News: Cexx forums, with volunteers dedicated to helping you remove malware and stay protected
 
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
May 23, 2013, 17:51:28
linktree cexx.org - Support Forums  >  Spyware-Related Stuff  >  Spyware - Help!
linktree Topic: web-analytics, but blocks any malware download or forum pages
Pages: [1]   Go Down
« previous next »
  Print  
Topic: web-analytics, but blocks any malware download or forum pages  (Read 2567 times)
0 Members and 1 Guest are viewing this topic.
« on: October 27, 2008, 12:26:40 »
vemendez Offline
Newbie

 *

Karma: 0
Posts: 10
Hello,

I have a web-analytics google infection that redirects my searches.  But it also will not let me update my Spy-Bot or Ad-aware files, or go to any forum pages that are obvious (cexx is not !).

I have HijackThis, but have been unable to download Malwarebytes' Anti-Malware due to it blocking any download page with that name on it.

I would appreciate some help.

Thanks !

vemendez
Logged
« Reply #1 on: October 30, 2008, 15:29:48 »
Malware Scum, Die! 		TeMerc Offline
Countermeasures Leader
Administrator WWW
Karma: 66
Posts: 6145
Hi and welcome to Cexx forums, sorry for the delay in a reply.

Your machine is be blocked likely via a hosts file alteration.

Be sure all browsers are closed, then open up HJT:
  • And click the button.
  • Then click the button in the lower right hand of the program.
  • Once at the 'Configuration' screen, hit the [Open Hosts File Manager] button.
  • When you're at the hosts file display, select them all by using the shift and control keys or dragging your mouse over the lines you would like to interact with.
  • Then hit the ['Delete line(s)] button.
Once that's done, you ought to be able to access  any of the download sites which host MBAM.

Install, update and scan, removing everything then run HJT and post a log.
Logged

Malware Advisor Blog
Ultimate Countermeasures Page
« Reply #2 on: October 31, 2008, 09:31:38 »
vemendez Offline
Newbie

 *

Karma: 0
Posts: 10
Hi TeMerc,

Thank you for your assistance.  MBAM found and cleared 14 infections.  After running it, my google engine is not compromised anymore, but I know better than to assume the problem is resolved. Here is the HJT log. 

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:28:11 PM, on 10/31/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\hpzipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
C:\Program Files\Wave Systems Corp\SecureUpgrade.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\KADxMain.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\GPS Pathfinder Office 3.10\conmgr.exe
C:\Program Files\GPS Pathfinder Office 3.10\pfpjchgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\COMMON~1\Trimble\REMOTE~1\TRDMU.exe
C:\Program Files\SetPoint\SetPoint.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtKbd.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtBty.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Cisco Systems\VPN Client\ipseclog.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\PROGRA~1\ENDNOT~1\EndNote.exe
C:\Program Files\Adobe\Acrobat 7.0\Acrobat\Acrobat.exe
C:\DOCUME~1\UVMAFF~1\LOCALS~1\Temp\Adobelm_Cleanup.0001
C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
C:\DOCUME~1\UVMAFF~1\LOCALS~1\Temp\Adobelm_Cleanup.0001
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.netflix.com/MemberHome
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Document Manager] C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
O4 - HKLM\..\Run: [SecureUpgrade] C:\Program Files\Wave Systems Corp\SecureUpgrade.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [KADxMain] C:\WINDOWS\system32\KADxMain.exe
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [ToolBoxFX] "C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe" /enum:on /alerts:on /notifications:on /systrayIcon:on /fl:on /fr:on /appData:on
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM\..\Run: [masqform.exe] C:\Program Files\PureEdge\Viewer 6.0\masqform.exe -UpdateCurrentUser
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [PFO Check Settings] pfochk.exe
O4 - HKLM\..\Run: [hpbdfawep] C:\Program Files\HP\Dfawep\bin\hpbdfawep.exe 1
O4 - HKLM\..\Run: [TomcatStartup 2.5] C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcStd7_0_9 -reboot 1
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: GPS Pathfinder Office Connection Manager.lnk = C:\Program Files\GPS Pathfinder Office 3.10\conmgr.exe
O4 - Global Startup: GPS Pathfinder Office Project Changer.lnk = C:\Program Files\GPS Pathfinder Office 3.10\pfpjchgr.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: SetPoint.lnk = C:\Program Files\SetPoint\SetPoint.exe
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Broadcom ASF IP and SMBIOS Mailbox Monitor (ASFIPmon) - Broadcom Corporation - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\hpzipm12.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SecureStorageService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe
O23 - Service: NTRU TSS v1.2.1.12 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 15398 bytes
Logged
« Reply #3 on: October 31, 2008, 22:28:30 »
Malware Scum, Die! 		TeMerc Offline
Countermeasures Leader
Administrator WWW
Karma: 66
Posts: 6145
OK, not too much I'm seeing there tho the hosts file fix worked which is of course a good thing.

Now that we've fixed that problem download MBAM and run a scan and see what if anything it finds.

Also, lets get a scan of one file I can't find any definitive info on:
Please go to Virus Total and submit the following files for a scan. Use the [Browse] button to navigate to the proper file path as listed below.
C:\WINDOWS\system32\pfochk.exe<<<--this one

Also you should uninstall the BAE toolbar via Add\Remove look for either '''Browser Address Error Redirector'' or 'GoogleAFE'. It's not anything you really need. It just makes money for Dell\Google.

Post those file scan and MBAM log and we'll begin from there with any fixing.
Logged

Malware Advisor Blog
Ultimate Countermeasures Page
« Reply #4 on: November 01, 2008, 10:03:23 »
vemendez Offline
Newbie

 *

Karma: 0
Posts: 10
Hi TeMerc,

I could not find these files ''Browser Address Error Redirector'' or 'GoogleAFE' in add or remove programs.

Here is the Virus Total scan:

 File pfochk.exe received on 09.17.2008 18:13:22 (CET)
Current status: finished
Result: 0/35 (0.00%)
Compact Compact
Print results Print results
Antivirus    Version    Last Update    Result
AhnLab-V3    2008.9.13.0    2008.09.17    -
AntiVir    7.8.1.28    2008.09.17    -
Authentium    5.1.0.4    2008.09.17    -
Avast    4.8.1195.0    2008.09.16    -
AVG    8.0.0.161    2008.09.17    -
BitDefender    7.2    2008.09.17    -
CAT-QuickHeal    9.50    2008.09.16    -
ClamAV    0.93.1    2008.09.17    -
DrWeb    4.44.0.09170    2008.09.17    -
eSafe    7.0.17.0    2008.09.17    -
eTrust-Vet    31.6.6091    2008.09.16    -
Ewido    4.0    2008.09.17    -
F-Prot    4.4.4.56    2008.09.16    -
F-Secure    8.0.14332.0    2008.09.17    -
Fortinet    3.113.0.0    2008.09.17    -
GData    19    2008.09.17    -
Ikarus    T3.1.1.34.0    2008.09.17    -
K7AntiVirus    7.10.460    2008.09.17    -
Kaspersky    7.0.0.125    2008.09.17    -
McAfee    5385    2008.09.17    -
Microsoft    1.3903    2008.09.17    -
NOD32v2    3448    2008.09.17    -
Norman    5.80.02    2008.09.16    -
Panda    9.0.0.4    2008.09.16    -
Prevx1    V2    2008.09.17    -
Rising    20.62.22.00    2008.09.17    -
Sophos    4.33.0    2008.09.17    -
Sunbelt    3.1.1645.1    2008.09.17    -
Symantec    10    2008.09.17    -
TheHacker    6.3.0.9.084    2008.09.17    -
TrendMicro    8.700.0.1004    2008.09.17    -
VBA32    3.12.8.5    2008.09.17    -
ViRobot    2008.9.17.1379    2008.09.17    -
VirusBuster    4.5.11.0    2008.09.17    -
Webwasher-Gateway    6.6.2    2008.09.17    -
Additional information
File size: 57344 bytes
MD5...: 00ed53c86ff6d71241eab34b6bfa7302
SHA1..: 7150c8c4d38b6a7e6ce2faf4d8f1f0d8013fca61
SHA256: 11b9d4cb5c5023a770ecc9d7197ffeb73d133e9352edec18b97687ba2b0a1690
SHA512: f41ca53e3048fe679e8f546a5df446dde783732b732d666d1f3809a924302bbf
6d5a2244647a206ed7cb5f81eeec1ed4e668ff0e557ec7d50cb607d9cfb80528
PEiD..: Armadillo v1.71
TrID..: File type identification
Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x402b70
timedatestamp.....: 0x42630b96 (Mon Apr 18 01:21:26 2005)
machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x80ba 0x9000 6.20 d62774180005cce5d63d74b7a0f8ba07
.rdata 0xa000 0xc64 0x1000 4.51 450d9293d63177ff30e8a11a8d85176a
.data 0xb000 0x44c0 0x3000 1.23 8265f238ca0dce17ee04522faf1a709c

( 5 imports )
> USER32.dll: SetCursor, LoadCursorA
> SHELL32.dll: SHGetSpecialFolderLocation, SHGetPathFromIDListA, ShellExecuteExA
> ADVAPI32.dll: RegCloseKey, RegDeleteKeyA, RegCreateKeyExA, RegQueryValueExA, RegOpenKeyExA, RegEnumKeyA
> ole32.dll: CoCreateInstance, CoInitialize, CoUninitialize
> KERNEL32.dll: SetFilePointer, GetStringTypeA, GetStringTypeW, LCMapStringA, LCMapStringW, HeapReAlloc, ReadFile, SetEndOfFile, LoadLibraryA, GetProcAddress, GetOEMCP, GetTempPathA, GetFileAttributesA, SetErrorMode, FindClose, FindNextFileA, CreateDirectoryA, FindFirstFileA, SetCurrentDirectoryA, GetCurrentDirectoryA, DeleteFileA, RemoveDirectoryA, WaitForSingleObject, GetVersionExA, MultiByteToWideChar, HeapAlloc, HeapFree, GetModuleHandleA, GetStartupInfoA, GetCommandLineA, GetVersion, ExitProcess, TerminateProcess, GetCurrentProcess, HeapSize, GetModuleFileNameA, GetEnvironmentVariableA, HeapDestroy, HeapCreate, VirtualFree, VirtualAlloc, GetLastError, CloseHandle, UnhandledExceptionFilter, FreeEnvironmentStringsA, FreeEnvironmentStringsW, WideCharToMultiByte, GetEnvironmentStrings, GetEnvironmentStringsW, SetHandleCount, GetStdHandle, GetFileType, RtlUnwind, WriteFile, CreateFileA, SetStdHandle, FlushFileBuffers, GetCPInfo, GetACP

( 0 exports )

Here is the MBAM scan:

Malwarebytes' Anti-Malware 1.30
Database version: 1343
Windows 5.1.2600 Service Pack 3

11/1/2008 2:02:52 PM
mbam-log-2008-11-01 (14-02-52).txt

Scan type: Full Scan (C:\|)
Objects scanned: 140077
Time elapsed: 53 minute(s), 23 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


THANKS !
Logged
« Reply #5 on: November 01, 2008, 23:15:41 »
Malware Scum, Die! 		TeMerc Offline
Countermeasures Leader
Administrator WWW
Karma: 66
Posts: 6145
OK, to be thorough, lets poke around for more info off the system

Please download OTListIt from here.
  • Save the file to your desktop.
  • Once on the desktop double click OTListit.exe and the application will open.
  • Be sure the 'Use Whitelist' box is ticked.
  • From the 'File Ages' drop down menu, please select '7 days'
  • Then click the 'Run Scan' button.
The scan will produce 2 logs for you, one will be minimized, please post both logs here for me to review. We'll continue with additional steps if required based on the output of these logs.
Logged

Malware Advisor Blog
Ultimate Countermeasures Page
« Reply #6 on: November 02, 2008, 16:51:55 »
vemendez Offline
Newbie

 *

Karma: 0
Posts: 10
Hi TeMerc,

I will post the OTList logs in 2 posts, as they exceed the number of allowed characters.  Here is the first one.

OTListIt Extras logfile created on: 11/2/2008 7:47:07 PM - Run
OTListIt by OldTimer - Version 1.0.12.0     Folder = C:\Documents and Settings\UVM Affiliate\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1022.04 Mb Total Physical Memory | 203.59 Mb Available Physical Memory | 19.92% Memory free
2.40 Gb Paging File | 1.62 Gb Available in Paging File | 67.43% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072;
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.81 Gb Total Space | 11.17 Gb Free Space | 20.01% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: CAFETO
Current User Name: UVM Affiliate
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On
File Age = 7 Days
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = Reg Error: Value  does not exist or could not be read.] -- Reg Error: Key does not exist or could not be opened. File not found
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\IcmpSettings]
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
File not found -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe:132.198.102.0/255.255.255.0:Enabled:Symantec Antivirus
File not found -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe:132.198.0.0/255.255.0.0:Enabled:Symantec Email
[2006/11/13 12:39:34 | 00,199,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
[2006/11/13 12:39:52 | 01,289,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
[2006/11/13 12:39:54 | 04,270,888 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
[2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2007/10/02 14:48:53 | 00,020,572 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe:*:Enabled:javaw
[2008/05/21 03:37:24 | 12,844,576 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook
[2007/08/28 23:23:36 | 00,340,856 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove
[2008/05/21 04:54:40 | 01,022,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote
File not found -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe:132.198.102.0/255.255.255.0:Enabled:Symantec Antivirus
File not found -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe:132.198.0.0/255.255.0.0:Enabled:Symantec Email
[2007/07/24 15:17:08 | 00,229,376 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
[2008/02/04 14:18:34 | 19,926,824 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes
[2008/02/13 14:41:37 | 00,214,560 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer
[2006/11/13 12:39:34 | 00,199,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
[2006/11/13 12:39:52 | 01,289,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
[2006/11/13 12:39:54 | 04,270,888 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
[2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2007/09/13 12:31:38 | 22,880,040 | R--- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02DFB3FD-CF52-4183-8BCA-2A127D4888F4}" = iTunes
"{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}" = mSSO
"{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software
"{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics
"{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{1030DCDC-2425-407d-BEE1-13558B837FCA}" = HP Color LaserJet 2820/2830/2840 2.0
"{13515135-48BB-4184-8C1F-2FAE0138E200}" = TBS WMP Plug-in
"{135BA9A6-495A-4FE9-B1A1-AB4DA449CAB1}" = hppLJP2015
"{15B25E12-3E5F-4C13-A637-9EC72A55491E}" = SPSS 15.0 for Windows
"{1AD5F465-8282-4DAD-B957-E09C0B783D18}" = InstantShare
"{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}" = Adobe Shockwave Player
"{1E04F83B-2AB9-4301-9EF7-E86307F79C72}" = Google Earth
"{1F51A0CA-2BDD-474E-BB90-C7FA8EA78F52}" = ImageMixer VCD/DVD2 for OLYMPUS
"{20FBC0A0-3160-4F14-83ED-3A74BB6B8C31}" = TrayApp
"{22DE1881-9D24-4981-B5CC-EC7E9F2F4D52}" = Rhapsody Player Engine
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{24A494F3-5B5F-4183-9F7D-9CE82812C1FC}" = tsp patch
"{24BEBF2E-73F3-4599-840B-EDC612CCDD0D}" = Destinations
"{27E25625-DB51-42E6-BEB7-0C8DC878770C}" = Broadcom ASF Management Applications
"{281ECE39-F043-492B-8337-F2E546B5604A}" = PowerDVD
"{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}" = SetPoint
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{34F3FCF1-817B-4D61-B6AF-19D9486AFEA0}" = Unload
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35725FBC-A136-4A46-9F29-091759D9BB93}" = MVision
"{35748B06-FCFC-4700-8285-DAD41689E4FE}" = Broadcom TPM Driver Installer
"{3A6BE9F4-5FC8-44BB-BE7B-32A29607FEF6}" = Preboot Manager
"{3BC341BD-3736-45F0-B0E0-5664792AC528}" = HP Care Pack Core
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{4041C245-7099-4C96-9738-5EBC23827B3C}" = BufferChm
"{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}" = Bonjour
"{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}" = mHlpDell
"{4BE53DB2-C1F2-44D1-A9AB-1630BA7F2AF1}" = SolutionCenter
"{4C271126-C295-4828-A901-5910AE0C258B}" = Cisco Systems VPN Client 5.0.03.0530
"{4DA016C7-9AC2-4BA7-AD31-3EBA29BC21B1}" = Oracle Calendar
"{51AE9E42-640D-4C14-A9B6-43F64AA4E3E2}" = Document Manager Lite
"{53333479-6A52-4816-8497-5C52B67ED339}" = EMBASSY Security Setup
"{55508A44-8225-47AB-9666-1F57A5B5CE2E}" = CP_PLSBusinessFlyers
"{561D20B1-766E-4EA5-8A1D-B7357D903673}" = hppIOFiles
"{59073DF9-3D3D-4FFC-AF41-C2C268A1A31E}" = hppTooCool
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.5
"{5E55F3F1-2210-4CC9-A761-9E4B818D9FA7}" = HP Care Pack Products
"{606E5C0D-6039-42A7-988E-9D51DE773AFF}" = hppFonts
"{63DB9CCD-2B56-4217-9A3D-507AC78320CA}" = mWMI
"{644D04A2-C682-4FD5-977D-03B804C4B9C5}" = CreativeProjects
"{646A65DD-23FC-418E-B9F0-E0500FB42CB1}" = PhotoGallery
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{688EC50D-0155-4490-8DBF-686CD3B2893F}" = hppScanTo
"{69E6C13B-CF6B-47A6-B7A5-77FE82B2CB40}" = hppFonts
"{6B7E1C85-CAAB-42DD-9319-E785C2C19BB3}" = hppTLBXFX2605
"{72FECEA1-E87F-4192-89FA-D0FBF92885BB}" = ETS Upgrade
"{74E2CD0C-D4A2-11D3-95A6-0000E86CFDE5}" = SSH Secure Shell
"{74E5E862-F1FF-412B-B824-9582ED7DE84A}" = hppSendFax
"{7A178F2E-92F6-437C-A709-69685D1C0F2B}" = hppTLBXFXP2015
"{7AD25C9F-9957-4D1C-95EF-9BCD09F6D31B}" = HPSystemDiagnostics
"{7D2370AC-D8E6-4996-986A-19824F8A167C}" = Logitech QuickCam
"{7D7F2CB5-F9A4-4E86-853D-1BADD936DDAD}" = hppscan2800
"{7D974ACA-4EE5-412C-8E6A-A5B57B305727}" = ESET NOD32 Antivirus
"{8043D1B8-81AE-4597-AAA8-1E1F49D6E4DF}" = hppManuals2800
"{8186E1B9-DDC6-45B6-B9EB-C28947CBC4CF}" = Adobe Flash Player 9 ActiveX
"{829CD169-E692-48E8-9BDE-A3E8D8B65538}" = mSCfg
"{82CA0A0C-A3EC-4167-B694-909205B2EDEC}" = muvee Plugin 1.0
"{84CDF5A8-1D57-4B69-BAB6-1F11D8923375}" = SkinsHP1
"{851D5410-0851-46F0-8836-74E0D8D20196}" = hppDustDevil
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{8B2EF64A-1D1F-4AD8-91BF-7B5F1BC36E00}" = hppFaxDrv
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8BC3B99B-A6BE-4A0B-8535-B1B94BA4B1B1}" = DocProc
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders  (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{568D3883-13C8-4146-BAF7-5BC75B94391F}" =
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{93C069D4-2F86-4570-A6DF-BFABBA1E4AFD}" = hpzTLBXFX
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{9556CFD4-3F7E-4D1C-958B-759703E9CC21}" = O2Micro USB Smart Card Reader
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{9D08BA75-D917-43FD-A0C4-F81D27C61053}" = hppCLJ2605
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A28F43DA-258F-42EC-9C95-E6C9A7475670}" = hppIOFiles
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A618BB0D-8B88-45FF-83CD-783B4AE59AA0}" = NTRU TCG Software Stack
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{ABBA2EA4-740E-4052-902B-9CA70B081E3F}" = Dell Embassy Trust Suite by Wave Systems
"{AC76BA86-1033-0000-BA7E-000000000002}" = Adobe Acrobat 7.0 Standard
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
"{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}" = Apple Software Update
"{B91D3B4D-001F-4ABF-B8A5-B5A926DB63AD}" = Adobe Flash Player 9 Plugin
"{BA820A24-704B-428D-9904-71A10DAC1372}" = OLYMPUS Master
"{BCE72AED-3332-4863-9567-C5DCB9052CA2}" = Netflix Movie Viewer
"{BEF726DD-4037-4214-8C6A-E625C02D2870}" = Logitech Audio Echo Cancellation Component
"{BFD96B89-B769-4CD6-B11E-E79FFD46F067}" = QuickTime
"{C3E6DC57-473A-4424-9617-AF60BA8403C3}" = hppCLJ2800
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{C53D0627-79E7-45A0-B37C-B92A7E40F122}" = hppManuals2605
"{C99C0593-3B48-41D9-B42F-6E035B320449}" = Broadcom Management Programs
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE0C8CC5-E396-442B-A50E-D1D374A9E820}" = DocumentViewer
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{CEE2252C-4035-4B27-8EC6-0B085DD3A413}" = Dell Support 3.2.1
"{D1E829E9-88B8-47C6-A75E-0D40E2C09D50}" = Secure Update
"{D31F958E-7353-4DEB-83E8-35B02F2EE20A}" = Wave Infrastructure Installer
"{D8AB8F0C-CEEB-4A29-8EF5-219B064813F4}" = Apple Mobile Device Support
"{D9FCA292-1186-421F-8D93-9A5D272AD5D0}" = IntelliSonic Speech Enhancement
"{DEBB2986-15B0-4D28-95FA-5C966A396589}" = HPProductAssistant
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E0000600-0600-0600-0600-000000000600}" = ICS Viewer 6.0
"{E6095BEA-8C97-4342-B771-13BB72AC1D88}" = biolsp patch
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E738A392-F690-4A9D-808E-7BAF80E0B398}" = ESC Home Page Plugin
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{EA516024-D84D-41F1-814F-83175A6188F2}" = Logitech Video Enumerator
"{EC2715CE-C182-483C-84CC-81D7D914CF14}" = WebReg
"{EC84E3E6-C2D6-4DFB-81E0-448324C8FDF4}" = Security Wizards
"{ECFDD6BD-E0C0-41CC-A171-E6D6AF4C0E93}" = HP Software Update
"{EDAE4F43-833C-443B-8DB5-129F897DF3E8}" = hppWebRegMM
"{EEAFE1E5-076B-430A-96D9-B567792AFA88}" = EMBASSY Security Center
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F1802FA6-54E9-4B24-BD2A-B50866819795}" = EMBASSY Trust Suite by Wave Systems
"{F38D0F99-1BFC-47AB-AC36-8D9D43700CFB}" = hppManualsP2015
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Modem Diagnostic Tool
"{FBEC50B7-537C-4A0E-8B0B-F7A8F8BF13CE}" = upekmsi
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"{FD6C6B7F-5696-48C5-A601-2EE9E50C3D46}" = WD Firewire HID Driver
"{FE3F3C9B-2C29-4FEE-A74F-11E436729F2C}" = Scan
"{FE4BD9BD-4A26-4F39-B12C-19336204B102}" = EndNote X Volume License Edition
"3ivx MPEG-4 5.0.1 Decoder" = 3ivx MPEG-4 5.0.1 Decoder (remove only)
"5FD5E95A18EBF60A056BA7A51A2E794E4216D3DD" = Windows Driver Package - O2Micro (guardian2) SmartCardReader  (02/05/2007 1.1.3.7)
"840EF3FB8C7BFBB007E46E18F107E8CC6DD522EA" = Windows Driver Package - Dell Inc. PBADRV System  (09/25/2006 6.0.0.0)
"Adobe Acrobat 7.0 Standard" = Adobe Acrobat 7.0.9 Standard
"CCleaner" = CCleaner (remove only)
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EstimateS Win 8.00" = EstimateS Win 8.00
"GPS Pathfinder Office 3.10" = GPS Pathfinder Office 3.10
"GTK 2.0" = GTK+ Runtime 2.10.13 rev a (remove only)
"HijackThis" = HijackThis 2.0.2
"HP Color LaserJet 2605" = HP Color LaserJet 2605 Series 1.0
"HP Imaging Device Functions" = HP Imaging Device Functions 6.0
"HP LaserJet P2015" = HP LaserJet P2015 Series 1.0
"HP Photo & Imaging" = HP Image Zone 4.7
"HP Solution Center & Imaging Support Tools" = HP Solution Center and Imaging Support Tools 6.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software
"InstallShield_{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager
"InstallShield_{13515135-48BB-4184-8C1F-2FAE0138E200}" = TBS WMP Plug-in
"InstallShield_{51AE9E42-640D-4C14-A9B6-43F64AA4E3E2}" = Document Manager Lite
"InstallShield_{53333479-6A52-4816-8497-5C52B67ED339}" = EMBASSY Security Setup
"InstallShield_{72FECEA1-E87F-4192-89FA-D0FBF92885BB}" = ETS Upgrade
"InstallShield_{BA820A24-704B-428D-9904-71A10DAC1372}" = OLYMPUS Master
"InstallShield_{D1E829E9-88B8-47C6-A75E-0D40E2C09D50}" = Secure Update
"InstallShield_{E738A392-F690-4A9D-808E-7BAF80E0B398}" = ESC Home Page Plugin
"InstallShield_{EC84E3E6-C2D6-4DFB-81E0-448324C8FDF4}" = Security Wizards
"InstallShield_{EEAFE1E5-076B-430A-96D9-B567792AFA88}" = EMBASSY Security Center
"ISI ResearchSoft - Export Helper" = ISI ResearchSoft - Export Helper
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox (3.0.3)" = Mozilla Firefox (3.0.3)
"Mozilla Thunderbird (2.0.0.0)" = Mozilla Thunderbird (2.0.0.0)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"Pidgin" = Pidgin
"ProInst" = Intel(R) PROSet/Wireless Software
"PuTTY_is1" = PuTTY version 0.60
"QcDrv" = Logitech® Camera Driver
"RealPlayer 6.0" = RealPlayer
"SearchAssist" = SearchAssist
"The Great Festival Adventure DVD Demo" = Thomas & Friends - The Great Festival Adventure DVD Demo
"UVM Wallpaper Pack_is1" = UVM Wallpaper Pack 2007
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"winscp3_is1" = WinSCP 4.0.3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 10/26/2008 6:33:03 AM | Computer Name = CAFETO | Source = Broadcom ASF IP and SMBIOS Mailbox Monitor | ID = 0
Description =
 
Error - 10/26/2008 7:05:04 PM | Computer Name = CAFETO | Source = Application Error | ID = 1000
Description = Faulting application kompozer.exe, version 0.0.0.0, faulting module
 unknown, version 0.0.0.0, fault address 0x02bbfcaf.
 
Error - 10/26/2008 9:47:53 PM | Computer Name = CAFETO | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
 processing.  HRESULT was 8007043C from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
  Please contact Microsoft Product Support Services to report this erro
 
Error - 10/28/2008 11:23:35 AM | Computer Name = CAFETO | Source = Application Hang | ID = 1002
Description = Hanging application Ad-Aware.exe, version 7.1.0.11, hang module hungapp,
 version 0.0.0.0, hang address 0x00000000.
 
Error - 10/28/2008 11:23:35 AM | Computer Name = CAFETO | Source = Application Hang | ID = 1002
Description = Hanging application Ad-Aware.exe, version 7.1.0.11, hang module hungapp,
 version 0.0.0.0, hang address 0x00000000.
 
Error - 10/29/2008 3:13:34 PM | Computer Name = CAFETO | Source = Application Hang | ID = 1002
Description = Hanging application AccuLink.exe, version 2.2.0.2, hang module hungapp,
 version 0.0.0.0, hang address 0x00000000.
 
Error - 10/31/2008 3:37:57 PM | Computer Name = CAFETO | Source = Application Error | ID = 1000
Description = Faulting application spsswin.exe, version 15.0.1.548, faulting module
 spssutil.dll, version 15.0.1.325, fault address 0x001495f8.
 
Error - 10/31/2008 3:38:06 PM | Computer Name = CAFETO | Source = Application Error | ID = 1000
Description = Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module
 dbghelp.dll, version 5.1.2600.5512, fault address 0x0001295d.
 
Error - 10/31/2008 3:38:46 PM | Computer Name = CAFETO | Source = Application Hang | ID = 1002
Description = Hanging application spsswin.exe, version 15.0.1.548, hang module hungapp,
 version 0.0.0.0, hang address 0x00000000.
 
Error - 10/31/2008 9:22:18 PM | Computer Name = CAFETO | Source = Broadcom ASF IP and SMBIOS Mailbox Monitor | ID = 0
Description =
 
[ System Events ]
Error - 10/31/2008 5:59:05 PM | Computer Name = CAFETO | Source = SRService | ID = 104
Description = The System Restore initialization process failed.
 
Error - 10/31/2008 5:59:08 PM | Computer Name = CAFETO | Source = Service Control Manager | ID = 7023
Description = The System Restore Service service terminated with the following error:
   %%2
 
Error - 10/31/2008 9:22:06 PM | Computer Name = CAFETO | Source = SRService | ID = 104
Description = The System Restore initialization process failed.
 
Error - 10/31/2008 9:22:08 PM | Computer Name = CAFETO | Source = Service Control Manager | ID = 7023
Description = The System Restore Service service terminated with the following error:
   %%2
 
Error - 11/1/2008 9:59:13 AM | Computer Name = CAFETO | Source = SRService | ID = 104
Description = The System Restore initialization process failed.
 
Error - 11/1/2008 9:59:15 AM | Computer Name = CAFETO | Source = Service Control Manager | ID = 7023
Description = The System Restore Service service terminated with the following error:
   %%2
 
Error - 11/1/2008 12:27:26 PM | Computer Name = CAFETO | Source = SRService | ID = 104
Description = The System Restore initialization process failed.
 
Error - 11/1/2008 12:27:27 PM | Computer Name = CAFETO | Source = Service Control Manager | ID = 7023
Description = The System Restore Service service terminated with the following error:
   %%2
 
Error - 11/1/2008 5:25:50 PM | Computer Name = CAFETO | Source = SRService | ID = 104
Description = The System Restore initialization process failed.
 
Error - 11/1/2008 5:25:52 PM | Computer Name = CAFETO | Source = Service Control Manager | ID = 7023
Description = The System Restore Service service terminated with the following error:
   %%2
 
 
< End of report >
Logged
« Reply #7 on: November 02, 2008, 16:53:29 »
vemendez Offline
Newbie

 *

Karma: 0
Posts: 10
Hi TeMerc,

Here is the second OTListIt log:

OTListIt logfile created on: 11/2/2008 7:47:07 PM - Run
OTListIt by OldTimer - Version 1.0.12.0     Folder = C:\Documents and Settings\UVM Affiliate\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1022.04 Mb Total Physical Memory | 203.59 Mb Available Physical Memory | 19.92% Memory free
2.40 Gb Paging File | 1.62 Gb Available in Paging File | 67.43% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072;
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.81 Gb Total Space | 11.17 Gb Free Space | 20.01% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: CAFETO
Current User Name: UVM Affiliate
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On
File Age = 7 Days
 
========== Processes ==========
 
[2007/07/25 16:29:38 | 00,987,136 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
[2008/10/28 09:13:38 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
[2007/02/06 17:45:26 | 00,109,344 | ---- | M] (Logitech Inc.) -- c:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
[2008/01/15 02:40:04 | 00,110,592 | ---- | M] (Apple, Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
[2006/12/19 14:21:48 | 00,079,432 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
[2007/07/24 15:17:08 | 00,229,376 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
[2008/04/17 08:08:46 | 01,528,608 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
[2008/02/20 10:08:46 | 00,472,320 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
[2007/07/25 16:41:42 | 00,647,168 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
[2007/05/14 14:21:40 | 00,475,136 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
[2007/05/31 15:50:40 | 00,163,908 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
[2007/07/25 16:22:44 | 00,327,680 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
[2004/08/04 05:00:00 | 00,019,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\tcpsvcs.exe
[2008/04/13 19:12:36 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\snmp.exe
[2007/02/18 23:27:16 | 00,090,112 | ---- | M] (SigmaTel, Inc.) -- C:\Program Files\SigmaTel\C-Major Audio\WDM\stacsv.exe
[2007/02/01 09:21:22 | 01,466,368 | ---- | M] () -- C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
[2007/07/25 16:32:34 | 00,294,912 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
[2008/04/13 19:12:40 | 00,218,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe
[2007/04/15 21:49:08 | 00,159,744 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apoint.exe
[2008/04/13 19:12:33 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe
[2008/04/13 19:12:33 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe
[2008/06/10 03:27:04 | 00,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
[2007/02/18 23:26:32 | 00,303,104 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
[2007/01/30 15:32:42 | 00,102,400 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
[2007/01/22 11:53:02 | 00,212,992 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\SecureUpgrade.exe
[2007/04/15 21:49:08 | 00,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApMsgFwd.exe
[2007/07/25 16:32:50 | 00,823,296 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
[2007/07/25 16:30:36 | 00,974,848 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
[2006/11/02 14:05:50 | 00,282,624 | ---- | M] (Knowles Acoustics) -- C:\WINDOWS\system32\KADxMain.exe
[2006/10/20 17:23:38 | 00,118,784 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
[2007/08/24 06:00:48 | 00,033,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
[2006/06/15 07:43:20 | 00,049,152 | ---- | M] (HP) -- C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe
[2005/09/23 23:08:54 | 00,049,152 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
[2007/04/15 21:49:08 | 00,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApntEx.exe
[2006/01/12 19:52:32 | 00,483,328 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 7.0\Distillr\AcroTray.exe
[2007/04/15 21:49:16 | 00,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\hidfind.exe
[2007/02/08 01:12:48 | 00,488,984 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
[2007/02/08 01:13:48 | 00,774,168 | ---- | M] () -- C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
[2008/02/04 14:18:40 | 00,267,048 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
[2008/02/20 10:06:58 | 01,443,072 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
[2007/02/06 17:43:26 | 00,252,704 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
[2008/05/08 15:37:59 | 00,339,968 | ---- | M] (Western Digital Technologies, Inc.) -- C:\WINDOWS\system32\WDBtnMgr.exe
[2006/11/13 12:39:52 | 01,289,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\wcescomm.exe
[2008/07/07 08:42:06 | 02,156,368 | RHS- | M] (Safer Networking Limited) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
[2006/11/13 12:39:34 | 00,199,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\rapimgr.exe
[2005/03/24 15:56:50 | 00,151,552 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe
[2007/02/08 01:12:20 | 00,230,936 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
[2007/01/11 20:43:46 | 02,150,400 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
[2006/11/03 18:02:14 | 00,050,688 | ---- | M] (Avanquest Software ) -- C:\Program Files\Digital Line Detect\DLG.exe
[2005/04/17 14:59:28 | 00,065,536 | ---- | M] (Trimble Navigation Limited) -- C:\Program Files\GPS Pathfinder Office 3.10\conmgr.exe
[2005/04/17 14:59:36 | 00,032,768 | ---- | M] (Trimble Navigation Limited) -- C:\Program Files\GPS Pathfinder Office 3.10\pfpjchgr.exe
[2008/02/04 14:18:32 | 00,504,104 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
[2004/11/04 18:28:24 | 00,258,048 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
[2005/04/17 14:58:40 | 00,458,828 | ---- | M] (Trimble Navigation Ltd.) -- C:\Program Files\Common Files\Trimble\Remote Device Manager\TRDMU.exe
[2006/04/27 09:53:24 | 00,532,480 | ---- | M] (Logitech Inc.) -- C:\Program Files\SetPoint\SetPoint.exe
[2006/12/18 15:22:14 | 00,278,528 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
[2004/11/04 18:36:46 | 00,425,984 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
[2006/01/23 23:14:10 | 00,069,632 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
[2008/04/17 08:08:50 | 01,544,984 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
[2006/02/24 17:03:40 | 00,106,496 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtKbd.exe
[2006/08/23 13:11:38 | 00,069,632 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtBty.exe
[2006/10/27 20:13:48 | 00,270,336 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
[2007/10/02 14:48:53 | 00,020,572 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
[2005/12/20 17:38:06 | 00,028,160 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
[2008/04/17 08:08:50 | 00,172,840 | ---- | M] () -- C:\Program Files\Cisco Systems\VPN Client\IPSecLog.exe
[2007/07/25 16:26:14 | 00,491,520 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
[2006/02/06 23:00:20 | 00,311,296 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosOBEX.exe
[2006/12/15 11:41:30 | 02,170,880 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe
[2008/04/13 19:12:28 | 00,060,416 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Outlook Express\msimn.exe
[2008/02/13 14:41:35 | 00,185,896 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[2008/08/23 00:56:15 | 00,635,848 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
[2008/09/25 08:51:54 | 00,307,712 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
[2008/11/02 19:46:20 | 00,418,304 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\UVM Affiliate\Desktop\OTListIt.exe
 
========== (O23) Win32 Services ==========
 
[2008/10/28 09:13:38 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice [Auto | Running])
[2007/10/09 15:11:22 | 00,069,632 | ---- | M] (Adobe Systems) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service [On_Demand | Stopped])
[2008/01/15 02:40:04 | 00,110,592 | ---- | M] (Apple, Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
[2006/12/19 14:21:48 | 00,079,432 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe -- (ASFIPmon [Auto | Running])
[2007/10/24 00:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2007/07/24 15:17:08 | 00,229,376 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
[2007/10/24 00:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2008/04/17 08:08:46 | 01,528,608 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND [Auto | Running])
[2008/02/20 10:14:52 | 00,019,200 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv [On_Demand | Stopped])
[2008/02/20 10:08:46 | 00,472,320 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn [Auto | Running])
[2007/07/25 16:41:42 | 00,647,168 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng [Auto | Running])
[2008/08/29 09:01:22 | 00,033,752 | ---- | M] (NOS Microsystems Ltd.) -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe -- (getPlus(R) Helper [On_Demand | Stopped])
[2004/10/22 02:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
[2008/02/04 14:18:32 | 00,504,104 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
[2004/08/04 05:00:00 | 00,019,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\tcpsvcs.exe -- (LPDSVC [On_Demand | Stopped])
[2007/02/06 17:45:26 | 00,109,344 | ---- | M] (Logitech Inc.) -- c:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv [Auto | Running])
[2007/02/06 17:47:12 | 00,105,248 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe -- (LVSrvLauncher [Auto | Stopped])
[2007/08/24 05:59:20 | 00,068,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service [On_Demand | Stopped])
[2007/05/14 14:21:40 | 00,475,136 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe -- (NICCONFIGSVC [Auto | Running])
[2007/05/31 15:50:40 | 00,163,908 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Auto | Running])
[2007/08/24 02:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
[2006/10/26 13:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
[2004/12/24 10:11:46 | 00,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12 [Auto | Stopped])
[2007/07/25 16:22:44 | 00,327,680 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc [Auto | Running])
[2007/07/25 16:29:38 | 00,987,136 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor [Auto | Running])
[2007/01/29 21:59:58 | 00,487,424 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe -- (SecureStorageService [On_Demand | Stopped])
[2004/08/04 05:00:00 | 00,019,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\tcpsvcs.exe -- (SimpTcp [Auto | Running])
[2008/04/13 19:12:36 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\snmp.exe -- (SNMP [Auto | Running])
[2008/04/13 19:12:36 | 00,008,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\snmptrap.exe -- (SNMPTRAP [On_Demand | Stopped])
[2007/02/18 23:27:16 | 00,090,112 | ---- | M] (SigmaTel, Inc.) -- C:\Program Files\SigmaTel\C-Major Audio\WDM\stacsv.exe -- (STacSV [Auto | Running])
[2007/02/01 09:21:22 | 01,466,368 | ---- | M] () -- C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe -- (tcsd_win32.exe [Auto | Running])
[2007/07/25 16:32:34 | 00,294,912 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER [Auto | Running])
[2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])
 
========== Driver Services ==========
 
[2007/09/19 23:10:38 | 00,021,393 | ---- | M] (Cisco Systems, Inc.) -- C:\WINDOWS\system32\drivers\AegisP.sys -- (AegisP [Auto | Running])
[2001/08/17 13:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\drivers\aliide.sys -- (AliIde [Disabled | Stopped])
[2008/04/13 13:36:39 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\system32\drivers\amdagp.sys -- (amdagp [Disabled | Stopped])
[2007/04/15 21:49:08 | 00,132,608 | ---- | M] (Alps Electric Co., Ltd.) -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService [On_Demand | Running])
[2005/08/12 17:50:46 | 00,016,128 | ---- | M] (Dell Inc) -- C:\WINDOWS\system32\drivers\APPDRV.SYS -- (APPDRV [System | Running])
[2001/08/17 13:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\drivers\asc.sys -- (asc [Disabled | Stopped])
[2001/08/17 13:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\drivers\asc3550.sys -- (asc3550 [Disabled | Stopped])
[2007/03/18 15:44:38 | 00,160,256 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k [On_Demand | Running])
[2006/12/19 14:21:52 | 00,010,480 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Broadcom\ASFIPMon\BASFND.sys -- (BASFND [Auto | Running])
[2004/03/08 11:55:50 | 00,013,567 | ---- | M] (B.H.A Corporation) -- C:\WINDOWS\System32\drivers\CDRBSDRV.SYS -- (cdrbsdrv [System | Running])
[2001/08/17 13:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\system32\drivers\cmdide.sys -- (CmdIde [Disabled | Stopped])
[2007/01/18 16:28:02 | 00,005,275 | ---- | M] (Cisco Systems, Inc.) -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA [On_Demand | Stopped])
[2008/04/17 08:07:52 | 00,306,299 | ---- | M] (Cisco Systems, Inc.) -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA [Auto | Running])
[2001/08/17 13:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\system32\drivers\dac2w2k.sys -- (dac2w2k [Disabled | Stopped])
[2008/03/29 16:36:28 | 00,125,328 | ---- | M] (Deterministic Networks, Inc.) -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE [On_Demand | Running])
[2006/01/10 11:07:58 | 00,004,864 | ---- | M] (GTek Technologies Ltd.) -- C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys -- (DSproct [On_Demand | Stopped])
[2006/11/02 12:32:32 | 00,097,536 | ---- | M] (Knowles Acoustics) -- C:\WINDOWS\system32\drivers\dxec01.sys -- (DXEC01 [On_Demand | Running])
[2001/08/17 12:12:10 | 00,117,760 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\e100b325.sys -- (E100B [On_Demand | Stopped])
[2008/02/20 10:01:30 | 00,039,944 | ---- | M] (ESET) -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon [Auto | Running])
[2008/02/20 10:02:22 | 00,029,704 | ---- | M] (ESET) -- C:\WINDOWS\system32\drivers\easdrv.sys -- (easdrv [System | Running])
[2008/02/20 10:11:16 | 00,033,800 | ---- | M] () -- C:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir [System | Running])
[2006/09/19 14:44:04 | 00,015,664 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
[2007/01/30 17:37:18 | 00,056,320 | ---- | M] (O2Micro) -- C:\WINDOWS\system32\drivers\oz776.sys -- (guardian2 [On_Demand | Running])
[2008/04/13 11:36:05 | 00,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus [On_Demand | Running])
[2005/09/20 05:22:37 | 00,009,344 | ---- | M] (Hewlett Packard) -- C:\WINDOWS\system32\drivers\hpfxbulk.sys -- (HPFXBULK [On_Demand | Stopped])
[2005/02/02 18:29:28 | 00,009,344 | R--- | M] (Hewlett Packard) -- C:\WINDOWS\system32\drivers\hpplsbulk.sys -- (HPPLSBULK [On_Demand | Stopped])
[2005/01/17 12:21:54 | 00,049,664 | R--- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZid412.sys -- (HPZid412 [On_Demand | Stopped])
[2004/12/24 13:09:12 | 00,016,496 | R--- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZipr12.sys -- (HPZipr12 [On_Demand | Stopped])
[2004/12/24 13:07:46 | 00,021,568 | R--- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZius12.sys -- (HPZius12 [On_Demand | Stopped])
[2007/01/31 18:19:02 | 00,209,152 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL [On_Demand | Running])
[2007/01/31 18:19:04 | 00,989,696 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV [On_Demand | Running])
[2008/04/13 13:39:48 | 00,014,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid [System | Running])
[2005/12/20 17:54:34 | 00,027,008 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\system32\drivers\LHidKE.Sys -- (LHidKe [On_Demand | Running])
[2005/12/20 17:54:28 | 00,069,376 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\system32\drivers\LMOUKE.sys -- (LMouKE [On_Demand | Running])
[2007/02/06 17:42:40 | 01,691,808 | ---- | M] () -- C:\WINDOWS\system32\drivers\Lvckap.sys -- (LVcKap [On_Demand | Running])
[2007/02/06 17:44:36 | 01,964,064 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\LVMVdrv.sys -- (LVMVDrv [On_Demand | Running])
[2007/02/06 17:45:04 | 00,025,632 | ---- | M] () -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon [On_Demand | Running])
[2007/02/03 13:32:34 | 00,041,504 | R--- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta [On_Demand | Running])
[2007/01/31 18:19:04 | 00,012,672 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk [Auto | Running])
[2001/08/17 13:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\system32\drivers\mraid35x.sys -- (mraid35x [Disabled | Stopped])
[2007/08/12 18:05:34 | 02,211,456 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32 [On_Demand | Running])
[2007/05/31 15:50:20 | 06,727,136 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv [On_Demand | Running])
[2006/08/28 15:00:44 | 00,019,968 | ---- | M] (Dell Inc) -- C:\WINDOWS\system32\drivers\PBADRV.sys -- (PBADRV [Boot | Running])
[2007/02/03 13:27:15 | 00,014,240 | R--- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\lv302af.sys -- (pepifilter [On_Demand | Running])
[2007/02/03 13:27:27 | 00,938,272 | R--- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\LV302V32.SYS -- (PID_PEPI [On_Demand | Running])
[2004/08/04 05:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2001/08/17 13:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql1080.sys -- (ql1080 [Disabled | Stopped])
[2001/08/17 13:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql12160.sys -- (ql12160 [Disabled | Stopped])
[2001/08/17 13:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql1280.sys -- (ql1280 [Disabled | Stopped])
[2007/05/29 15:29:30 | 00,012,416 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans [Auto | Running])
[2007/11/13 05:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2008/04/13 13:36:39 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\drivers\sisagp.sys -- (sisagp [Disabled | Stopped])
[2001/08/17 14:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\system32\drivers\sparrow.sys -- (Sparrow [Disabled | Stopped])
[2007/02/18 23:27:34 | 01,228,296 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA [On_Demand | Running])
[2001/08/17 14:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\system32\drivers\symc810.sys -- (symc810 [Disabled | Stopped])
[2001/08/17 14:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\symc8xx.sys -- (symc8xx [Disabled | Stopped])
[2001/08/17 14:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\sym_hi.sys -- (sym_hi [Disabled | Stopped])
[2001/08/17 14:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\sym_u3.sys -- (sym_u3 [Disabled | Stopped])
[2008/06/20 06:08:27 | 00,225,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6 [System | Running])
[2007/04/26 14:29:24 | 00,003,712 | ---- | M] (TOSHIBA Corporation.) -- C:\WINDOWS\system32\drivers\Toshidpt.sys -- (toshidpt [On_Demand | Running])
[2007/04/26 14:29:24 | 00,041,600 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\drivers\tosporte.sys -- (tosporte [On_Demand | Running])
[2007/04/26 14:29:26 | 00,113,920 | ---- | M] (TOSHIBA CORPORATION) -- C:\WINDOWS\system32\drivers\tosrfbd.sys -- (tosrfbd [On_Demand | Running])
[2007/04/26 14:29:26 | 00,036,480 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\drivers\tosrfbnp.sys -- (tosrfbnp [On_Demand | Running])
[2007/04/26 14:29:28 | 00,064,896 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\drivers\tosrfcom.sys -- (Tosrfcom [System | Running])
[2007/04/26 14:29:28 | 00,073,600 | ---- | M] (TOSHIBA Corporation.) -- C:\WINDOWS\system32\drivers\Tosrfhid.sys -- (Tosrfhid [On_Demand | Running])
[2007/04/26 14:29:28 | 00,018,612 | ---- | M] (TOSHIBA Corporation.) -- C:\WINDOWS\system32\drivers\tosrfnds.sys -- (tosrfnds [On_Demand | Running])
[2007/04/26 14:29:30 | 00,041,856 | ---- | M] (TOSHIBA CORPORATION) -- C:\WINDOWS\system32\drivers\tosrfusb.sys -- (Tosrfusb [On_Demand | Running])
[2008/04/13 13:56:01 | 00,012,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\tunmp.sys -- (tunmp [On_Demand | Running])
[2001/08/17 13:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\drivers\ultra.sys -- (ultra [Disabled | Stopped])
[2008/04/13 13:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Running])
[2005/01/26 10:22:20 | 00,280,344 | ---- | M] (Zone Labs LLC) -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant [On_Demand | Stopped])
[2007/01/31 18:19:02 | 00,730,112 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf [On_Demand | Running])
[2008/04/13 13:36:38 | 00,008,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wmiacpi.sys -- (WmiAcpi [System | Running])
[2004/08/04 05:00:00 | 00,012,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ws2ifsl.sys -- (WS2IFSL [System | Running])
 
========== Internet Explorer ==========
 
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=2070919
 
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.netflix.com/MemberHome
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
O1 HOSTS File: (0 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" (Adobe Systems Inc.)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [Document Manager] C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe (Wave Systems Corp.)
O4 - HKLM..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice (ESET)
O4 - HKLM..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" (Microsoft Corporation)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [hpbdfawep] C:\Program Files\HP\Dfawep\bin\hpbdfawep.exe 1 ()
O4 - HKLM..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" (Intel Corporation)
O4 - HKLM..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
O4 - HKLM..\Run: [KADxMain] C:\WINDOWS\system32\KADxMain.exe (Knowles Acoustics)
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE (Logitech Inc.)
O4 - HKLM..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" (Logitech Inc.)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide ()
O4 - HKLM..\Run: [masqform.exe] C:\Program Files\PureEdge\Viewer 6.0\masqform.exe -UpdateCurrentUser (PureEdge Solutions Inc.)
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] nwiz.exe /installquiet ()
O4 - HKLM..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe (OLYMPUS IMAGING CORP.)
O4 - HKLM..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" (CyberLink Corp.)
O4 - HKLM..\Run: [PFO Check Settings] pfochk.exe ()
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [SecureUpgrade] C:\Program Files\Wave Systems Corp\SecureUpgrade.exe (Wave Systems Corp.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot (RealNetworks, Inc.)
O4 - HKLM..\Run: [TomcatStartup 2.5] C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe (Hewlett-Packard)
O4 - HKLM..\Run: [ToolBoxFX] "C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe" /enum:on /alerts:on /notifications:on /systrayIcon:on /fl:on /fr:on /appData:on (HP)
O4 - HKLM..\Run: [WD Button Manager] WDBtnMgr.exe (Western Digital Technologies, Inc.)
O4 - HKCU..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" (Microsoft Corporation)
O4 - HKCU..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart (OLYMPUS IMAGING CORP.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKCU..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcStd7_0_9 -reboot 1 (Adobe Systems Incorporated)
O4 - HKLM..\RunOnce: [wextract_cleanup0] rundll32.exe C:\WINDOWS\system32\advpack.dll,DelNodeRunDLL32 "C:\DOCUME~1\UVMAFF~1\LOCALS~1\Temp\IXP000.TMP\" (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk = C:\WINDOWS\Installer\{AC76BA86-1033-0000-BA7E-000000000002}\SC_Acrobat.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk = C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (Avanquest Software )
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\GPS Pathfinder Office Connection Manager.lnk = C:\Program Files\GPS Pathfinder Office 3.10\conmgr.exe (Trimble Navigation Limited)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\GPS Pathfinder Office Project Changer.lnk = C:\Program Files\GPS Pathfinder Office 3.10\pfpjchgr.exe (Trimble Navigation Limited)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SetPoint.lnk = C:\Program Files\SetPoint\SetPoint.exe (Logitech Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk = C:\WINDOWS\Installer\{4C271126-C295-4828-A901-5910AE0C258B}\Icon3E5562ED7.ico ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Sites: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O18 - Protocol\Handler:  - grooveLocalGWS - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler:  - ipp - No CLSID value found
O18 - Protocol\Handler:  - ipp\0x00000001 - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler:  - msdaipp - No CLSID value found
O18 - Protocol\Handler:  - msdaipp\0x00000001 - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler:  - msdaipp\oledb - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler:  - ms-help - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler:  - skype4com - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter:  - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - See sections below for AppInitDlls and Winlogon settings
 
========== AppInit_DLLs ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_Dlls" = wxvault.dll
>[2007/01/30 15:31:50 | 00,286,720 | ---- | M] () -- C:\WINDOWS\system32\wxvault.dll
 
========== Winlogon Notify Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
NavLogon: "DllName" = Reg Error: Value DLLName does not exist or could not be read. --  File not found
 
========== Shell Execute Hooks ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" (HKLM) -- C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
 
========== LSA *Authentication Packages* ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Authentication Packages" = msv1_0,wvauth,
>[2007/01/31 20:16:18 | 00,405,504 | ---- | M] (Wave Systems Corp.) -- C:\WINDOWS\system32\wvauth.dll
 
========== Safeboot Options ==========
 
"AlternateShell" = cmd.exe
 
========== CDRom AutoRun Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1
 
========== Autorun Files on Drives ==========
 
AUTOEXEC.BAT [PATH=%PATH%;C:\PROGRA~1\COMMON~1\MUVEET~1\030625 | ]
[2008/06/07 00:52:59 | 00,000,050 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]
 
 
========== MountPoints2 ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{72db04cc-17ae-11dd-b089-001a6bc60e4f}\Shell\Auto\command]
"" = MSOCache\doWTP_RESTORE.exe
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{72db04cc-17ae-11dd-b089-001a6bc60e4f}\Shell\AutoRun]
"" = Auto&Play
 
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{85f56990-6366-11dd-b181-001a6bc60e4f}\Shell]
"" = AutoRun
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{85f56990-6366-11dd-b181-001a6bc60e4f}\Shell\AutoRun]
"" = Auto&Play
 
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{85f56990-6366-11dd-b181-001a6bc60e4f}\Shell\AutoRun\command]
"" = E:\LaunchU3.exe -- File not found
 
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{94d01d60-22a8-11dd-b0b4-001a6bc60e4f}\Shell\AutoRun\command]
"" = E:\
 
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{94d01d60-22a8-11dd-b0b4-001a6bc60e4f}\Shell\explore\Command]
"" = RECYCLER\autorun.exe -ExploreCurDir
 
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{94d01d60-22a8-11dd-b0b4-001a6bc60e4f}\Shell\open\Command]
"" = RECYCLER\autorun.exe -OpenCurDir
 
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{99e0c0d1-15aa-11dd-b082-001a6bc60e4f}\Shell\Auto\command]
"" = MSOCache\doWTP_RESTORE.exe
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{99e0c0d1-15aa-11dd-b082-001a6bc60e4f}\Shell\AutoRun]
"" = Auto&Play
 
 
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cc4cdf78-3ee9-11dd-b11a-001a6bc60e4f}\Shell\AutoRun\command]
"" = E:\CA_EdgeLitemobile.exe -- File not found
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d154aa16-7bf1-11dc-ae6f-001a6bc60e4f}\Shell]
"" = AutoRun
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d154aa16-7bf1-11dc-ae6f-001a6bc60e4f}\Shell\AutoRun]
"" = Auto&Play
 
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d154aa16-7bf1-11dc-ae6f-001a6bc60e4f}\Shell\AutoRun\command]
"" = E:\LaunchU3.exe -- File not found
 
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d420111e-3455-11dd-b0f1-0013e8bb6dd1}\Shell\AutoRun\command]
"" = E:\system\viewer\FlipVideoforPC.exe -- File not found
 
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d420111e-3455-11dd-b0f1-0013e8bb6dd1}\Shell\Flip Video for PC\command]
"" = E:\system\viewer\FlipVideoforPC.exe -- File not found
 
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f0cd6943-14ed-11dd-b080-001a6bc60e4f}\Shell\Auto\command]
"" = E:\MSOCache\doWTP_RESTORE.exe -- File not found
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f0cd6943-14ed-11dd-b080-001a6bc60e4f}\Shell\AutoRun]
"" = Auto&Play
 
 
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f0cd694d-14ed-11dd-b080-001a6bc60e4f}\Shell\Auto\command]
"" = E:\MSOCache\doWTP_RESTORE.exe -- File not found
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f0cd694d-14ed-11dd-b080-001a6bc60e4f}\Shell\AutoRun]
"" = Auto&Play
 
 
========== Files/Folders - Created Within 7 Days ==========
 
[2008/11/02 19:46:16 | 00,418,304 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\UVM Affiliate\Desktop\OTListIt.exe
[2008/10/31 06:01:28 | 00,002,445 | ---- | C] () -- C:\Documents and Settings\UVM Affiliate\Desktop\VPN Client.lnk
[2008/10/29 13:53:27 | 00,000,000 | ---D | C] -- C:\Program Files\Decagon
[2008/10/28 20:30:02 | 00,000,962 | ---- | C] () -- C:\Documents and Settings\UVM Affiliate\Desktop\Shortcut to kompozer.exe.lnk
[2008/10/28 20:25:06 | 07,949,158 | ---- | C] () -- C:\Program Files\kompozer-0.7.10-win32.zip
[2008/10/28 09:13:15 | 00,000,793 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Watch.lnk
[2008/10/28 09:13:15 | 00,000,793 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2008/10/28 09:13:12 | 00,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2008/10/28 09:12:37 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2008/10/27 22:15:51 | 00,000,955 | ---- | C] () -- C:\Documents and Settings\UVM Affiliate\Desktop\Spybot - Search & Destroy.lnk
[2008/10/27 21:49:10 | 00,000,000 | ---D | C] -- C:\Program Files\NOS
[2008/10/27 21:49:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS
[2008/10/27 21:13:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\UVM Affiliate\Application Data\Malwarebytes
[2008/10/27 21:13:30 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2008/10/27 21:13:30 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2008/10/27 21:13:27 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2008/10/27 21:13:26 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2008/10/27 21:13:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2008/10/27 17:28:25 | 00,000,738 | ---- | C] () -- C:\Documents and Settings\UVM Affiliate\Desktop\Outlook Express.lnk
[2008/10/27 17:28:13 | 00,000,788 | ---- | C] () -- C:\Documents and Settings\UVM Affiliate\Desktop\Windows Media Player (2).lnk
[2008/10/27 17:26:42 | 00,000,782 | ---- | C] () -- C:\Documents and Settings\UVM Affiliate\Desktop\Windows Media Player.lnk
[2008/10/27 17:26:40 | 02,178,131 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shvlres.dll
[2008/10/27 17:26:40 | 01,817,687 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bckgres.dll
[2008/10/27 17:26:40 | 00,780,885 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chkrres.dll
[2008/10/27 17:26:40 | 00,753,236 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rvseres.dll
[2008/10/27 17:26:40 | 00,082,501 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bckg.dll
[2008/10/27 17:26:40 | 00,048,706 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rvse.dll
[2008/10/27 17:26:40 | 00,042,577 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bckgzm.exe
[2008/10/27 17:26:40 | 00,042,575 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chkrzm.exe
[2008/10/27 17:26:40 | 00,042,574 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rvsezm.exe
[2008/10/27 17:26:40 | 00,042,573 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shvlzm.exe
[2008/10/27 17:26:40 | 00,040,515 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chkr.dll
[2008/10/27 17:26:39 | 01,175,635 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hrtzres.dll
[2008/10/27 17:26:39 | 01,039,955 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cmnresm.dll
[2008/10/27 17:26:39 | 00,217,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cmnclim.dll
[2008/10/27 17:26:39 | 00,113,222 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zoneclim.dll
[2008/10/27 17:26:39 | 00,066,113 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shvl.dll
[2008/10/27 17:26:39 | 00,057,409 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hrtz.dll
[2008/10/27 17:26:39 | 00,042,573 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hrtzzm.exe
[2008/10/27 17:26:39 | 00,041,029 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zcorem.dll
[2008/10/27 17:26:39 | 00,036,937 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zclientm.exe
[2008/10/27 17:26:39 | 00,032,339 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uniansi.dll
[2008/10/27 17:26:39 | 00,029,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\znetm.dll
[2008/10/27 17:26:39 | 00,013,894 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zonelibm.dll
[2008/10/27 17:26:39 | 00,004,677 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zeeverm.dll
[2008/10/27 17:26:32 | 00,065,978 | ---- | C] () -- C:\WINDOWS\Soap Bubbles.bmp
[2008/10/27 17:26:32 | 00,065,954 | ---- | C] () -- C:\WINDOWS\Prairie Wind.bmp
[2008/10/27 17:26:32 | 00,065,832 | ---- | C] () -- C:\WINDOWS\Santa Fe Stucco.bmp
[2008/10/27 17:26:32 | 00,026,680 | ---- | C] () -- C:\WINDOWS\River Sumida.bmp
[2008/10/27 17:26:32 | 00,026,582 | ---- | C] () -- C:\WINDOWS\Greenstone.bmp
[2008/10/27 17:26:32 | 00,017,362 | ---- | C] () -- C:\WINDOWS\Rhododendron.bmp
[2008/10/27 17:26:32 | 00,017,336 | ---- | C] () -- C:\WINDOWS\Gone Fishing.bmp
[2008/10/27 17:26:32 | 00,017,062 | ---- | C] () -- C:\WINDOWS\Coffee Bean.bmp
[2008/10/27 17:26:32 | 00,016,730 | ---- | C] () -- C:\WINDOWS\FeatherTexture.bmp
[2008/10/27 17:26:32 | 00,009,522 | ---- | C] () -- C:\WINDOWS\Zapotec.bmp
[2008/10/27 17:26:32 | 00,001,272 | ---- | C] () -- C:\WINDOWS\Blue Lace 16.bmp
[2008/10/27 17:26:30 | 00,107,882 | ---- | C] () -- C:\WINDOWS\System32\mib_ii.mib
[2008/10/27 17:26:30 | 00,049,275 | ---- | C] () -- C:\WINDOWS\System32\wfospf.mib
[2008/10/27 17:26:30 | 00,048,593 | ---- | C] () -- C:\WINDOWS\System32\hostmib.mib
[2008/10/27 17:26:30 | 00,038,608 | ---- | C] () -- C:\WINDOWS\System32\nipx.mib
[2008/10/27 17:26:30 | 00,034,317 | ---- | C] () -- C:\WINDOWS\System32\msiprip2.mib
[2008/10/27 17:26:30 | 00,030,448 | ---- | C] () -- C:\WINDOWS\System32\mcastmib.mib
[2008/10/27 17:26:30 | 00,026,236 | ---- | C] () -- C:\WINDOWS\System32\wins.mib
[2008/10/27 17:26:30 | 00,026,100 | ---- | C] () -- C:\WINDOWS\System32\lmmib2.mib
[2008/10/27 17:26:30 | 00,021,386 | ---- | C] () -- C:\WINDOWS\System32\mipx.mib
[2008/10/27 17:26:30 | 00,020,079 | ---- | C] () -- C:\WINDOWS\System32\http.mib
[2008/10/27 17:26:30 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\simptcp.dll
[2008/10/27 17:26:30 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\simptcp.dll
[2008/10/27 17:26:30 | 00,016,617 | ---- | C] () -- C:\WINDOWS\System32\authserv.mib
[2008/10/27 17:26:30 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsm.dll
[2008/10/27 17:26:30 | 00,015,799 | ---- | C] () -- C:\WINDOWS\System32\ipforwd.mib
[2008/10/27 17:26:30 | 00,015,597 | ---- | C] () -- C:\WINDOWS\System32\accserv.mib
[2008/10/27 17:26:30 | 00,013,767 | ---- | C] () -- C:\WINDOWS\System32\msipbtp.mib
[2008/10/27 17:26:30 | 00,010,313 | ---- | C] () -- C:\WINDOWS\System32\mripsap.mib
[2008/10/27 17:26:30 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpstup.dll
[2008/10/27 17:26:30 | 00,006,179 | ---- | C] () -- C:\WINDOWS\System32\ftp.mib
[2008/10/27 17:26:30 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smimsgif.dll
[2008/10/27 17:26:30 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsy.dll
[2008/10/27 17:26:30 | 00,004,597 | ---- | C] () -- C:\WINDOWS\System32\dhcp.mib
[2008/10/27 17:26:30 | 00,004,332 | ---- | C] () -- C:\WINDOWS\System32\smi.mib
[2008/10/27 17:26:30 | 00,000,698 | ---- | C] () -- C:\WINDOWS\System32\inetsrv.mib
[2008/10/27 17:26:30 | 00,000,581 | ---- | C] () -- C:\WINDOWS\System32\msft.mib
[2008/10/27 14:44:58 | 00,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2008/10/27 14:44:09 | 07,508,608 | ---- | C] (Mozilla) -- C:\Program Files\Firefox Setup 3.0.3.exe
[2008/10/26 22:41:32 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\UVM Affiliate\Desktop\HijackThis.lnk
[2008/10/26 22:41:32 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2008/10/26 21:45:17 | 10,717,63456 | -HS- | C] () -- C:\hiberfil.sys
 
 
========== Files - Modified Within 7 Days ==========
 
[1 C:\*.tmp files]
[1 C:\WINDOWS\System32\*.tmp files]
[1 C:\WINDOWS\*.tmp files]
[2008/11/02 19:46:20 | 00,418,304 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\UVM Affiliate\Desktop\OTListIt.exe
[2008/11/02 08:17:56 | 00,099,771 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2008/11/01 16:30:17 | 00,483,752 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2008/11/01 16:30:17 | 00,411,142 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2008/11/01 16:30:17 | 00,065,446 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2008/11/01 16:27:02 | 00,002,447 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk
[2008/11/01 16:26:50 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2008/11/01 16:26:49 | 00,002,335 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
[2008/11/01 16:25:49 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2008/11/01 16:25:45 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2008/11/01 16:25:42 | 10,717,63456 | -HS- | M] () -- C:\hiberfil.sys
[2008/10/31 15:00:01 | 00,000,017 | -H-- | M] () -- C:\WINDOWS\System32\servdat.slm
[2008/10/31 14:39:11 | 00,000,219 | ---- | M] () -- C:\WINDOWS\System32\lsprst7.tgz
[2008/10/31 14:39:11 | 00,000,205 | ---- | M] () -- C:\WINDOWS\System32\lsprst7.dll
[2008/10/31 14:39:11 | 00,000,014 | ---- | M] () -- C:\WINDOWS\System32\ssprs.tgz
[2008/10/31 11:29:46 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2008/10/31 06:01:28 | 00,002,445 | ---- | M] () -- C:\Documents and Settings\UVM Affiliate\Desktop\VPN Client.lnk
[2008/10/30 19:37:24 | 00,000,962 | ---- | M] () -- C:\Documents and Settings\UVM Affiliate\Desktop\Shortcut to kompozer.exe.lnk
[2008/10/29 22:46:37 | 00,000,627 | ---- | M] () -- C:\WINDOWS\win.ini
[2008/10/29 14:44:14 | 00,099,771 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat
[2008/10/28 09:13:15 | 00,000,793 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Watch.lnk
[2008/10/28 09:13:15 | 00,000,793 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2008/10/28 07:03:44 | 00,000,955 | ---- | M] () -- C:\Documents and Settings\UVM Affiliate\Desktop\Spybot - Search & Destroy.lnk
[2008/10/27 21:13:30 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2008/10/27 17:28:25 | 00,000,738 | ---- | M] () -- C:\Documents and Settings\UVM Affiliate\Desktop\Outlook Express.lnk
[2008/10/27 17:28:13 | 00,000,788 | ---- | M] () -- C:\Documents and Settings\UVM Affiliate\Desktop\Windows Media Player (2).lnk
[2008/10/27 17:27:42 | 00,004,625 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2008/10/27 17:26:42 | 00,000,782 | ---- | M] () -- C:\Documents and Settings\UVM Affiliate\Desktop\Windows Media Player.lnk
[2008/10/27 14:44:58 | 00,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2008/10/27 14:40:25 | 00,000,057 | ---- | M] () -- C:\WINDOWS\System32\mapisvc.inf
[2008/10/27 12:00:36 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2008/10/26 22:41:32 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\UVM Affiliate\Desktop\HijackThis.lnk
 
< End of report >
Logged
« Reply #8 on: November 02, 2008, 22:18:09 »
Malware Scum, Die! 		TeMerc Offline
Countermeasures Leader
Administrator WWW
Karma: 66
Posts: 6145
OK, everything looks good, you're good to go unless there were other tings needing our attention?
Logged

Malware Advisor Blog
Ultimate Countermeasures Page
« Reply #9 on: November 03, 2008, 19:36:05 »
vemendez Offline
Newbie

 *

Karma: 0
Posts: 10
TeMerc,

Thank you very much for your help !

vemendez
Logged
« Reply #10 on: November 03, 2008, 22:16:02 »
Malware Scum, Die! 		TeMerc Offline
Countermeasures Leader
Administrator WWW
Karma: 66
Posts: 6145
You're quite welcome vemendez.  Very Happy

Guess it's time we cleaned up some of the tools we used and then our recommendations to remain malware free.

Any specialty tools which were downloaded may be deleted and all pertaining folders as well. These tools constantly have their databases updated  and\or have the method of how they work altered and in all likelihood you would need to download new ones.

Be sure your Java is up to date, many infections use exploits of unpatched systems.
  • Go to Start > Control Panel double-click on the Software icon > add/remove programs.
  • Search in the list for all previous installed versions of Java. (J2SE Runtime Environment.... )
  • Select it and click Remove.
  • Then Download and install the newest version from here
SpywareBlaster will prevent known ActiveX installs, by setting killbits into the registry.
With Spyware Blaster, just DL, check for updates, enable all protection and you're done.

And either of the two following hosts file databases will keep an even stronger layer of defense:The latter contains more sites as they tend to include domains\IPs which are involved in even the slightest way with malware distribution or sites involved in any other sort of salacious activities. Basically, lay with dogs, get fleas type of thing.

To manage your hosts file we recommend using HostsXpert. With this tool, you can download the latest updates, merge them with another hosts file, edit entries and much more. It's freeware and works very well on all systems

And to prevent unknown applications from being installed on your machine install WinPatrol 2008 v15. WinPatrol is also great at controlling which applications start with Windows. It's even got a nifty 'delay' feature.

Another thing I would suggest, is to install SiteAdvisor or SiteHound. Each provide similar protection, tho SiteAdvisor also rates sites on business practices and spam. SiteHound will offer some content advice as well as security alerts on known rogue sites.

Confused about which apps are good or not? Read about anti-spyware apps pretending to be just that, but are in fact apps which will infect you. For the latest software rated as such check out the  this page.

And just because you have security apps installed, they are useless unless updated regularly. Keep track of updates for ALL your security needs here:
Calendar of Updates

Happy surfing!!
Tom Very Happy

****This topic has been successfully resolved and is now locked. If the original user needs to have this thread re-opened please PM me

Any other users with similar problems please use the 'New Topic' button to begin a new thread.****
Tom\TeMerc
Logged

Malware Advisor Blog
Ultimate Countermeasures Page
 
Pages: [1]   Go Up
  Print  
« previous next »
 
Jump to:  

Powered by SMF 1.1.18 | SMF © 2013, Simple Machines Page created in 0.337 seconds with 20 queries.