagePath" -> %SystemRoot%\system32\DRIVERS\cdrom.sys [system32\DRIVERS\cdrom.sys] -> [2008/04/13 17:40:46 | 00,062,976 | ---- | M] (Microsoft Corporation)
< Drives with AutoRun files > ->  -> 
C:\AUTOEXEC.BAT [] -> %SystemDrive%\AUTOEXEC.BAT [ NTFS ] -> [2006/04/14 15:18:01 | 00,000,000 | ---- | M] ()
E:\autorun.inf [[autorun] | open=setup.exe | ICON=AUTORUN\WDLOGO.ICO | ] -> E:\autorun.inf [ FAT32 ] -> [2008/11/05 13:19:36 | 00,000,052 | RHS- | M] ()
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> 
\{14b392f0-c23a-11dd-9e90-0014229ceaaa}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{14b392f0-c23a-11dd-9e90-0014229ceaaa}\Shell\AutoRun\command
\{14b392f0-c23a-11dd-9e90-0014229ceaaa}\Shell\AutoRun\command\\"" ->  [WD_Windows_Tools\Setup.exe] -> File not found
\{501cd5fd-6e79-11dc-9d6e-00038a000015}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{501cd5fd-6e79-11dc-9d6e-00038a000015}\Shell\AutoRun\command
\{501cd5fd-6e79-11dc-9d6e-00038a000015}\Shell\AutoRun\command\\"" ->  [Autorun.exe /run] -> File not found
\{501cd5fd-6e79-11dc-9d6e-00038a000015}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{501cd5fd-6e79-11dc-9d6e-00038a000015}\Shell\Shell00\Command
\{501cd5fd-6e79-11dc-9d6e-00038a000015}\Shell\Shell00\Command\\"" ->  [Autorun.exe /run] -> File not found
\{501cd5fd-6e79-11dc-9d6e-00038a000015}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{501cd5fd-6e79-11dc-9d6e-00038a000015}\Shell\Shell01\Command
\{501cd5fd-6e79-11dc-9d6e-00038a000015}\Shell\Shell01\Command\\"" ->  [Autorun.exe /action] -> File not found
\{501cd5fd-6e79-11dc-9d6e-00038a000015}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{501cd5fd-6e79-11dc-9d6e-00038a000015}\Shell\Shell02\Command
\{501cd5fd-6e79-11dc-9d6e-00038a000015}\Shell\Shell02\Command\\"" ->  [Autorun.exe /uninstall] -> File not found
\{bbba60be-e90e-11da-b663-00038a000015}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bbba60be-e90e-11da-b663-00038a000015}\Shell\AutoRun\command
\{bbba60be-e90e-11da-b663-00038a000015}\Shell\AutoRun\command\\"" -> F:\setupSNK.exe [F:\setupSNK.exe] -> File not found
 
[Registry - Additional Scans - Safe List]
< File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ -> 
.bat [@ = batfile] -> "%1" %* -> 
.cmd [@ = cmdfile] -> "%1" %* -> 
.com [@ = comfile] -> "%1" %* -> 
.exe [@ = exefile] -> "%1" %* -> 
.html [@ = htmlfile] -> %ProgramFiles%\Internet Explorer\IEXPLORE.EXE -> [2008/12/19 04:25:25 | 00,634,024 | ---- | M] (Microsoft Corporation)
.pif [@ = piffile] -> "%1" %* -> 
.scr [@ = scrfile] -> "%1" /S -> 
< Protocol Filters [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\ -> 
text/xml:{807553E5-5146-11D5-A672-00B0D022E945} [HKLM] -> %CommonProgramFiles%\Microsoft Shared\OFFICE11\MSOXMLMF.DLL[Reg Error: Value error.] -> [2007/04/19 08:57:40 | 00,046,432 | ---- | M] (Microsoft Corporation)
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> 
ipp: [HKLM] -> No CLSID value
ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} [HKLM] -> %CommonProgramFiles%\SYSTEM\OLE DB\msdaipp.dll[MSDAMON.BINDER] -> [2005/09/20 07:33:58 | 00,843,984 | ---- | M] (Microsoft Corporation)
msdaipp: [HKLM] -> No CLSID value
msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} [HKLM] -> %CommonProgramFiles%\SYSTEM\OLE DB\msdaipp.dll[MSDAMON.BINDER] -> [2005/09/20 07:33:58 | 00,843,984 | ---- | M] (Microsoft Corporation)
msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} [HKLM] -> %CommonProgramFiles%\SYSTEM\OLE DB\msdaipp.dll[MSDAIPP.BINDER] -> [2005/09/20 07:33:58 | 00,843,984 | ---- | M] (Microsoft Corporation)
ms-itss:{0A9007C0-4076-11D3-8789-0000F8105754} [HKLM] -> %CommonProgramFiles%\Microsoft Shared\Information Retrieval\MSITSS.DLL[Microsoft Infotech Storage Protocol for IE 4.0] -> [2000/04/19 22:47:36 | 00,520,117 | ---- | M] (Microsoft Corporation)
mso-offdap:{3D9F03FA-7A94-11D3-BE81-0050048385D1} [HKLM] -> %CommonProgramFiles%\Microsoft Shared\Web Components\10\OWC10.DLL[Data Page Pluggable Protocol mso-offdap Handler] -> [2007/03/14 08:10:22 | 07,255,384 | ---- | M] (Microsoft Corporation)
mso-offdap11:{32505114-5902-49B2-880A-1F7738E5A384} [HKLM] -> %CommonProgramFiles%\Microsoft Shared\Web Components\11\OWC11.DLL[Data Page Plugable Protocal mso-offdap11 Handler] -> [2007/05/10 08:45:34 | 08,069,464 | ---- | M] (Microsoft Corporation)
skype4com:{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} [HKLM] -> %CommonProgramFiles%\Skype\Skype4COM.dll[IEProtocolHandler Class] -> [2008/09/23 12:17:06 | 01,942,864 | R--- | M] (Skype Technologies)
x-excid:{9D6CC632-1337-4a33-9214-2DA092E776F4} [HKLM] -> %SystemRoot%\Downloaded Program Files\mimectl.dll[DB2XMLPlugProt Class] -> [2006/11/16 10:28:00 | 00,374,272 | ---- | M] ()
< Security Center Settings > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center
\\"FirstRunDisabled" ->  [1] -> File not found
\\"AntiVirusDisableNotify" ->  [1] -> File not found
\\"FirewallDisableNotify" ->  [1] -> File not found
\\"UpdatesDisableNotify" ->  [0] -> File not found
\\"AntiVirusOverride" ->  [0] -> File not found
\\"FirewallOverride" ->  [0] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus
\Monitoring\McAfeeAntiVirus\\"DisableMonitoring" ->  [1] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall
\Monitoring\McAfeeFirewall\\"DisableMonitoring" ->  [1] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> -> 
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
\\"EnableFirewall" ->  [0] -> File not found
\\"DoNotAllowExceptions" ->  [0] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> -> 
< Uninstall List [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ -> 
{00203668-8170-44A0-BE44-B632FA4D780F} -> Adobe AIR
{18D10072035C4515918F7E37EAFAACFC} -> AutoUpdate
{1A91D1FA-B9B3-4556-9878-5C61059A19B2} -> InterVideo DVD
{1D14373E-7970-4F2F-A467-ACA4F0EA21E3} -> Google Earth
{2BA00471-0328-3743-93BD-FA813353A783} -> Microsoft .NET Framework 3.0 Service Pack 1
{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31} -> Rhapsody Player Engine
{318AB667-3230-41B5-A617-CB3BF748D371} -> iTunes
{3248F0A8-6813-11D6-A77B-00B0D0160020} -> Java(TM) 6 Update 2
{3248F0A8-6813-11D6-A77B-00B0D0160030} -> Java(TM) 6 Update 3
{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227} -> WebFldrs XP
{3A7BF905-F37D-4DFB-8308-EC3AA4617B36} -> Garmin Communicator Plugin
{4817189D-1785-4627-A33C-39FD90919300} -> The Sims 2 Pets
{5C82DAE5-6EB0-4374-9254-BE3319BA4E82} -> Skype™ 3.8
{5E3CFCA6-C95A-47CB-A822-7FA80D423AF2} -> MapSource
{6956856F-B6B3-4BE0-BA0B-8F495BE32033} -> Apple Software Update
{6CF08AD2-00C5-4A63-B74B-2EFFFAFEBE1A} -> Microsoft Outlook Web Access S/MIME
{7148F0A8-6813-11D6-A77B-00B0D0142030} -> Java 2 Runtime Environment, SE v1.4.2_03
{77DCDCE3-2DED-62F3-8154-05E745472D07} -> Acrobat.com
{797EE0CA-8165-405C-B5CE-F11EC20F1BB0} -> Microsoft VC9 runtime libraries
{7B3577F5-1D82-4C9B-008B-69D026FD8BCA} -> The Sims 2 Open For Business
{7B63B2922B174135AFC0E1377DD81EC2} -> DivX Codec
{7D0F78C1-ECB0-4148-8757-35403F9E84EE} -> USB Serial Adapter Driver of Windows XP
{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D} -> DellSupport
{7FCA7183-ECBD-414D-B0F9-D469399303DA} -> MapSource - North American City Select v5
{87F6C83D-F949-4d14-B5CB-DC8C75F8932D} -> The Sims™ 2 FreeTime
{89AD2814-AFA2-46AF-AE53-C27196D9FBE6} -> InterVideo TV
{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} -> Microsoft Silverlight
{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959} -> Bonjour
{8A708DD8-A5E6-11D4-A706-000629E95E20} -> Intel(R) Graphics Media Accelerator Driver for Mobile
{8AB8D458-939E-403F-0097-9BA1C1F013D5} -> The Sims 2
{8FD3F4BA-A4A6-4380-00A6-CC6853AB2DC2} -> The Sims 2 University
{91E30409-6000-11D3-8CFE-0150048383C9} -> Microsoft Office Professional Edition 2003
{937B232D-9776-471E-92BD-D424E514EF14} -> Logitech QuickCam
{962E05CF-3394-496D-0091-850CF1762F6B} -> The Battle for Middle-earth (tm)
{9C9D0F85-5658-4A5E-95A9-65F7DB2916EE} -> Broadcom 440x 10/100 Integrated Controller
{A0BBF7AB-2F47-47DC-BB02-4C826F2BC73B} -> IBM Lotus Forms Viewer 3.0
{A462213D-EED4-42C2-9A60-7BDD4D4B0B17} -> SigmaTel Audio
{A49F249F-0C91-497F-86DF-B2585E8E76B7} -> Microsoft Visual C++ 2005 Redistributable
{AC76BA86-7AD7-1033-7B44-A90000000001} -> Adobe Reader 9
{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1 -> Spybot - Search & Destroy
{B508B3F1-A24A-32C0-B310-85786919EF28} -> Microsoft .NET Framework 2.0 Service Pack 1
{B6F5B704-06D3-4687-90F3-6195304AD755} -> The Sims™ 2 Apartment Life
{BAF78226-3200-4DB4-BE33-4D922A799840} -> Windows Presentation Foundation
{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} -> Microsoft .NET Framework 1.1
{D78653C3-A8FF-415F-92E6-D774E634FF2D} -> Dell ResourceCD
{D7C40BDC-F6FA-46DC-BE4B-0C0EB6DD9212} -> MapSource - City Select North America v6 Update
{DD040AAA-F295-492B-AD91-C8DC24488273} -> Photo Explosion Special Edition
{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06} -> The Sims™ 2 Seasons
{E0000600-0600-0600-0600-000000000600} -> ICS Viewer 6.0
{E3BFEE55-39E2-4BE0-B966-89FE583822C1} -> Dell Support Center
{E40CE517-0D42-4198-96B4-C8232B257EB5} -> Data Lifeguard Diagnostic for Windows
{E646DCF0-5A68-11D5-B229-002078017FBF} -> Digital Line Detect
{EB807EB6-5179-48B7-98D4-7B4934A57A81} -> Documents To Go
{EC4455AB-F155-4CC1-A4C5-88F3777F9886} -> Apple Mobile Device Support
{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E} -> PL-2303 USB-to-Serial
{F248ADFA-64E0-4b03-8A83-059078BED6A0} -> The Sims™ 2 Bon Voyage
{F7514465-E5F3-48E9-A952-327DAEF33DE6} -> InterVideo Home Theater
{F7529650-B9DB-481B-0089-A2AC3C2821C1} -> The Sims 2 Nightlife
{F958CA02-BB40-4007-894B-258729456EE4} -> QuickTime
{FF8157AA-F640-45BD-B7C2-BAA1016B267A} -> palmOne
Adobe AIR -> Adobe AIR
Adobe Flash Player ActiveX -> Adobe Flash Player ActiveX
Adobe Shockwave Player -> Adobe Shockwave Player
Any Video Converter_is1 -> Any Video Converter 2.6.7
AOL Uninstaller -> AOL Uninstaller (Choose which Products to Remove)
AOL YGP Screensaver -> AOL You've Got Pictures Screensaver
AolCoach2_en -> AOL Coach Version 2.0(Build:20041026.5 en)
audcle -> Plus! MP3 Audio Converter LE
BitComet -> BitComet 1.07
Broadcom 802.11b Network Adapter -> Dell Wireless WLAN Card
CCleaner -> CCleaner (remove only)
CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3 -> Conexant HDA D110 MDC V.92 Modem
com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 -> Acrobat.com
DECCHECK -> Microsoft Windows XP Video Decoder Checkup Utility
drmtool.inf -> Personal License Update Wizard for Windows Media Player
Drug Lord 2 -> Drug Lord 2
DVD Decrypter -> DVD Decrypter (Remove Only)
DVD Shrink_is1 -> DVD Shrink 3.2
Eraser_is1 -> Eraser
FreeZip -> FreeZip
Google Updater -> Google Updater
GSAK (Geocaching Swiss Army Knife)_is1 -> GSAK 6.6.5.19
Guild Wars -> Guild Wars
HandBrake -> HandBrake 0.9.3
HijackThis -> HijackThis 2.0.2
IDNMitigationAPIs -> Microsoft Internationalized Domain Names Mitigation APIs
iDump -> iDump (Backing up your iPod)
ie7 -> Windows Internet Explorer 7
InstallShield_{7FCA7183-ECBD-414D-B0F9-D469399303DA} -> MapSource - North American City Select v5
InstallShield_{D7C40BDC-F6FA-46DC-BE4B-0C0EB6DD9212} -> MapSource - City Select North America v6 Update
InterActual Player -> InterActual Player
IrfanView -> IrfanView (remove only)
legacyqcam_10.51 -> Logitech Legacy USB Camera Driver Package
Lexmark 5400 Series -> Lexmark 5400 Series
lvdrivers_11.90 -> Logitech QuickCam Driver Package
Microsoft .NET Framework 1.1  (1033) -> Microsoft .NET Framework 1.1
mplibwiz.inf -> Media Library Management Wizard
mpxptray.inf -> Windows Media Player Tray Control
MSC -> McAfee SecurityCenter
MSCompPackV1 -> Microsoft Compression Client Pack 1.0 for Windows XP
MSN Music Assistant -> MSN Music Assistant
NLSDownlevelMapping -> Microsoft National Language Support Downlevel APIs
Plucker_is1 -> Plucker 1.6
SynTPDeinstKey -> Synaptics Pointing Device Driver
ViewpointMediaPlayer -> Viewpoint Media Player
VLC media player -> VideoLAN VLC media player 0.8.2
WebCyberCoach_wtrb -> WebCyberCoach 3.2 Dell
WIC -> Windows Imaging Component
Windows Media Format Runtime -> Windows Media Format 11 runtime
Windows Media Player -> Windows Media Player 11
Windows XP Service Pack -> Windows XP Service Pack 3
WinGTK-2_is1 -> GTK+ 2.10.6-1 runtime environment
WinRAR archiver -> WinRAR archiver
WMCSetup -> Windows Media Connect
WMFDist11 -> Windows Media Format 11 runtime
wmp11 -> Windows Media Player 11
Wudf01000 -> Microsoft User-Mode Driver Framework Feature Pack 1.0
XpsEPSC -> XML Paper Specification Shared Components Pack 1.0
XviD MPEG4 Video Codec -> XviD MPEG4 Video Codec (remove only)
< Winsock2 Catalogs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\ -> 
NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -> %ProgramFiles%\Bonjour\mdnsNSP.dll -> [2008/08/29 07:53:50 | 00,147,456 | ---- | M] (Apple Inc.)
< EventViewer Logs - Last 10 Errors > -> Event Information -> Description
Application [ Error ] 3/13/2009 3:38:56 PM Computer Name = LAPTOP | Source = Application Hang | ID = 1001 -> Description = Fault bucket 734037209.
Application [ Error ] 3/15/2009 1:18:52 PM Computer Name = LAPTOP | Source = Application Hang | ID = 1002 -> Description = Hanging application explorer.exe, version 6.0.2900.5512, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Application [ Error ] 3/15/2009 4:25:03 PM Computer Name = LAPTOP | Source = Application Hang | ID = 1002 -> Description = Hanging application explorer.exe, version 6.0.2900.5512, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Application [ Error ] 3/15/2009 9:36:40 PM Computer Name = LAPTOP | Source = Application Hang | ID = 1002 -> Description = Hanging application DVDDecrypter.exe, version 3.5.4.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Application [ Error ] 3/19/2009 7:58:22 PM Computer Name = LAPTOP | Source = McLogEvent | ID = 5051 -> Description = A thread in process C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe took longer than 90000 ms to complete a request.    The process will be terminated.  Thread id : 2588 (0xa1c)    Thread address : 0x12190B20    Thread message :      Build VSCORE.14.0.0.349 / 5300.2777   Object being scanned = \Device\HarddiskVolume2\WINDOWS\TEMP\ver48A.tmp   by c:\PROGRA~1\mcafee\msc\mcupdmgr.exe   4(1485)(0)   4(1391)(0)   7200(719)(0)   7595(719)(0)   7005(719)(0)   7004(719)(0)   5006(719)(0)   5004(719)(0)  
Application [ Error ] 3/19/2009 8:38:10 PM Computer Name = LAPTOP | Source = Application Hang | ID = 1002 -> Description = Hanging application Handbrake.exe, version 0.9.3.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Application [ Error ] 3/22/2009 2:35:36 PM Computer Name = LAPTOP | Source = Application Hang | ID = 1002 -> Description = Hanging application RipIt4Me.exe, version 1.7.1.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Application [ Error ] 3/23/2009 5:03:15 PM Computer Name = LAPTOP | Source = Application Hang | ID = 1002 -> Description = Hanging application OTScanIt2.exe, version 1.0.9.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Application [ Error ] 3/26/2009 3:44:39 PM Computer Name = LAPTOP | Source = Application Hang | ID = 1002 -> Description = Hanging application ialaunch.exe, version 3.18.12.1221, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Application [ Error ] 3/27/2009 5:06:31 PM Computer Name = LAPTOP | Source = Application Hang | ID = 1002 -> Description = Hanging application OTScanIt2.exe, version 1.0.9.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
System [ Error ] 3/22/2009 1:47:24 PM Computer Name = LAPTOP | Source = Cdrom | ID = 262151 -> Description = The device, \Device\CdRom0, has a bad block.
System [ Error ] 3/22/2009 1:47:26 PM Computer Name = LAPTOP | Source = Cdrom | ID = 262151 -> Description = The device, \Device\CdRom0, has a bad block.
System [ Error ] 3/22/2009 1:47:27 PM Computer Name = LAPTOP | Source = Cdrom | ID = 262151 -> Description = The device, \Device\CdRom0, has a bad block.
System [ Error ] 3/22/2009 1:47:29 PM Computer Name = LAPTOP | Source = Cdrom | ID = 262151 -> Description = The device, \Device\CdRom0, has a bad block.
System [ Error ] 3/22/2009 1:47:30 PM Computer Name = LAPTOP | Source = Cdrom | ID = 262151 -> Description = The device, \Device\CdRom0, has a bad block.
System [ Error ] 3/22/2009 1:47:32 PM Computer Name = LAPTOP | Source = Cdrom | ID = 262151 -> Description = The device, \Device\CdRom0, has a bad block.
System [ Error ] 3/22/2009 1:47:34 PM Computer Name = LAPTOP | Source = Cdrom | ID = 262151 -> Description = The device, \Device\CdRom0, has a bad block.
System [ Error ] 3/22/2009 1:47:35 PM Computer Name = LAPTOP | Source = Cdrom | ID = 262151 -> Description = The device, \Device\CdRom0, has a bad block.
System [ Error ] 3/22/2009 1:47:37 PM Computer Name = LAPTOP | Source = Cdrom | ID = 262151 -> Description = The device, \Device\CdRom0, has a bad block.
System [ Error ] 3/23/2009 2:43:03 PM Computer Name = LAPTOP | Source = DCOM | ID = 10001 -> Description = Unable to start a DCOM Server: {C7E39D60-7A9F-42BF-ABB1-03DC0FA4F493} as /.  The error:  "%233"  Happened while starting this command:  c:\PROGRA~1\mcafee.com\agent\mcagent.exe -Embedding
 
[Files/Folders - Created Within 30 Days]
InterActual Player.lnk -> %AllUsersProfile%\Desktop\InterActual Player.lnk -> [2009/03/26 19:57:51 | 00,000,813 | ---- | C] ()
OTScanIt2 -> %UserProfile%\Desktop\OTScanIt2 -> [2009/03/23 19:55:52 | 00,000,000 | ---D | C]
OTScanIt2.exe -> %UserProfile%\Desktop\OTScanIt2.exe -> [2009/03/23 19:55:19 | 00,662,639 | ---- | C] ()
hidserv.dll -> %SystemRoot%\System32\hidserv.dll -> [2009/03/21 17:30:25 | 00,021,504 | ---- | C] (Microsoft Corporation)
hidserv.dll -> %SystemRoot%\System32\dllcache\hidserv.dll -> [2009/03/21 17:30:25 | 00,021,504 | ---- | C] (Microsoft Corporation)
Google Software Updater.job -> %SystemRoot%\tasks\Google Software Updater.job -> [2009/03/21 01:29:34 | 00,000,868 | ---- | C] ()
DaVinci_Code -> %SystemDrive%\DaVinci_Code -> [2009/03/19 21:27:09 | 00,000,000 | ---D | C]
XPCD -> %UserProfile%\Desktop\XPCD -> [2009/03/15 16:15:52 | 00,000,000 | ---D | C]
UBCD4Win -> %SystemDrive%\UBCD4Win -> [2009/03/15 15:46:06 | 00,000,000 | ---D | C]
HandBrake.lnk -> %UserProfile%\Desktop\HandBrake.lnk -> [2009/03/15 00:48:30 | 00,000,728 | ---- | C] ()
HandBrake -> %ProgramFiles%\HandBrake -> [2009/03/15 00:48:29 | 00,000,000 | ---D | C]
HijackThis Logs -> %UserProfile%\Desktop\HijackThis Logs -> [2009/03/15 00:30:59 | 00,000,000 | ---D | C]
HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk -> [2009/03/15 00:30:36 | 00,001,768 | ---- | C] ()
Trend Micro -> %ProgramFiles%\Trend Micro -> [2009/03/15 00:30:36 | 00,000,000 | ---D | C]
Config.Msi -> %SystemDrive%\Config.Msi -> [2009/03/14 22:06:15 | 00,000,000 | -HSD | C]
ErrorFix Scan.job -> %SystemRoot%\tasks\ErrorFix Scan.job -> [2009/03/14 21:45:24 | 00,000,422 | ---- | C] ()
ErrorFix -> %AppData%\ErrorFix -> [2009/03/14 21:45:18 | 00,000,000 | ---D | C]
Recent -> %UserProfile%\Recent -> [2009/03/14 19:08:47 | 00,000,000 | RH-D | C]
Western Digital Corporation -> %ProgramFiles%\Western Digital Corporation -> [2009/03/13 18:23:07 | 00,000,000 | ---D | C]
WDC -> %UserProfile%\My Documents\WDC -> [2009/03/13 18:22:53 | 00,000,000 | ---D | C]
jestertb.dll -> %SystemRoot%\jestertb.dll -> [2009/03/13 18:22:48 | 00,020,992 | ---- | C] ()
TopoGrafix -> %UserProfile%\Local Settings\Application Data\TopoGrafix -> [2009/03/07 19:15:55 | 00,000,000 | ---D | C]
 
[Files/Folders - Modified Within 30 Days]
3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
1 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp -> 
1 C:\WINDOWS\Temp\gis1a7e8e0b\*.tmp files -> C:\WINDOWS\Temp\gis1a7e8e0b\*.tmp -> 
bgroykfc.dll -> %UserProfile%\Local Settings\Temp\bgroykfc.dll -> [2009/03/27 20:05:18 | 00,053,248 | ---- | M] ()
Config.MPF -> %SystemRoot%\System32\Config.MPF -> [2009/03/27 20:04:58 | 00,014,187 | ---- | M] ()
Google Software Updater.job -> %SystemRoot%\tasks\Google Software Updater.job -> [2009/03/27 19:25:17 | 00,000,868 | ---- | M] ()
User_Feed_Synchronization-{210CFB9A-4178-4488-9B90-25DB39C3EEF7}.job -> %SystemRoot%\tasks\User_Feed_Synchronization-{210CFB9A-4178-4488-9B90-25DB39C3EEF7}.job -> [2009/03/27 15:57:13 | 00,000,392 | -H-- | M] ()
ErrorFix Scan.job -> %SystemRoot%\tasks\ErrorFix Scan.job -> [2009/03/27 12:00:00 | 00,000,422 | ---- | M] ()
NTUSER.DAT -> %UserProfile%\NTUSER.DAT -> [2009/03/26 20:27:38 | 14,417,920 | -H-- | M] ()
InterActual Player.lnk -> %AllUsersProfile%\Desktop\InterActual Player.lnk -> [2009/03/26 19:57:51 | 00,000,813 | ---- | M] ()
hb_encode_log.dat -> %UserProfile%\Local Settings\Temp\hb_encode_log.dat -> [2009/03/26 19:10:21 | 00,020,166 | ---- | M] ()
hb_queue_recovery.dat -> %UserProfile%\Local Settings\Temp\hb_queue_recovery.dat -> [2009/03/26 14:16:22 | 00,000,000 | ---- | M] ()
dvdinfo.dat -> %UserProfile%\Local Settings\Temp\dvdinfo.dat -> [2009/03/24 23:07:52 | 00,005,359 | ---- | M] ()
AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job -> [2009/03/24 12:31:07 | 00,000,284 | ---- | M] ()
OTScanIt2.exe -> %UserProfile%\Desktop\OTScanIt2.exe -> [2009/03/23 19:55:27 | 00,662,639 | ---- | M] ()
ci.dll -> %SystemRoot%\Temp\gis1a7e8e0b\2.4.1536.6592\ci.dll -> [2009/03/21 01:29:25 | 01,204,208 | ---- | M] (Google)
GoogleUpdaterService.exe -> %SystemRoot%\Temp\gis1a7e8e0b\GoogleUpdaterService.exe -> [2009/03/21 01:29:25 | 00,183,280 | ---- | M] (Google)
GoogleUpdaterSetup.exe -> %SystemRoot%\Temp\gis1a7e8e0b\2.4.1536.6592\GoogleUpdaterSetup.exe -> [2009/03/21 01:29:25 | 00,176,112 | ---- | M] (Google Inc.)
GoogleUpdaterInstallMgr.exe -> %SystemRoot%\Temp\gis1a7e8e0b\2.4.1536.6592\GoogleUpdaterInstallMgr.exe -> [2009/03/21 01:29:25 | 00,169,968 | ---- | M] (Google)
GoogleUpdater.exe -> %SystemRoot%\Temp\gis1a7e8e0b\GoogleUpdater.exe -> [2009/03/21 01:29:25 | 00,161,776 | ---- | M] (Google)
cires.dll -> %SystemRoot%\Temp\gis1a7e8e0b\2.4.1536.6592\cires.dll -> [2009/03/21 01:29:25 | 00,100,848 | ---- | M] ()
npCIDetect13.dll -> %SystemRoot%\Temp\gis1a7e8e0b\2.4.1536.6592\npCIDetect13.dll -> [2009/03/21 01:29:25 | 00,099,824 | ---- | M] (Google)
GoogleUpdaterAdminPrefs.exe -> %SystemRoot%\Temp\gis1a7e8e0b\2.4.1536.6592\GoogleUpdaterAdminPrefs.exe -> [2009/03/21 01:29:24 | 00,227,824 | ---- | M] (Google)
googleupdater.exe1a7ec2f6 -> %SystemRoot%\Temp\googleupdater.exe1a7ec2f6 -> [2009/03/21 01:29:09 | 01,075,696 | ---- | M] ()
perfh009.dat -> %SystemRoot%\System32\perfh009.dat -> [2009/03/19 22:50:07 | 00,445,096 | ---- | M] ()
perfc009.dat -> %SystemRoot%\System32\perfc009.dat -> [2009/03/19 22:50:07 | 00,072,554 | ---- | M] ()
PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI -> [2009/03/19 22:50:06 | 00,526,710 | ---- | M] ()
wpa.dbl -> %SystemRoot%\System32\wpa.dbl -> [2009/03/15 22:03:01 | 00,002,206 | ---- | M] ()
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [2009/03/15 22:02:01 | 00,000,006 | -H-- | M] ()
bootstat.dat -> %SystemRoot%\bootstat.dat -> [2009/03/15 22:01:39 | 00,002,048 | --S- | M] ()
ntuser.ini -> %UserProfile%\ntuser.ini -> [2009/03/15 21:59:21 | 00,000,278 | -HS- | M] ()
VETlog.dmp -> %SystemDrive%\VETlog.dmp -> [2009/03/15 19:29:42 | 00,055,088 | ---- | M] ()
HandBrake.lnk -> %UserProfile%\Desktop\HandBrake.lnk -> [2009/03/15 00:48:30 | 00,000,728 | ---- | M] ()
HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk -> [2009/03/15 00:30:36 | 00,001,768 | ---- | M] ()
McDefragTask.job -> %SystemRoot%\tasks\McDefragTask.job -> [2009/03/14 23:53:08 | 00,000,340 | ---- | M] ()
win.ini -> %SystemRoot%\win.ini -> [2009/03/14 21:32:53 | 00,000,340 | ---- | M] ()
qmgr1.dat -> %AllUsersProfile%\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [2009/03/14 18:15:41 | 00,005,513 | ---- | M] ()
qmgr0.dat -> %AllUsersProfile%\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [2009/03/14 18:15:41 | 00,004,232 | ---- | M] ()
hosts -> %SystemRoot%\System32\drivers\etc\hosts -> [2009/03/14 17:42:19 | 00,302,826 | R--- | M] ()
FNTCACHE.DAT -> %SystemRoot%\System32\FNTCACHE.DAT -> [2009/03/14 08:25:40 | 00,333,072 | ---- | M] ()
jestertb.dll -> %SystemRoot%\jestertb.dll -> [2009/03/13 18:22:49 | 00,020,992 | ---- | M] ()
LVPrcInj01.dll -> %SystemRoot%\Temp\logishrd\LVPrcInj01.dll -> [2008/12/16 19:59:28 | 00,109,080 | ---- | M] (Logitech Inc.)
opa11.dat -> %AllUsersProfile%\Application Data\Microsoft\OFFICE\DATA\opa11.dat -> [2006/04/15 04:00:45 | 00,011,090 | ---- | M] ()
[CatchMe Rootkit Scan by GMER]
< Windows folder & sub-folders >
scanning hidden processes ...
scanning hidden services & system hive ...
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
< Document and Settings folder & sub folders >
scanning hidden files ...
C:\Documents and Settings\Scott\Favorites\Colombia Military Guide.url:favicon 1406 bytes
C:\Documents and Settings\Scott\Favorites\Defense Acquisition University.url:favicon 894 bytes
C:\Documents and Settings\Scott\Favorites\Pack457 Den3 - Welcome to the Bear Den!.url:favicon 1150 bytes
C:\Documents and Settings\Scott\Favorites\Parsimonious - Free Downloads Sims & Sims2 Clothes,Furniture, Houses, Hair, Makeup.url:favicon 1406 bytes
C:\Documents and Settings\Scott\Favorites\Sexy Sims 2 - powered by vBulletin.url:favicon 3638 bytes
C:\Documents and Settings\Scott\Favorites\The Sims 2 and 1 Resource - Over 564,000 Downloads for The Sims 2 and 1.url:favicon 3638 bytes
C:\Documents and Settings\Scott\Favorites\TheSims2.com - Home.url:favicon 1150 bytes
C:\Documents and Settings\Scott\Favorites\WebCT Login Page.url:favicon 318 bytes
C:\Documents and Settings\Scott\Favorites\Welcome to ModTheSims2.url:favicon 3638 bytes
C:\Documents and Settings\Scott\Favorites\FARSite (Federal Acquisition Regulation Site).url:favicon 1206 bytes
C:\Documents and Settings\Scott\Favorites\final fantsy X walkthrough.url:favicon 1406 bytes
C:\Documents and Settings\Scott\Favorites\Lajes Overview.url:favicon 894 bytes
C:\Documents and Settings\Scott\Favorites\lego replacement parts.url:favicon 1406 bytes
C:\Documents and Settings\Scott\Favorites\LINK TO PDG MP3S.url:favicon 894 bytes
C:\Documents and Settings\Scott\Favorites\LogMeIn - Remote Access and Desktop Control Software for your PC.url:favicon 2550 bytes
C:\Documents and Settings\Scott\My Documents\EA Games\Backup Files\Sims2Launcher backup.exe:SummaryInformation 184 bytes
C:\Documents and Settings\Scott\My Documents\EA Games\Backup Files\Sims2Launcher backup.exe:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} 0 bytes
scan completed successfully
hidden files: 109
 
< End of report >
Screed92
Regular Member
 
Posts: 23
Joined: August 29th, 2008, 9:56 pm

Re: Right-click file menu

Unread postby Odd dude » March 28th, 2009, 4:07 am

Screed92 wrote:Sorry about taking so long to reply, work's been a real bear this week.
No problem :)

Is this a business computer?

WGA Diagnostic Tool
Could you please download and install this.
When the installation has finished, click Run. Then click Run once more.
Next, click Continue, then Copy. The results of the tool will be pasted to the clipboard. Kindly post these results in your next reply. (Right-click the white box in which you type your forum post and click Paste to do so).


DDS (Doesn't Do Squat)
Download DDS by sUBs to your desktop.
Your antivirus software might question the file. If it does, turn it off please :)
  • Double click DDS.scr to run it and wait for the scan to finish
  • When finished DDS.txt will open
  • A small while later, a prompt will open. Answer Yes
  • DDS will continue scanning
  • When done, Attach.txt will open
  • Post DDS.txt and attach Attach.txt


Submit a file for analysis
We need to have something checked for malware. Please go to Jotti's.
  • Click Browse next to File to upload & scan and copy and paste the first line of the following list into the browse box:
    Code: Select all
    c:\windows\system32\drivers\hsxhwasl.sys
    c:\windows\system32\drivers\vcndrv.sys
  • Click Submit. The file will now be scanned for malware and the results will be displayed from the screen. Select the part where the virus scan results are shown (the part starting with A-squared and ending with VBA32) and copy and paste this to notepad.
  • Repeat this procedure for any other files I have listed.
  • Copy and paste the whole notepad file you just made into your reply.


Post:
- is this a business related computer?
- WGA diagnostic tool results
- DDS log.txt
- Jotti results

Attach:
- DDS attach.txt
User avatar
Odd dude
Retired Graduate
 
Posts: 2819
Joined: May 18th, 2008, 11:16 am
Location: The Netherlands (GMT +1)

Re: Right-click file menu

Unread postby Screed92 » March 29th, 2009, 12:48 pm

This computer is my personal computer mainly used for entertainment. However, I do use it for business when I travel; so short answer would be yes, it is a business related computer, but it belongs to me and not to my employer.

Below is the WGA diagnostic tool results:

Diagnostic Report (1.9.0006.1):
-----------------------------------------
WGA Data-->
Validation Status: Genuine
Validation Code: 0
Online Validation Code: N/A
Cached Validation Code: N/A
Windows Product Key: *****-*****-GD6GR-K6DP3-4C8MT
Windows Product Key Hash: s2kt66ZJWfV4nS1wFD5F9bxTSDw=
Windows Product ID: 76477-OEM-2111907-00102
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 5.1.2600.2.00010300.3.0.hom
ID: {FF75E955-F1FE-4A39-AF69-4B88A4164D2F}(3)
Is Admin: Yes
TestCab: 0x0
WGA Version: Registered, 1.7.69.2
Signed By: Microsoft
Product Name: N/A
Architecture: N/A
Build lab: N/A
TTS Error: N/A
Validation Diagnostic: 025D1FF3-230-1
Resolution Status: N/A

WgaER Data-->
ThreatID(s): N/A
Version: N/A

WGA Notifications Data-->
Cached Result: 0
File Exists: Yes
Version: 1.7.17.0
WgaTray.exe Signed By: Microsoft
WgaLogon.dll Signed By: Microsoft

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
WGATray.exe Signed By: Microsoft
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 100 Genuine
Microsoft Office Professional Edition 2003 - 100 Genuine
OGA Version: Registered, 1.5.532.0
Signed By: Microsoft
Office Diagnostics: 025D1FF3-230-1

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 7.0; Win32)
Default Browser: C:\Program Files\Internet Explorer\IEXPLORE.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{FF75E955-F1FE-4A39-AF69-4B88A4164D2F}</UGUID><Version>1.9.0006.1</Version><OS>5.1.2600.2.00010300.3.0.hom</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-4C8MT</PKey><PID>76477-OEM-2111907-00102</PID><PIDType>2</PIDType><SID>S-1-5-21-861567501-1592454029-682003330</SID><SYSTEM><Manufacturer>Dell Inc.</Manufacturer><Model>ME051 </Model></SYSTEM><BIOS><Manufacturer>Dell Inc.</Manufacturer><Version>A06</Version><SMBIOSVersion major="2" minor="3"/><Date>20060226000000.000000+000</Date><SLPBIOS>Dell System,Dell Computer,Dell System,Dell System</SLPBIOS></BIOS><HWID>316B341701840063</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Azores Standard Time(GMT-01:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification><File Name="WgaTray.exe" Version="1.7.17.0"/><File Name="WgaLogon.dll" Version="1.7.17.0"/></GANotification></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{91E30409-6000-11D3-8CFE-0150048383C9}"><LegitResult>100</LegitResult><Name>Microsoft Office Professional Edition 2003</Name><Ver>11</Ver><Val>65B2055BB29C5A4</Val><Hash>BrhyK7HgxMkB7xzU+uBmCyL4zf0=</Hash><Pid>73931-722-2043804-57265</Pid><PidType>1</PidType></Product></Products><Applications><App Id="15" Version="11" Result="100"/><App Id="16" Version="11" Result="100"/><App Id="18" Version="11" Result="100"/><App Id="19" Version="11" Result="100"/><App Id="1A" Version="11" Result="100"/><App Id="1B" Version="11" Result="100"/><App Id="44" Version="11" Result="100"/><App Id="A1" Version="11" Result="100"/></Applications></Office></Software></GenuineResults>

Licensing Data-->
N/A

HWID Data-->
N/A

OEM Activation 1.0 Data-->
BIOS string matches: yes
Marker string from BIOS: 4001:Dell Inc|4001:Microsoft Corporation
Marker string from OEMBIOS.DAT: Dell System,Dell Computer,Dell System,Dell System

OEM Activation 2.0 Data-->
N/A

_______________________________________________________________________________________________________

Here's the DDS log:


DDS (Ver_09-03-16.01) - NTFSx86
Run by Scott at 16:25:37.05 on Sun 03/29/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.529 [GMT 0:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated)
FW: McAfee Personal Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\lxctcoms.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\stsystra.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Scott\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.geocaching.com/login/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
mSearchAssistant = hxxp://www.google.com/ie
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: PE_IE_Helper Class: {0941c58f-e461-4e03-bd7d-44c27392ade1} - c:\program files\ibm\lotus forms\viewer\3.0\PEhelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - c:\program files\bitcomet\tools\BitCometBHO_1.2.8.7.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
BHO: {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - No File
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
TB: {DE9C389F-3316-41A7-809B-AA305ED9D922} - No File
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [ErrorFix] c:\program files\errorfix\ErrorFix.exe -boot
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [mcagent_exe] c:\program files\mcafee.com\agent\mcagent.exe /runkey
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-us\local\search.html
IE: &D&ownload &with BitComet - c:\program files\bitcomet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\bitcomet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\bitcomet\BitComet.exe/AddAllLink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://c:\program files\bitcomet\tools\BitCometBHO_1.2.8.7.dll/206
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://go.microsoft.com/fwlink/?linkid=58813
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/sh ... tor/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/ ... ontrol.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://fpdownload.macromedia.com/get/sh ... tor/sw.cab
DPF: {26FCCDF9-A7E1-452A-A73D-7BF7B4D0BA6C} - hxxp://o.aolcdn.com/pictures/ap/Resourc ... .6.0.4.cab
DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} - hxxp://asp.mathxl.com/wizmodules/testge ... nstall.cab
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/ ... 2.1.87.cab
DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} - hxxp://disney.go.com/pirates/online/tes ... eGames.cab
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdat ... /opuc3.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupda ... 5051106572
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftup ... 5326712609
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {95D88B35-A521-472B-A182-BB1A98356421} - hxxp://asp.mathxl.com/books/_Players/Pe ... lAsst2.cab
DPF: {C228AEDD-FC47-11D3-AF87-D128A9381404} - hxxp://www.link-systems.com/~sdk/SDK/paste/lsiw2k.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdat ... /opuc4.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/aut ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/fl ... wflash.cab
DPF: {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} - hxxp://download.microsoft.com/download/ ... earadj.cab
DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} - hxxp://asp.mathxl.com/books/_Players/MathPlayer.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: x-excid - {9D6CC632-1337-4a33-9214-2DA092E776F4} - c:\windows\downloaded program files\mimectl.dll
Notify: igfxcui - igfxdev.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2008-12-22 201320]
R1 oreans32;oreans32;c:\windows\system32\drivers\oreans32.sys [2006-10-17 33952]
R2 Machnm32;Machnm32 Driver;c:\windows\system32\Machnm32.sys [2006-10-17 2304]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2008-12-22 359248]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2008-12-22 144704]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2008-12-22 79304]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2008-12-22 35240]
S2 0211041229988289mcinstcleanup;McAfee Application Installer Cleanup (0211041229988289); [x]
S3 DellBIOS;DellBIOS;c:\windows\DellBIOS.Sys [2006-8-21 5120]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2008-12-22 33832]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2008-12-22 40488]
S3 musbehco;musbehco; [x]
S3 SCRx31 USB Reader;SCRx31 USB Reader;c:\windows\system32\drivers\stc2.sys [2009-2-6 56320]
S3 ZSMC0305;VIMICRO USB PC Camera V; [x]
S4 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2008-12-22 695624]

=============== Created Last 30 ================

2009-03-21 18:30 21,504 ac------ c:\windows\system32\dllcache\hidserv.dll
2009-03-21 18:30 21,504 a------- c:\windows\system32\hidserv.dll
2009-03-19 22:27 <DIR> --d----- C:\DaVinci_Code
2009-03-15 16:46 <DIR> --d----- C:\UBCD4Win
2009-03-15 01:48 <DIR> --d----- c:\program files\HandBrake
2009-03-15 01:30 <DIR> --d----- c:\program files\Trend Micro
2009-03-14 22:45 <DIR> --d----- c:\docume~1\scott\applic~1\ErrorFix
2009-03-13 19:23 <DIR> --d----- c:\program files\Western Digital Corporation
2009-03-13 19:22 20,992 a------- c:\windows\jestertb.dll

==================== Find3M ====================

2009-02-11 21:14 0 a------- c:\windows\system32\drivers\lvuvc.hs
2009-02-11 21:12 0 a------- c:\windows\system32\drivers\logiflt.iad
2009-02-10 19:38 152,904 a------- c:\windows\system32\vghd.scr
2009-02-09 11:13 1,846,784 a------- c:\windows\system32\win32k.sys
2008-05-19 08:06 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008051920080520\index.dat

============= FINISH: 16:26:54.92 ===============

_______________________________________________________________________________________________________

Here's the Jotti results for c:\windows\system32\drivers\hsxhwasl.sys: (could not find that file. Did you mean ...\hsxhwazl.sys? That's the closest I could find so I scanned it). Posted also are the Jotti results for c:\windows\system32\drivers\vcndrv.sys (again, jotti couldn't find that file. Closest I could find was vncdrv.sys so that's the one that I scanned:

Jotti results for ...\hsxhwazl.sys:

Scan taken on 29 Mar 2009 16:39:12 (GMT)
A-Squared Found nothing
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Ikarus Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Quick Heal Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing


Jotti results for vncdrv.sys:


Scan taken on 29 Mar 2009 16:43:45 (GMT)
A-Squared Found nothing
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Ikarus Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Quick Heal Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing


That's everything you've asked for, I believe. Please let me know if I've missed something or if the "Attach.txt" didn't attach. Thanks.
You do not have the required permissions to view the files attached to this post.
Screed92
Regular Member
 
Posts: 23
Joined: August 29th, 2008, 9:56 pm

Re: Right-click file menu

Unread postby Odd dude » March 29th, 2009, 1:10 pm

You did great, I must've made some typos copying over the file names. Sorry!

Before I begin cleaning you, I would like you to read the following topic:
http://malwareremoval.com/forum/viewtop ... 11&t=33112

I want you to realize this: Person-to-Person file sharing programmes are the #1 cause of infection to people. The program might not be infected, but the files you download with it most certainly can - and in fact, most of them will - be infected.

Please uninstall the Person-to-Person file sharing programmes mentioned below through Add/Remove Programs in the Control Panel.

BitComet 1.07

Also uninstall any other P2P programs I may have missed. Thanks :)

Also uninstall these:

Java 2 Runtime Environment, SE v1.4.2_03
Java(TM) 6 Update 2
Java(TM) 6 Update 3

Download and install the latest version from here. The site is a bit confusing; this is what you should do:
  • Scroll down to where it says Java Runtime Environment (JRE) 6 Update 13.
  • Click the Download button to the right.
  • Choose the correct Platform. Also, check the box that says I agree to the Java SE Runtime Environment 6 License Agreement.
  • Now, click Continue.
  • Click on the filename under Windows Offline Installation and save it to your desktop.
  • Now, close all other windows. Including Internet Explorer.
  • You can now install Java by double-clicking the executable you just downloaded.

Update your Adobe Reader
Your version of Adobe Reader is old and may contain security leaks. Please first uninstall the older version, then download and install the newest version from here.


Post new DDS logs, please :)
User avatar
Odd dude
Retired Graduate
 
Posts: 2819
Joined: May 18th, 2008, 11:16 am
Location: The Netherlands (GMT +1)

Re: Right-click file menu

Unread postby Screed92 » March 30th, 2009, 12:17 pm

Alright. Uninstalled BitComet, uninstalled, downloaded and installed JRE, and uninstalled, downloaded and installed latest version of Adobe Reader. Here's the requested DDS log. Attach.txt is attached. Thanks.


DDS (Ver_09-03-16.01) - NTFSx86
Run by Scott at 16:07:01.81 on Mon 03/30/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.475 [GMT 0:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated)
FW: McAfee Personal Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\lxctcoms.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Scott\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.geocaching.com/login/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
mSearchAssistant = hxxp://www.google.com/ie
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: PE_IE_Helper Class: {0941c58f-e461-4e03-bd7d-44c27392ade1} - c:\program files\ibm\lotus forms\viewer\3.0\PEhelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - No File
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {DE9C389F-3316-41A7-809B-AA305ED9D922} - No File
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [ErrorFix] c:\program files\errorfix\ErrorFix.exe -boot
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [mcagent_exe] c:\program files\mcafee.com\agent\mcagent.exe /runkey
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRunOnce: [Uninstall getPlus(R) for Adobe] "c:\program files\nos\bin\getPlus_HelperSvc.exe" /UninstallGet1noarp
IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-us\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://go.microsoft.com/fwlink/?linkid=58813
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/sh ... tor/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/ ... ontrol.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://fpdownload.macromedia.com/get/sh ... tor/sw.cab
DPF: {26FCCDF9-A7E1-452A-A73D-7BF7B4D0BA6C} - hxxp://o.aolcdn.com/pictures/ap/Resourc ... .6.0.4.cab
DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} - hxxp://asp.mathxl.com/wizmodules/testge ... nstall.cab
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/ ... 2.1.87.cab
DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} - hxxp://disney.go.com/pirates/online/tes ... eGames.cab
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdat ... /opuc3.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupda ... 5051106572
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftup ... 5326712609
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {95D88B35-A521-472B-A182-BB1A98356421} - hxxp://asp.mathxl.com/books/_Players/Pe ... lAsst2.cab
DPF: {C228AEDD-FC47-11D3-AF87-D128A9381404} - hxxp://www.link-systems.com/~sdk/SDK/paste/lsiw2k.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdat ... /opuc4.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://wwwimages.adobe.com/www.adobe.co ... nos/gp.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/fl ... wflash.cab
DPF: {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} - hxxp://download.microsoft.com/download/ ... earadj.cab
DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} - hxxp://asp.mathxl.com/books/_Players/MathPlayer.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: x-excid - {9D6CC632-1337-4a33-9214-2DA092E776F4} - c:\windows\downloaded program files\mimectl.dll
Notify: igfxcui - igfxdev.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2008-12-22 201320]
R1 oreans32;oreans32;c:\windows\system32\drivers\oreans32.sys [2006-10-17 33952]
R2 Machnm32;Machnm32 Driver;c:\windows\system32\Machnm32.sys [2006-10-17 2304]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2008-12-22 359248]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2008-12-22 144704]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2008-12-22 79304]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2008-12-22 35240]
S2 0211041229988289mcinstcleanup;McAfee Application Installer Cleanup (0211041229988289); [x]
S3 DellBIOS;DellBIOS;c:\windows\DellBIOS.Sys [2006-8-21 5120]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\nos\bin\getPlus_HelperSvc.exe [2009-3-30 33176]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2008-12-22 33832]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2008-12-22 40488]
S3 musbehco;musbehco; [x]
S3 SCRx31 USB Reader;SCRx31 USB Reader;c:\windows\system32\drivers\stc2.sys [2009-2-6 56320]
S3 ZSMC0305;VIMICRO USB PC Camera V; [x]
S4 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2008-12-22 695624]

=============== Created Last 30 ================

2009-03-30 15:42 73,728 a------- c:\windows\system32\javacpl.cpl
2009-03-30 15:42 410,984 a------- c:\windows\system32\deploytk.dll
2009-03-21 18:30 21,504 ac------ c:\windows\system32\dllcache\hidserv.dll
2009-03-21 18:30 21,504 a------- c:\windows\system32\hidserv.dll
2009-03-19 22:27 <DIR> --d----- C:\DaVinci_Code
2009-03-15 16:46 <DIR> --d----- C:\UBCD4Win
2009-03-15 01:48 <DIR> --d----- c:\program files\HandBrake
2009-03-15 01:30 <DIR> --d----- c:\program files\Trend Micro
2009-03-14 22:45 <DIR> --d----- c:\docume~1\scott\applic~1\ErrorFix
2009-03-13 19:23 <DIR> --d----- c:\program files\Western Digital Corporation
2009-03-13 19:22 20,992 a------- c:\windows\jestertb.dll

==================== Find3M ====================

2009-02-11 21:14 0 a------- c:\windows\system32\drivers\lvuvc.hs
2009-02-11 21:12 0 a------- c:\windows\system32\drivers\logiflt.iad
2009-02-10 19:38 152,904 a------- c:\windows\system32\vghd.scr
2009-02-09 11:13 1,846,784 a------- c:\windows\system32\win32k.sys
2008-05-19 08:06 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008051920080520\index.dat

============= FINISH: 16:08:28.96 ===============
You do not have the required permissions to view the files attached to this post.
Screed92
Regular Member
 
Posts: 23
Joined: August 29th, 2008, 9:56 pm

Re: Right-click file menu

Unread postby Odd dude » March 30th, 2009, 2:05 pm

Malwarebytes' Anti-Malware
I need you to download Malwarebytes' Anti-Malware.

  • Install the program by following the prompts after double-clicking on mbam-setup.exe
  • Once you approach the final installation screen, put a check next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish
  • MBAM (that's an acronym of Malwarebytes' Anti-Malware) will now start. Choose Perform full scan and click Scan
  • Get a cup of coffee/tea/hot chocolate and watch some TV for about an hour.
  • Once the scan has finished, click OK, then Show Results.
  • Put a check next to everything, then click Remove selected.
  • Now, a log will open. Save this to your desktop and post it.
User avatar
Odd dude
Retired Graduate
 
Posts: 2819
Joined: May 18th, 2008, 11:16 am
Location: The Netherlands (GMT +1)

Re: Right-click file menu

Unread postby Screed92 » March 30th, 2009, 6:22 pm

Okay, Odd Dude. All actions performed. Here's a copy of the log:

Malwarebytes' Anti-Malware 1.35
Database version: 1921
Windows 5.1.2600 Service Pack 3

3/30/2009 10:17:37 PM
mbam-log-2009-03-30 (22-17-37).txt

Scan type: Full Scan (C:\|)
Objects scanned: 219586
Time elapsed: 1 hour(s), 41 minute(s), 7 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\oreans32 (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\oreans32 (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\oreans32 (Rootkit.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\drivers\oreans32.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
Screed92
Regular Member
 
Posts: 23
Joined: August 29th, 2008, 9:56 pm

Re: Right-click file menu

Unread postby Odd dude » March 31st, 2009, 6:45 am

You have TeaTimer running
This is good as TeaTimer protects you from many malicious changes to your registry. However, TeaTimer is a computer program, which has no way of distinguishing between good or malicious intentions; this means it might hinder the modifications I need to make to your system.

This means that TeaTimer will need to be disabled until you have been cleaned of malware.

  • Right-click on the Tea Timer icon in your system tray. It looks like this: Image
  • If you have the new version 1.5: click once on Resident Protection, then right click the Spybot icon again and make sure Resident Protection is now unchecked. The Spybot icon in the System tray should now be now colourless.
  • If you have Version 1.4, Click on Exit Spybot S&D Resident

This is not enough, there is a second step attached:

  • Open Spybot S&D
  • Click Mode, choose Advanced Mode
  • Go to the bottom of the vertical panel on the left and click Tools
  • Now, also in left panel, click Resident - the pictogram shows a red/white shield.
  • In the Resident protection status frame, uncheck the box labelled Resident "Tea-Timer"(Protection of over-all system settings) active
  • OK any prompts.
  • Use File > Exit to close Spybot
  • Reboot your machine for the changes to take effect.

When I give you the all-clear post, remember to reenable it!

OTMoveIt3
  • Download OTMoveIt3 and save it to your desktop. Then double click the program to it.
  • Copy and paste the lines in the code box below into the input field at the bottom left corner:
    Code: Select all
    :Services
    musbehco
    0211041229988289mcinstcleanup
    :files
    c:\docume~1\scott\applic~1\ErrorFix
    C:\Program Files\ErrorFix
    :reg
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ErrorFix"=-
    :commands
    [emptytemp]
    [reboot]
    
  • Now click the red button that says MoveIt!. Your computer will now reboot.
  • To the right, the results show up. Copy and paste them all into a notepad file and post the notepad file in your next reply.

I also recommend you to uninstall AutoUpdate from Add/Remove programs in the control panel. (It has nothing to do with the windows automatic updates function, and has been named deceptively to suggest that).

Post a new hijackthis log and tell me how the computer is running. Also post the OTMoveIt log.
User avatar
Odd dude
Retired Graduate
 
Posts: 2819
Joined: May 18th, 2008, 11:16 am
Location: The Netherlands (GMT +1)
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 26 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware