Page 2 of 8 FirstFirst 123456 ... LastLast
Results 11 to 20 of 71

Thread: DDS Will not complete, No task Manager, etc...

  1. 2012-01-17, 04:41 #11
    vict0r
    vict0r is offline
    Malware Team-Emeritus
    Join Date
    May 2010
    Posts
    212

    Default

    Quote Originally Posted by WOLFH View Post
    Would I run the HiJack.exe file downloaded in the first line of the previous post?
    Just download HijackThis to that folder, don't run it.

    This machine is our spare laptop that spends most of the time at my wife's work to access email, etc when they are not busy.
    Private use at work?
  2. 2012-01-17, 13:01 #12
    WOLFH
    WOLFH is offline
    Member
    Join Date
    Jan 2012
    Posts
    46

    Default

    Just to be sure- this the file goes into this folder: C:\Program Files\trend micro\HiJackThis\HiJackThis.exe

    Private use at work? = Have it Made

    Thanks
  3. 2012-01-17, 13:16 #13
    vict0r
    vict0r is offline
    Malware Team-Emeritus
    Join Date
    May 2010
    Posts
    212

    Default

    Quote Originally Posted by WOLFH View Post
    Just to be sure- this the file goes into this folder: C:\Program Files\trend micro\HiJackThis\HiJackThis.exe
    That looks correct.

    It's not clear to me if the computer is used for private or business related activities at work. Please clarify.
  4. 2012-01-18, 01:02 #14
    WOLFH
    WOLFH is offline
    Member
    Join Date
    Jan 2012
    Posts
    46

    Default

    private use
    I have done some side autocad work with it but those days are past.
  5. 2012-01-18, 01:02 #15
    WOLFH
    WOLFH is offline
    Member
    Join Date
    Jan 2012
    Posts
    46

    Default

    private use
    I have done some side autocad work with it but those days are past.

    now it is primarily an internet/email machine
  6. 2012-01-18, 01:30 #16
    WOLFH
    WOLFH is offline
    Member
    Join Date
    Jan 2012
    Posts
    46

    Default

    Logfile of random's system information tool 1.09 (written by random/random)
    Run by adnott at 2012-01-17 19:27:52
    Microsoft Windows XP Professional Service Pack 3
    System drive C: has 9 GB (17%) free of 54 GB
    Total RAM: 1535 MB (48% free)

    HijackThis download failed

    ======Scheduled tasks folder======

    C:\WINDOWS\tasks\adnott-mediaAgg.job
    C:\WINDOWS\tasks\AppleSoftwareUpdate.job

    =========Mozilla firefox=========

    ProfilePath - C:\Documents and Settings\adnott\Application Data\Mozilla\Firefox\Profiles\kmroaven.default

    prefs.js - "browser.search.useDBForOrder" - true
    prefs.js - "browser.startup.homepage" - "google.com"
    prefs.js - "extensions.enabledItems" - "{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}:4.0.6, {1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}:0.4.4, {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}:6.0.05, {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}:6.0.03, {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}:6.0.02, {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}:6.0.01, {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07, {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}:6.0.10, {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}:6.0.12, {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13, {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}:6.0.14, {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15, {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17, {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20, jqs@sun.com:1.0, {20a82645-c095-46ed-80e3-08825760534b}:1.2.1, moveplayer@movenetworks.com:7, {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.1, {A8208118-F761-47E2-A01F-4FB22AE08B5E}:2.0.5, {792BDDFE-2E7C-42ed-B18D-18154D2761BD}:0.9.6, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.9"
    prefs.js - "keyword.URL" - "http://search.live.com/results.aspx?FORM=IEFM1&q="

    "{20a82645-c095-46ed-80e3-08825760534b}"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
    "jqs@sun.com"=C:\Program Files\Java\jre6\lib\deploy\jqs\ff


    [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
    "Description"=Adobe® Flash® Player 10
    "Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=]
    "Description"=iTunes Detector Plug-in
    "Path"=

    [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=1.0]
    "Description"=
    "Path"=C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
    "Description"=Oracle® Next Generation Java™ Plug-In
    "Path"=C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
    "Description"=Ag Player Plugin
    "Path"=c:\Program Files\Microsoft Silverlight\4.0.60129.0\npctrl.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3]
    "Description"=Office Live Update v1.3
    "Path"=C:\Program Files\Microsoft\Office Live\npOLW.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8064.0206]
    "Description"=WLPG Install MIME type
    "Path"=C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
    "Description"=Windows Presentation Foundation plug-in for Mozilla browsers
    "Path"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@movenetworks.com/Quantum Media Player]
    "Description"=npmnqmp
    "Path"=C:\Documents and Settings\adnott\Application Data\Move Networks\plugins\npqmp071701000002.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2105]
    "Description"=RealPlayer(tm) LiveConnect-Enabled Plug-In
    "Path"=C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2163]
    "Description"=RealJukebox Netscape Plugin
    "Path"=C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1212]
    "Description"=6.0.12.1212
    "Path"=C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=]
    "Description"=
    "Path"=

    [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0]
    "Description"=Rhapsody Control
    "Path"=C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP]
    "Description"=Viewpoint Media Player for Mozilla
    "Path"=C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll

    C:\Program Files\Mozilla Firefox\extensions\
    {972ce4c6-7e08-4474-a285-3208198ce6fd}
    {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
    {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
    {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
    {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
    {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
    {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
    {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
    {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
    {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
    {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
    {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
    {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

    C:\Program Files\Mozilla Firefox\components\
    binary.manifest
    browsercomps.dll
    nppl3260.xpt
    nsAxSecurityPolicy.js
    nsIMozAxPlugin.xpt
    nsJSRealPlayerPlugin.xpt

    C:\Program Files\Mozilla Firefox\plugins\
    AppSub32.dll
    np32dsw.dll
    npdeployJava1.dll
    NpIpx32.dll
    npmozax.dll
    NPMySrWB.dll
    NPOFFICE.DLL
    nppl3260.dll
    npqtplugin4.dll
    npqtplugin5.dll
    npqtplugin6.dll
    npqtplugin7.dll
    nprjplug.dll
    nprpjplug.dll
    npViewpoint.xpt
    Readme.txt
    ShockwavePlugin.class

    C:\Program Files\Mozilla Firefox\searchplugins\
    amazondotcom.xml
    bing.xml
    eBay.xml
    google.xml
    wikipedia.xml
    yahoo.xml

    C:\Documents and Settings\adnott\Application Data\Mozilla\Firefox\Profiles\kmroaven.default\extensions\
    temp
    {20a82645-c095-46ed-80e3-08825760534b}
    {463F6CA5-EE3C-4be1-B7E6-7FEE11953374}
    {A8208118-F761-47E2-A01F-4FB22AE08B5E}

    C:\Documents and Settings\adnott\Application Data\Mozilla\Firefox\Profiles\kmroaven.default\searchplugins\
    dogpile-web-search.xml
    live-search.xml
    yahoo.gif
    yahoo.src
    yahoo.xml

    ======Registry dump======

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
    AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll [2003-05-15 50376]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
    DriveLetterAccess - C:\WINDOWS\system32\dla\tfswshx.dll [2004-11-16 118842]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
    Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19 137600]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
    Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9A065C65-4EE7-4DDD-9918-F129089A894A}]
    BrowserHelper Class - C:\Program Files\Windows Home Server\WHSDeskBands.dll [2009-10-07 244584]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
    AcroIEToolbarHelper Class - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll [2003-05-15 147456]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
    Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-04-20 41760]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
    Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
    JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2011-04-20 79648]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    {47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll [2003-05-15 147456]
    {21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]
    {D73E76A3-F902-45BD-8FC8-95AE8E014671} - Home Server Banner - C:\Program Files\Windows Home Server\WHSDeskBands.dll [2009-10-07 244584]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2004-10-26 4632576]
    "nwiz"=nwiz.exe /installquiet []
    "Apoint"=C:\Program Files\Apoint\Apoint.exe [2004-08-21 155648]
    "bacstray"=C:\WINDOWS\system32\BacsTray.exe [2003-05-14 98304]
    "DVDLauncher"=C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe [2004-09-30 57344]
    "DMXLauncher"=C:\Program Files\Dell\Media Experience\DMXLauncher.exe [2004-09-15 86016]
    "Microsoft Works Update Detection"=C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe [2003-09-13 50688]
    "dla"=C:\WINDOWS\system32\dla\tfswctrl.exe [2004-11-16 127035]
    "Adobe Photo Downloader"=C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe [2005-06-06 57344]
    "TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2005-11-03 180269]
    "Verizon_McciTrayApp"=C:\Program Files\Verizon\McciTrayApp.exe [2007-06-06 936960]
    "Dell QuickSet"=C:\Program Files\Dell\QuickSet\quickset.exe [2006-06-29 1032192]
    "dscactivate"=C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe [2007-11-15 16384]
    "DellSupportCenter"=C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2009-05-21 206064]
    "HP Software Update"=C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2008-12-08 54576]
    "QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-09-05 417792]
    "IntelZeroConfig"=C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe [2009-05-21 1372160]
    "IntelWireless"=C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [2009-05-21 1202448]
    "Control Center"=C:\Program Files\TRENDnet\MFP Server\Control Center.exe [2009-08-04 3294720]
    "UMonit"=C:\WINDOWS\system32\umonit.exe [2004-10-27 53248]
    "iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-10-28 141600]
    "SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-10-29 249064]
    "MSC"=c:\Program Files\Microsoft Security Client\msseces.exe [2010-11-30 997408]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "Weather"=C:\Program Files\AWS\WeatherBug\Weather.exe [2005-06-07 1339392]
    "DellSupport"=C:\Program Files\DellSupport\DSAgnt.exe [2007-03-15 460784]
    "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
    "DellSupportCenter"=C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2009-05-21 206064]
    "cdloader"=C:\Documents and Settings\adnott\Application Data\mjusbsp\cdloader2.exe [2009-08-01 50520]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup
    Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe
    Media Card Companion Monitor.lnk - C:\Program Files\ArcSoft\Media Card Companion\MCC Monitor.exe
    MediaManager.lnk - C:\Program Files\Hewlett-Packard\HP MediaSmart Server\MediaManager.exe
    Windows Home Server.lnk - C:\WINDOWS\Installer\{21E49794-7C13-4E84-8659-55BD378267D5}\WHSTrayApp.exe

    C:\Documents and Settings\adnott\Start Menu\Programs\Startup
    ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
    C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-13 239616]
    WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
    "authentication packages"=msv1_0
    nwprovau

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\svcWRSSSDK]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\svcWRSSSDK]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "dontdisplaylastusername"=0
    "legalnoticecaption"=
    "legalnoticetext"=
    "shutdownwithoutlogon"=1
    "undockwithoutlogon"=1
    "DisableTaskMgr"=0

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveTypeAutoRun"=145

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "HonorAutoRunSetting"=1

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe"="C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\Program Files\TurboTax\Home & Business 2007\32bit\ttax.exe"="C:\Program Files\TurboTax\Home & Business 2007\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax"
    "C:\Program Files\TurboTax\Home & Business 2007\32bit\updatemgr.exe"="C:\Program Files\TurboTax\Home & Business 2007\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager"
    "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
    "C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
    "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
    "C:\Program Files\TRENDnet\MFP Server\Control Center.exe"="C:\Program Files\TRENDnet\MFP Server\Control Center.exe:*:Enabled:Control Center"
    "C:\Documents and Settings\adnott\Application Data\mjusbsp\magicJack.exe"="C:\Documents and Settings\adnott\Application Data\mjusbsp\magicJack.exe:*:Enabled:magicJack"
    "C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe"="C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent"
    "C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
    "C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
    "C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
    "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
    "midimapper"=midimap.dll
    "msacm.imaadpcm"=imaadp32.acm
    "msacm.msadpcm"=msadp32.acm
    "msacm.msg711"=msg711.acm
    "msacm.msgsm610"=msgsm32.acm
    "msacm.trspch"=tssoft32.acm
    "vidc.cvid"=iccvid.dll
    "vidc.I420"=msh263.drv
    "vidc.iv31"=ir32_32.dll
    "vidc.iv32"=ir32_32.dll
    "vidc.iv41"=ir41_32.ax
    "vidc.iyuv"=iyuv_32.dll
    "vidc.mrle"=msrle32.dll
    "vidc.msvc"=msvidc32.dll
    "vidc.uyvy"=msyuv.dll
    "vidc.yuy2"=msyuv.dll
    "vidc.yvu9"=tsbyuv.dll
    "vidc.yvyu"=msyuv.dll
    "wavemapper"=msacm32.drv
    "msacm.msg723"=msg723.acm
    "vidc.M263"=msh263.drv
    "vidc.M261"=msh261.drv
    "msacm.msaudio1"=msaud32.acm
    "msacm.sl_anet"=sl_anet.acm
    "msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
    "vidc.iv50"=ir50_32.dll
    "msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
    "wave1"=wdmaud.drv
    "mixer1"=wdmaud.drv
    "wave2"=wdmaud.drv
    "mixer2"=wdmaud.drv
    "wave3"=wdmaud.drv
    "mixer3"=wdmaud.drv
    "wave4"=wdmaud.drv
    "mixer4"=wdmaud.drv
    "wave"=wdmaud.drv
    "midi"=wdmaud.drv
    "mixer"=wdmaud.drv
    "msacm.siren"=sirenacm.dll
    "wave5"=wdmaud.drv
    "midi1"=wdmaud.drv
    "mixer5"=wdmaud.drv
    "aux"=wdmaud.drv
    "wave6"=wdmaud.drv
    "midi2"=wdmaud.drv
    "mixer6"=wdmaud.drv
    "aux1"=wdmaud.drv
    "wave7"=wdmaud.drv
    "midi3"=wdmaud.drv
    "mixer7"=wdmaud.drv
    "aux2"=wdmaud.drv

    ======File associations======

    .scr - open - "C:\WINDOWS\system32\notepad.exe" "%1"
    .scr - install -
    .scr - config -

    ======List of files/folders created in the last 1 month======

    2012-01-15 11:52:09 ----D---- C:\rsit
    2012-01-15 11:52:09 ----D---- C:\Program Files\trend micro
    2012-01-10 23:12:59 ----ASH---- C:\hiberfil.sys
    2012-01-10 22:57:14 ----D---- C:\WINDOWS\CSC
    2012-01-10 21:26:31 ----D---- C:\WINDOWS\ERDNT
    2012-01-10 20:45:50 ----D---- C:\Program Files\ERUNT
    2012-01-09 22:52:09 ----A---- C:\WINDOWS\stinger.sys
    2012-01-08 18:28:59 ----D---- C:\WINDOWS\Microsoft Antimalware
    2012-01-08 18:28:17 ----D---- C:\WINDOWS\Windows Defender Offline

    ======List of files/folders modified in the last 1 month======

    2012-01-17 19:26:50 ----D---- C:\WINDOWS\Temp
    2012-01-17 19:23:28 ----D---- C:\WINDOWS\Prefetch
    2012-01-16 19:50:03 ----D---- C:\WINDOWS\system32\CatRoot2
    2012-01-16 19:16:08 ----D---- C:\WINDOWS
    2012-01-15 11:52:09 ----AD---- C:\Program Files
    2012-01-14 10:08:37 ----D---- C:\Program Files\Spybot - Search & Destroy
    2012-01-14 07:51:43 ----D---- C:\Program Files\Mozilla Firefox
    2012-01-14 07:43:36 ----A---- C:\WINDOWS\SchedLgU.Txt
    2012-01-13 21:34:11 ----D---- C:\WINDOWS\system32\drivers\ETC
    2012-01-13 19:05:18 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2012-01-13 18:46:53 ----D---- C:\Documents and Settings\adnott\Application Data\WeatherBug
    2012-01-10 22:57:35 ----A---- C:\WINDOWS\ntbtlog.txt
    2012-01-10 22:43:03 ----SD---- C:\WINDOWS\Tasks
    2012-01-10 20:21:29 ----SHD---- C:\System Volume Information
    2012-01-10 20:21:29 ----D---- C:\WINDOWS\system32\Restore
    2012-01-08 18:29:43 ----D---- C:\WINDOWS\system32\CONFIG
    2012-01-08 15:15:54 ----D---- C:\WINDOWS\SxsCaPendDel
    2012-01-08 11:42:44 ----SHD---- C:\WINDOWS\Installer
    2012-01-08 11:42:42 ----D---- C:\WINDOWS\WinSxS
    2012-01-08 11:42:04 ----SHD---- C:\Config.Msi
    2012-01-08 11:41:31 ----D---- C:\Program Files\Quicken
    2012-01-08 11:40:58 ----A---- C:\WINDOWS\Quicken.ini
    2012-01-08 11:32:10 ----D---- C:\Program Files\Opera
    2012-01-08 09:03:32 ----A---- C:\WINDOWS\ModemLog_Conexant D480 MDC V.9x Modem.txt
    2012-01-05 10:41:25 ----D---- C:\WINDOWS\system32\DRIVERS

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R0 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
    R0 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
    R0 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752]
    R0 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008]
    R0 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
    R0 drvmcdb;drvmcdb; C:\WINDOWS\system32\drivers\drvmcdb.sys [2004-12-01 87488]
    R0 ohci1394;Texas Instruments OHCI Compliant IEEE 1394 Host Controller; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-13 61696]
    R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2008-02-22 43872]
    R0 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960]
    R0 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]
    R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-15 76544]
    R1 APPDRV;APPDRV; C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS [2005-08-12 16128]
    R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
    R1 MpFilter;Microsoft Malware Protection Driver; C:\WINDOWS\system32\DRIVERS\MpFilter.sys [2010-10-24 165264]
    R1 omci;OMCI WDM Device Driver; C:\WINDOWS\system32\DRIVERS\omci.sys [2004-02-13 17153]
    R1 RCFOX;SonicWALL IPsec Driver; \??\C:\WINDOWS\system32\Drivers\RCFOX.sys []
    R1 sscdbhk5;sscdbhk5; C:\WINDOWS\system32\drivers\sscdbhk5.sys [2004-07-14 5627]
    R1 ssrtln;ssrtln; C:\WINDOWS\system32\drivers\ssrtln.sys [2004-07-14 23545]
    R1 Tcpip6;Microsoft IPv6 Protocol Driver; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2010-02-11 226880]
    R2 CDRPDACC;Arrowkey Device Access; \??\C:\Program Files\321Studios\Shared\CDRPDACC.SYS []
    R2 drvnddm;drvnddm; C:\WINDOWS\system32\drivers\drvnddm.sys [2004-11-23 40480]
    R2 dsunidrv;DellSupport UniDriver; C:\WINDOWS\system32\DRIVERS\dsunidrv.sys [2007-02-25 5376]
    R2 fssfltr;FssFltr; C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys [2009-02-06 55152]
    R2 MCSTRM;MCSTRM; C:\WINDOWS\system32\drivers\MCSTRM.sys [2008-02-09 8413]
    R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2003-04-09 11043]
    R2 NwlnkIpx;NWLink IPX/SPX/NetBIOS Compatible Transport Protocol; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2008-04-13 88320]
    R2 NwlnkNb;NWLink NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2004-08-04 63232]
    R2 NwlnkSpx;NWLink SPX/SPXII Protocol; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2004-08-04 55936]
    R2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2008-08-13 11904]
    R2 tfsnboio;tfsnboio; C:\WINDOWS\system32\dla\tfsnboio.sys [2004-11-16 25883]
    R2 tfsncofs;tfsncofs; C:\WINDOWS\system32\dla\tfsncofs.sys [2004-11-16 34843]
    R2 tfsndrct;tfsndrct; C:\WINDOWS\system32\dla\tfsndrct.sys [2004-11-16 4123]
    R2 tfsndres;tfsndres; C:\WINDOWS\system32\dla\tfsndres.sys [2004-11-16 2239]
    R2 tfsnifs;tfsnifs; C:\WINDOWS\system32\dla\tfsnifs.sys [2004-11-16 86554]
    R2 tfsnopio;tfsnopio; C:\WINDOWS\system32\dla\tfsnopio.sys [2004-11-16 15227]
    R2 tfsnpool;tfsnpool; C:\WINDOWS\system32\dla\tfsnpool.sys [2004-11-16 6363]
    R2 tfsnudf;tfsnudf; C:\WINDOWS\system32\dla\tfsnudf.sys [2004-11-16 98714]
    R2 tfsnudfa;tfsnudfa; C:\WINDOWS\system32\dla\tfsnudfa.sys [2004-11-16 100603]
    R3 ApfiltrService;Alps Touch Pad Filter Driver for Windows 2000/XP; C:\WINDOWS\system32\DRIVERS\Apfiltr.sys [2004-08-06 104735]
    R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys [2003-06-02 43136]
    R3 DNE;Deterministic Network Enhancer Miniport; C:\WINDOWS\system32\DRIVERS\dne2000.sys [2004-05-14 147236]
    R3 DSproct;DSproct; \??\C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys []
    R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2009-05-18 26600]
    R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2003-11-13 1042816]
    R3 HSFHWICH;HSFHWICH; C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys [2003-11-13 197120]
    R3 KUSBusByTCPMasterBus;Master Bus of Kernel USB Software Bus by TCP; C:\WINDOWS\System32\Drivers\KUSBusByTCPMasterBus.sys [2008-11-11 70656]
    R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-10-26 2830688]
    R3 NWRDR;NetWare Rdr; C:\WINDOWS\system32\DRIVERS\nwrdr.sys [2008-04-13 163584]
    R3 Pcouffin;Low level access layer for CD devices; C:\WINDOWS\System32\Drivers\Pcouffin.sys [2005-01-20 32416]
    R3 STAC97;Audio Driver (WDM) - SigmaTel CODEC; C:\WINDOWS\system32\drivers\stac97.sys [2004-11-15 264440]
    R3 tbhsd;Tunebite High-Speed Dubbing; C:\WINDOWS\system32\drivers\tbhsd.sys [2006-09-18 16640]
    R3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-13 12288]
    R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
    R3 VBus;Virtual Bus; C:\WINDOWS\system32\DRIVERS\NkVBus.sys [2005-06-17 17664]
    R3 w29n51;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows XP; C:\WINDOWS\system32\DRIVERS\w29n51.sys [2008-01-07 2216064]
    R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2003-11-13 679808]
    S3 ALSysIO;ALSysIO; \??\C:\DOCUME~1\adnott\LOCALS~1\Temp\ALSysIO.sys []
    S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
    S3 BackupReader;BackupReader; C:\WINDOWS\system32\DRIVERS\BackupReader.sys [2009-04-20 44784]
    S3 bvrp_pci;bvrp_pci; C:\WINDOWS\system32\drivers\bvrp_pci.sys []
    S3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-17 117760]
    S3 fixustor;fixustor; C:\WINDOWS\system32\drivers\fixustor.sys [2004-10-27 6016]
    S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
    S3 KUSBusByTCP;KUSBusByTCP; C:\WINDOWS\System32\Drivers\KUSBusByTCP.sys [2008-11-11 97664]
    S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
    S3 MREMPR5;MREMPR5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS []
    S3 MRENDIS5;MRENDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS []
    S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
    S3 nm;Network Monitor Driver; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-13 40320]
    S3 PLISp50;PLISp50 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\PLISp50.sys [2008-01-16 27072]
    S3 PortlUSB;PortlUSB; C:\WINDOWS\system32\DRIVERS\SiriusUSB.sys [2005-09-03 7552]
    S3 rcvpn;SonicWALL VPN Adapter; C:\WINDOWS\system32\DRIVERS\rcvpn.sys [2003-08-20 23180]
    S3 SbcpHid;SbcpHid; \??\C:\WINDOWS\system32\Drivers\SbcpHid.sys []
    S3 StillCam;Still Serial Digital Camera Driver; C:\WINDOWS\system32\DRIVERS\serscan.sys [2001-08-17 6784]
    S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-08-28 40448]
    S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
    S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
    S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
    S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
    S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-15 82688]

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 6to4;IPv6 Helper Service; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
    R2 AdobeActiveFileMonitor4.0;Adobe Active File Monitor V4; C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe [2005-09-09 102400]
    R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7; C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-09-16 169312]
    R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-07-09 144712]
    R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
    R2 EvtEng;Intel(R) PROSet/Wireless Event Log; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [2009-05-21 874768]
    R2 Iprip;RIP Listener; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
    R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2011-02-02 153376]
    R2 McciCMService;McciCMService; C:\Program Files\Common Files\Motive\McciCMService.exe [2009-02-04 303104]
    R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
    R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe [2010-11-11 11736]
    R2 NICCONFIGSVC;NICCONFIGSVC; C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe [2006-06-29 376832]
    R2 NkPtpEnumP2;NkPtpEnumP2; C:\Program Files\Nikon\Wireless Camera Setup Utility\NkPtpEnum.exe [2005-06-17 24064]
    R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2004-10-26 127044]
    R2 NWCWorkstation;Client Service for NetWare; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
    R2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [2009-05-21 473360]
    R2 S24EventMonitor;Intel(R) PROSet/Wireless WiFi Service; C:\Program Files\Intel\WiFi\bin\S24EvMon.exe [2009-05-21 909312]
    R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512]
    R2 SimpTcp;Simple TCP/IP Services; C:\WINDOWS\system32\tcpsvcs.exe [2004-08-04 19456]
    R2 SNMP;SNMP Service; C:\WINDOWS\System32\snmp.exe [2008-04-13 33280]
    R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter); C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2008-08-13 201968]
    R2 Viewpoint Service;Viewpoint Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2008-04-04 30152]
    R2 WHSConnector;Windows Home Server Connector Service; C:\Program Files\Windows Home Server\WHSConnector.exe [2009-10-07 376680]
    R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
    R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-10-28 545568]
    S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
    S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2006-01-11 69632]
    S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
    S3 Autodesk Licensing Service;Autodesk Licensing Service; C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe [2008-05-15 85096]
    S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
    S3 DSBrokerService;DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [2007-03-07 76848]
    S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-03-22 651720]
    S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
    S3 fsssvc;Windows Live Family Safety; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]
    S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
    S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
    S3 LPDSVC;TCP/IP Print Server; C:\WINDOWS\system32\tcpsvcs.exe [2004-08-04 19456]
    S3 MSCSPTISRV;MSCSPTISRV; C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe [2006-12-14 45056]
    S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
    S3 p2pgasvc;Peer Networking Group Authentication; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
    S3 p2pimsvc;Peer Networking Identity Manager; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
    S3 p2psvc;Peer Networking; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
    S3 PACSPTISVR;PACSPTISVR; C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [2006-12-14 57344]
    S3 PNRPSvc;Peer Name Resolution Protocol; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
    S3 RampartSvc;SonicWall VPN Client Service; C:\Program Files\SonicWALL\SonicWALL Global VPN Client\RampartSvc.exe [2004-10-15 131072]
    S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2007-03-26 292864]
    S3 SNMPTRAP;SNMP Trap Service; C:\WINDOWS\System32\snmptrap.exe [2008-04-13 8704]
    S3 SPTISRV;Sony SPTI Service; C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe [2006-12-14 69632]
    S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
    S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

    -----------------EOF-----------------
  7. 2012-01-18, 01:31 #17
    WOLFH
    WOLFH is offline
    Member
    Join Date
    Jan 2012
    Posts
    46

    Default

    CKScanner - Additional Security Risks - These are not necessarily bad
    c:\documents and settings\adnott\my documents\work\ad-misc\dvd xcopy platinum with crack.zip
    c:\documents and settings\all users\application data\adobe\photoshop elements\7.0\photo creations\backgrounds\cracked paint.metadata.xml
    scanner sequence 3.LB.11.BUNAHL
    ----- EOF -----
  8. 2012-01-18, 02:05 #18
    vict0r
    vict0r is offline
    Malware Team-Emeritus
    Join Date
    May 2010
    Posts
    212

    Default

    Did you download HijackThis?
    Did you save it to the C:\Program Files\Trend Micro\HiJackThis folder?
    Before or after you ran the RSIT scan?
  9. 2012-01-18, 04:20 #19
    WOLFH
    WOLFH is offline
    Member
    Join Date
    Jan 2012
    Posts
    46

    Default

    Yes, downloaded to the address C:\Program Files\trend micro\HiJackThis\hijackthis.exe was prior to running any of the steps.

    I also downloaded all of the other steps before running rkill.exe

    PS- I had to create the trend micro folder with-in program files.
  10. 2012-01-19, 20:03 #20
    vict0r
    vict0r is offline
    Malware Team-Emeritus
    Join Date
    May 2010
    Posts
    212

    Default

    Delete File

    Please refer to the following post and then delete dvd xcopy platinum with crack.zip:
    http://forums.spybot.info/showpost.p...90&postcount=4

    • Right click on the Start button.
    • Select Explore from the menu.
    • Navigate to and find the following file, then delete it:
      c:\documents and settings\adnott\my documents\work\ad-misc\dvd xcopy platinum with crack.zip
    • If you have any problem deleting the file, right click it and choose Properties to see if it's read-only. Uncheck the read-only box, click Apply and OK. Then retry Delete.



    Re-run rkill

    Double click the rkill icon on your desktop to start the program. Wait for it to finish and close the log. There's no need to post the log.


    Scan with HijackThis

    • Click Start -> Run..., then copy and paste the following line into the run box and click OK:
      C:\Program Files\trend micro\HiJackThis\hijackthis.exe
    • If you are on the "scan & fix stuff" page... Press the "Main Menu"...button.
    • From the Main Menu... Press the "Do System Scan and Save a Log File"...button.
    • When completed...Notepad will open with the new "hijackthis.log" file contents.
    • Copy/paste the entire (hijackthis.log) file contents in your next reply.



    Malwarebytes' Anti-Malware:

    • Please start Malwarebytes' Anti Malware (MBAM) (already installed).
    • Click the Update tab and then click the Check for Updates button to perform the update.
    • MBAM will confirm the database update. Please repeat the update if the database was not updated (needed if the program itself was updated).
    • If the update does not work then close MBAM and skip to the manual update described further down this post.
    • When the update is finished, click the Scanner tab, select Perform Quick Scan and then click the Scan button.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Check all items except items in the C:\System Volume Information folder... and click Remove Selected.
      Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
    • When completed, a log will open in Notepad. please copy and paste the log into your next reply.
    • The log can also be found here:
      C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt


    If you have run Malwarebytes recently and it has detected infections, please post the log found in the directory described above.



    Malwarebytes manual update

    If the Malwarebytes Anti Malware did not update it's database, then do the following:

    Download the latest Malwarebytes offline database, save the file on the desktop:
    mbam-rules.exe
    Double-click the file to install the definitions.

    If successful, then refer to the instructions above and do a quick scan with MBAM.


    Rename Malwarebytes

    If MBAM does not start, then rename the program:

    Please go to the C:\Program Files\Malwarebytes' Anti-Malware folder and find the file mbam.exe, right-click on the file and select Rename. Rename the file to wolfh.exe and double-click on it to see if it will run.
    Please download Malwarebytes' Anti-Malware and save to your desktop.

    If successful, then refer to the instructions above and do a quick scan with MBAM.



    Safe mode

    If unable to run/update MBAM, then try in Safe Mode:

    • Restart your computer
    • During startup, but before the Windows logo appears, tap the F8 key continually;
    • Instead of Windows loading as normal, the Advanced Options Menu should appear;
    • Select the first option, to run Windows in Safe Mode, then press Enter.
      Note: Choose Safe Mode with Networking if you still need to update MBAM.
    • Choose your usual account.
    • When asked to proceed to safe mode, click Yes.


    Update the MBAM database and run a quick scan.
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules