Page 6 of 8 FirstFirst ... 2345678 LastLast
Results 51 to 60 of 76

Thread: Need help with conficker worm!!!!

  1. #51
    Emeritus- Security Expert peku006's Avatar
    Join Date
    Feb 2007
    Location
    Norway
    Posts
    3,103

    Default

    Hi John
    ok......we can check that file later

    will continue with this........

    1. Download the FixDownadup.exe file from here
    2. Save the file to a convenient location, such as your Windows desktop.

    NOTE : If you are on a network or if you have a full-time connection to the Internet, disconnect the computer to the network or to the Internet connection.

    3. Close all the running programs.

    4. Locate the file that you just downloaded.
    5. Double-click the FixDownadup.exe file to start the removal tool.
    6. Click Start to begin the process, and then allow the tool to run.

    NOTE: If you have any problems when you run the tool, or it does nor appear to remove the threat, restart the computer in Safe mode and run the tool again.

    7. Restart the computer.
    8. Run the removal tool again to ensure that the system is clean.
    9. Install patch for the Microsoft Windows Server Service RPC Handling Remote Code Execution Vulnerability by choosing your operating system.
    10. If you are on a network or if you have a full-time connection to the Internet, reconnect the computer to the network or to the Internet connection.

    after that run mbam again

    Please reply with

    Malwarebytes' Anti-Malware Log

    Thanks peku006
    I don't help with logs thru PM. If you have problems create a thread in the forum, please.

  2. #52
    Member
    Join Date
    Jul 2010
    Posts
    73

    Default fixdownadup

    peku006,

    This is very frustrating. Ran fixdownadup as you instructed (twice). Worm wouldn't let me navigate to symantec so I had to download it from another computer. It detected something, so I ran it again. Then for fun I attempted to navigate to Symantec and it worked. But less than an hour later, I was unable to navigate to these sites and MB picked up an infection again. It's lurking and regenerating!!! Aliens in my computer!!!!!!!!!! Here are MB log and fixdownadup log.

    HELP!!!!!!!!!!!!!!!!!!


    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Database version: 5153

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    11/19/2010 11:48:34 AM
    mbam-log-2010-11-19 (11-48-34).txt

    Scan type: Full scan (C:\|)
    Objects scanned: 259140
    Time elapsed: 1 hour(s), 7 minute(s), 48 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 1

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    C:\WINDOWS\system32\mxpcivny.dll (Worm.Conficker) -> Quarantined and deleted successfully.



    Here is fixdownadup log:


    Symantec W32.Downadup Removal Tool 1.1.0.7
    process: svchost.exe, thread: 0000015C (terminated)
    process: svchost.exe, thread: 00000F90 (terminated)
    process: svchost.exe, thread: 00000A9C (terminated)
    process: svchost.exe, thread: 00000FE0 (terminated)
    process: svchost.exe, thread: 00000944 (terminated)
    process: svchost.exe, thread: 0000080C (terminated)
    process: svchost.exe, thread: 00000700 (terminated)
    process: svchost.exe, thread: 000001F4 (terminated)
    process: svchost.exe (terminated)


    ERROR: Can't change ACL/permissions for file C:\Documents and Settings\john kallas\Local Settings\Application Data\Microsoft\CardSpace\CardSpaceSP2.db; file not scanned

    ERROR: Can't change ACL/permissions for file C:\Documents and Settings\john kallas\Local Settings\Application Data\Microsoft\CardSpace\CardSpaceSP2.db.shadow; file not scanned

    registry: HKLM\system\CurrentControlSet\Services\BITS: Start (value set to 0x00000003 (3))
    registry: HKLM\system\CurrentControlSet\Services\wuauserv: Start (value set to 0x00000002 (2))
    registry: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\ShellServiceObjects\{FD6905CE-952F-41F1-9A6F-135D9C6622CC}\AutoStart (value set to "")

    W32.Downadup has been successfully removed from your computer!

    Here is the report:

    The total number of the scanned files: 81528
    The number of deleted threat files: 0
    The number of threat processes terminated: 1
    The number of threat threads terminated: 8
    The number of registry entries fixed: 3

    The system requires a reboot but was not rebooted.
    To clean up all remnants of the threat from the system it must be rebooted.

  3. #53
    Emeritus- Security Expert peku006's Avatar
    Join Date
    Feb 2007
    Location
    Norway
    Posts
    3,103

    Default

    Hi John
    yeah ,it comes back

    • Download OTS by Oldtimer to your Desktop and double-click on it to extract the files.

      • NOTE: You must be logged on to the system with an account that has Administrator privileges to run this program.

    • Close ALL OTHER PROGRAMS.
    • Double-click on OTS.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
    • Click the Scan All Users checkbox on the toolbar.
    • Do not change any other settings.
    • Now click the Run Scan button on the toolbar.
    • Let it run unhindered until it finishes.
    • When the scan is complete Notepad will open with the report file loaded in it.
    • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
    • Close Notepad (saving the change if necessry).


    Thanks peku006
    I don't help with logs thru PM. If you have problems create a thread in the forum, please.

  4. #54
    Member
    Join Date
    Jul 2010
    Posts
    73

    Default Ots

    I will do this first thing, Monday.

    Thanks!

  5. #55
    Member
    Join Date
    Jul 2010
    Posts
    73

    Default OTS log

    Peku006, sorry for taking so long, I have been away from the office. Here is the OTS log. Had to splint into two posts. Let me know if you see anything unusual.

    [code]
    OTS logfile created on: 11/23/2010 12:08:55 PM - Run 1
    OTS by OldTimer - Version 3.1.40.1 Folder = C:\Documents and Settings\john\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1,014.00 Mb Total Physical Memory | 625.00 Mb Available Physical Memory | 62.00% Memory free
    2.00 Gb Paging File | 2.00 Gb Available in Paging File | 90.00% Paging File free
    Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 37.08 Gb Total Space | 4.51 Gb Free Space | 12.17% Space Free | Partition Type: NTFS
    D: Drive not present or media not loaded
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: JOHN
    Current User Name: john
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: All users
    Company Name Whitelist: Off
    Skip Microsoft Files: Off
    File Age = 30 Days

    [Processes - Safe List]
    ots.exe -> C:\Documents and Settings\john\Desktop\OTS.exe -> [2010/11/23 12:07:53 | 000,642,048 | ---- | M] (OldTimer Tools)
    acrotray.exe -> C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe -> [2008/06/11 21:43:26 | 000,640,376 | ---- | M] (Adobe Systems Inc.)
    inetinfo.exe -> C:\WINDOWS\system32\inetsrv\inetinfo.exe -> [2008/04/13 18:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation)
    explorer.exe -> C:\WINDOWS\explorer.exe -> [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation)
    e_s40rp7.exe -> C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE -> [2007/01/11 03:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION)
    isuspm.exe -> C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe -> [2006/09/11 03:40:32 | 000,218,032 | ---- | M] (Macrovision Corporation)
    tdispvol.exe -> C:\WINDOWS\system32\TDispVol.exe -> [2005/12/27 19:34:34 | 000,073,728 | ---- | M] (TOSHIBA Corporation)
    tptray.exe -> C:\Program Files\Toshiba\TouchPad\TPTray.exe -> [2005/12/13 18:28:56 | 000,053,248 | ---- | M] (COMPAL ELECTRONIC INC.)
    tctrliohook.exe -> C:\WINDOWS\system32\TCtrlIOHook.exe -> [2005/12/05 16:50:22 | 000,028,672 | ---- | M] (TOSHIBA)
    zcfgsvc.exe -> C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe -> [2005/12/05 14:37:40 | 000,667,718 | ---- | M] (Intel Corporation)
    ceekey.exe -> C:\Program Files\Toshiba\E-KEY\CeEKey.exe -> [2005/12/01 13:13:42 | 000,671,744 | ---- | M] (COMPAL ELECTRONIC INC.)
    tvstray.exe -> C:\Program Files\Toshiba\Tvs\TvsTray.exe -> [2005/11/30 14:25:22 | 000,073,728 | ---- | M] (TOSHIBA Corporation)
    dot1xcfg.exe -> C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe -> [2005/11/28 13:37:52 | 000,397,381 | ---- | M] (Intel Corporation)
    s24evmon.exe -> C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -> [2005/11/28 13:31:32 | 000,540,745 | ---- | M] (Intel Corporation )
    evteng.exe -> C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -> [2005/11/28 13:29:00 | 000,114,753 | ---- | M] (Intel Corporation)
    regsrvc.exe -> C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -> [2005/11/28 13:28:14 | 000,217,164 | ---- | M] (Intel Corporation)
    sharptray.exe -> C:\Program Files\SHARP\Sharpdesk\SharpTray.exe -> [2005/11/05 19:47:24 | 000,032,768 | ---- | M] (SHARP CORPORATION)
    indexer.exe -> C:\Program Files\SHARP\Sharpdesk\Indexer.exe -> [2005/11/05 19:34:44 | 000,184,320 | ---- | M] (SHARP CORPORATION)
    indextray.exe -> C:\Program Files\SHARP\Sharpdesk\IndexTray.exe -> [2005/11/05 19:32:54 | 000,106,496 | ---- | M] (SHARP CORPORATION)
    dlactrlw.exe -> C:\WINDOWS\system32\DLA\DLACTRLW.EXE -> [2005/10/06 07:20:00 | 000,122,940 | ---- | M] (Sonic Solutions)
    padexe.exe -> C:\Program Files\Toshiba\Touch and Launch\PadExe.exe -> [2005/07/15 12:52:42 | 001,077,322 | ---- | M] (TOSHIBA)
    swupdtmr.exe -> c:\Toshiba\IVP\swupdate\swupdtmr.exe -> [2005/07/12 19:14:42 | 000,040,960 | ---- | M] ()
    zoominghook.exe -> C:\WINDOWS\system32\ZoomingHook.exe -> [2005/06/06 11:58:44 | 000,024,576 | ---- | M] (TOSHIBA)
    tpsmain.exe -> C:\WINDOWS\system32\TPSMain.exe -> [2005/05/31 19:16:44 | 000,282,624 | ---- | M] (TOSHIBA Corporation)
    tpsbattm.exe -> C:\WINDOWS\system32\TPSBattM.exe -> [2005/05/31 19:16:24 | 000,045,056 | ---- | M] (TOSHIBA Corporation)
    smoothview.exe -> C:\Program Files\Toshiba\TOSHIBA Zooming Utility\SmoothView.exe -> [2005/04/26 18:13:20 | 000,122,880 | ---- | M] (TOSHIBA Corporation)
    cfsvcs.exe -> C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe -> [2005/01/17 18:38:38 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION)
    toscdspd.exe -> C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe -> [2004/12/30 02:32:20 | 000,065,536 | ---- | M] (TOSHIBA)
    ramasst.exe -> C:\WINDOWS\system32\RAMASST.exe -> [2004/08/28 02:37:00 | 000,155,648 | ---- | M] (Matsushita Electric Industrial Co., Ltd.)
    dvdramsv.exe -> C:\WINDOWS\system32\DVDRAMSV.exe -> [2004/08/28 02:33:00 | 000,110,592 | ---- | M] (Matsushita Electric Industrial Co., Ltd.)
    cdantsrv.exe -> C:\WINDOWS\system32\drivers\CDANTSRV.EXE -> [2001/09/10 21:08:50 | 000,032,256 | ---- | M] (C-Dilla Ltd)

    [Modules - Safe List]
    ots.exe -> C:\Documents and Settings\john\Desktop\OTS.exe -> [2010/11/23 12:07:53 | 000,642,048 | ---- | M] (OldTimer Tools)
    comctl32.dll -> C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll -> [2010/08/23 10:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation)
    tdispvol.dll -> C:\WINDOWS\system32\TDispVol.dll -> [2002/03/03 06:40:00 | 000,045,056 | ---- | M] ()

    [Win32 Services - Safe List]
    (RoxLiveShare9) LiveShare P2P Server 9 [Auto | Stopped] -> C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe -> File not found
    (PEVSystemStart) PEVSystemStart [Auto | Stopped] -> C:\conremoval\PEV.cfx -> File not found
    (myAgtSvc) McAfee Virus and Spyware Protection Service [Auto | Stopped] -> C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe -> File not found
    (HidServ) Human Interface Device Access [Disabled | Stopped] -> C:\WINDOWS\System32\hidserv.dll -> File not found
    (EngineServer) EngineServer [Auto | Stopped] -> C:\Program Files\McAfee\Managed VirusScan\VScan\EngineServer.exe -> File not found
    (SolidWorks Licensing Service) SolidWorks Licensing Service [On_Demand | Stopped] -> C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe -> [2010/09/01 10:23:24 | 000,079,360 | ---- | M] (SolidWorks)
    (FLEXnet Licensing Service) FLEXnet Licensing Service [On_Demand | Stopped] -> C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -> [2009/06/15 15:02:53 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.)
    (W3SVC) World Wide Web Publishing [Auto | Running] -> C:\WINDOWS\system32\inetsrv\inetinfo.exe -> [2008/04/13 18:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation)
    (SMTPSVC) Simple Mail Transfer Protocol (SMTP) [Auto | Running] -> C:\WINDOWS\system32\inetsrv\inetinfo.exe -> [2008/04/13 18:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation)
    (IISADMIN) IIS Admin [Auto | Running] -> C:\WINDOWS\system32\inetsrv\inetinfo.exe -> [2008/04/13 18:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation)
    (rpcapd) Remote Packet Capture Protocol v.0 (experimental) [On_Demand | Stopped] -> C:\Program Files\WinPcap\rpcapd.exe -> [2007/11/06 14:22:26 | 000,092,792 | ---- | M] (CACE Technologies)
    (EPSON_PM_RPCV4_01) EPSON V3 Service4(01) [Auto | Running] -> C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE -> [2007/01/11 03:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION)
    (S24EventMonitor) Intel(R) PROSet/Wireless Service [Auto | Running] -> C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -> [2005/11/28 13:31:32 | 000,540,745 | ---- | M] (Intel Corporation )
    (EvtEng) Intel(R) PROSet/Wireless Event Log [Auto | Running] -> C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -> [2005/11/28 13:29:00 | 000,114,753 | ---- | M] (Intel Corporation)
    (RegSrvc) Intel(R) PROSet/Wireless Registry Service [Auto | Running] -> C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -> [2005/11/28 13:28:14 | 000,217,164 | ---- | M] (Intel Corporation)
    (Swupdtmr) Swupdtmr [Auto | Running] -> c:\Toshiba\IVP\swupdate\swupdtmr.exe -> [2005/07/12 19:14:42 | 000,040,960 | ---- | M] ()
    (CFSvcs) ConfigFree Service [Auto | Running] -> C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe -> [2005/01/17 18:38:38 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION)
    (DVD-RAM_Service) DVD-RAM_Service [Auto | Running] -> C:\WINDOWS\system32\DVDRAMSV.exe -> [2004/08/28 02:33:00 | 000,110,592 | ---- | M] (Matsushita Electric Industrial Co., Ltd.)
    (C-DillaSrv) C-DillaSrv [Auto | Running] -> C:\WINDOWS\system32\drivers\CDANTSRV.EXE -> [2001/09/10 21:08:50 | 000,032,256 | ---- | M] (C-Dilla Ltd)

    [Driver Services - Safe List]
    (smihlp) SMI helper driver [Kernel | Auto | Stopped] -> C:\Program Files\Protector Suite QL\smihlp.sys -> File not found
    (Lbd) Lbd [File_System | Boot | Stopped] -> C:\WINDOWS\System32\DRIVERS\Lbd.sys -> File not found
    (FileDisk2) FileDisk Protector Kernel Driver [Kernel | Auto | Stopped] -> C:\Program Files\Common Files\Protector Suite QL\Drivers\filedisk.sys -> File not found
    (FdRedir) FdRedir [File_System | Auto | Stopped] -> C:\Program Files\Common Files\Protector Suite QL\Drivers\FdRedir.sys -> File not found
    (catchme) catchme [Kernel | On_Demand | Stopped] -> C:\DOCUME~1\john\LOCALS~1\Temp\catchme.sys -> File not found
    (NETw5x32) Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\NETw5x32.sys -> [2010/05/31 12:58:35 | 006,608,512 | ---- | M] (Intel Corporation)
    (mfetdik) McAfee Inc. mfetdik [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\mfetdik.sys -> [2009/12/15 14:29:52 | 000,055,304 | ---- | M] (McAfee, Inc.)
    (nm) Network Monitor Driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\nmnt.sys -> [2008/04/13 12:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation)
    (HDAudBus) Microsoft UAA Bus Driver for High Definition Audio [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\hdaudbus.sys -> [2008/04/13 10:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider)
    (e1express) Intel(R) PRO/1000 PCI Express Network Connection Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\e1e5132.sys -> [2007/12/11 23:34:40 | 000,242,320 | ---- | M] (Intel Corporation)
    (NPF) NetGroup Packet Filter Driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\npf.sys -> [2007/11/06 14:22:06 | 000,034,064 | ---- | M] (CACE Technologies)
    (ASCTRM) ASCTRM [Kernel | Auto | Running] -> C:\WINDOWS\System32\drivers\asctrm.sys -> [2005/12/29 14:21:07 | 000,008,552 | ---- | M] (Windows (R) 2000 DDK provider)
    (TcUsb) TC USB Kernel Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\tcusb.sys -> [2005/12/16 17:40:32 | 000,028,800 | ---- | M] (UPEK Inc.)
    (IntcAzAudAddService) Service for Realtek HD Audio (WDM) [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\RtkHDAud.Sys -> [2005/12/09 18:48:40 | 004,123,136 | ---- | M] (Realtek Semiconductor Corp.)
    (w39n51) Intel(R) PRO/Wireless 3945ABG Adapter Driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\w39n51.sys -> [2005/12/05 03:55:30 | 001,428,096 | ---- | M] (Intel® Corporation)
    (TPwSav) Common Driver [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\TPwSav.sys -> [2005/12/01 12:55:24 | 000,011,264 | ---- | M] (TOSHIBA )
    (Tvs) TOSHIBA Virtual Sound with SRS technologies [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\Tvs.sys -> [2005/11/30 13:01:02 | 000,043,392 | ---- | M] (TOSHIBA Corporation)
    (tifm21) tifm21 [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\tifm21.sys -> [2005/11/30 12:12:36 | 000,162,560 | ---- | M] (Texas Instruments)
    (s24trans) WLAN Transport [Kernel | Auto | Running] -> C:\WINDOWS\system32\drivers\s24trans.sys -> [2005/11/28 14:09:26 | 000,013,568 | ---- | M] (Intel Corporation)
    (AgereSoftModem) TOSHIBA V92 Software Modem [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\AGRSM.sys -> [2005/11/15 11:00:22 | 001,122,656 | ---- | M] (Agere Systems)
    (DLAUDFAM) DLAUDFAM [File_System | Auto | Running] -> C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -> [2005/10/06 07:20:00 | 000,094,332 | ---- | M] (Sonic Solutions)
    (DLAUDF_M) DLAUDF_M [File_System | Auto | Running] -> C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -> [2005/10/06 07:20:00 | 000,087,036 | ---- | M] (Sonic Solutions)
    (DLAIFS_M) DLAIFS_M [File_System | Auto | Running] -> C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -> [2005/10/06 07:20:00 | 000,086,524 | ---- | M] (Sonic Solutions)
    (DLABOIOM) DLABOIOM [File_System | Auto | Running] -> C:\WINDOWS\system32\DLA\DLABOIOM.SYS -> [2005/10/06 07:20:00 | 000,025,628 | ---- | M] (Sonic Solutions)
    (DLAOPIOM) DLAOPIOM [File_System | Auto | Running] -> C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -> [2005/10/06 07:20:00 | 000,014,684 | ---- | M] (Sonic Solutions)
    (DLAPoolM) DLAPoolM [File_System | Auto | Running] -> C:\WINDOWS\system32\DLA\DLAPoolM.SYS -> [2005/10/06 07:20:00 | 000,006,364 | ---- | M] (Sonic Solutions)
    (DLADResN) DLADResN [File_System | Auto | Running] -> C:\WINDOWS\system32\DLA\DLADResN.SYS -> [2005/10/06 07:20:00 | 000,002,496 | ---- | M] (Sonic Solutions)
    (DRVMCDB) DRVMCDB [Kernel | Boot | Running] -> C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -> [2005/09/12 05:30:00 | 000,089,264 | ---- | M] (Sonic Solutions)
    (DLACDBHM) DLACDBHM [File_System | System | Running] -> C:\WINDOWS\system32\drivers\DLACDBHM.SYS -> [2005/08/25 14:16:52 | 000,005,628 | ---- | M] (Sonic Solutions)
    (DLARTL_N) DLARTL_N [File_System | System | Running] -> C:\WINDOWS\system32\drivers\DLARTL_N.SYS -> [2005/08/25 14:16:16 | 000,022,684 | ---- | M] (Sonic Solutions)
    (DRVNDDM) DRVNDDM [File_System | Auto | Running] -> C:\WINDOWS\system32\drivers\DRVNDDM.SYS -> [2005/08/12 07:20:00 | 000,040,544 | ---- | M] (Sonic Solutions)
    (meiudf) meiudf [File_System | System | Running] -> C:\WINDOWS\system32\drivers\meiudf.sys -> [2005/06/02 05:33:00 | 000,102,384 | ---- | M] (Matsushita Electric Industrial Co.,Ltd.)
    (ApfiltrService) Alps Pointing-device Filter Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\Apfiltr.sys -> [2004/11/15 18:22:08 | 000,101,874 | ---- | M] (Alps Electric Co., Ltd.)
    (TBiosDrv) TBiosDrv [Kernel | Auto | Running] -> C:\WINDOWS\system32\drivers\tbiosdrv.sys -> [2003/06/11 10:53:22 | 000,006,867 | ---- | M] ()
    (Netdevio) TOSHIBA Network Device Usermode I/O Protocol [Kernel | Auto | Running] -> C:\WINDOWS\system32\drivers\Netdevio.sys -> [2003/01/29 16:35:00 | 000,012,032 | ---- | M] (TOSHIBA Corporation.)
    (wanatw) WAN Miniport (ATW) [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\wanatw4.sys -> [2003/01/10 14:13:04 | 000,033,588 | R--- | M] (America Online, Inc.)
    (C-Dilla) C-Dilla [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\CDANT.SYS -> [2001/09/10 21:09:46 | 000,057,392 | ---- | M] (Macrovision)

    [Registry - Safe List]
    < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
    < Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> ->
    HKEY_USERS\.DEFAULT\: "ProxyEnable" -> 0 ->
    HKEY_USERS\.DEFAULT\: "ProxyOverride" -> 192.168.1.*;127.0.0.*;192.168.0.*;192.168.2.* ->
    < Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> ->
    HKEY_USERS\S-1-5-18\: "ProxyEnable" -> 0 ->
    HKEY_USERS\S-1-5-18\: "ProxyOverride" -> 192.168.1.*;127.0.0.*;192.168.0.*;192.168.2.* ->
    < Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> ->
    HKEY_USERS\S-1-5-19\: Main\\"Start Page" -> http://www.toshibadirect.com/dpdstart ->
    < Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> ->
    HKEY_USERS\S-1-5-20\: Main\\"Start Page" -> http://www.toshibadirect.com/dpdstart ->
    < Internet Explorer Settings [HKEY_USERS\S-1-5-21-231871864-4208583636-2575965058-1167\] > -> ->
    HKEY_USERS\S-1-5-21-231871864-4208583636-2575965058-1167\: Main\\"Start Page" -> http://www.google.com/webhp?rls=ig ->
    HKEY_USERS\S-1-5-21-231871864-4208583636-2575965058-1167\: "ProxyEnable" -> 0 ->
    HKEY_USERS\S-1-5-21-231871864-4208583636-2575965058-1167\: "ProxyOverride" -> 192.168.1.*;127.0.0.*;192.168.0.*;192.168.2.* ->
    < FireFox Settings [Prefs.js] > -> C:\Documents and Settings\john\Application Data\Mozilla\FireFox\Profiles\8kgpj2zy.default\prefs.js ->
    extensions.enabledItems -> {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 ->
    extensions.enabledItems -> jqs@sun.com:1.0 ->
    < FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
    HKLM\software\mozilla\Firefox\Extensions -> ->
    HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions -> ->
    HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components -> C:\Program Files\Mozilla Firefox\components [C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS] -> [2010/11/18 11:53:37 | 000,000,000 | ---D | M]
    HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins -> C:\Program Files\Mozilla Firefox\plugins [C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS] -> [2010/11/23 11:48:34 | 000,000,000 | ---D | M]
    < FireFox Extensions [User Folders] > ->
    -> C:\Documents and Settings\john\Application Data\Mozilla\Extensions -> [2010/11/18 11:53:45 | 000,000,000 | ---D | M]
    -> C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\8kgpj2zy.default\extensions -> [2010/11/18 11:53:50 | 000,000,000 | ---D | M]
    No name found -> C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\8kgpj2zy.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} -> [2010/11/18 11:53:50 | 000,000,000 | ---D | M]
    -> C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\8kgpj2zy.default\extensions\staged-xpis -> [2010/11/18 11:53:50 | 000,000,000 | ---D | M]
    < FireFox Extensions [Program Folders] > ->
    -> C:\Program Files\Mozilla Firefox\extensions -> [2010/05/03 15:14:07 | 000,000,000 | ---D | M]
    Java Console -> C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} -> [2010/05/03 15:14:08 | 000,000,000 | ---D | M]
    < HOSTS File > ([2010/07/27 09:06:07 | 000,000,027 | ---- | M] - 1 lines) -> C:\WINDOWS\system32\drivers\etc\hosts ->
    Reset Hosts
    127.0.0.1 localhost
    < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
    {53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> [2009/01/26 14:31:02 | 001,879,896 | ---- | M] (Safer Networking Limited)
    {5CA3D70E-1895-11CF-8E15-001234567890} [HKLM] -> C:\WINDOWS\system32\DLA\DLASHX_W.DLL [DriveLetterAccess] -> [2005/10/06 07:20:00 | 000,110,652 | ---- | M] (Sonic Solutions)
    {AE7CD045-E861-484f-8273-0445EE161910} [HKLM] -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [Adobe PDF Conversion Toolbar Helper] -> [2008/06/11 21:42:44 | 000,345,480 | ---- | M] (Adobe Systems Incorporated)
    {F4971EE7-DAA0-4053-9964-665D8EE6A077} [HKLM] -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [SmartSelect Class] -> [2008/06/11 21:42:44 | 000,345,480 | ---- | M] (Adobe Systems Incorporated)
    < Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
    "{47833539-D0C5-4125-9FA8-0819E2EAAC93}" [HKLM] -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [Adobe PDF] -> [2008/06/11 21:42:44 | 000,345,480 | ---- | M] (Adobe Systems Incorporated)
    < Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-231871864-4208583636-2575965058-1167\] > -> HKEY_USERS\S-1-5-21-231871864-4208583636-2575965058-1167\Software\Microsoft\Internet Explorer\Toolbar\ ->
    WebBrowser\\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
    WebBrowser\\"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" [HKLM] -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [Adobe PDF] -> [2008/06/11 21:42:44 | 000,345,480 | ---- | M] (Adobe Systems Incorporated)
    < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
    "Acrobat Assistant 8.0" -> C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe ["C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"] -> [2008/06/11 21:43:26 | 000,640,376 | ---- | M] (Adobe Systems Inc.)
    "Adobe Acrobat Speed Launcher" -> C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe ["C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"] -> [2008/06/12 01:25:18 | 000,037,232 | ---- | M] (Adobe Systems Incorporated)
    "CeEKEY" -> C:\Program Files\Toshiba\E-KEY\CeEKey.exe [C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe] -> [2005/12/01 13:13:42 | 000,671,744 | ---- | M] (COMPAL ELECTRONIC INC.)
    "DLA" -> C:\WINDOWS\system32\DLA\DLACTRLW.EXE [C:\WINDOWS\System32\DLA\DLACTRLW.EXE] -> [2005/10/06 07:20:00 | 000,122,940 | ---- | M] (Sonic Solutions)
    "Indexer" -> C:\Program Files\Sharp\Sharpdesk\Indexer.exe ["C:\Program Files\Sharp\Sharpdesk\Indexer.exe"] -> [2005/11/05 19:34:44 | 000,184,320 | ---- | M] (SHARP CORPORATION)
    "IndexTray" -> C:\Program Files\Sharp\Sharpdesk\IndexTray.exe ["C:\Program Files\Sharp\Sharpdesk\IndexTray.exe"] -> [2005/11/05 19:32:54 | 000,106,496 | ---- | M] (SHARP CORPORATION)
    "IntelZeroConfig" -> C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe ["C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"] -> [2005/12/05 14:37:40 | 000,667,718 | ---- | M] (Intel Corporation)
    "MVS Splash" -> C:\Program Files\McAfee\Managed VirusScan\DesktopUI\XTray.exe ["C:\Program Files\McAfee\Managed VirusScan\DesktopUI\XTray.exe" /LOGON] -> File not found
    "PadTouch" -> C:\Program Files\Toshiba\Touch and Launch\PadExe.exe [C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe] -> [2005/07/15 12:52:42 | 001,077,322 | ---- | M] (TOSHIBA)
    "Pinger" -> c:\toshiba\ivp\ism\pinger.exe [c:\toshiba\ivp\ism\pinger.exe /run] -> [2005/03/17 19:37:26 | 000,151,552 | ---- | M] (TOSHIBA Corporation)
    "SharpTray" -> C:\Program Files\Sharp\Sharpdesk\SharpTray.exe ["C:\Program Files\Sharp\Sharpdesk\SharpTray.exe"] -> [2005/11/05 19:47:24 | 000,032,768 | ---- | M] (SHARP CORPORATION)
    "SmoothView" -> C:\Program Files\Toshiba\TOSHIBA Zooming Utility\SmoothView.exe [C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe] -> [2005/04/26 18:13:20 | 000,122,880 | ---- | M] (TOSHIBA Corporation)
    "TCtryIOHook" -> C:\WINDOWS\System32\TCtrlIOHook.exe [TCtrlIOHook.exe] -> [2005/12/05 16:50:22 | 000,028,672 | ---- | M] (TOSHIBA)
    "TDispVol" -> C:\WINDOWS\System32\TDispVol.exe [TDispVol.exe] -> [2005/12/27 19:34:34 | 000,073,728 | ---- | M] (TOSHIBA Corporation)
    "TPNF" -> C:\Program Files\Toshiba\TouchPad\TPTray.exe [C:\Program Files\TOSHIBA\TouchPad\TPTray.exe] -> [2005/12/13 18:28:56 | 000,053,248 | ---- | M] (COMPAL ELECTRONIC INC.)
    "TPSMain" -> C:\WINDOWS\System32\TPSMain.exe [TPSMain.exe] -> [2005/05/31 19:16:44 | 000,282,624 | ---- | M] (TOSHIBA Corporation)
    "Tvs" -> C:\Program Files\Toshiba\Tvs\TvsTray.exe [C:\Program Files\Toshiba\Tvs\TvsTray.exe] -> [2005/11/30 14:25:22 | 000,073,728 | ---- | M] (TOSHIBA Corporation)
    "TypeRegChecker" -> C:\Program Files\Sharp\Sharpdesk\TypeRegChecker.exe ["C:\Program Files\Sharp\Sharpdesk\TypeRegChecker.exe"] -> [2005/11/05 19:35:22 | 000,057,344 | ---- | M] (SHARP CORPORATION)
    "ZoomingHook" -> C:\WINDOWS\System32\ZoomingHook.exe [ZoomingHook.exe] -> [2005/06/06 11:58:44 | 000,024,576 | ---- | M] (TOSHIBA)
    < Run [HKEY_USERS\S-1-5-21-231871864-4208583636-2575965058-1167\] > -> HKEY_USERS\S-1-5-21-231871864-4208583636-2575965058-1167\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
    "ISUSPM" -> C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe ["C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler] -> [2006/09/11 03:40:32 | 000,218,032 | ---- | M] (Macrovision Corporation)
    "TOSCDSPD" -> C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe [C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe] -> [2004/12/30 02:32:20 | 000,065,536 | ---- | M] (TOSHIBA)
    < Administrator Startup Folder > -> C:\Documents and Settings\Administrator\Start Menu\Programs\Startup ->
    < All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\RAMASST.lnk -> C:\WINDOWS\system32\RAMASST.exe -> [2004/08/28 02:37:00 | 000,155,648 | ---- | M] (Matsushita Electric Industrial Co., Ltd.)
    < Default User Startup Folder > -> C:\Documents and Settings\Default User\Start Menu\Programs\Startup ->
    < john Startup Folder > -> C:\Documents and Settings\john\Start Menu\Programs\Startup ->
    < john kallas Startup Folder > -> C:\Documents and Settings\john kallas\Start Menu\Programs\Startup ->
    < johnk Startup Folder > -> C:\Documents and Settings\johnk\Start Menu\Programs\Startup ->
    < McAfeeMVSUser Startup Folder > -> C:\Documents and Settings\McAfeeMVSUser\Start Menu\Programs\Startup ->
    < Software Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions
    \Infodelivery\Restrictions\\"NoUpdateCheck" -> [1] -> File not found
    < Software Policy Settings [HKEY_USERS\S-1-5-21-231871864-4208583636-2575965058-1167] > -> HKEY_USERS\S-1-5-21-231871864-4208583636-2575965058-1167\SOFTWARE\Policies\Microsoft\Internet Explorer ->
    < CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
    \\"NoCDBurning" -> [0] -> File not found
    \\"HonorAutoRunSetting" -> [1] -> File not found
    \\"LinkResolveIgnoreLinkInfo" -> [0] -> File not found
    \\"NoResolveSearch" -> [1] -> File not found
    \\"NoDriveAutoRun" -> [67108863] -> File not found
    \\"NoDriveTypeAutoRun" -> [323] -> File not found
    \\"NoDrives" -> [0] -> File not found
    < CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
    < CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
    HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
    \\"NoDriveTypeAutoRun" -> [323] -> File not found
    \\"NoDriveAutoRun" -> [67108863] -> File not found
    < CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
    < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
    HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
    \\"NoDriveTypeAutoRun" -> [323] -> File not found
    \\"NoDriveAutoRun" -> [67108863] -> File not found
    < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
    < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
    HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
    \\"NoDriveTypeAutoRun" -> [145] -> File not found
    < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
    HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
    \\"NoDriveTypeAutoRun" -> [145] -> File not found
    < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-231871864-4208583636-2575965058-1167] > -> HKEY_USERS\S-1-5-21-231871864-4208583636-2575965058-1167\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
    HKEY_USERS\S-1-5-21-231871864-4208583636-2575965058-1167\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
    \\"NoDriveTypeAutoRun" -> [323] -> File not found
    \\"LinkResolveIgnoreLinkInfo" -> [0] -> File not found
    \\"NoDriveAutoRun" -> [67108863] -> File not found
    \\"NoDrives" -> [0] -> File not found
    < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-231871864-4208583636-2575965058-1167] > -> HKEY_USERS\S-1-5-21-231871864-4208583636-2575965058-1167\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
    HKEY_USERS\S-1-5-21-231871864-4208583636-2575965058-1167\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
    < Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-231871864-4208583636-2575965058-1167\] > -> HKEY_USERS\S-1-5-21-231871864-4208583636-2575965058-1167\Software\Microsoft\Internet Explorer\MenuExt\ ->
    &Google Search -> C:\Program Files\Google\GoogleToolbar1.dll [res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html] -> [2005/12/29 13:51:51 | 000,720,896 | ---- | M] (Google Inc.)
    Append Link Target to Existing PDF -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html] -> [2008/06/11 21:42:44 | 000,345,480 | ---- | M] (Adobe Systems Incorporated)
    Append to Existing PDF -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html] -> [2008/06/11 21:42:44 | 000,345,480 | ---- | M] (Adobe Systems Incorporated)
    Backward Links -> C:\Program Files\Google\GoogleToolbar1.dll [res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html] -> [2005/12/29 13:51:51 | 000,720,896 | ---- | M] (Google Inc.)
    Cached Snapshot of Page -> C:\Program Files\Google\GoogleToolbar1.dll [res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html] -> [2005/12/29 13:51:51 | 000,720,896 | ---- | M] (Google Inc.)
    Convert Link Target to Adobe PDF -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html] -> [2008/06/11 21:42:44 | 000,345,480 | ---- | M] (Adobe Systems Incorporated)
    Convert to Adobe PDF -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html] -> [2008/06/11 21:42:44 | 000,345,480 | ---- | M] (Adobe Systems Incorporated)
    Similar Pages -> C:\Program Files\Google\GoogleToolbar1.dll [res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html] -> [2005/12/29 13:51:51 | 000,720,896 | ---- | M] (Google Inc.)
    Translate into English -> C:\Program Files\Google\GoogleToolbar1.dll [res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html] -> [2005/12/29 13:51:51 | 000,720,896 | ---- | M] (Google Inc.)
    < Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
    {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBC} [HKLM] -> C:\Program Files\Java\jre6\bin\npjpi160_20.dll [Menu: Sun Java Console] -> [2010/04/12 16:29:21 | 000,136,992 | ---- | M] (Sun Microsystems, Inc.)
    {DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [Menu: Spybot - Search & Destroy Configuration] -> [2009/01/26 14:31:02 | 001,879,896 | ---- | M] (Safer Networking Limited)
    < Internet Explorer Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\ ->
    CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] -> C:\Program Files\Java\jre6\bin\npjpi160_20.dll [Sun Java Console] -> [2010/04/12 16:29:21 | 000,136,992 | ---- | M] (Sun Microsystems, Inc.)
    < Internet Explorer Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\ ->
    CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] -> C:\Program Files\Java\jre6\bin\npjpi160_20.dll [Sun Java Console] -> [2010/04/12 16:29:21 | 000,136,992 | ---- | M] (Sun Microsystems, Inc.)
    < Internet Explorer Extensions [HKEY_USERS\S-1-5-21-231871864-4208583636-2575965058-1167\] > -> HKEY_USERS\S-1-5-21-231871864-4208583636-2575965058-1167\Software\Microsoft\Internet Explorer\Extensions\ ->
    CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] -> C:\Program Files\Java\jre6\bin\npjpi160_20.dll [Sun Java Console] -> [2010/04/12 16:29:21 | 000,136,992 | ---- | M] (Sun Microsystems, Inc.)
    < Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
    < Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
    "" -> http://
    < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 18 domain(s) found. ->
    //about.htm/ .[myui] -> Trusted sites ->
    //Exclude.htm/ .[myui] -> Trusted sites ->
    //LanguageSelection.htm/ .[myui] -> Trusted sites ->
    //Message.htm/ .[myui] -> Trusted sites ->
    //MyAgttryCmd.htm/ .[myui] -> Trusted sites ->
    //MyAgttryNag.htm/ .[myui] -> Trusted sites ->
    //MyNotification.htm/ .[myui] -> Trusted sites ->
    //NOCLessUpdate.htm/ .[myui] -> Trusted sites ->
    //quarantine.htm/ .[myui] -> Trusted sites ->
    //ScanNow.htm/ .[myui] -> Trusted sites ->
    //strings.vbs/ .[myui] -> Trusted sites ->
    //Template.htm/ .[myui] -> Trusted sites ->
    //Update.htm/ .[myui] -> Trusted sites ->
    //VirFound.htm/ .[myui] -> Trusted sites ->
    www_isqft.com [https] -> Trusted sites ->
    *_mcafee.com [http] -> Trusted sites ->
    *_mcafee.com [https] -> Trusted sites ->
    betavscan_mcafeeasap.com [http] -> Trusted sites ->
    betavscan_mcafeeasap.com [https] -> Trusted sites ->
    vs_mcafeeasap.com [http] -> Trusted sites ->
    vs_mcafeeasap.com [https] -> Trusted sites ->
    www_mcafeeasap.com [http] -> Trusted sites ->
    www_mcafeeasap.com [https] -> Trusted sites ->
    < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
    < Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
    HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4819 domain(s) found. ->
    www_isqft.com [https] -> Trusted sites ->
    < Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
    HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
    < Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
    HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4819 domain(s) found. ->
    www_isqft.com [https] -> Trusted sites ->
    < Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
    HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
    < Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
    HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
    < Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
    HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
    < Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
    HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
    < Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
    HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
    < Trusted Sites Domains [HKEY_USERS\S-1-5-21-231871864-4208583636-2575965058-1167\] > -> HKEY_USERS\S-1-5-21-231871864-4208583636-2575965058-1167\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
    HKEY_USERS\S-1-5-21-231871864-4208583636-2575965058-1167\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4818 domain(s) found. ->
    www_isqft.com [https] -> Trusted sites ->
    < Trusted Sites Ranges [HKEY_USERS\S-1-5-21-231871864-4208583636-2575965058-1167\] > -> HKEY_USERS\S-1-5-21-231871864-4208583636-2575965058-1167\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
    HKEY_USERS\S-1-5-21-231871864-4208583636-2575965058-1167\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
    < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
    {02BCC737-B171-4746-94C9-0D8A0B2C0089} [HKLM] -> http://office.microsoft.com/sites/production/ieawsdc32.cab [Microsoft Office Template and Media Control] ->
    {5ED80217-570B-4DA9-BF44-BE107C0EC166} [HKLM] -> http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6770.cab [Windows Live Safety Center Base Module] ->
    {6414512B-B978-451D-A0D8-FCFDF33E833C} [HKLM] -> http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1280770706517 [WUWebControl Class] ->
    {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} [HKLM] -> http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1280770671086 [MUWebControl Class] ->
    {7530BFB8-7293-4D34-9923-61A11451AFC5} [HKLM] -> http://download.eset.com/special/eos/OnlineScanner.cab [OnlineScanner Control] ->
    {8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab [Java Plug-in 1.6.0_20] ->
    {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab [Java Plug-in 1.6.0_20] ->
    {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab [Java Plug-in 1.6.0_20] ->
    {D27CDB6E-AE6D-11CF-96B8-444553540000} [HKLM] -> http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab [Shockwave Flash Object] ->
    {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [HKLM] -> http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab [Reg Error: Value error.] ->
    < Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ ->
    DhcpNameServer -> 192.168.1.254 ->
    Domain -> SmithEng.local ->
    < Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
    {C0C6EE0E-425C-4CB7-8CC6-1FF28B11005D}\\DhcpNameServer -> 192.168.0.1 (Intel(R) PRO/1000 PL Network Connection) ->
    {CCCBBBEE-AC1A-41A8-BA75-D8041DD75B28}\\DhcpNameServer -> 192.168.1.254 (Intel(R) PRO/Wireless 3945ABG Network Connection) ->
    < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
    *Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell ->
    Explorer.exe -> C:\WINDOWS\explorer.exe -> [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation)
    *MultiFile Done* -> ->
    < Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
    igfxcui -> C:\WINDOWS\System32\igfxdev.dll -> [2005/11/28 15:51:04 | 000,135,168 | ---- | M] (Intel Corporation)
    < Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List ->
    "C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe [C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe] -> File not found
    "C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe [C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe] -> File not found
    "C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe [C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe] -> File not found
    "C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe [C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe:*:Enabled:hpofxs08.exe] -> File not found
    "C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" -> C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe [C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe] -> File not found
    "C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" -> C:\Program Files\HP\Digital Imaging\bin\hposid01.exe [C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe] -> File not found
    "C:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe [C:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe:*:Enabled:hpqfxt08.exe] -> File not found
    "C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe [C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe] -> File not found
    "C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe [C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe] -> File not found
    "C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe [C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe] -> File not found
    "C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe [C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe] -> File not found
    "C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe] -> File not found
    "C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe [C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe] -> File not found
    "C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe [C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe] -> File not found
    "C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe [C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe] -> File not found
    "C:\Program Files\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe" -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe [C:\Program Files\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe] -> File not found
    "C:\Program Files\HP\HP Software Update\hpwucli.exe" -> C:\Program Files\HP\HP Software Update\hpwucli.exe [C:\Program Files\HP\HP Software Update\hpwucli.exe:*:Enabled:hpwucli.exe] -> File not found
    "C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe" -> C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe [C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe:*:Enabled:Managed Services Agent] -> File not found
    "C:\Program Files\SHARP\Sharpdesk\FTPServer.exe" -> C:\Program Files\SHARP\Sharpdesk\FTPServer.exe [C:\Program Files\SHARP\Sharpdesk\FTPServer.exe:*:Enabled:Network Scanner Tool] -> [2005/11/05 19:04:26 | 000,688,128 | ---- | M] (SHARP CORPORATION)
    "C:\WINDOWS\system32\mmc.exe" -> C:\WINDOWS\System32\mmc.exe [C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console] -> [2008/04/13 18:12:25 | 001,414,656 | ---- | M] (Microsoft Corporation)
    "D:\setup\hpznui01.exe" -> D:\setup\hpznui01.exe [D:\setup\hpznui01.exe:*:Enabled:hpznui01.exe] -> File not found
    < Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List ->
    "C:\Program Files\Common Files\AOL\Loader\aolload.exe" -> C:\Program Files\Common Files\AOL\Loader\aolload.exe [C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Application Loader] -> [2004/10/14 16:33:08 | 000,012,888 | ---- | M] (America Online, Inc.)
    "C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe" -> C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe [C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe:*:Enabled:Managed Services Agent] -> File not found
    "C:\Program Files\SHARP\Sharpdesk\FTPServer.exe" -> C:\Program Files\SHARP\Sharpdesk\FTPServer.exe [C:\Program Files\SHARP\Sharpdesk\FTPServer.exe:*:Enabled:Network Scanner Tool] -> [2005/11/05 19:04:26 | 000,688,128 | ---- | M] (SHARP CORPORATION)
    "C:\TOSHIBA\Ivp\ISM\pinger.exe" -> C:\TOSHIBA\IVP\ISM\pinger.exe [C:\TOSHIBA\IVP\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger] -> [2005/03/17 19:37:26 | 000,151,552 | ---- | M] (TOSHIBA Corporation)
    "C:\TOSHIBA\ivp\NetInt\Netint.exe" -> C:\TOSHIBA\ivp\NetInt\Netint.exe [C:\TOSHIBA\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrade Engine] -> [2004/11/03 17:06:34 | 000,462,848 | ---- | M] (TOSHIBA Corporation)
    < SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot ->
    < CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
    "AutoRun" -> 1 ->
    "DisplayName" -> CD-ROM Driver ->
    "ImagePath" -> [system32\DRIVERS\cdrom.sys] -> File not found
    < MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 ->
    < Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command ->
    comfile [open] -> "%1" %* ->
    exefile [open] -> "%1" %* ->
    < File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ ->
    .com [@ = comfile] -> "%1" %* ->
    .exe [@ = exefile] -> "%1" %* ->
    < File Associations - Select to Repair > -> HKEY_USERS\S-1-5-21-231871864-4208583636-2575965058-1167\SOFTWARE\Classes\<extension>\ ->
    .exe [@ = exefile] -> Reg Error: Key error. -> File not found

  6. #56
    Member
    Join Date
    Jul 2010
    Posts
    73

    Default OTS log Part 2

    [Files/Folders - Created Within 30 Days]
    OTS.exe -> C:\Documents and Settings\john\Desktop\OTS.exe -> [2010/11/23 12:07:42 | 000,642,048 | ---- | C] (OldTimer Tools)
    conremoval -> C:\conremoval -> [2010/11/19 16:17:22 | 000,000,000 | --SD | C]
    SWXCACLS.exe -> C:\WINDOWS\SWXCACLS.exe -> [2010/11/19 14:04:48 | 000,212,480 | ---- | C] (SteelWerX)
    SWREG.exe -> C:\WINDOWS\SWREG.exe -> [2010/11/19 14:04:48 | 000,161,792 | ---- | C] (SteelWerX)
    SWSC.exe -> C:\WINDOWS\SWSC.exe -> [2010/11/19 14:04:48 | 000,136,704 | ---- | C] (SteelWerX)
    NIRCMD.exe -> C:\WINDOWS\NIRCMD.exe -> [2010/11/19 14:04:48 | 000,031,232 | ---- | C] (NirSoft)
    Qoobox -> C:\Qoobox -> [2010/11/19 14:04:36 | 000,000,000 | ---D | C]
    windows-kb890830-v3.13.exe -> C:\Documents and Settings\john\Desktop\windows-kb890830-v3.13.exe -> [2010/11/19 13:41:22 | 011,843,016 | ---- | C] (Microsoft Corporation)
    Mozilla -> C:\Documents and Settings\john\Local Settings\Application Data\Mozilla -> [2010/11/18 11:53:35 | 000,000,000 | ---D | C]
    fixit -> C:\fixit -> [2010/11/17 15:35:43 | 000,000,000 | --SD | C]
    Rooter$ -> C:\Rooter$ -> [2010/11/16 11:32:06 | 000,000,000 | ---D | C]
    Rooter.exe -> C:\Documents and Settings\john\Desktop\Rooter.exe -> [2010/11/16 11:30:59 | 000,173,119 | ---- | C] (Eric_71)
    RootRepeal.exe -> C:\Documents and Settings\john\Desktop\RootRepeal.exe -> [2010/11/16 10:10:18 | 000,472,064 | ---- | C] ( )
    TDSSKiller.exe -> C:\Documents and Settings\john\Desktop\TDSSKiller.exe -> [2010/11/12 13:20:12 | 001,330,776 | ---- | C] (Kaspersky Lab ZAO)
    McAfee -> C:\Documents and Settings\john\Desktop\McAfee -> [2010/11/10 15:21:58 | 000,000,000 | ---D | C]
    trend micro -> C:\Program Files\trend micro -> [2010/11/09 13:50:37 | 000,000,000 | ---D | C]
    rsit -> C:\rsit -> [2010/11/09 13:50:34 | 000,000,000 | ---D | C]
    mbamswissarmy.sys -> C:\WINDOWS\System32\drivers\mbamswissarmy.sys -> [2010/11/08 13:53:10 | 000,038,224 | ---- | C] (Malwarebytes Corporation)
    mbam.sys -> C:\WINDOWS\System32\drivers\mbam.sys -> [2010/11/08 13:52:52 | 000,020,952 | ---- | C] (Malwarebytes Corporation)
    Malwarebytes' Anti-Malware -> C:\Program Files\Malwarebytes' Anti-Malware -> [2010/11/08 13:51:36 | 000,000,000 | ---D | C]
    mbam-setup-1.46.exe -> C:\Documents and Settings\john\Desktop\mbam-setup-1.46.exe -> [2010/11/08 13:50:30 | 006,153,352 | ---- | C] (Malwarebytes Corporation )
    2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp ->
    1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp ->

    [Files/Folders - Modified Within 30 Days]
    OTS.exe -> C:\Documents and Settings\john\Desktop\OTS.exe -> [2010/11/23 12:07:53 | 000,642,048 | ---- | M] (OldTimer Tools)
    Adobe Reader 9.lnk -> C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk -> [2010/11/23 11:48:36 | 000,001,769 | ---- | M] ()
    wpa.dbl -> C:\WINDOWS\System32\wpa.dbl -> [2010/11/23 11:46:57 | 000,001,158 | ---- | M] ()
    bootstat.dat -> C:\WINDOWS\bootstat.dat -> [2010/11/23 11:46:07 | 000,002,048 | --S- | M] ()
    AppleSoftwareUpdate.job -> C:\WINDOWS\tasks\AppleSoftwareUpdate.job -> [2010/11/20 23:41:01 | 000,000,284 | ---- | M] ()
    conremoval.exe -> C:\Documents and Settings\john\Desktop\conremoval.exe -> [2010/11/19 14:13:23 | 003,911,939 | R--- | M] ()
    windows-kb890830-v3.13.exe -> C:\Documents and Settings\john\Desktop\windows-kb890830-v3.13.exe -> [2010/11/19 13:41:22 | 011,843,016 | ---- | M] (Microsoft Corporation)
    Microsoft Office Word 2003.lnk -> C:\Documents and Settings\john\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2003.lnk -> [2010/11/19 09:44:29 | 000,002,515 | ---- | M] ()
    SystemLook.exe -> C:\Documents and Settings\john\Desktop\SystemLook.exe -> [2010/11/18 11:45:16 | 000,075,264 | ---- | M] ()
    complaint form.pdf -> C:\Documents and Settings\john\Desktop\complaint form.pdf -> [2010/11/17 16:18:51 | 000,118,747 | ---- | M] ()
    MBRCheck.exe -> C:\Documents and Settings\john\Desktop\MBRCheck.exe -> [2010/11/16 13:10:10 | 000,080,384 | ---- | M] ()
    Rooter.exe -> C:\Documents and Settings\john\Desktop\Rooter.exe -> [2010/11/16 11:31:02 | 000,173,119 | ---- | M] (Eric_71)
    fixdownadup.exe -> C:\Documents and Settings\john\Desktop\fixdownadup.exe -> [2010/11/12 15:43:51 | 002,348,928 | ---- | M] ()
    Launch Microsoft Office Outlook.lnk -> C:\Documents and Settings\john\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk -> [2010/11/10 15:58:22 | 000,000,832 | ---- | M] ()
    MCPR.exe -> C:\Documents and Settings\john\Desktop\MCPR.exe -> [2010/11/10 15:31:30 | 001,373,616 | ---- | M] ()
    Logfile.pdf -> C:\Documents and Settings\john\Desktop\Logfile.pdf -> [2010/11/09 13:57:52 | 000,044,548 | ---- | M] ()
    Logfile.doc -> C:\Documents and Settings\john\Desktop\Logfile.doc -> [2010/11/09 13:57:41 | 000,098,816 | ---- | M] ()
    info.pdf -> C:\Documents and Settings\john\Desktop\info.pdf -> [2010/11/09 13:56:31 | 000,036,434 | ---- | M] ()
    info.doc -> C:\Documents and Settings\john\Desktop\info.doc -> [2010/11/09 13:55:43 | 000,092,672 | ---- | M] ()
    RSIT.exe -> C:\Documents and Settings\john\Desktop\RSIT.exe -> [2010/11/09 13:50:19 | 000,339,991 | ---- | M] ()
    Malwarebytes' Anti-Malware.lnk -> C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk -> [2010/11/08 13:53:13 | 000,000,736 | ---- | M] ()
    mbam-setup-1.46.exe -> C:\Documents and Settings\john\Desktop\mbam-setup-1.46.exe -> [2010/11/08 13:50:31 | 006,153,352 | ---- | M] (Malwarebytes Corporation )
    scan.com -> C:\Documents and Settings\john\Desktop\scan.com -> [2010/11/08 13:36:18 | 000,630,272 | ---- | M] ()
    dds.scr -> C:\Documents and Settings\john\Desktop\dds.scr -> [2010/11/08 13:28:58 | 000,630,272 | ---- | M] ()
    TDSSKiller.exe -> C:\Documents and Settings\john\Desktop\TDSSKiller.exe -> [2010/11/08 10:55:10 | 001,330,776 | ---- | M] (Kaspersky Lab ZAO)
    gmer.exe -> C:\Documents and Settings\john\Desktop\gmer.exe -> [2010/11/08 10:32:38 | 000,296,448 | ---- | M] ()
    perfh009.dat -> C:\WINDOWS\System32\perfh009.dat -> [2010/11/08 07:46:02 | 000,495,580 | ---- | M] ()
    perfc009.dat -> C:\WINDOWS\System32\perfc009.dat -> [2010/11/08 07:46:02 | 000,090,626 | ---- | M] ()
    MBR.exe -> C:\WINDOWS\MBR.exe -> [2010/11/08 01:20:24 | 000,089,088 | ---- | M] ()
    Microsoft Office Excel 2003.lnk -> C:\Documents and Settings\john\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Excel 2003.lnk -> [2010/11/02 08:02:23 | 000,002,513 | ---- | M] ()
    bug2.pdf -> C:\Documents and Settings\john\Desktop\bug2.pdf -> [2010/11/01 09:17:09 | 000,051,045 | ---- | M] ()
    bug1.pdf -> C:\Documents and Settings\john\Desktop\bug1.pdf -> [2010/11/01 09:16:42 | 000,098,865 | ---- | M] ()
    pool.bin -> C:\WINDOWS\System32\pool.bin -> [2010/11/01 07:43:41 | 000,000,256 | ---- | M] ()
    2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp ->
    18 C:\Documents and Settings\john\Local Settings\temp\*.tmp files -> C:\Documents and Settings\john\Local Settings\temp\*.tmp ->
    1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp ->

    [Files - No Company Name]
    conremoval.exe -> C:\Documents and Settings\john\Desktop\conremoval.exe -> [2010/11/19 14:13:23 | 003,911,939 | R--- | C] ()
    PEV.exe -> C:\WINDOWS\PEV.exe -> [2010/11/19 14:04:48 | 000,256,512 | ---- | C] ()
    sed.exe -> C:\WINDOWS\sed.exe -> [2010/11/19 14:04:48 | 000,098,816 | ---- | C] ()
    MBR.exe -> C:\WINDOWS\MBR.exe -> [2010/11/19 14:04:48 | 000,089,088 | ---- | C] ()
    grep.exe -> C:\WINDOWS\grep.exe -> [2010/11/19 14:04:48 | 000,080,412 | ---- | C] ()
    zip.exe -> C:\WINDOWS\zip.exe -> [2010/11/19 14:04:48 | 000,068,096 | ---- | C] ()
    fixdownadup.exe -> C:\Documents and Settings\john\Desktop\fixdownadup.exe -> [2010/11/19 08:15:29 | 002,348,928 | ---- | C] ()
    SystemLook.exe -> C:\Documents and Settings\john\Desktop\SystemLook.exe -> [2010/11/18 11:45:15 | 000,075,264 | ---- | C] ()
    complaint form.pdf -> C:\Documents and Settings\john\Desktop\complaint form.pdf -> [2010/11/17 16:18:51 | 000,118,747 | ---- | C] ()
    avenger.exe -> C:\Documents and Settings\john\Desktop\avenger.exe -> [2010/11/16 14:44:16 | 000,731,136 | ---- | C] ()
    MBRCheck.exe -> C:\Documents and Settings\john\Desktop\MBRCheck.exe -> [2010/11/16 13:10:09 | 000,080,384 | ---- | C] ()
    gmer.exe -> C:\Documents and Settings\john\Desktop\gmer.exe -> [2010/11/11 09:12:34 | 000,296,448 | ---- | C] ()
    MCPR.exe -> C:\Documents and Settings\john\Desktop\MCPR.exe -> [2010/11/10 15:31:30 | 001,373,616 | ---- | C] ()
    Logfile.pdf -> C:\Documents and Settings\john\Desktop\Logfile.pdf -> [2010/11/09 13:57:47 | 000,044,548 | ---- | C] ()
    Logfile.doc -> C:\Documents and Settings\john\Desktop\Logfile.doc -> [2010/11/09 13:57:41 | 000,098,816 | ---- | C] ()
    info.pdf -> C:\Documents and Settings\john\Desktop\info.pdf -> [2010/11/09 13:56:31 | 000,036,434 | ---- | C] ()
    info.doc -> C:\Documents and Settings\john\Desktop\info.doc -> [2010/11/09 13:55:43 | 000,092,672 | ---- | C] ()
    RSIT.exe -> C:\Documents and Settings\john\Desktop\RSIT.exe -> [2010/11/09 13:50:16 | 000,339,991 | ---- | C] ()
    Malwarebytes' Anti-Malware.lnk -> C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk -> [2010/11/08 13:53:13 | 000,000,736 | ---- | C] ()
    scan.com -> C:\Documents and Settings\john\Desktop\scan.com -> [2010/11/08 13:35:59 | 000,630,272 | ---- | C] ()
    dds.scr -> C:\Documents and Settings\john\Desktop\dds.scr -> [2010/11/08 13:23:50 | 000,630,272 | ---- | C] ()
    bug2.pdf -> C:\Documents and Settings\john\Desktop\bug2.pdf -> [2010/11/01 09:17:01 | 000,051,045 | ---- | C] ()
    bug1.pdf -> C:\Documents and Settings\john\Desktop\bug1.pdf -> [2010/11/01 09:16:42 | 000,098,865 | ---- | C] ()
    housecall.guid.cache -> C:\Documents and Settings\john\Local Settings\Application Data\housecall.guid.cache -> [2010/07/12 14:05:11 | 000,000,036 | ---- | C] ()
    hitmanpro35.sys -> C:\WINDOWS\System32\drivers\hitmanpro35.sys -> [2010/07/08 10:45:32 | 000,016,968 | ---- | C] ()
    TPTray.INI -> C:\WINDOWS\TPTray.INI -> [2010/02/26 13:16:22 | 000,000,000 | ---- | C] ()
    BBMS_EXCEPTION.txt -> C:\Documents and Settings\john\Application Data\BBMS_EXCEPTION.txt -> [2010/01/22 10:50:32 | 000,000,364 | ---- | C] ()
    eDrawingOfficeAutomator.INI -> C:\WINDOWS\eDrawingOfficeAutomator.INI -> [2009/10/20 09:40:22 | 000,000,000 | ---- | C] ()
    $_hpcst$.hpc -> C:\Documents and Settings\john\Application Data\$_hpcst$.hpc -> [2009/08/28 12:13:40 | 000,002,528 | ---- | C] ()
    WirelessFTP.INI -> C:\WINDOWS\WirelessFTP.INI -> [2009/08/27 15:11:33 | 000,000,098 | ---- | C] ()
    ccolwiz.ini -> C:\WINDOWS\ccolwiz.ini -> [2009/08/27 12:37:22 | 000,000,152 | ---- | C] ()
    DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Documents and Settings\john\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2009/08/27 11:48:07 | 000,007,168 | ---- | C] ()
    fontlst2.opf -> C:\Documents and Settings\john\Application Data\fontlst2.opf -> [2009/08/26 19:03:14 | 000,594,638 | ---- | C] ()
    _isusr32.dll -> C:\WINDOWS\_isusr32.dll -> [2009/08/26 18:32:46 | 000,159,744 | ---- | C] ()
    _isusr2k.dll -> C:\WINDOWS\System32\_isusr2k.dll -> [2009/08/26 18:32:39 | 000,045,056 | ---- | C] ()
    ush2.dll -> C:\WINDOWS\System32\ush2.dll -> [2009/08/26 18:32:38 | 000,122,880 | ---- | C] ()
    OGACheckControl.dll -> C:\WINDOWS\System32\OGACheckControl.dll -> [2009/08/03 14:07:42 | 000,403,816 | ---- | C] ()
    hpzinstall.log -> C:\Documents and Settings\All Users\Application Data\hpzinstall.log -> [2009/05/18 11:18:15 | 000,009,731 | ---- | C] ()
    smtpctrs.ini -> C:\WINDOWS\System32\smtpctrs.ini -> [2008/02/05 08:54:40 | 000,021,791 | ---- | C] ()
    ntfsdrct.ini -> C:\WINDOWS\System32\ntfsdrct.ini -> [2008/02/05 08:54:40 | 000,001,037 | ---- | C] ()
    w3ctrs.ini -> C:\WINDOWS\System32\w3ctrs.ini -> [2008/02/05 08:54:02 | 000,038,576 | ---- | C] ()
    axperf.ini -> C:\WINDOWS\System32\axperf.ini -> [2008/02/05 08:54:02 | 000,010,225 | ---- | C] ()
    infoctrs.ini -> C:\WINDOWS\System32\infoctrs.ini -> [2008/02/05 08:54:01 | 000,011,435 | ---- | C] ()
    dirsaver.ini -> C:\WINDOWS\dirsaver.ini -> [2008/01/28 15:19:37 | 000,000,012 | ---- | C] ()
    msoffice.ini -> C:\WINDOWS\msoffice.ini -> [2008/01/28 15:07:27 | 000,000,002 | ---- | C] ()
    smscfg.ini -> C:\WINDOWS\smscfg.ini -> [2008/01/28 14:52:29 | 000,000,061 | ---- | C] ()
    IVIresizeW7.dll -> C:\WINDOWS\System32\IVIresizeW7.dll -> [2008/01/28 14:50:06 | 000,204,800 | ---- | C] ()
    IVIresizeA6.dll -> C:\WINDOWS\System32\IVIresizeA6.dll -> [2008/01/28 14:50:06 | 000,200,704 | ---- | C] ()
    IVIresizeP6.dll -> C:\WINDOWS\System32\IVIresizeP6.dll -> [2008/01/28 14:50:06 | 000,192,512 | ---- | C] ()
    IVIresizeM6.dll -> C:\WINDOWS\System32\IVIresizeM6.dll -> [2008/01/28 14:50:06 | 000,192,512 | ---- | C] ()
    IVIresizePX.dll -> C:\WINDOWS\System32\IVIresizePX.dll -> [2008/01/28 14:50:06 | 000,188,416 | ---- | C] ()
    IVIresize.dll -> C:\WINDOWS\System32\IVIresize.dll -> [2008/01/28 14:50:06 | 000,020,480 | ---- | C] ()
    pthreadVC.dll -> C:\WINDOWS\System32\pthreadVC.dll -> [2007/11/06 14:19:28 | 000,053,299 | ---- | C] ()
    mxpcivny.dll -> C:\WINDOWS\System32\mxpcivny.dll -> [2007/04/18 10:25:36 | 000,167,071 | RHS- | C] ()
    TDispVol.dll -> C:\WINDOWS\System32\TDispVol.dll -> [2006/01/03 01:08:12 | 000,045,056 | ---- | C] ()
    wininit.ini -> C:\WINDOWS\wininit.ini -> [2005/12/29 13:48:11 | 000,000,222 | ---- | C] ()
    QUICKEN.INI -> C:\WINDOWS\QUICKEN.INI -> [2005/12/29 13:45:52 | 000,000,031 | ---- | C] ()
    CSIIDecoder_kern_i386.sys -> C:\WINDOWS\System32\drivers\CSIIDecoder_kern_i386.sys -> [2005/12/29 13:09:56 | 000,036,736 | ---- | C] ()
    TSXT_kern_i386.sys -> C:\WINDOWS\System32\drivers\TSXT_kern_i386.sys -> [2005/12/29 13:09:56 | 000,029,184 | ---- | C] ()
    NDSTray.INI -> C:\WINDOWS\NDSTray.INI -> [2005/12/29 13:01:39 | 000,000,000 | ---- | C] ()
    EBLib.DLL -> C:\WINDOWS\System32\EBLib.DLL -> [2005/12/29 13:01:29 | 000,032,768 | ---- | C] ()
    tbiosdrv.sys -> C:\WINDOWS\System32\drivers\tbiosdrv.sys -> [2005/12/29 12:54:17 | 000,006,867 | ---- | C] ()
    csellang.ini -> C:\WINDOWS\System32\csellang.ini -> [2005/12/29 12:44:17 | 000,128,113 | ---- | C] ()
    csellang.dll -> C:\WINDOWS\System32\csellang.dll -> [2005/12/29 12:44:17 | 000,045,056 | ---- | C] ()
    tosmreg.ini -> C:\WINDOWS\System32\tosmreg.ini -> [2005/12/29 12:44:17 | 000,010,165 | ---- | C] ()
    cseltbl.ini -> C:\WINDOWS\System32\cseltbl.ini -> [2005/12/29 12:44:17 | 000,007,671 | ---- | C] ()
    RtlCPAPI.dll -> C:\WINDOWS\System32\RtlCPAPI.dll -> [2005/12/29 12:35:08 | 000,135,168 | ---- | C] ()
    ODBC.INI -> C:\WINDOWS\ODBC.INI -> [2005/12/29 11:28:28 | 000,000,473 | ---- | C] ()
    fxsperf.ini -> C:\WINDOWS\System32\fxsperf.ini -> [2005/12/29 11:19:47 | 000,001,793 | ---- | C] ()
    ODBCINST.INI -> C:\WINDOWS\ODBCINST.INI -> [2005/12/29 03:15:37 | 000,004,161 | ---- | C] ()
    OEMINFO.INI -> C:\WINDOWS\System32\OEMINFO.INI -> [2005/12/29 00:33:37 | 000,000,341 | ---- | C] ()
    TPeculiarity.dll -> C:\WINDOWS\System32\TPeculiarity.dll -> [2005/12/09 16:36:30 | 000,028,672 | ---- | C] ()
    px.ini -> C:\WINDOWS\System32\px.ini -> [2005/11/28 22:33:56 | 000,000,000 | ---- | C] ()
    SPCtl.dll -> C:\WINDOWS\System32\SPCtl.dll -> [2005/11/23 15:55:42 | 000,024,576 | ---- | C] ()
    HWS_Ctrl.dll -> C:\WINDOWS\System32\HWS_Ctrl.dll -> [2005/11/23 15:41:28 | 000,036,864 | ---- | C] ()
    TCtrlIO.dll -> C:\WINDOWS\System32\TCtrlIO.dll -> [2005/11/23 13:42:16 | 000,028,672 | ---- | C] ()
    Dart.PowerTCP.Aes.dll -> C:\WINDOWS\System32\Dart.PowerTCP.Aes.dll -> [2005/10/09 10:59:40 | 000,065,536 | ---- | C] ()
    EKECioCtl.dll -> C:\WINDOWS\System32\EKECioCtl.dll -> [2005/09/15 16:04:06 | 000,024,576 | ---- | C] ()
    tifmicon.dll -> C:\WINDOWS\System32\tifmicon.dll -> [2004/01/13 19:46:34 | 000,172,032 | ---- | C] ()
    OUTLPERF.INI -> C:\WINDOWS\System32\OUTLPERF.INI -> [2003/01/07 17:05:08 | 000,002,695 | ---- | C] ()
    < End of report >
    [/code]

  7. #57
    Member
    Join Date
    Jul 2010
    Posts
    73

    Default MBAM most recent log

    peku006,

    check out all of the instances now of conficker from Malwarebytes:

    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Database version: 5177

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    11/23/2010 4:20:06 PM
    mbam-log-2010-11-23 (16-20-06).txt

    Scan type: Quick scan
    Objects scanned: 189585
    Time elapsed: 8 minute(s), 46 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 7
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 1

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\brdsd (Worm.Conficker) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\dalgz (Worm.Conficker) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\gfqjfcun (Worm.Conficker) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\njznx (Worm.Conficker) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\pcpqzrt (Worm.Conficker) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vhareut (Worm.Conficker) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ykxkeb (Worm.Conficker) -> Quarantined and deleted successfully.

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    C:\WINDOWS\system32\mxpcivny.dll (Worm.Conficker) -> Quarantined and deleted successfully.

  8. #58
    Emeritus- Security Expert peku006's Avatar
    Join Date
    Feb 2007
    Location
    Norway
    Posts
    3,103

    Default

    Hi John

    "tricky worm".........we must try these tools

    Follow the instructions here:
    How to remove the Downadup and Conficker worm

    When done post the contents of the C:\Win32.Worm.Downladup.Gen.log file as a reply to this topic

    Thanks peku006
    I don't help with logs thru PM. If you have problems create a thread in the forum, please.

  9. #59
    Member
    Join Date
    Jul 2010
    Posts
    73

    Default downladup.gen.log

    here it is, probably got these results because I had run MBAM not too long ago. I feel like it will return though. Shall I continue with anything else?



    Ok Loading BitDefender Engines
    State 0
    Sleeping 3 seconds...
    Found so far : 0x0 files/regs
    Searching for Downadup file ....
    - System folder
    - Temporary folder
    - Program Files
    - Application Data
    Found so far : 0x0 files/regs
    No Traces of Downadup Worm were found

  10. #60
    Emeritus- Security Expert peku006's Avatar
    Join Date
    Feb 2007
    Location
    Norway
    Posts
    3,103

    Default

    Hi John

    please try combofix again
    I don't help with logs thru PM. If you have problems create a thread in the forum, please.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •