Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Seeking assistance from Malware experts

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Seeking assistance from Malware experts

Unread postby rematch » April 18th, 2009, 5:44 am

Team, I believe I may be infected. Thank you for taking the time to review this and I look forward to your guidance.

Symptoms include:
** McAfee will not update. Cannot visit McAfee site
- IE takes me to random sites on its own accord
- IE menu and frame change style/size
- Windows bottom tool-bar changes size/style
- Firefox repeatedly crashes

Have downloaded and run the following programs:
- CC Cleaner
- Ad Aware
- Malware Bytes Anti-Malware
- Spybot Search & Destroy
- Super Anti-Spyware
- Threatfire
- Hijack this

I also ran Kapersky online scan however it didn't detect any problems.

Thank you for your help and assistance.
Dan

(Updated on 22/4) Hijack this logfile, below:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:13:46, on 22/04/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\D-Link\AirPlus G DWL-G510\AirGCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Dell Photo AIO Printer 962\dlbxmon.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\ThreatFire\TFTray.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\BUFFALO\HDBackup\HDBackup.exe
C:\Program Files\ThreatFire\TFService.exe
C:\Program Files\BUFFALO\HDManage\HDManage.exe
C:\Program Files\Qlock\qlock.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\system32\dlbxcoms.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
c:\PROGRA~1\mcafee\msc\mcupdmgr.exe
c:\PROGRA~1\mcafee\msc\mcupdui.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [D-Link AirPlus G DWL-G510] C:\Program Files\D-Link\AirPlus G DWL-G510\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [dlbxmon.exe] "C:\Program Files\Dell Photo AIO Printer 962\dlbxmon.exe"
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [ThreatFire] C:\Program Files\ThreatFire\TFTray.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: BUFFALO Disk Backup Utility.lnk = C:\Program Files\BUFFALO\HDBackup\HDBackup.exe
O4 - Startup: BUFFALO Power Save Utility for HD.lnk = C:\Program Files\BUFFALO\HDManage\HDManage.exe
O4 - Startup: qlock.lnk = C:\Program Files\Qlock\qlock.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://download.windowsupdate.com
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... oader5.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Wireless Service - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: dlbx_device - Dell - C:\WINDOWS\system32\dlbxcoms.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate1c98bcede92469a) (gupdate1c98bcede92469a) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: ThreatFire - PC Tools - C:\Program Files\ThreatFire\TFService.exe

--
End of file - 15896 bytes
rematch
Active Member
 
Posts: 13
Joined: April 18th, 2009, 5:34 am
Advertisement
Register to Remove

Re: Seeking assistance from Malware experts

Unread postby peku006 » April 23rd, 2009, 4:12 am

Hello and welcome to Malware Removal.

My name is peku006 and I will be helping you to remove any infection(s) that you may have.
I will be giving you a series of instructions that need to be followed in the order in which I give them to you.

Please observe these rules while we work:

  • I f you don't know or understand something please don't hesitate to ask
  • Please DO NOT run any other tools or scans whilst I am helping you.
  • It is important that you reply to this thread. Do not start a new topic.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  • Absence of symptoms does not mean that everything is clear.

I'm not seeing anything malicious in your HJT log. Let's run a couple of scans and see what we find.

1 - Download and Run Malwarebytes' Anti-Malware
  1. Please download Malwarebytes' Anti-Malware and save it to a convenient location.
  2. Double click on mbam-setup.exe to install it.
  3. Before clicking the Finish button, make sure that these 2 boxes are checked (ticked):
      Update Malwarebytes' Anti-Malware
      Launch Malwarebytes' Anti-Malware
  4. Malwarebytes' Anti-Malware will now check for updates. If your firewall prompts, please allow it. If you can't update it, select the Update tab. Under Update Mirror, select one of the websites and click on Check for Updates.
  5. Select the Scanner tab. Click on Perform full scan, then click on Scan.
  6. Leave the default options as it is and click on Start Scan.
  7. When done, you will be prompted. Click OK, then click on Show Results.
  8. Checked (ticked) all items except items in the System Volume Information folder and click on Remove Selected.

    Image
  9. After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest.

2 - download and run RSIT

  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt<- (will be maximized) and info.txt<- (will be minimized)

3 - Status Check
Please reply with

1.the logs from RSIT (log.txt ,info.txt)
2. the Malwarebytes' Anti-Malware Log

Thanks peku006
User avatar
peku006
MRU Emeritus
MRU Emeritus
 
Posts: 3357
Joined: May 14th, 2007, 2:18 pm
Location: Norway

Re: Seeking assistance from Malware experts

Unread postby rematch » April 23rd, 2009, 9:53 pm

Hey Peku006

Thank you for helping me. I will follow your instructions, as requested.

------------- Malwarebytes Anti-Malware log file ---------------
Malwarebytes' Anti-Malware 1.36
Database version: 1945
Windows 5.1.2600 Service Pack 3

24/04/2009 02:51:55
mbam-log-2009-04-24 (02-51-55).txt

Scan type: Full Scan (C:\|)
Objects scanned: 192298
Time elapsed: 55 minute(s), 55 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


-------- Random log.txt ----------

Logfile of random's system information tool 1.06 (written by random/random)
Run by Administrator at 2009-04-23 22:26:59
Microsoft Windows XP Professional Service Pack 3
System drive C: has 32 GB (11%) free of 305 GB
Total RAM: 3319 MB (70% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:27:27, on 23/04/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\D-Link\AirPlus G DWL-G510\AirGCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Dell Photo AIO Printer 962\dlbxmon.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\ThreatFire\TFTray.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\BUFFALO\HDBackup\HDBackup.exe
C:\Program Files\BUFFALO\HDManage\HDManage.exe
C:\Program Files\Qlock\qlock.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ThreatFire\TFService.exe
C:\WINDOWS\system32\dlbxcoms.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
c:\PROGRA~1\mcafee\msc\mcupdmgr.exe
c:\PROGRA~1\mcafee\msc\mcupdui.exe
C:\Documents and Settings\Administrator\Desktop\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Trend Micro\HijackThis\Administrator.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [D-Link AirPlus G DWL-G510] C:\Program Files\D-Link\AirPlus G DWL-G510\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [dlbxmon.exe] "C:\Program Files\Dell Photo AIO Printer 962\dlbxmon.exe"
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [ThreatFire] C:\Program Files\ThreatFire\TFTray.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: BUFFALO Disk Backup Utility.lnk = C:\Program Files\BUFFALO\HDBackup\HDBackup.exe
O4 - Startup: BUFFALO Power Save Utility for HD.lnk = C:\Program Files\BUFFALO\HDManage\HDManage.exe
O4 - Startup: qlock.lnk = C:\Program Files\Qlock\qlock.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://download.windowsupdate.com
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... oader5.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Wireless Service - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: dlbx_device - Dell - C:\WINDOWS\system32\dlbxcoms.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate1c98bcede92469a) (gupdate1c98bcede92469a) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: ThreatFire - PC Tools - C:\Program Files\ThreatFire\TFService.exe

--
End of file - 16115 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Google Software Updater.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachine.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-796845957-1303643608-839522115-500.job
C:\WINDOWS\tasks\McDefragTask.job
C:\WINDOWS\tasks\McQcTask.job
C:\WINDOWS\tasks\MP Scheduled Scan.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre6\bin\ssv.dll [2009-03-09 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll [2009-01-16 58688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2008-11-26 251504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006-12-18 231160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-03-22 668656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]
McAfee SiteAdvisor BHO - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2009-02-13 150032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll [2008-11-26 522224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-09 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-03-09 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006-12-18 231160]
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2009-02-13 150032]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2008-11-26 251504]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-11-22 16858112]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"D-Link AirPlus G DWL-G510"=C:\Program Files\D-Link\AirPlus G DWL-G510\AirGCFG.exe [2007-10-24 1552384]
"ANIWZCS2Service"=C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe [2007-01-19 49152]
"LVCOMSX"=C:\WINDOWS\system32\LVCOMSX.EXE [2005-07-19 221184]
"Google Desktop Search"=C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-08-15 29744]
"mcagent_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2009-01-08 645328]
"Acrobat Assistant 7.0"=C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe [2008-04-23 483328]
""= []
"dlbxmon.exe"=C:\Program Files\Dell Photo AIO Printer 962\dlbxmon.exe [2004-08-27 417792]
"LogitechVideoRepair"=C:\Program Files\Logitech\Video\ISStart.exe [2005-06-08 458752]
"LogitechVideoTray"=C:\Program Files\Logitech\Video\LogiTray.exe [2005-06-08 217088]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-09-03 111936]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2007-08-24 33648]
"WinampAgent"=C:\Program Files\Winamp\winampa.exe [2008-08-04 36352]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-03-12 342312]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"=C:\Program Files\Google\Gmail Notifier\gnotify.exe [2005-07-15 479232]
"Ad-Watch"=C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe [2009-03-09 515416]
"ThreatFire"=C:\Program Files\ThreatFire\TFTray.exe [2009-03-03 263440]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2006-11-03 866584]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"=C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2007-09-19 455968]
"Google Update"=C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-04 133104]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2009-01-29 23975720]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2009-03-23 1830128]
"LDM"=C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe [2008-08-15 20480]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-08-15 39408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
[]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

C:\Documents and Settings\Administrator\Start Menu\Programs\Startup
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
BUFFALO Disk Backup Utility.lnk - C:\Program Files\BUFFALO\HDBackup\HDBackup.exe
BUFFALO Power Save Utility for HD.lnk - C:\Program Files\BUFFALO\HDManage\HDManage.exe
qlock.lnk - C:\Program Files\Qlock\qlock.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-12-22 356352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2007-01-13 204800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\WINDOWS\system32\dlbxcoms.exe"="C:\WINDOWS\system32\dlbxcoms.exe:*:Disabled:Dell 962 Server"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\Winamp Remote\bin\Orb.exe"="C:\Program Files\Winamp Remote\bin\Orb.exe:*:Enabled:Orb"
"C:\Program Files\Winamp Remote\bin\OrbTray.exe"="C:\Program Files\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray"
"C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe"="C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client"
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe"="C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Spotify\spotify.exe"="C:\Program Files\Spotify\spotify.exe:*:Enabled:Spotify"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6bb8d508-b88e-11dd-9a30-00196672c6e9}]
shell\AutoRun\command - E:\Enterprise_Launcher.exe


======List of files/folders created in the last 1 months======

2009-04-23 22:26:58 ----D---- C:\rsit
2009-04-22 08:05:11 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-04-22 08:01:21 ----A---- C:\WINDOWS\ntbtlog.txt
2009-04-22 07:31:09 ----D---- C:\WINDOWS\Fonts not used
2009-04-18 09:42:21 ----D---- C:\WINDOWS\pss
2009-04-18 09:40:41 ----D---- C:\WINDOWS\system32\appmgmt
2009-04-18 09:40:23 ----SHD---- C:\Config.Msi
2009-04-17 08:05:49 ----D---- C:\Program Files\Windows Defender
2009-04-17 08:01:28 ----D---- C:\Program Files\Trend Micro
2009-04-17 06:53:22 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-04-17 06:53:22 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-04-17 06:47:18 ----D---- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2009-04-17 06:46:09 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-04-17 06:46:05 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-04-16 07:55:00 ----A---- C:\WINDOWS\system32\lsdelete.exe
2009-04-16 07:34:50 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2009-04-16 07:34:38 ----D---- C:\Program Files\SUPERAntiSpyware
2009-04-16 07:34:38 ----D---- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2009-04-16 07:34:25 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-04-16 07:32:11 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-04-16 07:32:02 ----D---- C:\Program Files\ThreatFire
2009-04-16 07:32:02 ----D---- C:\Documents and Settings\All Users\Application Data\PC Tools
2009-04-16 07:23:46 ----HDC---- C:\Documents and Settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-04-16 07:23:41 ----D---- C:\Program Files\Lavasoft
2009-04-16 07:23:41 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2009-04-16 07:13:31 ----D---- C:\Program Files\CCleaner
2009-04-16 07:00:58 ----D---- C:\Program Files\Panda Security
2009-04-15 20:26:17 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2009-04-15 20:26:13 ----HDC---- C:\WINDOWS\$NtUninstallKB961373$
2009-04-15 20:24:15 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2009-04-15 20:24:07 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2009-04-15 20:24:01 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2009-04-15 20:12:00 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2009-04-15 20:11:05 ----N---- C:\WINDOWS\system32\xpsp4res.dll
2009-04-03 10:19:24 ----A---- C:\WINDOWS\system32\javaws.exe
2009-04-03 10:19:24 ----A---- C:\WINDOWS\system32\javaw.exe
2009-04-03 10:19:24 ----A---- C:\WINDOWS\system32\java.exe
2009-03-30 12:13:27 ----D---- C:\Documents and Settings\Administrator\Application Data\Help

======List of files/folders modified in the last 1 months======

2009-04-23 22:25:07 ----D---- C:\WINDOWS\Temp
2009-04-23 22:22:59 ----D---- C:\Documents and Settings\Administrator\Application Data\Skype
2009-04-23 22:22:53 ----SD---- C:\WINDOWS\Tasks
2009-04-23 22:21:57 ----D---- C:\Documents and Settings\Administrator\Application Data\skypePM
2009-04-23 22:20:47 ----D---- C:\WINDOWS\system32\drivers
2009-04-23 22:20:33 ----D---- C:\WINDOWS
2009-04-23 22:20:26 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
2009-04-23 22:20:19 ----D---- C:\WINDOWS\system32\CatRoot2
2009-04-22 21:46:09 ----D---- C:\WINDOWS\Prefetch
2009-04-22 20:14:39 ----D---- C:\Documents and Settings\Administrator\Application Data\Spotify
2009-04-22 18:37:05 ----D---- C:\Program Files\Mozilla Firefox
2009-04-22 07:35:33 ----RSD---- C:\WINDOWS\Fonts
2009-04-19 20:31:10 ----A---- C:\WINDOWS\NeroDigital.ini
2009-04-19 09:01:55 ----D---- C:\Dan's photos
2009-04-19 08:22:59 ----RD---- C:\Program Files
2009-04-18 17:59:38 ----A---- C:\WINDOWS\dellstat.ini
2009-04-18 12:42:44 ----D---- C:\Documents and Settings\Administrator\Application Data\uTorrent
2009-04-18 09:40:41 ----SHD---- C:\WINDOWS\Installer
2009-04-18 09:40:41 ----D---- C:\WINDOWS\system32
2009-04-18 09:40:36 ----D---- C:\Program Files\Common Files
2009-04-17 08:05:51 ----HD---- C:\WINDOWS\inf
2009-04-17 08:05:49 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-04-16 07:24:37 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-04-16 07:23:36 ----D---- C:\WINDOWS\WinSxS
2009-04-16 07:18:48 ----D---- C:\WINDOWS\Minidump
2009-04-16 07:18:48 ----D---- C:\WINDOWS\Debug
2009-04-16 07:10:12 ----D---- C:\WINDOWS\system32\Restore
2009-04-15 20:29:15 ----D---- C:\WINDOWS\system32\wbem
2009-04-15 20:26:40 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-04-15 20:26:19 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-04-15 20:26:03 ----D---- C:\WINDOWS\system32\en-us
2009-04-15 20:26:03 ----D---- C:\Program Files\Internet Explorer
2009-04-15 20:24:13 ----HD---- C:\WINDOWS\$hf_mig$
2009-04-15 20:17:28 ----D---- C:\WINDOWS\system32\CatRoot
2009-04-15 20:15:43 ----D---- C:\WINDOWS\AppPatch
2009-04-15 20:12:51 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2009-04-13 22:48:00 ----D---- C:\Dan's Movies
2009-04-13 22:48:00 ----D---- C:\Dan's Downloads
2009-04-06 22:42:07 ----D---- C:\Program Files\Google
2009-04-06 15:57:24 ----A---- C:\WINDOWS\system32\MRT.exe
2009-04-03 10:19:19 ----D---- C:\Program Files\Java
2009-03-29 01:54:58 ----D---- C:\Dan's Music
2009-03-25 07:47:07 ----D---- C:\Program Files\McAfee

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 mfehidk;McAfee Inc. mfehidk; C:\WINDOWS\system32\drivers\mfehidk.sys [2009-01-09 213640]
R1 MPFP;MPFP; C:\WINDOWS\System32\Drivers\Mpfp.sys [2008-10-23 120136]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R2 ANIO;ANIO Service; \??\C:\WINDOWS\system32\ANIO.SYS []
R2 irda;IrDA Protocol; C:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-13 88192]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2009-01-15 23848]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2007-01-13 5672032]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-11-27 4630016]
R3 irsir;Microsoft Serial Infrared Driver; C:\WINDOWS\system32\DRIVERS\irsir.sys [2001-08-17 18688]
R3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\lvusbsta.sys [2005-05-27 22016]
R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys []
R3 mfeavfk;McAfee Inc. mfeavfk; C:\WINDOWS\system32\drivers\mfeavfk.sys [2009-01-09 79304]
R3 mfebopk;McAfee Inc. mfebopk; C:\WINDOWS\system32\drivers\mfebopk.sys [2009-01-09 35272]
R3 mfesmfk;McAfee Inc. mfesmfk; C:\WINDOWS\system32\drivers\mfesmfk.sys [2009-01-09 40552]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-04 12160]
R3 pepifilter;Volume Adapter; C:\WINDOWS\system32\DRIVERS\lv302af.sys [2005-05-27 7136]
R3 PID_08A0;QuickCam IM(PID_08A0); C:\WINDOWS\system32\DRIVERS\LV302AV.SYS [2005-05-27 913280]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2007-10-23 103296]
R3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
R3 TfNetMon;TfNetMon; \??\C:\WINDOWS\system32\drivers\TfNetMon.sys []
R3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 mferkdk;McAfee Inc. mferkdk; C:\WINDOWS\system32\drivers\mferkdk.sys [2009-01-09 34216]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 RT61;D-Link Wireless Driver; C:\WINDOWS\system32\DRIVERS\RT61.sys [2007-05-12 380928]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-10-01 32000]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 sr;System Restore Filter Driver; C:\WINDOWS\system32\DRIVERS\sr.sys [2008-04-13 73472]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ANIWZCSdService;ANIWZCSd Service; C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe [2007-01-19 49152]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-03-06 132424]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 Irmon;Infrared Monitor; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-03-09 152984]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2009-03-09 951632]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-09-25 79136]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [2009-02-11 210216]
R2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2009-01-08 797864]
R2 McNASvc;McAfee Network Agent; c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe [2009-01-09 2482848]
R2 McProxy;McAfee Proxy Service; c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [2009-01-09 359952]
R2 McShield;McAfee Real-time Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2009-01-16 144704]
R2 MpfService;McAfee Personal Firewall Service; C:\Program Files\McAfee\MPF\MPFSrv.exe [2009-01-09 884360]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2007-09-20 853288]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared files\RichVideo.exe [2008-04-08 241734]
R2 ThreatFire;ThreatFire; C:\Program Files\ThreatFire\TFService.exe [2009-03-03 70928]
R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
R3 dlbx_device;dlbx_device; C:\WINDOWS\system32\dlbxcoms.exe [2004-08-26 450560]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-03-12 656168]
R3 McSysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [2009-01-16 606736]
S2 gupdate1c98bcede92469a;Google Update Service (gupdate1c98bcede92469a); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-02-10 133104]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-22 183280]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2008-09-05 72704]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-08-15 29744]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 McODS;McAfee Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [2009-01-17 365072]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2007-08-24 68464]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2007-10-15 382248]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

-----------------EOF-----------------

Random info.txt

info.txt logfile of random's system information tool 1.06 2009-04-23 22:27:31

======Uninstall list======

-->C:\Program Files\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
-->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
-->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->C:\WINDOWS\UNRecode.exe /UNINSTALL
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132

C:\WINDOWS\INF\PCHealth.inf
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package

{90120000-0015-0409-0000-0000000FF1CE} /uninstall

{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package

{90120000-0016-0409-0000-0000000FF1CE} /uninstall

{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package

{90120000-0018-0409-0000-0000000FF1CE} /uninstall

{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package

{90120000-0019-0409-0000-0000000FF1CE} /uninstall

{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package

{90120000-001A-0409-0000-0000000FF1CE} /uninstall

{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package

{90120000-001B-0409-0000-0000000FF1CE} /uninstall

{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package

{90120000-001F-0409-0000-0000000FF1CE} /uninstall

{3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package

{90120000-001F-040C-0000-0000000FF1CE} /uninstall

{430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package

{90120000-001F-0C0A-0000-0000000FF1CE} /uninstall

{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package

{90120000-0044-0409-0000-0000000FF1CE} /uninstall

{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package

{90120000-006E-0409-0000-0000000FF1CE} /uninstall

{FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package

{90120000-00A1-0409-0000-0000000FF1CE} /uninstall

{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package

{90120000-00BA-0409-0000-0000000FF1CE} /uninstall

{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package

{90120000-0114-0409-0000-0000000FF1CE} /uninstall

{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package

{90120000-0115-0409-0000-0000000FF1CE} /uninstall

{FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package

{90120000-0117-0409-0000-0000000FF1CE} /uninstall

{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package

{91120000-0030-0000-0000-0000000FF1CE} /uninstall

{BEE75E01-DD3F-4D5F-B96C-609E6538D419}
Ad-Aware-->"C:\Documents and Settings\All Users\Application

Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe" REMOVE=TRUE

MODIFY=FALSE
Ad-Aware-->C:\Documents and Settings\All Users\Application

Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe
Adobe Acrobat 7.1.0 Professional-->msiexec /I

{AC76BA86-1033-0000-7760-000000000002}
Adobe Bridge 1.0-->MsiExec.exe /I{B74D4E10-1033-0000-0000-000000000001}
Adobe Common File Installer-->MsiExec.exe

/I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Flash Player 10

Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player

ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Help Center 1.0-->MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Photoshop CS2-->msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Stock Photos 1.0-->MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
AirPlus G DWL-G510-->RunDll32

C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchS

etup "C:\Program Files\InstallShield Installation

Information\{8B128562-681D-4FFA-BEBF-A825985B2CB9}\setup.exe" -l0x9

-removeonly
Allway Sync version 8.2.5-->"C:\Program Files\Allway Sync\unins000.exe"
ANIO Service-->RunDll32

C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup

"C:\Program Files\InstallShield Installation

Information\{7B5CE976-C7A9-4E38-A7F3-6C8EF025DD8E}\Setup.exe"
ANIWZCS2 Service-->RunDll32

C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup

"C:\Program Files\InstallShield Installation

Information\{4C590030-7469-453E-8589-D15DA9D03F52}\Setup.exe"
Apple Mobile Device Support-->MsiExec.exe

/I{162B71B8-8464-4680-A086-601D555B331D}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
BUFFALO Disk Backup Utility-->C:\WINDOWS\UN040622.EXE /U
BUFFALO Power Save Utility for HD-->C:\WINDOWS\UN040525.EXE /U
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
Critical Update for Windows Media Player 11

(KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
CyberLink PhotoNow-->"C:\Program Files\InstallShield Installation

Information\{D36DD326-7280-11D8-97C8-000129760CBE}\Setup.exe" /z-uninstall
CyberLink PowerDirector-->"C:\Program Files\InstallShield Installation

Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\Setup.exe" /z-uninstall
Dell Photo AIO Printer

962-->C:\WINDOWS\system32\spool\drivers\w32x86\3\dlbxUNST.EXE -NOLICENSE
Google Desktop-->C:\Program Files\Google\Google Desktop

Search\GoogleDesktopSetup.exe -uninstall
Google Earth-->MsiExec.exe /X{548EAC70-EE00-11DD-908C-005056806466}
Google Gmail Notifier-->"C:\Program Files\Google\Gmail

Notifier\UninstallGmail.exe"
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google

Toolbar\Component\GoogleToolbarManager_11CB06797F2F038A.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe

/I{18455581-E099-4BA8-BC6B-F34B2F06600C}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Google Updater-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe"

-uninstall
High Definition Audio Driver Package -

KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe"

/uninstall
Hotfix for Windows Media Format 11 SDK

(KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11

(KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP

(KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP

(KB954708)-->"C:\WINDOWS\$NtUninstallKB954708$\spuninst\spuninst.exe"
Intel(R) Graphics Media Accelerator Driver-->C:\WINDOWS\system32\igxpun.exe

-uninstall
iTunes-->MsiExec.exe /I{C26B06A9-27BB-45B0-9873-9C623EC2BA38}
Java(TM) 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216012FF}
LightScribe System Software 1.10.16.1-->MsiExec.exe

/X{E6CFBFB5-9232-410C-B353-AF6E614B2681}
Logitech Desktop Messenger-->RunDll32

C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup

"C:\Program Files\InstallShield Installation

Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\Setup.exe" -l0x9 UNINSTALL
Logitech Print Service-->C:\PROGRA~1\Logitech\PRINTS~1\UNWISE.EXE

C:\PROGRA~1\Logitech\PRINTS~1\INSTALL.LOG
Logitech QuickCam Software-->RunDll32

C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchS

etup "C:\Program Files\InstallShield Installation

Information\{C43048A9-742C-4DAD-90D2-E3B53C9DB825}\setup.exe" -l0x9
Logitech® Camera Driver-->"C:\Program Files\Common

Files\Logitech\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes'

Anti-Malware\unins000.exe"
McAfee SecurityCenter-->C:\Program Files\McAfee\MSC\mcuninst.exe
Microsoft Compression Client Pack 1.0 for Windows

XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation

APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spunins

t.exe"
Microsoft National Language Support Downlevel

APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuni

nst.exe"
Microsoft Office Access MUI (English) 2007-->MsiExec.exe

/X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe

/X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft

Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISER

/dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe

/X{91120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe

/X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007-->MsiExec.exe

/X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe

/X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe

/X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe

/X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe

/X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe

/X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe

/X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe

/X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe

/X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe

/X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe

/X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe

/X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe

/X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe

/X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe

/I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft User-Mode Driver Framework Feature Pack

1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
MobileMe Control Panel-->MsiExec.exe /I{6DA9102E-199F-43A0-A36B-6EF48081A658}
Mozilla Firefox (3.0.8)-->C:\Program Files\Mozilla

Firefox\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe

/I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe

/I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MyPublisher-->C:\Program Files\MyPublisher\MyPublisher\MyPublisher.exe

-uninstall
Nero 8 Essentials-->MsiExec.exe /X{523DF39E-DF7D-488F-8022-783946571033}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
OpenOffice.org Installer 1.0-->MsiExec.exe

/X{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}
Qlock Lite-->"C:\Program Files\Qlock\uninstall.exe"
QuickTime-->MsiExec.exe /I{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}
REALTEK GbE & FE Ethernet PCI-E NIC Driver-->C:\Program Files\InstallShield

Installation Information\{C9BED750-1211-4480-B1A5-718A3BE15525}\Setup.exe

-runfromtemp -l0x0009 -removeonly
Realtek High Definition Audio Driver-->RunDll32

C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchS

etup "C:\Program Files\InstallShield Installation

Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9

-removeonly
Safari-->MsiExec.exe /I{C9D96682-5A4D-45FA-BA3E-DDCB2B0CB868}
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec

/package {91120000-0030-0000-0000-0000000FF1CE} /uninstall

{B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec

/package {91120000-0030-0000-0000-0000000FF1CE} /uninstall

{797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB960003)-->msiexec

/package {91120000-0030-0000-0000-0000000FF1CE} /uninstall

{F04F8702-18D0-458D-921E-146FB7CD38CF}
Security Update for CAPICOM (KB931906)-->MsiExec.exe

/I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe

/X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Microsoft Office Excel 2007 (KB959997)-->msiexec /package

{91120000-0030-0000-0000-0000000FF1CE} /uninstall

{9EAC3AEC-5C81-4856-A05B-DE9DC236D740}
Security Update for Microsoft Office OneNote 2007 (KB950130)-->msiexec

/package {91120000-0030-0000-0000-0000000FF1CE} /uninstall

{F1B2401C-B610-4BF2-AA1C-52C55827A8F4}
Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec

/package {91120000-0030-0000-0000-0000000FF1CE} /uninstall

{558B709B-821B-4FC5-90FC-9A8890641E77}
Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec

/package {91120000-0030-0000-0000-0000000FF1CE} /uninstall

{F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec

/package {91120000-0030-0000-0000-0000000FF1CE} /uninstall

{5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office system 2007 (KB956828)-->msiexec

/package {91120000-0030-0000-0000-0000000FF1CE} /uninstall

{885E081B-72BD-4E76-8E98-30B4BE468FAC}
Security Update for Microsoft Office Word 2007 (KB956358)-->msiexec /package

{91120000-0030-0000-0000-0000000FF1CE} /uninstall

{4551666D-0FD6-4C69-8A81-1C6F2E64517C}
Security Update for Windows Internet Explorer 7

(KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7

(KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7

(KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7

(KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7

(KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7

(KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7

(KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player

(KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11

(KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11

(KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP

(KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP

(KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Security Update for Windows XP

(KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe

C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Security Update for Windows XP

(KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP

(KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP

(KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP

(KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP

(KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP

(KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP

(KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP

(KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP

(KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP

(KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP

(KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP

(KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
Security Update for Windows XP

(KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP

(KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP

(KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP

(KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP

(KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP

(KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP

(KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP

(KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP

(KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP

(KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP

(KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP

(KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP

(KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP

(KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP

(KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP

(KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP

(KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP

(KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP

(KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP

(KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
Skype™ 4.0-->MsiExec.exe /X{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}
SlingPlayer-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1150\INTEL3~1\IDriver.exe

/M{004B0DCB-4C60-465B-8F01-44B0A4111187} /l2057
SmartSound Quicktracks

Plugin-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe

/M{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}
Spotify-->"C:\Program Files\Spotify\uninstall.exe"
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search &

Destroy\unins000.exe"
SUPERAntiSpyware Free Edition-->MsiExec.exe

/X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
ThreatFire-->"C:\Program Files\ThreatFire\unins000.exe"
Update for Microsoft Office Outlook 2007 (KB952142)-->msiexec /package

{91120000-0030-0000-0000-0000000FF1CE} /uninstall

{4AD3A076-427C-491F-A5B7-7D1DE788A756}
Update for Office 2007 (KB946691)-->msiexec /package

{91120000-0030-0000-0000-0000000FF1CE} /uninstall

{A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb962871)-->msiexec /package

{91120000-0030-0000-0000-0000000FF1CE} /uninstall

{297857BF-4011-449B-BD74-DB64D182821C}
Update for Windows XP

(KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP

(KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP

(KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP

(KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
VCRedistSetup-->MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
VideoLAN VLC media player 0.8.6i-->C:\Program

Files\VideoLAN\VLC\uninstall.exe
Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe

/X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\WINDOWS\system32\msiexec.exe

/x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Defender-->MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Live Call-->MsiExec.exe /I{F6BD194C-4190-4D73-B1B1-C48C99921BFE}
Windows Live Communications Platform-->MsiExec.exe

/I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe

/I{C6CA8874-5F22-4AF0-9BE3-016BF299C536}
Windows Live Messenger-->MsiExec.exe /X{0AAA9C97-74D4-47CE-B089-0B147EF3553C}
Windows Live Photo Gallery-->MsiExec.exe

/X{3C52E7DA-C431-4239-B66B-1BF703D5B194}
Windows Live Sign-in Assistant-->MsiExec.exe

/I{45338B07-A236-4270-9A77-EBB4115517B5}
Windows Live Sync-->MsiExec.exe /X{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}
Windows Live Upload Tool-->MsiExec.exe

/I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media

Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11

runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media

Player\Setup_wm.exe" /Uninstall
Windows Media Player

11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Media Player Firefox Plugin-->MsiExec.exe

/I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
Windows XP Service Pack

3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinZip 11.1-->MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}

=====HijackThis Backups=====

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

[2009-04-22]

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

======Security center information======

AV: McAfee VirusScan
FW: McAfee Personal Firewall

======System event log======

Computer Name: USER-2980D953BB
Event Code: 10010
Message: The server {C7E39D60-7A9F-42BF-ABB1-03DC0FA4F493} did not register

with DCOM within the required timeout.

Record Number: 20015
Source Name: DCOM
Time Written: 20090415202345.000000+060
Event Type: error
User: NT AUTHORITY\SYSTEM

Computer Name: USER-2980D953BB
Event Code: 10010
Message: The server {6A972E27-93E2-4F98-8367-4101B2073814} did not register

with DCOM within the required timeout.

Record Number: 20011
Source Name: DCOM
Time Written: 20090415202315.000000+060
Event Type: error
User: NT AUTHORITY\SYSTEM

Computer Name: USER-2980D953BB
Event Code: 10010
Message: The server {C7E39D60-7A9F-42BF-ABB1-03DC0FA4F493} did not register

with DCOM within the required timeout.

Record Number: 20003
Source Name: DCOM
Time Written: 20090415202234.000000+060
Event Type: error
User: NT AUTHORITY\SYSTEM

Computer Name: USER-2980D953BB
Event Code: 10010
Message: The server {6A972E27-93E2-4F98-8367-4101B2073814} did not register

with DCOM within the required timeout.

Record Number: 20002
Source Name: DCOM
Time Written: 20090415202204.000000+060
Event Type: error
User: NT AUTHORITY\SYSTEM

Computer Name: USER-2980D953BB
Event Code: 10010
Message: The server {C7E39D60-7A9F-42BF-ABB1-03DC0FA4F493} did not register

with DCOM within the required timeout.

Record Number: 20001
Source Name: DCOM
Time Written: 20090415202124.000000+060
Event Type: error
User: NT AUTHORITY\SYSTEM

=====Application event log=====

Computer Name: USER-2980D953BB
Event Code: 12001
Message:
Record Number: 4357
Source Name: usnjsvc
Time Written: 20090220183308.000000+000
Event Type:
User:

Computer Name: USER-2980D953BB
Event Code: 2004
Message: Unable to open the Server service. Server performance data
will not be returned. Error code returned is in data DWORD 0.

Record Number: 4345
Source Name: PerfNet
Time Written: 20090220183213.000000+000
Event Type: error
User:

Computer Name: USER-2980D953BB
Event Code: 12001
Message:
Record Number: 4335
Source Name: usnjsvc
Time Written: 20090220142020.000000+000
Event Type:
User:

Computer Name: USER-2980D953BB
Event Code: 20
Message:
Record Number: 4334
Source Name: Google Update
Time Written: 20090220141409.000000+000
Event Type: error
User: USER-2980D953BB\Administrator

Computer Name: USER-2980D953BB
Event Code: 20
Message:
Record Number: 4333
Source Name: Google Update
Time Written: 20090220140554.000000+000
Event Type: error
User: NT AUTHORITY\SYSTEM

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Progr

am Files\Common Files\Adobe\AGL;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel
"PROCESSOR_REVISION"=0f0d
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------
rematch
Active Member
 
Posts: 13
Joined: April 18th, 2009, 5:34 am

Re: Seeking assistance from Malware experts

Unread postby peku006 » April 24th, 2009, 3:06 am

Hi rematch

Please download OTScanIt2 from Geeks to Go by OldTimer. Alternate download site.
Save it to your desktop.
  1. Double click on OTScanIt2.exe to run it.
  2. Click on Extract. Once done, when prompted. Click OK and click Close.
    This is a self-extracting file...It will create a folder named OTScanIt2 on your desktop.
  3. Double click on the OTScanIt2 folder to open... then double click on OTScanIt2.exe to run it.
  4. Under Rookit Search, select Yes.
  5. Click on Run Scan at the top left hand corner. It may take a few minutes...be patient, let it run.
  6. When done, Notepad will open with the log file "OTScanIt.Txt" contents.
Please post the contents of the OTScanIt.Txt Notepad file in your next reply.

Thanks peku006
User avatar
peku006
MRU Emeritus
MRU Emeritus
 
Posts: 3357
Joined: May 14th, 2007, 2:18 pm
Location: Norway

Re: Seeking assistance from Malware experts

Unread postby rematch » April 24th, 2009, 2:43 pm

As requested:

Code: Select all
OTScanIt2 logfile created on: 24/04/2009 19:34:59 - Run 1
OTScanIt2 by OldTimer - Version 1.0.14.0     Folder = C:\Documents and Settings\Administrator\Desktop\OTScanIt2
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.08 Gb Total Space | 31.71 Gb Free Space | 10.64% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: USER-2980D953BB
Current User Name: Administrator
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On
File Age = 30 Days
 
[Processes - Safe List]
aawservice.exe -> %ProgramFiles%\Lavasoft\Ad-Aware\AAWService.exe -> [2009/03/09 20:06:55 | 00,951,632 | ---- | M] (Lavasoft)
aawtray.exe -> %ProgramFiles%\Lavasoft\Ad-Aware\AAWTray.exe -> [2009/03/09 20:06:55 | 00,515,416 | ---- | M] (Lavasoft)
acrotray.exe -> %ProgramFiles%\Adobe\Acrobat 7.0\Distillr\Acrotray.exe -> [2008/04/23 02:08:13 | 00,483,328 | ---- | M] (Adobe Systems Inc.)
airgcfg.exe -> %ProgramFiles%\D-Link\AirPlus G DWL-G510\AirGCFG.exe -> [2007/10/24 14:30:52 | 01,552,384 | ---- | M] (D-Link)
aniwzcsds.exe -> %ProgramFiles%\ANI\ANIWZCS2 Service\ANIWZCSdS.exe -> [2007/01/19 11:49:26 | 00,049,152 | ---- | M] (Wireless Service)
applemobiledeviceservice.exe -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> [2009/03/06 01:04:30 | 00,132,424 | ---- | M] (Apple Inc.)
backweb-8876480.exe -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe -> [2008/08/15 20:30:49 | 00,020,480 | ---- | M] (Logitech)
dlbxcoms.exe -> %SystemRoot%\system32\dlbxcoms.exe -> [2004/08/26 16:57:02 | 00,450,560 | ---- | M] (Dell)
dlbxmon.exe -> %ProgramFiles%\Dell Photo AIO Printer 962\dlbxmon.exe -> [2004/08/27 14:29:10 | 00,417,792 | ---- | M] (Dell)
explorer.exe -> %SystemRoot%\Explorer.EXE -> [2008/04/14 01:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation)
fxsvr2.exe -> %ProgramFiles%\Logitech\Video\FxSvr2.exe -> [2005/06/08 14:44:56 | 00,192,512 | ---- | M] (Logitech Inc.)
gnotify.exe -> %ProgramFiles%\Google\Gmail Notifier\gnotify.exe -> [2005/07/15 22:48:33 | 00,479,232 | ---- | M] (Google Inc.)
googledesktop.exe -> %ProgramFiles%\Google\Google Desktop Search\GoogleDesktop.exe -> [2008/08/15 20:40:00 | 00,029,744 | ---- | M] (Google)
googledesktop.exe -> %ProgramFiles%\Google\Google Desktop Search\GoogleDesktop.exe -> [2008/08/15 20:40:00 | 00,029,744 | ---- | M] (Google)
googletoolbarnotifier.exe -> %ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe -> [2008/08/15 20:41:44 | 00,039,408 | ---- | M] (Google Inc.)
googleupdate.exe -> %ProgramFiles%\Google\Update\GoogleUpdate.exe -> [2009/02/10 23:28:11 | 00,133,104 | ---- | M] (Google Inc.)
googleupdate.exe -> %UserProfile%\Local Settings\Application Data\Google\Update\GoogleUpdate.exe -> [2008/09/04 22:53:19 | 00,133,104 | ---- | M] (Google Inc.)
groovemonitor.exe -> %ProgramFiles%\Microsoft Office\Office12\GrooveMonitor.exe -> [2007/08/24 08:00:48 | 00,033,648 | ---- | M] (Microsoft Corporation)
iexplore.exe -> %ProgramFiles%\Internet Explorer\iexplore.exe -> [2009/02/28 05:54:41 | 00,636,072 | ---- | M] (Microsoft Corporation)
ipodservice.exe -> %ProgramFiles%\iPod\bin\iPodService.exe -> [2009/03/12 21:56:52 | 00,656,168 | ---- | M] (Apple Inc.)
ituneshelper.exe -> %ProgramFiles%\iTunes\iTunesHelper.exe -> [2009/03/12 21:56:58 | 00,342,312 | ---- | M] (Apple Inc.)
jqs.exe -> %ProgramFiles%\Java\jre6\bin\jqs.exe -> [2009/03/09 05:19:15 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.)
logitray.exe -> %ProgramFiles%\Logitech\Video\LogiTray.exe -> [2005/06/08 15:14:44 | 00,217,088 | ---- | M] (Logitech Inc.)
lssrvc.exe -> %CommonProgramFiles%\LightScribe\LSSrvc.exe -> [2007/09/25 16:16:08 | 00,079,136 | ---- | M] (Hewlett-Packard Company)
lvcomsx.exe -> %SystemRoot%\system32\LVCOMSX.EXE -> [2005/07/19 17:32:18 | 00,221,184 | ---- | M] (Logitech Inc.)
mcmscsvc.exe -> %ProgramFiles%\McAfee\MSC\mcmscsvc.exe -> [2009/01/08 21:30:26 | 00,797,864 | ---- | M] (McAfee, Inc.)
mcnasvc.exe -> %CommonProgramFiles%\McAfee\MNA\McNASvc.exe -> [2009/01/09 12:31:16 | 02,482,848 | ---- | M] (McAfee, Inc.)
mcproxy.exe -> %CommonProgramFiles%\McAfee\McProxy\McProxy.exe -> [2009/01/09 09:06:52 | 00,359,952 | ---- | M] (McAfee, Inc.)
mcsacore.exe -> %ProgramFiles%\McAfee\SiteAdvisor\McSACore.exe -> [2009/02/11 12:06:36 | 00,210,216 | ---- | M] ()
mcshield.exe -> %ProgramFiles%\McAfee\VirusScan\Mcshield.exe -> [2009/01/16 21:03:48 | 00,144,704 | ---- | M] (McAfee, Inc.)
mcsysmon.exe -> %ProgramFiles%\McAfee\VirusScan\mcsysmon.exe -> [2009/01/16 20:28:08 | 00,606,736 | ---- | M] (McAfee, Inc.)
mdnsresponder.exe -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> [2008/12/12 12:17:38 | 00,238,888 | ---- | M] (Apple Inc.)
mpfsrv.exe -> %ProgramFiles%\McAfee\MPF\MPFSrv.exe -> [2009/01/09 14:48:02 | 00,884,360 | ---- | M] (McAfee, Inc.)
msascui.exe -> %ProgramFiles%\Windows Defender\MSASCui.exe -> [2006/11/03 19:20:12 | 00,866,584 | ---- | M] (Microsoft Corporation)
msmpeng.exe -> %ProgramFiles%\Windows Defender\MsMpEng.exe -> [2006/11/03 19:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation)
nbservice.exe -> %ProgramFiles%\Nero\Nero8\Nero BackItUp\NBService.exe -> [2007/09/20 08:51:46 | 00,853,288 | ---- | M] (Nero AG)
otscanit2.exe -> %UserProfile%\Desktop\OTScanIt2\OTScanIt2.exe -> [2009/04/11 16:32:52 | 00,494,080 | ---- | M] (OldTimer Tools)
qlock.exe -> %ProgramFiles%\Qlock\qlock.exe -> [2008/10/16 13:00:18 | 04,142,080 | ---- | M] ()
richvideo.exe -> %ProgramFiles%\CyberLink\Shared files\RichVideo.exe -> [2008/04/08 04:45:10 | 00,241,734 | R--- | M] ()
rthdcpl.exe -> %SystemRoot%\RTHDCPL.EXE -> [2007/11/22 09:40:32 | 16,858,112 | R--- | M] (Realtek Semiconductor Corp.)
skypepm.exe -> %ProgramFiles%\Skype\Plugin Manager\skypePM.exe -> [2009/01/29 15:01:36 | 00,077,360 | R--- | M] (Skype Technologies)
superantispyware.exe -> %ProgramFiles%\SUPERAntiSpyware\SUPERAntiSpyware.exe -> [2009/03/23 14:07:24 | 01,830,128 | ---- | M] (SUPERAntiSpyware.com)
tfservice.exe -> %ProgramFiles%\ThreatFire\TFService.exe -> [2009/03/03 12:19:40 | 00,070,928 | ---- | M] (PC Tools)
tftray.exe -> %ProgramFiles%\ThreatFire\TFTray.exe -> [2009/03/03 12:19:44 | 00,263,440 | ---- | M] (PC Tools)
unsecapp.exe -> %SystemRoot%\system32\wbem\unsecapp.exe -> [2004/08/04 13:00:00 | 00,016,896 | ---- | M] (Microsoft Corporation)
wmiprvse.exe -> %SystemRoot%\system32\wbem\wmiprvse.exe -> [2009/02/06 11:10:02 | 00,227,840 | ---- | M] (Microsoft Corporation)
wzcsldr2.exe -> %ProgramFiles%\ANI\ANIWZCS2 Service\WZCSLDR2.exe -> [2007/01/19 11:49:04 | 00,049,152 | ---- | M] (Wireless Service)
 
[Win32 Services - Safe List]
(Adobe LM Service) Adobe LM Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Adobe Systems Shared\Service\Adobelmsvc.exe -> [2008/09/05 09:47:03 | 00,072,704 | ---- | M] (Adobe Systems)
(ANIWZCSdService) ANIWZCSd Service [Win32_Shared | Auto | Running] -> %ProgramFiles%\ANI\ANIWZCS2 Service\ANIWZCSdS.exe -> [2007/01/19 11:49:26 | 00,049,152 | ---- | M] (Wireless Service)
(Apple Mobile Device) Apple Mobile Device [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> [2009/03/06 01:04:30 | 00,132,424 | ---- | M] (Apple Inc.)
(Bonjour Service) Bonjour Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> [2008/12/12 12:17:38 | 00,238,888 | ---- | M] (Apple Inc.)
(dlbx_device) dlbx_device [Win32_Own | On_Demand | Running] -> %SystemRoot%\system32\dlbxcoms.exe -> [2004/08/26 16:57:02 | 00,450,560 | ---- | M] (Dell)
(GoogleDesktopManager-061008-081103) Google Desktop Manager 5.7.806.10245 [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Google\Google Desktop Search\GoogleDesktop.exe -> [2008/08/15 20:40:00 | 00,029,744 | ---- | M] (Google)
(gupdate1c98bcede92469a) Google Update Service (gupdate1c98bcede92469a) [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Google\Update\GoogleUpdate.exe -> [2009/02/10 23:28:11 | 00,133,104 | ---- | M] (Google Inc.)
(gusvc) Google Software Updater [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> [2009/03/22 11:01:37 | 00,183,280 | ---- | M] (Google)
(helpsvc) Help and Support [Win32_Shared | Auto | Running] -> %SystemRoot%\PCHealth\HelpCtr\Binaries\pchsvc.dll -> [2008/04/14 01:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation)
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\1150\Intel 32\IDriverT.exe -> [2005/11/14 01:06:04 | 00,069,632 | ---- | M] (Macrovision Corporation)
(iPod Service) iPod Service [Win32_Own | On_Demand | Running] -> %ProgramFiles%\iPod\bin\iPodService.exe -> [2009/03/12 21:56:52 | 00,656,168 | ---- | M] (Apple Inc.)
(Irmon) Infrared Monitor [Win32_Shared | Auto | Running] -> %SystemRoot%\System32\irmon.dll -> [2008/04/14 01:11:55 | 00,028,160 | ---- | M] (Microsoft Corporation)
(JavaQuickStarterService) Java Quick Starter [Win32_Own | Auto | Running] -> %ProgramFiles%\Java\jre6\bin\jqs.exe -> [2009/03/09 05:19:15 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.)
(Lavasoft Ad-Aware Service) Lavasoft Ad-Aware Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Lavasoft\Ad-Aware\AAWService.exe -> [2009/03/09 20:06:55 | 00,951,632 | ---- | M] (Lavasoft)
(LightScribeService) LightScribeService Direct Disc Labeling Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\LightScribe\LSSrvc.exe -> [2007/09/25 16:16:08 | 00,079,136 | ---- | M] (Hewlett-Packard Company)
(McAfee SiteAdvisor Service) McAfee SiteAdvisor Service [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee\SiteAdvisor\McSACore.exe -> [2009/02/11 12:06:36 | 00,210,216 | ---- | M] ()
(mcmscsvc) McAfee Services [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee\MSC\mcmscsvc.exe -> [2009/01/08 21:30:26 | 00,797,864 | ---- | M] (McAfee, Inc.)
(McNASvc) McAfee Network Agent [Win32_Own | Auto | Running] -> %CommonProgramFiles%\McAfee\MNA\McNASvc.exe -> [2009/01/09 12:31:16 | 02,482,848 | ---- | M] (McAfee, Inc.)
(McODS) McAfee Scanner [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\McAfee\VirusScan\mcods.exe -> [2009/01/17 08:33:02 | 00,365,072 | ---- | M] (McAfee, Inc.)
(McProxy) McAfee Proxy Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\McAfee\McProxy\McProxy.exe -> [2009/01/09 09:06:52 | 00,359,952 | ---- | M] (McAfee, Inc.)
(McShield) McAfee Real-time Scanner [Win32_Own | Unknown | Running] -> %ProgramFiles%\McAfee\VirusScan\Mcshield.exe -> [2009/01/16 21:03:48 | 00,144,704 | ---- | M] (McAfee, Inc.)
(McSysmon) McAfee SystemGuards [Win32_Own | On_Demand | Running] -> %ProgramFiles%\McAfee\VirusScan\mcsysmon.exe -> [2009/01/16 20:28:08 | 00,606,736 | ---- | M] (McAfee, Inc.)
(Microsoft Office Groove Audit Service) Microsoft Office Groove Audit Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Microsoft Office\Office12\GrooveAuditService.exe -> [2007/08/24 07:59:20 | 00,068,464 | ---- | M] (Microsoft Corporation)
(MpfService) McAfee Personal Firewall Service [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee\MPF\MPFSrv.exe -> [2009/01/09 14:48:02 | 00,884,360 | ---- | M] (McAfee, Inc.)
(Nero BackItUp Scheduler 3) Nero BackItUp Scheduler 3 [Win32_Own | Auto | Running] -> %ProgramFiles%\Nero\Nero8\Nero BackItUp\NBService.exe -> [2007/09/20 08:51:46 | 00,853,288 | ---- | M] (Nero AG)
(NMIndexingService) NMIndexingService [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Nero\Lib\NMIndexingService.exe -> [2007/10/15 09:15:08 | 00,382,248 | ---- | M] (Nero AG)
(odserv) Microsoft Office Diagnostics Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Microsoft Shared\OFFICE12\ODSERV.EXE -> [2007/08/24 04:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation)
(ose) Office Source Engine [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Microsoft Shared\Source Engine\OSE.EXE -> [2006/10/26 15:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation)
(RichVideo) Cyberlink RichVideo Service(CRVS) [Win32_Own | Auto | Running] -> %ProgramFiles%\CyberLink\Shared files\RichVideo.exe -> [2008/04/08 04:45:10 | 00,241,734 | R--- | M] ()
(ThreatFire) ThreatFire [Win32_Own | Auto | Running] -> %ProgramFiles%\ThreatFire\TFService.exe -> [2009/03/03 12:19:40 | 00,070,928 | ---- | M] (PC Tools)
(WinDefend) Windows Defender [Win32_Own | Auto | Running] -> %ProgramFiles%\Windows Defender\MsMpEng.exe -> [2006/11/03 19:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation)
(WMPNetworkSvc) Windows Media Player Network Sharing Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Windows Media Player\WMPNetwk.exe -> [2006/10/18 21:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation)
 
[Driver Services - Safe List]
(ANIO) ANIO Service [Kernel | Auto | Running] -> %SystemRoot%\system32\ANIO.SYS -> [2005/12/11 11:55:38 | 00,028,195 | ---- | M] (Alpha Networks Inc.)
(GEARAspiWDM) GEAR ASPI Filter Driver [Kernel | On_Demand | Running] -> %SystemRoot%\System32\Drivers\GEARAspiWDM.sys -> [2009/01/15 13:19:36 | 00,023,848 | ---- | M] (GEAR Software Inc.)
(HDAudBus) Microsoft UAA Bus Driver for High Definition Audio [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\HDAudBus.sys -> [2008/04/13 17:36:05 | 00,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider)
(ialm) ialm [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\igxpmp32.sys -> [2007/01/13 03:33:18 | 05,672,032 | R--- | M] (Intel Corporation)
(IntcAzAudAddService) Service for Realtek HD Audio (WDM) [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\RtkHDAud.sys -> [2007/11/27 13:06:42 | 04,630,016 | R--- | M] (Realtek Semiconductor Corp.)
(irsir) Microsoft Serial Infrared Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\irsir.sys -> [2001/08/17 14:51:32 | 00,018,688 | ---- | M] (Microsoft Corporation)
(Lbd) Lbd [File_System | Boot | Running] -> %SystemRoot%\system32\DRIVERS\Lbd.sys -> [2009/03/09 20:06:56 | 00,064,160 | ---- | M] (Lavasoft AB)
(LVUSBSta) Logitech USB Monitor Filter [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\lvusbsta.sys -> [2005/05/27 09:31:28 | 00,022,016 | ---- | M] (Logitech Inc.)
(mfeavfk) McAfee Inc. mfeavfk [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\mfeavfk.sys -> [2009/01/09 13:03:40 | 00,079,304 | ---- | M] (McAfee, Inc.)
(mfebopk) McAfee Inc. mfebopk [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\mfebopk.sys -> [2009/01/09 13:03:40 | 00,035,272 | ---- | M] (McAfee, Inc.)
(mfehidk) McAfee Inc. mfehidk [Kernel | System | Running] -> %SystemRoot%\system32\drivers\mfehidk.sys -> [2009/01/09 13:03:40 | 00,213,640 | ---- | M] (McAfee, Inc.)
(mferkdk) McAfee Inc. mferkdk [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\mferkdk.sys -> [2009/01/09 13:03:06 | 00,034,216 | ---- | M] (McAfee, Inc.)
(mfesmfk) McAfee Inc. mfesmfk [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\mfesmfk.sys -> [2009/01/09 13:03:40 | 00,040,552 | ---- | M] (McAfee, Inc.)
(MPFP) MPFP [Kernel | System | Running] -> %SystemRoot%\System32\Drivers\Mpfp.sys -> [2008/10/23 14:08:54 | 00,120,136 | ---- | M] (McAfee, Inc.)
(pepifilter) Volume Adapter [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\lv302af.sys -> [2005/05/27 09:38:00 | 00,007,136 | ---- | M] (Logitech Inc.)
(PID_08A0) QuickCam IM(PID_08A0) [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\LV302AV.SYS -> [2005/05/27 09:46:22 | 00,913,280 | ---- | M] (Logitech Inc.)
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\ptilink.sys -> [2004/08/04 13:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.)
(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %SystemRoot%\System32\Drivers\PxHelp20.sys -> [2007/03/08 00:51:00 | 00,043,528 | ---- | M] (Sonic Solutions)
(RT61) D-Link Wireless Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\DRIVERS\RT61.sys -> [2007/05/12 14:49:54 | 00,380,928 | ---- | M] (Ralink Technology Inc.)
(RTLE8023xp) Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\Rtenicxp.sys -> [2007/10/23 11:51:04 | 00,103,296 | R--- | M] (Realtek Semiconductor Corporation                           )
(SASDIFSV) SASDIFSV [Kernel | System | Running] -> %ProgramFiles%\SUPERAntiSpyware\SASDIFSV.SYS -> [2009/03/23 14:07:26 | 00,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
(SASENUM) SASENUM [Kernel | On_Demand | Running] -> %ProgramFiles%\SUPERAntiSpyware\SASENUM.SYS -> [2009/03/23 14:07:28 | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
(SASKUTIL) SASKUTIL [Kernel | System | Running] -> %ProgramFiles%\SUPERAntiSpyware\SASKUTIL.sys -> [2009/03/23 14:07:26 | 00,072,944 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
(Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\DRIVERS\secdrv.sys -> [2008/04/13 17:39:15 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
(TfFsMon) TfFsMon [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\TfFsMon.sys -> [2009/03/03 12:19:54 | 00,051,472 | ---- | M] (PC Tools)
(TfNetMon) TfNetMon [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\TfNetMon.sys -> [2009/03/03 12:19:56 | 00,033,040 | ---- | M] (PC Tools)
(TfSysMon) TfSysMon [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\TfSysMon.sys -> [2009/03/03 12:19:58 | 00,039,184 | ---- | M] (PC Tools)
(USBAAPL) Apple Mobile USB Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\Drivers\usbaapl.sys -> [2008/10/01 13:01:28 | 00,032,000 | ---- | M] (Apple, Inc.)
(usbaudio) USB Audio Driver (WDM) [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\usbaudio.sys -> [2008/04/13 19:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation)
 
[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://go.microsoft.com/fwlink/?LinkId=69157 -> 
HKEY_LOCAL_MACHINE\: Main\\"Default_Search_URL" -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_LOCAL_MACHINE\: Main\\"Default_Secondary_Page_URL" -> Reg Error: Invalid data type. -> 
HKEY_LOCAL_MACHINE\: Main\\"Extensions Off Page" -> about:NoAdd-ons -> 
HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> %SystemRoot%\system32\blank.htm -> 
HKEY_LOCAL_MACHINE\: Main\\"Search Page" -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_LOCAL_MACHINE\: Main\\"Security Risk Page" -> about:SecurityRisk -> 
HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://go.microsoft.com/fwlink/?LinkId=69157 -> 
HKEY_LOCAL_MACHINE\: Search\\"CustomizeSearch" -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> 
HKEY_LOCAL_MACHINE\: Search\\"Default_Search_URL" -> http://www.google.com/ie -> 
HKEY_LOCAL_MACHINE\: Search\\"SearchAssistant" -> http://www.google.com/ie -> 
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 
HKEY_CURRENT_USER\: Main\\"Local Page" -> C:\WINDOWS\system32\blank.htm -> 
HKEY_CURRENT_USER\: Main\\"Search Page" -> http://www.google.com -> 
HKEY_CURRENT_USER\: Main\\"SearchMigratedDefaultName" -> Google -> 
HKEY_CURRENT_USER\: Main\\"SearchMigratedDefaultURL" -> http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 -> 
HKEY_CURRENT_USER\: Main\\"Start Page" -> http://www.google.com/ -> 
HKEY_CURRENT_USER\: Search\\"SearchAssistant" -> http://www.google.com/ie -> 
HKEY_CURRENT_USER\: SearchURL\\"" -> http://www.google.com/search?q=%s -> 
HKEY_CURRENT_USER\: "ProxyEnable" -> 0 -> 
HKEY_CURRENT_USER\: "ProxyOverride" -> localhost;*.local -> 
< FireFox Settings [Prefs.js] > -> C:\Documents and Settings\Administrator\Application Data\Mozilla\FireFox\Profiles\waw3xime.default\prefs.js -> 
browser.startup.homepage -> "http://www.google.co.uk/ig?hl=en&gl=uk" ->
extensions.enabledItems -> {44d0a1b4-9c90-4f86-ac92-8680b5d6549e}:0.6.3.11 ->
extensions.enabledItems -> {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}:6.0.10 ->
extensions.enabledItems -> {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}:6.0.12 ->
extensions.enabledItems -> {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13 ->
extensions.enabledItems -> jqs@sun.com:1.0 ->
extensions.enabledItems -> {B7082FAA-CB62-4872-9106-E42DD88EDE45}:2.9 ->
extensions.enabledItems -> {3EC9C995-8072-4fc0-953E-4F30620D17F3}:2.0.0.4 ->
extensions.enabledItems -> {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.5.4.20081105 ->
extensions.enabledItems -> {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.8 ->
< FireFox Settings [User.js] > -> C:\Documents and Settings\Administrator\Application Data\Mozilla\FireFox\Profiles\waw3xime.default\user.js -> 
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
HKLM\software\mozilla\Firefox\Extensions ->  -> 
HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45} -> %ProgramFiles%\MCAFEE\SITEADVISOR [C:\PROGRAM FILES\MCAFEE\SITEADVISOR] -> [2009/03/31 09:35:20 | 00,000,000 | ---D | M]
HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com -> %ProgramFiles%\JAVA\JRE6\LIB\DEPLOY\JQS\FF [C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF] -> [2009/03/13 20:29:37 | 00,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions ->  -> 
HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Components -> %ProgramFiles%\MOZILLA FIREFOX\COMPONENTS [C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS] -> [2009/03/29 01:08:44 | 00,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Plugins -> %ProgramFiles%\MOZILLA FIREFOX\PLUGINS [C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS] -> [2009/03/29 01:08:43 | 00,000,000 | ---D | M]
< FireFox Extensions [User Folders] > -> 
 -> C:\Documents and Settings\Administrator\Application Data\mozilla\Extensions -> [2008/08/16 19:43:09 | 00,000,000 | ---D | M]
 -> C:\Documents and Settings\Administrator\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} -> [2008/08/16 19:43:09 | 00,000,000 | ---D | M]
 -> C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\waw3xime.default\extensions -> [2009/04/19 08:03:31 | 00,097,578 | ---- | M] ()
 -> C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\waw3xime.default\extensions\{3EC9C995-8072-4fc0-953E-4F30620D17F3} -> [2009/04/19 08:03:31 | 00,097,578 | ---- | M] ()
 -> C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\waw3xime.default\extensions\{44d0a1b4-9c90-4f86-ac92-8680b5d6549e} -> [2009/04/19 08:03:31 | 00,097,578 | ---- | M] ()
 -> C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\waw3xime.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} -> [2009/04/19 08:03:31 | 00,097,578 | ---- | M] ()
< FireFox Extensions [Program Folders] > -> 
 -> C:\PROGRAM FILES\MOZILLA FIREFOX\extensions -> [2009/03/29 01:08:42 | 09,732,600 | ---- | M] (Mozilla Foundation)
 -> C:\PROGRAM FILES\MOZILLA FIREFOX\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} -> [2009/03/29 01:08:42 | 09,732,600 | ---- | M] (Mozilla Foundation)
 -> C:\PROGRAM FILES\MOZILLA FIREFOX\extensions\{B13721C7-F507-4982-B2E5-502A71474FED} -> [2009/03/29 01:08:42 | 09,732,600 | ---- | M] (Mozilla Foundation)
 -> C:\PROGRAM FILES\MOZILLA FIREFOX\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} -> [2009/03/29 01:08:42 | 09,732,600 | ---- | M] (Mozilla Foundation)
 -> C:\PROGRAM FILES\MOZILLA FIREFOX\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} -> [2009/03/29 01:08:42 | 09,732,600 | ---- | M] (Mozilla Foundation)
 -> C:\PROGRAM FILES\MOZILLA FIREFOX\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} -> [2009/03/29 01:08:42 | 09,732,600 | ---- | M] (Mozilla Foundation)
< FireFox Components [Program Folders] > -> 
C:\PROGRAM FILES\MOZILLA FIREFOX\components\ -> C:\PROGRAM FILES\MOZILLA FIREFOX\components -> [2009/03/29 01:08:44 | 00,000,000 | ---D | M]
browserdirprovider.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\components\browserdirprovider.dll -> [2009/03/29 01:08:36 | 00,023,032 | ---- | M] (Mozilla Foundation)
brwsrcmp.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\components\brwsrcmp.dll -> [2009/03/29 01:08:37 | 00,134,648 | ---- | M] (Mozilla Foundation)
< FireFox Plugins [Program Folders] > -> 
C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\ -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins -> [2009/03/29 01:08:43 | 00,000,000 | ---D | M]
np-mswmp.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\np-mswmp.dll -> [2007/04/10 18:21:08 | 00,163,256 | ---- | M] (Microsoft Corporation)
npdeploytk.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npdeploytk.dll -> [2009/03/09 05:19:09 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.)
npnul32.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npnul32.dll -> [2009/03/29 01:08:38 | 00,065,528 | ---- | M] (mozilla.org)
NPOFF12.DLL -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\NPOFF12.DLL -> [2006/10/26 21:12:16 | 00,016,192 | ---- | M] (Microsoft Corporation)
npqtplugin.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npqtplugin.dll -> [2009/01/30 15:10:48 | 00,143,360 | ---- | M] (Apple Inc.)
npqtplugin2.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npqtplugin2.dll -> [2009/01/30 15:10:48 | 00,143,360 | ---- | M] (Apple Inc.)
npqtplugin3.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npqtplugin3.dll -> [2009/01/30 15:10:48 | 00,143,360 | ---- | M] (Apple Inc.)
npqtplugin4.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npqtplugin4.dll -> [2009/01/30 15:10:48 | 00,143,360 | ---- | M] (Apple Inc.)
npqtplugin5.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npqtplugin5.dll -> [2009/01/30 15:10:48 | 00,143,360 | ---- | M] (Apple Inc.)
npqtplugin6.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npqtplugin6.dll -> [2009/01/30 15:10:48 | 00,143,360 | ---- | M] (Apple Inc.)
npqtplugin7.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npqtplugin7.dll -> [2009/01/30 15:10:48 | 00,143,360 | ---- | M] (Apple Inc.)
QuickTimePlugin.class -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\QuickTimePlugin.cla -> [2009/01/30 15:10:48 | 00,004,208 | ---- | M] ()
WMP Firefox Plugin License.rtf -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\WMP Firefox Plugin License.rtf -> [2007/03/30 11:43:58 | 00,149,569 | ---- | M] ()
WMP Firefox Plugin RelNotes.txt -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\WMP Firefox Plugin RelNotes.txt -> [2007/03/30 11:43:58 | 00,003,352 | ---- | M] ()
< FireFox SearchPlugins [Program Folders] > -> 
C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\ -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins -> [2008/11/14 19:50:59 | 00,000,000 | ---D | M]
amazon-en-GB.xml -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\amazon-en-GB.xml -> [2008/09/29 20:19:42 | 00,001,538 | ---- | M] ()
answers.xml -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\answers.xml -> [2008/09/29 20:19:42 | 00,002,193 | ---- | M] ()
chambers-en-GB.xml -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\chambers-en-GB.xml -> [2008/09/29 20:19:42 | 00,000,947 | ---- | M] ()
creativecommons.xml -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\creativecommons.xml -> [2008/09/29 20:19:42 | 00,001,534 | ---- | M] ()
eBay-en-GB.xml -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\eBay-en-GB.xml -> [2008/11/14 19:50:56 | 00,000,759 | ---- | M] ()
google.xml -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\google.xml -> [2008/09/29 20:19:42 | 00,001,706 | ---- | M] ()
wikipedia.xml -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\wikipedia.xml -> [2008/09/29 20:19:42 | 00,001,178 | ---- | M] ()
yahoo-en-GB.xml -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\yahoo-en-GB.xml -> [2008/09/29 20:19:42 | 00,000,831 | ---- | M] ()
< HOSTS File > (305173 bytes and 10553 lines) -> C:\WINDOWS\System32\drivers\etc\Hosts -> 
First 25 entries...
Reset Hosts
127.0.0.1       localhost
127.0.0.1	www.007guard.com
127.0.0.1	007guard.com
127.0.0.1	008i.com
127.0.0.1	www.008k.com
127.0.0.1	008k.com
127.0.0.1	www.00hq.com
127.0.0.1	00hq.com
127.0.0.1	010402.com
127.0.0.1	www.032439.com
127.0.0.1	032439.com
127.0.0.1	www.0scan.com
127.0.0.1	0scan.com
127.0.0.1	www.1000gratisproben.com
127.0.0.1	1000gratisproben.com
127.0.0.1	www.1001namen.com
127.0.0.1	1001namen.com
127.0.0.1	100888290cs.com
127.0.0.1	www.100888290cs.com
127.0.0.1	100sexlinks.com
127.0.0.1	www.100sexlinks.com
127.0.0.1	10sek.com
127.0.0.1	www.10sek.com
127.0.0.1	www.1-2005-search.com
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [AcroIEHlprObj Class] -> [2006/12/18 04:16:41 | 00,059,032 | ---- | M] (Adobe Systems Incorporated)
{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> [2009/01/26 15:31:02 | 01,879,896 | ---- | M] (Safer Networking Limited)
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} [HKLM] -> %ProgramFiles%\Microsoft Office\Office12\GrooveShellExtensions.dll [Groove GFS Browser Helper] -> [2007/08/24 08:01:22 | 02,212,224 | ---- | M] (Microsoft Corporation)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre6\bin\ssv.dll [SSVHelper Class] -> [2009/03/09 05:19:10 | 00,320,920 | ---- | M] (Sun Microsystems, Inc.)
{7DB2D5A0-7241-4E79-B68D-6309F01C5231} [HKLM] -> %ProgramFiles%\McAfee\VirusScan\scriptsn.dll [scriptproxy] -> [2009/01/16 21:03:56 | 00,058,688 | ---- | M] (McAfee, Inc.)
{9030D464-4C02-4ABF-8ECC-5164760863C6} [HKLM] -> %CommonProgramFiles%\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [Windows Live Sign-in Helper] -> [2009/01/22 16:41:30 | 00,408,448 | ---- | M] (Microsoft Corporation)
{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKLM] -> %ProgramFiles%\Google\Google Toolbar\GoogleToolbar.dll [Google Toolbar Helper] -> [2008/11/26 21:28:35 | 00,251,504 | ---- | M] ()
{AE7CD045-E861-484f-8273-0445EE161910} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [Adobe PDF Conversion Toolbar Helper] -> [2006/12/18 04:18:14 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKLM] -> %ProgramFiles%\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [Google Toolbar Notifier BHO] -> [2009/03/22 11:01:39 | 00,668,656 | ---- | M] (Google Inc.)
{B164E929-A1B6-4A06-B104-2CD0E90A88FF} [HKLM] -> %ProgramFiles%\McAfee\SiteAdvisor\McIEPlg.dll [McAfee SiteAdvisor BHO] -> [2009/02/13 13:44:56 | 00,150,032 | ---- | M] ()
{C84D72FE-E17D-4195-BB24-76C02E2E7C4E} [HKLM] -> %ProgramFiles%\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll [Google Dictionary Compression sdch] -> [2008/11/26 21:28:35 | 00,522,224 | ---- | M] (Google Inc.)
{DBC80044-A445-435b-BC74-9C25C1C588A9} [HKLM] -> %ProgramFiles%\Java\jre6\bin\jp2ssv.dll [Java(tm) Plug-In 2 SSV Helper] -> [2009/03/09 05:18:50 | 00,035,840 | ---- | M] (Sun Microsystems, Inc.)
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} [HKLM] -> %ProgramFiles%\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [JQSIEStartDetectorImpl Class] -> [2009/03/09 05:18:52 | 00,073,728 | ---- | M] (Sun Microsystems, Inc.)
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
"{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}" [HKLM] -> %ProgramFiles%\McAfee\SiteAdvisor\McIEPlg.dll [McAfee SiteAdvisor Toolbar] -> [2009/02/13 13:44:56 | 00,150,032 | ---- | M] ()
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" [HKLM] -> %ProgramFiles%\Google\Google Toolbar\GoogleToolbar.dll [&Google Toolbar] -> [2008/11/26 21:28:35 | 00,251,504 | ---- | M] ()
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> [2006/12/18 04:18:14 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> 
WebBrowser\\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" [HKLM] -> %ProgramFiles%\Google\Google Toolbar\GoogleToolbar.dll [&Google Toolbar] -> [2008/11/26 21:28:35 | 00,251,504 | ---- | M] ()
WebBrowser\\"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> [2006/12/18 04:18:14 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"" ->  [] -> File not found
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}" -> %ProgramFiles%\Google\Gmail Notifier\gnotify.exe [C:\Program Files\Google\Gmail Notifier\gnotify.exe] -> [2005/07/15 22:48:33 | 00,479,232 | ---- | M] (Google Inc.)
"Acrobat Assistant 7.0" -> %ProgramFiles%\Adobe\Acrobat 7.0\Distillr\Acrotray.exe ["C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"] -> [2008/04/23 02:08:13 | 00,483,328 | ---- | M] (Adobe Systems Inc.)
"Ad-Watch" -> %ProgramFiles%\Lavasoft\Ad-Aware\AAWTray.exe [C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe] -> [2009/03/09 20:06:55 | 00,515,416 | ---- | M] (Lavasoft)
"Alcmtr" -> %SystemRoot%\ALCMTR.EXE [ALCMTR.EXE] -> [2005/05/03 11:43:28 | 00,069,632 | R--- | M] (Realtek Semiconductor Corp.)
"ANIWZCS2Service" -> %ProgramFiles%\ANI\ANIWZCS2 Service\WZCSLDR2.exe [C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe] -> [2007/01/19 11:49:04 | 00,049,152 | ---- | M] (Wireless Service)
"AppleSyncNotifier" -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe] -> [2008/09/03 20:12:50 | 00,111,936 | ---- | M] (Apple Inc.)
"dlbxmon.exe" -> %ProgramFiles%\Dell Photo AIO Printer 962\dlbxmon.exe ["C:\Program Files\Dell Photo AIO Printer 962\dlbxmon.exe"] -> [2004/08/27 14:29:10 | 00,417,792 | ---- | M] (Dell)
"D-Link AirPlus G DWL-G510" -> %ProgramFiles%\D-Link\AirPlus G DWL-G510\AirGCFG.exe [C:\Program Files\D-Link\AirPlus G DWL-G510\AirGCFG.exe] -> [2007/10/24 14:30:52 | 01,552,384 | ---- | M] (D-Link)
"Google Desktop Search" ->  ["C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup] -> File not found
"GrooveMonitor" -> %ProgramFiles%\Microsoft Office\Office12\GrooveMonitor.exe ["C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"] -> [2007/08/24 08:00:48 | 00,033,648 | ---- | M] (Microsoft Corporation)
"iTunesHelper" -> %ProgramFiles%\iTunes\iTunesHelper.exe ["C:\Program Files\iTunes\iTunesHelper.exe"] -> [2009/03/12 21:56:58 | 00,342,312 | ---- | M] (Apple Inc.)
"LogitechVideoRepair" -> %ProgramFiles%\Logitech\Video\ISStart.exe [C:\Program Files\Logitech\Video\ISStart.exe ] -> [2005/06/08 15:24:32 | 00,458,752 | ---- | M] (Logitech Inc.)
"LogitechVideoTray" -> %ProgramFiles%\Logitech\Video\LogiTray.exe [C:\Program Files\Logitech\Video\LogiTray.exe] -> [2005/06/08 15:14:44 | 00,217,088 | ---- | M] (Logitech Inc.)
"LVCOMSX" -> %SystemRoot%\system32\LVCOMSX.EXE [C:\WINDOWS\system32\LVCOMSX.EXE] -> [2005/07/19 17:32:18 | 00,221,184 | ---- | M] (Logitech Inc.)
"mcagent_exe" -> %ProgramFiles%\McAfee.com\Agent\mcagent.exe ["C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey] -> [2009/01/08 21:30:26 | 00,645,328 | ---- | M] (McAfee, Inc.)
"RTHDCPL" -> %SystemRoot%\RTHDCPL.EXE [RTHDCPL.EXE] -> [2007/11/22 09:40:32 | 16,858,112 | R--- | M] (Realtek Semiconductor Corp.)
"ThreatFire" -> %ProgramFiles%\ThreatFire\TFTray.exe [C:\Program Files\ThreatFire\TFTray.exe] -> [2009/03/03 12:19:44 | 00,263,440 | ---- | M] (PC Tools)
"WinampAgent" -> %ProgramFiles%\Winamp\winampa.exe ["C:\Program Files\Winamp\winampa.exe"] -> [2008/08/04 00:02:20 | 00,036,352 | ---- | M] ()
"Windows Defender" -> %ProgramFiles%\Windows Defender\MSASCui.exe ["C:\Program Files\Windows Defender\MSASCui.exe" -hide] -> [2006/11/03 19:20:12 | 00,866,584 | ---- | M] (Microsoft Corporation)
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"Google Update" -> %UserProfile%\Local Settings\Application Data\Google\Update\GoogleUpdate.exe ["C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c] -> [2008/09/04 22:53:19 | 00,133,104 | ---- | M] (Google Inc.)
"LDM" -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe [C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe] -> [2008/08/15 20:30:49 | 00,020,480 | ---- | M] (Logitech)
"LightScribe Control Panel" -> %CommonProgramFiles%\LightScribe\LightScribeControlPanel.exe [C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden] -> [2007/09/19 21:48:24 | 00,455,968 | ---- | M] (Hewlett-Packard Company)
"Skype" -> %ProgramFiles%\Skype\Phone\Skype.exe ["C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized] -> [2009/01/29 15:01:36 | 23,975,720 | R--- | M] (Skype Technologies S.A.)
"SUPERAntiSpyware" -> %ProgramFiles%\SUPERAntiSpyware\SUPERAntiSpyware.exe [C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe] -> [2009/03/23 14:07:24 | 01,830,128 | ---- | M] (SUPERAntiSpyware.com)
"swg" -> %ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe] -> [2008/08/15 20:41:44 | 00,039,408 | ---- | M] (Google Inc.)
< Administrator Startup Folder > -> C:\Documents and Settings\Administrator\Start Menu\Programs\Startup -> 
%UserProfile%\Start Menu\Programs\Startup\Adobe Gamma.lnk -> %CommonProgramFiles%\Adobe\Calibration\Adobe Gamma Loader.exe -> [2005/03/16 19:16:50 | 00,113,664 | ---- | M] (Adobe Systems, Inc.)
%UserProfile%\Start Menu\Programs\Startup\BUFFALO Disk Backup Utility.lnk -> %ProgramFiles%\BUFFALO\HDBackup\HDBackup.exe -> [2004/07/28 15:02:00 | 00,204,800 | ---- | M] (BUFFALO INC.)
%UserProfile%\Start Menu\Programs\Startup\BUFFALO Power Save Utility for HD.lnk -> %ProgramFiles%\BUFFALO\HDManage\HDManage.exe -> [2004/07/29 06:24:06 | 00,069,632 | ---- | M] (BUFFALO INC.)
%UserProfile%\Start Menu\Programs\Startup\qlock.lnk -> %ProgramFiles%\Qlock\qlock.exe -> [2008/10/16 13:00:18 | 04,142,080 | ---- | M] ()
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> 
%AllUsersProfile%\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk -> %SystemRoot%\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe -> [2008/08/19 21:16:16 | 00,025,214 | R--- | M] ()
%AllUsersProfile%\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe -> [2008/08/15 20:30:51 | 00,450,560 | ---- | M] (Logitech)
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"HonorAutoRunSetting" ->  [1] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
\\"dontdisplaylastusername" ->  [0] -> File not found
\\"legalnoticecaption" ->  [] -> File not found
\\"legalnoticetext" ->  [] -> File not found
\\"shutdownwithoutlogon" ->  [1] -> File not found
\\"undockwithoutlogon" ->  [1] -> File not found
< CurrentVersion Policy Settings - Explorer [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [145] -> File not found
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> 
Convert link target to Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html] -> [2006/12/18 04:18:14 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)
Convert link target to existing PDF -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html] -> [2006/12/18 04:18:14 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)
Convert selected links to Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html] -> [2006/12/18 04:18:14 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)
Convert selected links to existing PDF -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html] -> [2006/12/18 04:18:14 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)
Convert selection to Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html] -> [2006/12/18 04:18:14 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)
Convert selection to existing PDF -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html] -> [2006/12/18 04:18:14 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)
Convert to Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html] -> [2006/12/18 04:18:14 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)
Convert to existing PDF -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html] -> [2006/12/18 04:18:14 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)
E&xport to Microsoft Excel -> %ProgramFiles%\Microsoft Office\Office12\EXCEL.EXE [res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000] -> [2009/02/26 00:37:14 | 17,937,768 | ---- | M] (Microsoft Corporation)
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBC} [HKLM] -> %ProgramFiles%\Java\jre6\bin\npjpi160_13.dll [Menu: Sun Java Console] -> [2009/03/09 05:19:10 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.)
{2670000A-7350-4f3c-8081-5663EE0C6C49}:{48E73304-E1D6-4330-914C-F5F514E3486C} [HKLM] -> %ProgramFiles%\Microsoft Office\Office12\ONBttnIE.dll [Button: Send to OneNote] -> [2007/12/13 03:20:58 | 00,606,288 | ---- | M] (Microsoft Corporation)
{2670000A-7350-4f3c-8081-5663EE0C6C49}:{48E73304-E1D6-4330-914C-F5F514E3486C} [HKLM] -> %ProgramFiles%\Microsoft Office\Office12\ONBttnIE.dll [Menu: S&end to OneNote] -> [2007/12/13 03:20:58 | 00,606,288 | ---- | M] (Microsoft Corporation)
{92780B25-18CC-41C8-B9BE-3C9C571A8263}:{FF059E31-CC5A-4E2E-BF3B-96E929D65503} [HKLM] -> %ProgramFiles%\Microsoft Office\Office12\REFIEBAR.DLL [Button: Research] -> [2006/10/26 21:12:22 | 00,040,424 | ---- | M] (Microsoft Corporation)
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Menu: Spybot - Search & Destroy Configuration] -> [2009/01/26 15:31:02 | 01,879,896 | ---- | M] (Safer Networking Limited)
{e2e2dd38-d088-4134-82b7-f2ba38496583}:Exec [HKLM] -> %SystemRoot%\Network Diagnostic\xpnetdiag.exe [Menu: @xpsp3res.dll,-20001] -> [2008/04/13 19:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Button: Messenger] -> [2008/04/14 01:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Menu: Windows Messenger] -> [2008/04/14 01:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\"{2670000A-7350-4f3c-8081-5663EE0C6C49}" [HKLM] -> %ProgramFiles%\Microsoft Office\Office12\ONBttnIE.dll [Send to OneNote] -> [2007/12/13 03:20:58 | 00,606,288 | ---- | M] (Microsoft Corporation)
CmdMapping\\"{92780B25-18CC-41C8-B9BE-3C9C571A8263}" [HKLM] -> %ProgramFiles%\Microsoft Office\Office12\REFIEBAR.DLL [Research] -> [2006/10/26 21:12:22 | 00,040,424 | ---- | M] (Microsoft Corporation)
CmdMapping\\"{e2e2dd38-d088-4134-82b7-f2ba38496583}" [HKLM] -> %SystemRoot%\Network Diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 19:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/14 01:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> 
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 5481 domain(s) found. -> 
49 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. -> 
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 5482 domain(s) found. -> 
*.update_microsoft.com [http] -> Trusted sites -> 
*.update_microsoft.com [https] -> Trusted sites -> 
download_windowsupdate.com [http] -> Trusted sites -> 
50 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. -> 
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{0CCA191D-13A6-4E29-B746-314DEE697D83} [HKLM] -> http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab [Facebook Photo Uploader 5 Control] -> 
{48DD0448-9209-4F81-9F6D-D83562940134} [HKLM] -> http://lads.myspace.com/upload/MySpaceUploader1006.cab [MySpace Uploader Control] -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab [Java Plug-in 1.6.0_13] -> 
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [HKLM] -> http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab [Reg Error: Key error.] -> 
{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab [Java Plug-in 1.6.0_13] -> 
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab [Java Plug-in 1.6.0_13] -> 
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{157C49FC-62F3-43A9-893E-90385A93FACD} ->    (Realtek RTL8139/810x Family Fast Ethernet NIC) -> 
{3EEE737B-D87E-454F-9C9E-705995AB6BD6} ->    () -> 
{F669C622-741F-4086-83C2-B7853CACDADC} ->    (D-Link AirPlus G DWL-G510 Wireless PCI Adapter(rev.C)) -> 
< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs -> 
*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls -> 
C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL -> %ProgramFiles%\Google\Google Desktop Search\GoogleDesktopNetwork3.dll -> [2008/08/15 20:40:02 | 00,113,664 | ---- | M] (Google)
*MultiFile Done* -> -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
Explorer.exe -> %SystemRoot%\Explorer.exe -> [2008/04/14 01:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 
!SASWinLogon -> %ProgramFiles%\SUPERAntiSpyware\SASWINLO.dll -> [2008/12/22 12:05:34 | 00,356,352 | ---- | M] (SUPERAntiSpyware.com)
igfxcui -> %SystemRoot%\system32\igfxdev.dll -> [2007/01/13 02:46:04 | 00,204,800 | R--- | M] (Intel Corporation)
< SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad -> 
"{fbeb8a05-beee-4442-804e-409d6c4515e9}" [HKLM] -> Reg Error: Key error. [CDBurn] -> File not found
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> 
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}" [HKLM] -> %ProgramFiles%\Windows Defender\MpShHook.dll [Microsoft AntiMalware ShellExecuteHook] -> [2006/11/03 19:20:00 | 00,083,224 | ---- | M] (Microsoft Corporation)
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}" [HKLM] -> %ProgramFiles%\SUPERAntiSpyware\SASSEH.DLL [] -> [2008/05/13 10:13:36 | 00,077,824 | ---- | M] (SuperAdBlocker.com)
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" [HKLM] -> %ProgramFiles%\Microsoft Office\Office12\GrooveShellExtensions.dll [Groove GFS Stub Execution Hook] -> [2007/08/24 08:01:22 | 02,212,224 | ---- | M] (Microsoft Corporation)
< Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List -> 
"%windir%\Network Diagnostic\xpnetdiag.exe" -> C:\WINDOWS\Network Diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> [2008/04/13 19:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> [2008/04/14 01:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" -> C:\Program Files\Windows Live\Messenger\msnmsgr.exe [C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger] -> [2009/02/06 19:51:28 | 03,885,408 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" -> C:\Program Files\Windows Live\Messenger\wlcsdk.exe [C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call] -> [2009/02/06 19:21:00 | 00,583,024 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" -> C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe [C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync] -> [2009/02/06 19:23:32 | 01,170,272 | ---- | M] (Microsoft Corporation)
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List -> 
"%windir%\Network Diagnostic\xpnetdiag.exe" -> C:\WINDOWS\Network Diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> [2008/04/13 19:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> [2008/04/14 01:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Bonjour\mDNSResponder.exe" -> C:\Program Files\Bonjour\mDNSResponder.exe [C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour] -> [2008/12/12 12:17:38 | 00,238,888 | ---- | M] (Apple Inc.)
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" -> C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe [C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent] -> [2009/01/09 12:31:16 | 02,482,848 | ---- | M] (McAfee, Inc.)
"C:\Program Files\iTunes\iTunes.exe" -> C:\Program Files\iTunes\iTunes.exe [C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes] -> [2009/03/12 21:56:54 | 13,498,664 | ---- | M] (Apple Inc.)
"C:\Program Files\Messenger\msmsgs.exe" -> C:\Program Files\Messenger\msmsgs.exe [C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger] -> [2008/04/14 01:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" -> C:\Program Files\Microsoft Office\Office12\GROOVE.EXE [C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove] -> [2007/08/29 01:23:36 | 00,340,856 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" -> C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE [C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote] -> [2008/05/21 06:54:40 | 01,022,496 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" -> C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE [C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook] -> [2008/05/21 05:37:24 | 12,844,576 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Skype\Phone\Skype.exe" -> C:\Program Files\Skype\Phone\Skype.exe [C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype] -> [2009/01/29 15:01:36 | 23,975,720 | R--- | M] (Skype Technologies S.A.)
"C:\Program Files\Spotify\spotify.exe" -> C:\Program Files\Spotify\spotify.exe [C:\Program Files\Spotify\spotify.exe:*:Enabled:Spotify] -> [2009/04/22 20:14:38 | 02,606,416 | ---- | M] (Spotify AB)
"C:\Program Files\uTorrent\uTorrent.exe" -> C:\Program Files\uTorrent\uTorrent.exe [C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent] -> [2009/02/11 07:40:44 | 00,270,128 | ---- | M] (BitTorrent, Inc.)
"C:\Program Files\Winamp Remote\bin\Orb.exe" -> C:\Program Files\Winamp Remote\bin\Orb.exe [C:\Program Files\Winamp Remote\bin\Orb.exe:*:Enabled:Orb] -> File not found
"C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe" -> C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe [C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client] -> File not found
"C:\Program Files\Winamp Remote\bin\OrbTray.exe" -> C:\Program Files\Winamp Remote\bin\OrbTray.exe [C:\Program Files\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray] -> File not found
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" -> C:\Program Files\Windows Live\Messenger\msnmsgr.exe [C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger] -> [2009/02/06 19:51:28 | 03,885,408 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" -> C:\Program Files\Windows Live\Messenger\wlcsdk.exe [C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call] -> [2009/02/06 19:21:00 | 00,583,024 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" -> C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe [C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync] -> [2009/02/06 19:23:32 | 01,170,272 | ---- | M] (Microsoft Corporation)
"C:\WINDOWS\system32\dlbxcoms.exe" -> C:\WINDOWS\system32\dlbxcoms.exe [C:\WINDOWS\system32\dlbxcoms.exe:*:Disabled:Dell 962 Server] -> [2004/08/26 16:57:02 | 00,450,560 | ---- | M] (Dell)
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> 
"AlternateShell" -> cmd.exe -> 
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 -> 
"DisplayName" -> CD-ROM Driver -> 
"ImagePath" -> %SystemRoot%\system32\DRIVERS\cdrom.sys [system32\DRIVERS\cdrom.sys] -> [2008/04/13 19:40:46 | 00,062,976 | ---- | M] (Microsoft Corporation)
< Drives with AutoRun files > ->  -> 
C:\AUTOEXEC.BAT [] -> %SystemDrive%\AUTOEXEC.BAT [ NTFS ] -> [2008/08/12 19:14:30 | 00,000,000 | ---- | M] ()
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> 
\{6bb8d508-b88e-11dd-9a30-00196672c6e9}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6bb8d508-b88e-11dd-9a30-00196672c6e9}\Shell
\{6bb8d508-b88e-11dd-9a30-00196672c6e9}\Shell\\"" ->  [AutoRun] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6bb8d508-b88e-11dd-9a30-00196672c6e9}\Shell\AutoRun
\{6bb8d508-b88e-11dd-9a30-00196672c6e9}\Shell\AutoRun\\"" ->  [Auto&Play] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6bb8d508-b88e-11dd-9a30-00196672c6e9}\Shell\AutoRun\command
\{6bb8d508-b88e-11dd-9a30-00196672c6e9}\Shell\AutoRun\command\\"" -> E:\Enterprise_Launcher.exe [E:\Enterprise_Launcher.exe] -> File not found
 
 
[Files/Folders - Created Within 30 Days]
4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
1 C:\Documents and Settings\Administrator\*.tmp files -> C:\Documents and Settings\Administrator\*.tmp -> 
OTScanIt2 -> %UserProfile%\Desktop\OTScanIt2 -> [2009/04/24 19:34:03 | 00,000,000 | ---D | C]
OTScanIt2.exe -> %UserProfile%\Desktop\OTScanIt2.exe -> [2009/04/24 19:33:44 | 00,665,196 | ---- | C] ()
Log1.docx -> %UserProfile%\Desktop\Log1.docx -> [2009/04/23 23:11:20 | 00,041,253 | ---- | C] ()
rsit -> %SystemDrive%\rsit -> [2009/04/23 22:26:58 | 00,000,000 | ---D | C]
RSIT.exe -> %UserProfile%\Desktop\RSIT.exe -> [2009/04/23 22:26:21 | 00,781,909 | ---- | C] ()
cc_20090422_080253.reg -> %UserProfile%\My Documents\cc_20090422_080253.reg -> [2009/04/22 08:02:55 | 00,011,232 | ---- | C] ()
Recent -> %UserProfile%\Recent -> [2009/04/22 08:00:33 | 00,000,000 | RH-D | C]
Fonts not used.lnk -> %UserProfile%\Desktop\Fonts not used.lnk -> [2009/04/22 07:32:10 | 00,001,301 | ---- | C] ()
Fonts not used -> %SystemRoot%\Fonts not used -> [2009/04/22 07:31:09 | 00,000,000 | ---D | C]
Reiki -> %UserProfile%\My Documents\Reiki -> [2009/04/18 12:19:24 | 00,000,000 | ---D | C]
pss -> %SystemRoot%\pss -> [2009/04/18 09:42:21 | 00,000,000 | ---D | C]
appmgmt -> %SystemRoot%\System32\appmgmt -> [2009/04/18 09:40:41 | 00,000,000 | ---D | C]
Config.Msi -> %SystemDrive%\Config.Msi -> [2009/04/18 09:40:23 | 00,000,000 | -HSD | C]
cc_20090417_133511.reg -> %UserProfile%\My Documents\cc_20090417_133511.reg -> [2009/04/17 13:35:14 | 00,008,090 | ---- | C] ()
MP Scheduled Scan.job -> %SystemRoot%\tasks\MP Scheduled Scan.job -> [2009/04/17 08:09:03 | 00,000,330 | -H-- | C] ()
Windows Defender -> %ProgramFiles%\Windows Defender -> [2009/04/17 08:05:49 | 00,000,000 | ---D | C]
Trend Micro -> %ProgramFiles%\Trend Micro -> [2009/04/17 08:01:28 | 00,000,000 | ---D | C]
Spybot - Search & Destroy -> %ProgramFiles%\Spybot - Search & Destroy -> [2009/04/17 06:53:22 | 00,000,000 | ---D | C]
Spybot - Search & Destroy -> %AllUsersProfile%\Application Data\Spybot - Search & Destroy -> [2009/04/17 06:53:22 | 00,000,000 | ---D | C]
Malwarebytes -> %AppData%\Malwarebytes -> [2009/04/17 06:47:18 | 00,000,000 | ---D | C]
mbam.sys -> %SystemRoot%\System32\drivers\mbam.sys -> [2009/04/17 06:46:33 | 00,015,504 | ---- | C] (Malwarebytes Corporation)
mbamswissarmy.sys -> %SystemRoot%\System32\drivers\mbamswissarmy.sys -> [2009/04/17 06:46:21 | 00,038,496 | ---- | C] (Malwarebytes Corporation)
Malwarebytes -> %AllUsersProfile%\Application Data\Malwarebytes -> [2009/04/17 06:46:09 | 00,000,000 | ---D | C]
Malwarebytes' Anti-Malware -> %ProgramFiles%\Malwarebytes' Anti-Malware -> [2009/04/17 06:46:05 | 00,000,000 | ---D | C]
lsdelete.exe -> %SystemRoot%\System32\lsdelete.exe -> [2009/04/16 07:55:00 | 00,015,688 | ---- | C] ()
SUPERAntiSpyware.com -> %AllUsersProfile%\Application Data\SUPERAntiSpyware.com -> [2009/04/16 07:34:50 | 00,000,000 | ---D | C]
SUPERAntiSpyware.com -> %AppData%\SUPERAntiSpyware.com -> [2009/04/16 07:34:38 | 00,000,000 | ---D | C]
SUPERAntiSpyware -> %ProgramFiles%\SUPERAntiSpyware -> [2009/04/16 07:34:38 | 00,000,000 | ---D | C]
Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard -> [2009/04/16 07:34:25 | 00,000,000 | ---D | C]
TEMP -> %AllUsersProfile%\Application Data\TEMP -> [2009/04/16 07:32:11 | 00,000,000 | ---D | C]
TfFsMon.sys -> %SystemRoot%\System32\drivers\TfFsMon.sys -> [2009/04/16 07:32:04 | 00,051,472 | ---- | C] (PC Tools)
TfSysMon.sys -> %SystemRoot%\System32\drivers\TfSysMon.sys -> [2009/04/16 07:32:04 | 00,039,184 | ---- | C] (PC Tools)
TfNetMon.sys -> %SystemRoot%\System32\drivers\TfNetMon.sys -> [2009/04/16 07:32:04 | 00,033,040 | ---- | C] (PC Tools)
TfKbMon.sys -> %SystemRoot%\System32\drivers\TfKbMon.sys -> [2009/04/16 07:32:04 | 00,012,560 | ---- | C] (PC Tools)
ThreatFire -> %ProgramFiles%\ThreatFire -> [2009/04/16 07:32:02 | 00,000,000 | ---D | C]
PC Tools -> %AllUsersProfile%\Application Data\PC Tools -> [2009/04/16 07:32:02 | 00,000,000 | ---D | C]
Ad-Aware Update (Weekly).job -> %SystemRoot%\tasks\Ad-Aware Update (Weekly).job -> [2009/04/16 07:24:45 | 00,000,472 | ---- | C] ()
Lbd.sys -> %SystemRoot%\System32\drivers\Lbd.sys -> [2009/04/16 07:24:37 | 00,064,160 | ---- | C] (Lavasoft AB)
{7972B2E5-3E09-4E5E-81B7-FE5819D6772F} -> %AllUsersProfile%\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F} -> [2009/04/16 07:23:46 | 00,000,000 | -H-D | C]
Lavasoft -> %ProgramFiles%\Lavasoft -> [2009/04/16 07:23:41 | 00,000,000 | ---D | C]
Lavasoft -> %AllUsersProfile%\Application Data\Lavasoft -> [2009/04/16 07:23:41 | 00,000,000 | ---D | C]
cc_20090416_071928.reg -> %UserProfile%\My Documents\cc_20090416_071928.reg -> [2009/04/16 07:19:33 | 00,160,038 | ---- | C] ()
CCleaner -> %ProgramFiles%\CCleaner -> [2009/04/16 07:13:31 | 00,000,000 | ---D | C]
Panda Security -> %ProgramFiles%\Panda Security -> [2009/04/16 07:00:58 | 00,000,000 | ---D | C]
pdh.dll -> %SystemRoot%\System32\dllcache\pdh.dll -> [2009/04/15 20:16:36 | 00,284,160 | ---- | C] (Microsoft Corporation)
rpcss.dll -> %SystemRoot%\System32\dllcache\rpcss.dll -> [2009/04/15 20:16:34 | 00,401,408 | ---- | C] (Microsoft Corporation)
services.exe -> %SystemRoot%\System32\dllcache\services.exe -> [2009/04/15 20:16:34 | 00,110,592 | ---- | C] (Microsoft Corporation)
fastprox.dll -> %SystemRoot%\System32\dllcache\fastprox.dll -> [2009/04/15 20:16:33 | 00,473,600 | ---- | C] (Microsoft Corporation)
wmiprvse.exe -> %SystemRoot%\System32\dllcache\wmiprvse.exe -> [2009/04/15 20:16:32 | 00,227,840 | ---- | C] (Microsoft Corporation)
lsasrv.dll -> %SystemRoot%\System32\dllcache\lsasrv.dll -> [2009/04/15 20:16:31 | 00,729,088 | ---- | C] (Microsoft Corporation)
advapi32.dll -> %SystemRoot%\System32\dllcache\advapi32.dll -> [2009/04/15 20:16:31 | 00,617,472 | ---- | C] (Microsoft Corporation)
wmiprvsd.dll -> %SystemRoot%\System32\dllcache\wmiprvsd.dll -> [2009/04/15 20:16:31 | 00,453,120 | ---- | C] (Microsoft Corporation)
ntdll.dll -> %SystemRoot%\System32\dllcache\ntdll.dll -> [2009/04/15 20:16:30 | 00,714,752 | ---- | C] (Microsoft Corporation)
xpsp4res.dll -> %SystemRoot%\System32\xpsp4res.dll -> [2009/04/15 20:11:05 | 00,002,560 | ---- | C] (Microsoft Corporation)
sysmain.sdb -> %SystemRoot%\System32\dllcache\sysmain.sdb -> [2009/04/15 20:11:04 | 01,203,922 | ---- | C] ()
wordpad.exe -> %SystemRoot%\System32\dllcache\wordpad.exe -> [2009/04/15 20:11:04 | 00,215,552 | ---- | C] (Microsoft Corporation)
yoghurt1.jpg -> %UserProfile%\Desktop\yoghurt1.jpg -> [2009/03/31 15:57:34 | 00,089,046 | ---- | C] ()
Help -> %UserProfile%\Local Settings\Application Data\Help -> [2009/03/30 12:13:27 | 00,000,000 | ---D | C]
Help -> %AppData%\Help -> [2009/03/30 12:13:27 | 00,000,000 | ---D | C]
Somabeing - Reflexology letter1.pdf -> %UserProfile%\My Documents\Somabeing - Reflexology letter1.pdf -> [2009/03/26 20:33:27 | 00,072,088 | ---- | C] ()
Garden -> %UserProfile%\My Documents\Garden -> [2009/03/26 20:31:21 | 00,000,000 | ---D | C]
dellstat.ini -> %SystemRoot%\dellstat.ini -> [2008/08/16 21:02:54 | 00,000,661 | ---- | C] ()
dlbxins.dll -> %SystemRoot%\System32\dlbxins.dll -> [2008/08/16 21:00:17 | 00,126,976 | ---- | C] ()
dlbxinsr.dll -> %SystemRoot%\System32\dlbxinsr.dll -> [2008/08/16 21:00:17 | 00,094,208 | ---- | C] ()
dlbxvs.dll -> %SystemRoot%\System32\dlbxvs.dll -> [2008/08/16 21:00:16 | 00,040,960 | ---- | C] ()
dlbxutil.dll -> %SystemRoot%\System32\dlbxutil.dll -> [2008/08/16 21:00:14 | 00,397,312 | ---- | C] ()
dlbxcu.dll -> %SystemRoot%\System32\dlbxcu.dll -> [2008/08/16 21:00:14 | 00,069,632 | ---- | C] ()
dlbxcur.dll -> %SystemRoot%\System32\dlbxcur.dll -> [2008/08/16 21:00:14 | 00,032,768 | ---- | C] ()
dlbxinsb.dll -> %SystemRoot%\System32\dlbxinsb.dll -> [2008/08/16 21:00:13 | 00,176,128 | ---- | C] ()
dlbxjswr.dll -> %SystemRoot%\System32\dlbxjswr.dll -> [2008/08/16 21:00:13 | 00,135,168 | ---- | C] ()
dlbxcub.dll -> %SystemRoot%\System32\dlbxcub.dll -> [2008/08/16 21:00:13 | 00,077,824 | ---- | C] ()
NeroDigital.ini -> %SystemRoot%\NeroDigital.ini -> [2008/08/15 20:48:49 | 00,000,069 | ---- | C] ()
lvcoinst.ini -> %SystemRoot%\System32\lvcoinst.ini -> [2008/08/15 20:31:47 | 00,009,255 | ---- | C] ()
_delis32.ini -> %SystemRoot%\_delis32.ini -> [2008/08/15 20:19:32 | 00,000,272 | ---- | C] ()
JJAKEn.dll -> %SystemRoot%\System32\JJAKEn.dll -> [2008/08/12 19:57:31 | 00,049,152 | ---- | C] ()
igfxCoIn_v4764.dll -> %SystemRoot%\System32\igfxCoIn_v4764.dll -> [2008/08/12 19:52:32 | 00,204,800 | R--- | C] ()
Ascd_tmp.ini -> %SystemRoot%\Ascd_tmp.ini -> [2008/08/12 19:41:40 | 00,005,532 | ---- | C] ()
ASUSHWIO.SYS -> %SystemRoot%\System32\drivers\ASUSHWIO.SYS -> [2008/08/12 19:41:39 | 00,010,288 | ---- | C] ()
win.ini -> %SystemRoot%\win.ini -> [2004/08/04 13:00:00 | 00,000,582 | ---- | C] ()
system.ini -> %SystemRoot%\system.ini -> [2004/08/04 13:00:00 | 00,000,231 | ---- | C] ()
UN040622.INI -> %SystemRoot%\UN040622.INI -> [2004/07/28 02:31:00 | 00,005,816 | ---- | C] ()
UN040525.INI -> %SystemRoot%\UN040525.INI -> [2004/07/27 04:22:00 | 00,006,466 | ---- | C] ()
indounin.dll -> %SystemRoot%\System32\indounin.dll -> [1999/01/27 13:39:06 | 00,065,024 | ---- | C] ()
Iyvu9_32.dll -> %SystemRoot%\System32\Iyvu9_32.dll -> [1997/06/13 07:56:08 | 00,056,832 | ---- | C] ()
 
[Files/Folders - Modified Within 30 Days]
4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
1 C:\Documents and Settings\Administrator\*.tmp files -> C:\Documents and Settings\Administrator\*.tmp -> 
11 C:\Documents and Settings\Administrator\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Administrator\Local Settings\Temp\*.tmp -> 
11 C:\Documents and Settings\Administrator\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Administrator\Local Settings\Temp\*.tmp -> 
OTScanIt2.exe -> %UserProfile%\Desktop\OTScanIt2.exe -> [2009/04/24 19:33:54 | 00,665,196 | ---- | M] ()
MP Scheduled Scan.job -> %SystemRoot%\tasks\MP Scheduled Scan.job -> [2009/04/24 19:33:41 | 00,000,330 | -H-- | M] ()
qmgr1.dat -> %AllUsersProfile%\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [2009/04/24 19:31:50 | 00,008,898 | ---- | M] ()
qmgr0.dat -> %AllUsersProfile%\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [2009/04/24 19:31:50 | 00,008,898 | ---- | M] ()
Config.MPF -> %SystemRoot%\System32\Config.MPF -> [2009/04/24 19:31:09 | 00,025,887 | ---- | M] ()
wpa.dbl -> %SystemRoot%\System32\wpa.dbl -> [2009/04/24 19:31:01 | 00,013,646 | ---- | M] ()
Google Software Updater.job -> %SystemRoot%\tasks\Google Software Updater.job -> [2009/04/24 19:30:47 | 00,000,868 | ---- | M] ()
Perflib_Perfdata_af0.dat -> %SystemRoot%\Temp\Perflib_Perfdata_af0.dat -> [2009/04/24 19:30:39 | 00,016,384 | ---- | M] ()
Adobe Acrobat Speed Launcher.lnk -> %AllUsersProfile%\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk -> [2009/04/24 19:30:31 | 00,002,335 | ---- | M] ()
GoogleUpdateTaskMachine.job -> %SystemRoot%\tasks\GoogleUpdateTaskMachine.job -> [2009/04/24 19:30:28 | 00,000,882 | ---- | M] ()
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [2009/04/24 19:30:27 | 00,000,006 | -H-- | M] ()
bootstat.dat -> %SystemRoot%\bootstat.dat -> [2009/04/24 19:30:26 | 00,002,048 | --S- | M] ()
NTUSER.DAT -> %UserProfile%\NTUSER.DAT -> [2009/04/24 02:54:59 | 07,864,320 | -H-- | M] ()
ntuser.ini -> %UserProfile%\ntuser.ini -> [2009/04/24 02:54:46 | 00,000,178 | -HS- | M] ()
GoogleUpdateTaskUserS-1-5-21-796845957-1303643608-839522115-500.job -> %SystemRoot%\tasks\GoogleUpdateTaskUserS-1-5-21-796845957-1303643608-839522115-500.job -> [2009/04/24 00:00:13 | 00,000,958 | ---- | M] ()
Log1.docx -> %UserProfile%\Desktop\Log1.docx -> [2009/04/23 23:11:20 | 00,041,253 | ---- | M] ()
RSIT.exe -> %UserProfile%\Desktop\RSIT.exe -> [2009/04/23 22:26:50 | 00,781,909 | ---- | M] ()
GDIPFONTCACHEV1.DAT -> %UserProfile%\Local Settings\Application Data\GDIPFONTCACHEV1.DAT -> [2009/04/22 08:05:57 | 00,039,840 | ---- | M] ()
cc_20090422_080253.reg -> %UserProfile%\My Documents\cc_20090422_080253.reg -> [2009/04/22 08:02:58 | 00,011,232 | ---- | M] ()
FNTCACHE.DAT -> %SystemRoot%\System32\FNTCACHE.DAT -> [2009/04/22 07:57:36 | 00,226,432 | ---- | M] ()
Fonts not used.lnk -> %UserProfile%\Desktop\Fonts not used.lnk -> [2009/04/22 07:32:27 | 00,001,301 | ---- | M] ()
Perflib_Perfdata_120.dat -> %SystemRoot%\Temp\Perflib_Perfdata_120.dat -> [2009/04/20 19:12:55 | 00,016,384 | ---- | M] ()
NeroDigital.ini -> %SystemRoot%\NeroDigital.ini -> [2009/04/19 20:31:10 | 00,000,069 | ---- | M] ()
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %UserProfile%\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2009/04/19 09:02:36 | 00,175,104 | ---- | M] ()
dellstat.ini -> %SystemRoot%\dellstat.ini -> [2009/04/18 17:59:38 | 00,000,661 | ---- | M] ()
Dell Printer Supplies - Inkjet.lnk -> %AllUsersProfile%\Desktop\Dell Printer Supplies - Inkjet.lnk -> [2009/04/18 12:21:32 | 00,001,753 | ---- | M] ()
hosts -> %SystemRoot%\System32\drivers\etc\hosts -> [2009/04/17 14:16:31 | 00,305,173 | ---- | M] ()
cc_20090417_133511.reg -> %UserProfile%\My Documents\cc_20090417_133511.reg -> [2009/04/17 13:35:39 | 00,008,090 | ---- | M] ()
hosts.20090417-141631.backup -> %SystemRoot%\System32\drivers\etc\hosts.20090417-141631.backup -> [2009/04/17 08:08:11 | 00,305,173 | R--- | M] ()
hosts.20090417-080810.backup -> %SystemRoot%\System32\drivers\etc\hosts.20090417-080810.backup -> [2009/04/17 07:30:42 | 00,305,173 | R--- | M] ()
Ad-Aware Update (Weekly).job -> %SystemRoot%\tasks\Ad-Aware Update (Weekly).job -> [2009/04/16 07:24:45 | 00,000,472 | ---- | M] ()
cc_20090416_071928.reg -> %UserProfile%\My Documents\cc_20090416_071928.reg -> [2009/04/16 07:19:46 | 00,160,038 | ---- | M] ()
PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI -> [2009/04/15 20:26:40 | 00,360,124 | ---- | M] ()
perfh009.dat -> %SystemRoot%\System32\perfh009.dat -> [2009/04/15 20:26:40 | 00,314,508 | ---- | M] ()
perfc009.dat -> %SystemRoot%\System32\perfc009.dat -> [2009/04/15 20:26:40 | 00,040,836 | ---- | M] ()
default.pls -> %UserProfile%\default.pls -> [2009/04/08 19:03:38 | 00,000,120 | ---- | M] ()
MRT.exe -> %SystemRoot%\System32\MRT.exe -> [2009/04/06 15:57:24 | 24,921,544 | ---- | M] (Microsoft Corporation)
mbamswissarmy.sys -> %SystemRoot%\System32\drivers\mbamswissarmy.sys -> [2009/04/06 15:32:54 | 00,038,496 | ---- | M] (Malwarebytes Corporation)
mbam.sys -> %SystemRoot%\System32\drivers\mbam.sys -> [2009/04/06 15:32:46 | 00,015,504 | ---- | M] (Malwarebytes Corporation)
ANIWZCSUSERNAME -> %SystemRoot%\System32\ANIWZCSUSERNAME -> [2009/04/02 18:05:27 | 00,000,007 | ---- | M] ()
AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job -> [2009/03/31 22:19:00 | 00,000,284 | ---- | M] ()
yoghurt1.jpg -> %UserProfile%\Desktop\yoghurt1.jpg -> [2009/03/31 15:57:47 | 00,089,046 | ---- | M] ()
sysmain.sdb -> %SystemRoot%\System32\dllcache\sysmain.sdb -> [2009/03/27 07:58:38 | 01,203,922 | ---- | M] ()
Somabeing - Reflexology letter1.pdf -> %UserProfile%\My Documents\Somabeing - Reflexology letter1.pdf -> [2009/03/26 20:33:27 | 00,072,088 | ---- | M] ()
SSUPDATE.EXE -> %UserProfile%\Local Settings\Temp\SSUPDATE.EXE -> [2009/03/23 14:07:22 | 00,158,960 | ---- | M] (SUPERAntiSpyware.com)
opa12.dat -> %AllUsersProfile%\Application Data\Microsoft\OFFICE\DATA\opa12.dat -> [2008/12/03 21:09:26 | 00,008,386 | ---- | M] ()
IadHide4.dll -> %UserProfile%\Local Settings\Temp\IadHide4.dll -> [2008/08/15 20:30:49 | 00,024,576 | ---- | M] (BackWeb)
[CatchMe Rootkit Scan by GMER]
< Windows folder & sub-folders >
scanning hidden processes ...
IPC error: 2 The system cannot find the file specified.
scanning hidden services & system hive ...
scanning hidden registry entries ...
scanning hidden files ...
C:\WINDOWS\Cursors\arrow_n.cur:NEDTA.DAT 6144 bytes
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 7
< Document and Settings folder & sub folders >
scanning hidden files ...
IPC error: 2 The system cannot find the file specified.
C:\Documents and Settings\Administrator\Favorites\Dr Tweak.url:favicon 766 bytes
C:\Documents and Settings\Administrator\Favorites\Ipswich Town  Team  Profiles  Alex Bruce.url:favicon 1490 bytes
C:\Documents and Settings\Administrator\Favorites\MalWare Removal • Index page.url:favicon 1150 bytes
C:\Documents and Settings\Administrator\Favorites\READ & RUN ME FIRST. Malware Removal Guide - MajorGeeks Support Forums.url:favicon 10134 bytes
C:\Documents and Settings\All Users\Application Data\TEMP:1CA73D29 127 bytes
scan completed successfully
hidden files: 234
 
 
[Alternate Data Streams]
@Alternate Data Stream - 127 bytes -> %AllUsersProfile%\Application Data\TEMP:1CA73D29
< End of report >
rematch
Active Member
 
Posts: 13
Joined: April 18th, 2009, 5:34 am

Re: Seeking assistance from Malware experts

Unread postby peku006 » April 25th, 2009, 5:19 am

Hi rematch

I do not see anything that does not look OK, what kind of problems you have at the moment ?

please post a fresh HiJackThis log
Thanks peku006
User avatar
peku006
MRU Emeritus
MRU Emeritus
 
Posts: 3357
Joined: May 14th, 2007, 2:18 pm
Location: Norway

Re: Seeking assistance from Malware experts

Unread postby rematch » April 25th, 2009, 5:56 am

Hi again peku006

New logfile below. The problems I am still having are as follows:

- McAfee still not updating. Detection signature file between 8 and 29 days old. Each time I start windows it tries to download the latest update but does not work.
- cannot navigate to McAfee site.
- The main problem is that IE takes me to pages I haven't requested. For example when I click on one of the search results in google, I get taken to a commercial site rather than the one I have selected.
- Firefox crashes every time - I cannot use it to browse the web
- Skype crashes
- I also randomly get this Windows error every now and then (in a pop-up window - have a screen shot - let me know if you want me to attach it?

"Generic Host Process for Win32 Services
Generic Host Process for Win32 Services has encountered a problem and needs to close. We are sorry for the inconvenience."

It is really strange - but I definitely feel as though I have Malware or a Virus of some sort, don't you think?

Regards Rematch


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:49:37, on 25/04/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\D-Link\AirPlus G DWL-G510\AirGCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Dell Photo AIO Printer 962\dlbxmon.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\ThreatFire\TFTray.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\BUFFALO\HDBackup\HDBackup.exe
C:\Program Files\BUFFALO\HDManage\HDManage.exe
C:\Program Files\Qlock\qlock.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ThreatFire\TFService.exe
C:\WINDOWS\system32\dlbxcoms.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [D-Link AirPlus G DWL-G510] C:\Program Files\D-Link\AirPlus G DWL-G510\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [dlbxmon.exe] "C:\Program Files\Dell Photo AIO Printer 962\dlbxmon.exe"
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [ThreatFire] C:\Program Files\ThreatFire\TFTray.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: BUFFALO Disk Backup Utility.lnk = C:\Program Files\BUFFALO\HDBackup\HDBackup.exe
O4 - Startup: BUFFALO Power Save Utility for HD.lnk = C:\Program Files\BUFFALO\HDManage\HDManage.exe
O4 - Startup: qlock.lnk = C:\Program Files\Qlock\qlock.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://download.windowsupdate.com
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... oader5.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Wireless Service - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: dlbx_device - Dell - C:\WINDOWS\system32\dlbxcoms.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate1c98bcede92469a) (gupdate1c98bcede92469a) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: ThreatFire - PC Tools - C:\Program Files\ThreatFire\TFService.exe

--
End of file - 15927 bytes
rematch
Active Member
 
Posts: 13
Joined: April 18th, 2009, 5:34 am

Re: Seeking assistance from Malware experts

Unread postby rematch » April 25th, 2009, 6:01 am

Peku006, another strange thing happens when I am browsing (it just happened then). Hard to describe - but my Windows taskbar changes colour from blue to gray, as well as the frame of the browser Window, and the fonts and minimise/maximise icons become much larger . Then it reverts back to normal. ???

Thanks again - hope you can help me solve the mystery!
rematch
Active Member
 
Posts: 13
Joined: April 18th, 2009, 5:34 am

Re: Seeking assistance from Malware experts

Unread postby peku006 » April 25th, 2009, 7:47 am

Hi rematch
McAfee still not updating. Detection signature file between 8 and 29 days old. Each time I start windows it tries to download the latest update but does not work.

I am not quite sure that your problem is malware , seems that you are having problems with McAfee and DCOM
those shown in in event log
Computer Name: USER-2980D953BB
Event Code: 10010
Message: The server {C7E39D60-7A9F-42BF-ABB1-03DC0FA4F493} did not register
with DCOM within the required timeout.

here the same problem
Computer Name: USER-2980D953BB
Event Code: 10010
Message: The server {6A972E27-93E2-4F98-8367-4101B2073814} did not register

Here

let me know if you want me to attach it?

yes do it

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    Code: Select all
    :reg
    HKLM\software\microsoft\windows nt\currentversion\drivers32
     

  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found at on your Desktop entitled SystemLook.txt

Thanks peku006
User avatar
peku006
MRU Emeritus
MRU Emeritus
 
Posts: 3357
Joined: May 14th, 2007, 2:18 pm
Location: Norway

Re: Seeking assistance from Malware experts

Unread postby rematch » April 25th, 2009, 8:29 am

Hi Peku006

Ok here is the log
Thanks once again for your help here...


SystemLook v1.0 by jpshortstuff (24.04.09)
Log created at 13:25 on 25/04/2009 by Administrator (Administrator - Elevation successful)

========== reg ==========

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"="wdmaud.drv"
"aux1"="wdmaud.drv"
"aux2"="wdmaud.drv"
"aux3"="C:\WINDOWS\system32\..\ffkattn.jee"
"midi"="wdmaud.drv"
"midi1"="wdmaud.drv"
"midi2"="wdmaud.drv"
"midimapper"="midimap.dll"
"mixer"="wdmaud.drv"
"mixer1"="wdmaud.drv"
"mixer2"="wdmaud.drv"
"msacm.iac2"="C:\WINDOWS\system32\iac25_32.ax"
"msacm.imaadpcm"="imaadp32.acm"
"msacm.l3acm"="C:\WINDOWS\system32\l3codeca.acm"
"msacm.msadpcm"="msadp32.acm"
"msacm.msaudio1"="msaud32.acm"
"msacm.msg711"="msg711.acm"
"msacm.msg723"="msg723.acm"
"msacm.msgsm610"="msgsm32.acm"
"msacm.siren"="sirenacm.dll"
"msacm.sl_anet"="sl_anet.acm"
"msacm.trspch"="tssoft32.acm"
"MSVideo"="vfwwdm32.dll"
"MSVideo8"="VfWWDM32.dll"
"vidc.cvid"="iccvid.dll"
"VIDC.I420"="lvcodec2.dll"
"vidc.iv31"="ir32_32.dll"
"vidc.iv32"="ir32_32.dll"
"vidc.iv41"="ir41_32.ax"
"vidc.iv50"="ir50_32.dll"
"VIDC.IYUV"="iyuv_32.dll"
"vidc.M261"="msh261.drv"
"vidc.M263"="msh263.drv"
"vidc.mrle"="msrle32.dll"
"vidc.msvc"="msvidc32.dll"
"VIDC.UYVY"="msyuv.dll"
"VIDC.YUY2"="msyuv.dll"
"VIDC.YVU9"="tsbyuv.dll"
"VIDC.YVYU"="msyuv.dll"
"wave"="wdmaud.drv"
"wave1"="wdmaud.drv"
"wave2"="wdmaud.drv"
"wavemapper"="msacm32.drv"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32\Terminal Server]


-=End Of File=-
You do not have the required permissions to view the files attached to this post.
rematch
Active Member
 
Posts: 13
Joined: April 18th, 2009, 5:34 am

Re: Seeking assistance from Malware experts

Unread postby peku006 » April 25th, 2009, 9:27 am

Hi rematch

the "Generic Host Process for Win32 Services error" seems to be windows problem.

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    Code: Select all
    :file
    ffkattn.jee
     

  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found at on your Desktop entitled SystemLook.txt

Thanks peku006
Last edited by peku006 on April 25th, 2009, 11:51 am, edited 1 time in total.
User avatar
peku006
MRU Emeritus
MRU Emeritus
 
Posts: 3357
Joined: May 14th, 2007, 2:18 pm
Location: Norway

Re: Seeking assistance from Malware experts

Unread postby rematch » April 25th, 2009, 11:17 am

Ok here you go:

SystemLook v1.0 by jpshortstuff (24.04.09)
Log created at 16:16 on 25/04/2009 by Administrator (Administrator - Elevation successful)

========== file ==========

ffkattn.jee - Unable to find/read file.

HKLM\software\microsoft\windows nt\currentversion\drivers32 - Unable to find/read file.

-=End Of File=-
rematch
Active Member
 
Posts: 13
Joined: April 18th, 2009, 5:34 am

Re: Seeking assistance from Malware experts

Unread postby peku006 » April 25th, 2009, 11:52 am

Hi rematch

1 - Download and Run ComboFix

Download ComboFix from one of these locations:

Link 1
Link 2
Link 3

Here you can find a tutorial about Combofix: HOW TO USE COMBOFIX

IMPORTANT: combofix.exe MUST be on your Desktop for us to proceed.

Please continue as follows:
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
  • Double click on ComboFix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

NOTE: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Image

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    Image
  • Click on Yes, to continue scanning for malware.
  • Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

Combofix should never take more that 20 minutes including the reboot if malware is detected.

2 - Status Check
Please reply with


1. the ComboFix log(C:\ComboFix.txt)

Thanks peku006
User avatar
peku006
MRU Emeritus
MRU Emeritus
 
Posts: 3357
Joined: May 14th, 2007, 2:18 pm
Location: Norway

Re: Seeking assistance from Malware experts

Unread postby rematch » April 25th, 2009, 7:19 pm

Hey there Peku006

Ok, have run ComboFix, as requested. Log as per below:

ComboFix 09-04-25.A3 - Administrator 26/04/2009 0:06.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3319.2634 [GMT 1:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated)
FW: McAfee Personal Firewall *disabled*
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\ADMINI~1\LOCALS~1\Temp\IadHide4.dll
c:\documents and settings\Administrator\Local Settings\Temp\IadHide4.dll

.
((((((((((((((((((((((((( Files Created from 2009-05-25 to 2009-4-25 )))))))))))))))))))))))))))))))
.

2009-04-23 21:26 . 2009-04-23 21:27 -------- d-----w C:\rsit
2009-04-17 05:53 . 2009-04-17 12:12 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-04-17 05:47 . 2009-04-17 05:47 -------- d-----w c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-04-17 05:46 . 2009-04-06 14:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-17 05:46 . 2009-04-06 14:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-17 05:46 . 2009-04-17 05:46 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-17 05:46 . 2009-04-17 05:47 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-16 06:55 . 2009-03-09 19:06 15688 ----a-w c:\windows\system32\lsdelete.exe
2009-04-16 06:34 . 2009-04-16 06:34 -------- d-----w c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-04-16 06:34 . 2009-04-17 13:16 -------- d-----w c:\program files\SUPERAntiSpyware
2009-04-16 06:34 . 2009-04-16 06:34 -------- d-----w c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2009-04-16 06:34 . 2009-04-16 06:34 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-04-16 06:32 . 2009-04-25 23:11 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-04-16 06:32 . 2009-03-03 11:19 39184 ----a-w c:\windows\system32\drivers\TfSysMon.sys
2009-04-16 06:32 . 2009-03-03 11:19 33040 ----a-w c:\windows\system32\drivers\TfNetMon.sys
2009-04-16 06:32 . 2009-03-03 11:19 51472 ----a-w c:\windows\system32\drivers\TfFsMon.sys
2009-04-16 06:32 . 2009-03-03 11:19 12560 ----a-w c:\windows\system32\drivers\TfKbMon.sys
2009-04-16 06:32 . 2009-04-16 06:33 -------- d-----w c:\program files\ThreatFire
2009-04-16 06:32 . 2009-04-16 06:32 -------- d-----w c:\documents and settings\All Users\Application Data\PC Tools
2009-04-16 06:24 . 2009-03-09 19:06 64160 ----a-w c:\windows\system32\drivers\Lbd.sys
2009-04-16 06:23 . 2009-04-16 06:23 -------- dc-h--w c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-04-16 06:23 . 2009-04-16 06:24 -------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2009-04-16 06:23 . 2009-04-16 06:23 -------- d-----w c:\program files\Lavasoft
2009-04-16 06:13 . 2009-04-16 06:13 -------- d-----w c:\program files\CCleaner
2009-04-16 06:00 . 2009-04-18 08:38 -------- d-----w c:\program files\Panda Security
2009-04-15 19:16 . 2009-03-06 14:22 284160 -c----w c:\windows\system32\dllcache\pdh.dll
2009-04-15 19:16 . 2009-02-09 12:10 401408 -c----w c:\windows\system32\dllcache\rpcss.dll
2009-04-15 19:16 . 2009-02-06 11:11 110592 -c----w c:\windows\system32\dllcache\services.exe
2009-04-15 19:16 . 2009-02-09 12:10 473600 -c----w c:\windows\system32\dllcache\fastprox.dll
2009-04-15 19:16 . 2009-02-06 10:10 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-15 19:16 . 2009-02-09 12:10 729088 -c----w c:\windows\system32\dllcache\lsasrv.dll
2009-04-15 19:16 . 2009-02-09 12:10 617472 -c----w c:\windows\system32\dllcache\advapi32.dll
2009-04-15 19:16 . 2009-02-09 12:10 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-15 19:16 . 2009-02-09 12:10 714752 -c----w c:\windows\system32\dllcache\ntdll.dll
2009-04-15 19:11 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll
2009-04-15 19:11 . 2009-03-27 06:58 1203922 -c----w c:\windows\system32\dllcache\sysmain.sdb
2009-04-15 19:11 . 2008-04-21 12:08 215552 -c----w c:\windows\system32\dllcache\wordpad.exe
2009-03-30 11:13 . 2009-03-30 11:13 -------- d-----w c:\documents and settings\Administrator\Local Settings\Application Data\Help

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-25 23:11 . 2008-08-16 20:00 86234 ----a-w C:\dlbxscan.log
2009-04-25 23:11 . 2009-04-16 07:00 6315 ----a-w C:\aaw7boot.log
2009-04-25 22:59 . 2008-08-28 08:08 -------- d-----w c:\documents and settings\Administrator\Application Data\Skype
2009-04-25 22:41 . 2008-08-28 08:11 -------- d-----w c:\documents and settings\Administrator\Application Data\skypePM
2009-04-25 09:48 . 2008-09-29 06:59 -------- d-----w c:\documents and settings\LocalService\Application Data\SACore
2009-04-25 09:46 . 2009-02-10 22:27 -------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2009-04-24 20:44 . 2008-08-15 20:09 -------- d-----w c:\documents and settings\Administrator\Application Data\uTorrent
2009-04-22 19:14 . 2009-03-22 09:32 -------- d-----w c:\documents and settings\Administrator\Application Data\Spotify
2009-04-22 07:05 . 2008-08-15 19:40 39840 ----a-w c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-22 07:00 . 2009-04-17 05:53 -------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-04-18 11:39 . 2009-04-18 11:39 -------- d-----w c:\documents and settings\LocalService\Application Data\AdobeUM
2009-04-17 07:05 . 2009-04-17 07:05 -------- d-----w c:\program files\Windows Defender
2009-04-17 07:01 . 2009-04-17 07:01 -------- d-----w c:\program files\Trend Micro
2009-04-15 19:12 . 2008-08-15 20:21 -------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-04-09 23:56 . 2008-10-03 15:19 440 ----a-w C:\dlbx.log
2009-04-06 21:42 . 2008-08-15 19:40 -------- d-----w c:\program files\Google
2009-04-03 09:19 . 2008-08-27 17:09 -------- d-----w c:\program files\Java
2009-03-25 06:47 . 2008-08-15 19:49 -------- d-----w c:\program files\McAfee
2009-03-22 09:32 . 2009-03-22 09:32 -------- d-----w c:\program files\Spotify
2009-03-19 19:18 . 2009-03-18 21:01 -------- d-----w c:\program files\Microsoft Silverlight
2009-03-18 21:01 . 2008-10-24 21:57 -------- d-----w c:\program files\Windows Live
2009-03-18 21:01 . 2009-03-18 21:01 -------- d-----w c:\program files\Microsoft SQL Server Compact Edition
2009-03-18 20:59 . 2009-03-18 20:59 -------- d-----w c:\program files\Microsoft
2009-03-18 20:59 . 2009-03-18 20:59 -------- d-----w c:\program files\Windows Live SkyDrive
2009-03-18 20:54 . 2009-03-18 20:54 -------- d-----w c:\program files\Common Files\Windows Live
2009-03-18 20:13 . 2009-03-18 20:13 -------- d-----w c:\program files\iTunes
2009-03-18 20:13 . 2009-03-18 20:13 -------- d-----w c:\documents and settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
2009-03-18 20:13 . 2009-03-18 20:13 -------- d-----w c:\program files\iPod
2009-03-18 20:13 . 2008-08-15 21:26 -------- d-----w c:\program files\Common Files\Apple
2009-03-18 20:12 . 2009-03-18 20:12 -------- d-----w c:\program files\Bonjour
2009-03-09 04:19 . 2008-11-22 09:08 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-08 09:35 . 2008-08-15 19:44 -------- d-----w c:\documents and settings\All Users\Application Data\McAfee
2009-03-06 14:22 . 2004-08-04 12:00 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-03 00:18 . 2004-08-04 12:00 826368 ----a-w c:\windows\system32\wininet.dll
2009-03-02 09:59 . 2009-03-02 09:59 -------- d-----w c:\program files\Common Files\Skype
2009-03-02 09:59 . 2008-08-28 08:08 -------- d-----r c:\program files\Skype
2009-03-02 09:59 . 2008-08-28 08:08 -------- d-----w c:\documents and settings\All Users\Application Data\Skype
2009-02-27 06:36 . 2009-02-27 06:36 -------- d-----w c:\program files\Windows Media Connect 2
2009-02-20 18:09 . 2004-08-04 12:00 78336 ----a-w c:\windows\system32\ieencode.dll
2009-02-09 12:10 . 2004-08-04 12:00 729088 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 12:10 . 2004-08-04 12:00 714752 ----a-w c:\windows\system32\ntdll.dll
2009-02-09 12:10 . 2004-08-04 12:00 617472 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 12:10 . 2004-08-04 12:00 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 11:13 . 2004-08-04 12:00 1846784 ----a-w c:\windows\system32\win32k.sys
2009-02-06 19:03 . 2009-02-06 19:03 307576 ----a-w c:\windows\WLXPGSS.SCR
2009-02-06 18:52 . 2009-02-06 18:52 49504 ----a-w c:\windows\system32\sirenacm.dll
2009-02-06 11:11 . 2004-08-04 12:00 110592 ----a-w c:\windows\system32\services.exe
2009-02-06 11:06 . 2004-08-04 12:00 2145280 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-06 10:39 . 2004-08-04 12:00 35328 ----a-w c:\windows\system32\sc.exe
2009-02-06 10:32 . 2004-08-03 22:59 2023936 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-03 19:59 . 2004-08-04 12:00 56832 ----a-w c:\windows\system32\secur32.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-09-19 455968]
"Google Update"="c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-04 133104]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-01-29 23975720]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-03-23 1830128]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [2008-08-15 20480]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-08-15 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"D-Link AirPlus G DWL-G510"="c:\program files\D-Link\AirPlus G DWL-G510\AirGCFG.exe" [2007-10-24 1552384]
"ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2007-01-19 49152]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-07-19 221184]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-08-15 29744]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-01-08 645328]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2008-04-23 483328]
"dlbxmon.exe"="c:\program files\Dell Photo AIO Printer 962\dlbxmon.exe" [2004-08-27 417792]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2005-06-08 458752]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2005-06-08 217088]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-03 36352]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-03-12 342312]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-03-09 515416]
"ThreatFire"="c:\program files\ThreatFire\TFTray.exe" [2009-03-03 263440]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-11-22 16858112]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Administrator\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
BUFFALO Disk Backup Utility.lnk - c:\program files\BUFFALO\HDBackup\HDBackup.exe [2004-7-28 204800]
BUFFALO Power Save Utility for HD.lnk - c:\program files\BUFFALO\HDManage\HDManage.exe [2004-7-29 69632]
qlock.lnk - c:\program files\Qlock\qlock.exe [2008-10-16 4142080]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2008-8-15 25214]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2008-8-15 450560]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 11:05 356352 ----a-w c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dlbxcoms.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Spotify\\spotify.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R2 gupdate1c98bcede92469a;Google Update Service (gupdate1c98bcede92469a);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-10 133104]
R3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2008-08-15 29744]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-03-09 64160]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2009-03-03 51472]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2009-03-03 39184]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2009-03-23 9968]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2009-03-23 72944]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-03-09 951632]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2009-02-11 210216]
S2 ThreatFire;ThreatFire; [x]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-03-23 7408]
S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2009-03-03 33040]


--- Other Services/Drivers In Memory ---

*Deregistered* - mchInjDrv

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6bb8d508-b88e-11dd-9a30-00196672c6e9}]
\Shell\AutoRun\command - E:\Enterprise_Launcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder

2009-04-16 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 19:06]

2009-03-31 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2009-04-25 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-08-15 10:01]

2009-04-25 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-10 22:28]

2009-04-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-796845957-1303643608-839522115-500.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-04 21:53]

2008-08-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-08-15 10:53]

2009-03-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-08-15 10:53]

2009-04-25 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-CTFMON - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = localhost;*.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: microsoft.com\*.update
Trusted Zone: windowsupdate.com\download
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\waw3xime.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/ig?hl=en&gl=uk
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - plugin: c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-26 00:12
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(748)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\program files\ThreatFire\TFWAH.dll
c:\program files\ThreatFire\TFNI.dll

- - - - - - - > 'lsass.exe'(804)
c:\program files\ThreatFire\TFWAH.dll

- - - - - - - > 'explorer.exe'(1960)
c:\program files\ThreatFire\TFWAH.dll
c:\program files\McAfee\SiteAdvisor\saHook.dll
c:\program files\ThreatFire\TFNI.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Logitech\Video\FxSvr2.exe
c:\program files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\COMMON~1\McAfee\MNA\McNASvc.exe
c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe
c:\program files\McAfee\MPF\MpfSrv.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\program files\ThreatFire\TFService.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\dlbxcoms.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Completion time: 2009-04-25 0:17 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-25 23:17

Pre-Run: 33,474,293,760 bytes free
Post-Run: 33,493,442,560 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

319 --- E O F --- 2009-04-23 21:24
rematch
Active Member
 
Posts: 13
Joined: April 18th, 2009, 5:34 am

Re: Seeking assistance from Malware experts

Unread postby rematch » April 26th, 2009, 3:31 am

Good morning Peku006. Happy Sunday to you.

Ok some (possible) good news. You'll be pleased to note the absence of major symptoms this morning. I.e.:
- browsing much faster
- have googled several pages in IE and haven't been re-directed
- Firefox doesn't crash
- McAfee has finally updated. Also able to browse to the McAfee site once again.

Few questions:
- do we think ComboFix did the trick? Does the logfile shed any light on what the problem was, and whether it has been sorted?
- I know during the ComboFix proceedure it was supposed to add a System Restore point. Sys R is back on again (I think it was turned off before we started this process) and set at 12% - is this how it should be?

Look forward to your thoughts. And thank you once again for your ongoing help

Dan
rematch
Active Member
 
Posts: 13
Joined: April 18th, 2009, 5:34 am
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 25 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware