Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Hijack This log

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Hijack This log

Unread postby rchill243 » January 16th, 2009, 7:38 pm

I have some malware that I can't get off my computer. When I am doing google searches it redirects me to some other sites I do not want to go to.
Enclosed is my Hijack This log and the uninstal_list.txt

Log-

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:33:34 PM, on 1/16/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Bradford Networks\Persistent Agent\bndaemon.exe
C:\WINDOWS\system32\nvraidservice.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
C:\Program Files\Brownie\BrstsWnd.exe
C:\Program Files\Bradford Networks\Persistent Agent\bncsaui.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Steam\Steam.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Sophos\AutoUpdate\ALMon.exe
C:\Program Files\TK8\TK8 EasyNote 1.1\EasyNote.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
c:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
c:\Program Files\Sophos\AutoUpdate\ALsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Brownie\brpjp04a.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: (no name) - {0A94B116-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL
O2 - BHO: (no name) - {0A94B111-4504-4e26-AB05-E61E474AA38B} - (no file)
O2 - BHO: Sophos Web Content Scanner - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - c:\Program Files\Sophos\Sophos Anti-Virus\SophosBHO.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: (no name) - {E671497F-4C87-4A68-ADE9-901F3F028EB6} - C:\WINDOWS\system32\efcYRifE.dll (file missing)
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Ask Toolbar - {F4D76F09-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DNS7reminder] "C:\Program Files\Nuance\NaturallySpeaking9\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\Nuance\NaturallySpeaking9\Ereg.ini
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe
O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
O4 - HKLM\..\Run: [BrStsWnd] C:\Program Files\Brownie\BrstsWnd.exe Autorun
O4 - HKLM\..\Run: [bncsaui.exe] %ProgramFiles%\Bradford Networks\Persistent Agent\bncsaui.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
O4 - HKCU\..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe"
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [msiexec.exe] msiconf.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: AutoUpdate Monitor.lnk = C:\Program Files\Sophos\AutoUpdate\ALMon.exe
O4 - Global Startup: TK8 EasyNote 1.1.lnk = C:\Program Files\TK8\TK8 EasyNote 1.1\EasyNote.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 9114275875
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O20 - AppInit_DLLs: c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bradford Persistent Agent Service (BNPagent) - Bradford Networks - C:\Program Files\Bradford Networks\Persistent Agent\bndaemon.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sophos Anti-Virus status reporter (SAVAdminService) - Sophos Plc - c:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
O23 - Service: Sophos Anti-Virus (SAVService) - Sophos Plc - c:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
O23 - Service: Sophos AutoUpdate Service - Sophos Plc - c:\Program Files\Sophos\AutoUpdate\ALsvc.exe
O23 - Service: WMP54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe

--
End of file - 10148 bytes



Uninstall list-

2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Flash Player 10 Plugin
Adobe Flash Player 9 ActiveX
Adobe Flash Player ActiveX
Adobe Photoshop Elements 3.0
Adobe Reader 8.1.2
Adobe Shockwave Player
Adobe® Photoshop® Album Starter Edition 3.0
Apple Mobile Device Support
Apple Software Update
Ask Toolbar
BioShock
Bradford Persistent Agent
Brother HL-2140
Canon i80
Chinese Traditional Fonts Support For Adobe Reader 8
Cucusoft DVD to Zune Converter 7.06
Dragon NaturallySpeaking 9
GameSpy Arcade
Half-Life 2 Riot Act 1.0
Half-Life 2: Deathmatch
Half-Life 2: Episode One
Half-Life Deathmatch: Source
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB932716-v2)
Hotfix for Windows XP (KB952287)
i80 Setup Utility
iTunes
Java(TM) 6 Update 10
Java(TM) 6 Update 7
Java(TM) SE Runtime Environment 6 Update 1
Linksys Wireless-G PCI Adapter
Macromedia Dreamweaver 8
Macromedia Extension Manager
Malwarebytes' Anti-Malware
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Communicator 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Plus 2007
Microsoft Office Professional Plus 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Rise Of Nations
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.7
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
Microsoft WinUsb 1.0
Mozilla Firefox (3.0.5)
MSN
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 6.0 Parser (KB933579)
MSXML4 Parser
MyITLab ActiveX Installer 2.8.5.65535
NVIDIA Drivers
NVIDIA ForceWare Network Access Manager
OpenOffice.org Installer 1.0
Plan of Attack
Power Tab Editor 1.7
QuickTime
Realtek AC'97 Audio
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB958439)
Security Update for Microsoft Office Excel 2007 (KB958437)
Security Update for Microsoft Office PowerPoint 2007 (KB951338)
Security Update for Microsoft Office Publisher 2007 (KB950114)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB956828)
Security Update for Microsoft Office Word 2007 (KB956358)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Media Encoder (KB954156)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Sophos Anti-Virus
Sophos AutoUpdate
Source SDK Base
Steam
TeamSpeak 2 RC2
Texas Hold'em Poker
TK8 EasyNote 1.1
TomTom HOME
Trillian
Update for Microsoft Office Outlook 2007 (KB952142)
Update for Office 2007 (KB946691)
Update for Outlook 2007 Junk Email Filter (kb959141)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Ventrilo Client
Windows Defender
Windows Media Encoder 9 Series
Windows Media Encoder 9 Series
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows XP Service Pack 3
WinRAR archiver
World of Warcraft
Zune
Zune
Zune Language Pack (ES)
Zune Language Pack (FR)
rchill243
Active Member
 
Posts: 10
Joined: January 16th, 2009, 7:29 pm
Advertisement
Register to Remove

Re: Hijack This log

Unread postby muppy03 » January 20th, 2009, 4:53 am

Hello and welcome to the Malware Removal Forums

I will be assisting you with your Malware issues.

IMPORTANT

  • Whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.
  • Continue to respond to this thread until I give you the All Clean!
  • If you have any questions or are unsure in anyway, please let me know. I will try my best to help you!
  • Please reply to this thread. Do not start a new topic.
  • As I am still in training, everything that I post to you, must be checked by one of the teachers. Therefore, there may be a slight delay between posts.

Please be patient while I go through your log :flower:
User avatar
muppy03
MRU Emeritus
MRU Emeritus
 
Posts: 4798
Joined: December 4th, 2007, 5:30 am
Location: Australia

Re: Hijack This log

Unread postby muppy03 » January 20th, 2009, 7:23 pm

Hi Rchill243, :flower:

A quick question before we start. Is this a Business computer or one for personal home use?
User avatar
muppy03
MRU Emeritus
MRU Emeritus
 
Posts: 4798
Joined: December 4th, 2007, 5:30 am
Location: Australia

Re: Hijack This log

Unread postby rchill243 » January 21st, 2009, 1:23 am

Personal, but I use an anti-virus program from my Dad's office.
rchill243
Active Member
 
Posts: 10
Joined: January 16th, 2009, 7:29 pm

Re: Hijack This log

Unread postby muppy03 » January 21st, 2009, 4:27 am

Hi rchill243 :flower:

I see by your Uninstall List that you have Malwarebytes' Anti-Malware installed on your computer.

Please do a Malwarebytes' Anti-Malware scan using these settings:
    • Open Malwarebytes' Anti-Malware
    • Select the Update tab
    • Click Check for Updates
    • After the update have been completed, Select the Scanner tab.
    • Make sure the "Perform full scan" option is selected.
    • Then click on the Scan button.
    • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button
    • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
    • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
    • Click OK to close the message box and continue with the removal process.

Back at the main Scanner screen:

    • Click on the Show Results button to see a list of any malware that was found.
    • Make sure that everything is checked, and click Remove Selected.
    • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
    • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
    • The log can also be found here:

    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

    Copy and paste the contents of that report in your next reply and exit MBAM.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Next Download DDS

Download to your desktop DDS from one of the links below:

Link1
Link2
Link3
  • Double click the tool to run it.
  • A black Screen will open, just read the contents and do nothing.
  • When the tool finishes it will open 2 reports.
  • Copy/paste both reports back here and remove DDS from your desktop.



Please reply with:-
  • MBAM log
  • DDS reports x 2
User avatar
muppy03
MRU Emeritus
MRU Emeritus
 
Posts: 4798
Joined: December 4th, 2007, 5:30 am
Location: Australia

Re: Hijack This log

Unread postby rchill243 » January 21st, 2009, 2:10 pm

Thanks for your time!

Malwarebytes' Anti-Malware 1.33
Database version: 1673
Windows 5.1.2600 Service Pack 3

1/21/2009 12:51:00 PM
mbam-log-2009-01-21 (12-51-00).txt

Scan type: Full Scan (A:\|C:\|D:\|E:\|F:\|G:\|H:\|)
Objects scanned: 234717
Time elapsed: 2 hour(s), 23 minute(s), 53 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)








UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-01-07.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 3/25/2007 4:36:50 PM
System Uptime: 1/21/2009 10:13:43 AM (2 hours ago)

Motherboard: Gigabyte Technology Co., Ltd. | | NF-CK804
Processor: AMD Athlon(tm) 64 Processor 3500+ | Socket 754 | 2211/201mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 233 GiB total, 150.686 GiB free.
D: is CDROM ()
E: is Removable
F: is Removable
G: is Removable
H: is Removable

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Linksys Wireless-G PCI Adapter
Device ID: PCI\VEN_1814&DEV_0201&SUBSYS_00321737&REV_01\4&13699180&0&3848
Manufacturer: Linksys, A Division of Cisco Systems, Inc.
Name: Linksys Wireless-G PCI Adapter
PNP Device ID: PCI\VEN_1814&DEV_0201&SUBSYS_00321737&REV_01\4&13699180&0&3848
Service: RT2500

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\763BF9FEA56
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\763BF9FEA56
Service: NIC1394

==== System Restore Points ===================

RP529: 1/3/2009 6:41:01 PM - Software Distribution Service 3.0
RP530: 1/3/2009 6:41:01 PM - System Checkpoint
RP531: 1/3/2009 6:41:02 PM - Software Distribution Service 3.0
RP532: 1/3/2009 6:41:03 PM - Software Distribution Service 3.0
RP533: 1/3/2009 6:41:03 PM - System Checkpoint
RP534: 1/3/2009 6:41:04 PM - System Checkpoint
RP535: 1/3/2009 6:41:04 PM - System Checkpoint





DDS (Ver_09-01-07.01) - NTFSx86
Run by Owner at 12:53:52.56 on Wed 01/21/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_10
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.547 [GMT -5:00]

AV: Sophos Anti-Virus *On-access scanning enabled* (Updated)
FW: NVIDIA Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bradford Networks\Persistent Agent\bndaemon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\WINDOWS\system32\nvraidservice.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
C:\Program Files\Brownie\BrstsWnd.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\Program Files\Bradford Networks\Persistent Agent\bncsaui.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Steam\Steam.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\Program Files\Sophos\AutoUpdate\ALMon.exe
C:\Program Files\TK8\TK8 EasyNote 1.1\EasyNote.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
c:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
c:\Program Files\Sophos\AutoUpdate\ALsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\Brownie\brpjp04a.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\Desktop\dds.com

============== Pseudo HJT Report ===============

uURLSearchHooks: N/A: {0a94b116-4504-4e26-ab05-e61e474aa38b} - c:\program files\askpbar\srchastt\1.bin\A9SRCHAS.DLL
BHO: {0A94B111-4504-4e26-AB05-E61E474AA38B} - No File
BHO: Sophos Web Content Scanner: {39ea7695-b3f2-4c44-a4bc-297ada8fd235} - c:\program files\sophos\sophos anti-virus\SophosBHO.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: {e671497f-4c87-4a68-ade9-901f3f028eb6} - c:\windows\system32\efcYRifE.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Ask Toolbar: {f4d76f09-7896-458a-890f-e1f05c46069f} - c:\program files\askpbar\bar\1.bin\ASKPBAR.DLL
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Steam] "c:\program files\steam\Steam.exe" -silent
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\HOMERunner.exe"
uRun: [DW6] "c:\program files\the weather channel fw\desktop\DesktopWeather.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.0\apps\apdproxy.exe"
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [DNS7reminder] "c:\program files\nuance\naturallyspeaking9\ereg\ereg.exe" -r "c:\documents and settings\all users\application data\nuance\naturallyspeaking9\Ereg.ini
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe"
mRun: [NVRaidService] c:\windows\system32\nvraidservice.exe
mRun: [nTrayFw] c:\program files\nvidia corporation\networkaccessmanager\bin\nTrayFw.exe
mRun: [BrStsWnd] c:\program files\brownie\BrstsWnd.exe Autorun
mRun: [bncsaui.exe] %ProgramFiles%\Bradford Networks\Persistent Agent\bncsaui.exe
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
dRun: [msiexec.exe] msiconf.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoup~1.lnk - c:\program files\sophos\autoupdate\ALMon.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\tk8eas~1.lnk - c:\program files\tk8\tk8 easynote 1.1\EasyNote.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
LSP: %SYSTEMROOT%\system32\nvappfilter.dll
AppInit_DLLs: c:\progra~1\sophos\sophos~1\SOPHOS~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll
LSA: Authentication Packages = msv1_0 c:\windows\system32\efcYRifE

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\ccurxbv0.default\
FF - prefs.js: browser.search.selectedEngine - eBay
FF - plugin: c:\program files\mozilla firefox\plugins\npitunes.dll
FF - HiddenExtension: XUL Cache: {63692817-6625-40D7-9A29-506F717355E6} - c:\documents and settings\owner\local settings\application data\{63692817-6625-40D7-9A29-506F717355E6}

============= SERVICES / DRIVERS ===============

R1 SAVOnAccessControl;SAVOnAccessControl;c:\windows\system32\drivers\savonaccesscontrol.sys [2007-8-31 104704]
R1 SAVOnAccessFilter;SAVOnAccessFilter;c:\windows\system32\drivers\savonaccessfilter.sys [2007-8-31 35584]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2008-11-18 38496]
R4 AdobeActiveFileMonitor;Adobe Active File Monitor;c:\program files\adobe\photoshop elements 3.0\PhotoshopElementsFileAgent.exe [2004-10-4 98304]
R4 BNPagent;Bradford Persistent Agent Service;c:\program files\bradford networks\persistent agent\bndaemon.exe [2008-10-25 2940296]
R4 SAVAdminService;Sophos Anti-Virus status reporter;c:\program files\sophos\sophos anti-virus\SAVAdminService.exe [2008-10-23 69632]
R4 SAVService;Sophos Anti-Virus;c:\program files\sophos\sophos anti-virus\SavService.exe [2008-9-30 98304]
R4 Sophos AutoUpdate Service;Sophos AutoUpdate Service;c:\program files\sophos\autoupdate\ALsvc.exe [2008-9-30 172032]
R4 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
S4 SophosBootDriver;SophosBootDriver;c:\windows\system32\drivers\SophosBootDriver.sys [2008-9-30 14976]

=============== Created Last 30 ================

2009-01-16 18:15 <DIR> --d----- c:\program files\Trend Micro
2009-01-03 21:28 410,976 a------- c:\windows\system32\deploytk.dll

==================== Find3M ====================

2009-01-14 16:11 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-14 16:11 15,504 a------- c:\windows\system32\drivers\mbam.sys
2008-12-11 05:57 333,952 a------- c:\windows\system32\drivers\srv.sys
2008-11-10 12:23 243,840 a------- c:\windows\system32\ZuneWlanCfgSvc.exe
2008-11-10 12:23 60,032 a------- c:\windows\system32\ZuneBusEnum.exe
2008-11-10 12:09 73,728 a------- c:\windows\system32\ZuneUsbTransport.dll
2008-11-10 12:09 18,944 a------- c:\windows\system32\ZuneTcp2Udp.dll
2008-11-10 12:09 57,344 a------- c:\windows\system32\ZuneRegUtil.dll
2008-11-10 12:09 12,800 a------- c:\windows\system32\ZunePTDNS.dll
2008-11-10 12:09 310,272 a------- c:\windows\system32\ZuneNetProxy.dll
2008-11-10 12:09 145,920 a------- c:\windows\system32\ZuneMTPZ.dll
2008-09-03 20:53 1,714 a------- c:\docume~1\owner\applic~1\SAS7_000.DAT
2008-02-10 17:59 141,909,560 a------- c:\documents and settings\owner\WoW-2.3.3.7799-to-0.4.0.7897-enUS-patch.exe
2008-08-18 21:46 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008081820080819\index.dat

============= FINISH: 12:54:18.64 ===============
rchill243
Active Member
 
Posts: 10
Joined: January 16th, 2009, 7:29 pm

Re: Hijack This log

Unread postby muppy03 » January 23rd, 2009, 6:44 am

Hi rchill243 :flower: Sorry for the delay

GooredFix

Please download GooredFix and save it to your Desktop
Double-click GooredFix.exe on your Desktop to run it.
  • Select "2. Fix Goored" by typing 2 and pressing Enter.
  • Make sure all instances of Firefox are closed at this point.
  • Type y at the prompt and press Enter again.
  • A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called GooredLog.txt).
Note: If you receive a message saying that GooredFix needs your system to be restarted, please close all applications and reboot your system. Please also allow any registry changes that may be prompted by any of your security programs

Next Before running the next scan let's clean out your Temporary Files folders, which should reduce the scan time.
    • Click Start > Run and type cleanmgr then click OK.
    • This will bring up the Disk Cleanup window.
    • Check the following entries.
      o Temporary Internet Files.
      o Recycle Bin.
      o Temporary Files
      .
    Click OK.
    • When a prompt pops up click Yes.

Next Please download OTScanIt2 from Geeks to Go or Bleeping Computer. Save it to your desktop.

    • Double-click on it to extract the files.
    • It will create a folder named OTScanIt on your desktop.
Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
    • Close ALL OTHER PROGRAMS
    • Open the OTScanIt folder and double-click on OTScanIt.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
    • Next check the following.

  • Scan all users
  • Include MD5
  • In the Rootkit Search section click on Yes
  • Under Additional Scans click the "Extras" button.

    Do not change any other settings.
    • Now click the Run Scan button on the toolbar.
    • Let it run unhindered until it finishes.
    • When the scan is complete Notepad will open with the report file loaded in it.
    • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.

Copy/Paste the information back here please. I will review it when it comes in. Make sure that the first line is code with brackets around it []and that the last line is /code with brackets around it [].

After posting, if the last line is not End of Report then the log is too big to fit into a single post and you will need to split it into multiple posts and post each separately.

Please reply with:-
  • Goored Fix log
  • OTScanit2 report
User avatar
muppy03
MRU Emeritus
MRU Emeritus
 
Posts: 4798
Joined: December 4th, 2007, 5:30 am
Location: Australia

Re: Hijack This log

Unread postby rchill243 » January 23rd, 2009, 1:47 pm

Code: Select all
OTScanIt2 logfile created on: 1/23/2009 11:44:06 AM - Run 1
OTScanIt2 by OldTimer - Version 1.0.6.2     Folder = C:\OTScanlt\OTScanIt2
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1023.48 Mb Total Physical Memory | 509.89 Mb Available Physical Memory | 49.82% Memory free
2.40 Gb Paging File | 1.93 Gb Available in Paging File | 80.45% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072;
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 150.17 Gb Free Space | 64.49% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: ROB-COMPUTER
Current User Name: Owner
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On
File Age = 30 Days
 
[Processes - Safe List]
almon.exe -> %ProgramFiles%\Sophos\AutoUpdate\ALMon.exe -> [2007/08/31 22:25:11 | 00,245,760 | ---- | M | MD5 = 4CF38637FADECCCC00013C0711DB3BBA] (Sophos Plc)
alsvc.exe -> %ProgramFiles%\Sophos\AutoUpdate\ALsvc.exe -> [2008/09/30 08:43:25 | 00,172,032 | ---- | M | MD5 = A2FC88DC4F21C7BB8693955D5E8D3DBB] (Sophos Plc)
apache.exe -> %ProgramFiles%\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe -> [2004/11/30 10:08:56 | 00,020,543 | ---- | M | MD5 = B81F8778F5BB485F3B75114F0C99A49F] (Apache Software Foundation)
apache.exe -> %ProgramFiles%\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe -> [2004/11/30 10:08:56 | 00,020,543 | ---- | M | MD5 = B81F8778F5BB485F3B75114F0C99A49F] (Apache Software Foundation)
apdproxy.exe -> %ProgramFiles%\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe -> [2005/06/06 22:46:24 | 00,057,344 | ---- | M | MD5 = 617FA5BE646B5E8D6670FD4710ACD2D3] (Adobe Systems Incorporated)
applemobiledeviceservice.exe -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> [2007/06/28 03:06:52 | 00,106,496 | ---- | M | MD5 = 2ACFC9242BE81AE2356E14E5E05C02BB] (Apple, Inc.)
bncsaui.exe -> %ProgramFiles%\Bradford Networks\Persistent Agent\bncsaui.exe -> [2008/10/25 21:25:36 | 02,612,616 | ---- | M | MD5 = E1A0792F7EF4086E2026A410FF6042C9] (Bradford Networks)
bndaemon.exe -> %ProgramFiles%\Bradford Networks\Persistent Agent\bndaemon.exe -> [2008/10/25 21:25:36 | 02,940,296 | ---- | M | MD5 = 8263968B0D472549CA7BD26BBE70AF7D] (Bradford Networks)
brpjp04a.exe -> %ProgramFiles%\Brownie\brpjp04a.exe -> [2008/01/11 11:54:44 | 00,090,112 | ---- | M | MD5 = DF519BF6727B389B4FB1D15ECBB35C48] (brother)
brstswnd.exe -> %ProgramFiles%\Brownie\BrStsWnd.exe -> [2008/01/08 08:28:02 | 00,864,256 | ---- | M | MD5 = B3FBBE5CEA5532295882EE57377EDDC9] (brother)
easynote.exe -> %ProgramFiles%\TK8\TK8 EasyNote 1.1\EasyNote.exe -> [2001/01/22 15:36:24 | 00,439,808 | ---- | M | MD5 = CFD6F8CFEA1BC6F66016883CCD2321AE] ()
homerunner.exe -> %ProgramFiles%\TomTom HOME 2\HOMERunner.exe -> [2008/05/06 03:42:14 | 00,202,088 | ---- | M | MD5 = 6159285EE144F5DB0C0608A4C9225229] (TomTom)
ipodservice.exe -> %ProgramFiles%\iPod\bin\iPodService.exe -> [2007/06/01 15:51:22 | 00,501,312 | ---- | M | MD5 = F72AB8EC1EB97F4B6EDABFDC34BC84CB] (Apple Inc.)
issch.exe -> %CommonProgramFiles%\InstallShield\UpdateService\issch.exe -> [2005/02/16 16:15:20 | 00,081,920 | ---- | M | MD5 = D2AEADFD998706B4216315B2BD3FA79E] (InstallShield Software Corporation)
ituneshelper.exe -> %ProgramFiles%\iTunes\iTunesHelper.exe -> [2007/06/01 15:51:26 | 00,257,088 | ---- | M | MD5 = 3E8C2BF38AD10EC0F6691EB88B721E0C] (Apple Inc.)
jqs.exe -> %ProgramFiles%\Java\jre6\bin\jqs.exe -> [2009/01/03 21:27:46 | 00,152,984 | ---- | M | MD5 = 5FD5865DC1A2100F8D4CF000EE5409A3] (Sun Microsystems, Inc.)
jusched.exe -> %ProgramFiles%\Java\jre6\bin\jusched.exe -> [2009/01/03 21:27:47 | 00,136,600 | ---- | M | MD5 = AB68B7C232293F6B09E5C29CB31AE76D] (Sun Microsystems, Inc.)
msascui.exe -> %ProgramFiles%\Windows Defender\MSASCui.exe -> [2006/11/03 17:20:12 | 00,866,584 | ---- | M | MD5 = 77C03BF23AE56B0A31AE4D5BB4B3D0AC] (Microsoft Corporation)
msmpeng.exe -> %ProgramFiles%\Windows Defender\MsMpEng.exe -> [2006/11/03 17:19:58 | 00,013,592 | ---- | M | MD5 = F45DD1E1365D857DD08BC23563370D0E] (Microsoft Corporation)
msmsgs.exe -> %ProgramFiles%\Messenger\msmsgs.exe -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M | Unable to obtain MD5] (Microsoft Corporation)
nsvcappflt.exe -> %ProgramFiles%\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe -> [2005/04/29 17:21:06 | 00,139,264 | ---- | M | MD5 = B47576825F0A397E1C807C7EC23E1560] ()
nsvcip.exe -> %ProgramFiles%\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe -> [2005/04/29 17:18:24 | 00,131,136 | ---- | M | MD5 = CF0FA7F8366002692BF7E46805F531B9] (NVIDIA)
nsvclog.exe -> %ProgramFiles%\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe -> [2005/04/29 17:18:08 | 00,057,412 | ---- | M | MD5 = ACE9C161B76C066288A17FEA4BB7BFFC] (NVIDIA)
ntrayfw.exe -> %ProgramFiles%\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe -> [2005/04/29 17:22:26 | 00,266,240 | ---- | M | MD5 = DD42915E9B83FC52D559692B6889A123] (NVIDIA Corporation)
nvraidservice.exe -> %SystemRoot%\system32\nvraidservice.exe -> [2005/01/17 13:43:46 | 00,084,480 | ---- | M | MD5 = 9AB8E129B1AF0A8C35715050CCE8A8D9] (NVIDIA Corporation)
nvsvc32.exe -> %SystemRoot%\system32\nvsvc32.exe -> [2007/12/05 01:41:00 | 00,155,716 | ---- | M | MD5 = 472A00D2183C9E5EDB3E076272741812] (NVIDIA Corporation)
otscanit2.exe -> %SystemDrive%\OTScanlt\OTScanIt2\OTScanIt2.exe -> [2009/01/09 09:03:22 | 00,485,376 | ---- | M | MD5 = F33A8441F5C3EA4BEF4AD8A1571A5B3B] (OldTimer Tools)
photoshopelementsfileagent.exe -> %ProgramFiles%\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe -> [2004/10/04 03:47:04 | 00,098,304 | ---- | M | MD5 = E42F7B36B4D8866184E8DF9776CA4226] ()
qttask.exe -> %ProgramFiles%\QuickTime\qttask.exe -> [2007/04/27 08:41:54 | 00,282,624 | ---- | M | MD5 = 7FBE43046EFDF24FC9375024E4D02AC9] (Apple Inc.)
savadminservice.exe -> %ProgramFiles%\Sophos\Sophos Anti-Virus\SAVAdminService.exe -> [2008/10/23 09:03:08 | 00,069,632 | ---- | M | MD5 = B037FA1C3E09C06381192DF11CDA4AD6] (Sophos Plc)
savservice.exe -> %ProgramFiles%\Sophos\Sophos Anti-Virus\SavService.exe -> [2008/09/30 10:07:50 | 00,098,304 | ---- | M | MD5 = 2E83AD127667AA4E704011F71AA1351B] (Sophos Plc)
soundman.exe -> %SystemRoot%\soundman.exe -> [2006/06/21 05:42:44 | 00,577,536 | ---- | M | MD5 = 9832C37287E523B363DD386A8033DDA0] (Realtek Semiconductor Corp.)
steam.exe -> %ProgramFiles%\Steam\Steam.exe -> [2008/10/08 08:16:01 | 01,410,296 | ---- | M | MD5 = E2F041F209D4ADDA9882778A11EAB922] (Valve Corporation)
unsecapp.exe -> %SystemRoot%\system32\wbem\unsecapp.exe -> [2004/10/08 07:01:47 | 00,016,896 | ---- | M | MD5 = C7000F2DB2A5515C64C257478769A481] (Microsoft Corporation)
wlservice.exe -> %ProgramFiles%\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe -> [2004/02/06 22:56:14 | 00,041,025 | ---- | M | MD5 = E8C30EF9BBC6DDB71F0F77FA3A96515F] (GEMTEKS)
wmiprvse.exe -> %SystemRoot%\system32\wbem\wmiprvse.exe -> [2008/04/13 19:12:40 | 00,218,112 | ---- | M | MD5 = 0FFAE66E6D5B1C87CBD22D1F3B6079FD] (Microsoft Corporation)
wmp54gv4.exe -> %ProgramFiles%\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe -> [2004/05/10 04:35:00 | 05,208,576 | ---- | M | MD5 = 2AFA8F2A0A36FCB2759912CFD35A069A] (Linksys)
zunebusenum.exe -> %SystemRoot%\system32\ZuneBusEnum.exe -> [2008/11/10 12:23:38 | 00,060,032 | ---- | M | MD5 = E1F765822A6923EFC3758E58EB305726] (Microsoft Corporation)
zunelauncher.exe -> %ProgramFiles%\Zune\ZuneLauncher.exe -> [2008/11/10 12:23:40 | 00,157,312 | ---- | M | MD5 = D7FB9BBDCDE7B1D38F1F2DF97ED3A832] (Microsoft Corporation)
zunenss.exe -> %ProgramFiles%\Zune\ZuneNss.exe -> [2008/11/10 12:23:50 | 05,117,568 | ---- | M | MD5 = BD624C6E873BB0D5BB315D558BFCE222] (Microsoft Corporation)
 
[Win32 Services - Safe List]
(AdobeActiveFileMonitor) Adobe Active File Monitor [Win32_Own | Auto | Running] -> %ProgramFiles%\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe -> [2004/10/04 03:47:04 | 00,098,304 | ---- | M | MD5 = E42F7B36B4D8866184E8DF9776CA4226] ()
(Apple Mobile Device) Apple Mobile Device [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> [2007/06/28 03:06:52 | 00,106,496 | ---- | M | MD5 = 2ACFC9242BE81AE2356E14E5E05C02BB] (Apple, Inc.)
(aspnet_state) ASP.NET State Service [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -> [2007/10/24 00:47:22 | 00,033,800 | ---- | M | MD5 = 4EABF511B1AF176A971C3271E48FA3A8] (Microsoft Corporation)
(BNPagent) Bradford Persistent Agent Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Bradford Networks\Persistent Agent\bndaemon.exe -> [2008/10/25 21:25:36 | 02,940,296 | ---- | M | MD5 = 8263968B0D472549CA7BD26BBE70AF7D] (Bradford Networks)
(clr_optimization_v2.0.50727_32) .NET Runtime Optimization Service v2.0.50727_X86 [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -> [2007/10/24 00:47:40 | 00,070,144 | ---- | M | MD5 = 234B1BC2796483E1F5C3F26649FB3388] (Microsoft Corporation)
(ForceWare Intelligent Application Manager (IAM)) ForceWare Intelligent Application Manager (IAM) [Win32_Own | Auto | Running] -> %ProgramFiles%\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe -> [2005/04/29 17:21:06 | 00,139,264 | ---- | M | MD5 = B47576825F0A397E1C807C7EC23E1560] ()
(ForcewareWebInterface) Forceware Web Interface [Win32_Own | Auto | Running] -> %ProgramFiles%\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe -> [2004/11/30 10:08:56 | 00,020,543 | ---- | M | MD5 = B81F8778F5BB485F3B75114F0C99A49F] (Apache Software Foundation)
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\1050\Intel 32\IDriverT.exe -> [2004/10/22 03:24:18 | 00,073,728 | ---- | M | MD5 = 6F95324909B502E2651442C1548AB12F] (Macrovision Corporation)
(iPod Service) iPod Service [Win32_Own | On_Demand | Running] -> %ProgramFiles%\iPod\bin\iPodService.exe -> [2007/06/01 15:51:22 | 00,501,312 | ---- | M | MD5 = F72AB8EC1EB97F4B6EDABFDC34BC84CB] (Apple Inc.)
(JavaQuickStarterService) Java Quick Starter [Win32_Own | Auto | Running] -> %ProgramFiles%\Java\jre6\bin\jqs.exe -> [2009/01/03 21:27:46 | 00,152,984 | ---- | M | MD5 = 5FD5865DC1A2100F8D4CF000EE5409A3] (Sun Microsystems, Inc.)
(nSvcIp) ForceWare IP service [Win32_Own | Auto | Running] -> %ProgramFiles%\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe -> [2005/04/29 17:18:24 | 00,131,136 | ---- | M | MD5 = CF0FA7F8366002692BF7E46805F531B9] (NVIDIA)
(nSvcLog) ForceWare user log service [Win32_Own | Auto | Running] -> %ProgramFiles%\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe -> [2005/04/29 17:18:08 | 00,057,412 | ---- | M | MD5 = ACE9C161B76C066288A17FEA4BB7BFFC] (NVIDIA)
(NVSvc) NVIDIA Display Driver Service [Win32_Own | Auto | Running] -> %SystemRoot%\system32\nvsvc32.exe -> [2007/12/05 01:41:00 | 00,155,716 | ---- | M | MD5 = 472A00D2183C9E5EDB3E076272741812] (NVIDIA Corporation)
(odserv) Microsoft Office Diagnostics Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Microsoft Shared\OFFICE12\ODSERV.EXE -> [2007/08/24 02:19:12 | 00,443,776 | ---- | M | MD5 = E54AA592A65F317390EEE386A8821692] (Microsoft Corporation)
(ose) Office Source Engine [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Microsoft Shared\Source Engine\OSE.EXE -> [2006/10/26 13:03:08 | 00,145,184 | ---- | M | MD5 = 5A432A042DAE460ABE7199B758E8606C] (Microsoft Corporation)
(SAVAdminService) Sophos Anti-Virus status reporter [Win32_Own | Unknown | Running] -> %ProgramFiles%\Sophos\Sophos Anti-Virus\SAVAdminService.exe -> [2008/10/23 09:03:08 | 00,069,632 | ---- | M | MD5 = B037FA1C3E09C06381192DF11CDA4AD6] (Sophos Plc)
(SAVService) Sophos Anti-Virus [Win32_Own | Unknown | Running] -> %ProgramFiles%\Sophos\Sophos Anti-Virus\SavService.exe -> [2008/09/30 10:07:50 | 00,098,304 | ---- | M | MD5 = 2E83AD127667AA4E704011F71AA1351B] (Sophos Plc)
(Sophos AutoUpdate Service) Sophos AutoUpdate Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Sophos\AutoUpdate\ALsvc.exe -> [2008/09/30 08:43:25 | 00,172,032 | ---- | M | MD5 = A2FC88DC4F21C7BB8693955D5E8D3DBB] (Sophos Plc)
(WinDefend) Windows Defender [Win32_Own | Auto | Running] -> %ProgramFiles%\Windows Defender\MsMpEng.exe -> [2006/11/03 17:19:58 | 00,013,592 | ---- | M | MD5 = F45DD1E1365D857DD08BC23563370D0E] (Microsoft Corporation)
(WMP54Gv4SVC) WMP54Gv4SVC [Win32_Own | Auto | Running] ->  -> File not found
(ZuneBusEnum) Zune Bus Enumerator [Win32_Own | Auto | Running] -> %SystemRoot%\system32\ZuneBusEnum.exe -> [2008/11/10 12:23:38 | 00,060,032 | ---- | M | MD5 = E1F765822A6923EFC3758E58EB305726] (Microsoft Corporation)
(ZuneNetworkSvc) Zune Network Sharing Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Zune\ZuneNss.exe -> [2008/11/10 12:23:50 | 05,117,568 | ---- | M | MD5 = BD624C6E873BB0D5BB315D558BFCE222] (Microsoft Corporation)
(ZuneWlanCfgSvc) Zune Wireless Configuration Service [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\system32\ZuneWlanCfgSvc.exe -> [2008/11/10 12:23:42 | 00,243,840 | ---- | M | MD5 = AEF3D950F6A8A85A0342E48908CF5B3D] (Microsoft Corporation)
 
[Driver Services - Safe List]
(AegisP) AEGIS Protocol (IEEE 802.1x) v3.4.0.1 [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\AegisP.sys -> [2007/03/25 15:55:24 | 00,019,915 | ---- | M | MD5 = 8D155386B3B032EA7513E19F8C8F80A7] (Meetinghouse Data Communications)
(ALCXWDM) Service for Realtek AC97 Audio (WDM) [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\alcxwdm.sys -> [2006/06/27 17:42:14 | 03,972,672 | ---- | M | MD5 = FCB505A7FA9DD4B8B98064792FD038A4] (Realtek Semiconductor Corp.)
(GEARAspiWDM) GEARAspiWDM [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\GEARAspiWDM.sys -> [2006/09/19 14:44:04 | 00,015,664 | ---- | M | MD5 = 4AC51459805264AFFD5F6FDFB9D9235F] (GEAR Software Inc.)
(irsir) Microsoft Serial Infrared Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\irsir.sys -> [2001/08/17 08:51:32 | 00,018,688 | ---- | M | MD5 = 0501F0B9AB08425F8C0EACBDCC04AA32] (Microsoft Corporation)
(kbdhid) Keyboard HID Driver [Kernel | System | Running] -> %SystemRoot%\system32\drivers\kbdhid.sys -> [2008/04/13 13:39:48 | 00,014,592 | ---- | M | MD5 = 9EF487A186DEA361AA06913A75B3FA99] (Microsoft Corporation)
(nv) nv [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\nv4_mini.sys -> [2007/12/05 01:41:00 | 07,435,392 | ---- | M | MD5 = 8C0456001B6900114BBB1C548BD8AAF5] (NVIDIA Corporation)
(nvatabus) nvatabus [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\nvatabus.sys -> [2005/05/17 16:45:08 | 00,092,800 | ---- | M | MD5 = DCE353985C988BFB7E84FD942068151F] (NVIDIA Corporation)
(NVENETFD) NVIDIA nForce Networking Controller Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\NVENETFD.sys -> [2005/04/06 02:22:28 | 00,033,536 | ---- | M | MD5 = 720CC533EECB65553BD86B139CA04433] (NVIDIA Corporation)
(nvnetbus) NVIDIA Network Bus Enumerator [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\nvnetbus.sys -> [2005/04/06 02:22:30 | 00,012,928 | ---- | M | MD5 = 5F9F545CC5904DD8765F84EE1D056406] (NVIDIA Corporation)
(nvraid) NVIDIA nForce(tm) RAID Class Driver [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\nvraid.sys -> [2005/05/17 16:45:12 | 00,076,288 | ---- | M | MD5 = 9C8A8E00648EAF7A1D794F7CFB25A6B4] (NVIDIA Corporation)
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ptilink.sys -> [2004/10/08 07:01:47 | 00,017,792 | ---- | M | MD5 = 80D317BD1C3DBC5D4FE7B1678C60CADD] (Parallel Technologies, Inc.)
(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\PxHelp20.sys -> [2007/09/30 16:21:18 | 00,020,176 | ---- | M | MD5 = B5DFB86A6CAEAE9B2BF3DEDB43BE6393] (Sonic Solutions)
(RT2500) Linksys Wireless-G PCI Adapter Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\RT2500.sys -> [2005/04/21 15:56:10 | 00,242,176 | ---- | M | MD5 = 4B6F7B6C966E90A55102DAA107F44934] (Ralink Technology Inc.)
(SAVOnAccessControl) SAVOnAccessControl [File_System | System | Running] -> %SystemRoot%\system32\drivers\savonaccesscontrol.sys -> [2008/09/30 10:26:24 | 00,104,704 | ---- | M | MD5 = 917A768EE6B0D5C1234D9A77B14A3A93] (Sophos Plc)
(SAVOnAccessFilter) SAVOnAccessFilter [File_System | System | Running] -> %SystemRoot%\system32\drivers\savonaccessfilter.sys -> [2008/09/30 10:23:51 | 00,035,584 | ---- | M | MD5 = 1EE611B64D88B08156A226A0DE4CEF18] (Sophos Plc)
(Secdrv) Secdrv [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\secdrv.sys -> [2007/11/13 05:25:53 | 00,020,480 | R--- | M | MD5 = 90A3935D05B494A5A39D37E71F09A677] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
(SophosBootDriver) SophosBootDriver [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\SophosBootDriver.sys -> [2008/09/30 10:30:35 | 00,014,976 | ---- | M | MD5 = 3BDF94E0827D13E44249A646F6C0EB7C] (Sophos Plc)
(Wdf01000) Wdf01000 [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\wdf01000.sys -> [2008/03/27 15:27:46 | 00,503,008 | ---- | M | MD5 = BBCFEAB7E871CDDAC2D397EE7FA91FDC] (Microsoft Corporation)
(WinUSB) WinUSB [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\winusb.sys -> [2006/11/02 06:00:08 | 00,039,368 | ---- | M | MD5 = FD600B032E741EB6AAB509FC630F7C42] (Microsoft Corporation)
(WS2IFSL) Windows Socket 2.0 Non-IFS Service Provider Support Environment [Kernel | System | Running] -> %SystemRoot%\system32\drivers\ws2ifsl.sys -> [2004/10/08 07:01:47 | 00,012,032 | ---- | M | MD5 = 6ABE6E225ADB5A751622A9CC3BC19CE8] (Microsoft Corporation)
(zumbus) Zune Bus Enumerator Driver [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\zumbus.sys -> [2008/09/12 17:32:04 | 00,040,832 | ---- | M | MD5 = 85281F709EA678382F370EE1052BBBAC] (Microsoft Corporation)
 
[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://go.microsoft.com/fwlink/?LinkId=69157 -> 
HKEY_LOCAL_MACHINE\: Main\\"Default_Search_URL" -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_LOCAL_MACHINE\: Main\\"Default_Secondary_Page_URL" ->  -> 
HKEY_LOCAL_MACHINE\: Main\\"Extensions Off Page" -> about:NoAdd-ons -> 
HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> %SystemRoot%\system32\blank.htm -> 
HKEY_LOCAL_MACHINE\: Main\\"Search Page" -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_LOCAL_MACHINE\: Main\\"Security Risk Page" -> about:SecurityRisk -> 
HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://go.microsoft.com/fwlink/?LinkId=69157 -> 
HKEY_LOCAL_MACHINE\: Search\\"CustomizeSearch" -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> 
HKEY_LOCAL_MACHINE\: Search\\"SearchAssistant" -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> 
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 
HKEY_CURRENT_USER\: Main\\"Local Page" -> C:\WINDOWS\system32\blank.htm -> 
HKEY_CURRENT_USER\: Main\\"Search Page" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_CURRENT_USER\: Main\\"Start Page" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome -> 
HKEY_CURRENT_USER\: URLSearchHooks\\"{0A94B116-4504-4e26-AB05-E61E474AA38B}" [HKLM] -> %ProgramFiles%\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL [] -> [2008/10/04 19:09:40 | 00,061,440 | ---- | M | MD5 = 4AE7A57D94B959177C9AF645005C3997] (Ask.com)
HKEY_CURRENT_USER\: "ProxyEnable" -> 0 -> 
< FireFox Settings [Default Profile] > -> C:\Documents and Settings\Owner\Application Data\Mozilla\FireFox\Profiles\ccurxbv0.default\prefs.js -> 
browser.startup.homepage_override.mstone -> "rv:1.9.0.5" ->
extensions.enabledItems -> bettergmail2@ginatrapani.org:0.7.2 ->
extensions.enabledItems -> {987311C6-B504-4aa2-90BF-60CC49808D42}:2.1 ->
extensions.enabledItems -> {fce36c1e-58d8-498a-b2a5-66ad1cedebbb}:0.76 ->
extensions.enabledItems -> {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.0 ->
extensions.enabledItems -> {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:0.9.8 ->
extensions.enabledItems -> {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}:6.0.01 ->
extensions.enabledItems -> {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07 ->
extensions.enabledItems -> {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}:6.0.10 ->
extensions.enabledItems -> jqs@sun.com:1.0 ->
extensions.enabledItems -> {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.5 ->
extensions.enabledItems -> nasanightlaunch@example.com:0.6.20081231 ->
< HOSTS File > (734 bytes and 19 lines) -> C:\WINDOWS\System32\drivers\etc\Hosts -> 
127.0.0.1       localhost
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{0A94B111-4504-4e26-AB05-E61E474AA38B} [HKLM] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
{39EA7695-B3F2-4C44-A4BC-297ADA8FD235} [HKLM] -> %ProgramFiles%\Sophos\Sophos Anti-Virus\SophosBHO.dll [Sophos Web Content Scanner] -> [2008/11/19 09:53:56 | 00,240,696 | ---- | M | MD5 = CFC3AB2B75A8AF36960597D7F0E00569] (Sophos Plc)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre6\bin\ssv.dll [Java(tm) Plug-In SSV Helper] -> [2009/01/03 21:27:48 | 00,320,920 | ---- | M | MD5 = DC090E320775F1B1FE896F6E1D393D7F] (Sun Microsystems, Inc.)
{DBC80044-A445-435b-BC74-9C25C1C588A9} [HKLM] -> %ProgramFiles%\Java\jre6\bin\jp2ssv.dll [Java(tm) Plug-In 2 SSV Helper] -> [2009/01/03 21:27:46 | 00,034,816 | ---- | M | MD5 = 27771CDC5D464818C8F92356AE840A6F] (Sun Microsystems, Inc.)
{E671497F-4C87-4A68-ADE9-901F3F028EB6} [HKLM] -> %SystemRoot%\system32\efcYRifE.dll [Reg Error: Value  does not exist or could not be read.] -> File not found
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} [HKLM] -> %ProgramFiles%\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [JQSIEStartDetectorImpl Class] -> [2009/01/03 21:27:48 | 00,073,728 | ---- | M | MD5 = 8F206275452A3668097A7A26F62A7127] (Sun Microsystems, Inc.)
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
"{F4D76F09-7896-458a-890F-E1F05C46069F}" [HKLM] -> %ProgramFiles%\AskPBar\bar\1.bin\ASKPBAR.DLL [Ask Toolbar] -> [2008/10/04 19:09:39 | 00,241,664 | ---- | M | MD5 = C849DC7BF341EC7DE92CD1295F9380A0] (Ask.com)
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> 
WebBrowser\\"{F4D76F09-7896-458A-890F-E1F05C46069F}" [HKLM] -> %ProgramFiles%\AskPBar\bar\1.bin\ASKPBAR.DLL [Ask Toolbar] -> [2008/10/04 19:09:39 | 00,241,664 | ---- | M | MD5 = C849DC7BF341EC7DE92CD1295F9380A0] (Ask.com)
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"Adobe Photo Downloader" -> %ProgramFiles%\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe ["C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"] -> [2005/06/06 22:46:24 | 00,057,344 | ---- | M | MD5 = 617FA5BE646B5E8D6670FD4710ACD2D3] (Adobe Systems Incorporated)
"Adobe Reader Speed Launcher" -> %ProgramFiles%\Adobe\Reader 8.0\Reader\reader_sl.exe ["C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"] -> [2008/01/11 21:16:38 | 00,039,792 | ---- | M | MD5 = 8B9145D229D4E89D15ACB820D4A3A90F] (Adobe Systems Incorporated)
"bncsaui.exe" -> %ProgramFiles%\Bradford Networks\Persistent Agent\bncsaui.exe [%ProgramFiles%\Bradford Networks\Persistent Agent\bncsaui.exe] -> [2008/10/25 21:25:36 | 02,612,616 | ---- | M | MD5 = E1A0792F7EF4086E2026A410FF6042C9] (Bradford Networks)
"BrStsWnd" -> %ProgramFiles%\Brownie\BrStsWnd.exe [C:\Program Files\Brownie\BrstsWnd.exe Autorun] -> [2008/01/08 08:28:02 | 00,864,256 | ---- | M | MD5 = B3FBBE5CEA5532295882EE57377EDDC9] (brother)
"DNS7reminder" -> %ProgramFiles%\Nuance\NaturallySpeaking9\Ereg\Ereg.exe ["C:\Program Files\Nuance\NaturallySpeaking9\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\Nuance\NaturallySpeaking9\Ereg.ini] -> [2006/11/27 10:25:16 | 00,255,528 | ---- | M | MD5 = AD951D5090D54B82859249768FA94168] (Nuance Communications, Inc.)
"ISUSPM Startup" -> %CommonProgramFiles%\InstallShield\UpdateService\ISUSPM.exe [C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup] -> [2005/02/16 16:15:22 | 00,221,184 | ---- | M | MD5 = A379B75A6FFE4DFD3184F35F0141CE91] (InstallShield Software Corporation)
"ISUSScheduler" -> %CommonProgramFiles%\InstallShield\UpdateService\issch.exe ["C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start] -> [2005/02/16 16:15:20 | 00,081,920 | ---- | M | MD5 = D2AEADFD998706B4216315B2BD3FA79E] (InstallShield Software Corporation)
"iTunesHelper" -> %ProgramFiles%\iTunes\iTunesHelper.exe ["C:\Program Files\iTunes\iTunesHelper.exe"] -> [2007/06/01 15:51:26 | 00,257,088 | ---- | M | MD5 = 3E8C2BF38AD10EC0F6691EB88B721E0C] (Apple Inc.)
"nTrayFw" -> %ProgramFiles%\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe [C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe] -> [2005/04/29 17:22:26 | 00,266,240 | ---- | M | MD5 = DD42915E9B83FC52D559692B6889A123] (NVIDIA Corporation)
"NvCplDaemon" -> %SystemRoot%\system32\nvcpl.dll [RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup] -> [2007/12/05 01:41:00 | 08,523,776 | ---- | M | MD5 = B1CB9BFEE05D23F07AF6F4230092CC49] (NVIDIA Corporation)
"NvMediaCenter" -> %SystemRoot%\system32\nvmctray.dll [RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit] -> [2007/12/05 01:41:00 | 00,081,920 | ---- | M | MD5 = EC979882A9BF2B9A74693F3BF6DB3EAA] (NVIDIA Corporation)
"NVRaidService" -> %SystemRoot%\system32\nvraidservice.exe [C:\WINDOWS\system32\nvraidservice.exe] -> [2005/01/17 13:43:46 | 00,084,480 | ---- | M | MD5 = 9AB8E129B1AF0A8C35715050CCE8A8D9] (NVIDIA Corporation)
"nwiz" -> %SystemRoot%\system32\nwiz.exe [nwiz.exe /install] -> [2007/12/05 01:41:00 | 01,626,112 | ---- | M | MD5 = 9493BFFB9F82EFEC742F5C56A279BD5B] ()
"QuickTime Task" -> %ProgramFiles%\QuickTime\qttask.exe ["C:\Program Files\QuickTime\qttask.exe" -atboottime] -> [2007/04/27 08:41:54 | 00,282,624 | ---- | M | MD5 = 7FBE43046EFDF24FC9375024E4D02AC9] (Apple Inc.)
"SoundMan" -> %SystemRoot%\soundman.exe [SOUNDMAN.EXE] -> [2006/06/21 05:42:44 | 00,577,536 | ---- | M | MD5 = 9832C37287E523B363DD386A8033DDA0] (Realtek Semiconductor Corp.)
"SSBkgdUpdate" -> %CommonProgramFiles%\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe ["C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot] -> [2006/10/25 09:03:38 | 00,210,472 | ---- | M | MD5 = 846965AE55A2662B1576C0F392DD1D6E] (Nuance Communications, Inc.)
"SunJavaUpdateSched" -> %ProgramFiles%\Java\jre6\bin\jusched.exe ["C:\Program Files\Java\jre6\bin\jusched.exe"] -> [2009/01/03 21:27:47 | 00,136,600 | ---- | M | MD5 = AB68B7C232293F6B09E5C29CB31AE76D] (Sun Microsystems, Inc.)
"Windows Defender" -> %ProgramFiles%\Windows Defender\MSASCui.exe ["C:\Program Files\Windows Defender\MSASCui.exe" -hide] -> [2006/11/03 17:20:12 | 00,866,584 | ---- | M | MD5 = 77C03BF23AE56B0A31AE4D5BB4B3D0AC] (Microsoft Corporation)
"Zune Launcher" -> %ProgramFiles%\Zune\ZuneLauncher.exe ["c:\Program Files\Zune\ZuneLauncher.exe"] -> [2008/11/10 12:23:40 | 00,157,312 | ---- | M | MD5 = D7FB9BBDCDE7B1D38F1F2DF97ED3A832] (Microsoft Corporation)
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"DW6" -> %ProgramFiles%\The Weather Channel FW\Desktop\DesktopWeather.exe ["C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe"] -> File not found
"MSMSGS" -> %ProgramFiles%\Messenger\msmsgs.exe ["C:\Program Files\Messenger\msmsgs.exe" /background] -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M | Unable to obtain MD5] (Microsoft Corporation)
"Steam" -> %ProgramFiles%\Steam\Steam.exe ["C:\Program Files\Steam\Steam.exe" -silent] -> [2008/10/08 08:16:01 | 01,410,296 | ---- | M | MD5 = E2F041F209D4ADDA9882778A11EAB922] (Valve Corporation)
"TomTomHOME.exe" -> %ProgramFiles%\TomTom HOME 2\HOMERunner.exe ["C:\Program Files\TomTom HOME 2\HOMERunner.exe"] -> [2008/05/06 03:42:14 | 00,202,088 | ---- | M | MD5 = 6159285EE144F5DB0C0608A4C9225229] (TomTom)
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> 
%AllUsersProfile%\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk -> %CommonProgramFiles%\Adobe\Calibration\Adobe Gamma Loader.exe -> [2004/10/04 00:12:18 | 00,113,664 | ---- | M | MD5 = C2FF17734176CD15221C10044EF0BA1A] (Adobe Systems, Inc.)
%AllUsersProfile%\Start Menu\Programs\Startup\AutoUpdate Monitor.lnk -> %ProgramFiles%\Sophos\AutoUpdate\ALMon.exe -> [2007/08/31 22:25:11 | 00,245,760 | ---- | M | MD5 = 4CF38637FADECCCC00013C0711DB3BBA] (Sophos Plc)
%AllUsersProfile%\Start Menu\Programs\Startup\TK8 EasyNote 1.1.lnk -> %ProgramFiles%\TK8\TK8 EasyNote 1.1\EasyNote.exe -> [2001/01/22 15:36:24 | 00,439,808 | ---- | M | MD5 = CFD6F8CFEA1BC6F66016883CCD2321AE] ()
< Owner Startup Folder > -> C:\Documents and Settings\Owner\Start Menu\Programs\Startup -> 
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
\\"dontdisplaylastusername" ->  [0] -> File not found
\\"legalnoticecaption" ->  [] -> File not found
\\"legalnoticetext" ->  [] -> File not found
\\"shutdownwithoutlogon" ->  [1] -> File not found
\\"undockwithoutlogon" ->  [1] -> File not found
< CurrentVersion Policy Settings - Explorer [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [145] -> File not found
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> 
E&xport to Microsoft Excel -> %ProgramFiles%\Microsoft Office\Office12\EXCEL.EXE [res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000] -> [2008/10/18 18:30:22 | 17,931,616 | ---- | M | MD5 = 4121FEBB247C685D1FCDAE1BE5DEE120] (Microsoft Corporation)
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{92780B25-18CC-41C8-B9BE-3C9C571A8263}:{FF059E31-CC5A-4E2E-BF3B-96E929D65503} [HKLM] -> %ProgramFiles%\Microsoft Office\Office12\REFIEBAR.DLL [Button: Research] -> [2006/10/26 19:12:22 | 00,040,424 | ---- | M | MD5 = 7FC19DA1DC70C78D2FBD7A1D10942051] (Microsoft Corporation)
{e2e2dd38-d088-4134-82b7-f2ba38496583}:Exec [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [Menu: @xpsp3res.dll,-20001] -> [2008/04/13 13:53:32 | 00,558,080 | ---- | M | MD5 = AAC1D4EE39DF138C5D30AC5883E3B59F] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Button: Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M | Unable to obtain MD5] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Menu: Windows Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M | Unable to obtain MD5] (Microsoft Corporation)
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] -> %SystemRoot%\system32\msjava.dll [Web Browser Applet Control] -> [2003/02/28 17:26:26 | 00,947,472 | ---- | M | MD5 = E75AA32C6B79C846F5314CA4DA92F29E] (Microsoft Corporation)
CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M | Unable to obtain MD5] (Microsoft Corporation)
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> 
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> 
1 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{6414512B-B978-451D-A0D8-FCFDF33E833C} [HKLM] -> http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1219114275875 [WUWebControl Class] -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab [Java Plug-in 1.6.0_10] -> 
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab [Java Plug-in 1.6.0_01] -> 
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab [Java Plug-in 1.6.0_07] -> 
{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab [Java Plug-in 1.6.0_10] -> 
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab [Java Plug-in 1.6.0_10] -> 
{D27CDB6E-AE6D-11CF-96B8-444553540000} [HKLM] -> http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab [Shockwave Flash Object] -> 
Microsoft XML Parser for Java [HKLM] -> file://C:\WINDOWS\Java\classes\xmldso.cab [Reg Error: Key does not exist or could not be opened.] -> 
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{0559FD64-0A2D-4727-967F-2B303302CE9E} ->    () -> 
{14F4B4AE-FB41-42A9-B761-F9EC1F2980EB} ->    (1394 Net Adapter) -> 
{7232DF30-ABE3-4196-B1F0-2F4B9F29EC53} ->    (Linksys Wireless-G PCI Adapter) -> 
< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs -> 
*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls -> 
c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL -> %ProgramFiles%\Sophos\Sophos Anti-Virus\sophos_detoured.dll -> [2008/03/04 10:46:04 | 00,173,056 | ---- | M | MD5 = DEC5FD94DA85E02CDE1F3BB834F9DE79] (Sophos Plc)
*MultiFile Done* -> -> 
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> 
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}" [HKLM] -> %ProgramFiles%\Windows Defender\MpShHook.dll [Microsoft AntiMalware ShellExecuteHook] -> [2006/11/03 17:20:00 | 00,083,224 | ---- | M | MD5 = F9D82B82F1B7C0B2D2606A987073F58C] (Microsoft Corporation)
< LSA Authentication Packages [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> 
*LSA Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> 
C:\WINDOWS\system32\efcYRifE ->  -> File not found
*MultiFile Done* -> -> 
< Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List -> 
"%windir%\Network Diagnostic\xpnetdiag.exe" -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> [2008/04/13 13:53:32 | 00,558,080 | ---- | M | MD5 = AAC1D4EE39DF138C5D30AC5883E3B59F] (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> [2008/04/13 19:12:34 | 00,141,312 | ---- | M | MD5 = 3C37BF86641BDA977C3BF8A840F3B7FA] (Microsoft Corporation)
"C:\Program Files\Microsoft Office Communicator\communicator.exe" -> C:\Program Files\Microsoft Office Communicator\communicator.exe [C:\Program Files\Microsoft Office Communicator\communicator.exe:*:Enabled:Microsoft Office Communicator 2007] -> [2007/07/23 09:33:58 | 05,803,368 | ---- | M | MD5 = 380485F6B790F74E73802139551304A8] (Microsoft Corporation)
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List -> 
"%windir%\Network Diagnostic\xpnetdiag.exe" -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> [2008/04/13 13:53:32 | 00,558,080 | ---- | M | MD5 = AAC1D4EE39DF138C5D30AC5883E3B59F] (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> [2008/04/13 19:12:34 | 00,141,312 | ---- | M | MD5 = 3C37BF86641BDA977C3BF8A840F3B7FA] (Microsoft Corporation)
"C:\Program Files\Bradford Networks\Persistent Agent\bndaemon.exe" -> C:\Program Files\Bradford Networks\Persistent Agent\bndaemon.exe [C:\Program Files\Bradford Networks\Persistent Agent\bndaemon.exe:*:Enabled:Bradford Persistent Agent] -> [2008/10/25 21:25:36 | 02,940,296 | ---- | M | MD5 = 8263968B0D472549CA7BD26BBE70AF7D] (Bradford Networks)
"C:\Program Files\iTunes\iTunes.exe" -> C:\Program Files\iTunes\iTunes.exe [C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes] -> [2007/06/01 15:51:24 | 14,778,432 | ---- | M | MD5 = E9BC9604B827D99A5BC0C7D55F017A8A] (Apple Inc.)
"C:\Program Files\Messenger\msmsgs.exe" -> C:\Program Files\Messenger\msmsgs.exe [C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M | Unable to obtain MD5] (Microsoft Corporation)
"C:\Program Files\Microsoft Games\Rise of Nations\rise.exe" -> C:\Program Files\Microsoft Games\Rise of Nations\rise.exe [C:\Program Files\Microsoft Games\Rise of Nations\rise.exe:*:Enabled:Rise of Nations] -> [2003/04/18 18:57:24 | 00,487,462 | ---- | M | MD5 = E8447D6E6150FF1C3717B909843FBF4D] (Big Huge Games, Inc.)
"C:\Program Files\Microsoft Office Communicator\communicator.exe" -> C:\Program Files\Microsoft Office Communicator\communicator.exe [C:\Program Files\Microsoft Office Communicator\communicator.exe:*:Enabled:Microsoft Office Communicator 2007] -> [2007/07/23 09:33:58 | 05,803,368 | ---- | M | MD5 = 380485F6B790F74E73802139551304A8] (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" -> C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE [C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook] -> [2008/05/21 03:37:24 | 12,844,576 | ---- | M | MD5 = 063C6CAE4E376946FF5B1CC1CB556164] (Microsoft Corporation)
"C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe" -> C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe [C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe:*:Enabled:Apache HTTP Server] -> [2004/11/30 10:08:56 | 00,020,543 | ---- | M | MD5 = B81F8778F5BB485F3B75114F0C99A49F] (Apache Software Foundation)
"C:\Program Files\Steam\Steam.exe" -> C:\Program Files\Steam\Steam.exe [C:\Program Files\Steam\Steam.exe:*:Enabled:Steam] -> [2008/10/08 08:16:01 | 01,410,296 | ---- | M | MD5 = E2F041F209D4ADDA9882778A11EAB922] (Valve Corporation)
"C:\Program Files\Steam\SteamApps\rchill243\half-life 2\hl2.exe" -> C:\Program Files\Steam\SteamApps\rchill243\half-life 2\hl2.exe [C:\Program Files\Steam\SteamApps\rchill243\half-life 2\hl2.exe:*:Enabled:hl2] -> [2007/09/30 10:55:27 | 00,106,496 | ---- | M | MD5 = E38BC61E1D67FE63C6C1A720496507E3] ()
"C:\Program Files\Steam\SteamApps\rchill243\source sdk base\hl2.exe" -> C:\Program Files\Steam\SteamApps\rchill243\source sdk base\hl2.exe [C:\Program Files\Steam\SteamApps\rchill243\source sdk base\hl2.exe:*:Enabled:hl2] -> [2007/09/28 14:04:10 | 00,106,496 | ---- | M | MD5 = 7C271BBD974C760F516F1C9F9B61E0F2] ()
"C:\Program Files\Warcraft III\Warcraft III.exe" -> C:\Program Files\Warcraft III\Warcraft III.exe [C:\Program Files\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III] -> [2008/07/15 22:51:10 | 00,274,432 | ---- | M | MD5 = FCF33A18C6F893B4C39F6E15FF3A29E8] (Blizzard Entertainment)
"C:\Program Files\World In Conflict - Closed MP Beta\wic.exe" -> C:\Program Files\World In Conflict - Closed MP Beta\wic.exe [C:\Program Files\World In Conflict - Closed MP Beta\wic.exe:*:Enabled:World in Conflict] -> File not found
"C:\Program Files\World of Warcraft\BackgroundDownloader.exe" -> C:\Program Files\World of Warcraft\BackgroundDownloader.exe [C:\Program Files\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader] -> [2009/01/20 11:10:47 | 02,172,400 | ---- | M | MD5 = 3A39B42E20A263CE8856B22ADB01870F] (Blizzard Entertainment)
"C:\Program Files\World of Warcraft\WoW-2.0.10.6448-to-2.0.12.6546-enUS-downloader.exe" -> C:\Program Files\World of Warcraft\WoW-2.0.10.6448-to-2.0.12.6546-enUS-downloader.exe [C:\Program Files\World of Warcraft\WoW-2.0.10.6448-to-2.0.12.6546-enUS-downloader.exe:*:Enabled:Blizzard Downloader] -> [2007/04/04 19:32:06 | 00,771,411 | ---- | M | MD5 = D17AC8B93281A471397780D17C432AD8] (Blizzard Entertainment)
"C:\Program Files\World of Warcraft\WoW-2.0.3.6299-to-2.0.10.6448-enUS-downloader.exe" -> C:\Program Files\World of Warcraft\WoW-2.0.3.6299-to-2.0.10.6448-enUS-downloader.exe [C:\Program Files\World of Warcraft\WoW-2.0.3.6299-to-2.0.10.6448-enUS-downloader.exe:*:Enabled:Blizzard Downloader] -> [2007/03/25 18:28:51 | 00,771,502 | ---- | M | MD5 = F5B2FAC0DC2EB82DC6DE9392C10590BC] (Blizzard Entertainment)
"C:\Program Files\World of Warcraft\WoW-2.0.3-enUS-downloader.exe" -> C:\Program Files\World of Warcraft\WoW-2.0.3-enUS-downloader.exe [C:\Program Files\World of Warcraft\WoW-2.0.3-enUS-downloader.exe:*:Enabled:Blizzard Downloader] -> [2007/03/25 17:59:40 | 00,784,032 | ---- | M | MD5 = 577B9CA924A9AFB96020530F8ADE1E79] (Blizzard Entertainment)
"C:\Program Files\World of Warcraft\WoW-2.2.3.7359-to-2.3.0.7561-enUS-downloader.exe" -> C:\Program Files\World of Warcraft\WoW-2.2.3.7359-to-2.3.0.7561-enUS-downloader.exe [C:\Program Files\World of Warcraft\WoW-2.2.3.7359-to-2.3.0.7561-enUS-downloader.exe:*:Enabled:Blizzard Downloader] -> [2007/11/13 13:50:24 | 00,830,650 | ---- | M | MD5 = 571375BC276760E373F9212C6E0215E1] (Blizzard Entertainment)
"C:\WINDOWS\system32\dpvsetup.exe" -> C:\WINDOWS\system32\dpvsetup.exe [C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test] -> [2008/04/13 19:12:18 | 00,083,456 | ---- | M | MD5 = EA36B806E30D927F70E24EAF545CCC17] (Microsoft Corporation)
"C:\WINDOWS\system32\rundll32.exe" -> C:\WINDOWS\system32\rundll32.exe [C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App] -> [2008/04/13 19:12:33 | 00,033,280 | ---- | M | MD5 = 037B1E7798960E0420003D05BB577EE6] (Microsoft Corporation)
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> 
"AlternateShell" -> cmd.exe -> 
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 -> 
"DisplayName" -> CD-ROM Driver -> 
"ImagePath" -> %SystemRoot%\system32\drivers\cdrom.sys [system32\DRIVERS\cdrom.sys] -> [2008/05/02 05:49:39 | 00,062,976 | ---- | M | MD5 = 4B0A100EAF5C49EF3CCA8C641431EACC] (Microsoft Corporation)
< Drives with AutoRun files > ->  -> 
C:\AUTOEXEC.BAT [] -> %SystemDrive%\AUTOEXEC.BAT [ NTFS ] -> [2007/03/25 15:35:19 | 00,000,000 | ---- | M | MD5 = D41D8CD98F00B204E9800998ECF8427E] ()
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> 
\{0c80a90e-6fce-11dd-a057-0014bf782269}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0c80a90e-6fce-11dd-a057-0014bf782269}\Shell
\{0c80a90e-6fce-11dd-a057-0014bf782269}\Shell\\"" ->  [AutoRun] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0c80a90e-6fce-11dd-a057-0014bf782269}\Shell\AutoRun
\{0c80a90e-6fce-11dd-a057-0014bf782269}\Shell\AutoRun\\"" ->  [Auto&Play] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0c80a90e-6fce-11dd-a057-0014bf782269}\Shell\AutoRun\command
\{0c80a90e-6fce-11dd-a057-0014bf782269}\Shell\AutoRun\command\\"" -> I:\LaunchU3.exe [I:\LaunchU3.exe] -> File not found
\{56f9f375-3d80-11dd-a012-0014bf782269}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{56f9f375-3d80-11dd-a012-0014bf782269}\Shell\AutoRun\command
\{56f9f375-3d80-11dd-a012-0014bf782269}\Shell\AutoRun\command\\"" -> I:\InstallTomTomHOME.exe [I:\InstallTomTomHOME.exe] -> File not found
 
[Registry - Additional Scans - Safe List]
< File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ -> 
.bat [@ = batfile] -> "%1" %* -> 
.chm [@ = chm.file] -> %SystemRoot%\hh.exe -> [2008/04/13 19:12:21 | 00,010,752 | ---- | M | MD5 = 6BA0A833DCABF3E28622143689E2C92E] (Microsoft Corporation)
.cmd [@ = cmdfile] -> "%1" %* -> 
.com [@ = comfile] -> "%1" %* -> 
.exe [@ = exefile] -> "%1" %* -> 
.hlp [@ = hlpfile] -> %SystemRoot%\system32\winhlp32.exe -> [2004/10/08 07:01:47 | 00,008,192 | ---- | M | MD5 = 37B726C72699456BF34134C2BB89727A] (Microsoft Corporation)
.hta [@ = htafile] -> %SystemRoot%\system32\mshta.exe -> [2007/08/13 18:32:30 | 00,045,568 | ---- | M | MD5 = 2667B412F7453B8C39197D3C550536CD] (Microsoft Corporation)
.html [@ = FirefoxHTML] -> %ProgramFiles%\Mozilla Firefox\firefox.exe -> [2009/01/03 18:45:02 | 00,307,704 | ---- | M | MD5 = 8DA0A66CB74FCBB393038E37E0F691BA] (Mozilla Corporation)
.inf [@ = inffile] -> %SystemRoot%\system32\notepad.exe -> [2008/04/13 19:12:29 | 00,069,120 | ---- | M | MD5 = 5E28284F9B5F9097640D58A73D38AD4C] (Microsoft Corporation)
.ini [@ = inifile] -> %SystemRoot%\system32\notepad.exe -> [2008/04/13 19:12:29 | 00,069,120 | ---- | M | MD5 = 5E28284F9B5F9097640D58A73D38AD4C] (Microsoft Corporation)
.js [@ = JSFile] -> %SystemRoot%\system32\wscript.exe -> [2008/05/08 06:24:44 | 00,155,648 | ---- | M | MD5 = CEA8F7E45B7B098F5FB085BB6A6A4432] (Microsoft Corporation)
.jse [@ = JSEFile] -> %SystemRoot%\system32\wscript.exe -> [2008/05/08 06:24:44 | 00,155,648 | ---- | M | MD5 = CEA8F7E45B7B098F5FB085BB6A6A4432] (Microsoft Corporation)
.pif [@ = piffile] -> "%1" %* -> 
.reg [@ = regfile] -> %SystemRoot%\regedit.exe -> [2008/04/13 19:12:32 | 00,146,432 | ---- | M | MD5 = 058710B720282CA82B909912D3EF28DB] (Microsoft Corporation)
.scr [@ = scrfile] -> "%1" /S -> 
.txt [@ = txtfile] -> %SystemRoot%\system32\notepad.exe -> [2008/04/13 19:12:29 | 00,069,120 | ---- | M | MD5 = 5E28284F9B5F9097640D58A73D38AD4C] (Microsoft Corporation)
.vbe [@ = VBEFile] -> %SystemRoot%\system32\wscript.exe -> [2008/05/08 06:24:44 | 00,155,648 | ---- | M | MD5 = CEA8F7E45B7B098F5FB085BB6A6A4432] (Microsoft Corporation)
.vbs [@ = VBSFile] -> %SystemRoot%\system32\wscript.exe -> [2008/05/08 06:24:44 | 00,155,648 | ---- | M | MD5 = CEA8F7E45B7B098F5FB085BB6A6A4432] (Microsoft Corporation)
.wsf [@ = WSFFile] -> %SystemRoot%\system32\wscript.exe -> [2008/05/08 06:24:44 | 00,155,648 | ---- | M | MD5 = CEA8F7E45B7B098F5FB085BB6A6A4432] (Microsoft Corporation)
.wsh [@ = WSHFile] -> %SystemRoot%\system32\wscript.exe -> [2008/05/08 06:24:44 | 00,155,648 | ---- | M | MD5 = CEA8F7E45B7B098F5FB085BB6A6A4432] (Microsoft Corporation)
< Protocol Filters [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\ -> 
text/xml:{807563E5-5146-11D5-A672-00B0D022E945} [HKLM] -> %CommonProgramFiles%\Microsoft Shared\OFFICE12\MSOXMLMF.DLL[Microsoft Office InfoPath XML Mime Filter] -> [2006/10/26 20:41:48 | 00,044,344 | ---- | M | MD5 = 1264F787E46DC572FA274CA09B446E01] (Microsoft Corporation)
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> 
ipp: [HKLM] -> No CLSID value
ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} [HKLM] -> %CommonProgramFiles%\System\Ole DB\MSDAIPP.DLL[MSDAMON.BINDER] -> [2007/08/28 22:55:14 | 01,014,128 | ---- | M | MD5 = 897753FFAEE714E6B491652C05D13E3F] (Microsoft Corporation)
msdaipp: [HKLM] -> No CLSID value
msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} [HKLM] -> %CommonProgramFiles%\System\Ole DB\MSDAIPP.DLL[MSDAMON.BINDER] -> [2007/08/28 22:55:14 | 01,014,128 | ---- | M | MD5 = 897753FFAEE714E6B491652C05D13E3F] (Microsoft Corporation)
msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} [HKLM] -> %CommonProgramFiles%\System\Ole DB\MSDAIPP.DLL[MSDAIPP.BINDER] -> [2007/08/28 22:55:14 | 01,014,128 | ---- | M | MD5 = 897753FFAEE714E6B491652C05D13E3F] (Microsoft Corporation)
ms-help:{314111c7-a502-11d2-bbca-00c04f8ec294} [HKLM] -> %CommonProgramFiles%\Microsoft Shared\Help\hxds.dll[HxProtocol Class] -> [2006/10/26 12:45:02 | 00,873,216 | ---- | M | MD5 = 9E7370CC3D6A43942433F85D0E2BBDD8] (Microsoft Corporation)
< Security Center Settings > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center
\\"FirstRunDisabled" ->  [1] -> File not found
\\"AntiVirusDisableNotify" ->  [0] -> File not found
\\"FirewallDisableNotify" ->  [0] -> File not found
\\"UpdatesDisableNotify" ->  [0] -> File not found
\\"AntiVirusOverride" ->  [0] -> File not found
\\"FirewallOverride" ->  [0] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus
\Monitoring\SophosAntiVirus\\"DisableMonitoring" ->  [1] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> -> 
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
\\"EnableFirewall" ->  [0] -> File not found
\\"DoNotAllowExceptions" ->  [0] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\IcmpSettings\ -> -> 
< Uninstall List [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ -> 
{0076E1AC-9E7B-4B9F-A62A-4CC9511AD8E3} -> Zune Language Pack (FR)
{01501EBA-EC35-4F9F-8889-3BE346E5DA13} -> MSXML4 Parser
{034759DA-E21A-4795-BFB3-C66D17FAD183} -> Sophos Anti-Virus
{048298C9-A4D3-490B-9FF9-AB023A9238F3} -> Steam
{08094E03-AFE4-4853-9D31-6D0743DF5328} -> QuickTime
{0837A661-FEC3-48B3-876C-91E7D32048A9} -> Macromedia Dreamweaver 8
{0D499481-22C6-4B25-8AC2-6D3F6C885FB9} -> OpenOffice.org Installer 1.0
{141F0AAA-1495-46AC-A125-73B6371A51E0} -> Brother HL-2140
{15C418EB-7675-42be-B2B3-281952DA014D} -> Sophos AutoUpdate
{1F6423DE-7959-4178-80E0-023C7EAA5347} -> NVIDIA ForceWare Network Access Manager
{26A24AE4-039D-4CA4-87B4-2F83216010FF} -> Java(TM) 6 Update 10
{3248F0A8-6813-11D6-A77B-00B0D0160010} -> Java(TM) SE Runtime Environment 6 Update 1
{3248F0A8-6813-11D6-A77B-00B0D0160070} -> Java(TM) 6 Update 7
{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227} -> WebFldrs XP
{3F07C6C9-29E9-485B-A833-BFA5B756DC31} -> Bradford Persistent Agent
{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B} -> Adobe® Photoshop® Album Starter Edition 3.0
{4DDC3BED-CC68-44AA-B435-D727B620CA5B} -> Linksys Wireless-G PCI Adapter
{553E56C3-7AA1-45FE-A2FC-2C43DC27F765} -> iTunes
{5546CDB5-2CE2-498B-B059-5B3BF81FC41F} -> Macromedia Extension Manager
{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3} -> Power Tab Editor 1.7
{7299052b-02a4-4627-81f2-1818da5d550d} -> Microsoft Visual C++ 2005 Redistributable
{789289CA-F73A-4A16-A331-54D498CE069F} -> Ventrilo Client
{851C67EF-068A-4060-9EF5-2E3DDCD68382} -> Adobe Photoshop Elements 3.0
{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} -> Microsoft Silverlight
{8FC46258-0843-4D79-B7F0-F2B82FE6173B} -> Apple Mobile Device Support
{90120000-0010-0409-0000-0000000FF1CE} -> Microsoft Software Update for Web Folders  (English) 12
{90120000-0015-0409-0000-0000000FF1CE} -> Microsoft Office Access MUI (English) 2007
{90120000-0015-0409-0000-0000000FF1CE}_PROPLUSR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59} -> 2007 Microsoft Office Suite Service Pack 1 (SP1)
{90120000-0016-0409-0000-0000000FF1CE} -> Microsoft Office Excel MUI (English) 2007
{90120000-0016-0409-0000-0000000FF1CE}_PROPLUSR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59} -> 2007 Microsoft Office Suite Service Pack 1 (SP1)
{90120000-0018-0409-0000-0000000FF1CE} -> Microsoft Office PowerPoint MUI (English) 2007
{90120000-0018-0409-0000-0000000FF1CE}_PROPLUSR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59} -> 2007 Microsoft Office Suite Service Pack 1 (SP1)
{90120000-0019-0409-0000-0000000FF1CE} -> Microsoft Office Publisher MUI (English) 2007
{90120000-0019-0409-0000-0000000FF1CE}_PROPLUSR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59} -> 2007 Microsoft Office Suite Service Pack 1 (SP1)
{90120000-001A-0409-0000-0000000FF1CE} -> Microsoft Office Outlook MUI (English) 2007
{90120000-001A-0409-0000-0000000FF1CE}_PROPLUSR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59} -> 2007 Microsoft Office Suite Service Pack 1 (SP1)
{90120000-001B-0409-0000-0000000FF1CE} -> Microsoft Office Word MUI (English) 2007
{90120000-001B-0409-0000-0000000FF1CE}_PROPLUSR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59} -> 2007 Microsoft Office Suite Service Pack 1 (SP1)
{90120000-001F-0409-0000-0000000FF1CE} -> Microsoft Office Proof (English) 2007
{90120000-001F-0409-0000-0000000FF1CE}_PROPLUSR_{3EC77D26-799B-4CD8-914F-C1565E796173} -> 2007 Microsoft Office Suite Service Pack 1 (SP1)
{90120000-001F-040C-0000-0000000FF1CE} -> Microsoft Office Proof (French) 2007
{90120000-001F-040C-0000-0000000FF1CE}_PROPLUSR_{430971B1-C31E-45DA-81E0-72C095BAB72C} -> 2007 Microsoft Office Suite Service Pack 1 (SP1)
{90120000-001F-0C0A-0000-0000000FF1CE} -> Microsoft Office Proof (Spanish) 2007
{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUSR_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1} -> 2007 Microsoft Office Suite Service Pack 1 (SP1)
{90120000-002C-0409-0000-0000000FF1CE} -> Microsoft Office Proofing (English) 2007
{90120000-0044-0409-0000-0000000FF1CE} -> Microsoft Office InfoPath MUI (English) 2007
{90120000-0044-0409-0000-0000000FF1CE}_PROPLUSR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59} -> 2007 Microsoft Office Suite Service Pack 1 (SP1)
{90120000-006E-0409-0000-0000000FF1CE} -> Microsoft Office Shared MUI (English) 2007
{90120000-006E-0409-0000-0000000FF1CE}_PROPLUSR_{FAD8A83E-9BAC-4179-9268-A35948034D85} -> 2007 Microsoft Office Suite Service Pack 1 (SP1)
{90120000-0115-0409-0000-0000000FF1CE} -> Microsoft Office Shared Setup Metadata MUI (English) 2007
{90120000-0115-0409-0000-0000000FF1CE}_PROPLUSR_{FAD8A83E-9BAC-4179-9268-A35948034D85} -> 2007 Microsoft Office Suite Service Pack 1 (SP1)
{90120000-0117-0409-0000-0000000FF1CE} -> Microsoft Office Access Setup Metadata MUI (English) 2007
{90120000-0117-0409-0000-0000000FF1CE}_PROPLUSR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59} -> 2007 Microsoft Office Suite Service Pack 1 (SP1)
{91120000-0011-0000-0000-0000000FF1CE} -> Microsoft Office Professional Plus 2007
{91120000-0011-0000-0000-0000000FF1CE}_PROPLUSR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419} -> 2007 Microsoft Office Suite Service Pack 1 (SP1)
{95120000-00B9-0409-0000-0000000FF1CE} -> Microsoft Application Error Reporting
{A06275F4-324B-4E85-95E6-87B2CD729401} -> Windows Defender
{A260B422-70E1-41E2-957D-F76FA21266D5} -> Apple Software Update
{A49F249F-0C91-497F-86DF-B2585E8E76B7} -> Microsoft Visual C++ 2005 Redistributable
{AC76BA86-7AD7-1033-7B44-A81200000003} -> Adobe Reader 8.1.2
{AC76BA86-7AD7-2448-0000-800000000003} -> Chinese Traditional Fonts Support For Adobe Reader 8
{B508B3F1-A24A-32C0-B310-85786919EF28} -> Microsoft .NET Framework 2.0 Service Pack 1
{CFA679D8-5216-4E10-B7D3-BA4033A6991E} -> i80 Setup Utility
{DDDD90B2-80F2-413A-8A8E-38C5076A7DBA} -> Dragon NaturallySpeaking 9
{E280923D-C5D9-4728-8C79-AC9A0DC75875} -> BioShock
{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E} -> Windows Media Encoder 9 Series
{E51572F1-129C-4318-B0A5-E1A261FCBBA5} -> Texas Hold'em Poker
{E5BA0430-919F-46DD-B656-0796F8A5ADFF} -> Microsoft Office Communicator 2007
{EE4ACABF-531E-419A-9225-B8E0FA4955AF} -> Zune Language Pack (ES)
{FB08F381-6533-4108-B7DD-039E11FBC27E} -> Realtek AC'97 Audio
{FF70513F-E3A7-402F-84FB-B7810A064BE2} -> Zune
Adobe Flash Player ActiveX -> Adobe Flash Player ActiveX
Adobe Flash Player Plugin -> Adobe Flash Player 10 Plugin
Adobe Shockwave Player -> Adobe Shockwave Player
AskPBar Uninstall -> Ask Toolbar
CANONBJ_Deinstall_CNMCP5u.DLL -> Canon i80
Cucusoft DVD to Zune Converter_is1 -> Cucusoft DVD to Zune Converter 7.06
GameSpy Arcade -> GameSpy Arcade
Half-Life 2 Riot Act -> Half-Life 2 Riot Act 1.0
HijackThis -> HijackThis 2.0.2
IDNMitigationAPIs -> Microsoft Internationalized Domain Names Mitigation APIs
ie7 -> Windows Internet Explorer 7
InstallShield_{1F6423DE-7959-4178-80E0-023C7EAA5347} -> NVIDIA ForceWare Network Access Manager
Malwarebytes' Anti-Malware_is1 -> Malwarebytes' Anti-Malware
Mozilla Firefox (3.0.5) -> Mozilla Firefox (3.0.5)
MSCompPackV1 -> Microsoft Compression Client Pack 1.0 for Windows XP
MSNINST -> MSN
MyITLab ActiveX Installer_is1 -> MyITLab ActiveX Installer 2.8.5.65535
NLSDownlevelMapping -> Microsoft National Language Support Downlevel APIs
NVIDIA Drivers -> NVIDIA Drivers
Plan of Attack -> Plan of Attack
PROPLUSR -> Microsoft Office Professional Plus 2007
RiseOfNations 1.0 -> Microsoft Rise Of Nations
ShockwaveFlash -> Adobe Flash Player 9 ActiveX
Steam App 215 -> Source SDK Base
Steam App 320 -> Half-Life 2: Deathmatch
Steam App 360 -> Half-Life Deathmatch: Source
Steam App 380 -> Half-Life 2: Episode One
Teamspeak 2 RC2_is1 -> TeamSpeak 2 RC2
TK8 EasyNote 1.1 -> TK8 EasyNote 1.1
TomTom HOME -> TomTom HOME
Trillian -> Trillian
Wdf01005 -> Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Wdf01007 -> Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Windows Media Encoder 9 -> Windows Media Encoder 9 Series
Windows Media Format Runtime -> Windows Media Format 11 runtime
Windows XP Service Pack -> Windows XP Service Pack 3
WinRAR archiver -> WinRAR archiver
winusb0100 -> Microsoft WinUsb 1.0
WMFDist11 -> Windows Media Format 11 runtime
World of Warcraft -> World of Warcraft
Wudf01007 -> Microsoft User-Mode Driver Framework Feature Pack 1.7
Zune -> Zune
< Uninstall List [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ -> 
Warcraft III -> Warcraft III: All Products
< Winsock2 Catalogs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\ -> 
Protocol_Catalog9\Catalog_Entries\000000000001 -> %SystemRoot%\system32\nvappfilter.dll -> [2005/04/29 17:21:18 | 00,131,072 | ---- | M | MD5 = E34E3576674EB2B728C4423D644A97FD] (NVIDIA)
Protocol_Catalog9\Catalog_Entries\000000000002 -> %SystemRoot%\system32\nvappfilter.dll -> [2005/04/29 17:21:18 | 00,131,072 | ---- | M | MD5 = E34E3576674EB2B728C4423D644A97FD] (NVIDIA)
Protocol_Catalog9\Catalog_Entries\000000000003 -> %SystemRoot%\system32\nvappfilter.dll -> [2005/04/29 17:21:18 | 00,131,072 | ---- | M | MD5 = E34E3576674EB2B728C4423D644A97FD] (NVIDIA)
Protocol_Catalog9\Catalog_Entries\000000000004 -> %SystemRoot%\system32\nvappfilter.dll -> [2005/04/29 17:21:18 | 00,131,072 | ---- | M | MD5 = E34E3576674EB2B728C4423D644A97FD] (NVIDIA)
Protocol_Catalog9\Catalog_Entries\000000000005 -> %SystemRoot%\system32\nvappfilter.dll -> [2005/04/29 17:21:18 | 00,131,072 | ---- | M | MD5 = E34E3576674EB2B728C4423D644A97FD] (NVIDIA)
Protocol_Catalog9\Catalog_Entries\000000000006 -> %SystemRoot%\system32\nvappfilter.dll -> [2005/04/29 17:21:18 | 00,131,072 | ---- | M | MD5 = E34E3576674EB2B728C4423D644A97FD] (NVIDIA)
Protocol_Catalog9\Catalog_Entries\000000000007 -> %SystemRoot%\system32\nvappfilter.dll -> [2005/04/29 17:21:18 | 00,131,072 | ---- | M | MD5 = E34E3576674EB2B728C4423D644A97FD] (NVIDIA)
Protocol_Catalog9\Catalog_Entries\000000000008 -> %SystemRoot%\system32\nvappfilter.dll -> [2005/04/29 17:21:18 | 00,131,072 | ---- | M | MD5 = E34E3576674EB2B728C4423D644A97FD] (NVIDIA)
Protocol_Catalog9\Catalog_Entries\000000000009 -> %SystemRoot%\system32\nvappfilter.dll -> [2005/04/29 17:21:18 | 00,131,072 | ---- | M | MD5 = E34E3576674EB2B728C4423D644A97FD] (NVIDIA)
Protocol_Catalog9\Catalog_Entries\000000000010 -> %SystemRoot%\system32\nvappfilter.dll -> [2005/04/29 17:21:18 | 00,131,072 | ---- | M | MD5 = E34E3576674EB2B728C4423D644A97FD] (NVIDIA)
Protocol_Catalog9\Catalog_Entries\000000000011 -> %SystemRoot%\system32\nvappfilter.dll -> [2005/04/29 17:21:18 | 00,131,072 | ---- | M | MD5 = E34E3576674EB2B728C4423D644A97FD] (NVIDIA)
Protocol_Catalog9\Catalog_Entries\000000000012 -> %SystemRoot%\system32\nvappfilter.dll -> [2005/04/29 17:21:18 | 00,131,072 | ---- | M | MD5 = E34E3576674EB2B728C4423D644A97FD] (NVIDIA)
Protocol_Catalog9\Catalog_Entries\000000000013 -> %SystemRoot%\system32\nvappfilter.dll -> [2005/04/29 17:21:18 | 00,131,072 | ---- | M | MD5 = E34E3576674EB2B728C4423D644A97FD] (NVIDIA)
Protocol_Catalog9\Catalog_Entries\000000000014 -> %SystemRoot%\system32\nvappfilter.dll -> [2005/04/29 17:21:18 | 00,131,072 | ---- | M | MD5 = E34E3576674EB2B728C4423D644A97FD] (NVIDIA)
Protocol_Catalog9\Catalog_Entries\000000000015 -> %SystemRoot%\system32\nvappfilter.dll -> [2005/04/29 17:21:18 | 00,131,072 | ---- | M | MD5 = E34E3576674EB2B728C4423D644A97FD] (NVIDIA)
Protocol_Catalog9\Catalog_Entries\000000000016 -> %SystemRoot%\system32\nvappfilter.dll -> [2005/04/29 17:21:18 | 00,131,072 | ---- | M | MD5 = E34E3576674EB2B728C4423D644A97FD] (NVIDIA)
Protocol_Catalog9\Catalog_Entries\000000000017 -> %SystemRoot%\system32\nvappfilter.dll -> [2005/04/29 17:21:18 | 00,131,072 | ---- | M | MD5 = E34E3576674EB2B728C4423D644A97FD] (NVIDIA)
Protocol_Catalog9\Catalog_Entries\000000000018 -> %SystemRoot%\system32\nvappfilter.dll -> [2005/04/29 17:21:18 | 00,131,072 | ---- | M | MD5 = E34E3576674EB2B728C4423D644A97FD] (NVIDIA)
Protocol_Catalog9\Catalog_Entries\000000000019 -> %SystemRoot%\system32\nvappfilter.dll -> [2005/04/29 17:21:18 | 00,131,072 | ---- | M | MD5 = E34E3576674EB2B728C4423D644A97FD] (NVIDIA)
Protocol_Catalog9\Catalog_Entries\000000000020 -> %SystemRoot%\system32\nvappfilter.dll -> [2005/04/29 17:21:18 | 00,131,072 | ---- | M | MD5 = E34E3576674EB2B728C4423D644A97FD] (NVIDIA)
Protocol_Catalog9\Catalog_Entries\000000000021 -> %SystemRoot%\system32\nvappfilter.dll -> [2005/04/29 17:21:18 | 00,131,072 | ---- | M | MD5 = E34E3576674EB2B728C4423D644A97FD] (NVIDIA)
Protocol_Catalog9\Catalog_Entries\000000000022 -> %SystemRoot%\system32\nvappfilter.dll -> [2005/04/29 17:21:18 | 00,131,072 | ---- | M | MD5 = E34E3576674EB2B728C4423D644A97FD] (NVIDIA)
Protocol_Catalog9\Catalog_Entries\000000000023 -> %SystemRoot%\system32\nvappfilter.dll -> [2005/04/29 17:21:18 | 00,131,072 | ---- | M | MD5 = E34E3576674EB2B728C4423D644A97FD] (NVIDIA)
Protocol_Catalog9\Catalog_Entries\000000000024 -> %SystemRoot%\system32\nvappfilter.dll -> [2005/04/29 17:21:18 | 00,131,072 | ---- | M | MD5 = E34E3576674EB2B728C4423D644A97FD] (NVIDIA)
Protocol_Catalog9\Catalog_Entries\000000000025 -> %SystemRoot%\system32\nvappfilter.dll -> [2005/04/29 17:21:18 | 00,131,072 | ---- | M | MD5 = E34E3576674EB2B728C4423D644A97FD] (NVIDIA)
Protocol_Catalog9\Catalog_Entries\000000000026 -> %SystemRoot%\system32\nvappfilter.dll -> [2005/04/29 17:21:18 | 00,131,072 | ---- | M | MD5 = E34E3576674EB2B728C4423D644A97FD] (NVIDIA)
Protocol_Catalog9\Catalog_Entries\000000000027 -> %SystemRoot%\system32\nvappfilter.dll -> [2005/04/29 17:21:18 | 00,131,072 | ---- | M | MD5 = E34E3576674EB2B728C4423D644A97FD] (NVIDIA)
Protocol_Catalog9\Catalog_Entries\000000000028 -> %SystemRoot%\system32\nvappfilter.dll -> [2005/04/29 17:21:18 | 00,131,072 | ---- | M | MD5 = E34E3576674EB2B728C4423D644A97FD] (NVIDIA)
Protocol_Catalog9\Catalog_Entries\000000000029 -> %SystemRoot%\system32\nvappfilter.dll -> [2005/04/29 17:21:18 | 00,131,072 | ---- | M | MD5 = E34E3576674EB2B728C4423D644A97FD] (NVIDIA)
Protocol_Catalog9\Catalog_Entries\000000000030 -> %SystemRoot%\system32\nvappfilter.dll -> [2005/04/29 17:21:18 | 00,131,072 | ---- | M | MD5 = E34E3576674EB2B728C4423D644A97FD] (NVIDIA)
Protocol_Catalog9\Catalog_Entries\000000000031 -> %SystemRoot%\system32\nvappfilter.dll -> [2005/04/29 17:21:18 | 00,131,072 | ---- | M | MD5 = E34E3576674EB2B728C4423D644A97FD] (NVIDIA)
Protocol_Catalog9\Catalog_Entries\000000000032 -> %SystemRoot%\system32\nvappfilter.dll -> [2005/04/29 17:21:18 | 00,131,072 | ---- | M | MD5 = E34E3576674EB2B728C4423D644A97FD] (NVIDIA)
Protocol_Catalog9\Catalog_Entries\000000000033 -> %SystemRoot%\system32\nvappfilter.dll -> [2005/04/29 17:21:18 | 00,131,072 | ---- | M | MD5 = E34E3576674EB2B728C4423D644A97FD] (NVIDIA)
< EventViewer Logs - Last 10 Errors > -> Event Information -> Description
Application [ Error ] 1/10/2009 3:12:02 AM Computer Name = ROB-COMPUTER | Source = MPSampleSubmission | ID = 5000 -> Description = 
Application [ Error ] 1/10/2009 11:58:53 AM Computer Name = ROB-COMPUTER | Source = MPSampleSubmission | ID = 5000 -> Description = 
Application [ Error ] 1/11/2009 3:05:02 AM Computer Name = ROB-COMPUTER | Source = MPSampleSubmission | ID = 5000 -> Description = 
Application [ Error ] 1/13/2009 12:06:18 PM Computer Name = ROB-COMPUTER | Source = MPSampleSubmission | ID = 5000 -> Description = 
Application [ Error ] 1/15/2009 2:30:39 PM Computer Name = ROB-COMPUTER | Source = MPSampleSubmission | ID = 5000 -> Description = 
Application [ Error ] 1/16/2009 8:21:10 PM Computer Name = ROB-COMPUTER | Source = Application Hang | ID = 1002 -> Description = Hanging application jxpiinstall-6u11-fcs-bin-b90-windows-i586-25_nov_2008.exe, version 6.0.110.90, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Application [ Error ] 1/16/2009 8:28:54 PM Computer Name = ROB-COMPUTER | Source = Application Hang | ID = 1002 -> Description = Hanging application jxpiinstall-6u11-fcs-bin-b90-windows-i586-25_nov_2008(2).exe, version 6.0.110.90, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Application [ Error ] 1/17/2009 12:28:17 AM Computer Name = ROB-COMPUTER | Source = Application Hang | ID = 1002 -> Description = Hanging application jxpiinstall-6u11-fcs-bin-b90-windows-i586-25_nov_2008.exe, version 6.0.110.90, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Application [ Error ] 1/19/2009 6:21:47 PM Computer Name = ROB-COMPUTER | Source = Application Error | ID = 1000 -> Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting module nvappfilter.dll, version 2.2.0.488, fault address 0x00005197.
Application [ Error ] 1/20/2009 12:10:21 PM Computer Name = ROB-COMPUTER | Source = Application Hang | ID = 1002 -> Description = Hanging application firefox.exe, version 1.9.0.3257, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
System [ Error ] 1/23/2009 12:44:07 PM Computer Name = ROB-COMPUTER | Source = DCOM | ID = 10016 -> Description = The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID   {BC866CF2-5486-41F7-B46B-9AA49CF3EBB1}   to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19).  This security permission can be modified using the Component Services administrative tool.
System [ Error ] 1/23/2009 12:44:07 PM Computer Name = ROB-COMPUTER | Source = DCOM | ID = 10016 -> Description = The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID   {BC866CF2-5486-41F7-B46B-9AA49CF3EBB1}   to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19).  This security permission can be modified using the Component Services administrative tool.
System [ Error ] 1/23/2009 12:44:07 PM Computer Name = ROB-COMPUTER | Source = DCOM | ID = 10016 -> Description = The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID   {BC866CF2-5486-41F7-B46B-9AA49CF3EBB1}   to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19).  This security permission can be modified using the Component Services administrative tool.
System [ Error ] 1/23/2009 12:44:07 PM Computer Name = ROB-COMPUTER | Source = DCOM | ID = 10016 -> Description = The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID   {BC866CF2-5486-41F7-B46B-9AA49CF3EBB1}   to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19).  This security permission can be modified using the Component Services administrative tool.
System [ Error ] 1/23/2009 12:44:07 PM Computer Name = ROB-COMPUTER | Source = DCOM | ID = 10016 -> Description = The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID   {BC866CF2-5486-41F7-B46B-9AA49CF3EBB1}   to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19).  This security permission can be modified using the Component Services administrative tool.
System [ Error ] 1/23/2009 12:44:07 PM Computer Name = ROB-COMPUTER | Source = DCOM | ID = 10016 -> Description = The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID   {BC866CF2-5486-41F7-B46B-9AA49CF3EBB1}   to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19).  This security permission can be modified using the Component Services administrative tool.
System [ Error ] 1/23/2009 12:44:07 PM Computer Name = ROB-COMPUTER | Source = DCOM | ID = 10016 -> Description = The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID   {BC866CF2-5486-41F7-B46B-9AA49CF3EBB1}   to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19).  This security permission can be modified using the Component Services administrative tool.
System [ Error ] 1/23/2009 12:44:07 PM Computer Name = ROB-COMPUTER | Source = DCOM | ID = 10016 -> Description = The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID   {BC866CF2-5486-41F7-B46B-9AA49CF3EBB1}   to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19).  This security permission can be modified using the Component Services administrative tool.
System [ Error ] 1/23/2009 12:44:07 PM Computer Name = ROB-COMPUTER | Source = DCOM | ID = 10016 -> Description = The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID   {BC866CF2-5486-41F7-B46B-9AA49CF3EBB1}   to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19).  This security permission can be modified using the Component Services administrative tool.
System [ Error ] 1/23/2009 12:44:10 PM Computer Name = ROB-COMPUTER | Source = DCOM | ID = 10016 -> Description = The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID   {BC866CF2-5486-41F7-B46B-9AA49CF3EBB1}   to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19).  This security permission can be modified using the Component Services administrative tool.
 
[Files/Folders - Created Within 30 Days]
OTScanlt -> %SystemDrive%\OTScanlt -> [2009/01/23 11:41:38 | 00,000,000 | ---D | C]
OTScanIt2.exe -> %UserProfile%\Desktop\OTScanIt2.exe -> [2009/01/23 11:34:52 | 00,656,730 | ---- | C | MD5 = E32AAA525228A276C642BB6C4FA679D5] ()
GooredFixBackups -> %UserProfile%\Desktop\GooredFixBackups -> [2009/01/23 11:25:54 | 00,000,000 | ---D | C]
GooredFix.exe -> %UserProfile%\Desktop\GooredFix.exe -> [2009/01/23 11:25:10 | 00,091,136 | ---- | C | MD5 = 4E51DE2DFB7B11D1293DEE05B74E36BF] ()
dds.com -> %UserProfile%\Desktop\dds.com -> [2009/01/21 12:53:33 | 00,368,922 | ---- | C | MD5 = 5EF9BDC0907F2E00C7BCBBBE02082031] ()
WoW-3.0.3.9183-to-3.0.8.9464-enUS-patch.exe -> %UserProfile%\Desktop\WoW-3.0.3.9183-to-3.0.8.9464-enUS-patch.exe -> [2009/01/20 11:06:33 | 53,902,344 | ---- | C | MD5 = C7489BC955743F6F9F04632E9228F69D] ()
HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk -> [2009/01/16 18:15:31 | 00,001,734 | ---- | C | MD5 = 988FC3B80316890277A771938156082A] ()
Trend Micro -> %ProgramFiles%\Trend Micro -> [2009/01/16 18:15:30 | 00,000,000 | ---D | C]
HJTInstall.exe -> %UserProfile%\Desktop\HJTInstall.exe -> [2009/01/16 18:14:41 | 00,812,344 | ---- | C | MD5 = AB1C4DEAB684B0D883CFAA82C7BC6D19] (Trend Micro Inc.)
elgophpa.job -> %SystemRoot%\tasks\elgophpa.job -> [2009/01/03 18:35:58 | 00,000,310 | ---- | C | MD5 = AF9D9D101E3909B0137815799EDA9F48] ()
 
[Files/Folders - Modified Within 30 Days]
1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
10 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp -> 
10 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp -> 
10 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp -> 
NTUSER.DAT -> %UserProfile%\NTUSER.DAT -> [2009/01/23 11:36:39 | 04,194,304 | -H-- | M | Unable to obtain MD5] ()
OTScanIt2.exe -> %UserProfile%\Desktop\OTScanIt2.exe -> [2009/01/23 11:34:55 | 00,656,730 | ---- | M | MD5 = E32AAA525228A276C642BB6C4FA679D5] ()
MP Scheduled Scan.job -> %SystemRoot%\tasks\MP Scheduled Scan.job -> [2009/01/23 11:32:38 | 00,000,330 | -H-- | M | MD5 = 0415B7B409F7AB10F5C5AD9948633121] ()
GooredFix.exe -> %UserProfile%\Desktop\GooredFix.exe -> [2009/01/23 11:25:15 | 00,091,136 | ---- | M | MD5 = 4E51DE2DFB7B11D1293DEE05B74E36BF] ()
Launcher.exe -> %UserProfile%\Local Settings\Temp\Blizzard Launcher Temporary - 2059efc8\Launcher.exe -> [2009/01/23 11:21:03 | 03,798,624 | ---- | M | MD5 = 1FEA99F988DBE8F1AC99C0FFEBEBB9E4] (Blizzard Entertainment)
wpa.dbl -> %SystemRoot%\System32\wpa.dbl -> [2009/01/23 11:13:23 | 00,013,726 | ---- | M | MD5 = 7DCC1E767283D87278BCDDA7F0289AF5] ()
Brownie.ini -> %SystemRoot%\Brownie.ini -> [2009/01/23 11:13:17 | 00,000,316 | ---- | M | MD5 = 612520EB46E1BA933DE17DDBF68C62B3] ()
Perflib_Perfdata_590.dat -> %SystemRoot%\Temp\Perflib_Perfdata_590.dat -> [2009/01/23 11:12:52 | 00,000,000 | ---- | M | Unable to obtain MD5] ()
elgophpa.job -> %SystemRoot%\tasks\elgophpa.job -> [2009/01/23 11:12:28 | 00,000,310 | ---- | M | MD5 = AF9D9D101E3909B0137815799EDA9F48] ()
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [2009/01/23 11:12:28 | 00,000,006 | -H-- | M | MD5 = F1A6CD5ADAAB953A6764EA364E17BFB8] ()
bootstat.dat -> %SystemRoot%\bootstat.dat -> [2009/01/23 11:12:20 | 00,002,048 | --S- | M | MD5 = 6A2CB42966136854F4464516FBB4AE72] ()
ntuser.ini -> %UserProfile%\ntuser.ini -> [2009/01/23 02:27:31 | 00,000,178 | -HS- | M | MD5 = CBDA6984D2ECC537AEF07205AE001013] ()
qmgr1.dat -> %AllUsersProfile%\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [2009/01/22 10:54:10 | 00,005,483 | ---- | M | MD5 = 236332718A9116D2215B11CA1912F9D4] ()
qmgr0.dat -> %AllUsersProfile%\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [2009/01/22 10:54:10 | 00,004,232 | ---- | M | MD5 = 47934F5465F9D2ECCAF9092E4D733FBD] ()
dds.com -> %UserProfile%\Desktop\dds.com -> [2009/01/21 12:53:39 | 00,368,922 | ---- | M | MD5 = 5EF9BDC0907F2E00C7BCBBBE02082031] ()
WoW-3.0.3.9183-to-3.0.8.9464-enUS-patch.exe -> %UserProfile%\Desktop\WoW-3.0.3.9183-to-3.0.8.9464-enUS-patch.exe -> [2009/01/20 11:09:48 | 53,902,344 | ---- | M | MD5 = C7489BC955743F6F9F04632E9228F69D] ()
AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job -> [2009/01/16 21:39:00 | 00,000,284 | ---- | M | MD5 = 6832E9C476868D343AE5ADAFA3C11DD7] ()
HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk -> [2009/01/16 18:15:31 | 00,001,734 | ---- | M | MD5 = 988FC3B80316890277A771938156082A] ()
HJTInstall.exe -> %UserProfile%\Desktop\HJTInstall.exe -> [2009/01/16 18:14:47 | 00,812,344 | ---- | M | MD5 = AB1C4DEAB684B0D883CFAA82C7BC6D19] (Trend Micro Inc.)
imsins.BAK -> %SystemRoot%\imsins.BAK -> [2009/01/15 13:02:34 | 00,001,374 | ---- | M | MD5 = 0C85474F6C3F89FA613FCE57B625C32F] ()
mbamswissarmy.sys -> %SystemRoot%\System32\drivers\mbamswissarmy.sys -> [2009/01/14 16:11:32 | 00,038,496 | ---- | M | MD5 = 3FADDD373612EEB94C364A257A308978] (Malwarebytes Corporation)
mbam.sys -> %SystemRoot%\System32\drivers\mbam.sys -> [2009/01/14 16:11:28 | 00,015,504 | ---- | M | MD5 = F5D83758509D375A7F3A96D9C28F0BD9] (Malwarebytes Corporation)
MRT.exe -> %SystemRoot%\System32\MRT.exe -> [2009/01/09 17:35:30 | 20,853,704 | ---- | M | MD5 = CD65A16E22B9036C631339C74E85AE87] (Microsoft Corporation)
bnupdate.exe -> %SystemRoot%\Temp\bnupdate.exe -> [2009/01/05 12:10:41 | 02,613,640 | ---- | M | MD5 = 8CD025AF0230277DACED12CB4C1FFA13] (Bradford Networks)
Trillian.lnk -> %UserProfile%\Desktop\Trillian.lnk -> [2009/01/05 11:40:45 | 00,001,622 | ---- | M | MD5 = C748EF3363AF7EE5748EF01268438028] ()
tmp1C3.exe -> %SystemRoot%\Temp\tmp1C3.exe -> [2009/01/03 19:00:11 | 00,000,000 | ---- | M | MD5 = D41D8CD98F00B204E9800998ECF8427E] ()
index.dat -> %SystemRoot%\Temp\Temporary Internet Files\Content.IE5\index.dat -> [2008/12/05 21:39:25 | 00,065,536 | ---- | M | MD5 = A49BF0C38E205B46D98878B7DFD01F94] ()
index.dat -> %SystemRoot%\Temp\History\History.IE5\index.dat -> [2008/12/05 21:39:25 | 00,032,768 | ---- | M | MD5 = FBC1838EA29DE7ADEBBE6E4EEB39983B] ()
index.dat -> %SystemRoot%\Temp\Cookies\index.dat -> [2008/12/05 21:39:25 | 00,016,384 | ---- | M | MD5 = D7A950FEFD60DBAA01DF2D85FEFB3862] ()
Microsoft WinUsb Install-v1.0.exe -> %SystemRoot%\Temp\Win2CD.tmp\Microsoft WinUsb Install-v1.0.exe -> [2008/12/01 21:27:26 | 00,510,208 | ---- | M | MD5 = 5C200E049D6368A19DADA9DF713AC030] (Microsoft Corporation)
ALUpdate.exe -> %SystemRoot%\Temp\sophos_autoupdate1.dir\ALUpdate.exe -> [2008/11/30 15:22:24 | 00,655,360 | ---- | M | MD5 = 75247DF750668EC3B5D0392658E7C49E] (Sophos Plc)
retailer.dll -> %SystemRoot%\Temp\sophos_autoupdate1.dir\retailer.dll -> [2008/11/30 15:22:15 | 00,208,896 | ---- | M | MD5 = 216CE871821171F0E82647D01DFC8CD2] (Sophos Plc)
CidSync.dll -> %SystemRoot%\Temp\sophos_autoupdate1.dir\CidSync.dll -> [2008/11/30 15:21:51 | 00,176,128 | ---- | M | MD5 = 2597AA1279AC80041D3D9A257A0313DD] (Sophos Plc)
scf.dat -> %SystemRoot%\Temp\sophos_autoupdate1.dir\scf.dat -> [2008/11/30 15:21:48 | 00,002,970 | ---- | M | MD5 = 481C7F619F694D186700FCBFEB90C944] ()
ChannelUpdater.dll -> %SystemRoot%\Temp\sophos_autoupdate1.dir\ChannelUpdater.dll -> [2008/11/30 15:21:45 | 00,172,032 | ---- | M | MD5 = 3ECFB6063A5A10BD907BC574FB8C08AC] (Sophos Plc)
Microsoft WinUsb Install-v1.0.exe -> %SystemRoot%\Temp\WinA1.tmp\Microsoft WinUsb Install-v1.0.exe -> [2008/10/03 15:03:42 | 00,510,208 | ---- | M | MD5 = 5C200E049D6368A19DADA9DF713AC030] (Microsoft Corporation)
Microsoft User-Mode Driver Framework Install-v1.7-WinXP-Srv03.exe -> %SystemRoot%\Temp\WDF97.tmp\Microsoft User-Mode Driver Framework Install-v1.7-WinXP-Srv03.exe -> [2008/10/03 15:02:59 | 00,768,552 | ---- | M | MD5 = 963A779582C9BD0C34F16564162560CD] (Microsoft Corporation)
GLF31E.EXE -> %SystemRoot%\Temp\GLF31E.EXE -> [2008/09/18 11:01:22 | 00,121,109 | ---- | M | MD5 = CD59BB8B457401FE7BABECA182588B64] ()
opa12.dat -> %AllUsersProfile%\Application Data\Microsoft\OFFICE\DATA\opa12.dat -> [2008/08/31 23:07:43 | 00,008,412 | ---- | M | MD5 = EEB457154317D17F3D2694D3555DFC35] ()
SharedRes.dll -> %SystemRoot%\Temp\sophos_autoupdate1.dir\SharedRes.dll -> [2008/04/14 12:32:11 | 00,018,432 | ---- | M | MD5 = 5A50299EEF108E9ABDC7693D5B9935C4] (Sophos Plc)
Perflib_Perfdata_4b8.dat -> %SystemRoot%\Temp\Perflib_Perfdata_4b8.dat -> [2008/02/21 22:39:49 | 00,016,384 | ---- | M | MD5 = CE338FE6899778AACFC28414F2D9498B] ()
xmlcpp.dll -> %SystemRoot%\Temp\sophos_autoupdate1.dir\xmlcpp.dll -> [2007/08/31 22:25:11 | 00,014,336 | ---- | M | MD5 = 00653DC2007871E564B5B0626061B0B0] ()
crypto.dll -> %SystemRoot%\Temp\sophos_autoupdate1.dir\crypto.dll -> [2007/08/31 22:25:06 | 00,020,480 | ---- | M | MD5 = C27E8F5C728F093C753C056C1C2FFC72] ()
boost_date_time-vc71-mt-1_32.dll -> %SystemRoot%\Temp\sophos_autoupdate1.dir\boost_date_time-vc71-mt-1_32.dll -> [2007/08/31 22:24:39 | 00,045,056 | ---- | M | MD5 = D43624799F68124E4F5AAB162B381CEA] ()
xmltok.dll -> %SystemRoot%\Temp\sophos_autoupdate1.dir\xmltok.dll -> [2007/08/31 22:24:22 | 00,073,728 | ---- | M | MD5 = AE549BB569B82C97D7587570B0213428] ()
libeay32.dll -> %SystemRoot%\Temp\sophos_autoupdate1.dir\libeay32.dll -> [2007/08/31 22:24:12 | 00,745,472 | ---- | M | MD5 = C3A6194CBF6F27CF0BB9CBC7932A4DE4] ()
xmlparse.dll -> %SystemRoot%\Temp\sophos_autoupdate1.dir\xmlparse.dll -> [2007/08/31 22:23:55 | 00,057,344 | ---- | M | MD5 = 3DD8689A3FB95F37ACB181EC5CFFB2BF] ()
iTunesSetupAdmin[1].exe -> %SystemRoot%\Temp\Temporary Internet Files\Content.IE5\8345MRWR\iTunesSetupAdmin[1].exe -> [2007/06/29 21:59:59 | 00,116,024 | ---- | M | MD5 = B2F30937C24EF0415C80893E1C412C6C] (Apple Inc.)
soundman.exe -> %SystemRoot%\Temp\soundman.exe -> [2006/06/21 05:42:44 | 00,577,536 | ---- | M | MD5 = 9832C37287E523B363DD386A8033DDA0] (Realtek Semiconductor Corp.)
RTLCPL.exe -> %SystemRoot%\Temp\RTLCPL.exe -> [2006/06/21 05:35:40 | 10,527,744 | ---- | M | MD5 = 785B9D3C7F4B48672F534F10683A99E0] (Realtek Semiconductor Corp.)
RtlCPAPI.dll -> %SystemRoot%\Temp\RtlCPAPI.dll -> [2006/06/08 08:00:40 | 00,143,360 | ---- | M | MD5 = 5887E3F225DC07D4D9458506F0B5F73B] ()
libcurl.dll -> %SystemRoot%\Temp\sophos_autoupdate1.dir\libcurl.dll -> [2006/05/05 15:29:00 | 00,159,744 | ---- | M | MD5 = 9429122F2A2EC0B06080DE9D7E40B2E0] (The cURL library, http://curl.haxx.se/)
alcupd.exe -> %SystemRoot%\Temp\alcupd.exe -> [2006/03/20 11:48:22 | 00,315,392 | ---- | M | MD5 = B7918F2190F221E1B8F6C0F6FD551DFE] (Realtek Semiconductor Corp.)
alcrmv.exe -> %SystemRoot%\Temp\alcrmv.exe -> [2005/11/18 11:20:26 | 00,217,088 | ---- | M | MD5 = D59480DFF92AA885EBC4BDC7607A543E] (Realtek Semiconductor Corp.)
ChCfg.exe -> %SystemRoot%\Temp\ChCfg.exe -> [2005/07/15 16:48:00 | 00,040,960 | ---- | M | MD5 = 95CF5C5C33A5B567D5F59C4E56B1A4DB] ()
newdev.dll -> %SystemRoot%\Temp\newdev.dll -> [2004/10/08 07:01:47 | 00,248,832 | ---- | M | MD5 = D39D208F543C7F539D03077742E88260] (Microsoft Corporation)
MSVCP71.DLL -> %SystemRoot%\Temp\sophos_autoupdate1.dir\MSVCP71.DLL -> [2004/03/17 16:06:58 | 00,499,712 | ---- | M | MD5 = 561FA2ABB31DFA8FAB762145F81667C2] (Microsoft Corporation)
MSVCR71.DLL -> %SystemRoot%\Temp\sophos_autoupdate1.dir\MSVCR71.DLL -> [2004/03/17 16:06:58 | 00,348,160 | ---- | M | MD5 = 86F1895AE8C5E8B17D99ECE768A70732] (Microsoft Corporation)
[CatchMe Rootkit Scan by GMER]
< Windows folder & sub-folders >
scanning hidden processes ...
IPC error: 2 The system cannot find the file specified.
scanning hidden services & system hive ...
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
< Document and Settings folder & sub folders >
scanning hidden files ...
IPC error: 2 The system cannot find the file specified.
scan completed successfully
hidden files: 211
 
< End of report >



Code: Select all
[GooredFix v1.83 by jpshortstuff
Log created at 11:25 on 23/01/2009 running Option #2 (Owner)
Firefox version 3.0.5 (en-US)

=====Goored Deletions=====

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"{63692817-6625-40D7-9A29-506F717355E6}"="C:\Documents and Settings\Owner\Local Settings\Application Data\{63692817-6625-40D7-9A29-506F717355E6}"
->Backing up value... Done.
->Deleting value... Done.

C:\Documents and Settings\Owner\Local Settings\Application Data\{63692817-6625-40D7-9A29-506F717355E6}
->Backing up folder... Done.
->Emptying folder... Done.
->Deleting folder... Done.

=====Dumping Registry Values=====

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.5\extensions]
"Plugins"="C:\Program Files\Mozilla Firefox\plugins"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.5\extensions]
"Components"="C:\Program Files\Mozilla Firefox\components"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"jqs@sun.com"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff" /code]




This may help i am doing a Sophos anti-virus scan and it says it has an error at
Scanning "C:\Documents and Settings\Owner\Local Settings\Temp\etilqs_ohFDoNWpc4hjnTekqU" returned SAV Interface error 0xa0040210: The file could not be accessed.

Also it has the following viruses in the quarantine but cannot remove it for some reason
Troj/Virtum-Gen
Details- C:\WINDOWS\system32\geBuUnkk.dll
C:\WINDOWS\system32\cbXPHAtR.dll
C:\System Volume Information\_restore{B7C4F515-AB19-4655-8D43-824E966ED849}\RP615\A0310566.dll
C:\System Volume Information\_restore{B7C4F515-AB19-4655-8D43-824E966ED849}\RP615\A0310565.dll

Troj/MDrop-BUY
C:\Documents and Settings\Owner\Local Settings\Temp\winvsnet.tmp

Troj/FakeAle-KM
C:\System Volume Information\_restore{B7C4F515-AB19-4655-8D43-824E966ED849}\RP611\A0306093.exe
C:\WINDOWS\system32\bgl.exe

Troj/Agent-INH
C:\Documents and Settings\Owner\Local Settings\Temp\incosnet.tmp


Troj/AdvHack-A
C:\Documents and Settings\Owner\Local Settings\Temp\senekaa57d.tmp


Mal/Generic-A
C:\Documents and Settings\Owner\Local Settings\Temp\hjvigeqwUTER.dll
C:\System Volume Information\_restore{B7C4F515-AB19-4655-8D43-824E966ED849}\RP615\A0310565.dll
C:\System Volume Information\_restore{B7C4F515-AB19-4655-8D43-824E966ED849}\RP615\A0310566.dll
C:\Documents and Settings\Owner\Local Settings\Temp\prun.tmp
C:\WINDOWS\system32\cbXPHAtR.dll
C:\WINDOWS\system32\geBuUnkk.dll

Mal/AutoInf-A
I:\autorun.inf
J:\autorun.inf
rchill243
Active Member
 
Posts: 10
Joined: January 16th, 2009, 7:29 pm

Re: Hijack This log

Unread postby rchill243 » January 23rd, 2009, 5:12 pm

I have tried to do some searches and it seems that the searches are now going through without be redirected.
rchill243
Active Member
 
Posts: 10
Joined: January 16th, 2009, 7:29 pm

Re: Hijack This log

Unread postby muppy03 » January 25th, 2009, 3:37 am

Hi rchill243 :flower:

Please Do Not run anymore scans if not asked to do so. Thanks

Start OTScanIt2. Copy/Paste the information in the codebox below into the pane where it says "Paste fix here" and then click the Run Fix button.
Code: Select all
[Registry - Safe List]
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YN -> {0A94B111-4504-4e26-AB05-E61E474AA38B} [HKLM] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> {E671497F-4C87-4A68-ADE9-901F3F028EB6} [HKLM] -> %SystemRoot%\system32\efcYRifE.dll [Reg Error: Value  does not exist or could not be read.]
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
YN -> 1 domain(s) and sub-domain(s) not assigned to a zone. -> 
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\
YN -> {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab [Java Plug-in 1.6.0_01]
YN -> {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab [Java Plug-in 1.6.0_07]
< LSA Authentication Packages [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages
*LSA Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages
YY -> C:\WINDOWS\system32\efcYRifE -> 
< LSA Authentication Packages [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2
YN -> \{0c80a90e-6fce-11dd-a057-0014bf782269} -> 
YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0c80a90e-6fce-11dd-a057-0014bf782269}\Shell -> 
YN -> \{0c80a90e-6fce-11dd-a057-0014bf782269}\Shell\\"" -> [AutoRun]
YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0c80a90e-6fce-11dd-a057-0014bf782269}\Shell\AutoRun -> 
YN -> \{0c80a90e-6fce-11dd-a057-0014bf782269}\Shell\AutoRun\\"" -> [Auto&Play]
YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0c80a90e-6fce-11dd-a057-0014bf782269}\Shell\AutoRun\command -> 
YN -> \{0c80a90e-6fce-11dd-a057-0014bf782269}\Shell\AutoRun\command\\"" -> I:\LaunchU3.exe [I:\LaunchU3.exe]
[Files/Folders - Created Within 30 Days]
NY -> elgophpa.job -> %SystemRoot%\tasks\elgophpa.job
[Files/Folders - Modified Within 30 Days]
NY -> elgophpa.job -> %SystemRoot%\tasks\elgophpa.job
[Purity]
[Empty Temp Folders]



The fix should only take a very short time. When the fix is completed a message box will popup either telling you that it is finished, or that a reboot is needed to complete the fix. If the fix is complete, click the Ok button and Notepad will open with a log of actions taken during the fix. Post that log back here in your next reply.

If a reboot is required, click the "Yes" button to reboot the machine. After the reboot, OTScanIt2 will finish moving any files that could not be moved during the fix and NotePad will open with the final results at that time. Post that log back here in your next reply.

Kaspersky Online Scan
Do an online scan with >Kaspersky Online Scanner<
  • Read through the requirements and privacy statement and click on Accept button
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run
  • When the downloads have finished, click on Settings
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan
  • Once the scan is complete, it will display the results. Click on View Scan Report
  • You will see a list of infected items there. Click on Save Report As...
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button
  • Please post this log in your next reply


Please reply with:-
    • OTscanit2 log
    • Kaspersky Report
    New HJT log
User avatar
muppy03
MRU Emeritus
MRU Emeritus
 
Posts: 4798
Joined: December 4th, 2007, 5:30 am
Location: Australia

Re: Hijack This log

Unread postby rchill243 » January 27th, 2009, 4:20 pm

Code: Select all
[Registry - Safe List]
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper 

Objects\{0A94B111-4504-4e26-AB05-E61E474AA38B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0A94B111-4504-4e26-AB05-E61E474AA38B}\ 

not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper 

Objects\{E671497F-4C87-4A68-ADE9-901F3F028EB6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E671497F-4C87-4A68-ADE9-901F3F028EB6}\ 

deleted successfully.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution 

Units\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\Contains\Files\ not found.
 not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ 

deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ 

deleted successfully.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution 

Units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\Contains\Files\ not found.
 not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ 

deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ 

deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication 

Packages:C:\WINDOWS\system32\efcYRifE deleted successfully.
File  not found.
Registry key 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0c80a90e-6fce-

11dd-a057-0014bf782269}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0c80a90e-6fce-11dd-a057-0014bf782269}\ 

not found.
Registry key 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0c80a90e-6fce-

11dd-a057-0014bf782269}\Shell\ not found.
Registry key 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0c80a90e-6fce-

11dd-a057-0014bf782269}\Shell not found.
Registry key 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0c80a90e-6fce-

11dd-a057-0014bf782269}\Shell\AutoRun\ not found.
Registry key 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0c80a90e-6fce-

11dd-a057-0014bf782269}\Shell\AutoRun not found.
Registry key 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0c80a90e-6fce-

11dd-a057-0014bf782269}\Shell\AutoRun\command\ not found.
Registry key 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0c80a90e-6fce-

11dd-a057-0014bf782269}\Shell\AutoRun\command not found.
[Files/Folders - Created Within 30 Days]
C:\WINDOWS\tasks\elgophpa.job moved successfully.
[Files/Folders - Modified Within 30 Days]
File C:\WINDOWS\tasks\elgophpa.job not found!
[Purity]
Purity scan complete.
[Empty Temp Folders]
File delete failed. C:\Documents and Settings\Owner\Local 

Settings\Temp\etilqs_gvlPLb18rh5oqjEiHr8X scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet 

Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_608.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\TMP0000004F348E5CB01EAC0B7C scheduled to be deleted on 

reboot.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\Owner\Local Settings\Application 

Data\Mozilla\Firefox\Profiles\ccurxbv0.default\Cache\_CACHE_001_ scheduled to be deleted on 

reboot.
File delete failed. C:\Documents and Settings\Owner\Local Settings\Application 

Data\Mozilla\Firefox\Profiles\ccurxbv0.default\Cache\_CACHE_002_ scheduled to be deleted on 

reboot.
File delete failed. C:\Documents and Settings\Owner\Local Settings\Application 

Data\Mozilla\Firefox\Profiles\ccurxbv0.default\Cache\_CACHE_003_ scheduled to be deleted on 

reboot.
File delete failed. C:\Documents and Settings\Owner\Local Settings\Application 

Data\Mozilla\Firefox\Profiles\ccurxbv0.default\Cache\_CACHE_MAP_ scheduled to be deleted on 

reboot.
File delete failed. C:\Documents and Settings\Owner\Local Settings\Application 

Data\Mozilla\Firefox\Profiles\ccurxbv0.default\urlclassifier3.sqlite scheduled to be deleted on 

reboot.
File delete failed. C:\Documents and Settings\Owner\Local Settings\Application 

Data\Mozilla\Firefox\Profiles\ccurxbv0.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
RecycleBin -> emptied.
< End of fix log >
OTScanIt2 by OldTimer - Version 1.0.6.2 fix logfile created on 01272009_112720

Files moved on Reboot...
File C:\Documents and Settings\Owner\Local Settings\Temp\etilqs_gvlPLb18rh5oqjEiHr8X not found!
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet 

Files\Content.IE5\index.dat moved successfully.
File C:\WINDOWS\temp\Perflib_Perfdata_608.dat not found!
File C:\WINDOWS\temp\TMP0000004F348E5CB01EAC0B7C not found!
C:\Documents and Settings\Owner\Local Settings\Application 

Data\Mozilla\Firefox\Profiles\ccurxbv0.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\Owner\Local Settings\Application 

Data\Mozilla\Firefox\Profiles\ccurxbv0.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\Owner\Local Settings\Application 

Data\Mozilla\Firefox\Profiles\ccurxbv0.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\Owner\Local Settings\Application 

Data\Mozilla\Firefox\Profiles\ccurxbv0.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\Owner\Local Settings\Application 

Data\Mozilla\Firefox\Profiles\ccurxbv0.default\urlclassifier3.sqlite moved successfully.
C:\Documents and Settings\Owner\Local Settings\Application 

Data\Mozilla\Firefox\Profiles\ccurxbv0.default\XUL.mfl moved successfully.

Registry entries deleted on Reboot...


Code: Select all
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
 Tuesday, January 27, 2009
 Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
 Kaspersky Online Scanner 7 version: 7.0.25.0
 Program database last update: Tuesday, January 27, 2009 15:18:35
 Records in database: 1706683
--------------------------------------------------------------------------------

Scan settings:
	Scan using the following database: extended
	Scan archives: yes
	Scan mail databases: yes

Scan area - My Computer:
	A:\
	C:\
	D:\
	E:\
	F:\
	G:\
	H:\

Scan statistics:
	Files scanned: 99704
	Threat name: 1
	Infected objects: 1
	Suspicious objects: 0
	Duration of the scan: 01:38:54


File name / Threat name / Threats count
C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL	Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.a	1

The selected area was scanned.


Code: Select all
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:19:33 PM, on 1/27/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\WINDOWS\system32\nvraidservice.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
C:\Program Files\Brownie\BrstsWnd.exe
C:\Program Files\Bradford Networks\Persistent Agent\bncsaui.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Steam\Steam.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\Program Files\Sophos\AutoUpdate\ALMon.exe
C:\Program Files\TK8\TK8 EasyNote 1.1\EasyNote.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bradford Networks\Persistent Agent\bndaemon.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
c:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
c:\Program Files\Sophos\AutoUpdate\ALsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Brownie\brpjp04a.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: (no name) - {0A94B116-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL
O2 - BHO: Sophos Web Content Scanner - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - c:\Program Files\Sophos\Sophos Anti-Virus\SophosBHO.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Ask Toolbar - {F4D76F09-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DNS7reminder] "C:\Program Files\Nuance\NaturallySpeaking9\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\Nuance\NaturallySpeaking9\Ereg.ini
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe
O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
O4 - HKLM\..\Run: [BrStsWnd] C:\Program Files\Brownie\BrstsWnd.exe Autorun
O4 - HKLM\..\Run: [bncsaui.exe] %ProgramFiles%\Bradford Networks\Persistent Agent\bncsaui.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
O4 - HKCU\..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe"
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [msiexec.exe] msiconf.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: AutoUpdate Monitor.lnk = C:\Program Files\Sophos\AutoUpdate\ALMon.exe
O4 - Global Startup: TK8 EasyNote 1.1.lnk = C:\Program Files\TK8\TK8 EasyNote 1.1\EasyNote.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1219114275875
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - AppInit_DLLs: c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bradford Persistent Agent Service (BNPagent) - Bradford Networks - C:\Program Files\Bradford Networks\Persistent Agent\bndaemon.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sophos Anti-Virus status reporter (SAVAdminService) - Sophos Plc - c:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
O23 - Service: Sophos Anti-Virus (SAVService) - Sophos Plc - c:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
O23 - Service: Sophos AutoUpdate Service - Sophos Plc - c:\Program Files\Sophos\AutoUpdate\ALsvc.exe
O23 - Service: WMP54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe

--
End of file - 9936 bytes


Thanks for looking at this.
rchill243
Active Member
 
Posts: 10
Joined: January 16th, 2009, 7:29 pm

Re: Hijack This log

Unread postby muppy03 » January 28th, 2009, 4:19 pm

Hi rchill243 :flower:

I see that you have the Ask Toolbar Installed. This is a program that most likely was installed by you at some point since this would not have arrived preinstalled on your computer. This Ask Toolbar file will run as a BHO in your browser every time you browse the internet. If you did not install this intentionally on your computer, I recommend removing this as soon as possible as it has been reported as spyware or adware by many and may lead to advertisements or popups.

If you wish to remove it, go to Add or Remove Programs and select Ask Toolbar and remove.

Disable Windows Defender until the computer is clean

Windows Defender normally provides real-time protection from spyware, however it may interfere with what we need to do. We will disable it until the machine is clean when it can be re-enabled.
  • Open Windows Defender
  • Select Tools and then General Settings
  • Under Real Time Protection Options uncheck Turn on real-time protection
  • Select Save
Don't forget to re-enable it, when your computer is clean.


Next Open Hijack This and select Do a System Scan Only place a check next to the below lines if still present

    R3 - URLSearchHook: (no name) - {0A94B116-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL <----Only select if removing ASKBAR
    O3 - Toolbar: Ask Toolbar - {F4D76F09-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL<----Only select if removing ASKBAR
    O4 - HKUS\S-1-5-18\..\Run: [msiexec.exe] msiconf.exe (User 'SYSTEM')


Once selected close all windows except HJT an click on Fix Checked

Next Now we need to do a search.
    Click Start > Search > For Files and Folders.
    Expand Search Options, check Advanced Options, check Search system folders
    Search Hidden Files and Folders and Search Subfolders.
    Copy & paste the following file/s below, ONE AT A TIME into the Search for files and folders box then click Search:
    If found delete the file.

      msiconf.exe

      Please reply with:-
      • NEW HJT log
      • Also let me what you found when searching for msiconf.exe

User avatar
muppy03
MRU Emeritus
MRU Emeritus
 
Posts: 4798
Joined: December 4th, 2007, 5:30 am
Location: Australia

Re: Hijack This log

Unread postby rchill243 » January 28th, 2009, 7:22 pm

Code: Select all
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:16:47 PM, on 1/28/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bradford Networks\Persistent Agent\bndaemon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\WINDOWS\system32\nvraidservice.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
C:\Program Files\Brownie\BrstsWnd.exe
C:\Program Files\Bradford Networks\Persistent Agent\bncsaui.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Steam\Steam.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\Program Files\Sophos\AutoUpdate\ALMon.exe
C:\Program Files\TK8\TK8 EasyNote 1.1\EasyNote.exe
c:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
c:\Program Files\Sophos\AutoUpdate\ALsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\Brownie\brpjp04a.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Sophos Web Content Scanner - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - c:\Program Files\Sophos\Sophos Anti-Virus\SophosBHO.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DNS7reminder] "C:\Program Files\Nuance\NaturallySpeaking9\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\Nuance\NaturallySpeaking9\Ereg.ini
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe
O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
O4 - HKLM\..\Run: [BrStsWnd] C:\Program Files\Brownie\BrstsWnd.exe Autorun
O4 - HKLM\..\Run: [bncsaui.exe] %ProgramFiles%\Bradford Networks\Persistent Agent\bncsaui.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
O4 - HKCU\..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe"
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: AutoUpdate Monitor.lnk = C:\Program Files\Sophos\AutoUpdate\ALMon.exe
O4 - Global Startup: TK8 EasyNote 1.1.lnk = C:\Program Files\TK8\TK8 EasyNote 1.1\EasyNote.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1219114275875
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - AppInit_DLLs: c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bradford Persistent Agent Service (BNPagent) - Bradford Networks - C:\Program Files\Bradford Networks\Persistent Agent\bndaemon.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sophos Anti-Virus status reporter (SAVAdminService) - Sophos Plc - c:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
O23 - Service: Sophos Anti-Virus (SAVService) - Sophos Plc - c:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
O23 - Service: Sophos AutoUpdate Service - Sophos Plc - c:\Program Files\Sophos\AutoUpdate\ALsvc.exe
O23 - Service: WMP54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe

--
End of file - 9581 bytes 


This is what i found from the msiconf.exe search
CollectedData_11625.xml
C:\WINDOWS\pchealth\helpctr\...

CollectedData_12104.xml
C:\WINDOWS\pchealth\helpctr\...

app_filter_ui.log
C:\WINDOWS\system32
rchill243
Active Member
 
Posts: 10
Joined: January 16th, 2009, 7:29 pm

Re: Hijack This log

Unread postby muppy03 » January 30th, 2009, 8:39 am

Hi rchill243 :flower:

Lets make sure that file has gone

Download FindFile by Atribune
  • Extract the contents to your Desktop
  • Double click on FileFind.exe to open the program.
  • Enter msiconf.exe into the File: box.
  • Click on the Search button.
  • After a while, if any files are found, a list of file locations will appear in the List of Files: box.
  • Click on the Export button.
  • This will create a Notepad file named Export.txt located in the C:\ folder, copy and paste it to your next post please.
User avatar
muppy03
MRU Emeritus
MRU Emeritus
 
Posts: 4798
Joined: December 4th, 2007, 5:30 am
Location: Australia

Re: Hijack This log

Unread postby rchill243 » February 3rd, 2009, 10:17 pm

I did the scan and it did not find anything. Also the report was blank.
rchill243
Active Member
 
Posts: 10
Joined: January 16th, 2009, 7:29 pm
Advertisement
Register to Remove

Next

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 343 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware