Google virus redirects links

Intel DELL
December 30, 2008 at 17:05:29
Specs: Windows XP, Centrino
Hi All,
Everytime i perform a search with google it publishes results which when clicked on redirect me to unrelated sites.
From reading this forum I see I'm not the only one suffering, but as it affects each computer differently, could someone help me too?
Thanks in advance, it is greatly appreciated.
S.

See More: Google virus redirects links

Report •


#1
December 30, 2008 at 17:34:04
This should temporarily stop the redirects but not always:

Click on Start, click Run, and then type devmgmt.msc and click OK
On the View menu click on Show hidden devices
Browse to Non-Plug and Play Drivers and click the + sign to the left, you should see something like TDSSserv.sys in that list.
Highlight that driver and right click on it and select DISABLE - NOT uninstall.
Now RESTART your computer.

Please download Malwarebytes' Anti-Malware from one of these sites:

MalwareBytes1

MalwareBytes2

Rename the setup file, mbam-setup.exe, before you download it. To do that once the "enter name of file to save to" box appears as the download begins int the filename box rename mbam-setup.exe to tool.exe> click save.

1. Double Click tool.exe to install the application.
2. Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
3. If an update is found, it will download and install the latest version.
4. Once the program has loaded, select "Perform Quick Scan", then click Scan. The scan may take some time to finish,so please be patient.
5. When the scan is complete, click OK, then Show Results to view the results.
6. Make sure that everything found is checked, and click Remove Selected.
7. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.
8. The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
9. Copy&Paste the entire report in your next reply.


Please download and install the latest version of HijackThis v2.0.2:


Download the "HijackThis" Installer from this link:
Hijack This


1. Save " HJTInstall.exe" to your desktop.
2. Double click on HJTInstall.exe to run the program.
3. By default it will install to C:\Program Files\Trend Micro\HijackThis.
4. Accept the license agreement by clicking the "I Accept" button.
5.Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log.
6. Click "Save log" to save the log file and then the log will open in Notepad.
7. Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
8. Paste the log in your next reply.
9. Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.

If Malwarebytes installed but will not run navigate to this folder:

C:\Programs Files\Malwarebytes' AntiMalware

Rename all the .exe files in the MAlwarebytes' Anti-Malware folder and try to run it again.

For Hijack This if it will not run rename the Hijack This.exe file to somethingelse.exe and try installing it again.


Report •

#2
December 31, 2008 at 01:26:20
Hi, thanks for helping me.

I performed both scans, here are the log files:
Malwarebytes Anti-Malware

Malwarebytes' Anti-Malware 1.31
Database version: 1581
Windows 5.1.2600 Service Pack 3

31/12/2008 09:09:12
mbam-log-2008-12-31 (09-09-12).txt

Scan type: Quick Scan
Objects scanned: 63138
Time elapsed: 14 minute(s), 11 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 7
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 2
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll (Adware.MyWay) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\TypeLib\{4d25f920-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{4d25f923-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{4d25f921-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4d25f921-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4d25f921-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{4d25f924-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{4d25f926-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{4d25f926-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\MyWaySA (Adware.MyWebSearch) -> Delete on reboot.
C:\Program Files\MyWaySA\SrchAsDe (Adware.MyWebSearch) -> Delete on reboot.

Files Infected:
C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll (Adware.MyWebSearch) -> Delete on reboot.

HijackThis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:19:22, on 31/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Documents and Settings\Jay\Desktop\virus removal\somethingelse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.co.uk/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearch.myway.com/jsp/dells...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Lin...
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.co.uk/myway
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [WD Drive Manager] C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.endeca.com
O15 - Trusted Zone: http://www.fidelity.co.uk
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - https://cag.kingstonsmith.co.uk/CitrixSessionInit/ICAWEB/en/ica32/wficat.cab
O16 - DPF: {2A493D5F-8914-4D3E-8BF3-767F281862F4} (TraderMediaImgX Control) - http://sell.autotrader.co.uk/uk-ola...
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishAc...
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanag...
O16 - DPF: {EC0403E0-9158-4CF8-A2B6-3C62C3B9B6B7} (CCAOControl Object) - https://cag.kingstonsmith.co.uk/CitrixLogonPoint/London/EPAClient/EPAClient.exe
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanag...
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: WD Drive Manager Service (WDBtnMgrSvc.exe) - WDC - C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 11606 bytes


Report •

#3
December 31, 2008 at 03:40:46
Your java is out of date and may have been exploited.
Download the latest version of java from this link Java
Click on the JRE 6 Update 11 download button.
Check the box that says: "Accept License Agreement". The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java. Check any item with Java Runtime Environment (JRE or J2SE) in the name. It should have the "coffee cup" icon next to it.
Click the Remove or Change/Remove button. Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed
Then from your desktop double-click on jre-6u11-windows-i586-p.exe to install the newest version.

Please download ComboFix to the desktop from one of the following links:

Link1

Link 2

Link 3

Combofix is a powerful tool so follow the instructions exactly or you could damage your computer.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with Combofix and remove some of its embedded files which may cause "unpredictable results".
Click on This Link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

In your case to run Combofix do the following:
1. Go offline turn off your McAfee antivirus, AOL Spyware Protection and any other antispyware that you may have.
2. Run Combofix and save its log.
3. Restart the computer to get the antivirus running again but leave the antispyware programs off until we get the computer cleaned.
4. Post the Combofix log.


Remember to re-enable the protection again afterwards before connecting to the Internet.

Double-click combofix.exe
Follow the prompts.
(Don't click on the window while the program is running or move the mouse, it will cause your system to hang.)
Please post the log it produces.

You will need to reset your router as it may be infected, there should be abotton on the back to reset it.

If not go online and search for info on how to reset your model of router.


Report •

Related Solutions

#4
December 31, 2008 at 05:30:19
Hi did the combofix scan. Here is the log:

ComboFix 08-12-30.02 - Jay 2008-12-31 13:15:51.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.630 [GMT 0:00]
Running from: c:\documents and settings\Jay\Desktop\virus removal\ComboFix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated)
FW: McAfee Personal Firewall *disabled*
* Created a new restore point

[COLOR=RED][B]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/B][/COLOR]
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\IE4 Error Log.txt

.
((((((((((((((((((((((((( Files Created from 2008-11-28 to 2008-12-31 )))))))))))))))))))))))))))))))
.

2008-12-31 13:00 . 2008-12-31 13:00 410,984 --a------ c:\windows\system32\deploytk.dll
2008-12-31 08:50 . 2008-12-31 08:50 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-31 08:50 . 2008-12-31 08:50 <DIR> d-------- c:\documents and settings\Jay\Application Data\Malwarebytes
2008-12-31 08:50 . 2008-12-31 08:50 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-31 08:50 . 2008-12-03 19:59 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-31 08:50 . 2008-12-03 19:59 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-30 23:19 . 2008-12-30 23:19 <DIR> d-------- c:\documents and settings\Jay\Application Data\Roxio
2008-12-30 18:10 . 2008-12-31 00:22 <DIR> d-------- c:\documents and settings\All Users\Application Data\Napster
2008-12-30 17:41 . 2008-12-31 00:25 <DIR> d-------- c:\documents and settings\Jay\Application Data\Sony
2008-12-30 17:41 . 2008-12-30 17:41 <DIR> d-------- c:\documents and settings\All Users\Application Data\Sony
2008-12-30 12:01 . 2008-12-30 12:01 <DIR> d-------- c:\program files\Common Files\Sony Shared
2008-12-30 11:58 . 2008-12-31 00:24 <DIR> d-------- c:\program files\QuickTime
2008-12-30 11:58 . 2008-12-30 11:58 <DIR> d-------- c:\program files\Apple Software Update
2008-12-30 11:58 . 2008-12-30 11:58 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple Computer
2008-12-30 11:58 . 2008-12-30 11:58 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple
2008-12-25 11:13 . 2008-12-25 11:13 <DIR> d-------- c:\documents and settings\Jay\Application Data\Amazon
2008-12-06 13:58 . 2008-12-06 13:58 <DIR> d-------- c:\program files\Amazon
2008-11-13 00:26 . 2008-09-04 17:15 1,106,944 --------- c:\windows\system32\dllcache\msxml3.dll
2008-11-13 00:26 . 2008-10-24 11:21 455,296 --------- c:\windows\system32\dllcache\mrxsmb.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-31 12:59 --------- d-----w c:\program files\Java
2008-12-31 00:26 --------- d-----w c:\program files\Sony
2008-12-31 00:24 --------- d-----w c:\program files\Modem Helper
2008-12-31 00:24 --------- d-----w c:\program files\Google
2008-12-31 00:24 --------- d-----w c:\program files\Common Files\aolshare
2008-12-31 00:24 --------- d-----w c:\program files\Common Files\Adobe
2008-12-31 00:24 --------- d-----w c:\program files\AOL 9.0
2008-12-31 00:22 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-23 07:30 --------- d-----w c:\program files\McAfee
2008-12-21 20:32 --------- d-----w c:\documents and settings\LocalService\Application Data\SACore
2008-12-13 06:40 3,593,216 ----a-w c:\windows\system32\dllcache\mshtml.dll
2008-12-09 20:16 --------- d-----w c:\documents and settings\Jay\Application Data\Download Manager
2008-10-29 14:48 --------- d-----w c:\program files\Western Digital Technologies
2008-10-29 14:48 --------- d-----w c:\program files\Western Digital
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-23 12:36 286,720 ------w c:\windows\system32\dllcache\gdi32.dll
2008-10-16 14:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 14:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
2008-10-16 14:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 14:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 14:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 14:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll
2008-10-16 14:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 14:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll
2008-10-16 14:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll
2008-10-16 14:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 14:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 14:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 14:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 14:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 14:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll
2008-10-16 13:11 70,656 ------w c:\windows\system32\dllcache\ie4uinit.exe
2008-10-16 13:11 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe
2008-10-15 16:34 337,408 ------w c:\windows\system32\dllcache\netapi32.dll
2008-10-15 07:06 633,632 ------w c:\windows\system32\dllcache\iexplore.exe
2008-10-15 07:04 161,792 ------w c:\windows\system32\dllcache\ieakui.dll
2008-10-03 10:02 247,326 ----a-w c:\windows\system32\strmdll.dll
2008-10-03 10:02 247,326 ------w c:\windows\system32\dllcache\strmdll.dll
2008-09-30 16:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys
2008-09-15 12:12 1,846,400 ------w c:\windows\system32\dllcache\win32k.sys
2008-09-10 01:14 1,307,648 ----a-w c:\windows\system32\msxml6.dll
2008-09-10 01:14 1,307,648 ------w c:\windows\system32\dllcache\msxml6.dll
2008-09-08 10:41 333,824 ------w c:\windows\system32\dllcache\srv.sys
2008-09-05 23:30 241,704 ------w c:\windows\system32\dllcache\wgaLogon.dll
2008-09-05 23:29 917,032 ------w c:\windows\system32\dllcache\WgaTray.exe
2008-09-04 17:15 1,106,944 ----a-w c:\windows\system32\msxml3.dll
2005-07-16 05:41 94,208 ----a-w c:\program files\mozilla firefox\components\BrandRes.dll
2005-07-16 05:41 150,912 ----a-w c:\program files\mozilla firefox\components\fullsoft.dll
2005-07-16 05:41 41,573 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2005-07-16 05:41 48,223 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2005-07-16 05:41 8,813 ----a-w c:\program files\mozilla firefox\components\qfaservices.dll
2005-07-16 05:41 160,871 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 344064]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 385024]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2004-09-13 155648]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2005-11-10 26112]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-05-27 413696]
"AOL Spyware Protection"="c:\progra~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" [2004-02-16 147456]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 86016]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-08-03 582992]
"WD Drive Manager"="c:\program files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe" [2008-01-30 438272]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-31 136600]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-05-15 217193]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]
AOL 9.0 Tray Icon.lnk - c:\program files\AOL 9.0\aoltray.exe [2005-11-10 156784]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2005-11-10 24576]
Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2005-05-03 81920]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-09-11 11:15 10536 c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-09-07 16:08 110592 c:\program files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"= wdmaud.sys

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\McAfee\SiteAdvisor\McSACore.exe" [2008-09-30 206096]
R2 WDBtnMgrSvc.exe;WD Drive Manager Service;"c:\program files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe" [2008-01-30 106496]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5a6ff7b4-a5c8-11dd-bc6b-00038a000015}]
\Shell\AutoRun\command - e:\wd_windows_tools\setup.exe

*Newly Created Service* - JAVAQUICKSTARTERSERVICE
*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder

2008-12-30 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]

2008-12-15 c:\windows\Tasks\McDefragTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-12-04 12:32]

2008-08-01 c:\windows\Tasks\McQcTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-12-04 12:32]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-DellSupportCenter - c:\program files\Dell Support Center\bin\sprtcmd.exe
HKLM-Run-DellSupportCenter - c:\program files\Dell Support Center\bin\sprtcmd.exe
HKLM-Run-NapsterShell - c:\program files\Napster\napster.exe


.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = hxxp://www.dell.co.uk/myway
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: *.endeca.com
Trusted Zone: www.fidelity.co.uk
Trusted Zone: cag.kingstonsmith.co.uk

c:\windows\Downloaded Program Files\TraderMediaX.ocx - O16 -: {2A493D5F-8914-4D3E-8BF3-767F281862F4}
hxxp://sell.autotrader.co.uk/uk-ola/common/TraderMediaX.cab

c:\windows\Downloaded Program Files\CONFLICT.1\Manager.exe - c:\windows\Downloaded Program Files\CONFLICT.1\DownloadManagerV2.ocx
O16 -: {4871A87A-BFDD-4106-8153-FFDE2BAC2967}
hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab
c:\windows\Downloaded Program Files\CONFLICT.1\DownloadManagerV2.inf

O16 -: {EC0403E0-9158-4CF8-A2B6-3C62C3B9B6B7} - hxxps://cag.kingstonsmith.co.uk/CitrixLogonPoint/London/EPAClient/EPAClient.exe
FF - ProfilePath -

[color=red]ATTENTION: FIREFOX POLICES IS IN FORCE [/color]
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("general.useragent.contentlocale", "chrome://navigator-region/locale/region.properties");
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("backups.number_of_prefs_copies", 1);
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("accessibility.typeaheadfind.soundURL", "default");
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("browser.tabs.loadInBackground", false);
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("browser.tabs.opentabfor.middleclick", false);
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("browser.tabs.opentabfor.urlbar", false);
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("browser.tabs.opentabfor.windowopen", false);
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("browser.tabs.opentabfor.bookmarks", false);
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("browser.tabs.loadGroup", 1);
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("browser.tabs.loadOnNewTab", 0);
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("browser.windows.loadOnNewWindow", 1);
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("browser.link.open_external", 1);
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("browser.link.open_newwindow", 2);
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("browser.link.open_newwindow.ui", 3); // prefs UI version
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("browser.link.open_newwindow.restriction", 0); // values from GlobalWindow
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("capability.policy.default.HTMLDocument.close.get", "allAccess");
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("capability.policy.default.HTMLDocument.open.get", "allAccess");
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("capability.policy.default.Location.reload.get", "allAccess");
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("capability.policy.default.Window.closed", "allAccess");
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("capability.policy.default.Window.Components", "allAccess");
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("capability.policy.default.Window.document", "allAccess");
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("capability.policy.default.Window.frames", "allAccess");
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("capability.policy.default.Window.history", "allAccess");
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("capability.policy.default.Window.length", "allAccess");
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("capability.policy.default.Window.opener", "allAccess");
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("capability.policy.default.Window.parent", "allAccess");
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("capability.policy.default.Window.self", "allAccess");
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("capability.policy.default.Window.top", "allAccess");
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("capability.policy.default.Window.window", "allAccess");
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("capability.policy.mailnews.DOMParser,parseFromString", "noAccess");
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("capability.policy.mailnews.DOMParser,parseFromStream", "noAccess");
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("dom.disable_window_open_feature.resizable", false);
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("dom.disable_window_open_feature.status", false);
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("advanced.always_load_images", true);
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("network.protocol-handler.external.help", false);
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("network.http.max-connections", 24);
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("network.http.max-connections-per-server", 8);
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("network.http.max-persistent-connections-per-server", 2);
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("network.http.max-persistent-connections-per-proxy", 4);
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("network.http.connect.timeout", 30); // in seconds
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("network.http.request.timeout", 120); // in seconds
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("network.http.accept.default", "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5");
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("network.IDN_show_punycode", true);
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("network.dns.ipv4OnlyDomains", ".doubleclick.net");
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("network.standard-url.encode-utf8", false);
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("network.image.imageBehavior", 0); // 0-Accept, 1-dontAcceptForeign, 2-dontUse
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("network.image.warnAboutImages", false);
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("network.proxy.autoconfig_url", "");
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("network.cookie.cookieBehavior", 3); // 0-Accept, 1-dontAcceptForeign, 2-dontUse, 3-p3p
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("network.cookie.p3p", "ffffaaaa");
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("ui.key.generalAccessKey", 18);
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("dom.max_script_run_time", 5);
c:\program files\Mozilla Firefox\\greprefs\security-prefs.js - pref("security.enable_ssl2", true);
c:\program files\Mozilla Firefox\\greprefs\security-prefs.js - pref("security.ssl2.rc4_128", true);
c:\program files\Mozilla Firefox\\greprefs\security-prefs.js - pref("security.ssl2.rc2_128", true);
c:\program files\Mozilla Firefox\\greprefs\security-prefs.js - pref("security.ssl2.des_ede3_192", true);
c:\program files\Mozilla Firefox\\greprefs\security-prefs.js - pref("security.ssl2.des_64", true);
c:\program files\Mozilla Firefox\\greprefs\security-prefs.js - pref("security.ssl2.rc4_40", true);
c:\program files\Mozilla Firefox\\greprefs\security-prefs.js - pref("security.ssl2.rc2_40", true);
c:\program files\Mozilla Firefox\\greprefs\security-prefs.js - pref("security.ssl3.rsa_fips_des_sha", true);
c:\program files\Mozilla Firefox\\greprefs\security-prefs.js - pref("security.ssl3.rsa_des_sha", true);
c:\program files\Mozilla Firefox\\greprefs\security-prefs.js - pref("security.ssl3.rsa_1024_rc4_56_sha", true);
c:\program files\Mozilla Firefox\\greprefs\security-prefs.js - pref("security.ssl3.rsa_1024_des_cbc_sha", true);
c:\program files\Mozilla Firefox\\greprefs\security-prefs.js - pref("security.ssl3.rsa_rc4_40_md5", true);
c:\program files\Mozilla Firefox\\greprefs\security-prefs.js - pref("security.ssl3.rsa_rc2_40_md5", true);
c:\program files\Mozilla Firefox\\greprefs\security-prefs.js - pref("security.ssl3.dhe_rsa_des_sha", true);
c:\program files\Mozilla Firefox\\greprefs\security-prefs.js - pref("security.ssl3.dhe_dss_des_sha", true);
c:\program files\Mozilla Firefox\\greprefs\security-prefs.js - pref("security.default_personal_cert", "Select Automatically");
c:\program files\Mozilla Firefox\\greprefs\security-prefs.js - pref("security.warn_entering_secure", true);
c:\program files\Mozilla Firefox\\greprefs\security-prefs.js - pref("security.warn_leaving_secure", true);
c:\program files\Mozilla Firefox\\greprefs\security-prefs.js - pref("security.warn_submit_insecure", true);
c:\program files\Mozilla Firefox\\greprefs\security-prefs.js - pref("security.OCSP.enabled", 0);
c:\program files\Mozilla Firefox\\greprefs\security-prefs.js - pref("security.ui.enable", true);
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("startup.homepage_override_url","resource:/browserconfig.properties");
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("xpinstall.dialog.progress.skin", "chrome://mozapps/content/extensions/extensions.xul?type=themes");
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("xpinstall.dialog.progress.chrome", "chrome://mozapps/content/extensions/extensions.xul?type=extensions");
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("xpinstall.dialog.progress.type.skin", "Extension:Manager-themes");
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("xpinstall.dialog.progress.type.chrome", "Extension:Manager-extensions");
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("app.id", "{ec8030f7-c20a-464f-9b0e-13a3a9e97384}");
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("app.version",
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("app.extensions.version", "1.0");
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("app.build_id",
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("app.update.autoUpdateEnabled", true); // Whether or not background app updates
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("app.update.url", "chrome://mozapps/locale/update/update.properties");
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("app.update.updatesAvailable", false);
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("app.update.interval", 86400000); // Check for updates to Firefox every day
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("app.update.lastUpdateDate", 0); // UTC offset when last App update was
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("app.update.performed", false); // Whether or not an update has been
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("extensions.update.autoUpdateEnabled", true);
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("extensions.update.url", "chrome://mozapps/locale/extensions/extensions.properties");
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("extensions.update.autoUpdate", false); // Automatically download and install
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("extensions.update.interval", 604800000); // Check for updates to Extensions and
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("extensions.update.lastUpdateDate", 0); // UTC offset when last Extension/Theme
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("extensions.getMoreExtensionsURL", "chrome://mozapps/locale/extensions/extensions.properties");
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("extensions.getMoreThemesURL", "chrome://mozapps/locale/extensions/extensions.properties");
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("extensions.update.severity.threshold", 5);// The number of pending Extension/Theme
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("extensions.update.count", 0); // The number of extension/theme/etc
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("update.interval", 3600000); // Check each of the above intervals
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("update.showSlidingNotification", true); // Windows-only slide-up taskbar
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("update.severity", 0);
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("keyword.URL", "http://www.google.com/search?btnI=I%27m+Feeling+Lucky&ie=UTF-8&oe=UTF-8&q=");
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("general.useragent.vendor", "Firefox");
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("general.useragent.vendorSub",
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("browser.shell.checkDefaultBrowser", false);
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("browser.startup.homepage", "resource:/browserconfig.properties");
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("browser.startup.homepage_reset", "resource:/browserconfig.properties");
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("browser.update.resetHomepage", false);
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("browser.startup.homepage_override.1", false);
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("browser.turbo.enabled", false);
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("browser.search.defaulturl", "chrome://browser-region/locale/region.properties");
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://browser/content/searchconfig.properties");
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://browser/content/searchconfig.properties");
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("browser.search.order.Yahoo.1", "chrome://browser/content/searchconfig.properties");
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("browser.search.order.Yahoo.2", "chrome://browser/content/searchconfig.properties");
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("browser.search.order.Yahoo", "chrome://browser/content/searchconfig.properties");
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("browser.search.basic.min_ver", "0.0");
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("browser.tabs.opentabfor.urlbar", true);
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("browser.tabs.showSingleWindowModePrefs", false);
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("browser.related.enabled", true);
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("browser.related.autoload", 1); // 0 = Always, 1 = After first use, 2 = Never
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("browser.related.provider", "http://www-rl.netscape.com/wtgn?");
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("browser.related.disabledForDomains", "");
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("browser.goBrowsing.enabled", true);
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("dom.disable_window_open_feature.location", false);
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("browser.trim_user_and_password", true);
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("network.cookie.enableForCurrentSessionOnly", false);
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("browser.throbber.url","chrome://browser-region/locale/region.properties");
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("alerts.height", 50);
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("update_notifications.enabled", true);
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("update_notifications.provider.0.frequency", 7); // number of days
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("update_notifications.provider.0.datasource", "chrome://browser-region/locale/region.properties");
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("browser.xul.error_pages.enabled", false);
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("signon.SignonFileName", "signons.txt");
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("security.warn_entering_secure.show_once", true);
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("security.warn_leaving_secure.show_once", true);
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("security.warn_submit_insecure.show_once", true);
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("pfs.datasource.url", "chrome://mozapps/locale/plugins/plugins.properties");
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-31 13:19:11
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1028)
c:\windows\system32\Ati2evxx.dll
c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll
c:\program files\Intel\Wireless\Bin\LgNotify.dll
.
Completion time: 2008-12-31 13:20:58
ComboFix-quarantined-files.txt 2008-12-31 13:19:56

Pre-Run: 40,615,587,840 bytes free
Post-Run: 40,905,080,832 bytes free

342 --- E O F --- 2008-12-13 01:05:02


Report •

#5
December 31, 2008 at 14:24:41

You should reset you router if you have one, there is usually a button on the back that will reset it. If not go online and do a search for resetting your type of router.

Empty the restore folder. Go to start>control panel>system>system restore tab>check the box beside "turn off system restore>apply (takes a minute)>ok. Go back and uncheck the box to turn system restore back on>apply>ok.


Download ATF Cleaner from this link:
http://www.majorgeeks.com/ATF_Cleaner_d4949.html
Run ATF-Cleaner
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

Run an online scan with Kaspersky from the following link:
Kaspersky Online Scanner

Note: If you have used this particular scanner before, you MAY HAVE TO UNINSTALL the program through Add/Remove Programs before downloading the new ActiveX component

1. Click Accept, when prompted to download and install the program files and database of malware definitions.
2. Click Run at the Security prompt.
The program will then begin downloading and installing and will also update the database.
Please be patient as this can take several minutes.
3.Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
4. Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
5. Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
6. Click View scan report at the bottom.
7. Click the Save Report As... button.
8. Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.
**Note**

To optimize scanning time and produce a more sensible report for review:
Close any open programs.
Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.
Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.


Report •

#6
December 31, 2008 at 17:17:18
Hi jabuck,

Here is my Kaspersky scan report. It seems clear, but google still has the same problems.

----------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Thursday, January 1, 2009
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Wednesday, December 31, 2008 20:57:38
Records in database: 1539841
----------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\

Scan statistics:
Files scanned: 62042
Threat name: 0
Infected objects: 0
Suspicious objects: 0
Duration of the scan: 01:25:28

No malware has been detected. The scan area is clean.

The selected area was scanned.


Report •

#7
December 31, 2008 at 18:58:57
Did you reset the router, if you have one?

Once you get SDFix downloaded go offline, turn off your antivirus, and turn off any antispyware that you have, run SDFix from safe mode and restart the Antivirus before you get back on line to post the log.

Download SDFix.exe and save it to your Desktop.
Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with SDFix or remove some of its embedded files which may cause "unpredictable results".
Click on This Link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
Remember to re-enable the protection again afterwards before connecting to the Internet.

1.Double click SDFix.exe and choose Install to extract it to its own folder on the Desktop. Please then reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Choose your usual account.
2. Open the c:\SDFix folder and double click RunThis.cmd to start the script.
Type Y to begin the script.
It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
3. Your system will take longer that normal to restart as the fixtool will be running and removing files.
When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.
4. Finally open the SDFix folder on your desktop and copy and paste the contents of the results file Report.txt


Report •

#8
January 1, 2009 at 02:37:11
I did restart my router by flicking the switch off and then on.

Here is my SDfix report:


[b]SDFix: Version 1.240 [/b]
Run by Jay on 01/01/2009 at 10:06

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

[b]Checking Services [/b]:


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


[b]Checking Files [/b]:

No Trojan Files Found

Removing Temp Files

[b]ADS Check [/b]:


MalwayeBytes' Anti-Malware did pick up 11 files in its initial scan which were quarantined (authored by Adware.MyWebSearch). Does this provide any further clues?


Report •

#9
January 1, 2009 at 06:07:52
No it doesn't. It is probably a plugin in your firefox browser. Go to this link for info on firefox plugin and remove all of them, they can be reinstalled later if needed.

Firebit is a known baddie.

Mozilla Firefox Plugins


Report •

#10
January 1, 2009 at 06:40:35
I don't know how to remove the plug ins using the link you provided, but I uninstalled FireFox. Problem still persists (damn!).
Should I just remove the files from quarantine and delete them instead? or will that ruin my system (some of them are registry keys)?


Report •

#11
January 1, 2009 at 07:59:05
They are not active from quarantine but you can delete them, then be sure to empty the trash bin if you do. Those files and resistry entries are not the source of your problem. It is mostly likely a rootkit.

What is the name and model of you router, we need to make sure it was reset properly.


Download OTScanIt2 to your Desktop from the following link:

OTScanIt2 by oldtimer

Double-click on it to extract the files. It will create a folder named OTScanIt2 on your desktop.

Open the OTScanIt2 folder and double-click on OTScanIt.exe to start the program. Make sure you close all other programs and don't use the PC while the scan runs.
Under File Age at the top, change it from 30 days to 90 days
Under Additional Scans check the boxes beside Reg - ColumnHandlers, Reg - Desktop Components, Reg - Disabled MS Config Items, Reg - File Associations, Reg - NetSvcs, Reg - Protocol Filters, Reg - Protocol Handlers, Reg - SafeBoot Minimal, Reg - SafeBoot Network, Reg - Session Manager Settings, Reg - Winsock2 Catalogs, File - Lop Check, File - Purity Scan, Files - Signature Check, and Evnt - EventViewer Logs ( Last 10 Errors).
Under Rootkit Search change it to Yes
Under the Custom Scans box at the bottom left paste the following in

%systemroot%\Prefetch\*.* /s
%systemroot%\system32\drivers\*.dat
%systemroot%\Temp\bca4e2da.$$$
%systemroot%\Temp\ed47fa.$
%systemroot%\Temp\fa56d7ec.$$$
%systemroot%\System32\antiwpa.dll
%PROGRAMFILES%\*crack*.
%PROGRAMFILES%\*keygen*.
%SYSTEMDRIVE%\*crack*.
%SYSTEMDRIVE%\*keygen*.
%SYSTEMDRIVE%\*.zip
%SYSTEMDRIVE%\*.rar
%SYSTEMDRIVE%\*.exe
%SYSTEMDRIVE%\*.dll
%systemroot%\*.zip
%systemroot%\*.rar
%systemroot%\system32\*.zip
%systemroot%\system32\*.rar
%PROGRAMFILES%\*.zip
%PROGRAMFILES%\*.rar
%PROGRAMFILES%\*.exe
%PROGRAMFILES%\*.dll
%DESKTOP%\*.zip
%DESKTOP%\*.rar
%DESKTOP%\*.exe
%PROGRAMFILES%\Common Files\*.*
%PROGRAMFILES%\Common Files\*bak*.
%systemroot%\SYSTEM32\*bak*.
%PROGRAMFILES%\*bak*.
%USERNAME%\*.zip
%USERNAME%\*.rar
%USERNAME%\*.exe
%USERPROFILE%\*.zip
%USERPROFILE%\*.rar
%USERPROFILE%\*.exe
%ALLUSERSPROFILE%\*.zip
%ALLUSERSPROFILE%\*.rar
%ALLUSERSPROFILE%\*.exe
%APPDATA%\*.zip
%APPDATA%\*.rar
%APPDATA%\*.exe
%ALLUSERSSTARTMENU%\*.zip
%ALLUSERSSTARTMENU%\*.rar
%ALLUSERSSTARTMENU%\*.exe
%ALLUSERSSTARTUP%\*.zip
%ALLUSERSSTARTUP%\*.rar
%ALLUSERSSTARTUP%\*.exe
%ALLUSERSPROGRAMS%\*.zip
%ALLUSERSPROGRAMS%\*.rar
%ALLUSERSPROGRAMS%\*.exe
%ALLUSERSAPPDATA%\*.zip
%ALLUSERSAPPDATA%\*.rar
%ALLUSERSAPPDATA%\*.exe
%APPDATA%\*.zip
%APPDATA%\*.rar
%APPDATA%\*.exe
%APPDATA%\*.dat
%APPDATA%\*.dll
%QUICKLAUNCH%\*.zip
%QUICKLAUNCH%\*.rar
%QUICKLAUNCH%\*.exe
%STARTUP%\*.zip
%STARTUP%\*.rar
%STARTUP%\*.exe
%STARTMENU%\*.zip
%STARTMENU%\*.rar
%STARTMENU%\*.exe
%MYDOCUMENTS%\*.zip
%MYDOCUMENTS%\*.rar
%MYDOCUMENTS%\*.exe
%PROGRAMFILES%\Mozilla Firefox\plugins\*.*
%PROGRAMFILES%\Internet Explorer\*.*
%PROGRAMFILES%\Mozilla Firefox\*.zip /s
%PROGRAMFILES%\Mozilla Firefox\*.rar /s
%PROGRAMFILES%\Mozilla Firefox\*.exe /s
%PROGRAMFILES%\Internet Explorer\*.zip /s
%PROGRAMFILES%\Internet Explorer\*.rar /s
%PROGRAMFILES%\Internet Explorer\*.exe /s
%SYSTEMDRIVE%\*.dat
%SYSTEMDRIVE%\*.sys
%SYSTEMROOT%\*.dat
%SYSTEMROOT%\*.sys
%systemroot%\system32\drivers\*.exe /s
%systemroot%\system32\drivers\*.zip /s
%systemroot%\system32\drivers\*.rar /s
%systemroot%\system\*.exe /s
%systemroot%\system\*.zip /s
%systemroot%\system\*.rar /s
%systemroot%\AppPatch\*.exe /s
%systemroot%\AppPatch\*.zip /s
%systemroot%\AppPatch\*.rar /s
%systemroot%\Cache\*.*
%systemroot%\Downloaded Program Files\*.*
%systemroot%\Fonts\*.exe /s
%systemroot%\Fonts\*.zip /s
%systemroot%\Fonts\*.rar /s
%systemroot%\Fonts\*.dll /s
%systemroot%\Help\*.exe /s
%systemroot%\Help\*.zip /s
%systemroot%\Help\*.rar /s
%systemroot%\Tasks\*.*
%APPDATA%\*.sys
%systemroot%\system32\serauth1.dll
%systemroot%\system32\serauth2.dll
%systemroot%\system32\sysaudio.sys
%PROGRAMFILES%\*TinyProxy*.
%PROGRAMFILES%\Bitlord\Downloads\*.zip /s
%PROGRAMFILES%\Bitlord\Downloads\*.rar /s
%PROGRAMFILES%\Bitlord\Downloads\*.exe /s
%PROGRAMFILES%\Bitlord\Downloads\*crack*.
%PROGRAMFILES%\Bitlord\Downloads\*keygen*.
%PROGRAMFILES%\eMule\Incoming\*.zip /s
%PROGRAMFILES%\eMule\Incoming\*.rar /s
%PROGRAMFILES%\eMule\Incoming\*.exe /s
%PROGRAMFILES%\eMule\Incoming\*crack*.
%PROGRAMFILES%\eMule\Incoming\*keygen*.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla|extensions /rs

Now click the Run Scan button on the toolbar. Make sure not to use the PC while the program is running or it will freeze.
When the scan is complete Notepad will open with the report file loaded in it.


Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.

This will be a large file and may take several post to get it all posted.


Report •

#12
January 1, 2009 at 08:34:52
[code]
OTScanIt2 logfile created on: 01/01/2009 16:20:57 - Run 1
OTScanIt2 by OldTimer - Version 1.0.4.2 Folder = C:\Documents and Settings\Jay\Desktop\virus removal\OTScanIt2
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1023.40 Mb Total Physical Memory | 555.22 Mb Available Physical Memory | 54.25% Memory free
2.40 Gb Paging File | 2.00 Gb Available in Paging File | 83.12% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.10 Gb Total Space | 41.49 Gb Free Space | 58.35% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive Z: | 74.42 Gb Total Space | 22.95 Gb Free Space | 30.84% Space Free | Partition Type: NTFS

Computer Name: JAY1954
Current User Name: Jay
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On
File Age = 90 Days

[Processes - Safe List]
1xconfig.exe -> %ProgramFiles%\Intel\Wireless\Bin\1XConfig.exe -> [2004/09/07 16:03:40 | 00,245,760 | ---- | M] (Intel)
acrotray.exe -> %ProgramFiles%\Adobe\Acrobat 6.0\Distillr\acrotray.exe -> [2003/05/15 01:19:50 | 00,217,193 | ---- | M] (Adobe Systems Inc.)
aolacsd.exe -> %CommonProgramFiles%\AOL\ACS\AOLacsd.exe -> [2004/02/25 10:55:34 | 01,123,440 | ---- | M] (America Online, Inc.)
apntex.exe -> %ProgramFiles%\Apoint\ApntEx.exe -> [2004/08/19 14:40:08 | 00,045,056 | ---- | M] (Alps Electric Co., Ltd.)
apoint.exe -> %ProgramFiles%\Apoint\Apoint.exe -> [2004/09/13 16:33:20 | 00,155,648 | ---- | M] (Alps Electric Co., Ltd.)
ati2evxx.exe -> %SystemRoot%\system32\ati2evxx.exe -> [2005/08/04 04:02:58 | 00,380,928 | ---- | M] (ATI Technologies Inc.)
ati2evxx.exe -> %SystemRoot%\system32\ati2evxx.exe -> [2005/08/04 04:02:58 | 00,380,928 | ---- | M] (ATI Technologies Inc.)
atiptaxx.exe -> %ProgramFiles%\ATI Technologies\ATI Control Panel\atiptaxx.exe -> [2005/08/05 20:05:00 | 00,344,064 | ---- | M] (ATI Technologies, Inc.)
dlg.exe -> %ProgramFiles%\Digital Line Detect\DLG.exe -> [2003/10/29 03:06:00 | 00,024,576 | ---- | M] (BVRP Software)
dmxlauncher.exe -> %ProgramFiles%\Dell\Media Experience\DMXLauncher.exe -> [2005/01/27 01:02:00 | 00,086,016 | ---- | M] ()
dsagnt.exe -> %ProgramFiles%\DellSupport\DSAgnt.exe -> [2007/03/15 10:09:36 | 00,460,784 | ---- | M] (Gteko Ltd.)
dvdlauncher.exe -> %ProgramFiles%\CyberLink\PowerDVD\DVDLauncher.exe -> [2005/02/23 16:19:56 | 00,053,248 | ---- | M] (CyberLink Corp.)
evteng.exe -> %ProgramFiles%\Intel\Wireless\Bin\EvtEng.exe -> [2004/09/07 16:02:40 | 00,086,016 | ---- | M] (Intel Corporation)
iexplore.exe -> %ProgramFiles%\Internet Explorer\iexplore.exe -> [2008/10/15 07:06:26 | 00,633,632 | ---- | M] (Microsoft Corporation)
ifrmewrk.exe -> %ProgramFiles%\Intel\Wireless\Bin\iFrmewrk.exe -> [2004/10/30 14:59:54 | 00,385,024 | ---- | M] (Intel Corporation)
issch.exe -> %CommonProgramFiles%\InstallShield\UpdateService\issch.exe -> [2004/07/27 16:50:18 | 00,081,920 | ---- | M] (InstallShield Software Corporation)
jqs.exe -> %ProgramFiles%\Java\jre6\bin\jqs.exe -> [2008/12/31 13:00:05 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.)
jusched.exe -> %ProgramFiles%\Java\jre6\bin\jusched.exe -> [2008/12/31 13:00:06 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.)
mcagent.exe -> %ProgramFiles%\McAfee.com\Agent\mcagent.exe -> [2007/08/03 22:33:14 | 00,582,992 | ---- | M] (McAfee, Inc.)
mcmscsvc.exe -> %ProgramFiles%\McAfee\MSC\mcmscsvc.exe -> [2008/01/09 15:50:22 | 00,767,976 | ---- | M] (McAfee, Inc.)
mcnasvc.exe -> %CommonProgramFiles%\McAfee\MNA\McNASvc.exe -> [2008/01/25 00:38:12 | 02,458,128 | ---- | M] (McAfee, Inc.)
mcproxy.exe -> %CommonProgramFiles%\McAfee\McProxy\McProxy.exe -> [2007/08/15 12:36:04 | 00,359,248 | ---- | M] (McAfee, Inc.)
mcsacore.exe -> %ProgramFiles%\McAfee\SiteAdvisor\McSACore.exe -> [2008/12/05 15:51:06 | 00,206,096 | ---- | M] ()
mcshield.exe -> %ProgramFiles%\McAfee\VirusScan\Mcshield.exe -> [2007/07/24 12:02:14 | 00,144,704 | ---- | M] (McAfee, Inc.)
mcsysmon.exe -> %ProgramFiles%\McAfee\VirusScan\mcsysmon.exe -> [2007/12/05 09:04:10 | 00,695,624 | ---- | M] (McAfee, Inc.)
mdm.exe -> %CommonProgramFiles%\Microsoft Shared\VS7DEBUG\MDM.EXE -> [2003/06/19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation)
mpfsrv.exe -> %ProgramFiles%\McAfee\MPF\MpfSrv.exe -> [2007/07/18 15:54:42 | 00,856,864 | ---- | M] (McAfee, Inc.)
msksrver.exe -> %ProgramFiles%\McAfee\MSK\msksrver.exe -> [2007/11/26 09:46:14 | 00,023,880 | ---- | M] (McAfee, Inc.)
msmsgs.exe -> %ProgramFiles%\Messenger\msmsgs.exe -> [2008/04/14 00:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
nicconfigsvc.exe -> %ProgramFiles%\Dell\NicConfigSvc\NicConfigSvc.exe -> [2005/03/03 23:29:02 | 00,356,352 | ---- | M] (Dell Inc.)
otscanit2.exe -> %UserProfile%\Desktop\virus removal\OTScanIt2\OTScanIt2.exe -> [2008/12/29 14:23:14 | 00,477,696 | ---- | M] (OldTimer Tools)
realplay.exe -> %ProgramFiles%\Real\RealPlayer\realplay.exe -> [2005/11/10 17:50:27 | 00,026,112 | ---- | M] (RealNetworks, Inc.)
regsrvc.exe -> %ProgramFiles%\Intel\Wireless\Bin\RegSrvc.exe -> [2004/09/07 16:02:04 | 00,139,264 | ---- | M] (Intel Corporation)
s24evmon.exe -> %ProgramFiles%\Intel\Wireless\Bin\S24EvMon.exe -> [2004/09/07 16:05:10 | 00,360,521 | ---- | M] (Intel Corporation )
sqlmangr.exe -> %ProgramFiles%\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe -> [2005/05/03 22:07:32 | 00,081,920 | ---- | M] (Microsoft Corporation)
sqlservr.exe -> %ProgramFiles%\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe -> [2005/05/04 00:04:28 | 09,150,464 | ---- | M] (Microsoft Corporation)
tfswctrl.exe -> %SystemRoot%\system32\dla\tfswctrl.exe -> [2004/12/06 01:05:00 | 00,127,035 | ---- | M] (Sonic Solutions)
wdbtnmgrsvc.exe -> %ProgramFiles%\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe -> [2008/01/30 04:52:22 | 00,106,496 | ---- | M] (WDC)
wdbtnmgrui.exe -> %ProgramFiles%\Western Digital\WD Drive Manager\WDBtnMgrUI.exe -> [2008/01/30 04:50:26 | 00,438,272 | ---- | M] (WDC)
wlkeeper.exe -> %ProgramFiles%\Intel\Wireless\Bin\WLKEEPER.exe -> [2004/09/07 16:12:32 | 00,225,353 | ---- | M] (Intel® Corporation)
wmiprvse.exe -> %SystemRoot%\system32\wbem\wmiprvse.exe -> [2008/04/14 00:12:40 | 00,218,112 | ---- | M] (Microsoft Corporation)
zcfgsvc.exe -> %ProgramFiles%\Intel\Wireless\Bin\ZCfgSvc.exe -> [2004/09/07 16:08:02 | 00,389,120 | ---- | M] (Intel Corporation)

[Win32 Services - Safe List]
(AOL ACS) AOL Connectivity Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\AOL\ACS\AOLacsd.exe -> [2004/02/25 10:55:34 | 01,123,440 | ---- | M] (America Online, Inc.)
(aspnet_state) ASP.NET State Service [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -> [2007/10/24 00:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation)
(Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Auto | Running] -> %SystemRoot%\system32\ati2evxx.exe -> [2005/08/04 04:02:58 | 00,380,928 | ---- | M] (ATI Technologies Inc.)
(clr_optimization_v2.0.50727_32) .NET Runtime Optimization Service v2.0.50727_X86 [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -> [2007/10/24 00:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation)
(DSBrokerService) DSBrokerService [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\DellSupport\brkrsvc.exe -> [2007/03/07 14:47:46 | 00,076,848 | ---- | M] ()
(EvtEng) EvtEng [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Wireless\Bin\EvtEng.exe -> [2004/09/07 16:02:40 | 00,086,016 | ---- | M] (Intel Corporation)
(GoToAssist) GoToAssist [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Citrix\GoToAssist\514\g2aservice.exe -> [2008/09/11 11:15:25 | 00,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.)
(helpsvc) Help and Support [Win32_Shared | Auto | Running] -> %SystemRoot%\pchealth\helpctr\binaries\pchsvc.dll -> [2008/04/14 00:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation)
(JavaQuickStarterService) Java Quick Starter [Win32_Own | Auto | Running] -> %ProgramFiles%\Java\jre6\bin\jqs.exe -> [2008/12/31 13:00:05 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.)
(McAfee SiteAdvisor Service) McAfee SiteAdvisor Service [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee\SiteAdvisor\McSACore.exe -> [2008/12/05 15:51:06 | 00,206,096 | ---- | M] ()
(mcmscsvc) McAfee Services [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee\MSC\mcmscsvc.exe -> [2008/01/09 15:50:22 | 00,767,976 | ---- | M] (McAfee, Inc.)
(McNASvc) McAfee Network Agent [Win32_Own | Auto | Running] -> %CommonProgramFiles%\McAfee\MNA\McNASvc.exe -> [2008/01/25 00:38:12 | 02,458,128 | ---- | M] (McAfee, Inc.)
(McODS) McAfee Scanner [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\McAfee\VirusScan\mcods.exe -> [2007/11/07 08:35:40 | 00,378,184 | ---- | M] (McAfee, Inc.)
(McProxy) McAfee Proxy Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\McAfee\McProxy\McProxy.exe -> [2007/08/15 12:36:04 | 00,359,248 | ---- | M] (McAfee, Inc.)
(McShield) McAfee Real-time Scanner [Win32_Own | Unknown | Running] -> %ProgramFiles%\McAfee\VirusScan\Mcshield.exe -> [2007/07/24 12:02:14 | 00,144,704 | ---- | M] (McAfee, Inc.)
(McSysmon) McAfee SystemGuards [Win32_Own | On_Demand | Running] -> %ProgramFiles%\McAfee\VirusScan\mcsysmon.exe -> [2007/12/05 09:04:10 | 00,695,624 | ---- | M] (McAfee, Inc.)
(MDM) Machine Debug Manager [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Microsoft Shared\VS7DEBUG\MDM.EXE -> [2003/06/19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation)
(MpfService) McAfee Personal Firewall Service [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee\MPF\MpfSrv.exe -> [2007/07/18 15:54:42 | 00,856,864 | ---- | M] (McAfee, Inc.)
(MSK80Service) McAfee SpamKiller Service [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee\MSK\msksrver.exe -> [2007/11/26 09:46:14 | 00,023,880 | ---- | M] (McAfee, Inc.)
(MSSQL$MICROSOFTSMLBIZ) MSSQL$MICROSOFTSMLBIZ [Win32_Own | Auto | Running] -> %ProgramFiles%\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe -> [2005/05/04 00:04:28 | 09,150,464 | ---- | M] (Microsoft Corporation)
(MSSQLServerADHelper) MSSQLServerADHelper [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe -> [2005/05/03 22:50:28 | 00,073,728 | ---- | M] (Microsoft Corporation)
(NICCONFIGSVC) NICCONFIGSVC [Win32_Own | Auto | Running] -> %ProgramFiles%\Dell\NicConfigSvc\NicConfigSvc.exe -> [2005/03/03 23:29:02 | 00,356,352 | ---- | M] (Dell Inc.)
(ose) Office Source Engine [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Microsoft Shared\Source Engine\OSE.EXE -> [2003/07/28 12:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation)
(RegSrvc) RegSrvc [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Wireless\Bin\RegSrvc.exe -> [2004/09/07 16:02:04 | 00,139,264 | ---- | M] (Intel Corporation)
(S24EventMonitor) Spectrum24 Event Monitor [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Wireless\Bin\S24EvMon.exe -> [2004/09/07 16:05:10 | 00,360,521 | ---- | M] (Intel Corporation )
(SQLAgent$MICROSOFTSMLBIZ) SQLAgent$MICROSOFTSMLBIZ [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlagent.EXE -> [2005/05/03 21:42:56 | 00,323,584 | ---- | M] (Microsoft Corporation)
(WDBtnMgrSvc.exe) WD Drive Manager Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe -> [2008/01/30 04:52:22 | 00,106,496 | ---- | M] (WDC)
(WLANKEEPER) WLANKEEPER [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Wireless\Bin\WLKEEPER.exe -> [2004/09/07 16:12:32 | 00,225,353 | ---- | M] (Intel® Corporation)
(WMPNetworkSvc) Windows Media Player Network Sharing Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Windows Media Player\wmpnetwk.exe -> [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation)
(WudfSvc) Windows Driver Foundation - User-mode Driver Framework [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\WudfSvc.dll -> [2006/09/28 18:56:14 | 00,055,808 | ---- | M] (Microsoft Corporation)

[Driver Services - Safe List]
(AegisP) AEGIS Protocol (IEEE 802.1x) v3.1.0.1 [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\AegisP.sys -> [2005/11/10 17:43:59 | 00,017,056 | ---- | M] (Meetinghouse Data Communications)
(AliIde) AliIde [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\aliide.sys -> [2001/08/17 13:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.)
(amdagp) AMD AGP Bus Filter Driver [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\amdagp.sys -> [2008/04/13 18:36:39 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.)
(ApfiltrService) Alps Touch Pad Filter Driver for Windows 2000/XP [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\Apfiltr.sys -> [2004/11/16 16:03:52 | 00,108,791 | ---- | M] (Alps Electric Co., Ltd.)
(APPDRV) APPDRV [Kernel | System | Running] -> %SystemRoot%\system32\drivers\APPDRV.SYS -> [2004/08/18 14:53:54 | 00,016,128 | ---- | M] (Dell Inc)
(asc) asc [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\asc.sys -> [2001/08/17 13:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.)
(asc3550) asc3550 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\asc3550.sys -> [2001/08/17 13:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.)
(ASCTRM) ASCTRM [Kernel | Auto | Running] -> %SystemRoot%\System32\drivers\asctrm.sys -> [2005/11/10 17:50:29 | 00,008,552 | ---- | M] (Windows (R) 2000 DDK provider)
(ati2mtag) ati2mtag [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ati2mtag.sys -> [2005/08/04 04:10:18 | 01,273,344 | ---- | M] (ATI Technologies Inc.)
(bcm4sbxp) Broadcom 440x 10/100 Integrated Controller XP Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\bcm4sbxp.sys -> [2004/05/26 20:18:18 | 00,044,928 | ---- | M] (Broadcom Corporation)
(CmdIde) CmdIde [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\cmdide.sys -> [2001/08/17 13:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.)
(dac2w2k) dac2w2k [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dac2w2k.sys -> [2001/08/17 13:52:16 | 00,179,584 | ---- | M] (Mylex Corporation)
(drvmcdb) drvmcdb [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\drvmcdb.sys -> [2004/12/01 03:22:00 | 00,087,488 | ---- | M] (Sonic Solutions)
(drvnddm) drvnddm [File_System | Auto | Running] -> %SystemRoot%\system32\drivers\drvnddm.sys -> [2004/11/23 02:56:00 | 00,040,480 | ---- | M] (Sonic Solutions)
(DSproct) DSproct [Kernel | On_Demand | Running] -> %ProgramFiles%\DellSupport\GTAction\triggers\DSproct.sys -> [2006/10/05 15:07:28 | 00,004,736 | ---- | M] (Gteko Ltd.)
(dsunidrv) DellSupport UniDriver [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\dsunidrv.sys -> [2007/02/25 11:10:48 | 00,005,376 | --S- | M] (Gteko Ltd.)
(E100B) Intel(R) PRO Adapter Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\e100b325.sys -> [2001/08/17 12:12:10 | 00,117,760 | ---- | M] (Intel Corporation)
(HSFHWICH) HSFHWICH [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\HSFHWICH.sys -> [2004/06/17 20:57:02 | 00,200,064 | ---- | M] (Conexant Systems, Inc.)
(HSF_DP) HSF_DP [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\HSF_DP.sys -> [2004/06/17 20:55:04 | 01,041,536 | ---- | M] (Conexant Systems, Inc.)
(IWCA) Intel Wireless Connection Agent Miniport for Win XP [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\iwca.sys -> [2004/08/12 08:44:04 | 00,234,496 | ---- | M] (Intel Corporation)
(mdmxsdk) mdmxsdk [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\mdmxsdk.sys -> [2004/03/17 18:04:14 | 00,013,059 | ---- | M] (Conexant)
(mfeavfk) McAfee Inc. mfeavfk [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\mfeavfk.sys -> [2007/11/22 05:44:08 | 00,079,304 | ---- | M] (McAfee, Inc.)
(mfebopk) McAfee Inc. mfebopk [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\mfebopk.sys -> [2007/11/22 05:44:08 | 00,035,240 | ---- | M] (McAfee, Inc.)
(mfehidk) McAfee Inc. mfehidk [Kernel | System | Running] -> %SystemRoot%\system32\drivers\mfehidk.sys -> [2007/11/22 05:44:08 | 00,201,320 | ---- | M] (McAfee, Inc.)
(mferkdk) McAfee Inc. mferkdk [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\mferkdk.sys -> [2007/11/22 05:44:04 | 00,033,832 | ---- | M] (McAfee, Inc.)
(mfesmfk) McAfee Inc. mfesmfk [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\mfesmfk.sys -> [2007/12/02 11:51:42 | 00,040,488 | ---- | M] (McAfee, Inc.)
(MPFP) MPFP [Kernel | System | Running] -> %SystemRoot%\system32\drivers\Mpfp.sys -> [2007/07/13 09:20:24 | 00,113,952 | ---- | M] (McAfee, Inc.)
(mraid35x) mraid35x [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\mraid35x.sys -> [2001/08/17 13:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.)
(nv) nv [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\nv4_mini.sys -> [2004/08/03 22:29:56 | 01,897,408 | ---- | M] (NVIDIA Corporation)
(omci) OMCI WDM Device Driver [Kernel | System | Running] -> %SystemRoot%\system32\drivers\omci.sys -> [2004/02/13 16:46:00 | 00,017,153 | ---- | M] (Dell Inc)
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ptilink.sys -> [2004/08/04 05:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.)
(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\pxhelp20.sys -> [2005/01/26 02:03:00 | 00,020,576 | ---- | M] (Sonic Solutions)
(ql1080) ql1080 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\ql1080.sys -> [2001/08/17 13:52:20 | 00,040,320 | ---- | M] (QLogic Corporation)
(ql12160) ql12160 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\ql12160.sys -> [2001/08/17 13:52:20 | 00,045,312 | ---- | M] (QLogic Corporation)
(ql1280) ql1280 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\ql1280.sys -> [2001/08/17 13:52:18 | 00,049,024 | ---- | M] (QLogic Corporation)
(s24trans) WLAN Transport [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\s24trans.sys -> [2004/08/31 08:53:04 | 00,011,354 | ---- | M] (Intel Corporation)
(sdbus) sdbus [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\sdbus.sys -> [2008/04/13 18:36:44 | 00,079,232 | ---- | M] (Microsoft Corporation)
(Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\secdrv.sys -> [2007/11/13 10:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
(sffdisk) SFF Storage Class Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\sffdisk.sys -> [2008/04/13 18:40:47 | 00,011,904 | ---- | M] (Microsoft Corporation)
(sffp_sd) SFF Storage Protocol Driver for SDBus [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\sffp_sd.sys -> [2008/04/13 18:40:47 | 00,011,008 | ---- | M] (Microsoft Corporation)
(sisagp) SIS AGP Bus Filter [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\sisagp.sys -> [2008/04/13 18:36:39 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation)
(Sparrow) Sparrow [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\sparrow.sys -> [2001/08/17 14:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.)
(sscdbhk5) sscdbhk5 [File_System | System | Running] -> %SystemRoot%\system32\drivers\sscdbhk5.sys -> [2004/07/14 11:29:04 | 00,005,627 | ---- | M] (Sonic Solutions)
(ssrtln) ssrtln [File_System | System | Running] -> %SystemRoot%\system32\drivers\ssrtln.sys -> [2004/07/14 11:28:50 | 00,023,545 | ---- | M] (Sonic Solutions)
(STAC97) SigmaTel C-Major Audio [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\STAC97.sys -> [2005/03/10 22:56:06 | 00,273,168 | ---- | M] (SigmaTel, Inc.)
(symc810) symc810 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\symc810.sys -> [2001/08/17 14:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.)
(symc8xx) symc8xx [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\symc8xx.sys -> [2001/08/17 14:07:36 | 00,032,640 | ---- | M] (LSI Logic)
(sym_hi) sym_hi [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\sym_hi.sys -> [2001/08/17 14:07:40 | 00,028,384 | ---- | M] (LSI Logic)
(sym_u3) sym_u3 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\sym_u3.sys -> [2001/08/17 14:07:42 | 00,030,688 | ---- | M] (LSI Logic)
(tfsnboio) tfsnboio [File_System | Auto | Running] -> %SystemRoot%\system32\dla\tfsnboio.sys -> [2004/12/06 01:05:00 | 00,025,883 | ---- | M] (Sonic Solutions)
(tfsncofs) tfsncofs [File_System | Auto | Running] -> %SystemRoot%\system32\dla\tfsncofs.sys -> [2004/12/06 01:05:00 | 00,034,843 | ---- | M] (Sonic Solutions)
(tfsndrct) tfsndrct [File_System | Auto | Running] -> %SystemRoot%\system32\dla\tfsndrct.sys -> [2004/12/06 01:05:00 | 00,004,123 | ---- | M] (Sonic Solutions)
(tfsndres) tfsndres [File_System | Auto | Running] -> %SystemRoot%\system32\dla\tfsndres.sys -> [2004/12/06 01:05:00 | 00,002,239 | ---- | M] (Sonic Solutions)
(tfsnifs) tfsnifs [File_System | Auto | Running] -> %SystemRoot%\system32\dla\tfsnifs.sys -> [2004/12/06 01:05:00 | 00,086,586 | ---- | M] (Sonic Solutions)
(tfsnopio) tfsnopio [File_System | Auto | Running] -> %SystemRoot%\system32\dla\tfsnopio.sys -> [2004/12/06 01:05:00 | 00,015,227 | ---- | M] (Sonic Solutions)
(tfsnpool) tfsnpool [File_System | Auto | Running] -> %SystemRoot%\system32\dla\tfsnpool.sys -> [2004/12/06 01:05:00 | 00,006,363 | ---- | M] (Sonic Solutions)
(tfsnudf) tfsnudf [File_System | Auto | Running] -> %SystemRoot%\system32\dla\tfsnudf.sys -> [2004/12/06 01:05:00 | 00,098,714 | ---- | M] (Sonic Solutions)
(tfsnudfa) tfsnudfa [File_System | Auto | Running] -> %SystemRoot%\system32\dla\tfsnudfa.sys -> [2004/12/06 01:05:00 | 00,100,603 | ---- | M] (Sonic Solutions)
(ultra) ultra [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\ultra.sys -> [2001/08/17 13:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.)
(w29n51) Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows XP [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\w29n51.sys -> [2004/10/21 20:56:04 | 03,210,496 | ---- | M] (Intel® Corporation)
(w800bus) Sony Ericsson W800 driver (WDM) [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\w800bus.sys -> [2005/06/13 09:03:12 | 00,060,768 | ---- | M] (MCCI)
(w800mdfl) Sony Ericsson W800 USB WMC Modem Filter [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\w800mdfl.sys -> [2005/06/13 09:05:08 | 00,009,264 | ---- | M] (MCCI)
(w800mdm) Sony Ericsson W800 USB WMC Modem Drivers [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\w800mdm.sys -> [2005/06/13 09:05:16 | 00,096,224 | ---- | M] (MCCI)
(w800obex) Sony Ericsson W800 USB WMC OBEX Interface Drivers [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\w800obex.sys -> [2005/06/13 09:08:36 | 00,085,664 | ---- | M] (MCCI)
(wanatw) WAN Miniport (ATW) [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\wanatw4.sys -> [2003/01/10 16:13:04 | 00,033,588 | ---- | M] (America Online, Inc.)
(winachsf) winachsf [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\HSF_CNXT.sys -> [2004/06/17 20:55:38 | 00,685,056 | ---- | M] (Conexant Systems, Inc.)

Report •

#13
January 1, 2009 at 08:36:28

[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://go.microsoft.com/fwlink/?Lin... ->
HKEY_LOCAL_MACHINE\: Main\\"Default_Search_URL" -> http://go.microsoft.com/fwlink/?Lin... ->
HKEY_LOCAL_MACHINE\: Main\\"Default_Secondary_Page_URL" -> ->
HKEY_LOCAL_MACHINE\: Main\\"Extensions Off Page" -> about:NoAdd-ons ->
HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> %SystemRoot%\system32\blank.htm ->
HKEY_LOCAL_MACHINE\: Main\\"Search Page" -> http://go.microsoft.com/fwlink/?Lin... ->
HKEY_LOCAL_MACHINE\: Main\\"Security Risk Page" -> about:SecurityRisk ->
HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://go.microsoft.com/fwlink/?Lin... ->
HKEY_LOCAL_MACHINE\: Search\\"CustomizeSearch" -> http://ie.search.msn.com/{SUB_RFC17... ->
HKEY_LOCAL_MACHINE\: Search\\"SearchAssistant" -> http://ie.search.msn.com/{SUB_RFC17... ->
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> ->
HKEY_CURRENT_USER\: Main\\"Local Page" -> C:\WINDOWS\system32\blank.htm ->
HKEY_CURRENT_USER\: Main\\"Search Page" -> http://www.microsoft.com/isapi/redi... ->
HKEY_CURRENT_USER\: Main\\"Start Page" -> http://uk.msn.com/ ->
HKEY_CURRENT_USER\: "ProxyEnable" -> 0 ->
< FireFox Settings [Default Profile] > -> C:\Documents and Settings\Jay\Application Data\Mozilla\FireFox\Profiles\meu8w3lt.default\prefs.js ->
browser.search.selectedEngine -> "Google" ->
browser.startup.homepage_override.mstone -> "rv:1.7.10" ->
< HOSTS File > (686 bytes and 19 lines) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
127.0.0.1 localhost
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll [AcroIEHlprObj Class] -> [2003/05/15 00:47:54 | 00,050,376 | ---- | M] (Adobe Systems Incorporated)
{377C180E-6F0E-4D4C-980F-F45BD3D40CF4} [HKLM] -> %ProgramFiles%\McAfee\MSK\mcapbho.dll [McAfee Phishing Filter] -> [2007/11/26 09:46:10 | 00,324,936 | ---- | M] ()
{5CA3D70E-1895-11CF-8E15-001234567890} [HKLM] -> %SystemRoot%\system32\dla\tfswshx.dll [DriveLetterAccess] -> [2004/12/06 01:05:00 | 00,118,842 | ---- | M] (Sonic Solutions)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre6\bin\ssv.dll [Java(tm) Plug-In SSV Helper] -> [2008/12/31 13:00:07 | 00,320,920 | ---- | M] (Sun Microsystems, Inc.)
{7DB2D5A0-7241-4E79-B68D-6309F01C5231} [HKLM] -> %ProgramFiles%\McAfee\VirusScan\scriptsn.dll [scriptproxy] -> [2007/11/09 11:09:08 | 00,058,688 | ---- | M] (McAfee, Inc.)
{AE7CD045-E861-484f-8273-0445EE161910} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll [AcroIEToolbarHelper Class] -> [2003/05/15 01:03:46 | 00,147,456 | ---- | M] ()
{B164E929-A1B6-4A06-B104-2CD0E90A88FF} [HKLM] -> %ProgramFiles%\McAfee\SiteAdvisor\McIEPlg.dll [McAfee SiteAdvisor BHO] -> [2008/11/14 12:25:26 | 00,150,032 | ---- | M] ()
{DBC80044-A445-435b-BC74-9C25C1C588A9} [HKLM] -> %ProgramFiles%\Java\jre6\bin\jp2ssv.dll [Java(tm) Plug-In 2 SSV Helper] -> [2008/12/31 13:00:05 | 00,034,816 | ---- | M] (Sun Microsystems, Inc.)
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} [HKLM] -> %ProgramFiles%\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [JQSIEStartDetectorImpl Class] -> [2008/12/31 13:00:08 | 00,073,728 | ---- | M] (Sun Microsystems, Inc.)
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
"{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}" [HKLM] -> %ProgramFiles%\McAfee\SiteAdvisor\McIEPlg.dll [McAfee SiteAdvisor Toolbar] -> [2008/11/14 12:25:26 | 00,150,032 | ---- | M] ()
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" [HKLM] -> %ProgramFiles%\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> [2003/05/15 01:03:46 | 00,147,456 | ---- | M] ()
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
WebBrowser\\"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" [HKLM] -> %ProgramFiles%\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> [2003/05/15 01:03:46 | 00,147,456 | ---- | M] ()
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"AOL Spyware Protection" -> %CommonProgramFiles%\AOL\AOL Spyware Protection\AOLSP Scheduler.exe ["C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"] -> [2004/02/16 14:04:36 | 00,147,456 | ---- | M] (AOL Spyware Protection)
"Apoint" -> %ProgramFiles%\Apoint\Apoint.exe [C:\Program Files\Apoint\Apoint.exe] -> [2004/09/13 16:33:20 | 00,155,648 | ---- | M] (Alps Electric Co., Ltd.)
"ATIPTA" -> %ProgramFiles%\ATI Technologies\ATI Control Panel\atiptaxx.exe ["C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"] -> [2005/08/05 20:05:00 | 00,344,064 | ---- | M] (ATI Technologies, Inc.)
"dla" -> %SystemRoot%\system32\dla\tfswctrl.exe [C:\WINDOWS\system32\dla\tfswctrl.exe] -> [2004/12/06 01:05:00 | 00,127,035 | ---- | M] (Sonic Solutions)
"DMXLauncher" -> %ProgramFiles%\Dell\Media Experience\DMXLauncher.exe [C:\Program Files\Dell\Media Experience\DMXLauncher.exe] -> [2005/01/27 01:02:00 | 00,086,016 | ---- | M] ()
"DVDLauncher" -> %ProgramFiles%\CyberLink\PowerDVD\DVDLauncher.exe ["C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"] -> [2005/02/23 16:19:56 | 00,053,248 | ---- | M] (CyberLink Corp.)
"IntelWireless" -> %ProgramFiles%\Intel\Wireless\Bin\iFrmewrk.exe [C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless] -> [2004/10/30 14:59:54 | 00,385,024 | ---- | M] (Intel Corporation)
"ISUSScheduler" -> %CommonProgramFiles%\InstallShield\UpdateService\issch.exe ["C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start] -> [2004/07/27 16:50:18 | 00,081,920 | ---- | M] (InstallShield Software Corporation)
"mcagent_exe" -> %ProgramFiles%\McAfee.com\Agent\mcagent.exe [C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey] -> [2007/08/03 22:33:14 | 00,582,992 | ---- | M] (McAfee, Inc.)
"QuickTime Task" -> %ProgramFiles%\QuickTime\QTTask.exe ["C:\Program Files\QuickTime\QTTask.exe" -atboottime] -> [2008/05/27 10:50:30 | 00,413,696 | ---- | M] (Apple Inc.)
"RealTray" -> %ProgramFiles%\Real\RealPlayer\realplay.exe [C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER] -> [2005/11/10 17:50:27 | 00,026,112 | ---- | M] (RealNetworks, Inc.)
"SunJavaUpdateSched" -> %ProgramFiles%\Java\jre6\bin\jusched.exe ["C:\Program Files\Java\jre6\bin\jusched.exe"] -> [2008/12/31 13:00:06 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.)
"WD Drive Manager" -> %ProgramFiles%\Western Digital\WD Drive Manager\WDBtnMgrUI.exe [C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe] -> [2008/01/30 04:50:26 | 00,438,272 | ---- | M] (WDC)
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"DellSupport" -> ["C:\Program Files\DellSupport\DSAgnt.exe" /startup] -> File not found
"MSMSGS" -> %ProgramFiles%\Messenger\msmsgs.exe ["C:\Program Files\Messenger\msmsgs.exe" /background] -> [2008/04/14 00:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
"updateMgr" -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe ["C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1] -> [2006/03/30 15:45:08 | 00,313,472 | R--- | M] (Adobe Systems Incorporated)
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
%AllUsersProfile%\Start Menu\Programs\Startup\Acrobat Assistant.lnk -> %ProgramFiles%\Adobe\Acrobat 6.0\Distillr\acrotray.exe -> [2003/05/15 01:19:50 | 00,217,193 | ---- | M] (Adobe Systems Inc.)
%AllUsersProfile%\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> [2005/09/23 21:05:26 | 00,029,696 | ---- | M] (Adobe Systems Incorporated)
%AllUsersProfile%\Start Menu\Programs\Startup\AOL 9.0 Tray Icon.lnk -> %ProgramFiles%\AOL 9.0\aoltray.exe -> [2004/03/18 06:56:36 | 00,156,784 | -H-- | M] (America Online, Inc.)
%AllUsersProfile%\Start Menu\Programs\Startup\Digital Line Detect.lnk -> %ProgramFiles%\Digital Line Detect\DLG.exe -> [2003/10/29 03:06:00 | 00,024,576 | ---- | M] (BVRP Software)
%AllUsersProfile%\Start Menu\Programs\Startup\Service Manager.lnk -> %ProgramFiles%\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe -> [2005/05/03 22:07:32 | 00,081,920 | ---- | M] (Microsoft Corporation)
< Jay Startup Folder > -> C:\Documents and Settings\Jay\Start Menu\Programs\Startup ->
< Software Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer ->
< Software Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer ->
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveAutoRun" -> [67108863] -> File not found
\\"NoDriveTypeAutoRun" -> [323] -> File not found
\\"NoDrives" -> [0] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
\\"dontdisplaylastusername" -> [0] -> File not found
\\"legalnoticecaption" -> [] -> File not found
\\"legalnoticetext" -> [] -> File not found
\\"shutdownwithoutlogon" -> [1] -> File not found
\\"undockwithoutlogon" -> [1] -> File not found
< CurrentVersion Policy Settings - Explorer [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [323] -> File not found
\\"NoDriveAutoRun" -> [67108863] -> File not found
\\"NoDrives" -> [0] -> File not found
< CurrentVersion Policy Settings - System [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->
Append Link Target to Existing PDF -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html] -> File not found
E&xport to Microsoft Excel -> %ProgramFiles%\Microsoft Office\OFFICE11\EXCEL.EXE [res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000] -> [2004/05/19 00:58:38 | 10,080,960 | ---- | M] (Microsoft Corporation)
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{92780B25-18CC-41C8-B9BE-3C9C571A8263}:{FF059E31-CC5A-4E2E-BF3B-96E929D65503} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Button: Research] -> [2003/07/14 22:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation)
{e2e2dd38-d088-4134-82b7-f2ba38496583}:Exec [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [Menu: @xpsp3res.dll,-20001] -> [2008/04/13 18:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Button: Messenger] -> [2008/04/14 00:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Menu: Windows Messenger] -> [2008/04/14 00:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found
CmdMapping\\"{92780B25-18CC-41C8-B9BE-3C9C571A8263}" [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2003/07/14 22:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation)
CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/14 00:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
PluginsPageFriendlyName -> Microsoft ActiveX Gallery ->
PluginsPage -> http://activex.microsoft.com/contro... ->
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. ->
1 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 3 domain(s) found. ->
endeca.com .[http] -> Trusted sites ->
www_fidelity.co.uk [http] -> Trusted sites ->
cag_kingstonsmith.co.uk [https] -> Trusted sites ->
2 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{238F6F83-B8B4-11CF-8771-00A024541EE3} [HKLM] -> https://cag.kingstonsmith.co.uk/CitrixSessionInit/ICAWEB/en/ica32/wficat.cab[Citrix ICA Client] ->
{2A493D5F-8914-4D3E-8BF3-767F281862F4} [HKLM] -> http://sell.autotrader.co.uk/uk-ola... Control] ->
{406B5949-7190-4245-91A9-30A17DE16AD0} [HKLM] -> http://www1.snapfish.com/SnapfishAc... Activia] ->
{4871A87A-BFDD-4106-8153-FFDE2BAC2967} [HKLM] -> http://dlm.tools.akamai.com/dlmanag... Control] ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/ji... Plug-in 1.6.0_11] ->
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/ji... Plug-in 1.6.0_03] ->
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/products/plugin... Plug-in 1.6.0_07] ->
{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/ji... Plug-in 1.6.0_11] ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/ji... Plug-in 1.6.0_11] ->
{EC0403E0-9158-4CF8-A2B6-3C62C3B9B6B7} [HKLM] -> https://cag.kingstonsmith.co.uk/CitrixLogonPoint/London/EPAClient/EPAClient.exe[Reg Error: Key does not exist or could not be opened.] ->
{FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} [HKLM] -> http://dlm.tools.akamai.com/dlmanag... Control] ->
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{5EA7FC04-2316-47A7-A93A-051E8A24676D} -> (Broadcom 440x 10/100 Integrated Controller) ->
{A44ABBB8-80AA-476D-B9EA-8585424AC003} -> (1394 Net Adapter) ->
{C648938D-C553-4B89-ADAF-D0638FC552EF} -> (Intel(R) PRO/Wireless 2200BG Network Connection) ->
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
AtiExtEvent -> %SystemRoot%\system32\ati2evxx.dll -> [2005/08/04 04:04:18 | 00,046,080 | ---- | M] (ATI Technologies Inc.)
GoToAssist -> %ProgramFiles%\Citrix\GoToAssist\514\g2awinlogon.dll -> [2008/09/11 11:15:21 | 00,010,536 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.)
IntelWireless -> %ProgramFiles%\Intel\Wireless\Bin\LgNotify.dll -> [2004/09/07 16:08:06 | 00,110,592 | ---- | M] (Intel Corporation)
< Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List ->
"%windir%\Network Diagnostic\xpnetdiag.exe" -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> [2008/04/13 18:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> [2008/04/14 00:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation)
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List ->
"%windir%\Network Diagnostic\xpnetdiag.exe" -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> [2008/04/13 18:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> [2008/04/14 00:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" -> C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe [C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent] -> [2008/01/25 00:38:12 | 02,458,128 | ---- | M] (McAfee, Inc.)
"C:\Program Files\Messenger\msmsgs.exe" -> C:\Program Files\Messenger\msmsgs.exe [C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger] -> [2008/04/14 00:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Real\RealPlayer\realplay.exe" -> C:\Program Files\Real\RealPlayer\realplay.exe [C:\Program Files\Real\RealPlayer\realplay.exe:*:Disabled:RealPlayer] -> [2005/11/10 17:50:27 | 00,026,112 | ---- | M] (RealNetworks, Inc.)
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot ->
"AlternateShell" -> cmd.exe ->
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 ->
"DisplayName" -> CD-ROM Driver ->
"ImagePath" -> %SystemRoot%\system32\drivers\cdrom.sys [system32\DRIVERS\cdrom.sys] -> [2008/04/13 18:40:46 | 00,062,976 | ---- | M] (Microsoft Corporation)
< Drives with AutoRun files > -> ->
C:\AUTOEXEC.BAT [] -> %SystemDrive%\AUTOEXEC.BAT [ NTFS ] -> [2004/08/11 17:15:00 | 00,000,000 | ---- | M] ()
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 ->
\{5a6ff7b4-a5c8-11dd-bc6b-00038a000015}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5a6ff7b4-a5c8-11dd-bc6b-00038a000015}\Shell\AutoRun\command
\{5a6ff7b4-a5c8-11dd-bc6b-00038a000015}\Shell\AutoRun\command\\"" -> E:\wd_windows_tools\setup.exe [E:\wd_windows_tools\setup.exe] -> File not found

Report •

#14
January 1, 2009 at 08:38:33

[Registry - Additional Scans - Safe List]
< Desktop Components > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\ ->
0 -> [Key] ->
0 -> FriendlyName = My Current Home Page ->
0 -> Source = About:Home ->
0 -> SubscribedURL = About:Home ->
< File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ ->
.bat [@ = batfile] -> "%1" %* ->
.chm [@ = chm.file] -> %SystemRoot%\hh.exe -> [2008/04/14 00:12:21 | 00,010,752 | ---- | M] (Microsoft Corporation)
.cmd [@ = cmdfile] -> "%1" %* ->
.com [@ = ComFile] -> "%1" %* ->
.exe [@ = exefile] -> "%1" %* ->
.hlp [@ = hlpfile] -> %SystemRoot%\system32\winhlp32.exe -> [2004/08/04 05:00:00 | 00,008,192 | ---- | M] (Microsoft Corporation)
.hta [@ = htafile] -> %SystemRoot%\system32\mshta.exe -> [2006/10/17 11:56:10 | 00,045,568 | ---- | M] (Microsoft Corporation)
.html [@ = htmlfile] -> %ProgramFiles%\Internet Explorer\iexplore.exe -> [2008/10/15 07:06:26 | 00,633,632 | ---- | M] (Microsoft Corporation)
.inf [@ = inffile] -> %SystemRoot%\system32\notepad.exe -> [2008/04/14 00:12:29 | 00,069,120 | ---- | M] (Microsoft Corporation)
.ini [@ = inifile] -> %SystemRoot%\system32\notepad.exe -> [2008/04/14 00:12:29 | 00,069,120 | ---- | M] (Microsoft Corporation)
.js [@ = JSFile] -> %SystemRoot%\system32\wscript.exe -> [2008/05/08 11:24:44 | 00,155,648 | ---- | M] (Microsoft Corporation)
.jse [@ = JSEFile] -> %SystemRoot%\system32\wscript.exe -> [2008/05/08 11:24:44 | 00,155,648 | ---- | M] (Microsoft Corporation)
.pif [@ = piffile] -> "%1" %* ->
.reg [@ = regfile] -> %SystemRoot%\regedit.exe -> [2008/04/14 00:12:32 | 00,146,432 | ---- | M] (Microsoft Corporation)
.scr [@ = scrfile] -> "%1" /S ->
.txt [@ = txtfile] -> %SystemRoot%\system32\notepad.exe -> [2008/04/14 00:12:29 | 00,069,120 | ---- | M] (Microsoft Corporation)
.vbe [@ = VBEFile] -> %SystemRoot%\system32\wscript.exe -> [2008/05/08 11:24:44 | 00,155,648 | ---- | M] (Microsoft Corporation)
.vbs [@ = VBSFile] -> %SystemRoot%\system32\wscript.exe -> [2008/05/08 11:24:44 | 00,155,648 | ---- | M] (Microsoft Corporation)
.wsf [@ = WSFFile] -> %SystemRoot%\system32\wscript.exe -> [2008/05/08 11:24:44 | 00,155,648 | ---- | M] (Microsoft Corporation)
.wsh [@ = WSHFile] -> %SystemRoot%\system32\wscript.exe -> [2008/05/08 11:24:44 | 00,155,648 | ---- | M] (Microsoft Corporation)
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost > -> ->
*netsvcs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs ->
6to4 -> [] ->
HidServ -> C:\WINDOWS\System32\hidserv.dll [C:\WINDOWS\System32\hidserv.dll] -> File not found
Ias -> [] ->
Iprip -> [] ->
Irmon -> [] ->
NWCWorkstation -> [] ->
Nwsapagent -> [] ->
WmdmPmSp -> [] ->
helpsvc -> C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll [C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll] -> [2008/04/14 00:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> ->
< Protocol Filters [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\ ->
application/x-internet-signup:{A173B69A-1F9B-4823-9FDA-412F641E65D6} [HKLM] -> %ProgramFiles%\Tiscali\Tiscali Internet\dlls\tiscalifilter.dll[INSMimeFilterPP Class] -> [2004/07/01 09:32:38 | 00,073,728 | ---- | M] ()
text/xml:{807553E5-5146-11D5-A672-00B0D022E945} [HKLM] -> %CommonProgramFiles%\Microsoft Shared\OFFICE11\MSOXMLMF.DLL[Reg Error: Value does not exist or could not be read.] -> [2003/07/14 22:45:12 | 00,039,488 | ---- | M] (Microsoft Corporation)
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
ipp: [HKLM] -> No CLSID value
ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} [HKLM] -> %CommonProgramFiles%\System\Ole DB\MSDAIPP.DLL[MSDAMON.BINDER] -> [2003/07/11 02:25:22 | 00,842,816 | ---- | M] (Microsoft Corporation)
msdaipp: [HKLM] -> No CLSID value
msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} [HKLM] -> %CommonProgramFiles%\System\Ole DB\MSDAIPP.DLL[MSDAMON.BINDER] -> [2003/07/11 02:25:22 | 00,842,816 | ---- | M] (Microsoft Corporation)
msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} [HKLM] -> %CommonProgramFiles%\System\Ole DB\MSDAIPP.DLL[MSDAIPP.BINDER] -> [2003/07/11 02:25:22 | 00,842,816 | ---- | M] (Microsoft Corporation)
ms-itss:{0A9007C0-4076-11D3-8789-0000F8105754} [HKLM] -> %CommonProgramFiles%\Microsoft Shared\Information Retrieval\MSITSS.DLL[Microsoft Infotech Storage Protocol for IE 4.0] -> [2000/04/19 18:47:36 | 00,520,117 | ---- | M] (Microsoft Corporation)
mso-offdap11:{32505114-5902-49B2-880A-1F7738E5A384} [HKLM] -> %CommonProgramFiles%\Microsoft Shared\Web Components\11\OWC11.DLL[Data Page Plugable Protocal mso-offdap11 Handler] -> [2005/07/25 18:22:16 | 08,136,384 | ---- | M] (Microsoft Corporation)
sacore:{5513F07E-936B-4E52-9B00-067394E91CC5} [HKLM] -> %ProgramFiles%\McAfee\SiteAdvisor\McIEPlg.dll[McAfee SACore Protocol Handler] -> [2008/11/14 12:25:26 | 00,150,032 | ---- | M] ()
< SafeBoot-Minimal Settings > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ ->
{36FC9E60-C465-11CF-8056-444553540000} -> Universal Serial Bus controllers
{4D36E965-E325-11CE-BFC1-08002BE10318} -> CD-ROM Drive
{4D36E967-E325-11CE-BFC1-08002BE10318} -> DiskDrive
{4D36E969-E325-11CE-BFC1-08002BE10318} -> Standard floppy disk controller
{4D36E96A-E325-11CE-BFC1-08002BE10318} -> Hdc
{4D36E96B-E325-11CE-BFC1-08002BE10318} -> Keyboard
{4D36E96F-E325-11CE-BFC1-08002BE10318} -> Mouse
{4D36E977-E325-11CE-BFC1-08002BE10318} -> PCMCIA Adapters
{4D36E97B-E325-11CE-BFC1-08002BE10318} -> SCSIAdapter
{4D36E97D-E325-11CE-BFC1-08002BE10318} -> System
{4D36E980-E325-11CE-BFC1-08002BE10318} -> Floppy disk drive
{533C5B84-EC70-11D2-9505-00C04F79DEAF} -> Volume shadow copy
{71A27CDD-812A-11D0-BEC7-08002BE2092F} -> Volume
{745A17A0-74D3-11D0-B6FE-00A0C90F57DA} -> Human Interface Devices
Base -> Driver Group
Boot Bus Extender -> Driver Group
Boot file system -> Driver Group
File system -> Driver Group
Filter -> Driver Group
HelpSvc -> %SystemRoot%\pchealth\helpctr\binaries\pchsvc.dll -> [2008/04/14 00:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation)
mcmscsvc -> %ProgramFiles%\McAfee\MSC\mcmscsvc.exe -> [2008/01/09 15:50:22 | 00,767,976 | ---- | M] (McAfee, Inc.)
MCODS -> %ProgramFiles%\McAfee\VirusScan\mcods.exe -> [2007/11/07 08:35:40 | 00,378,184 | ---- | M] (McAfee, Inc.)
PCI Configuration -> Driver Group
PNP Filter -> Driver Group
Primary disk -> Driver Group
SCSI Class -> Driver Group
sermouse.sys -> Driver
System Bus Extender -> Driver Group
vds -> Service
vga.sys -> Driver
< SafeBoot-Network Settings > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ ->
{36FC9E60-C465-11CF-8056-444553540000} -> Universal Serial Bus controllers
{4D36E965-E325-11CE-BFC1-08002BE10318} -> CD-ROM Drive
{4D36E967-E325-11CE-BFC1-08002BE10318} -> DiskDrive
{4D36E969-E325-11CE-BFC1-08002BE10318} -> Standard floppy disk controller
{4D36E96A-E325-11CE-BFC1-08002BE10318} -> Hdc
{4D36E96B-E325-11CE-BFC1-08002BE10318} -> Keyboard
{4D36E96F-E325-11CE-BFC1-08002BE10318} -> Mouse
{4D36E972-E325-11CE-BFC1-08002BE10318} -> Net
{4D36E973-E325-11CE-BFC1-08002BE10318} -> NetClient
{4D36E974-E325-11CE-BFC1-08002BE10318} -> NetService
{4D36E975-E325-11CE-BFC1-08002BE10318} -> NetTrans
{4D36E977-E325-11CE-BFC1-08002BE10318} -> PCMCIA Adapters
{4D36E97B-E325-11CE-BFC1-08002BE10318} -> SCSIAdapter
{4D36E97D-E325-11CE-BFC1-08002BE10318} -> System
{4D36E980-E325-11CE-BFC1-08002BE10318} -> Floppy disk drive
{71A27CDD-812A-11D0-BEC7-08002BE2092F} -> Volume
{745A17A0-74D3-11D0-B6FE-00A0C90F57DA} -> Human Interface Devices
Base -> Driver Group
Boot Bus Extender -> Driver Group
Boot file system -> Driver Group
File system -> Driver Group
Filter -> Driver Group
GoToAssist -> %ProgramFiles%\Citrix\GoToAssist\514\g2aservice.exe -> [2008/09/11 11:15:25 | 00,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.)
HelpSvc -> %SystemRoot%\pchealth\helpctr\binaries\pchsvc.dll -> [2008/04/14 00:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation)
mcmscsvc -> %ProgramFiles%\McAfee\MSC\mcmscsvc.exe -> [2008/01/09 15:50:22 | 00,767,976 | ---- | M] (McAfee, Inc.)
MCODS -> %ProgramFiles%\McAfee\VirusScan\mcods.exe -> [2007/11/07 08:35:40 | 00,378,184 | ---- | M] (McAfee, Inc.)
MpfService -> %ProgramFiles%\McAfee\MPF\MpfSrv.exe -> [2007/07/18 15:54:42 | 00,856,864 | ---- | M] (McAfee, Inc.)
NDIS Wrapper -> Driver Group
NetBIOSGroup -> Driver Group
NetDDEGroup -> Driver Group
Network -> Driver Group
NetworkProvider -> Driver Group
PCI Configuration -> Driver Group
PNP Filter -> Driver Group
PNP_TDI -> Driver Group
Primary disk -> Driver Group
rdpdd.sys -> %SystemRoot%\System32\rdpdd.dll -> [2008/04/14 00:13:22 | 00,092,424 | ---- | M] (Microsoft Corporation)
SCSI Class -> Driver Group
sermouse.sys -> Driver
Streams Drivers -> Driver Group
System Bus Extender -> Driver Group
TDI -> Driver Group
vga.sys -> Driver
< Session Manager Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager ->
"BootExecute" -> autocheck autochk *; ->
"ExcludeFromKnownDlls" -> ->
*ObjectDirectories* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\\ObjectDirectories ->
\Windows -> -> File not found
\RPC Control -> -> File not found
*MultiFile Done* -> ->
< Session Manager Environment Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment ->
"ComSpec" -> C:\WINDOWS\system32\cmd.exe -> [2008/04/14 00:12:14 | 00,389,120 | ---- | M] (Microsoft Corporation)
"TEMP" -> %SystemRoot%\TEMP ->
"TMP" -> %SystemRoot%\TEMP ->
"windir" -> %SystemRoot% ->
*Path* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment\\Path ->
%systemroot%\system32 -> %SystemRoot%\system32 -> [2008/12/31 13:21:03 | 00,000,000 | ---D | M]
%systemroot% -> %SystemRoot% -> [2009/01/01 15:36:12 | 00,000,000 | ---D | M]
%systemroot%\system32\wbem -> %SystemRoot%\system32\wbem -> [2008/10/10 06:36:47 | 00,000,000 | ---D | M]
C:\Program Files\ATI Technologies\ATI Control Panel -> -> File not found
C:\Program Files\Microsoft SQL Server\80\Tools\Binn -> %ProgramFiles%\Microsoft SQL Server\80\Tools\Binn -> [2005/11/10 18:00:40 | 00,000,000 | ---D | M]
C:\Program Files\QuickTime\QTSystem -> %ProgramFiles%\QuickTime\QTSystem -> [2008/12/30 11:59:29 | 00,000,000 | ---D | M]
*MultiFile Done* -> ->
*PATHEXT* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment\\PATHEXT ->
.COM -> -> File not found
.EXE -> -> File not found
.BAT -> -> File not found
.CMD -> -> File not found
.VBS -> -> File not found
.VBE -> -> File not found
.JS -> -> File not found
.JSE -> -> File not found
.WSF -> -> File not found
.WSH -> -> File not found
*MultiFile Done* -> ->
< Session Manager FileRenameOperations Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\FileRenameOperations ->
< Session Manager KnownDlls Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDlls ->
"advapi32" -> C:\WINDOWS\system32\advapi32.dll -> [2008/04/14 00:11:48 | 00,617,472 | ---- | M] (Microsoft Corporation)
"comdlg32" -> C:\WINDOWS\system32\comdlg32.dll -> [2008/04/14 00:11:51 | 00,276,992 | ---- | M] (Microsoft Corporation)
"DllDirectory" -> C:\WINDOWS\system32 -> [2008/12/31 13:21:03 | 00,000,000 | ---D | M]
"gdi32" -> C:\WINDOWS\system32\gdi32.dll -> [2008/10/23 12:36:14 | 00,286,720 | ---- | M] (Microsoft Corporation)
"imagehlp" -> C:\WINDOWS\system32\imagehlp.dll -> [2008/04/14 00:11:54 | 00,144,384 | ---- | M] (Microsoft Corporation)
"kernel32" -> C:\WINDOWS\system32\kernel32.dll -> [2008/04/14 00:11:56 | 00,989,696 | ---- | M] (Microsoft Corporation)
"lz32" -> C:\WINDOWS\system32\lz32.dll -> [2004/08/04 05:00:00 | 00,002,560 | ---- | M] (Microsoft Corporation)
"ole32" -> C:\WINDOWS\system32\ole32.dll -> [2008/04/14 00:12:02 | 01,287,168 | ---- | M] (Microsoft Corporation)
"oleaut32" -> C:\WINDOWS\system32\oleaut32.dll -> [2008/04/14 00:12:02 | 00,551,936 | ---- | M] (Microsoft Corporation)
"olecli32" -> C:\WINDOWS\system32\olecli32.dll -> [2008/04/14 00:12:02 | 00,074,752 | ---- | M] (Microsoft Corporation)
"olecnv32" -> C:\WINDOWS\system32\olecnv32.dll -> [2008/04/14 00:12:02 | 00,037,376 | ---- | M] (Microsoft Corporation)
"olesvr32" -> C:\WINDOWS\system32\olesvr32.dll -> [2004/08/04 05:00:00 | 00,022,016 | ---- | M] (Microsoft Corporation)
"olethk32" -> C:\WINDOWS\system32\olethk32.dll -> [2004/08/04 05:00:00 | 00,069,120 | ---- | M] (Microsoft Corporation)
"rpcrt4" -> C:\WINDOWS\system32\rpcrt4.dll -> [2008/04/14 00:12:04 | 00,584,704 | ---- | M] (Microsoft Corporation)
"shell32" -> C:\WINDOWS\system32\shell32.dll -> [2008/04/14 00:12:05 | 08,461,312 | ---- | M] (Microsoft Corporation)
"url" -> C:\WINDOWS\system32\url.dll -> [2008/10/16 20:38:39 | 00,105,984 | ---- | M] (Microsoft Corporation)
"urlmon" -> C:\WINDOWS\system32\urlmon.dll -> [2008/10/16 20:38:39 | 01,160,192 | ---- | M] (Microsoft Corporation)
"user32" -> C:\WINDOWS\system32\user32.dll -> [2008/04/14 00:12:08 | 00,578,560 | ---- | M] (Microsoft Corporation)
"version" -> C:\WINDOWS\system32\version.dll -> [2008/04/14 00:12:08 | 00,018,944 | ---- | M] (Microsoft Corporation)
"wininet" -> C:\WINDOWS\system32\wininet.dll -> [2008/10/16 20:38:40 | 00,826,368 | ---- | M] (Microsoft Corporation)
"wldap32" -> C:\WINDOWS\system32\wldap32.dll -> [2008/04/14 00:12:09 | 00,172,032 | ---- | M] (Microsoft Corporation)
< Session Manager SFC Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SFC ->
"CommonFilesDir" -> C:\Program Files\Common Files -> [2008/12/31 13:17:53 | 00,000,000 | ---D | M]
"ProgramFilesDir" -> C:\Program Files -> [2008/12/31 09:11:33 | 00,000,000 | R--D | M]
< EventViewer Logs - Last 10 Errors > -> Event Information -> Description
Application [ Error ] 10/12/2008 04:02:12 Computer Name = JAY1954 | Source = crypt32 | ID = 131080 -> Description = Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.
Application [ Error ] 22/12/2008 05:20:11 Computer Name = JAY1954 | Source = Application Hang | ID = 1002 -> Description = Hanging application WINWORD.EXE, version 11.0.6359.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Application [ Error ] 22/12/2008 05:20:12 Computer Name = JAY1954 | Source = Application Hang | ID = 1002 -> Description = Hanging application WINWORD.EXE, version 11.0.6359.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Application [ Error ] 22/12/2008 05:20:13 Computer Name = JAY1954 | Source = Application Hang | ID = 1002 -> Description = Hanging application WINWORD.EXE, version 11.0.6359.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Application [ Error ] 27/12/2008 12:17:40 Computer Name = JAY1954 | Source = crypt32 | ID = 131080 -> Description = Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.
Application [ Error ] 27/12/2008 12:17:40 Computer Name = JAY1954 | Source = crypt32 | ID = 131080 -> Description = Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The specified server cannot perform the requested operation.
Application [ Error ] 27/12/2008 12:17:40 Computer Name = JAY1954 | Source = crypt32 | ID = 131080 -> Description = Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The specified server cannot perform the requested operation.
Application [ Error ] 27/12/2008 12:17:40 Computer Name = JAY1954 | Source = crypt32 | ID = 131080 -> Description = Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The specified server cannot perform the requested operation.
Application [ Error ] 27/12/2008 12:17:40 Computer Name = JAY1954 | Source = crypt32 | ID = 131080 -> Description = Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The specified server cannot perform the requested operation.
Application [ Error ] 27/12/2008 12:17:40 Computer Name = JAY1954 | Source = crypt32 | ID = 131080 -> Description = Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The specified server cannot perform the requested operation.
System [ Error ] 01/01/2009 11:38:01 Computer Name = JAY1954 | Source = Service Control Manager | ID = 7001 -> Description = The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: %%31
System [ Error ] 01/01/2009 11:38:01 Computer Name = JAY1954 | Source = Service Control Manager | ID = 7001 -> Description = The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: %%31
System [ Error ] 01/01/2009 11:38:01 Computer Name = JAY1954 | Source = Service Control Manager | ID = 7001 -> Description = The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: %%31
System [ Error ] 01/01/2009 11:38:01 Computer Name = JAY1954 | Source = Service Control Manager | ID = 7001 -> Description = The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: %%31
System [ Error ] 01/01/2009 11:38:01 Computer Name = JAY1954 | Source = Service Control Manager | ID = 7026 -> Description = The following boot-start or system-start driver(s) failed to load: AFD APPDRV Fips intelppm IPSec mfehidk MPFP MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip
System [ Error ] 01/01/2009 11:39:28 Computer Name = JAY1954 | Source = DCOM | ID = 10005 -> Description = DCOM got error "%1084" attempting to start the service McNASvc with arguments "" in order to run the server: {24F616A1-B755-4053-8018-C3425DC8B68A}
System [ Error ] 01/01/2009 11:39:30 Computer Name = JAY1954 | Source = DCOM | ID = 10005 -> Description = DCOM got error "%1084" attempting to start the service McNASvc with arguments "" in order to run the server: {24F616A1-B755-4053-8018-C3425DC8B68A}
System [ Error ] 01/01/2009 11:39:32 Computer Name = JAY1954 | Source = DCOM | ID = 10005 -> Description = DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
System [ Error ] 01/01/2009 11:41:16 Computer Name = JAY1954 | Source = DCOM | ID = 10005 -> Description = DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
System [ Error ] 01/01/2009 12:06:41 Computer Name = JAY1954 | Source = RemoteAccess | ID = 20106 -> Description = Unable to add the interface {A44ABBB8-80AA-476D-B9EA-8585424AC003} with the Router Manager for the IP protocol. The following error occurred: Cannot complete this function.

Report •

#15
January 1, 2009 at 08:40:15
[Files/Folders - Created Within 90 Days]
1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp ->
1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp ->
2 C:\Documents and Settings\Jay\My Documents\*.tmp files -> C:\Documents and Settings\Jay\My Documents\*.tmp ->
2 C:\Documents and Settings\Jay\Desktop\*.tmp files -> C:\Documents and Settings\Jay\Desktop\*.tmp ->
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [2009/01/01 16:05:07 | 10,731,80672 | -HS- | C] ()
user32.dll -> %SystemRoot%\System32\dllcache\user32.dll -> [2009/01/01 10:04:57 | 00,578,560 | ---- | C] (Microsoft Corporation)
ERUNT -> %SystemRoot%\ERUNT -> [2009/01/01 10:01:54 | 00,000,000 | ---D | C]
SDFix -> %SystemDrive%\SDFix -> [2009/01/01 09:59:54 | 00,000,000 | ---D | C]
RECYCLER -> %SystemDrive%\RECYCLER -> [2008/12/31 23:28:38 | 00,000,000 | -HSD | C]
SWXCACLS.exe -> %SystemRoot%\SWXCACLS.exe -> [2008/12/31 13:11:57 | 00,212,480 | ---- | C] (SteelWerX)
SWREG.exe -> %SystemRoot%\SWREG.exe -> [2008/12/31 13:11:57 | 00,161,792 | ---- | C] (SteelWerX)
SWSC.exe -> %SystemRoot%\SWSC.exe -> [2008/12/31 13:11:57 | 00,136,704 | ---- | C] (SteelWerX)
sed.exe -> %SystemRoot%\sed.exe -> [2008/12/31 13:11:57 | 00,098,816 | ---- | C] ()
fdsv.exe -> %SystemRoot%\fdsv.exe -> [2008/12/31 13:11:57 | 00,089,504 | ---- | C] (Smallfrogs Studio)
grep.exe -> %SystemRoot%\grep.exe -> [2008/12/31 13:11:57 | 00,080,412 | ---- | C] ()
zip.exe -> %SystemRoot%\zip.exe -> [2008/12/31 13:11:57 | 00,068,096 | ---- | C] ()
VFIND.exe -> %SystemRoot%\VFIND.exe -> [2008/12/31 13:11:57 | 00,049,152 | ---- | C] ()
NIRCMD.exe -> %SystemRoot%\NIRCMD.exe -> [2008/12/31 13:11:57 | 00,028,672 | ---- | C] (NirSoft)
Qoobox -> %SystemDrive%\Qoobox -> [2008/12/31 13:11:52 | 00,000,000 | ---D | C]
ERDNT -> %SystemRoot%\ERDNT -> [2008/12/31 13:11:52 | 00,000,000 | ---D | C]
Malwarebytes -> %AppData%\Malwarebytes -> [2008/12/31 08:50:53 | 00,000,000 | ---D | C]
mbam.sys -> %SystemRoot%\System32\drivers\mbam.sys -> [2008/12/31 08:50:47 | 00,015,504 | ---- | C] (Malwarebytes Corporation)
mbamswissarmy.sys -> %SystemRoot%\System32\drivers\mbamswissarmy.sys -> [2008/12/31 08:50:44 | 00,038,496 | ---- | C] (Malwarebytes Corporation)
Malwarebytes -> %AllUsersProfile%\Application Data\Malwarebytes -> [2008/12/31 08:50:42 | 00,000,000 | ---D | C]
Malwarebytes' Anti-Malware -> %ProgramFiles%\Malwarebytes' Anti-Malware -> [2008/12/31 08:50:41 | 00,000,000 | ---D | C]
virus removal -> %UserProfile%\Desktop\virus removal -> [2008/12/31 08:48:14 | 00,000,000 | ---D | C]
Roxio -> %AppData%\Roxio -> [2008/12/30 23:19:13 | 00,000,000 | ---D | C]
Napster -> %AllUsersProfile%\Application Data\Napster -> [2008/12/30 18:10:17 | 00,000,000 | ---D | C]
Sony -> %AppData%\Sony -> [2008/12/30 17:41:37 | 00,000,000 | ---D | C]
Sony -> %AllUsersProfile%\Application Data\Sony -> [2008/12/30 17:41:37 | 00,000,000 | ---D | C]
My Podcasts -> %UserProfile%\My Documents\My Podcasts -> [2008/12/30 17:41:37 | 00,000,000 | ---D | C]
Sony -> %UserProfile%\Local Settings\Application Data\Sony -> [2008/12/30 17:30:21 | 00,000,000 | ---D | C]
Sony Shared -> %CommonProgramFiles%\Sony Shared -> [2008/12/30 12:01:12 | 00,000,000 | ---D | C]
QuickTime Player.lnk -> %AllUsersProfile%\Desktop\QuickTime Player.lnk -> [2008/12/30 11:59:32 | 00,001,604 | ---- | C] ()
QuickTime -> %ProgramFiles%\QuickTime -> [2008/12/30 11:58:39 | 00,000,000 | ---D | C]
Apple Computer -> %AllUsersProfile%\Application Data\Apple Computer -> [2008/12/30 11:58:36 | 00,000,000 | ---D | C]
AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job -> [2008/12/30 11:58:18 | 00,000,284 | ---- | C] ()
Apple -> %UserProfile%\Local Settings\Application Data\Apple -> [2008/12/30 11:58:17 | 00,000,000 | ---D | C]
Apple Software Update -> %ProgramFiles%\Apple Software Update -> [2008/12/30 11:58:13 | 00,000,000 | ---D | C]
Apple -> %AllUsersProfile%\Application Data\Apple -> [2008/12/30 11:58:13 | 00,000,000 | ---D | C]
Apple Computer -> %UserProfile%\Local Settings\Application Data\Apple Computer -> [2008/12/30 11:53:52 | 00,000,000 | ---D | C]
spmsg.dll -> %SystemRoot%\System32\spmsg.dll -> [2008/12/30 11:46:53 | 00,014,640 | ---- | C] (Microsoft Corporation)
NWZ-S630F S730F series Operation Guide.pdf.lnk -> %AllUsersProfile%\Desktop\NWZ-S630F S730F series Operation Guide.pdf.lnk -> [2008/12/30 11:42:14 | 00,000,840 | ---- | C] ()
Product Registration.url -> %AllUsersProfile%\Desktop\Product Registration.url -> [2008/12/30 11:41:05 | 00,000,133 | ---- | C] ()
Product Support -Personal Audio-.url -> %AllUsersProfile%\Desktop\Product Support -Personal Audio-.url -> [2008/12/30 11:41:05 | 00,000,126 | ---- | C] ()
5.1 First-line combination chemotherapy for NSCLC.ppt -> %UserProfile%\Desktop\5.1 First-line combination chemotherapy for NSCLC.ppt -> [2008/12/28 16:35:13 | 00,901,120 | ---- | C] ()
5.2 Second-line combination chemotherapy for NSCLC.ppt -> %UserProfile%\Desktop\5.2 Second-line combination chemotherapy for NSCLC.ppt -> [2008/12/28 16:35:13 | 00,315,904 | ---- | C] ()
Amazon -> %AppData%\Amazon -> [2008/12/25 11:13:40 | 00,000,000 | ---D | C]
Acrobat Assistant.lnk -> %AllUsersProfile%\Start Menu\Programs\Startup\Acrobat Assistant.lnk -> [2008/12/20 13:06:19 | 00,001,824 | ---- | C] ()
Adobe Acrobat 6.0 Professional.lnk -> %AllUsersProfile%\Desktop\Adobe Acrobat 6.0 Professional.lnk -> [2008/12/20 13:06:19 | 00,001,740 | ---- | C] ()
Adobe PDF 6.0 -> %AllUsersProfile%\Documents\Adobe PDF 6.0 -> [2008/12/20 13:04:35 | 00,000,000 | ---D | C]
Stock ReCheck 2008.xls -> %UserProfile%\My Documents\Stock ReCheck 2008.xls -> [2008/12/16 14:21:20 | 00,547,328 | ---- | C] ()
2005-2006 -DO NOT UPDATE-USE Stock Inventory Initial.xls -> %UserProfile%\My Documents\2005-2006 -DO NOT UPDATE-USE Stock Inventory Initial.xls -> [2008/12/15 13:40:15 | 00,527,360 | ---- | C] ()
AcroPro90_efg.exe -> %UserProfile%\Desktop\AcroPro90_efg.exe -> [2008/12/09 20:01:23 | 34,243,7920 | ---- | C] ( )
Amazon -> %ProgramFiles%\Amazon -> [2008/12/06 13:58:30 | 00,000,000 | ---D | C]
Nathwani -> %UserProfile%\My Documents\Nathwani -> [2008/11/16 09:58:04 | 00,000,000 | ---D | C]
mrxsmb.sys -> %SystemRoot%\System32\dllcache\mrxsmb.sys -> [2008/11/13 00:26:57 | 00,455,296 | ---- | C] (Microsoft Corporation)
msxml3.dll -> %SystemRoot%\System32\dllcache\msxml3.dll -> [2008/11/13 00:26:24 | 01,106,944 | ---- | C] (Microsoft Corporation)
Barham Park plan.pub -> %UserProfile%\My Documents\Barham Park plan.pub -> [2008/11/11 20:42:57 | 00,047,616 | ---- | C] ()
Unused Desktop Shortcuts -> %UserProfile%\Desktop\Unused Desktop Shortcuts -> [2008/11/08 10:22:23 | 00,000,000 | ---D | C]
2004 container -> %UserProfile%\Desktop\2004 container -> [2008/11/07 13:29:15 | 00,000,000 | ---D | C]
Western Digital Technologies -> %ProgramFiles%\Western Digital Technologies -> [2008/10/29 14:48:33 | 00,000,000 | ---D | C]
DRVSTORE -> %SystemRoot%\System32\DRVSTORE -> [2008/10/29 14:48:13 | 00,000,000 | ---D | C]
Western Digital -> %ProgramFiles%\Western Digital -> [2008/10/29 14:48:12 | 00,000,000 | ---D | C]
usbccgp.sys -> %SystemRoot%\System32\drivers\usbccgp.sys -> [2008/10/29 14:46:01 | 00,032,128 | ---- | C] (Microsoft Corporation)
usbccgp.sys -> %SystemRoot%\System32\dllcache\usbccgp.sys -> [2008/10/29 14:46:01 | 00,032,128 | ---- | C] (Microsoft Corporation)
netapi32.dll -> %SystemRoot%\System32\dllcache\netapi32.dll -> [2008/10/23 18:14:33 | 00,337,408 | ---- | C] (Microsoft Corporation)
gdi32.dll -> %SystemRoot%\System32\dllcache\gdi32.dll -> [2008/10/23 12:36:14 | 00,286,720 | ---- | C] (Microsoft Corporation)
srv.sys -> %SystemRoot%\System32\dllcache\srv.sys -> [2008/10/15 22:06:40 | 00,333,824 | ---- | C] (Microsoft Corporation)
win32k.sys -> %SystemRoot%\System32\dllcache\win32k.sys -> [2008/10/15 22:05:52 | 01,846,400 | ---- | C] (Microsoft Corporation)
ntkrnlmp.exe -> %SystemRoot%\System32\dllcache\ntkrnlmp.exe -> [2008/10/15 22:05:21 | 02,145,280 | ---- | C] (Microsoft Corporation)
ntoskrnl.exe -> %SystemRoot%\System32\dllcache\ntoskrnl.exe -> [2008/10/15 22:05:20 | 02,189,184 | ---- | C] (Microsoft Corporation)
ntkrnlpa.exe -> %SystemRoot%\System32\dllcache\ntkrnlpa.exe -> [2008/10/15 22:05:19 | 02,066,048 | ---- | C] (Microsoft Corporation)
ntkrpamp.exe -> %SystemRoot%\System32\dllcache\ntkrpamp.exe -> [2008/10/15 22:05:19 | 02,023,936 | ---- | C] (Microsoft Corporation)
Remote Desktop -> %ProgramFiles%\Remote Desktop -> [2008/10/11 10:22:14 | 00,000,000 | ---D | C]
Prefetch -> %SystemRoot%\Prefetch -> [2008/10/10 06:37:30 | 00,000,000 | ---D | C]
scripting -> %SystemRoot%\System32\scripting -> [2008/10/09 20:42:31 | 00,000,000 | ---D | C]
l2schemas -> %SystemRoot%\l2schemas -> [2008/10/09 20:42:30 | 00,000,000 | ---D | C]
en -> %SystemRoot%\System32\en -> [2008/10/09 20:42:29 | 00,000,000 | ---D | C]
bits -> %SystemRoot%\System32\bits -> [2008/10/09 20:42:29 | 00,000,000 | ---D | C]
ServicePackFiles -> %SystemRoot%\ServicePackFiles -> [2008/10/09 20:38:52 | 00,000,000 | ---D | C]
$NtServicePackUninstall$ -> %SystemRoot%\$NtServicePackUninstall$ -> [2008/10/09 20:28:38 | 00,000,000 | -H-D | C]
SupportSoft -> %UserProfile%\Local Settings\Application Data\SupportSoft -> [2008/10/06 20:39:14 | 00,000,000 | ---D | C]
SupportSoft -> %AllUsersProfile%\Application Data\SupportSoft -> [2008/10/06 15:44:39 | 00,000,000 | ---D | C]
~$-10-04.Tarceva blended learning content outline.LB.doc -> %UserProfile%\Desktop\~$-10-04.Tarceva blended learning content outline.LB.doc -> [2008/10/05 10:39:54 | 00,000,162 | -H-- | C] ()
~$inical trial diagram.doc -> %UserProfile%\Desktop\~$inical trial diagram.doc -> [2008/10/05 09:05:37 | 00,000,162 | -H-- | C] ()
wmphoto.dll -> %SystemRoot%\System32\wmphoto.dll -> [2008/10/03 20:54:24 | 00,276,992 | ---- | C] (Microsoft Corporation)
wlanapi.dll -> %SystemRoot%\System32\wlanapi.dll -> [2008/10/03 20:54:21 | 00,069,120 | ---- | C] (Microsoft Corporation)
windowscodecs.dll -> %SystemRoot%\System32\windowscodecs.dll -> [2008/10/03 20:54:18 | 00,712,704 | ---- | C] (Microsoft Corporation)
windowscodecsext.dll -> %SystemRoot%\System32\windowscodecsext.dll -> [2008/10/03 20:54:18 | 00,346,112 | ---- | C] (Microsoft Corporation)
wacompen.sys -> %SystemRoot%\System32\drivers\wacompen.sys -> [2008/10/03 20:54:15 | 00,014,208 | ---- | C] (Microsoft Corporation)
vidcap.ax -> %SystemRoot%\System32\vidcap.ax -> [2008/10/03 20:54:13 | 00,028,672 | ---- | C] (Microsoft Corporation)
usbvideo.sys -> %SystemRoot%\System32\drivers\usbvideo.sys -> [2008/10/03 20:54:10 | 00,121,984 | ---- | C] (Microsoft Corporation)
usb8023x.sys -> %SystemRoot%\System32\drivers\usb8023x.sys -> [2008/10/03 20:54:09 | 00,012,800 | ---- | C] (Microsoft Corporation)
tsgqec.dll -> %SystemRoot%\System32\tsgqec.dll -> [2008/10/03 20:54:05 | 00,053,248 | ---- | C] (Microsoft Corporation)
tspkg.dll -> %SystemRoot%\System32\tspkg.dll -> [2008/10/03 20:54:05 | 00,050,688 | ---- | C] (Microsoft Corporation)
uagp35.sys -> %SystemRoot%\System32\drivers\uagp35.sys -> [2008/10/03 20:54:05 | 00,044,672 | ---- | C] (Microsoft Corporation)
spupdwxp.exe -> %SystemRoot%\System32\spupdwxp.exe -> [2008/10/03 20:53:51 | 00,020,992 | ---- | C] (Microsoft Corporation)
spdwnwxp.exe -> %SystemRoot%\System32\spdwnwxp.exe -> [2008/10/03 20:53:50 | 00,007,680 | ---- | C] (Microsoft Corporation)
smbali.sys -> %SystemRoot%\System32\drivers\smbali.sys -> [2008/10/03 20:53:48 | 00,005,888 | ---- | C] (Microsoft Corporation)
setupn.exe -> %SystemRoot%\System32\setupn.exe -> [2008/10/03 20:53:42 | 00,032,768 | ---- | C] (Microsoft Corporation)
sffp_mmc.sys -> %SystemRoot%\System32\drivers\sffp_mmc.sys -> [2008/10/03 20:53:42 | 00,010,240 | ---- | C] (Microsoft Corporation)
rndismpx.sys -> %SystemRoot%\System32\drivers\rndismpx.sys -> [2008/10/03 20:53:37 | 00,030,592 | ---- | C] (Microsoft Corporation)
rhttpaa.dll -> %SystemRoot%\System32\rhttpaa.dll -> [2008/10/03 20:53:36 | 00,290,304 | ---- | C] (Microsoft Corporation)
rfcomm.sys -> %SystemRoot%\System32\drivers\rfcomm.sys -> [2008/10/03 20:53:36 | 00,059,136 | ---- | C] (Microsoft Corporation)
rasqec.dll -> %SystemRoot%\System32\rasqec.dll -> [2008/10/03 20:53:33 | 00,061,952 | ---- | C] (Microsoft Corporation)
qutil.dll -> %SystemRoot%\System32\qutil.dll -> [2008/10/03 20:53:31 | 00,076,800 | ---- | C] (Microsoft Corporation)
qagentrt.dll -> %SystemRoot%\System32\qagentrt.dll -> [2008/10/03 20:53:30 | 00,291,328 | ---- | C] (Microsoft Corporation)
qagent.dll -> %SystemRoot%\System32\qagent.dll -> [2008/10/03 20:53:30 | 00,150,528 | ---- | C] (Microsoft Corporation)
qcliprov.dll -> %SystemRoot%\System32\qcliprov.dll -> [2008/10/03 20:53:30 | 00,062,464 | ---- | C] (Microsoft Corporation)
photometadatahandler.dll -> %SystemRoot%\System32\photometadatahandler.dll -> [2008/10/03 20:53:28 | 00,412,160 | ---- | C] (Microsoft Corporation)
onex.dll -> %SystemRoot%\System32\onex.dll -> [2008/10/03 20:53:23 | 00,144,384 | ---- | C] (Microsoft Corporation)
netwlan5.img -> %SystemRoot%\System32\drivers\netwlan5.img -> [2008/10/03 20:53:13 | 00,067,866 | ---- | C] ()
napstat.exe -> %SystemRoot%\System32\napstat.exe -> [2008/10/03 20:53:10 | 00,176,640 | ---- | C] (Microsoft Corporation)
napmontr.dll -> %SystemRoot%\System32\napmontr.dll -> [2008/10/03 20:53:09 | 00,193,024 | ---- | C] (Microsoft Corporation)
napipsec.dll -> %SystemRoot%\System32\napipsec.dll -> [2008/10/03 20:53:09 | 00,030,208 | ---- | C] (Microsoft Corporation)
mutohpen.sys -> %SystemRoot%\System32\drivers\mutohpen.sys -> [2008/10/03 20:53:09 | 00,012,672 | ---- | C] (Microsoft Corporation)
msxml6r.dll -> %SystemRoot%\System32\msxml6r.dll -> [2008/10/03 20:53:08 | 00,079,872 | ---- | C] (Microsoft Corporation)
msxml6r.dll -> %SystemRoot%\System32\dllcache\msxml6r.dll -> [2008/10/03 20:53:08 | 00,079,872 | ---- | C] (Microsoft Corporation)
msxml6.dll -> %SystemRoot%\System32\msxml6.dll -> [2008/10/03 20:53:07 | 01,307,648 | ---- | C] (Microsoft Corporation)
msxml6.dll -> %SystemRoot%\System32\dllcache\msxml6.dll -> [2008/10/03 20:53:07 | 01,307,648 | ---- | C] (Microsoft Corporation)
mssha.dll -> %SystemRoot%\System32\mssha.dll -> [2008/10/03 20:53:04 | 00,155,136 | ---- | C] (Microsoft Corporation)
msshavmsg.dll -> %SystemRoot%\System32\msshavmsg.dll -> [2008/10/03 20:53:04 | 00,076,800 | ---- | C] (Microsoft Corporation)
mmcex.dll -> %SystemRoot%\System32\mmcex.dll -> [2008/10/03 20:52:40 | 00,397,312 | ---- | C] (Microsoft Corporation)
microsoft.managementconsole.dll -> %SystemRoot%\System32\microsoft.managementconsole.dll -> [2008/10/03 20:52:40 | 00,184,320 | ---- | C] (Microsoft Corporation)
mmcfxcommon.dll -> %SystemRoot%\System32\mmcfxcommon.dll -> [2008/10/03 20:52:40 | 00,106,496 | ---- | C] (Microsoft Corporation)
mmcperf.exe -> %SystemRoot%\System32\mmcperf.exe -> [2008/10/03 20:52:40 | 00,033,792 | ---- | C] (Microsoft Corporation)
l2gpstore.dll -> %SystemRoot%\System32\l2gpstore.dll -> [2008/10/03 20:52:23 | 00,037,376 | ---- | C] (Microsoft Corporation)
kmsvc.dll -> %SystemRoot%\System32\kmsvc.dll -> [2008/10/03 20:52:22 | 00,061,440 | ---- | C] (Microsoft Corporation)
kbdpash.dll -> %SystemRoot%\System32\kbdpash.dll -> [2008/10/03 20:52:22 | 00,006,144 | ---- | C] (Microsoft Corporation)
kbdnepr.dll -> %SystemRoot%\System32\kbdnepr.dll -> [2008/10/03 20:52:21 | 00,006,144 | ---- | C] (Microsoft Corporation)
kbdiultn.dll -> %SystemRoot%\System32\kbdiultn.dll -> [2008/10/03 20:52:21 | 00,006,144 | ---- | C] (Microsoft Corporation)
kbdbhc.dll -> %SystemRoot%\System32\kbdbhc.dll -> [2008/10/03 20:52:21 | 00,006,144 | ---- | C] (Microsoft Corporation)
smtpapi.dll -> %SystemRoot%\System32\smtpapi.dll -> [2008/10/03 20:52:07 | 00,010,752 | ---- | C] (Microsoft Corporation)
rwnh.dll -> %SystemRoot%\System32\rwnh.dll -> [2008/10/03 20:52:06 | 00,009,728 | ---- | C] (Microsoft Corporation)
pid.inf -> %SystemRoot%\System32\pid.inf -> [2008/10/03 20:52:06 | 00,000,974 | ---- | C] ()
irbus.sys -> %SystemRoot%\System32\drivers\irbus.sys -> [2008/10/03 20:52:01 | 00,046,592 | ---- | C] (Microsoft Corporation)
comsdupd.exe -> %SystemRoot%\System32\comsdupd.exe -> [2008/10/03 20:52:01 | 00,009,728 | ---- | C] (Microsoft Corporation)
hidbth.sys -> %SystemRoot%\System32\drivers\hidbth.sys -> [2008/10/03 20:51:54 | 00,025,600 | ---- | C] (Microsoft Corporation)
hidir.sys -> %SystemRoot%\System32\drivers\hidir.sys -> [2008/10/03 20:51:54 | 00,019,200 | ---- | C] (Microsoft Corporation)
gagp30kx.sys -> %SystemRoot%\System32\drivers\gagp30kx.sys -> [2008/10/03 20:51:52 | 00,046,464 | ---- | C] (Microsoft Corporation)
faxpatch.exe -> %SystemRoot%\System32\faxpatch.exe -> [2008/10/03 20:51:49 | 00,020,992 | ---- | C] (Microsoft Corporation)
eapp3hst.dll -> %SystemRoot%\System32\eapp3hst.dll -> [2008/10/03 20:51:47 | 00,184,832 | ---- | C] (Microsoft Corporation)
eapphost.dll -> %SystemRoot%\System32\eapphost.dll -> [2008/10/03 20:51:47 | 00,180,224 | ---- | C] (Microsoft Corporation)
eappcfg.dll -> %SystemRoot%\System32\eappcfg.dll -> [2008/10/03 20:51:47 | 00,126,976 | ---- | C] (Microsoft Corporation)
eappgnui.dll -> %SystemRoot%\System32\eappgnui.dll -> [2008/10/03 20:51:47 | 00,094,208 | ---- | C] (Microsoft Corporation)
eapqec.dll -> %SystemRoot%\System32\eapqec.dll -> [2008/10/03 20:51:47 | 00,059,392 | ---- | C] (Microsoft Corporation)
eappprxy.dll -> %SystemRoot%\System32\eappprxy.dll -> [2008/10/03 20:51:47 | 00,040,960 | ---- | C] (Microsoft Corporation)
eapsvc.dll -> %SystemRoot%\System32\eapsvc.dll -> [2008/10/03 20:51:47 | 00,033,792 | ---- | C] (Microsoft Corporation)
eapolqec.dll -> %SystemRoot%\System32\eapolqec.dll -> [2008/10/03 20:51:47 | 00,030,720 | ---- | C] (Microsoft Corporation)
dot3ui.dll -> %SystemRoot%\System32\dot3ui.dll -> [2008/10/03 20:51:45 | 00,650,752 | ---- | C] (Microsoft Corporation)
dot3svc.dll -> %SystemRoot%\System32\dot3svc.dll -> [2008/10/03 20:51:45 | 00,132,096 | ---- | C] (Microsoft Corporation)
dot3cfg.dll -> %SystemRoot%\System32\dot3cfg.dll -> [2008/10/03 20:51:45 | 00,057,856 | ---- | C] (Microsoft Corporation)
dot3msm.dll -> %SystemRoot%\System32\dot3msm.dll -> [2008/10/03 20:51:45 | 00,056,320 | ---- | C] (Microsoft Corporation)
dot3gpclnt.dll -> %SystemRoot%\System32\dot3gpclnt.dll -> [2008/10/03 20:51:45 | 00,039,936 | ---- | C] (Microsoft Corporation)
dot3api.dll -> %SystemRoot%\System32\dot3api.dll -> [2008/10/03 20:51:45 | 00,026,112 | ---- | C] (Microsoft Corporation)
dot3dlg.dll -> %SystemRoot%\System32\dot3dlg.dll -> [2008/10/03 20:51:45 | 00,009,216 | ---- | C] (Microsoft Corporation)
dimsroam.dll -> %SystemRoot%\System32\dimsroam.dll -> [2008/10/03 20:51:44 | 00,039,936 | ---- | C] (Microsoft Corporation)
dimsntfy.dll -> %SystemRoot%\System32\dimsntfy.dll -> [2008/10/03 20:51:44 | 00,019,456 | ---- | C] (Microsoft Corporation)
dhcpqec.dll -> %SystemRoot%\System32\dhcpqec.dll -> [2008/10/03 20:51:42 | 00,048,640 | ---- | C] (Microsoft Corporation)
cxthsfs2.cty -> %SystemRoot%\System32\drivers\cxthsfs2.cty -> [2008/10/03 20:51:40 | 00,129,045 | ---- | C] ()
credssp.dll -> %SystemRoot%\System32\credssp.dll -> [2008/10/03 20:51:40 | 00,012,800 | ---- | C] (Microsoft Corporation)
bthpan.sys -> %SystemRoot%\System32\drivers\bthpan.sys -> [2008/10/03 20:51:35 | 00,101,120 | ---- | C] (Microsoft Corporation)
bthmodem.sys -> %SystemRoot%\System32\drivers\bthmodem.sys -> [2008/10/03 20:51:35 | 00,037,888 | ---- | C] (Microsoft Corporation)
bthprint.sys -> %SystemRoot%\System32\drivers\bthprint.sys -> [2008/10/03 20:51:35 | 00,036,480 | ---- | C] (Microsoft Corporation)
bthusb.sys -> %SystemRoot%\System32\drivers\bthusb.sys -> [2008/10/03 20:51:35 | 00,018,944 | ---- | C] (Microsoft Corporation)
bthenum.sys -> %SystemRoot%\System32\drivers\bthenum.sys -> [2008/10/03 20:51:35 | 00,017,024 | ---- | C] (Microsoft Corporation)
azroles.dll -> %SystemRoot%\System32\azroles.dll -> [2008/10/03 20:51:34 | 00,233,472 | ---- | C] (Microsoft Corporation)
bitsprx4.dll -> %SystemRoot%\System32\bitsprx4.dll -> [2008/10/03 20:51:34 | 00,007,168 | ---- | C] (Microsoft Corporation)
ativmc20.cod -> %SystemRoot%\System32\drivers\ativmc20.cod -> [2008/10/03 20:51:33 | 00,064,352 | ---- | C] ()
aaclient.dll -> %SystemRoot%\System32\aaclient.dll -> [2008/10/03 20:51:25 | 00,136,192 | ---- | C] (Microsoft Corporation)

[Files/Folders - Modified Within 90 Days]
1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp ->
1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp ->
2 C:\Documents and Settings\Jay\My Documents\*.tmp files -> C:\Documents and Settings\Jay\My Documents\*.tmp ->
2 C:\Documents and Settings\Jay\Desktop\*.tmp files -> C:\Documents and Settings\Jay\Desktop\*.tmp ->
1 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp ->
Config.MPF -> %SystemRoot%\System32\Config.MPF -> [2009/01/01 16:11:48 | 00,016,904 | ---- | M] ()
wpa.dbl -> %SystemRoot%\System32\wpa.dbl -> [2009/01/01 16:06:14 | 00,002,206 | ---- | M] ()
Perflib_Perfdata_840.dat -> %SystemRoot%\Temp\Perflib_Perfdata_840.dat -> [2009/01/01 16:05:36 | 00,000,000 | ---- | M] ()
Perflib_Perfdata_4ac.dat -> %SystemRoot%\Temp\Perflib_Perfdata_4ac.dat -> [2009/01/01 16:05:34 | 00,016,384 | ---- | M] ()
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [2009/01/01 16:05:14 | 00,000,006 | -H-- | M] ()
bootstat.dat -> %SystemRoot%\bootstat.dat -> [2009/01/01 16:05:11 | 00,002,048 | --S- | M] ()
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [2009/01/01 16:05:07 | 10,731,80672 | -HS- | M] ()
NTUSER.DAT -> %UserProfile%\NTUSER.DAT -> [2009/01/01 16:04:31 | 05,242,880 | -H-- | M] ()
HOSTS -> %SystemRoot%\System32\drivers\etc\HOSTS -> [2009/01/01 15:47:19 | 00,000,686 | ---- | M] ()
ntuser.ini -> %UserProfile%\ntuser.ini -> [2009/01/01 15:35:12 | 00,000,278 | -HS- | M] ()
5.2 Second-line combination chemotherapy for NSCLC.ppt -> %UserProfile%\Desktop\5.2 Second-line combination chemotherapy for NSCLC.ppt -> [2009/01/01 15:32:51 | 00,315,904 | ---- | M] ()
user32.dll -> %SystemRoot%\System32\dllcache\user32.dll -> [2009/01/01 10:04:58 | 00,578,560 | ---- | M] (Microsoft Corporation)
McQcTask.job -> %SystemRoot%\tasks\McQcTask.job -> [2009/01/01 01:01:51 | 00,000,348 | ---- | M] ()
Default.rdp -> %UserProfile%\My Documents\Default.rdp -> [2008/12/31 16:18:17 | 00,001,148 | -H-- | M] ()
system.ini -> %SystemRoot%\system.ini -> [2008/12/31 13:19:14 | 00,000,227 | ---- | M] ()
win.ini -> %SystemRoot%\win.ini -> [2008/12/31 13:10:27 | 00,000,748 | ---- | M] ()
imsins.BAK -> %SystemRoot%\imsins.BAK -> [2008/12/30 22:53:06 | 00,001,943 | ---- | M] ()
Msft_User_WpdMtpDr_01_00_00.Wdf -> %SystemRoot%\System32\drivers\UMDF\Msft_User_WpdMtpDr_01_00_00.Wdf -> [2008/12/30 12:07:34 | 00,000,000 | -H-- | M] ()
QuickTime Player.lnk -> %AllUsersProfile%\Desktop\QuickTime Player.lnk -> [2008/12/30 11:59:32 | 00,001,604 | ---- | M] ()
AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job -> [2008/12/30 11:58:19 | 00,000,284 | ---- | M] ()
Product Registration.url -> %AllUsersProfile%\Desktop\Product Registration.url -> [2008/12/30 11:49:27 | 00,000,133 | ---- | M] ()
Product Support -Personal Audio-.url -> %AllUsersProfile%\Desktop\Product Support -Personal Audio-.url -> [2008/12/30 11:49:27 | 00,000,126 | ---- | M] ()
nscompat.tlb -> %SystemRoot%\System32\nscompat.tlb -> [2008/12/30 11:46:33 | 00,023,392 | ---- | M] ()
amcompat.tlb -> %SystemRoot%\System32\amcompat.tlb -> [2008/12/30 11:46:33 | 00,016,832 | ---- | M] ()
NWZ-S630F S730F series Operation Guide.pdf.lnk -> %AllUsersProfile%\Desktop\NWZ-S630F S730F series Operation Guide.pdf.lnk -> [2008/12/30 11:42:14 | 00,000,840 | ---- | M] ()
5.1 First-line combination chemotherapy for NSCLC.ppt -> %UserProfile%\Desktop\5.1 First-line combination chemotherapy for NSCLC.ppt -> [2008/12/28 16:36:41 | 00,901,120 | ---- | M] ()
Stock ReCheck 2008.xls -> %UserProfile%\My Documents\Stock ReCheck 2008.xls -> [2008/12/22 20:39:36 | 00,547,328 | ---- | M] ()
GDIPFONTCACHEV1.DAT -> %UserProfile%\Local Settings\Application Data\GDIPFONTCACHEV1.DAT -> [2008/12/20 17:16:41 | 00,070,592 | ---- | M] ()
FNTCACHE.DAT -> %SystemRoot%\System32\FNTCACHE.DAT -> [2008/12/20 13:15:55 | 00,252,680 | ---- | M] ()
Acrobat Assistant.lnk -> %AllUsersProfile%\Start Menu\Programs\Startup\Acrobat Assistant.lnk -> [2008/12/20 13:06:19 | 00,001,824 | ---- | M] ()
Adobe Acrobat 6.0 Professional.lnk -> %AllUsersProfile%\Desktop\Adobe Acrobat 6.0 Professional.lnk -> [2008/12/20 13:06:19 | 00,001,740 | ---- | M] ()
qmgr1.dat -> %AllUsersProfile%\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [2008/12/20 12:57:29 | 00,004,646 | ---- | M] ()
qmgr0.dat -> %AllUsersProfile%\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [2008/12/20 12:57:29 | 00,004,232 | ---- | M] ()
McDefragTask.job -> %SystemRoot%\tasks\McDefragTask.job -> [2008/12/15 01:53:24 | 00,000,346 | ---- | M] ()
mshtml.dll -> %SystemRoot%\System32\mshtml.dll -> [2008/12/13 06:40:02 | 03,593,216 | ---- | M] (Microsoft Corporation)
mshtml.dll -> %SystemRoot%\System32\dllcache\mshtml.dll -> [2008/12/13 06:40:02 | 03,593,216 | ---- | M] (Microsoft Corporation)
MRT.exe -> %SystemRoot%\System32\MRT.exe -> [2008/12/09 23:24:37 | 17,593,280 | ---- | M] (Microsoft Corporation)
AcroPro90_efg.exe -> %UserProfile%\Desktop\AcroPro90_efg.exe -> [2008/12/09 20:16:37 | 34,243,7920 | ---- | M] ( )
mbamswissarmy.sys -> %SystemRoot%\System32\drivers\mbamswissarmy.sys -> [2008/12/03 19:59:06 | 00,038,496 | ---- | M] (Malwarebytes Corporation)
mbam.sys -> %SystemRoot%\System32\drivers\mbam.sys -> [2008/12/03 19:59:02 | 00,015,504 | ---- | M] (Malwarebytes Corporation)
Barham Park plan.pub -> %UserProfile%\My Documents\Barham Park plan.pub -> [2008/11/11 20:42:57 | 00,047,616 | ---- | M] ()
PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI -> [2008/11/07 12:44:03 | 00,510,452 | ---- | M] ()
perfh009.dat -> %SystemRoot%\System32\perfh009.dat -> [2008/11/07 12:44:03 | 00,428,972 | ---- | M] ()
perfc009.dat -> %SystemRoot%\System32\perfc009.dat -> [2008/11/07 12:44:03 | 00,073,198 | ---- | M] ()
mrxsmb.sys -> %SystemRoot%\System32\drivers\mrxsmb.sys -> [2008/10/24 11:21:09 | 00,455,296 | ---- | M] (Microsoft Corporation)
mrxsmb.sys -> %SystemRoot%\System32\dllcache\mrxsmb.sys -> [2008/10/24 11:21:09 | 00,455,296 | ---- | M] (Microsoft Corporation)
gdi32.dll -> %SystemRoot%\System32\gdi32.dll -> [2008/10/23 12:36:14 | 00,286,720 | ---- | M] (Microsoft Corporation)

Report •

#16
January 1, 2009 at 08:41:15

gdi32.dll -> %SystemRoot%\System32\dllcache\gdi32.dll -> [2008/10/23 12:36:14 | 00,286,720 | ---- | M] (Microsoft Corporation)
tzchange.exe -> %SystemRoot%\System32\tzchange.exe -> [2008/10/23 10:06:59 | 00,062,976 | ---- | M] (Microsoft Corporation)
wininet.dll -> %SystemRoot%\System32\wininet.dll -> [2008/10/16 20:38:40 | 00,826,368 | ---- | M] (Microsoft Corporation)
wininet.dll -> %SystemRoot%\System32\dllcache\wininet.dll -> [2008/10/16 20:38:40 | 00,826,368 | ---- | M] (Microsoft Corporation)
urlmon.dll -> %SystemRoot%\System32\urlmon.dll -> [2008/10/16 20:38:39 | 01,160,192 | ---- | M] (Microsoft Corporation)
urlmon.dll -> %SystemRoot%\System32\dllcache\urlmon.dll -> [2008/10/16 20:38:39 | 01,160,192 | ---- | M] (Microsoft Corporation)
mstime.dll -> %SystemRoot%\System32\mstime.dll -> [2008/10/16 20:38:39 | 00,671,232 | ---- | M] (Microsoft Corporation)
mstime.dll -> %SystemRoot%\System32\dllcache\mstime.dll -> [2008/10/16 20:38:39 | 00,671,232 | ---- | M] (Microsoft Corporation)
webcheck.dll -> %SystemRoot%\System32\webcheck.dll -> [2008/10/16 20:38:39 | 00,233,472 | ---- | M] (Microsoft Corporation)
webcheck.dll -> %SystemRoot%\System32\dllcache\webcheck.dll -> [2008/10/16 20:38:39 | 00,233,472 | ---- | M] (Microsoft Corporation)
url.dll -> %SystemRoot%\System32\url.dll -> [2008/10/16 20:38:39 | 00,105,984 | ---- | M] (Microsoft Corporation)
url.dll -> %SystemRoot%\System32\dllcache\url.dll -> [2008/10/16 20:38:39 | 00,105,984 | ---- | M] (Microsoft Corporation)
occache.dll -> %SystemRoot%\System32\occache.dll -> [2008/10/16 20:38:39 | 00,102,912 | ---- | M] (Microsoft Corporation)
occache.dll -> %SystemRoot%\System32\dllcache\occache.dll -> [2008/10/16 20:38:39 | 00,102,912 | ---- | M] (Microsoft Corporation)
pngfilt.dll -> %SystemRoot%\System32\pngfilt.dll -> [2008/10/16 20:38:39 | 00,044,544 | ---- | M] (Microsoft Corporation)
pngfilt.dll -> %SystemRoot%\System32\dllcache\pngfilt.dll -> [2008/10/16 20:38:39 | 00,044,544 | ---- | M] (Microsoft Corporation)
mshtmled.dll -> %SystemRoot%\System32\mshtmled.dll -> [2008/10/16 20:38:38 | 00,477,696 | ---- | M] (Microsoft Corporation)
mshtmled.dll -> %SystemRoot%\System32\dllcache\mshtmled.dll -> [2008/10/16 20:38:38 | 00,477,696 | ---- | M] (Microsoft Corporation)
msrating.dll -> %SystemRoot%\System32\msrating.dll -> [2008/10/16 20:38:38 | 00,193,024 | ---- | M] (Microsoft Corporation)
msrating.dll -> %SystemRoot%\System32\dllcache\msrating.dll -> [2008/10/16 20:38:38 | 00,193,024 | ---- | M] (Microsoft Corporation)
ieframe.dll -> %SystemRoot%\System32\ieframe.dll -> [2008/10/16 20:38:37 | 06,066,176 | ---- | M] (Microsoft Corporation)
ieframe.dll -> %SystemRoot%\System32\dllcache\ieframe.dll -> [2008/10/16 20:38:37 | 06,066,176 | ---- | M] (Microsoft Corporation)
inetcpl.cpl -> %SystemRoot%\System32\inetcpl.cpl -> [2008/10/16 20:38:37 | 01,831,424 | ---- | M] (Microsoft Corporation)
inetcpl.cpl -> %SystemRoot%\System32\dllcache\inetcpl.cpl -> [2008/10/16 20:38:37 | 01,831,424 | ---- | M] (Microsoft Corporation)
msfeeds.dll -> %SystemRoot%\System32\msfeeds.dll -> [2008/10/16 20:38:37 | 00,459,264 | ---- | M] (Microsoft Corporation)
msfeeds.dll -> %SystemRoot%\System32\dllcache\msfeeds.dll -> [2008/10/16 20:38:37 | 00,459,264 | ---- | M] (Microsoft Corporation)
iertutil.dll -> %SystemRoot%\System32\iertutil.dll -> [2008/10/16 20:38:37 | 00,267,776 | ---- | M] (Microsoft Corporation)
iertutil.dll -> %SystemRoot%\System32\dllcache\iertutil.dll -> [2008/10/16 20:38:37 | 00,267,776 | ---- | M] (Microsoft Corporation)
msfeedsbs.dll -> %SystemRoot%\System32\msfeedsbs.dll -> [2008/10/16 20:38:37 | 00,052,224 | ---- | M] (Microsoft Corporation)
msfeedsbs.dll -> %SystemRoot%\System32\dllcache\msfeedsbs.dll -> [2008/10/16 20:38:37 | 00,052,224 | ---- | M] (Microsoft Corporation)
iernonce.dll -> %SystemRoot%\System32\iernonce.dll -> [2008/10/16 20:38:37 | 00,044,544 | ---- | M] (Microsoft Corporation)
iernonce.dll -> %SystemRoot%\System32\dllcache\iernonce.dll -> [2008/10/16 20:38:37 | 00,044,544 | ---- | M] (Microsoft Corporation)
jsproxy.dll -> %SystemRoot%\System32\jsproxy.dll -> [2008/10/16 20:38:37 | 00,027,648 | ---- | M] (Microsoft Corporation)
jsproxy.dll -> %SystemRoot%\System32\dllcache\jsproxy.dll -> [2008/10/16 20:38:37 | 00,027,648 | ---- | M] (Microsoft Corporation)
iedkcs32.dll -> %SystemRoot%\System32\iedkcs32.dll -> [2008/10/16 20:38:35 | 00,384,512 | ---- | M] (Microsoft Corporation)
iedkcs32.dll -> %SystemRoot%\System32\dllcache\iedkcs32.dll -> [2008/10/16 20:38:35 | 00,384,512 | ---- | M] (Microsoft Corporation)
ieapfltr.dll -> %SystemRoot%\System32\ieapfltr.dll -> [2008/10/16 20:38:35 | 00,383,488 | ---- | M] (Microsoft Corporation)
ieapfltr.dll -> %SystemRoot%\System32\dllcache\ieapfltr.dll -> [2008/10/16 20:38:35 | 00,383,488 | ---- | M] (Microsoft Corporation)
ieaksie.dll -> %SystemRoot%\System32\ieaksie.dll -> [2008/10/16 20:38:35 | 00,230,400 | ---- | M] (Microsoft Corporation)
ieaksie.dll -> %SystemRoot%\System32\dllcache\ieaksie.dll -> [2008/10/16 20:38:35 | 00,230,400 | ---- | M] (Microsoft Corporation)
ieakeng.dll -> %SystemRoot%\System32\ieakeng.dll -> [2008/10/16 20:38:35 | 00,153,088 | ---- | M] (Microsoft Corporation)
ieakeng.dll -> %SystemRoot%\System32\dllcache\ieakeng.dll -> [2008/10/16 20:38:35 | 00,153,088 | ---- | M] (Microsoft Corporation)
extmgr.dll -> %SystemRoot%\System32\extmgr.dll -> [2008/10/16 20:38:35 | 00,133,120 | ---- | M] (Microsoft Corporation)
extmgr.dll -> %SystemRoot%\System32\dllcache\extmgr.dll -> [2008/10/16 20:38:35 | 00,133,120 | ---- | M] (Microsoft Corporation)
icardie.dll -> %SystemRoot%\System32\icardie.dll -> [2008/10/16 20:38:35 | 00,063,488 | ---- | M] (Microsoft Corporation)
icardie.dll -> %SystemRoot%\System32\dllcache\icardie.dll -> [2008/10/16 20:38:35 | 00,063,488 | ---- | M] (Microsoft Corporation)
dxtmsft.dll -> %SystemRoot%\System32\dxtmsft.dll -> [2008/10/16 20:38:34 | 00,347,136 | ---- | M] (Microsoft Corporation)
dxtmsft.dll -> %SystemRoot%\System32\dllcache\dxtmsft.dll -> [2008/10/16 20:38:34 | 00,347,136 | ---- | M] (Microsoft Corporation)
dxtrans.dll -> %SystemRoot%\System32\dxtrans.dll -> [2008/10/16 20:38:34 | 00,214,528 | ---- | M] (Microsoft Corporation)
dxtrans.dll -> %SystemRoot%\System32\dllcache\dxtrans.dll -> [2008/10/16 20:38:34 | 00,214,528 | ---- | M] (Microsoft Corporation)
advpack.dll -> %SystemRoot%\System32\dllcache\advpack.dll -> [2008/10/16 20:38:34 | 00,124,928 | ---- | M] (Microsoft Corporation)
advpack.dll -> %SystemRoot%\System32\advpack.dll -> [2008/10/16 20:38:34 | 00,124,928 | ---- | M] (Microsoft Corporation)
wuaueng.dll -> %SystemRoot%\System32\wuaueng.dll -> [2008/10/16 14:13:40 | 01,809,944 | ---- | M] (Microsoft Corporation)
wuaueng.dll -> %SystemRoot%\System32\dllcache\wuaueng.dll -> [2008/10/16 14:13:40 | 01,809,944 | ---- | M] (Microsoft Corporation)
wuweb.dll -> %SystemRoot%\System32\wuweb.dll -> [2008/10/16 14:13:40 | 00,202,776 | ---- | M] (Microsoft Corporation)
wuweb.dll -> %SystemRoot%\System32\dllcache\wuweb.dll -> [2008/10/16 14:13:40 | 00,202,776 | ---- | M] (Microsoft Corporation)
wucltui.dll -> %SystemRoot%\System32\wucltui.dll -> [2008/10/16 14:12:22 | 00,323,608 | ---- | M] (Microsoft Corporation)
wucltui.dll -> %SystemRoot%\System32\dllcache\wucltui.dll -> [2008/10/16 14:12:22 | 00,323,608 | ---- | M] (Microsoft Corporation)
wuapi.dll -> %SystemRoot%\System32\wuapi.dll -> [2008/10/16 14:12:20 | 00,561,688 | ---- | M] (Microsoft Corporation)
wuapi.dll -> %SystemRoot%\System32\dllcache\wuapi.dll -> [2008/10/16 14:12:20 | 00,561,688 | ---- | M] (Microsoft Corporation)
wuaucpl.cpl -> %SystemRoot%\System32\wuaucpl.cpl -> [2008/10/16 14:12:20 | 00,213,528 | ---- | M] (Microsoft Corporation)
wuaucpl.cpl -> %SystemRoot%\System32\dllcache\wuaucpl.cpl -> [2008/10/16 14:12:20 | 00,213,528 | ---- | M] (Microsoft Corporation)
cdm.dll -> %SystemRoot%\System32\dllcache\cdm.dll -> [2008/10/16 14:09:44 | 00,092,696 | ---- | M] (Microsoft Corporation)
cdm.dll -> %SystemRoot%\System32\cdm.dll -> [2008/10/16 14:09:44 | 00,092,696 | ---- | M] (Microsoft Corporation)
wuauclt.exe -> %SystemRoot%\System32\wuauclt.exe -> [2008/10/16 14:09:44 | 00,051,224 | ---- | M] (Microsoft Corporation)
wuauclt.exe -> %SystemRoot%\System32\dllcache\wuauclt.exe -> [2008/10/16 14:09:44 | 00,051,224 | ---- | M] (Microsoft Corporation)
wups2.dll -> %SystemRoot%\System32\wups2.dll -> [2008/10/16 14:09:44 | 00,043,544 | ---- | M] (Microsoft Corporation)
wucltui.dll.mui -> %SystemRoot%\System32\wucltui.dll.mui -> [2008/10/16 14:09:40 | 00,031,768 | ---- | M] (Microsoft Corporation)
wups.dll -> %SystemRoot%\System32\wups.dll -> [2008/10/16 14:08:58 | 00,034,328 | ---- | M] (Microsoft Corporation)
wups.dll -> %SystemRoot%\System32\dllcache\wups.dll -> [2008/10/16 14:08:58 | 00,034,328 | ---- | M] (Microsoft Corporation)
wuaucpl.cpl.mui -> %SystemRoot%\System32\wuaucpl.cpl.mui -> [2008/10/16 14:07:46 | 00,023,576 | ---- | M] (Microsoft Corporation)
wuapi.dll.mui -> %SystemRoot%\System32\wuapi.dll.mui -> [2008/10/16 14:07:44 | 00,023,576 | ---- | M] (Microsoft Corporation)
wuaueng.dll.mui -> %SystemRoot%\System32\wuaueng.dll.mui -> [2008/10/16 14:07:14 | 00,018,456 | ---- | M] (Microsoft Corporation)
ie4uinit.exe -> %SystemRoot%\System32\ie4uinit.exe -> [2008/10/16 13:11:09 | 00,070,656 | ---- | M] (Microsoft Corporation)
ie4uinit.exe -> %SystemRoot%\System32\dllcache\ie4uinit.exe -> [2008/10/16 13:11:09 | 00,070,656 | ---- | M] (Microsoft Corporation)
ieudinit.exe -> %SystemRoot%\System32\ieudinit.exe -> [2008/10/16 13:11:09 | 00,013,824 | ---- | M] (Microsoft Corporation)
ieudinit.exe -> %SystemRoot%\System32\dllcache\ieudinit.exe -> [2008/10/16 13:11:09 | 00,013,824 | ---- | M] (Microsoft Corporation)
netapi32.dll -> %SystemRoot%\System32\netapi32.dll -> [2008/10/15 16:34:24 | 00,337,408 | ---- | M] (Microsoft Corporation)
netapi32.dll -> %SystemRoot%\System32\dllcache\netapi32.dll -> [2008/10/15 16:34:24 | 00,337,408 | ---- | M] (Microsoft Corporation)
iexplore.exe -> %SystemRoot%\System32\dllcache\iexplore.exe -> [2008/10/15 07:06:26 | 00,633,632 | ---- | M] (Microsoft Corporation)
ieakui.dll -> %SystemRoot%\System32\ieakui.dll -> [2008/10/15 07:04:53 | 00,161,792 | ---- | M] (Microsoft Corporation)
ieakui.dll -> %SystemRoot%\System32\dllcache\ieakui.dll -> [2008/10/15 07:04:53 | 00,161,792 | ---- | M] (Microsoft Corporation)
ntldr -> %SystemDrive%\ntldr -> [2008/10/09 20:34:17 | 00,250,048 | RHS- | M] ()
~$-10-04.Tarceva blended learning content outline.LB.doc -> %UserProfile%\Desktop\~$-10-04.Tarceva blended learning content outline.LB.doc -> [2008/10/05 10:39:54 | 00,000,162 | -H-- | M] ()
~$inical trial diagram.doc -> %UserProfile%\Desktop\~$inical trial diagram.doc -> [2008/10/05 09:05:37 | 00,000,162 | -H-- | M] ()
opa11.dat -> %AllUsersProfile%\Application Data\Microsoft\OFFICE\DATA\opa11.dat -> [2005/11/15 14:43:06 | 00,011,068 | ---- | M] ()
GridLayout.dat -> %AllUsersProfile%\Application Data\Microsoft\Small Business Accounting\GridLayout.dat -> [2005/07/25 18:20:18 | 00,101,321 | ---- | M] ()

[Alternate Data Streams]
@Alternate Data Stream - 0 bytes -> %UserProfile%\My Documents\Thumbs.db:encryptable

[File - Lop Check]
Application Data -> C:\Documents and Settings\All Users\Application Data -> [2008/12/31 08:50:42 | 00,000,000 | RH-D | M]
Citrix -> C:\Documents and Settings\All Users\Application Data\Citrix -> [2008/09/11 11:16:05 | 00,000,000 | ---D | M]
Dell -> C:\Documents and Settings\All Users\Application Data\Dell -> [2008/10/06 20:57:55 | 00,000,000 | ---D | M]
FLEXnet -> C:\Documents and Settings\All Users\Application Data\FLEXnet -> [2008/02/23 13:58:07 | 00,000,000 | ---D | M]
Intel -> C:\Documents and Settings\All Users\Application Data\Intel -> [2005/11/10 17:43:45 | 00,000,000 | ---D | M]
Napster -> C:\Documents and Settings\All Users\Application Data\Napster -> [2008/12/31 00:22:00 | 00,000,000 | ---D | M]
SBSI -> C:\Documents and Settings\All Users\Application Data\SBSI -> [2004/08/11 17:25:52 | 00,000,000 | ---D | M]
Sony -> C:\Documents and Settings\All Users\Application Data\Sony -> [2008/12/30 17:41:37 | 00,000,000 | ---D | M]
SupportSoft -> C:\Documents and Settings\All Users\Application Data\SupportSoft -> [2008/10/06 15:44:39 | 00,000,000 | ---D | M]
Viewpoint -> C:\Documents and Settings\All Users\Application Data\Viewpoint -> [2005/11/10 17:51:02 | 00,000,000 | ---D | M]
Application Data -> C:\Documents and Settings\Jay\Application Data -> [2008/12/31 08:50:53 | 00,000,000 | RH-D | M]
Amazon -> C:\Documents and Settings\Jay\Application Data\Amazon -> [2008/12/25 11:13:40 | 00,000,000 | ---D | M]
Citrix -> C:\Documents and Settings\Jay\Application Data\Citrix -> [2007/05/23 18:45:25 | 00,000,000 | ---D | M]
CyberLink -> C:\Documents and Settings\Jay\Application Data\CyberLink -> [2006/04/09 08:11:14 | 00,000,000 | ---D | M]
Download Manager -> C:\Documents and Settings\Jay\Application Data\Download Manager -> [2008/12/09 20:16:37 | 00,000,000 | ---D | M]
ICAClient -> C:\Documents and Settings\Jay\Application Data\ICAClient -> [2007/02/27 21:43:56 | 00,000,000 | ---D | M]
Intel -> C:\Documents and Settings\Jay\Application Data\Intel -> [2005/11/10 17:44:19 | 00,000,000 | ---D | M]
Leadertech -> C:\Documents and Settings\Jay\Application Data\Leadertech -> [2006/11/18 10:07:24 | 00,000,000 | ---D | M]
Netscape -> C:\Documents and Settings\Jay\Application Data\Netscape -> [2007/05/23 18:45:25 | 00,000,000 | ---D | M]
Roxio -> C:\Documents and Settings\Jay\Application Data\Roxio -> [2008/12/30 23:19:13 | 00,000,000 | ---D | M]
SmartDraw -> C:\Documents and Settings\Jay\Application Data\SmartDraw -> [2008/01/12 14:06:32 | 00,000,000 | ---D | M]
Snapfish -> C:\Documents and Settings\Jay\Application Data\Snapfish -> [2007/01/09 14:26:33 | 00,000,000 | ---D | M]
Sony -> C:\Documents and Settings\Jay\Application Data\Sony -> [2008/12/31 00:25:48 | 00,000,000 | ---D | M]
Sony Setup -> C:\Documents and Settings\Jay\Application Data\Sony Setup -> [2007/08/23 19:01:31 | 00,000,000 | ---D | M]
You've Got Pictures Screensaver -> C:\Documents and Settings\Jay\Application Data\You've Got Pictures Screensaver -> [2005/11/10 17:51:03 | 00,000,000 | ---D | M]
C:\WINDOWS\Tasks\ -> C:\WINDOWS\Tasks -> [2008/12/30 11:58:18 | 00,000,000 | --SD | M]
AppleSoftwareUpdate.job -> C:\WINDOWS\Tasks\AppleSoftwareUpdate.job -> [2008/12/30 11:58:19 | 00,000,284 | ---- | M] ()
desktop.ini -> C:\WINDOWS\Tasks\desktop.ini -> [2004/08/04 05:00:00 | 00,000,065 | RH-- | M] ()
McDefragTask.job -> C:\WINDOWS\Tasks\McDefragTask.job -> [2008/12/15 01:53:24 | 00,000,346 | ---- | M] ()
McQcTask.job -> C:\WINDOWS\Tasks\McQcTask.job -> [2009/01/01 01:01:51 | 00,000,348 | ---- | M] ()
SA.DAT -> C:\WINDOWS\Tasks\SA.DAT -> [2009/01/01 16:05:14 | 00,000,006 | -H-- | M] ()

[File - Purity Scan]

[File - Signature Check]
< Cached Copy > -> < OS Copy > -> < MD5's >
C:\WINDOWS\servicepackfiles\i386\explorer.exe [2008/04/14 00:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -> C:\WINDOWS\explorer.exe [2008/04/14 00:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -> Cached Copy = 12896823FB95BFB3DC9B46BCAEDC9923 \ OS Copy = 12896823FB95BFB3DC9B46BCAEDC9923
C:\WINDOWS\servicepackfiles\i386\csrss.exe [2008/04/14 00:12:15 | 00,006,144 | ---- | M] (Microsoft Corporation) -> C:\WINDOWS\system32\csrss.exe [2008/04/14 00:12:15 | 00,006,144 | ---- | M] (Microsoft Corporation) -> Cached Copy = 44F275C64738EA2056E3D9580C23B60F \ OS Copy = 44F275C64738EA2056E3D9580C23B60F
C:\WINDOWS\servicepackfiles\i386\lsass.exe [2008/04/14 00:12:24 | 00,013,312 | ---- | M] (Microsoft Corporation) -> C:\WINDOWS\system32\lsass.exe [2008/04/14 00:12:24 | 00,013,312 | ---- | M] (Microsoft Corporation) -> Cached Copy = BF2466B3E18E970D8A976FB95FC1CA85 \ OS Copy = BF2466B3E18E970D8A976FB95FC1CA85
C:\WINDOWS\servicepackfiles\i386\rundll32.exe [2008/04/14 00:12:33 | 00,033,280 | ---- | M] (Microsoft Corporation) -> C:\WINDOWS\system32\rundll32.exe [2008/04/14 00:12:33 | 00,033,280 | ---- | M] (Microsoft Corporation) -> Cached Copy = 037B1E7798960E0420003D05BB577EE6 \ OS Copy = 037B1E7798960E0420003D05BB577EE6
C:\WINDOWS\servicepackfiles\i386\services.exe [2008/04/14 00:12:34 | 00,108,544 | ---- | M] (Microsoft Corporation) -> C:\WINDOWS\system32\services.exe [2008/04/14 00:12:34 | 00,108,544 | ---- | M] (Microsoft Corporation) -> Cached Copy = 0E776ED5F7CC9F94299E70461B7B8185 \ OS Copy = 0E776ED5F7CC9F94299E70461B7B8185
C:\WINDOWS\servicepackfiles\i386\smss.exe [2008/04/14 00:12:36 | 00,050,688 | ---- | M] (Microsoft Corporation) -> C:\WINDOWS\system32\smss.exe [2008/04/14 00:12:36 | 00,050,688 | ---- | M] (Microsoft Corporation) -> Cached Copy = 5F816C1F539266D2D4C78694239DA0B5 \ OS Copy = 5F816C1F539266D2D4C78694239DA0B5
C:\WINDOWS\servicepackfiles\i386\spoolsv.exe [2008/04/14 00:12:36 | 00,057,856 | ---- | M] (Microsoft Corporation) -> C:\WINDOWS\system32\spoolsv.exe [2008/04/14 00:12:36 | 00,057,856 | ---- | M] (Microsoft Corporation) -> Cached Copy = D8E14A61ACC1D4A6CD0D38AEBAC7FA3B \ OS Copy = D8E14A61ACC1D4A6CD0D38AEBAC7FA3B
C:\WINDOWS\servicepackfiles\i386\svchost.exe [2008/04/14 00:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) -> C:\WINDOWS\system32\svchost.exe [2008/04/14 00:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) -> Cached Copy = 27C6D03BCDB8CFEB96B716F3D8BE3E18 \ OS Copy = 27C6D03BCDB8CFEB96B716F3D8BE3E18
C:\WINDOWS\servicepackfiles\i386\taskmgr.exe [2008/04/14 00:12:37 | 00,135,680 | ---- | M] (Microsoft Corporation) -> C:\WINDOWS\system32\taskmgr.exe [2008/04/14 00:12:37 | 00,135,680 | ---- | M] (Microsoft Corporation) -> Cached Copy = 2CD1C3506A85B38E2D17E61ADED175C4 \ OS Copy = 2CD1C3506A85B38E2D17E61ADED175C4
C:\WINDOWS\servicepackfiles\i386\userinit.exe [2008/04/14 00:12:38 | 00,026,112 | ---- | M] (Microsoft Corporation) -> C:\WINDOWS\system32\userinit.exe [2008/04/14 00:12:38 | 00,026,112 | ---- | M] (Microsoft Corporation) -> Cached Copy = A93AEE1928A9D7CE3E16D24EC7380F89 \ OS Copy = A93AEE1928A9D7CE3E16D24EC7380F89
C:\WINDOWS\servicepackfiles\i386\winlogon.exe [2008/04/14 00:12:39 | 00,507,904 | ---- | M] (Microsoft Corporation) -> C:\WINDOWS\system32\winlogon.exe [2008/04/14 00:12:39 | 00,507,904 | ---- | M] (Microsoft Corporation) -> Cached Copy = ED0EF0A136DEC83DF69F04118870003E \ OS Copy = ED0EF0A136DEC83DF69F04118870003E

Report •

#17
January 1, 2009 at 08:44:17
[CatchMe Rootkit Scan by GMER]
< Windows folder & sub-folders >
scanning hidden processes ...
IPC error: 2 The system cannot find the file specified.
scanning hidden services & system hive ...
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
< Document and Settings folder & sub folders >
scanning hidden files ...
IPC error: 2 The system cannot find the file specified.
C:\Documents and Settings\Jay\Favorites\AMAZON WII ORDER PAGE.url:favicon 1406 bytes
C:\Documents and Settings\Jay\Favorites\amazon.co.uk Nintendo Wii Console (Includes Wii Sports) PC & Video Games.url:favicon 1406 bytes
C:\Documents and Settings\Jay\Favorites\BDA Latest Food Facts. Diet and Dietary information from The British Dietetic Association.url:favicon 16958 bytes
C:\Documents and Settings\Jay\Favorites\Creative Designers For Wedding Receptions, Themed Parties And Mandaps.url:favicon 894 bytes
C:\Documents and Settings\Jay\Favorites\Drug Development Process.url:favicon 1150 bytes
C:\Documents and Settings\Jay\Favorites\Exercise without weight loss is an effective strat...[J Appl Physiol. 2005] - PubMed Result.url:favicon 318 bytes
C:\Documents and Settings\Jay\Favorites\Glycaemic index and index and carbohydrate content of some common foods divided into high, moderate and low glycaemic index.url:favicon 4286 bytes
C:\Documents and Settings\Jay\Favorites\guides The Legend of Zelda Twilight Princess Guide (Wii), Legend of Zelda Twilight Princess Walkthrough.url:favicon 3638 bytes
C:\Documents and Settings\Jay\Favorites\London Stock Exchange - current article.url:favicon 894 bytes
C:\Documents and Settings\Jay\Favorites\London Stock Exchange - What factors influence share price.url:favicon 894 bytes
C:\Documents and Settings\Jay\Favorites\PubMed Home.url:favicon 318 bytes
C:\Documents and Settings\Jay\Favorites\WII STOCK UK - AMAZON FORUM.url:favicon 3638 bytes
scan completed successfully
hidden files: 116

[Custom Scans]
< %systemroot%\Prefetch\*.* /s >
C:\WINDOWS\Prefetch\ -> C:\WINDOWS\Prefetch -> [2009/01/01 16:23:21 | 00,000,000 | ---D | M]
1XCONFIG.EXE-0CD0AEB5.pf -> C:\WINDOWS\Prefetch\1XCONFIG.EXE -> [2009/01/01 15:35:06 | 00,011,364 | ---- | M] ()
ACROTRAY.EXE-0F021257.pf -> C:\WINDOWS\Prefetch\ACROTRAY.EXE -> [2009/01/01 16:10:05 | 00,013,464 | ---- | M] ()
ADOBEUPDATEMANAGER.EXE-0075C43E.pf -> C:\WINDOWS\Prefetch\ADOBEUPDATEMANAGER.EXE -> [2009/01/01 10:19:41 | 00,019,196 | ---- | M] ()
ALG.EXE-275708CF.pf -> C:\WINDOWS\Prefetch\ALG.EXE -> [2009/01/01 09:46:12 | 00,015,618 | ---- | M] ()
AOLSP SCHEDULER.EXE-1A97194E.pf -> C:\WINDOWS\Prefetch\AOLSP SCHEDULER.EXE -> [2009/01/01 16:09:49 | 00,056,882 | ---- | M] ()
AOLTRAY.EXE-327538D3.pf -> C:\WINDOWS\Prefetch\AOLTRAY.EXE -> [2009/01/01 16:09:57 | 00,011,352 | ---- | M] ()
APNTEX.EXE-07D7E94A.pf -> C:\WINDOWS\Prefetch\APNTEX.EXE -> [2009/01/01 16:09:55 | 00,009,266 | ---- | M] ()
APOINT.EXE-03E36C22.pf -> C:\WINDOWS\Prefetch\APOINT.EXE -> [2009/01/01 16:09:55 | 00,019,684 | ---- | M] ()
ATIPRBXX.EXE-2DA84FA2.pf -> C:\WINDOWS\Prefetch\ATIPRBXX.EXE -> [2009/01/01 16:09:41 | 00,006,614 | ---- | M] ()
ATIPTAXX.EXE-19794D05.pf -> C:\WINDOWS\Prefetch\ATIPTAXX.EXE -> [2009/01/01 16:09:49 | 00,055,534 | ---- | M] ()
CATCHME.EXE-267E8736.pf -> C:\WINDOWS\Prefetch\CATCHME.EXE -> [2009/01/01 16:25:21 | 00,018,140 | ---- | M] ()
CMD.EXE-034B0549.pf -> C:\WINDOWS\Prefetch\CMD.EXE -> [2009/01/01 16:08:53 | 00,014,980 | ---- | M] ()
CSWEG.EXE-04F9F647.pf -> C:\WINDOWS\Prefetch\CSWEG.EXE -> [2009/01/01 16:08:50 | 00,011,886 | ---- | M] ()
CTFMON.EXE-05E57A5E.pf -> C:\WINDOWS\Prefetch\CTFMON.EXE -> [2009/01/01 16:10:00 | 00,019,312 | ---- | M] ()
DLG.EXE-332F77D1.pf -> C:\WINDOWS\Prefetch\DLG.EXE -> [2009/01/01 16:10:07 | 00,013,390 | ---- | M] ()
DMXLAUNCHER.EXE-268192CB.pf -> C:\WINDOWS\Prefetch\DMXLAUNCHER.EXE -> [2009/01/01 16:09:55 | 00,010,728 | ---- | M] ()
DNIF.EXE-07D9C145.pf -> C:\WINDOWS\Prefetch\DNIF.EXE -> [2009/01/01 16:08:49 | 00,005,598 | ---- | M] ()
DSAGNT.EXE-2DA183E7.pf -> C:\WINDOWS\Prefetch\DSAGNT.EXE -> [2009/01/01 16:09:58 | 00,016,668 | ---- | M] ()
DVDLAUNCHER.EXE-1E7A529B.pf -> C:\WINDOWS\Prefetch\DVDLAUNCHER.EXE -> [2009/01/01 16:09:55 | 00,012,770 | ---- | M] ()
EDITREG.EXE-1EEA2C97.pf -> C:\WINDOWS\Prefetch\EDITREG.EXE -> [2009/01/01 16:09:30 | 00,011,330 | ---- | M] ()
HELPSVC.EXE-1C192440.pf -> C:\WINDOWS\Prefetch\HELPSVC.EXE -> [2009/01/01 14:10:27 | 00,024,578 | ---- | M] ()
HWUPDCHK.EXE-2CCE7F93.pf -> C:\WINDOWS\Prefetch\HWUPDCHK.EXE -> [2009/01/01 14:11:26 | 00,037,098 | ---- | M] ()
IEXPLORE.EXE-2D97EBE6.pf -> C:\WINDOWS\Prefetch\IEXPLORE.EXE -> [2009/01/01 16:11:11 | 00,103,010 | ---- | M] ()
IFRMEWRK.EXE-02DE6F7E.pf -> C:\WINDOWS\Prefetch\IFRMEWRK.EXE -> [2009/01/01 16:09:55 | 00,032,020 | ---- | M] ()
IMAPI.EXE-201490BB.pf -> C:\WINDOWS\Prefetch\IMAPI.EXE -> [2009/01/01 16:09:48 | 00,028,684 | ---- | M] ()
ISSCH.EXE-3AC1D446.pf -> C:\WINDOWS\Prefetch\ISSCH.EXE -> [2009/01/01 10:19:39 | 00,005,232 | ---- | M] ()
JAVA.EXE-32FD225F.pf -> C:\WINDOWS\Prefetch\JAVA.EXE -> [2009/01/01 16:14:49 | 00,059,816 | ---- | M] ()
layout.ini -> C:\WINDOWS\Prefetch\layout.ini -> [2009/01/01 14:56:55 | 00,201,804 | ---- | M] ()
LOGONUI.EXE-312BE1BF.pf -> C:\WINDOWS\Prefetch\LOGONUI.EXE -> [2009/01/01 15:35:04 | 00,026,058 | ---- | M] ()
LS.EXE-0948BFCF.pf -> C:\WINDOWS\Prefetch\LS.EXE -> [2009/01/01 16:09:32 | 00,004,310 | ---- | M] ()
MBAM.EXE-0D37CDF0.pf -> C:\WINDOWS\Prefetch\MBAM.EXE -> [2009/01/01 14:36:12 | 00,083,552 | ---- | M] ()
MCINFO.EXE-39905246.pf -> C:\WINDOWS\Prefetch\MCINFO.EXE -> [2009/01/01 14:11:23 | 00,067,600 | ---- | M] ()
MCSHELL.EXE-2F37D2E6.pf -> C:\WINDOWS\Prefetch\MCSHELL.EXE -> [2009/01/01 16:10:00 | 00,063,128 | ---- | M] ()
MCSVRCNT.EXE-12D57BDF.pf -> C:\WINDOWS\Prefetch\MCSVRCNT.EXE -> [2009/01/01 14:11:35 | 00,048,916 | ---- | M] ()
MCSYNC.EXE-08959A8A.pf -> C:\WINDOWS\Prefetch\MCSYNC.EXE -> [2009/01/01 14:11:24 | 00,037,256 | ---- | M] ()
MCSYSMON.EXE-045A2ADD.pf -> C:\WINDOWS\Prefetch\MCSYSMON.EXE -> [2009/01/01 16:07:49 | 00,072,198 | ---- | M] ()
MCUIMGR.EXE-05B9316A.pf -> C:\WINDOWS\Prefetch\MCUIMGR.EXE -> [2009/01/01 16:22:41 | 00,039,694 | ---- | M] ()
MCUPDATE.EXE-1F02B9C6.pf -> C:\WINDOWS\Prefetch\MCUPDATE.EXE -> [2009/01/01 14:11:25 | 00,071,658 | ---- | M] ()
MCUPDMGR.EXE-1FFDEF42.pf -> C:\WINDOWS\Prefetch\MCUPDMGR.EXE -> [2009/01/01 14:11:26 | 00,070,518 | ---- | M] ()
MCVSMAP.EXE-01348CE1.pf -> C:\WINDOWS\Prefetch\MCVSMAP.EXE -> [2009/01/01 16:23:58 | 00,022,894 | ---- | M] ()
MCVSSHLD.EXE-213DD10B.pf -> C:\WINDOWS\Prefetch\MCVSSHLD.EXE -> [2009/01/01 16:23:36 | 00,019,636 | ---- | M] ()
MSKAGENT.EXE-180ABA5C.pf -> C:\WINDOWS\Prefetch\MSKAGENT.EXE -> [2009/01/01 16:10:30 | 00,021,168 | ---- | M] ()
MSMSGS.EXE-0620E8B3.pf -> C:\WINDOWS\Prefetch\MSMSGS.EXE -> [2009/01/01 16:09:59 | 00,012,624 | ---- | M] ()
NOTEPAD.EXE-2F2D61E1.pf -> C:\WINDOWS\Prefetch\NOTEPAD.EXE -> [2009/01/01 16:10:53 | 00,019,248 | ---- | M] ()
NTOSBOOT-B00DFAAD.pf -> C:\WINDOWS\Prefetch\NTOSBOOT-B00DFAAD.pf -> [2009/01/01 16:07:16 | 00,766,210 | ---- | M] ()
OTSCANIT2.EXE-281D149B.pf -> C:\WINDOWS\Prefetch\OTSCANIT2.EXE -> [2009/01/01 16:14:34 | 00,014,702 | ---- | M] ()
OTSCANIT2.EXE-3561650E.pf -> C:\WINDOWS\Prefetch\OTSCANIT2.EXE -> [2009/01/01 16:16:34 | 00,023,942 | ---- | M] ()
POWERPNT.EXE-2EEF88AA.pf -> C:\WINDOWS\Prefetch\POWERPNT.EXE -> [2009/01/01 15:07:07 | 00,086,298 | ---- | M] ()
QCCONSOL.EXE-0D6EA6D3.pf -> C:\WINDOWS\Prefetch\QCCONSOL.EXE -> [2009/01/01 01:00:11 | 00,017,708 | ---- | M] ()
QTTASK.EXE-1876A1A1.pf -> C:\WINDOWS\Prefetch\QTTASK.EXE -> [2009/01/01 16:09:43 | 00,008,162 | ---- | M] ()
READER_SL.EXE-2FCCA463.pf -> C:\WINDOWS\Prefetch\READER_SL.EXE -> [2009/01/01 16:10:07 | 00,012,900 | ---- | M] ()
REALPLAY.EXE-05411014.pf -> C:\WINDOWS\Prefetch\REALPLAY.EXE -> [2009/01/01 10:19:37 | 00,018,568 | ---- | M] ()
RTSDNIF.EXE-2CC68BED.pf -> C:\WINDOWS\Prefetch\RTSDNIF.EXE -> [2009/01/01 16:08:51 | 00,005,364 | ---- | M] ()
RUNDLL32.EXE-5645E36A.pf -> C:\WINDOWS\Prefetch\RUNDLL32.EXE -> [2009/01/01 14:33:00 | 00,058,322 | ---- | M] ()
SCANNINGPROCESS.EXE-1BD432B8.pf -> C:\WINDOWS\Prefetch\SCANNINGPROCESS.EXE -> [2008/12/31 23:38:59 | 00,042,280 | ---- | M] ()
SQLMANGR.EXE-19670CF9.pf -> C:\WINDOWS\Prefetch\SQLMANGR.EXE -> [2009/01/01 16:10:09 | 00,027,686 | ---- | M] ()
SWSC.EXE-2AC498C6.pf -> C:\WINDOWS\Prefetch\SWSC.EXE -> [2009/01/01 16:08:54 | 00,007,200 | ---- | M] ()
TASKMGR.EXE-06144C13.pf -> C:\WINDOWS\Prefetch\TASKMGR.EXE -> [2009/01/01 16:14:54 | 00,020,084 | ---- | M] ()
TFSWCTRL.EXE-2D67C816.pf -> C:\WINDOWS\Prefetch\TFSWCTRL.EXE -> [2009/01/01 10:19:38 | 00,014,722 | ---- | M] ()
UNINSTALL.EXE-24CBADC2.pf -> C:\WINDOWS\Prefetch\UNINSTALL.EXE -> [2009/01/01 14:33:50 | 00,013,342 | ---- | M] ()
UNINSTALLFIREFOX.EXE-38E49035.pf -> C:\WINDOWS\Prefetch\UNINSTALLFIREFOX.EXE -> [2009/01/01 14:33:50 | 00,012,036 | ---- | M] ()
VERCLSID.EXE-28F52AD2.pf -> C:\WINDOWS\Prefetch\VERCLSID.EXE -> [2009/01/01 16:09:38 | 00,015,850 | ---- | M] ()
WINWORD.EXE-33AEA629.pf -> C:\WINDOWS\Prefetch\WINWORD.EXE -> [2009/01/01 10:24:26 | 00,066,314 | ---- | M] ()
WMIPRVSE.EXE-0D449B4F.pf -> C:\WINDOWS\Prefetch\WMIPRVSE.EXE -> [2009/01/01 14:10:35 | 00,077,054 | ---- | M] ()
WUAUCLT.EXE-1360D60A.pf -> C:\WINDOWS\Prefetch\WUAUCLT.EXE -> [2009/01/01 16:07:17 | 00,051,776 | ---- | M] ()
ZIP.EXE-215D1C66.pf -> C:\WINDOWS\Prefetch\ZIP.EXE -> [2009/01/01 16:09:31 | 00,005,644 | ---- | M] ()
< %systemroot%\system32\drivers\*.dat >
< %systemroot%\Temp\bca4e2da.$$$ >
< %systemroot%\Temp\ed47fa.$ >
< %systemroot%\Temp\fa56d7ec.$$$ >
< %systemroot%\System32\antiwpa.dll >
< %PROGRAMFILES%\*crack*. >
Program Files -> C:\Program Files -> [2008/12/31 09:11:33 | 00,000,000 | R--D | M]
< %PROGRAMFILES%\*keygen*. >
Program Files -> C:\Program Files -> [2008/12/31 09:11:33 | 00,000,000 | R--D | M]
< %SYSTEMDRIVE%\*crack*. >
OTScanIt2 -> C: -> [2009/01/01 16:25:14 | 00,000,000 | ---D | M]
< %SYSTEMDRIVE%\*keygen*. >
OTScanIt2 -> C: -> [2009/01/01 16:25:14 | 00,000,000 | ---D | M]
< %SYSTEMDRIVE%\*.zip >
< %SYSTEMDRIVE%\*.rar >
< %SYSTEMDRIVE%\*.exe >
< %SYSTEMDRIVE%\*.dll >
< %systemroot%\*.zip >
< %systemroot%\*.rar >
< %systemroot%\system32\*.zip >
< %systemroot%\system32\*.rar >
< %PROGRAMFILES%\*.zip >
< %PROGRAMFILES%\*.rar >
< %PROGRAMFILES%\*.exe >
< %PROGRAMFILES%\*.dll >
Invalid Environment Variable: DESKTOP
Invalid Environment Variable: DESKTOP
Invalid Environment Variable: DESKTOP
< %PROGRAMFILES%\Common Files\*.* >
< %PROGRAMFILES%\Common Files\*bak*. >
Common Files -> C:\Program Files\Common Files -> [2008/12/31 13:17:53 | 00,000,000 | ---D | M]
< %systemroot%\SYSTEM32\*bak*. >
1 C:\WINDOWS\SYSTEM32\*.tmp files -> C:\WINDOWS\SYSTEM32\*.tmp ->
system32 -> C:\WINDOWS\SYSTEM32 -> [2008/12/31 13:21:03 | 00,000,000 | ---D | M]
< %PROGRAMFILES%\*bak*. >
Program Files -> C:\Program Files -> [2008/12/31 09:11:33 | 00,000,000 | R--D | M]
< %USERNAME%\*.zip >
< %USERNAME%\*.rar >
< %USERNAME%\*.exe >
< %USERPROFILE%\*.zip >
< %USERPROFILE%\*.rar >
< %USERPROFILE%\*.exe >
< %ALLUSERSPROFILE%\*.zip >
< %ALLUSERSPROFILE%\*.rar >
< %ALLUSERSPROFILE%\*.exe >
< %APPDATA%\*.zip >
< %APPDATA%\*.rar >
< %APPDATA%\*.exe >
Invalid Environment Variable: ALLUSERSSTARTMENU
Invalid Environment Variable: ALLUSERSSTARTMENU
Invalid Environment Variable: ALLUSERSSTARTMENU
Invalid Environment Variable: ALLUSERSSTARTUP
Invalid Environment Variable: ALLUSERSSTARTUP
Invalid Environment Variable: ALLUSERSSTARTUP
Invalid Environment Variable: ALLUSERSPROGRAMS
Invalid Environment Variable: ALLUSERSPROGRAMS
Invalid Environment Variable: ALLUSERSPROGRAMS
Invalid Environment Variable: ALLUSERSAPPDATA
Invalid Environment Variable: ALLUSERSAPPDATA
Invalid Environment Variable: ALLUSERSAPPDATA
< %APPDATA%\*.zip >
< %APPDATA%\*.rar >
< %APPDATA%\*.exe >
< %APPDATA%\*.dat >
< %APPDATA%\*.dll >
Invalid Environment Variable: QUICKLAUNCH
Invalid Environment Variable: QUICKLAUNCH
Invalid Environment Variable: QUICKLAUNCH
Invalid Environment Variable: STARTUP
Invalid Environment Variable: STARTUP
Invalid Environment Variable: STARTUP
Invalid Environment Variable: STARTMENU
Invalid Environment Variable: STARTMENU
Invalid Environment Variable: STARTMENU
Invalid Environment Variable: MYDOCUMENTS
Invalid Environment Variable: MYDOCUMENTS
Invalid Environment Variable: MYDOCUMENTS
< %PROGRAMFILES%\Mozilla Firefox\plugins\*.* >
C:\Program Files\Mozilla Firefox\plugins\ -> C:\Program Files\Mozilla Firefox\plugins -> [2008/12/31 13:00:27 | 00,000,000 | ---D | M]
npdeploytk.dll -> C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll -> [2008/12/31 13:00:06 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.)
nppdf32.dll -> C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll -> [2003/05/15 01:01:48 | 00,133,376 | ---- | M] (Adobe Systems Inc.)
npqtplugin.dll -> C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll -> [2008/12/30 11:59:43 | 00,143,360 | ---- | M] (Apple Inc.)
npqtplugin2.dll -> C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll -> [2008/12/30 11:59:43 | 00,143,360 | ---- | M] (Apple Inc.)
npqtplugin3.dll -> C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll -> [2008/12/30 11:59:43 | 00,143,360 | ---- | M] (Apple Inc.)
npqtplugin4.dll -> C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll -> [2008/12/30 11:59:43 | 00,143,360 | ---- | M] (Apple Inc.)
npqtplugin5.dll -> C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll -> [2008/12/30 11:59:43 | 00,143,360 | ---- | M] (Apple Inc.)
npqtplugin6.dll -> C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll -> [2008/12/30 11:59:43 | 00,143,360 | ---- | M] (Apple Inc.)
npqtplugin7.dll -> C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll -> [2008/12/30 11:59:44 | 00,143,360 | ---- | M] (Apple Inc.)
QuickTimePlugin.class -> C:\Program Files\Mozilla Firefox\plugins\QuickTimePlugin.cla -> [2008/12/30 11:59:43 | 00,004,208 | ---- | M] ()
< %PROGRAMFILES%\Internet Explorer\*.* >
C:\Program Files\Internet Explorer\ -> C:\Program Files\Internet Explorer -> [2008/12/13 01:04:37 | 00,000,000 | ---D | M]
custsat.dll -> C:\Program Files\Internet Explorer\custsat.dll -> [2006/11/07 21:03:36 | 00,033,792 | ---- | M] (Microsoft Corporation)
hmmapi.dll -> C:\Program Files\Internet Explorer\hmmapi.dll -> [2006/10/17 11:44:36 | 00,060,416 | ---- | M] (Microsoft Corporation)
iedw.exe -> C:\Program Files\Internet Explorer\iedw.exe -> [2006/10/17 12:04:50 | 00,069,120 | ---- | M] (Microsoft Corporation)
ieproxy.dll -> C:\Program Files\Internet Explorer\ieproxy.dll -> [2006/11/07 21:03:36 | 00,287,744 | ---- | M] (Microsoft Corporation)
iexplore.exe -> C:\Program Files\Internet Explorer\iexplore.exe -> [2008/10/15 07:06:26 | 00,633,632 | ---- | M] (Microsoft Corporation)
< %PROGRAMFILES%\Mozilla Firefox\*.zip /s >
< %PROGRAMFILES%\Mozilla Firefox\*.rar /s >
< %PROGRAMFILES%\Mozilla Firefox\*.exe /s >
C:\Program Files\Mozilla Firefox\uninstall\ -> C:\Program Files\Mozilla Firefox\uninstall -> [2009/01/01 14:33:43 | 00,000,000 | ---D | M]
UninstallFirefox.exe -> C:\Program Files\Mozilla Firefox\uninstall\UninstallFirefox.exe -> [2005/11/10 17:58:20 | 00,099,965 | ---- | M] ()
< %PROGRAMFILES%\Internet Explorer\*.zip /s >
< %PROGRAMFILES%\Internet Explorer\*.rar /s >
< %PROGRAMFILES%\Internet Explorer\*.exe /s >
C:\Program Files\Internet Explorer\ -> C:\Program Files\Internet Explorer -> [2008/12/13 01:04:37 | 00,000,000 | ---D | M]
iedw.exe -> C:\Program Files\Internet Explorer\iedw.exe -> [2006/10/17 12:04:50 | 00,069,120 | ---- | M] (Microsoft Corporation)
iexplore.exe -> C:\Program Files\Internet Explorer\iexplore.exe -> [2008/10/15 07:06:26 | 00,633,632 | ---- | M] (Microsoft Corporation)
C:\Program Files\Internet Explorer\Connection Wizard\ -> C:\Program Files\Internet Explorer\Connection Wizard -> [2008/10/09 20:38:21 | 00,000,000 | ---D | M]
icwconn1.exe -> C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe -> [2008/04/14 00:12:22 | 00,214,528 | ---- | M] (Microsoft Corporation)
icwconn2.exe -> C:\Program Files\Internet Explorer\Connection Wizard\icwconn2.exe -> [2008/04/14 00:12:22 | 00,086,016 | ---- | M] (Microsoft Corporation)
icwrmind.exe -> C:\Program Files\Internet Explorer\Connection Wizard\icwrmind.exe -> [2008/04/14 00:12:22 | 00,024,576 | ---- | M] (Microsoft Corporation)
icwtutor.exe -> C:\Program Files\Internet Explorer\Connection Wizard\icwtutor.exe -> [2004/08/04 05:00:00 | 00,073,728 | ---- | M] (Microsoft Corporation)
inetwiz.exe -> C:\Program Files\Internet Explorer\Connection Wizard\inetwiz.exe -> [2008/04/14 00:12:22 | 00,020,480 | ---- | M] (Microsoft Corporation)
isignup.exe -> C:\Program Files\Internet Explorer\Connection Wizard\isignup.exe -> [2004/08/04 05:00:00 | 00,016,384 | ---- | M] (Microsoft Corporation)
< %SYSTEMDRIVE%\*.dat >
< %SYSTEMDRIVE%\*.sys >
C:\ -> -> [2009/01/01 16:25:14 | 00,000,000 | ---D | M]
CONFIG.SYS -> C:\CONFIG.SYS -> [2004/08/11 17:15:00 | 00,000,000 | ---- | M] ()
hiberfil.sys -> C:\hiberfil.sys -> [2009/01/01 16:05:07 | 10,731,80672 | -HS- | M] ()
IO.SYS -> C:\IO.SYS -> [2004/08/11 17:15:00 | 00,000,000 | -H-- | M] ()
MSDOS.SYS -> C:\MSDOS.SYS -> [2004/08/11 17:15:00 | 00,000,000 | -H-- | M] ()
pagefile.sys -> C:\pagefile.sys -> [2009/01/01 16:05:05 | 16,106,12736 | -HS- | M] ()
< %SYSTEMROOT%\*.dat >
C:\WINDOWS\ -> C:\WINDOWS -> [2009/01/01 15:36:12 | 00,000,000 | ---D | M]
bootstat.dat -> C:\WINDOWS\bootstat.dat -> [2009/01/01 16:05:11 | 00,002,048 | --S- | M] ()
mozver.dat -> C:\WINDOWS\mozver.dat -> [2005/11/10 17:58:20 | 00,003,137 | ---- | M] ()
nsreg.dat -> C:\WINDOWS\nsreg.dat -> [2005/11/10 17:49:39 | 00,000,335 | ---- | M] ()
1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp ->
< %SYSTEMROOT%\*.sys >
< %systemroot%\system32\drivers\*.exe /s >
< %systemroot%\system32\drivers\*.zip /s >
< %systemroot%\system32\drivers\*.rar /s >
< %systemroot%\system\*.exe /s >
< %systemroot%\system\*.zip /s >
< %systemroot%\system\*.rar /s >
< %systemroot%\AppPatch\*.exe /s >
< %systemroot%\AppPatch\*.zip /s >
< %systemroot%\AppPatch\*.rar /s >
< %systemroot%\Cache\*.* >
< %systemroot%\Downloaded Program Files\*.* >
C:\WINDOWS\Downloaded Program Files\ -> C:\WINDOWS\Downloaded Program Files -> [2008/07/08 19:52:18 | 00,000,000 | --SD | M]
desktop.ini -> C:\WINDOWS\Downloaded Program Files\desktop.ini -> [2004/08/11 17:13:34 | 00,000,065 | -H-- | M] ()
DownloadManagerV2.inf -> C:\WINDOWS\Downloaded Program Files\DownloadManagerV2.inf -> [2007/06/22 06:30:24 | 00,000,251 | ---- | M] ()
DownloadManagerV2.ocx -> C:\WINDOWS\Downloaded Program Files\DownloadManagerV2.ocx -> [2007/06/22 06:31:26 | 00,512,000 | ---- | M] ()
dwusplay.dll -> C:\WINDOWS\Downloaded Program Files\dwusplay.dll -> [2002/07/25 18:13:18 | 00,024,576 | ---- | M] ()
dwusplay.exe -> C:\WINDOWS\Downloaded Program Files\dwusplay.exe -> [2002/07/25 18:13:12 | 00,196,608 | ---- | M] ()
isusweb.dll -> C:\WINDOWS\Downloaded Program Files\isusweb.dll -> [2004/07/27 16:48:52 | 00,323,584 | ---- | M] ()
SnapfishActivia1000.inf -> C:\WINDOWS\Downloaded Program Files\SnapfishActivia1000.inf -> [2005/06/03 12:24:32 | 00,000,395 | ---- | M] ()
SnapfishActivia1000.ocx -> C:\WINDOWS\Downloaded Program Files\SnapfishActivia1000.ocx -> [2005/06/03 12:24:32 | 00,286,720 | ---- | M] ()
TraderMediaX.ocx -> C:\WINDOWS\Downloaded Program Files\TraderMediaX.ocx -> [2005/11/01 11:40:20 | 01,141,760 | ---- | M] ()
wficat.inf -> C:\WINDOWS\Downloaded Program Files\wficat.inf -> [2006/05/02 18:24:46 | 00,026,661 | ---- | M] ()
< %systemroot%\Fonts\*.exe /s >
< %systemroot%\Fonts\*.zip /s >
< %systemroot%\Fonts\*.rar /s >
< %systemroot%\Fonts\*.dll /s >
< %systemroot%\Help\*.exe /s >
C:\WINDOWS\Help\SBSI\Training\ -> C:\WINDOWS\Help\SBSI\Training -> [2007/02/16 08:18:36 | 00,000,000 | ---D | M]
orun32.exe -> C:\WINDOWS\Help\SBSI\Training\orun32.exe -> [2006/08/21 15:57:14 | 01,077,321 | ---- | M] (Microsoft Corporation)
ounins32_s.exe -> C:\WINDOWS\Help\SBSI\Training\ounins32_s.exe -> [2001/06/11 17:19:04 | 00,233,472 | ---- | M] (Microsoft and LearnIT Corporation)
usersid.exe -> C:\WINDOWS\Help\SBSI\Training\usersid.exe -> [2001/11/07 12:28:32 | 00,049,152 | ---- | M] ()
C:\WINDOWS\Help\Tours\mmTour\ -> C:\WINDOWS\Help\Tours\mmTour -> [2004/08/11 17:02:12 | 00,000,000 | ---D | M]
tour.exe -> C:\WINDOWS\Help\Tours\mmTour\tour.exe -> [2004/08/04 05:00:00 | 03,374,640 | ---- | M] (Macromedia, Inc.)
< %systemroot%\Help\*.zip /s >
< %systemroot%\Help\*.rar /s >
< %systemroot%\Tasks\*.* >
C:\WINDOWS\Tasks\ -> C:\WINDOWS\Tasks -> [2008/12/30 11:58:18 | 00,000,000 | --SD | M]
AppleSoftwareUpdate.job -> C:\WINDOWS\Tasks\AppleSoftwareUpdate.job -> [2008/12/30 11:58:19 | 00,000,284 | ---- | M] ()
desktop.ini -> C:\WINDOWS\Tasks\desktop.ini -> [2004/08/04 05:00:00 | 00,000,065 | RH-- | M] ()
McDefragTask.job -> C:\WINDOWS\Tasks\McDefragTask.job -> [2008/12/15 01:53:24 | 00,000,346 | ---- | M] ()
McQcTask.job -> C:\WINDOWS\Tasks\McQcTask.job -> [2009/01/01 01:01:51 | 00,000,348 | ---- | M] ()
SA.DAT -> C:\WINDOWS\Tasks\SA.DAT -> [2009/01/01 16:05:14 | 00,000,006 | -H-- | M] ()
< %APPDATA%\*.sys >
< %systemroot%\system32\serauth1.dll >
< %systemroot%\system32\serauth2.dll >
< %systemroot%\system32\sysaudio.sys >
< %PROGRAMFILES%\*TinyProxy*. >
Program Files -> C:\Program Files -> [2008/12/31 09:11:33 | 00,000,000 | R--D | M]
< %PROGRAMFILES%\Bitlord\Downloads\*.zip /s >
< %PROGRAMFILES%\Bitlord\Downloads\*.rar /s >
< %PROGRAMFILES%\Bitlord\Downloads\*.exe /s >
< %PROGRAMFILES%\Bitlord\Downloads\*crack*. >
< %PROGRAMFILES%\Bitlord\Downloads\*keygen*. >
< %PROGRAMFILES%\eMule\Incoming\*.zip /s >
< %PROGRAMFILES%\eMule\Incoming\*.rar /s >
< %PROGRAMFILES%\eMule\Incoming\*.exe /s >
< %PROGRAMFILES%\eMule\Incoming\*crack*. >
< %PROGRAMFILES%\eMule\Incoming\*keygen*. >
< HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla|extensions /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45} -> %ProgramFiles%\McAfee\SiteAdvisor [C:\PROGRAM FILES\MCAFEE\SITEADVISOR] -> [2008/12/31 00:24:55 | 00,000,000 | ---D | M]
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\\jqs@sun.com -> %ProgramFiles%\Java\jre6\lib\deploy\jqs\ff [C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF] -> [2008/12/31 13:00:08 | 00,000,000 | ---D | M]
< End of report >
[/code]

(Phew!), My router is a DrayTek Vigor 2600ve (from what I can see from its labelling).


Report •

#18
January 1, 2009 at 10:05:48
Power the router down again for at least 30 seconds then reconnect and see if you still get the redirects.

Report •

#19
January 1, 2009 at 10:51:51

We may have to use another method to delete these.

Open Notepad and copy/paste everything between the X's into it and make sure the first word (such as KILLALL, Or File, etc.) is at the very top of the page.
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
KILLALL::
File::
C:\Windows\system32\serauth1.dll
C:\Windows\system32\serauth2.dll
C:\Windows\system32\sysaudio.sys
C:\ Program Files\tinyproxy\tinyproxy.exe

Folder::
C:\Program Files\tinyproxy

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Go to File on the top bar and choose" Save As", Change the "Save As Type" to All Files, Name it CFScript.txt then save it to your desktop.
Then drag/drop the CFScript.txt onto ComboFix.exe (the red symbol on your desktop) if combofix does not auto start click "run".

Do a manual search for tinyproxy and let us know if the redirects stopped.


Report •

#20
January 2, 2009 at 07:32:35
No effect I'm afraid.
If so many people are affected Google must be onto it. They must be losing revenue as everyone switches to another search engine, so that should be enough of an incentive for them to sort it out.
Anything else worth trying?

Report •

#21
January 2, 2009 at 08:07:03
And the baddies are getting harder to find. If I was Google I would sue someone unless of course it was Google.

Please download “Avenger” by swandog46 to your desktop from this link http://swandog46.geekstogo.com/avenger.zip

1. Click on Avenger.zip to open the file
Extract avenger.exe to your desktop

Copy all the text contained in the code box below between the X's to your Clipboard by highlighting it and pressing (Ctrl+C):
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Drivers to delete:
sysaudio

Files to delete:
C:\Windows\system32\serauth1.dll
C:\Windows\system32\serauth2.dll
C:\Windows\system32\sysaudio.sys
C:\ Program Files\tinyproxy\tinyproxy.exe

Folders to delete:
C:\ Program Files\tinyproxy

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

Now, start The Avenger program by clicking on its icon on your desktop.
Click in the window labeled Input Scrupt Here and paste the text copied to the clipboard into it by pressing (Ctrl+V).
Click the Execute button
Answer "Yes" twice when prompted.

The Avenger will automatically do the following:
It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
On reboot, it will briefly open a black command window on your desktop, this is normal.
After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.


Report •

#22
January 2, 2009 at 08:12:28
If the last post was not successful run this scan, it may have changed its name.

Download Dr.Web CureIt to the desktop from the following link.

Drweb-Cureit

You should print out these instructions, or copy them to a Notepad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

Please reboot your computer into Safe Mode. To boot into Safe Mode, please restart your computer. Tap F8 before Windows loads. Select Safe Mode at the top, on the screen that appears. Sign in with your normal user account.

Run Dr.Web CureIt as follows:


1. Doubleclick the drweb-cureit.exe file and 2. Allow to run the express scan
3. This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
4. Once the short scan has finished, mark the drives that you want to scan.
5. Select all drives. A red dot shows which drives have been chosen.
6. Click the green arrow at the right, and the scan will start.
7. Click 'Yes to all' if it asks if you want to cure/move the file.
8. When the scan has finished, look if you can click next icon next to the files found:
9. If so, click it and then click the next icon right below and select Move incurable.
10. This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
11. After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list.
Save the report to your desktop. The report will be called DrWeb.csv
12. Close Dr.Web Cureit.
13. Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
14. After reboot, post the contents of the log from Dr.Web you saved previously in your next reply. You can use Notepad to open the DrWeb.cvs report.


Report •

#23
January 3, 2009 at 01:27:39
Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

Driver "sysaudio" deleted successfully.

Error: file "C:\Windows\system32\serauth1.dll" not found!
Deletion of file "C:\Windows\system32\serauth1.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\Windows\system32\serauth2.dll" not found!
Deletion of file "C:\Windows\system32\serauth2.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\Windows\system32\sysaudio.sys" not found!
Deletion of file "C:\Windows\system32\sysaudio.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: could not open file "C:\ Program Files\tinyproxy\tinyproxy.exe"
Deletion of file "C:\ Program Files\tinyproxy\tinyproxy.exe" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist


Error: could not open folder "C:\ Program Files\tinyproxy"
Deletion of folder "C:\ Program Files\tinyproxy" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist


Completed script processing.

*******************

Finished! Terminate.


Tried DrWeb...found nothing on express scan.


Report •

#24
January 3, 2009 at 10:18:09
This looks for firefox probelms.

Please download GooredFix and save it to your Desktop. Double-click Goored.exe to run it. Select 1. Find Goored (no fix) by typing 1 and pressing Enter. A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called Goored.txt). Note: Do not run Option #2 yet.


Report •

#25
January 3, 2009 at 17:44:10
Hi, here is the log:
GooredFix v1.6 by jpshortstuff
Log created at 01:42 on 04/01/2009 running Option #1
Firefox version [Unable to determine]

=====Suspect Goored Entries=====

=====Dumping Registry Values=====

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"jqs@sun.com"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"{B7082FAA-CB62-4872-9106-E42DD88EDE45}"="C:\Program Files\McAfee\SiteAdvisor"


Report •

#26
January 3, 2009 at 19:09:30
Well that narrows it down to one registry entry I believe. But need to see the contents of the below key.

Go to start> run> type in cmd.

This opens a command prompt. Type in this line at the blibking cusor, all of it.

reg query "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\drivers32" >> C:\look.txt

There is a space after these that must be there:


reg
query
drivers32"
>>

Then press enter and wait about 10 seconds.

Next go to start> my computer> Local Disk:(C)> scroll down and look for a text file named look

Copy the contents and post it please.


Report •

#27
January 4, 2009 at 01:39:15
Unfortunately, it could not find this registry key.
I typed in everything as directed (spaces included).

Report •

#28
January 4, 2009 at 08:03:25
Open Notepad and copy/paste everything between the X's into it and make sure the first word (such as KILLALL, Or File, etc.) is at the very top of the page.
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
KILLALL::
File::
C:\Windows\System32\wdmaud.sys

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Go to File on the top bar and choose" Save As", Change the "Save As Type" to All Files, Name it CFScript.txt then save it to your desktop.
Then drag/drop the CFScript.txt onto ComboFix.exe (the red symbol on your desktop) if combofix does not auto start click "run".

Open notepad (Start Menu > Run > Type notepad and press "ok".

Copy and paste everything into notepad between the x's making regedit4 the top line.
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"aux"="wdmaud.drv"


XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

Go to File on the top bar and choose" Save As", Change the "Save As Type" to All Files, Name it Fix.reg then save it to your desktop.

Double click Fix.reg (or right click and choose Merge) and it will ask if you want to merge the contents into the registry, choose Yes.

Let me know if the redirects subsided.


Report •

#29
January 4, 2009 at 15:52:21
Fantastic!! This actually worked - no more redirects. Is the virus gone?
I am really grateful for all your help. First class service!

Report •

#30
January 4, 2009 at 16:26:34
Yes it appears to be gone. You need to reset your router if you have one.

Empty the restore folder. Go to start> control panel> system> system restore tab> check the box beside "turn off system restore> apply (takes a minute)>ok. Go back and uncheck the box to turn system restore back on>apply>ok.


Download ATF Cleaner from this link:
http://www.majorgeeks.com/ATF_Cleaner_d4949.html
Run ATF-Cleaner
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

Navigate to and delete this folder:

C:\SDFix

Delete OTScanIT2 and DR. Web Cureit from your desktop.

Empty the recycle bin.

Go to start> run> type in combofix /u (note the space after combofix) then press enter> run. This will uninstall combofix so give the uninstaller a minute to run.

Go to start> control panel> add/remove programs and uninstall these programs:

Hijack This

Malwarebytes


You should keep AFT Cleaner and run it weekly.


You should consider adding "Spywareblaster" to your arsenol of antispyware tools, you can download it from this link Spywareblaster

Just download it,install it, and update it. Its free and runs in the background, so you don't actually run it, and re-writes malicious script before it can install on your computer. Look for updates weekly as there is no auto-update on the free version.

How is the computer operating?


Report •

#31
January 5, 2009 at 13:05:49
I have removed the programs you mentioned, but what about GooredFix and Avenger?

Also, how I do manually update Spywareblaster?

My computer runs as it always did, just that little bit slow, but over the past few days I've had worse, so I'm good!


Report •

#32
January 5, 2009 at 17:51:22
You can delete those as well. Just delete their desktop icons.

Click the spywareblaster icon on your desktop> updates> check for updates> once they download click the blue writing that tells you how many update items you received and they will install. Should be 11,198 items you are protected against.


Report •

#33
January 6, 2009 at 14:51:12
All done.
My personal thanks to you Jabuck, your advice has been invaluable.
Thank you.

Report •

#34
January 6, 2009 at 16:33:20
Glad we can help.

Report •


Ask Question