MyWay.MyWebSearch virus in the Locked Registry Keys

Hi peku006,

Seems we still have a problem! I ran Spybot and it shows MyWay.MyWebSearch in the HKEY_USERS\S-1-5-21 Registry area.

Abobe has been taken care of.

Here is the HJT log.

Thanks

condor


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:05:10 AM, on 1/19/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\WINDOWS\system32\Astsrv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\MXOALDR.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Speaking Clock Deluxe\SpClDlx.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: MSN Toolbar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\4.0.0205.2\npwinext.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
O3 - Toolbar: MSN Toolbar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\4.0.0205.2\npwinext.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [MXOBG] C:\WINDOWS\MXOALDR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Speaking Clock Deluxe] "C:\Program Files\Speaking Clock Deluxe\SpClDlx.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10b.exe
O4 - Startup: Check for TWS Updates.lnk = C:\Jts\WiseUpdt.exe
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Startup: OpenOffice.org 3.1.lnk.disabled
O4 - Global Startup: APC UPS Status.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1165022501781
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} (Java Plug-in 1.6.0_12) -
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://interactivebrokers.webex.com/client/T26L/event/ieatgpc.cab
O18 - Protocol: intu-qt2007 - {026BF40D-BA05-467B-9F1F-AD0D7A3F5F11} - C:\Program Files\QuickTax 2007\ic2007pp.dll
O18 - Protocol: intu-qt2008 - {05E53CE9-66C8-4A9E-A99F-FDB7A8E7B596} - C:\Program Files\QuickTax 2008\ic2008pp.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: AST Service - Nalpeiron Ltd. - C:\WINDOWS\system32\Astsrv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC - C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Retrospect Express HD Launcher (RetroExpLauncher) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: XoftSpyService - ParetoLogic Inc. - C:\Program Files\Common Files\XoftSpySE\6\xoftspyservice.exe

--
End of file - 9337 bytes
 
Hi condor

Run SpyBot check for problems, fix all red items, when its finished right click and choose copy results (not full report) to clipboard and paste that back here please.

Thanks peku006
 
Hi peku006,

I am typing this from my Snagit save from the earlier scan.

(Spybot has corrected the problem, but in the past it has always came re-invected & come back).

[SBI $B267ADF3] IE toolbar
HKEY_USERS\S-1-5-21-1844237615-1326574676-725345543-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}

I am re-running Spybot again now.

Thanks

condor
 
Hi condor

this is not "MyWebSearch" it´s belong to ZoneAlarm Spy Blocker or ASK Toolbar
HKEY_USERS\S-1-5-21-1844237615-1326574676-725345543-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}
Click to expand...

peku006
 
Hi peku006,

Interesting.

On the second run the same "MyWay.MyWebSearch" showed up again.

After having Spybot delete the problem, here is the "Results.txt" from Spybot's second run.

Thanks

condor

MyWay.MyWebSearch: [SBI $B267ADF3] IE toolbar (Registry value, fixed)
HKEY_USERS\S-1-5-21-1844237615-1326574676-725345543-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}


--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2008-07-07 SDWinSec.exe (1.0.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2006-10-20 unins000.exe (51.41.0.0)
2009-02-24 unins001.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-11-04 advcheck.dll (1.6.5.20)
2007-04-02 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2009-10-08 Includes\Adware.sbi (*)
2010-01-12 Includes\AdwareC.sbi (*)
2009-01-22 Includes\Cookies.sbi (*)
2009-11-03 Includes\Dialer.sbi (*)
2010-01-12 Includes\DialerC.sbi (*)
2009-01-22 Includes\HeavyDuty.sbi (*)
2009-05-26 Includes\Hijackers.sbi (*)
2010-01-12 Includes\HijackersC.sbi (*)
2009-12-15 Includes\Keyloggers.sbi (*)
2010-01-12 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2009-12-30 Includes\Malware.sbi (*)
2010-01-12 Includes\MalwareC.sbi (*)
2009-03-25 Includes\PUPS.sbi (*)
2010-01-12 Includes\PUPSC.sbi (*)
2009-01-22 Includes\Revision.sbi (*)
2009-01-13 Includes\Security.sbi (*)
2010-01-12 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2009-11-03 Includes\Spyware.sbi (*)
2010-01-12 Includes\SpywareC.sbi (*)
2009-06-08 Includes\Tracks.uti
2009-12-08 Includes\Trojans.sbi (*)
2010-01-12 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll
 
Hi condor

Please read this What is Mway.MywebSearch?

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
      O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    Code: 
    :regfind
MyWebSearch
Fun Web
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found at on your Desktop entitled SystemLook.txt

Thanks peku006
 
Sorry peku006,

My apologies for wasting your time like that. I see now how I managed to re-infect the computer myself. Won't do that again.

I have deleted the two items you indicated with HJT.

Here is the SystemLook.txt.

Thank you

condor


SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 15:09 on 19/01/2010 by Admin (Administrator - Elevation successful)

========== regfind ==========

Searching for "MyWebSearch"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\bmp]
"a"="C:\Documents and Settings\Admin\My Documents\MyWay.MyWebSearch_Sagit_Jan19_2010.bmp"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\bmp]
"a"="C:\Documents and Settings\Admin\My Documents\MyWay.MyWebSearch_Sagit_Jan19_2010.bmp"
[HKEY_USERS\S-1-5-21-1844237615-1326574676-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\bmp]
"a"="C:\Documents and Settings\Admin\My Documents\MyWay.MyWebSearch_Sagit_Jan19_2010.bmp"
[HKEY_USERS\S-1-5-21-1844237615-1326574676-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\bmp]
"a"="C:\Documents and Settings\Admin\My Documents\MyWay.MyWebSearch_Sagit_Jan19_2010.bmp"

Searching for "Fun Web"
No data found.

-=End Of File=-
 
Hi condor

You are not wasted my time,you've done everything I asked and it's the main thing that your problem is gone

Your log now appears to be clean. Congratulations! :yahoo:

To remove all of the tools we used and the files and folders they created do the following:

Delete Security Check and SystemLook from your desktop.

Download OTC by Old Timer and save it to your Desktop.

  • Double-click OTC.exe
  • Click the CleanUp! button
  • Select Yes when the Begin cleanup Process? Prompt appears
  • If you are prompted to Reboot during the cleanup, select Yes
  • The tool will delete itself once it finishes, if not delete it by yourself

Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

Disable and Enable System Restore-WINDOWS XP
This is a good time to clear your existing system restore points and establish a new clean restore point:

Turn off System Restore
  • On the Desktop, right-click My Computer.
  • Click Properties.
  • Click the System Restore tab.
  • Check Turn off System Restore.
  • Click Apply, and then click OK.
  • Reboot.
Turn ON System Restore
  • On the Desktop, right-click My Computer.
  • Click Properties.
  • Click the System Restore tab.
  • UN-Check *Turn off System Restore*.
  • Click Apply, and then click OK.
This will remove all restore points except the new one you just created.

Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
You can use one of these sites to check if any updates are needed for your pc.
Secunia Software Inspector
F-secure Health Check

Visit Microsoft often to get the latest updates for your computer.
http://www.update.microsoft.com

Here are some things that I think are worth having a look at if you don't already know a bout them:.

Spybot Search and Destroy
Download it from here. Just choose a mirror and off you go.
Find here the tutorial on how to use Spybot properly here

SpyWare Blaster
Download it from here
Find here the tutorial on how to use Spyware Blaster here

WinPatrol
Download it from here
Here you can find information about how WinPatrol works here

FireTrust SiteHound
You can find information and download it from here

MVPS Hosts File from here
The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer.
Find Tutorial here : http://www.mvps.org/winhelp2002/hosts.htm

Please check out Tony Klein's article "How did I get infected in the first place?"

Read some information here how to prevent Malware.

I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can be closed.

Happy safe surfing! :bigthumb:

peku006
 
Hi peku006,

I am glad everything went well.
Many thanks for your clear instructions and your patience in guiding me through the process.

I ran Spybot twice this morning and "MyWebSearch" is indeed, thankfully, gone.

I have completed the clean up process and downloaded the recommended programs. So hopefully I should be well protected going forward.

I do have a question, if you have time? What are those restricted "read only" code lines in the Locked Registry? I thought they were the problem, but it seems that this was only the area where the virus was hiding?

Anyway, thanks for all your help. You were great!

Much appreciated.

condor
 
Hi condor
What are those restricted "read only" code lines in the Locked Registry? I thought they were the problem, but it seems that this was only the area where the virus was hiding?
Click to expand...
as the name says :"read only" it means that you can not make changes,but it can be easily removed if it is not "locked"
it is not necessarily malicious software which makes it ("read only")

Windows Registry

Thanks peku006
 
Hi Peku006,

When I ran Spybot now it picked up "MyWebSearch" as still there.

I am attaching the Spybot log and HJT.

Could you please have a look when you get a chance?

Thanks again

condor


--- Search result list ---
MyWay.MyWebSearch: [SBI $B267ADF3] IE toolbar (Registry value, fixed)
HKEY_USERS\S-1-5-21-1844237615-1326574676-725345543-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}


--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2008-07-07 SDWinSec.exe (1.0.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2006-10-20 unins000.exe (51.41.0.0)
2009-02-24 unins001.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-11-04 advcheck.dll (1.6.5.20)
2007-04-02 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2009-10-08 Includes\Adware.sbi (*)
2010-01-19 Includes\AdwareC.sbi (*)
2009-01-22 Includes\Cookies.sbi (*)
2009-11-03 Includes\Dialer.sbi (*)
2010-01-19 Includes\DialerC.sbi (*)
2009-01-22 Includes\HeavyDuty.sbi (*)
2009-05-26 Includes\Hijackers.sbi (*)
2010-01-19 Includes\HijackersC.sbi (*)
2010-01-20 Includes\Keyloggers.sbi (*)
2010-01-19 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2010-01-19 Includes\Malware.sbi (*)
2010-01-19 Includes\MalwareC.sbi (*)
2009-03-25 Includes\PUPS.sbi (*)
2010-01-19 Includes\PUPSC.sbi (*)
2009-01-22 Includes\Revision.sbi (*)
2009-01-13 Includes\Security.sbi (*)
2010-01-19 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2009-11-03 Includes\Spyware.sbi (*)
2010-01-19 Includes\SpywareC.sbi (*)
2009-06-08 Includes\Tracks.uti
2009-12-08 Includes\Trojans.sbi (*)
2010-01-19 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll



--- System information ---
Windows XP (Build: 2600) Service Pack 3 (5.1.2600)
/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Security Update (KB953297)
/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
/ MSXML4SP2: FIX: ASP stops responding when calling Response.Redirect to another server using msxml4 sp2
/ MSXML4SP2: Security update for MSXML4 SP2 (KB936181)
/ MSXML4SP2: Security update for MSXML4 SP2 (KB954430)
/ MSXML4SP2: Security update for MSXML4 SP2 (KB973688)
/ Windows / SP1: Microsoft Internationalized Domain Names Mitigation APIs
/ Windows / SP1: Microsoft National Language Support Downlevel APIs
/ Windows Media Format 11 SDK: Hotfix for Windows Media Format 11 SDK (KB929399)
/ Windows Media Player: Security Update for Windows Media Player (KB952069)
/ Windows Media Player: Security Update for Windows Media Player (KB954155)
/ Windows Media Player: Security Update for Windows Media Player (KB968816)
/ Windows Media Player: Security Update for Windows Media Player (KB973540)
/ Windows Media Player 10: Security Update for Windows Media Player 10 (KB917734)
/ Windows Media Player 10: Security Update for Windows Media Player 10 (KB936782)
/ Windows Media Player 11: Security Update for Windows Media Player 11 (KB936782)
/ Windows Media Player 11: Hotfix for Windows Media Player 11 (KB939683)
/ Windows Media Player 11: Security Update for Windows Media Player 11 (KB954154)
/ Windows Media Player 6.4: Security Update for Windows Media Player 6.4 (KB925398)
/ Windows Media Player 9: Security Update for Windows Media Player 9 (KB917734)
/ Windows XP: Security Update for Windows XP (KB923689)
/ Windows XP: Security Update for Windows XP (KB941569)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB938127)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB938127-v2)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB953838)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB956390)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB958215)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB960714)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB961260)
/ Windows XP / SP0: Update for Windows Internet Explorer 8 (KB968220)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 8 (KB969897)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 8 (KB971961)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 8 (KB972260)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 8 (KB974455)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 8 (KB976325)
/ Windows XP / SP0: Update for Windows Internet Explorer 8 (KB976749)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 8 (KB978207)
/ Windows XP / SP3: Windows XP Service Pack 3
/ Windows XP / SP4: Security Update for Windows XP (KB923561)
/ Windows XP / SP4: Security Update for Windows XP (KB938464)
/ Windows XP / SP4: Security Update for Windows XP (KB938464-v2)
/ Windows XP / SP4: Security Update for Windows XP (KB946648)
/ Windows XP / SP4: Security Update for Windows XP (KB950762)
/ Windows XP / SP4: Security Update for Windows XP (KB950974)
/ Windows XP / SP4: Security Update for Windows XP (KB951066)
/ Windows XP / SP4: Update for Windows XP (KB951072-v2)
/ Windows XP / SP4: Security Update for Windows XP (KB951376)
/ Windows XP / SP4: Security Update for Windows XP (KB951376-v2)
/ Windows XP / SP4: Security Update for Windows XP (KB951698)
/ Windows XP / SP4: Security Update for Windows XP (KB951748)
/ Windows XP / SP4: Update for Windows XP (KB951978)
/ Windows XP / SP4: Security Update for Windows XP (KB952004)
/ Windows XP / SP4: Hotfix for Windows XP (KB952287)
/ Windows XP / SP4: Security Update for Windows XP (KB952954)
/ Windows XP / SP4: Security Update for Windows XP (KB953838)
/ Windows XP / SP4: Security Update for Windows XP (KB953839)
/ Windows XP / SP4: Security Update for Windows XP (KB954211)
/ Windows XP / SP4: Security Update for Windows XP (KB954459)
/ Windows XP / SP4: Hotfix for Windows XP (KB954550-v5)
/ Windows XP / SP4: Security Update for Windows XP (KB954600)
/ Windows XP / SP4: Security Update for Windows XP (KB955069)
/ Windows XP / SP4: Update for Windows XP (KB955759)
/ Windows XP / SP4: Update for Windows XP (KB955839)
/ Windows XP / SP4: Security Update for Windows XP (KB956391)
/ Windows XP / SP4: Security Update for Windows XP (KB956572)
/ Windows XP / SP4: Security Update for Windows XP (KB956744)
/ Windows XP / SP4: Security Update for Windows XP (KB956802)
/ Windows XP / SP4: Security Update for Windows XP (KB956803)
/ Windows XP / SP4: Security Update for Windows XP (KB956841)
/ Windows XP / SP4: Security Update for Windows XP (KB956844)
/ Windows XP / SP4: Security Update for Windows XP (KB957095)
/ Windows XP / SP4: Security Update for Windows XP (KB957097)
/ Windows XP / SP4: Security Update for Windows XP (KB958644)
/ Windows XP / SP4: Security Update for Windows XP (KB958687)
/ Windows XP / SP4: Security Update for Windows XP (KB958690)
/ Windows XP / SP4: Security Update for Windows XP (KB958869)
/ Windows XP / SP4: Security Update for Windows XP (KB959426)
/ Windows XP / SP4: Security Update for Windows XP (KB960225)
/ Windows XP / SP4: Security Update for Windows XP (KB960715)
/ Windows XP / SP4: Security Update for Windows XP (KB960803)
/ Windows XP / SP4: Security Update for Windows XP (KB960859)
/ Windows XP / SP4: Hotfix for Windows XP (KB961118)
/ Windows XP / SP4: Security Update for Windows XP (KB961371)
/ Windows XP / SP4: Security Update for Windows XP (KB961373)
/ Windows XP / SP4: Security Update for Windows XP (KB961501)
/ Windows XP / SP4: Update for Windows XP (KB967715)
/ Windows XP / SP4: Update for Windows XP (KB968389)
/ Windows XP / SP4: Security Update for Windows XP (KB968537)
/ Windows XP / SP4: Security Update for Windows XP (KB969059)
/ Windows XP / SP4: Security Update for Windows XP (KB969898)
/ Windows XP / SP4: Security Update for Windows XP (KB969947)
/ Windows XP / SP4: Security Update for Windows XP (KB970238)
/ Windows XP / SP4: Security Update for Windows XP (KB970430)
/ Windows XP / SP4: Hotfix for Windows XP (KB970653-v3)
/ Windows XP / SP4: Security Update for Windows XP (KB971486)
/ Windows XP / SP4: Security Update for Windows XP (KB971557)
/ Windows XP / SP4: Security Update for Windows XP (KB971633)
/ Windows XP / SP4: Security Update for Windows XP (KB971657)
/ Windows XP / SP4: Update for Windows XP (KB971737)
/ Windows XP / SP4: Security Update for Windows XP (KB972270)
/ Windows XP / SP4: Security Update for Windows XP (KB973346)
/ Windows XP / SP4: Security Update for Windows XP (KB973354)
/ Windows XP / SP4: Security Update for Windows XP (KB973507)
/ Windows XP / SP4: Security Update for Windows XP (KB973525)
/ Windows XP / SP4: Update for Windows XP (KB973687)
/ Windows XP / SP4: Update for Windows XP (KB973815)
/ Windows XP / SP4: Security Update for Windows XP (KB973869)
/ Windows XP / SP4: Security Update for Windows XP (KB973904)
/ Windows XP / SP4: Security Update for Windows XP (KB974112)
/ Windows XP / SP4: Security Update for Windows XP (KB974318)
/ Windows XP / SP4: Security Update for Windows XP (KB974392)
/ Windows XP / SP4: Security Update for Windows XP (KB974571)
/ Windows XP / SP4: Security Update for Windows XP (KB975025)
/ Windows XP / SP4: Security Update for Windows XP (KB975467)
/ Windows XP / SP4: Hotfix for Windows XP (KB976098-v2)
/ XML Paper Specification Shared Components Pack 1.0: XML Paper Specification Shared Components Pack 1.0


--- Startup entries list ---
Located: HK_LM:Run, Adobe ARM
command: "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
file: C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
size: 948672
MD5: 73BB442A717B9BB0097C243374C14A3E

Located: HK_LM:Run, Adobe Reader Speed Launcher
command: "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
file: C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
size: 35760
MD5: 466CE40EAA865752F4930A472563E4E1

Located: HK_LM:Run, ccApp
command: "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
file: C:\Program Files\Common Files\Symantec Shared\ccApp.exe
size: 58992
MD5: 84EC0B55BCBE872F999ACDCE58E3F67D

Located: HK_LM:Run, MXOBG
command: C:\WINDOWS\MXOALDR.EXE
file: C:\WINDOWS\MXOALDR.EXE
size: 94208
MD5: A6B33A9B1452178AA7968EFFEF266A1D

Located: HK_LM:Run, Norton Ghost 10.0
command: "C:\Program Files\Norton Ghost\Agent\GhostTray.exe"
file: C:\Program Files\Norton Ghost\Agent\GhostTray.exe
size: 1537648
MD5: 5F8BDC81AC2063C1C4BBAFB23F219B90

Located: HK_LM:Run, NvCplDaemon
command: RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
file: C:\WINDOWS\system32\NvCpl.dll
size: 13529088
MD5: 4D8E9C2FB7E234A7FDFA6EC54794217F

Located: HK_LM:Run, RTHDCPL
command: RTHDCPL.EXE
file: C:\WINDOWS\RTHDCPL.EXE
size: 14864384
MD5: 569DDC03B8FEA3936731CAE99DD95FA5

Located: HK_LM:Run, SunJavaUpdateSched
command: "C:\Program Files\Java\jre6\bin\jusched.exe"
file: C:\Program Files\Java\jre6\bin\jusched.exe
size: 149280
MD5: 3A0647BDED81DBE0BCBB51D70B22C9E0

Located: HK_LM:Run, TkBellExe
command: "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
file: C:\Program Files\Common Files\Real\Update_OB\realsched.exe
size: 198160
MD5: 29BE51557A3E686B297BE273EB17CA67

Located: HK_LM:Run, WinPatrol
command: C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
file: C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
size: 320832
MD5: 5F53750CEA64C8D5882D808718A7074A

Located: HK_LM:Run, avgnt (DISABLED)
command: "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
file: C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
size: 209153
MD5: 29680A793F690EEF4AAA68479D2A6DF8

Located: HK_LM:Run, MaxMenuMgr (DISABLED)
command: "C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"
file: C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe
size: 185640
MD5: 473E323057CF9893D7E8C1E2D0CCED23

Located: HK_LM:Run, Microsoft Default Manager (DISABLED)
command: "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
file: C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe
size: 288080
MD5: F8B91C91225E5CAA2B2F0370201021C0

Located: HK_LM:Run, MSN Toolbar (DISABLED)
command: "C:\Program Files\MSN Toolbar\Platform\4.0.0205.2\mswinext.exe"
file: C:\Program Files\MSN Toolbar\Platform\4.0.0205.2\mswinext.exe
size: 239456
MD5: FB4C2A7FF1B6F78395760319B8CD48F2

Located: HK_LM:Run, NvCplDaemon (DISABLED)
command: RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
file: C:\WINDOWS\system32\NvCpl.dll
size: 13529088
MD5: 4D8E9C2FB7E234A7FDFA6EC54794217F

Located: HK_LM:Run, NvMediaCenter (DISABLED)
command: RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
file: C:\WINDOWS\system32\NvMcTray.dll
size: 86016
MD5: 3BC7B677094A2EF0BDDC3A9375E1F8A2

Located: HK_CU:Run, ctfmon.exe
where: S-1-5-21-1844237615-1326574676-725345543-1004...
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 5F1D5F88303D4A4DBC8E5F97BA967CC3

Located: HK_CU:Run, Speaking Clock Deluxe
where: S-1-5-21-1844237615-1326574676-725345543-1004...
command: "C:\Program Files\Speaking Clock Deluxe\SpClDlx.exe"
file: C:\Program Files\Speaking Clock Deluxe\SpClDlx.exe
size: 2350592
MD5: B967DC47D7A432C95BA048EE168E1875

Located: HK_CU:Run, SpybotSD TeaTimer
where: S-1-5-21-1844237615-1326574676-725345543-1004...
command: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
file: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
size: 2260480
MD5: 390679F7A217A5E73D756276C40AE887

Located: HK_CU:RunOnce, FlashPlayerUpdate
where: S-1-5-21-1844237615-1326574676-725345543-1004...
command: C:\WINDOWS\system32\Macromed\Flash\FlashUtil10b.exe
file: C:\WINDOWS\system32\Macromed\Flash\FlashUtil10b.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_CU:Run, ctfmon.exe (DISABLED)
where: S-1-5-21-1844237615-1326574676-725345543-1004...
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 5F1D5F88303D4A4DBC8E5F97BA967CC3

Located: HK_CU:Run, Norton Ghost 10.0 (DISABLED)
where: S-1-5-21-1844237615-1326574676-725345543-1004...
command: C:\Program Files\Norton Ghost\Agent\GhostTray.exe
file: C:\Program Files\Norton Ghost\Agent\GhostTray.exe
size: 1537648
MD5: 5F8BDC81AC2063C1C4BBAFB23F219B90

Located: HK_CU:Run, RetroExpress (DISABLED)
where: S-1-5-21-1844237615-1326574676-725345543-1004...
command: C:\PROGRA~1\Dantz\RETROS~1\RetroExpress.exe /h
file: C:\PROGRA~1\Dantz\RETROS~1\RetroExpress.exe
size: 6946816
MD5: BFBBD64C1CF253183C20BCE6EA8D4E45

Located: HK_CU:Run, Speaking Clock Lite (DISABLED)
where: S-1-5-21-1844237615-1326574676-725345543-1004...
command: C:\Program Files\Speaking Clock\SpClock.exe
file: C:\Program Files\Speaking Clock\SpClock.exe
size: 845824
MD5: 76B56FB8C1ADC6616E6300E9F2D273FB

Located: Startup (common), APC UPS Status.lnk
where: C:\Documents and Settings\All Users\Start Menu\Programs\Startup...
command: C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe
file: C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe
size: 221247
MD5: 0B81AFF779A259847351DFE2C9856785

Located: Startup (common), Microsoft Office.lnk
where: C:\Documents and Settings\All Users\Start Menu\Programs\Startup...
command: C:\Program Files\Microsoft Office\Office\OSA9.EXE
file: C:\Program Files\Microsoft Office\Office\OSA9.EXE
size: 65588
MD5: 57CB86B1CDD77EB5138BA05D1F193463

Located: Startup (user), Check for TWS Updates.lnk
where: C:\Documents and Settings\Admin\Start Menu\Programs\Startup...
command: C:\Jts\WiseUpdt.exe
file: C:\Jts\WiseUpdt.exe
size: 194775
MD5: F28139405132E8106398A389E91FA034

Located: Startup (user), ERUNT AutoBackup.lnk
where: C:\Documents and Settings\Admin\Start Menu\Programs\Startup...
command: C:\Program Files\ERUNT\AUTOBACK.EXE
file: C:\Program Files\ERUNT\AUTOBACK.EXE
size: 38912
MD5: E00DE20F0F6BED5CD2160247DDC9443B

Located: Startup (user), OpenOffice.org 3.1.lnk (DISABLED)
where: C:\Documents and Settings\Admin\Start Menu\Programs\Startup...
command: C:\Program Files\OpenOffice.org 3\program\quickstart.exe
file: C:\Program Files\OpenOffice.org 3\program\quickstart.exe
size: 384000
MD5: C1CF9F3B71E02F06F761021A466518A3

Located: WinLogon, AtiExtEvent
command: Ati2evxx.dll
file: Ati2evxx.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, crypt32chain
command: crypt32.dll
file: crypt32.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, cryptnet
command: cryptnet.dll
file: cryptnet.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, cscdll
command: cscdll.dll
file: cscdll.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, dimsntfy
command: %SystemRoot%\System32\dimsntfy.dll
file: %SystemRoot%\System32\dimsntfy.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, ScCertProp
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, Schedule
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, SensLogn
command: WlNotify.dll
file: WlNotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, termsrv
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, WgaLogon
command: WgaLogon.dll
file: WgaLogon.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, wlballoon
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!



--- Browser helper object list ---
{00C6482D-C502-44C8-8409-FCE54AD9C208} (HelperObject Class)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: HelperObject Class
description: SnagIt
classification: Legitimate
known filename: SnagItBHO.dll
info link: http://www.techsmith.com/products/snagit/default.asp
info source: TonyKlein
Path: C:\Program Files\TechSmith\SnagIt 7\
Long name: SnagItBHO.dll
Short name: SNA335~1.DLL
Date (created): 10/14/2005 6:25:00 AM
Date (last access): 6/28/2008 2:29:58 PM
Date (last write): 10/14/2005 6:25:00 AM
Filesize: 49152
Attributes: archive
MD5: 6AE7D64380CD65BF4C1B637A0E55CD10
CRC32: A536FC51
Version: 1.0.1.0

{18DF081C-E8AD-4283-A596-FA578C2EBDC3} (AcroIEHelperStub)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: AcroIEHelperStub
CLSID name: Adobe PDF Link Helper
Path: C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\
Long name: AcroIEHelperShim.dll
Short name: ACROIE~2.DLL
Date (created): 12/21/2009 6:27:44 PM
Date (last access): 1/19/2010 9:21:20 AM
Date (last write): 12/21/2009 6:27:44 PM
Filesize: 75200
Attributes: archive
MD5: DC1E56092CC57FB4605B088D3DCCBF7A
CRC32: FF82C62B
Version: 9.3.0.148

{53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Spybot-S&D IE Protection
description: Spybot-S&D IE Browser plugin
classification: Legitimate
known filename: SDhelper.dll
info link: http://spybot.eon.net.au/
info source: Patrick M. Kolla
Path: C:\PROGRA~1\SPYBOT~1\
Long name: SDHelper.dll
Short name:
Date (created): 8/8/2008 6:22:16 PM
Date (last access): 2/24/2009 11:17:02 AM
Date (last write): 1/26/2009 3:31:02 PM
Filesize: 1879896
Attributes: archive
MD5: 022C2F6DCCDFA0AD73024D254E62AFAC
CRC32: 5BA24007
Version: 1.6.2.14

{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} (Search Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: Search Helper
CLSID name: Search Helper
Path: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\
Long name: SEPsearchhelperie.dll
Short name:
Date (created): 8/7/2009 5:15:06 PM
Date (last access): 11/1/2009 11:21:30 AM
Date (last write): 8/7/2009 5:15:06 PM
Filesize: 138608
Attributes: archive
MD5: 09F3D779638216DBB6B8D4C1075D6A8F
CRC32: 9CD33635
Version: 2.0.264.0

{9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live ID Sign-in Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Windows Live ID Sign-in Helper
Path: C:\Program Files\Common Files\Microsoft Shared\Windows Live\
Long name: WindowsLiveLogin.dll
Short name:
Date (created): 8/18/2009 11:32:12 AM
Date (last access): 11/1/2009 11:20:18 AM
Date (last write): 8/18/2009 11:32:12 AM
Filesize: 403840
Attributes: archive
MD5: D46ED7D33E847CD9E78E9F02910536B5
CRC32: A5B7CE0C
Version: 6.500.3165.0

{d2ce3e00-f94a-4740-988e-03dc2f38c34f} (MSN Toolbar BHO)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: MSN Toolbar BHO
Path: C:\Program Files\MSN Toolbar\Platform\4.0.0205.2\
Long name: npwinext.dll
Short name:
Date (created): 8/9/2009 10:08:46 PM
Date (last access): 11/1/2009 11:21:26 AM
Date (last write): 8/9/2009 10:08:46 PM
Filesize: 502624
Attributes: archive
MD5: 624A57138BA05FC42BEE1861E1A54FC0
CRC32: 4DAC0139
Version: 4.0.205.2

{DBC80044-A445-435b-BC74-9C25C1C588A9} (Java(tm) Plug-In 2 SSV Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Java(tm) Plug-In 2 SSV Helper
Path: C:\Program Files\Java\jre6\bin\
Long name: jp2ssv.dll
Short name:
Date (created): 1/4/2010 8:18:16 AM
Date (last access): 1/4/2010 8:18:16 AM
Date (last write): 1/4/2010 8:18:16 AM
Filesize: 41760
Attributes: archive
MD5: C9EDE29F223A27873E187D9FB6045EA6
CRC32: 5951C3E0
Version: 6.0.170.4

{E7E6F031-17CE-4C07-BC86-EABFE594F69C} (JQSIEStartDetectorImpl)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: JQSIEStartDetectorImpl
CLSID name: JQSIEStartDetectorImpl Class
Path: C:\Program Files\Java\jre6\lib\deploy\jqs\ie\
Long name: jqs_plugin.dll
Short name: JQS_PL~1.DLL
Date (created): 1/4/2010 8:18:18 AM
Date (last access): 1/4/2010 8:18:18 AM
Date (last write): 1/4/2010 8:18:18 AM
Filesize: 73728
Attributes: archive
MD5: DEE8F03D1EACE0C8F914A2C76568EA32
CRC32: 53F8F67C
Version: 6.0.170.4



--- ActiveX list ---
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class)
DPF name:
CLSID name: MUWebControl Class
Installer:
Codebase: http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1165022501781
description:
classification: Legitimate
known filename: muweb.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\system32\
Long name: muweb.dll
Short name:
Date (created): 5/26/2005 4:19:32 AM
Date (last access): 11/1/2009 6:54:08 PM
Date (last write): 8/6/2009 7:23:46 PM
Filesize: 215920
Attributes: archive
MD5: A1350D646EF6E57E8F4F33EBE7320D08
CRC32: AB3CA24F
Version: 7.4.7600.226

{7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control)
DPF name:
CLSID name: OnlineScanner Control
Installer:
Codebase: http://download.eset.com/special/eos/OnlineScanner.cab
Path: C:\PROGRA~1\ESET\ESETON~1\
Long name: OnlineScanner.ocx
Short name: ONLINE~1.OCX
Date (created): 1/18/2010 9:51:46 AM
Date (last access): 1/18/2010 9:51:46 AM
Date (last write): 10/26/2009 3:45:44 PM
Filesize: 3356232
Attributes: archive
MD5: B933ED3DB918479B8AB39BDD445DB37B
CRC32: 7376E693
Version: 1.0.0.6211

{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_17
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
description: Sun Java
classification: Legitimate
known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
info link:
info source: Patrick M. Kolla
Path: C:\Program Files\Java\jre6\bin\
Long name: npjpi160_17.dll
Short name: NPJPI1~1.DLL
Date (created): 1/4/2010 8:18:16 AM
Date (last access): 1/4/2010 8:18:16 AM
Date (last write): 1/4/2010 8:18:16 AM
Filesize: 136992
Attributes: archive
MD5: 3D58770680F268A23A8CE1F14B49AA2F
CRC32: 6091A816
Version: 6.0.170.4

{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} ()
DPF name:
CLSID name:
Installer:
Codebase:

{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_17
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
Path: C:\Program Files\Java\jre6\bin\
Long name: npjpi160_17.dll
Short name: NPJPI1~1.DLL
Date (created): 1/4/2010 8:18:16 AM
Date (last access): 1/4/2010 8:18:16 AM
Date (last write): 1/4/2010 8:18:16 AM
Filesize: 136992
Attributes: archive
MD5: 3D58770680F268A23A8CE1F14B49AA2F
CRC32: 6091A816
Version: 6.0.170.4

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_17
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
description:
classification: Legitimate
known filename: npjpi150_06.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\jre6\bin\
Long name: npjpi160_17.dll
Short name: NPJPI1~1.DLL
Date (created): 1/4/2010 8:18:16 AM
Date (last access): 1/4/2010 8:18:16 AM
Date (last write): 1/4/2010 8:18:16 AM
Filesize: 136992
Attributes: archive
MD5: 3D58770680F268A23A8CE1F14B49AA2F
CRC32: 6091A816
Version: 6.0.170.4

{D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object)
DPF name:
CLSID name: Shockwave Flash Object
Installer:
Codebase: http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
description: Macromedia Shockwave Flash Player
classification: Legitimate
known filename:
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\system32\Macromed\Flash\
Long name: Flash10c.ocx
Short name:
Date (created): 7/17/2009 10:12:12 PM
Date (last access): 8/18/2009 6:19:30 AM
Date (last write): 7/17/2009 10:12:12 PM
Filesize: 3979680
Attributes: readonly archive
MD5: 43C6ACDFB92A18C3E516E6BD5F1ACD51
CRC32: D6F40D46
Version: 10.0.32.18

{E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class)
DPF name:
CLSID name: GpcContainer Class
Installer:
Codebase: https://interactivebrokers.webex.com/client/T26L/event/ieatgpc.cab
description:
classification: Legitimate
known filename: ieatgpc.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: ieatgpc.dll



--- Process list ---
PID: 0 ( 0) [System]
PID: 548 ( 4) \SystemRoot\System32\smss.exe
size: 50688
PID: 628 ( 548) \??\C:\WINDOWS\system32\csrss.exe
size: 6144
PID: 656 ( 548) \??\C:\WINDOWS\system32\winlogon.exe
size: 507904
PID: 700 ( 656) C:\WINDOWS\system32\services.exe
size: 110592
MD5: 65DF52F5B8B6E9BBD183505225C37315
PID: 712 ( 656) C:\WINDOWS\system32\lsass.exe
size: 13312
MD5: BF2466B3E18E970D8A976FB95FC1CA85
PID: 900 ( 700) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 976 ( 700) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 1060 ( 700) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 1096 ( 700) C:\Program Files\Ahead\InCD\InCDsrv.exe
size: 871424
MD5: E9372A17C22FC4E5C9FD8798A97775FC
PID: 1276 ( 700) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 1388 ( 700) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 1496 ( 700) C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
size: 165488
MD5: BB98479C3135C05291D54DEBD7B310D5
PID: 1564 ( 700) C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
size: 198256
MD5: 69637EB41F3467DDA6CCCEBA7C320E0A
PID: 1572 (1504) C:\WINDOWS\Explorer.EXE
size: 1033728
MD5: 12896823FB95BFB3DC9B46BCAEDC9923
PID: 1776 ( 700) C:\WINDOWS\system32\spoolsv.exe
size: 57856
MD5: D8E14A61ACC1D4A6CD0D38AEBAC7FA3B
PID: 1824 ( 700) C:\Program Files\Avira\AntiVir Desktop\sched.exe
size: 108289
MD5: 9015BC03F62940527EC92D45EE89E46F
PID: 1968 ( 700) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 2024 ( 700) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
size: 185089
MD5: B8720A787C1223492E6F319465E996CE
PID: 2036 ( 700) C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
size: 176193
MD5: DC45AB27932447B598848B10650313C5
PID: 152 ( 700) C:\WINDOWS\system32\Astsrv.exe
size: 57344
MD5: 9559BF0A1D6DCAD83A316FA1E31A755B
PID: 172 ( 700) C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
size: 189736
MD5: 9513B437B7ADB1E6065B7F0D83D11ECF
PID: 276 ( 700) C:\WINDOWS\System32\GEARSec.exe
size: 53248
MD5: B6E01969246FCB67470E87E6957EE147
PID: 380 ( 700) C:\Program Files\Java\jre6\bin\jqs.exe
size: 153376
MD5: 39133291CB607BDD87CFC565A4A1E7A5
PID: 416 ( 700) C:\Program Files\Norton Ghost\Agent\VProSvc.exe
size: 2066024
MD5: 89573B6F88A851EBA44BABE98543C007
PID: 596 ( 700) C:\WINDOWS\system32\nvsvc32.exe
size: 159812
MD5: 0C41C4ACFE00D826DB479C40C1D9EDC8
PID: 620 ( 700) C:\Program Files\Dantz\Retrospect Express HD\retrorun.exe
size: 69632
MD5: DC544952B5F0299A5C5FBE1937242D25
PID: 844 ( 700) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
size: 242048
MD5: CA7E42E0B8D117165ED553A7D681352A
PID: 1176 ( 700) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
size: 1529728
MD5: 5144AE67D60EC653F97DDF3FEED29E77
PID: 2264 ( 700) C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
size: 822424
MD5: B6BF7DD619D045D0F999310882551B7D
PID: 2364 ( 700) C:\WINDOWS\System32\alg.exe
size: 44544
MD5: 8C515081584A38AA007909CD02020B3D
PID: 2944 (1572) C:\WINDOWS\RTHDCPL.EXE
size: 14864384
MD5: 569DDC03B8FEA3936731CAE99DD95FA5
PID: 2968 (1572) C:\WINDOWS\MXOALDR.EXE
size: 94208
MD5: A6B33A9B1452178AA7968EFFEF266A1D
PID: 3024 (1572) C:\Program Files\Java\jre6\bin\jusched.exe
size: 149280
MD5: 3A0647BDED81DBE0BCBB51D70B22C9E0
PID: 3036 (1572) C:\Program Files\Common Files\Real\Update_OB\realsched.exe
size: 198160
MD5: 29BE51557A3E686B297BE273EB17CA67
PID: 3136 (1572) C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
size: 320832
MD5: 5F53750CEA64C8D5882D808718A7074A
PID: 3152 (1572) C:\Program Files\Common Files\Symantec Shared\ccApp.exe
size: 58992
MD5: 84EC0B55BCBE872F999ACDCE58E3F67D
PID: 3160 (1572) C:\Program Files\Norton Ghost\Agent\GhostTray.exe
size: 1537648
MD5: 5F8BDC81AC2063C1C4BBAFB23F219B90
PID: 3176 (1572) C:\Program Files\Speaking Clock Deluxe\SpClDlx.exe
size: 2350592
MD5: B967DC47D7A432C95BA048EE168E1875
PID: 3204 (1572) C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 5F1D5F88303D4A4DBC8E5F97BA967CC3
PID: 3244 (1572) C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
size: 2260480
MD5: 390679F7A217A5E73D756276C40AE887
PID: 3436 (1176) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
size: 183152
MD5: E91B5FA739CCF7F0CE3282B0FCFA5108
PID: 3664 (3308) C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
size: 417855
MD5: A9A5CDFDA52257DB4488F457C3F4022A
PID: 3396 (1572) C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
size: 2335880
MD5: B04CDA7A51B049A43CB7DBCC8FD0931C
PID: 1884 (1572) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 5365592
MD5: 0477C2F9171599CA5BC3307FDFBA8D89
PID: 3044 (1572) C:\Program Files\internet explorer\iexplore.exe
size: 638816
MD5: B60DDDD2D63CE41CB8C487FCFBB6419E
PID: 2096 (3044) C:\Program Files\internet explorer\iexplore.exe
size: 638816
MD5: B60DDDD2D63CE41CB8C487FCFBB6419E
PID: 1996 ( 900) C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
size: 311152
MD5: 4717CC0CC613C56C9AB3AB19BC43BB74
PID: 3128 (3044) C:\Program Files\internet explorer\iexplore.exe
size: 638816
MD5: B60DDDD2D63CE41CB8C487FCFBB6419E
PID: 4 ( 0) System


--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 1/23/2010 9:17:23 AM

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\WINDOWS\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.msn.com/
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
C:\WINDOWS\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://go.microsoft.com/fwlink/?LinkId=54896
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://go.microsoft.com/fwlink/?LinkId=69157
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://go.microsoft.com/fwlink/?LinkId=69157
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://go.microsoft.com/fwlink/?LinkId=54896
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm


--- Winsock Layered Service Provider list ---
Protocol 0: MSAFD Tcpip [TCP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 1: MSAFD Tcpip [UDP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 2: MSAFD Tcpip [RAW/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 3: MSAFD NetBIOS [\Device\NetBT_Tcpip_{6EB8A60A-4560-4CA1-8D06-1B736600D1D3}] SEQPACKET 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 4: MSAFD NetBIOS [\Device\NetBT_Tcpip_{6EB8A60A-4560-4CA1-8D06-1B736600D1D3}] DATAGRAM 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 5: MSAFD NetBIOS [\Device\NetBT_Tcpip_{CD50ABBE-91E6-4690-BF3A-8DAFB8A1935F}] SEQPACKET 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 6: MSAFD NetBIOS [\Device\NetBT_Tcpip_{CD50ABBE-91E6-4690-BF3A-8DAFB8A1935F}] DATAGRAM 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 7: MSAFD NetBIOS [\Device\NetBT_Tcpip_{8DA40E19-4E6F-4A3C-A962-7E084D29110D}] SEQPACKET 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 8: MSAFD NetBIOS [\Device\NetBT_Tcpip_{8DA40E19-4E6F-4A3C-A962-7E084D29110D}] DATAGRAM 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 9: RSVP UDP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 10: RSVP TCP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Namespace Provider 0: Tcpip
GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: TCP/IP

Namespace Provider 1: NTDS
GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
Filename: %SystemRoot%\System32\winrnr.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\winrnr.dll
DB protocol: NTDS

Namespace Provider 2: Network Location Awareness (NLA) Namespace
GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: NLA-Namespace


dLogfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:28:24 AM, on 1/23/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\WINDOWS\system32\Astsrv.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\MXOALDR.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norton Ghost\Agent\GhostTray.exe
C:\Program Files\Speaking Clock Deluxe\SpClDlx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\clipbrd.exe
C:\Program Files\Avira\AntiVir Desktop\avcenter.exe
C:\WINDOWS\system32\wscntfy.exe
C:\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: MSN Toolbar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\4.0.0205.2\npwinext.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
O3 - Toolbar: MSN Toolbar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\4.0.0205.2\npwinext.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [MXOBG] C:\WINDOWS\MXOALDR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Norton Ghost 10.0] "C:\Program Files\Norton Ghost\Agent\GhostTray.exe"
O4 - HKCU\..\Run: [Speaking Clock Deluxe] "C:\Program Files\Speaking Clock Deluxe\SpClDlx.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10b.exe
O4 - Startup: Check for TWS Updates.lnk = C:\Jts\WiseUpdt.exe
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Startup: OpenOffice.org 3.1.lnk.disabled
O4 - Global Startup: APC UPS Status.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1165022501781
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} (Java Plug-in 1.6.0_12) -
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://interactivebrokers.webex.com/client/T26L/event/ieatgpc.cab
O18 - Protocol: intu-qt2007 - {026BF40D-BA05-467B-9F1F-AD0D7A3F5F11} - C:\Program Files\QuickTax 2007\ic2007pp.dll
O18 - Protocol: intu-qt2008 - {05E53CE9-66C8-4A9E-A99F-FDB7A8E7B596} - C:\Program Files\QuickTax 2008\ic2008pp.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: AST Service - Nalpeiron Ltd. - C:\WINDOWS\system32\Astsrv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC - C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Retrospect Express HD Launcher (RetroExpLauncher) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: XoftSpyService - ParetoLogic Inc. - C:\Program Files\Common Files\XoftSpySE\6\xoftspyservice.exe

--
End of file - 9873 bytes
 
Hi Appro

it is not there , registry value is fixed and does not appear in these logs

MyWay.MyWebSearch: [SBI $B267ADF3] IE toolbar (Registry value, fixed)

Thanks peku006

.
 
Hi Peku006,

Thank very much for your reply.

Yes. Spybot was able to correct the problem in the Registry, at least temporarily.

Unfortunately in the past, somehow it re-infects itself from who knows where?

Regards

condor
 
Hi condor

ok, once again :D:

  • Download OTS by Oldtimer to your Desktop and double-click on it to extract the files.
    • NOTE: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Double-click on OTS.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
  • Click the Scan All Users checkbox on the toolbar.
  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
  • Close Notepad (saving the change if necessry).

Thanks peku006
 
Hi Peku006,

Yes. I thought we were done with this, but it seems determined to hang on.

I do appreciate your help.

Here is the OTS log. I have to send in 2 parts because of the size.


Thanks

condor

Code: 
OTS logfile created on: 1/23/2010 12:27:10 PM - Run 1
OTS by OldTimer - Version 3.1.19.4     Folder = C:\Documents and Settings\Admin\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 69.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 87.00% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 111.56 Gb Free Space | 74.85% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: AL-BF3E369F3453
Current User Name: Admin
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
 
[Processes - Safe List]
ots.exe -> C:\Documents and Settings\Admin\Desktop\OTS.exe -> [2010/01/23 12:23:36 | 00,631,296 | ---- | M] (OldTimer Tools)
symlcsvc.exe -> C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -> [2010/01/20 19:36:21 | 00,822,424 | ---- | M] (Symantec Corporation)
realsched.exe -> C:\Program Files\Common Files\Real\Update_OB\realsched.exe -> [2010/01/12 15:29:55 | 00,198,160 | ---- | M] (RealNetworks, Inc.)
jusched.exe -> C:\Program Files\Java\jre6\bin\jusched.exe -> [2010/01/04 08:18:15 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.)
jqs.exe -> C:\Program Files\Java\jre6\bin\jqs.exe -> [2010/01/04 08:18:14 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.)
sched.exe -> C:\Program Files\Avira\AntiVir Desktop\sched.exe -> [2009/12/25 07:05:11 | 00,108,289 | ---- | M] (Avira GmbH)
avguard.exe -> C:\Program Files\Avira\AntiVir Desktop\avguard.exe -> [2009/12/25 07:05:09 | 00,185,089 | ---- | M] (Avira GmbH)
avcenter.exe -> C:\Program Files\Avira\AntiVir Desktop\avcenter.exe -> [2009/12/25 07:05:08 | 00,470,785 | ---- | M] (Avira GmbH)
awc.exe -> C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe -> [2009/11/20 13:51:34 | 02,335,880 | ---- | M] (IObit)
winpatrol.exe -> C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe -> [2009/10/10 16:07:08 | 00,320,832 | ---- | M] (BillP Studios)
freeagentservice.exe -> C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe -> [2009/09/25 23:32:18 | 00,189,736 | ---- | M] (Seagate Technology LLC)
wlidsvc.exe -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -> [2009/08/18 11:29:22 | 01,529,728 | ---- | M] (Microsoft Corporation)
wlidsvcm.exe -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE -> [2009/08/18 11:29:22 | 00,183,152 | ---- | M] (Microsoft Corporation)
seaport.exe -> C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -> [2009/08/07 17:15:06 | 00,242,048 | ---- | M] (Microsoft Corporation)
spcldlx.exe -> C:\Program Files\Speaking Clock Deluxe\SpClDlx.exe -> [2009/06/30 14:54:02 | 02,350,592 | ---- | M] (Lux Aeterna)
nvsvc32.exe -> C:\WINDOWS\system32\nvsvc32.exe -> [2008/05/16 13:01:00 | 00,159,812 | ---- | M] (NVIDIA Corporation)
wscntfy.exe -> C:\WINDOWS\system32\wscntfy.exe -> [2008/04/13 19:12:41 | 00,013,824 | ---- | M] (Microsoft Corporation)
explorer.exe -> C:\WINDOWS\explorer.exe -> [2008/04/13 19:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation)
mxoaldr.exe -> C:\WINDOWS\MXOALDR.EXE -> [2007/06/16 16:44:35 | 00,094,208 | ---- | M] (Cypress Semiconductor)
astsrv.exe -> C:\WINDOWS\system32\AstSrv.exe -> [2007/02/16 19:08:14 | 00,057,344 | ---- | M] (Nalpeiron Ltd.)
apcsystray.exe -> C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe -> [2005/12/12 15:03:54 | 00,417,855 | ---- | M] (American Power Conversion Corporation)
mainserv.exe -> C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe -> [2005/12/12 15:02:24 | 00,176,193 | ---- | M] (American Power Conversion Corporation)
rthdcpl.exe -> C:\WINDOWS\RTHDCPL.exe -> [2005/10/14 20:51:40 | 14,864,384 | R--- | M] (Realtek Semiconductor Corp.)
vprosvc.exe -> C:\Program Files\Norton Ghost\Agent\VProSvc.exe -> [2005/09/09 19:09:28 | 02,066,024 | ---- | M] (Symantec Corporation)
ghosttray.exe -> C:\Program Files\Norton Ghost\Agent\GhostTray.exe -> [2005/09/09 19:09:24 | 01,537,648 | ---- | M] (Symantec Corporation)
gearsec.exe -> C:\WINDOWS\system32\gearsec.exe -> [2005/09/09 19:09:10 | 00,053,248 | ---- | M] (GEAR Software)
incdsrv.exe -> C:\Program Files\Ahead\InCD\InCDsrv.exe -> [2005/07/08 16:24:46 | 00,871,424 | ---- | M] (Nero AG)
ccsetmgr.exe -> C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -> [2004/12/13 15:30:10 | 00,165,488 | ---- | M] (Symantec Corporation)
ccevtmgr.exe -> C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -> [2004/12/13 15:30:04 | 00,198,256 | ---- | M] (Symantec Corporation)
ccapp.exe -> C:\Program Files\Common Files\Symantec Shared\ccApp.exe -> [2004/12/13 15:30:00 | 00,058,992 | ---- | M] (Symantec Corporation)
retrorun.exe -> C:\Program Files\Dantz\Retrospect Express HD\retrorun.exe -> [2004/07/30 14:47:36 | 00,069,632 | ---- | M] (Dantz Development Corporation)
 
[Modules - Safe List]
ots.exe -> C:\Documents and Settings\Admin\Desktop\OTS.exe -> [2010/01/23 12:23:36 | 00,631,296 | ---- | M] (OldTimer Tools)
patrolpro.dll -> C:\Program Files\BillP Studios\WinPatrol\patrolpro.dll -> [2007/03/26 13:03:20 | 00,057,344 | ---- | M] (BillP Studios)
 
[Win32 Services - Safe List]
(is-SP0JE) is-SP0JE [Disabled | Stopped] ->  -> File not found
(is-RFAT4) is-RFAT4 [Disabled | Stopped] ->  -> File not found
(is-O3HS5) is-O3HS5 [Disabled | Stopped] ->  -> File not found
(is-HH2HK) is-HH2HK [Disabled | Stopped] ->  -> File not found
(is-76QSD) is-76QSD [Disabled | Stopped] ->  -> File not found
(Symantec Core LC) Symantec Core LC [On_Demand | Running] -> C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -> [2010/01/20 19:36:21 | 00,822,424 | ---- | M] (Symantec Corporation)
(JavaQuickStarterService) Java Quick Starter [Auto | Running] -> C:\Program Files\Java\jre6\bin\jqs.exe -> [2010/01/04 08:18:14 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.)
(AntiVirSchedulerService) Avira AntiVir Scheduler [Auto | Running] -> C:\Program Files\Avira\AntiVir Desktop\sched.exe -> [2009/12/25 07:05:11 | 00,108,289 | ---- | M] (Avira GmbH)
(AntiVirService) Avira AntiVir Guard [Auto | Running] -> C:\Program Files\Avira\AntiVir Desktop\avguard.exe -> [2009/12/25 07:05:09 | 00,185,089 | ---- | M] (Avira GmbH)
(XoftSpyService) XoftSpyService [On_Demand | Stopped] -> C:\Program Files\Common Files\XoftSpySE\6\xoftspyservice.exe -> [2009/10/23 16:58:06 | 00,582,424 | ---- | M] (ParetoLogic Inc.)
(FreeAgentGoNext Service) Seagate Service [Auto | Running] -> C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe -> [2009/09/25 23:32:18 | 00,189,736 | ---- | M] (Seagate Technology LLC)
(wlidsvc) Windows Live ID Sign-in Assistant [Auto | Running] -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -> [2009/08/18 11:29:22 | 01,529,728 | ---- | M] (Microsoft Corporation)
(SeaPort) SeaPort [Auto | Running] -> C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -> [2009/08/07 17:15:06 | 00,242,048 | ---- | M] (Microsoft Corporation)
(NVSvc) NVIDIA Display Driver Service [Auto | Running] -> C:\WINDOWS\system32\nvsvc32.exe -> [2008/05/16 13:01:00 | 00,159,812 | ---- | M] (NVIDIA Corporation)
(AST Service) AST Service [Auto | Running] -> C:\WINDOWS\system32\AstSrv.exe -> [2007/02/16 19:08:14 | 00,057,344 | ---- | M] (Nalpeiron Ltd.)
(RoxMediaDB9) RoxMediaDB9 [On_Demand | Stopped] -> C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe -> [2007/01/16 12:44:48 | 00,880,640 | ---- | M] (Sonic Solutions)
(stllssvr) stllssvr [On_Demand | Stopped] -> C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -> [2007/01/15 08:05:30 | 00,073,728 | R--- | M] (MicroVision Development, Inc.)
(Roxio UPnP Renderer 9) Roxio UPnP Renderer 9 [On_Demand | Stopped] -> C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe -> [2006/12/13 22:17:26 | 00,057,344 | ---- | M] (Sonic Solutions)
(Roxio Upnp Server 9) Roxio Upnp Server 9 [Auto | Stopped] -> C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe -> [2006/12/13 22:17:02 | 00,294,912 | ---- | M] (Sonic Solutions)
(Ati HotKey Poller) Ati HotKey Poller [Auto | Stopped] -> C:\WINDOWS\system32\ati2evxx.exe -> [2006/02/21 20:39:16 | 00,405,504 | ---- | M] (ATI Technologies Inc.)
(APC UPS Service) APC UPS Service [Auto | Running] -> C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe -> [2005/12/12 15:02:24 | 00,176,193 | ---- | M] (American Power Conversion Corporation)
(Norton Ghost) Norton Ghost [Auto | Running] -> C:\Program Files\Norton Ghost\Agent\VProSvc.exe -> [2005/09/09 19:09:28 | 02,066,024 | ---- | M] (Symantec Corporation)
(GEARSecurity) GEARSecurity [Auto | Running] -> C:\WINDOWS\system32\gearsec.exe -> [2005/09/09 19:09:10 | 00,053,248 | ---- | M] (GEAR Software)
(InCDsrv) InCD Helper [Auto | Running] -> C:\Program Files\Ahead\InCD\InCDsrv.exe -> [2005/07/08 16:24:46 | 00,871,424 | ---- | M] (Nero AG)
(ccSetMgr) Symantec Settings Manager [Auto | Running] -> C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -> [2004/12/13 15:30:10 | 00,165,488 | ---- | M] (Symantec Corporation)
(ccPwdSvc) Symantec Password Validation [On_Demand | Stopped] -> C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe -> [2004/12/13 15:30:08 | 00,079,472 | ---- | M] (Symantec Corporation)
(ccEvtMgr) Symantec Event Manager [Auto | Running] -> C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -> [2004/12/13 15:30:04 | 00,198,256 | ---- | M] (Symantec Corporation)
(IDriverT) InstallDriver Table Manager [On_Demand | Stopped] -> C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -> [2004/10/22 03:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation)
(RetroExpLauncher) Retrospect Express HD Launcher [Auto | Running] -> C:\Program Files\Dantz\Retrospect Express HD\retrorun.exe -> [2004/07/30 14:47:36 | 00,069,632 | ---- | M] (Dantz Development Corporation)
 
[Driver Services - Safe List]
(symlcbrd) symlcbrd [Kernel | Auto | Running] -> C:\WINDOWS\system32\drivers\symlcbrd.sys -> [2010/01/20 19:36:22 | 00,004,608 | ---- | M] (Symantec Corporation)
(avipbb) avipbb [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\avipbb.sys -> [2009/12/25 07:05:12 | 00,096,104 | ---- | M] (Avira GmbH)
(avgntflt) avgntflt [File_System | Auto | Running] -> C:\WINDOWS\system32\drivers\avgntflt.sys -> [2009/12/25 07:05:12 | 00,056,816 | ---- | M] (Avira GmbH)
(ssmdrv) ssmdrv [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\ssmdrv.sys -> [2009/12/25 07:05:12 | 00,028,520 | ---- | M] (Avira GmbH)
(avgio) avgio [Kernel | System | Running] -> C:\Program Files\Avira\AntiVir Desktop\avgio.sys -> [2009/02/13 11:35:05 | 00,011,608 | ---- | M] (Avira GmbH)
(is-U2OSHdrv) is-U2OSHdrv [File_System | System | Running] -> C:\WINDOWS\system32\drivers\09870117.sys -> [2008/07/08 13:54:02 | 00,148,496 | ---- | M] (Kaspersky Lab)
(is-QA78Mdrv) is-QA78Mdrv [File_System | System | Stopped] -> C:\WINDOWS\system32\drivers\60464396.sys -> [2008/07/08 13:54:02 | 00,148,496 | ---- | M] (Kaspersky Lab)
(is-O1MK8drv) is-O1MK8drv [File_System | System | Stopped] -> C:\WINDOWS\system32\drivers\73001606.sys -> [2008/07/08 13:54:02 | 00,148,496 | ---- | M] (Kaspersky Lab)
(is-G4K5Edrv) is-G4K5Edrv [File_System | System | Running] -> C:\WINDOWS\system32\drivers\45373222.sys -> [2008/07/08 13:54:02 | 00,148,496 | ---- | M] (Kaspersky Lab)
(is-FTVCUdrv) is-FTVCUdrv [File_System | System | Running] -> C:\WINDOWS\system32\drivers\88850112.sys -> [2008/07/08 13:54:02 | 00,148,496 | ---- | M] (Kaspersky Lab)
(is-AU098drv) is-AU098drv [File_System | System | Stopped] -> C:\WINDOWS\system32\drivers\64293220.sys -> [2008/07/08 13:54:02 | 00,148,496 | ---- | M] (Kaspersky Lab)
(is-80PSPdrv) is-80PSPdrv [File_System | System | Running] -> C:\WINDOWS\system32\drivers\47602119.sys -> [2008/07/08 13:54:02 | 00,148,496 | ---- | M] (Kaspersky Lab)
(is-7P51Bdrv) is-7P51Bdrv [File_System | System | Running] -> C:\WINDOWS\system32\drivers\48164237.sys -> [2008/07/08 13:54:02 | 00,148,496 | ---- | M] (Kaspersky Lab)
(is-0SG48drv) is-0SG48drv [File_System | System | Stopped] -> C:\WINDOWS\system32\drivers\28882349.sys -> [2008/07/08 13:54:02 | 00,148,496 | ---- | M] (Kaspersky Lab)
(nv) nv [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\nv4_mini.sys -> [2008/05/16 13:01:00 | 06,557,408 | ---- | M] (NVIDIA Corporation)
(HidBatt) HID UPS Battery Driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\hidbatt.sys -> [2008/04/13 13:36:38 | 00,020,352 | ---- | M] (Microsoft Corporation)
(HDAudBus) Microsoft UAA Bus Driver for High Definition Audio [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\hdaudbus.sys -> [2008/04/13 11:36:05 | 00,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider)
(is-SP0JEdrv) is-SP0JEdrv [File_System | System | Stopped] -> C:\WINDOWS\system32\drivers\93704403.sys -> [2008/03/05 10:41:30 | 00,148,496 | ---- | M] (Kaspersky Lab)
(is-RFAT4drv) is-RFAT4drv [File_System | System | Running] -> C:\WINDOWS\system32\drivers\10536068.sys -> [2008/03/05 10:41:30 | 00,148,496 | ---- | M] (Kaspersky Lab)
(is-O3HS5drv) is-O3HS5drv [File_System | System | Running] -> C:\WINDOWS\system32\drivers\61826897.sys -> [2008/03/05 10:41:30 | 00,148,496 | ---- | M] (Kaspersky Lab)
(is-HH2HKdrv) is-HH2HKdrv [File_System | System | Stopped] -> C:\WINDOWS\system32\drivers\83042734.sys -> [2008/03/05 10:41:30 | 00,148,496 | ---- | M] (Kaspersky Lab)
(Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\secdrv.sys -> [2007/11/13 03:47:45 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> C:\WINDOWS\System32\Drivers\PxHelp20.sys -> [2007/03/07 18:51:00 | 00,043,528 | ---- | M] (Sonic Solutions)
(RxFilter) RxFilter [File_System | Disabled | Stopped] -> C:\WINDOWS\system32\drivers\RxFilter.sys -> [2006/12/02 12:19:30 | 00,050,688 | ---- | M] (Sonic Solutions)
(ati2mtag) ati2mtag [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\ati2mtag.sys -> [2006/02/21 20:46:26 | 01,505,792 | ---- | M] (ATI Technologies Inc.)
(IntcAzAudAddService) Service for Realtek HD Audio (WDM) [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\RtkHDAud.Sys -> [2005/10/18 16:15:42 | 04,034,048 | R--- | M] (Realtek Semiconductor Corp.)
(SymSnap) SymSnap [File_System | Boot | Running] -> C:\WINDOWS\system32\drivers\SymSnap.sys -> [2005/09/09 19:09:20 | 00,144,832 | ---- | M] (StorageCraft)
(V2IMount) V2IMount [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\V2iMount.sys -> [2005/09/09 19:09:20 | 00,056,192 | ---- | M] (Symantec Corporation)
(GearAspiWDM) GearAspiWDM [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -> [2005/09/09 19:09:10 | 00,014,408 | ---- | M] (GEAR Software Inc.)
(RTL8023xp) Realtek 10/100/1000 NIC Family all in one NDIS XP Driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\Rtnicxp.sys -> [2005/08/24 15:56:28 | 00,074,752 | ---- | M] (Realtek Semiconductor Corporation                           )
(InCDfs) InCD File System [File_System | Disabled | Running] -> C:\WINDOWS\system32\drivers\InCDfs.sys -> [2005/07/08 16:17:54 | 00,099,584 | ---- | M] (Nero AG)
(InCDPass) InCDPass [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\InCDpass.sys -> [2005/07/08 16:17:36 | 00,029,696 | ---- | M] (Nero AG)
(incdrm) InCD Reader [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\InCDrm.sys -> [2005/07/08 09:17:32 | 00,028,672 | ---- | M] (Nero AG)
(MXOPSWD) Maxtor OneTouch Security Driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\mxopswd.sys -> [2004/10/07 09:21:22 | 00,015,360 | ---- | M] (Maxtor Corp.)
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\ptilink.sys -> [2004/08/04 07:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.)
(rtl8139) Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\RTL8139.sys -> [2004/08/03 21:31:34 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation)
(pfc) Padus ASPI Shell [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\pfc.sys -> [2003/12/05 04:46:36 | 00,010,368 | ---- | M] (Padus, Inc.)
(MXOFX) USB Storage Adapter FX (MXO) [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\MXOFX.SYS -> [2003/10/10 03:23:48 | 00,032,640 | ---- | M] (Cypress Semiconductor)
(NtApm) NT Apm/Legacy Interface Driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\NtApm.sys -> [2001/08/17 13:47:22 | 00,009,344 | ---- | M] (Microsoft Corporation)
(Sentinel) Sentinel [Kernel | Auto | Running] -> C:\WINDOWS\System32\Drivers\SENTINEL.SYS -> [2001/06/21 21:39:02 | 00,073,728 | ---- | M] (Rainbow Technologies, Inc.)
(Sntnlusb) Rainbow USB SuperPro [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\SNTNLUSB.SYS -> [2001/06/21 21:39:02 | 00,020,032 | R--- | M] (Rainbow Technologies Inc.)
(MapMemP) MapMemP [Kernel | Auto | Running] -> C:\WINDOWS\system32\drivers\MAPMEMP.SYS -> [1998/10/26 12:31:12 | 00,063,080 | ---- | M] ()
 
[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
< Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> 
HKEY_USERS\.DEFAULT\: "ProxyEnable" -> 0 -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> 
HKEY_USERS\S-1-5-18\: "ProxyEnable" -> 0 -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-21-1844237615-1326574676-725345543-1004\] > -> -> 
HKEY_USERS\S-1-5-21-1844237615-1326574676-725345543-1004\: Main\\"Default_Secondary_Page_URL" -> www.live.com [binary data] -> 
HKEY_USERS\S-1-5-21-1844237615-1326574676-725345543-1004\: Main\\"SearchDefaultBranded" -> 1 -> 
HKEY_USERS\S-1-5-21-1844237615-1326574676-725345543-1004\: Main\\"Start Page" -> http://www.msn.com/ -> 
HKEY_USERS\S-1-5-21-1844237615-1326574676-725345543-1004\: "ProxyEnable" -> 0 -> 
< FireFox Settings [Prefs.js] > -> C:\Documents and Settings\Admin\Application Data\Mozilla\FireFox\Profiles\4f99sura.default\prefs.js -> 
browser.search.defaultengine -> "Ask.com" ->
browser.search.defaultenginename -> "Ask.com" ->
browser.search.order.1 -> "Ask.com" ->
browser.search.selectedEngine -> "Ask.com" ->
browser.search.useDBForOrder -> true ->
browser.startup.homepage -> "http://www.msn.com" ->
extensions.enabledItems -> jqs@sun.com:1.0 ->
extensions.enabledItems -> msntoolbar@msn.com:4.0 ->
extensions.enabledItems -> {27182e60-b5f3-411c-b545-b44205977502}:1.0 ->
keyword.URL -> "" ->
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
HKLM\software\mozilla\Firefox\extensions ->  -> 
HKLM\software\mozilla\Firefox\extensions\\msntoolbar@msn.com -> C:\Program Files\MSN Toolbar\Platform\4.0.0205.2\Firefox [C:\PROGRAM FILES\MSN TOOLBAR\PLATFORM\4.0.0205.2\FIREFOX] -> [2009/11/01 11:21:24 | 00,000,000 | ---D | M]
HKLM\software\mozilla\Firefox\extensions\\{27182e60-b5f3-411c-b545-b44205977502} -> C:\PROGRAM FILES\MICROSOFT\SEARCH ENHANCEMENT PACK\SEARCH HELPER\FIREFOXEXTENSION\SEARCHHELPEREXTENSION\ [C:\PROGRAM FILES\MICROSOFT\SEARCH ENHANCEMENT PACK\SEARCH HELPER\FIREFOXEXTENSION\SEARCHHELPEREXTENSION\] -> [2009/11/01 11:21:29 | 00,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 3.0.16\extensions ->  -> 
HKLM\software\mozilla\Mozilla Firefox 3.0.16\extensions\\Components -> C:\Program Files\Mozilla Firefox\components [C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS] -> [2010/01/12 15:32:20 | 00,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 3.0.16\extensions\\Plugins -> C:\Program Files\Mozilla Firefox\plugins [C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS] -> [2010/01/19 09:21:37 | 00,000,000 | ---D | M]
< FireFox Extensions [User Folders] > -> 
  -> C:\Documents and Settings\Admin\Application Data\Mozilla\Extensions -> [2009/04/07 18:20:27 | 00,000,000 | ---D | M]
  -> C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\4f99sura.default\extensions -> [2009/12/31 18:03:29 | 00,000,000 | ---D | M]
< FireFox SearchPlugins [User Folders] > -> 
 askcom.xml -> C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\4f99sura.default\searchplugins\askcom.xml -> [2009/12/18 18:32:17 | 00,002,236 | ---- | M] ()
< FireFox Extensions [Program Folders] > -> 
  -> C:\Program Files\Mozilla Firefox\extensions -> [2010/01/04 08:18:51 | 00,000,000 | ---D | M]
< HOSTS File > (619870 bytes and 16467 lines) -> C:\WINDOWS\system32\drivers\etc\HOSTS -> 
First 25 entries...
Reset Hosts
127.0.0.1  localhost
127.0.0.1  fr.a2dfp.net
127.0.0.1  m.fr.a2dfp.net
127.0.0.1  ad.a8.net
127.0.0.1  asy.a8ww.net
127.0.0.1  adv.abv.bg
127.0.0.1  bimg.abv.bg
127.0.0.1  www2.a-counter.kiev.ua
127.0.0.1  track.acclaimnetwork.com
127.0.0.1  accuserveadsystem.com
127.0.0.1  www.accuserveadsystem.com
127.0.0.1  achmedia.com
127.0.0.1  aconti.net
127.0.0.1  secure.aconti.net
127.0.0.1  www.aconti.net #[Dialer.Aconti]
127.0.0.1  ads.active.com
127.0.0.1  am1.activemeter.com
127.0.0.1  www.activemeter.com #[Tracking.Cookie]
127.0.0.1  ads.activepower.net
127.0.0.1  data2.activshopper.com #[Trackware.ActivShopper]
127.0.0.1  stat.active24stats.nl #[Tracking.Cookie]
127.0.0.1  ad2games.com
127.0.0.1  cms.ad2click.nl
127.0.0.1  ads.ad2games.com
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{00C6482D-C502-44C8-8409-FCE54AD9C208} [HKLM] -> C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll [HelperObject Class] -> [2005/10/14 06:25:00 | 00,049,152 | ---- | M] (TechSmith Corporation)
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} [HKLM] -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [Adobe PDF Link Helper] -> [2009/12/21 18:27:44 | 00,075,200 | ---- | M] (Adobe Systems Incorporated)
{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> [2009/01/26 15:31:02 | 01,879,896 | ---- | M] (Safer Networking Limited)
{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} [HKLM] -> C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [Search Helper] -> [2009/08/07 17:15:06 | 00,138,608 | ---- | M] (Microsoft Corporation)
{d2ce3e00-f94a-4740-988e-03dc2f38c34f} [HKLM] -> C:\Program Files\MSN Toolbar\Platform\4.0.0205.2\npwinext.dll [MSN Toolbar BHO] -> [2009/08/09 22:08:46 | 00,502,624 | ---- | M] (Microsoft Corporation)
{DBC80044-A445-435b-BC74-9C25C1C588A9} [HKLM] -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [Java(tm) Plug-In 2 SSV Helper] -> [2010/01/04 08:18:14 | 00,041,760 | ---- | M] (Sun Microsystems, Inc.)
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} [HKLM] -> C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [JQSIEStartDetectorImpl Class] -> [2010/01/04 08:18:17 | 00,073,728 | ---- | M] (Sun Microsystems, Inc.)
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
"{8dcb7100-df86-4384-8842-8fa844297b3f}" [HKLM] -> C:\Program Files\MSN Toolbar\Platform\4.0.0205.2\npwinext.dll [MSN Toolbar] -> [2009/08/09 22:08:46 | 00,502,624 | ---- | M] (Microsoft Corporation)
"{8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3}" [HKLM] -> C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll [SnagIt] -> [2005/10/14 06:25:00 | 00,131,072 | ---- | M] (TechSmith Corporation)
< Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-1844237615-1326574676-725345543-1004\] > -> HKEY_USERS\S-1-5-21-1844237615-1326574676-725345543-1004\Software\Microsoft\Internet Explorer\Toolbar\ -> 
WebBrowser\\"{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
WebBrowser\\"{A057A204-BACC-4D26-9990-79A187E2698E}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
WebBrowser\\"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"Adobe ARM" -> C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe ["C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"] -> [2009/12/11 15:57:56 | 00,948,672 | R--- | M] (Adobe Systems Incorporated)
"Adobe Reader Speed Launcher" -> C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe ["C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"] -> [2009/12/22 01:57:28 | 00,035,760 | ---- | M] (Adobe Systems Incorporated)
"ccApp" -> C:\Program Files\Common Files\Symantec Shared\ccApp.exe ["C:\Program Files\Common Files\Symantec Shared\ccApp.exe"] -> [2004/12/13 15:30:00 | 00,058,992 | ---- | M] (Symantec Corporation)
"MXOBG" -> C:\WINDOWS\MXOALDR.EXE [C:\WINDOWS\MXOALDR.EXE] -> [2007/06/16 16:44:35 | 00,094,208 | ---- | M] (Cypress Semiconductor)
"Norton Ghost 10.0" -> C:\Program Files\Norton Ghost\Agent\GhostTray.exe ["C:\Program Files\Norton Ghost\Agent\GhostTray.exe"] -> [2005/09/09 19:09:24 | 01,537,648 | ---- | M] (Symantec Corporation)
"NvCplDaemon" -> C:\WINDOWS\System32\NvCpl.DLL [RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup] -> [2008/05/16 13:01:00 | 13,529,088 | ---- | M] (NVIDIA Corporation)
"RTHDCPL" -> C:\WINDOWS\RTHDCPL.exe [RTHDCPL.EXE] -> [2005/10/14 20:51:40 | 14,864,384 | R--- | M] (Realtek Semiconductor Corp.)
"SunJavaUpdateSched" -> C:\Program Files\Java\jre6\bin\jusched.exe ["C:\Program Files\Java\jre6\bin\jusched.exe"] -> [2010/01/04 08:18:15 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.)
"TkBellExe" -> C:\Program Files\Common Files\Real\Update_OB\realsched.exe ["C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot] -> [2010/01/12 15:29:55 | 00,198,160 | ---- | M] (RealNetworks, Inc.)
"WinPatrol" -> C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe [C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot] -> [2009/10/10 16:07:08 | 00,320,832 | ---- | M] (BillP Studios)
< Run [HKEY_USERS\S-1-5-21-1844237615-1326574676-725345543-1004\] > -> HKEY_USERS\S-1-5-21-1844237615-1326574676-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"Speaking Clock Deluxe" -> C:\Program Files\Speaking Clock Deluxe\SpClDlx.exe ["C:\Program Files\Speaking Clock Deluxe\SpClDlx.exe"] -> [2009/06/30 14:54:02 | 02,350,592 | ---- | M] (Lux Aeterna)
< RunOnce [HKEY_USERS\S-1-5-21-1844237615-1326574676-725345543-1004\] > -> HKEY_USERS\S-1-5-21-1844237615-1326574676-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce -> 
"FlashPlayerUpdate" -> C:\WINDOWS\System32\Macromed\Flash\FlashUtil10b.exe [C:\WINDOWS\system32\Macromed\Flash\FlashUtil10b.exe] -> File not found
< Admin Startup Folder > -> C:\Documents and Settings\Admin\Start Menu\Programs\Startup -> 
C:\Documents and Settings\Admin\Start Menu\Programs\Startup\Check for TWS Updates.lnk -> C:\Jts\WiseUpdt.exe -> [2006/11/08 14:55:02 | 00,194,775 | ---- | M] ()
C:\Documents and Settings\Admin\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk -> C:\Program Files\ERUNT\AUTOBACK.EXE -> [2005/10/20 12:04:08 | 00,038,912 | ---- | M] ()
 -> C:\Documents and Settings\Admin\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk.disabled -> [2009/07/05 19:53:14 | 00,000,870 | ---- | M] ()
< Administrator Startup Folder > -> C:\Documents and Settings\Administrator\Start Menu\Programs\Startup -> 
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> 
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\APC UPS Status.lnk -> C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe -> [2005/12/12 15:05:30 | 00,221,247 | ---- | M] (American Power Conversion Corporation)
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office\OSA9.EXE -> [1999/02/17 15:05:56 | 00,065,588 | ---- | M] (Microsoft Corporation)
< Default User Startup Folder > -> C:\Documents and Settings\Default User\Start Menu\Programs\Startup -> 
< Software Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions
\Infodelivery\Restrictions\\"NoUpdateCheck" ->  [1] -> File not found
< Software Policy Settings [HKEY_USERS\S-1-5-21-1844237615-1326574676-725345543-1004] > -> HKEY_USERS\S-1-5-21-1844237615-1326574676-725345543-1004\SOFTWARE\Policies\Microsoft\Internet Explorer -> 
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"LinkResolveIgnoreLinkInfo" ->  [0] -> File not found
\\"NoResolveSearch" ->  [1] -> File not found
\\"NoCDBurning" ->  [0] -> File not found
\\"HonorAutoRunSetting" ->  [1] -> File not found
\\"NoDriveAutoRun" ->  [67108863] -> File not found
\\"NoDriveTypeAutoRun" ->  [323] -> File not found
\\"NoDrives" ->  [0] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
< CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [323] -> File not found
\\"NoDriveAutoRun" ->  [67108863] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [323] -> File not found
\\"NoDriveAutoRun" ->  [67108863] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-1844237615-1326574676-725345543-1004] > -> HKEY_USERS\S-1-5-21-1844237615-1326574676-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_USERS\S-1-5-21-1844237615-1326574676-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [323] -> File not found
\\"LinkResolveIgnoreLinkInfo" ->  [0] -> File not found
\\"NoDriveAutoRun" ->  [67108863] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-1844237615-1326574676-725345543-1004] > -> HKEY_USERS\S-1-5-21-1844237615-1326574676-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [Menu: Spybot - Search & Destroy Configuration] -> [2009/01/26 15:31:02 | 01,879,896 | ---- | M] (Safer Networking Limited)
< Internet Explorer Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\"{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}" [HKLM] -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> [2009/01/26 15:31:02 | 01,879,896 | ---- | M] (Safer Networking Limited)
< Internet Explorer Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\"{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}" [HKLM] -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> [2009/01/26 15:31:02 | 01,879,896 | ---- | M] (Safer Networking Limited)
< Internet Explorer Extensions [HKEY_USERS\S-1-5-21-1844237615-1326574676-725345543-1004\] > -> HKEY_USERS\S-1-5-21-1844237615-1326574676-725345543-1004\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\"{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}" [HKLM] -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> [2009/01/26 15:31:02 | 01,879,896 | ---- | M] (Safer Networking Limited)
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 6669 domain(s) found. -> 
60 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 6693 domain(s) found. -> 
60 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 6693 domain(s) found. -> 
60 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4200 domain(s) found. -> 
33 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4200 domain(s) found. -> 
33 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-21-1844237615-1326574676-725345543-1004\] > -> HKEY_USERS\S-1-5-21-1844237615-1326574676-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-21-1844237615-1326574676-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 10228 domain(s) found. -> 
72 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_USERS\S-1-5-21-1844237615-1326574676-725345543-1004\] > -> HKEY_USERS\S-1-5-21-1844237615-1326574676-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-21-1844237615-1326574676-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> 
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{7530BFB8-7293-4D34-9923-61A11451AFC5} [HKLM] -> http://download.eset.com/special/eos/OnlineScanner.cab [OnlineScanner Control] -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab [Java Plug-in 1.6.0_17] -> 
{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} [HKLM] -> Reg Error: Value error. [Reg Error: Value error.] -> 
{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab [Java Plug-in 1.6.0_17] -> 
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab [Java Plug-in 1.6.0_17] -> 
{D27CDB6E-AE6D-11CF-96B8-444553540000} [HKLM] -> http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab [Shockwave Flash Object] -> 
{E06E2E99-0AA1-11D4-ABA6-0060082AA75C} [HKLM] -> https://interactivebrokers.webex.com/client/T26L/event/ieatgpc.cab [GpcContainer Class] -> 
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ -> 
DhcpNameServer -> 192.168.5.1 -> 
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{6EB8A60A-4560-4CA1-8D06-1B736600D1D3}\\DhcpNameServer -> 192.168.5.1   (Realtek RTL8139 Family PCI Fast Ethernet NIC) -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
Explorer.exe -> C:\WINDOWS\explorer.exe -> [2008/04/13 19:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 
AtiExtEvent -> C:\WINDOWS\System32\ati2evxx.dll -> [2006/02/21 20:40:30 | 00,061,440 | ---- | M] (ATI Technologies Inc.)
< Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List -> 
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List -> 
"C:\Ensign\Ensign.exe" -> C:\Ensign\Ensign.exe [C:\Ensign\Ensign.exe:*:Enabled:Ensign Windows] -> [2009/12/31 15:19:08 | 05,246,464 | ---- | M] (Ensign Software, Inc.)
"C:\FTGT\ftgt4.exe" -> C:\FTGT\ftgt4.exe [C:\FTGT\ftgt4.exe:*:Enabled:Fibonacci Galactic Trader 4] -> [2009/08/03 17:40:26 | 18,317,312 | ---- | M] (Fibonacci Trader Corp.)
"C:\Jts\WiseUpdt.exe" -> C:\Jts\WiseUpdt.exe [C:\Jts\WiseUpdt.exe:*:Enabled:Check for TWS Updates] -> [2006/11/08 14:55:02 | 00,194,775 | ---- | M] ()
"C:\MTP6RTData\MTPDataServer.exe" -> C:\MTP6RTData\MTPDataServer.exe [C:\MTP6RTData\MTPDataServer.exe:*:Enabled:Real-Time Data Server for MTPredictor] -> [2009/12/03 02:44:22 | 01,700,864 | ---- | M] (MTPredictor Limited)
"C:\Program Files\Atomic Clock Sync\Atomic.exe" -> C:\Program Files\Atomic Clock Sync\Atomic.exe [C:\Program Files\Atomic Clock Sync\Atomic.exe:*:Enabled:Atomic Clock Sync (2)] -> [2004/06/17 09:46:48 | 00,524,288 | ---- | M] (Chaos Software Group, Inc.)
"C:\Program Files\Conference\Conference.dll" -> C:\Program Files\Conference\Conference.dll [C:\Program Files\Conference\Conference.dll:*:Enabled:Audio/Video Conference by KIOSK Team] -> [2008/06/07 11:15:21 | 03,255,808 | ---- | M] (©2002-2007 Audio/Video Conference Software)
"C:\Program Files\Foxmail\Foxmail.exe" -> C:\Program Files\Foxmail\Foxmail.exe [C:\Program Files\Foxmail\Foxmail.exe:*:Enabled:Foxmail] -> [2004/06/18 09:41:24 | 03,273,216 | ---- | M] (Boda Network Technology Inc.)
"C:\Program Files\NinjaTrader 6.5\bin\NinjaTrader.exe" -> C:\Program Files\NinjaTrader 6.5\bin\NinjaTrader.exe [C:\Program Files\NinjaTrader 6.5\bin\NinjaTrader.exe:*:Enabled:NinjaTrader application] -> [2009/12/09 06:25:04 | 00,143,360 | ---- | M] (NinjaTrader)
"C:\Program Files\Outlook Express\msimn.exe" -> C:\Program Files\Outlook Express\msimn.exe [C:\Program Files\Outlook Express\msimn.exe:*:Enabled:Outlook Express] -> [2008/04/13 19:12:28 | 00,060,416 | -HS- | M] (Microsoft Corporation)
"C:\Program Files\Real Time Software Engineering\MetaServer RT 3.2 for TWS\msrt.exe" -> C:\Program Files\Real Time Software Engineering\MetaServer RT 3.2 for TWS\msrt.exe [C:\Program Files\Real Time Software Engineering\MetaServer RT 3.2 for TWS\msrt.exe:*:Enabled:MetaServer RT 3.2] -> [2008/04/16 16:27:36 | 01,669,888 | ---- | M] (RT Soft Ltd.)
"C:\Program Files\Real\RealPlayer\realplay.exe" -> C:\Program Files\Real\RealPlayer\realplay.exe [C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer] -> [2010/01/12 15:30:06 | 00,222,728 | ---- | M] (RealNetworks, Inc.)
"C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" -> C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe [C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe:*:Enabled:Spybot - Search & Destroy] -> [2009/01/26 15:31:12 | 05,365,592 | RHS- | M] (Safer Networking Limited)
"C:\Program Files\Trading Rooms Technologies, Inc\TradingRooms\Avx\TradingRooms.exe" -> C:\Program Files\Trading Rooms Technologies, Inc\TradingRooms\Avx\TradingRooms.exe [C:\Program Files\Trading Rooms Technologies, Inc\TradingRooms\Avx\TradingRooms.exe:*:Enabled:TradingRooms] -> [2007/05/14 07:43:20 | 00,049,152 | ---- | M] ()
"C:\Program Files\Ventrilo\Ventrilo.exe" -> C:\Program Files\Ventrilo\Ventrilo.exe [C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe] -> [2008/11/10 10:23:50 | 01,539,072 | ---- | M] ()
"C:\SierraChart\SierraChart.exe" -> C:\SierraChart\SierraChart.exe [C:\SierraChart\SierraChart.exe:*:Enabled:Sierra Chart] -> [2009/12/31 02:41:36 | 04,551,680 | ---- | M] (    )
"C:\WINDOWS\system32\javaw.exe" -> C:\WINDOWS\System32\javaw.exe [C:\WINDOWS\system32\javaw.exe:*:Enabled:Java(TM) 2 Platform Standard Edition binary] -> [2010/01/04 08:18:14 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.)
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> 
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 -> 
"DisplayName" -> CD-ROM Driver -> 
"ImagePath" ->  [system32\DRIVERS\cdrom.sys] -> File not found
< Drives with AutoRun files > ->  -> 
C:\AUTOEXEC.BAT [] -> C:\AUTOEXEC.BAT [ NTFS ] -> [2006/04/05 21:14:25 | 00,000,000 | ---- | M] ()
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> 
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command -> 
comfile [open] -> "%1" %* -> 
exefile [open] -> "%1" %* -> 
 

 
[Files/Folders - Created Within 30 Days]


NOTE 2nd half of file to follow....
 
Hi Peku006,

Here is the rest of the file

Thanks

condor

C:\AUTOEXEC.BAT [] -> C:\AUTOEXEC.BAT [ NTFS ] -> [2006/04/05 21:14:25 | 00,000,000 | ---- | M] ()
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 ->
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command ->
comfile [open] -> "%1" %* ->
exefile [open] -> "%1" %* ->

NOTE. End of first half of File




Second half of file starts here.......



[Files/Folders - Created Within 30 Days]
OTS.exe -> C:\Documents and Settings\Admin\Desktop\OTS.exe -> [2010/01/23 12:23:33 | 00,631,296 | ---- | C] (OldTimer Tools)
symlcbrd.sys -> C:\WINDOWS\System32\drivers\symlcbrd.sys -> [2010/01/20 19:36:22 | 00,004,608 | ---- | C] (Symantec Corporation)
WinPatrol -> C:\Documents and Settings\Admin\Application Data\WinPatrol -> [2010/01/20 11:24:24 | 00,000,000 | ---D | C]
BillP Studios -> C:\Program Files\BillP Studios -> [2010/01/20 11:23:57 | 00,000,000 | ---D | C]
SpywareBlaster -> C:\Program Files\SpywareBlaster -> [2010/01/20 11:15:01 | 00,000,000 | ---D | C]
RECYCLER -> C:\RECYCLER -> [2010/01/20 10:38:28 | 00,000,000 | -HSD | C]
backups -> C:\backups -> [2010/01/19 07:10:25 | 00,000,000 | ---D | C]
Desktop -> C:\Documents and Settings\All Users\Desktop -> [2010/01/18 11:22:11 | 00,000,000 | ---D | C]
ESET -> C:\Program Files\ESET -> [2010/01/18 09:51:43 | 00,000,000 | ---D | C]
Admin.exe -> C:\Admin.exe -> [2010/01/17 10:27:45 | 00,401,720 | ---- | C] (Trend Micro Inc.)
Motive -> C:\Documents and Settings\All Users\Application Data\Motive -> [2010/01/15 21:00:57 | 00,000,000 | ---D | C]
Registry Search -> C:\Program Files\Registry Search -> [2010/01/14 13:04:04 | 00,000,000 | ---D | C]
aclayers.dll -> C:\WINDOWS\System32\dllcache\aclayers.dll -> [2010/01/13 07:15:01 | 00,471,552 | ---- | C] (Microsoft Corporation)
Real -> C:\Documents and Settings\All Users\Application Data\Real -> [2010/01/12 15:33:35 | 00,000,000 | ---D | C]
rmoc3260.dll -> C:\WINDOWS\System32\rmoc3260.dll -> [2010/01/12 15:32:20 | 00,185,920 | ---- | C] (RealNetworks, Inc.)
pndx5016.dll -> C:\WINDOWS\System32\pndx5016.dll -> [2010/01/12 15:31:17 | 00,006,656 | ---- | C] (RealNetworks, Inc.)
pndx5032.dll -> C:\WINDOWS\System32\pndx5032.dll -> [2010/01/12 15:31:17 | 00,005,632 | ---- | C] (RealNetworks, Inc.)
xing shared -> C:\Program Files\Common Files\xing shared -> [2010/01/12 15:31:08 | 00,000,000 | ---D | C]
pncrt.dll -> C:\WINDOWS\System32\pncrt.dll -> [2010/01/12 15:30:03 | 00,278,528 | ---- | C] (Real Networks, Inc)
CyberLink -> C:\Documents and Settings\Admin\Application Data\CyberLink -> [2010/01/09 11:16:34 | 00,000,000 | ---D | C]
Speaking Clock Deluxe -> C:\Program Files\Speaking Clock Deluxe -> [2010/01/04 12:58:27 | 00,000,000 | ---D | C]
javaws.exe -> C:\WINDOWS\System32\javaws.exe -> [2010/01/04 08:18:48 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.)
javaw.exe -> C:\WINDOWS\System32\javaw.exe -> [2010/01/04 08:18:48 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.)
java.exe -> C:\WINDOWS\System32\java.exe -> [2010/01/04 08:18:48 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.)
javacpl.cpl -> C:\WINDOWS\System32\javacpl.cpl -> [2010/01/04 08:18:48 | 00,073,728 | ---- | C] (Sun Microsystems, Inc.)
Windows Installer Clean Up -> C:\Program Files\Windows Installer Clean Up -> [2010/01/04 08:11:12 | 00,000,000 | ---D | C]
McAfee -> C:\Documents and Settings\All Users\Application Data\McAfee -> [2010/01/03 11:20:40 | 00,000,000 | ---D | C]
Other Kaspersky uninstall Tools -> C:\Program Files\Other Kaspersky uninstall Tools -> [2010/01/03 10:54:42 | 00,000,000 | ---D | C]
VS Revo Group -> C:\Program Files\VS Revo Group -> [2010/01/02 14:35:05 | 00,000,000 | ---D | C]
Windows Resource Kits -> C:\Program Files\Windows Resource Kits -> [2010/01/01 13:54:09 | 00,000,000 | ---D | C]
Safer Networking -> C:\Documents and Settings\Admin\Application Data\Safer Networking -> [2010/01/01 12:10:57 | 00,000,000 | ---D | C]
Aezay Productions -> C:\Program Files\Aezay Productions -> [2010/01/01 11:46:07 | 00,000,000 | ---D | C]
HijackThis.exe -> C:\HijackThis.exe -> [2010/01/01 10:48:45 | 00,401,720 | ---- | C] (Trend Micro Inc.)
ERUNT -> C:\Program Files\ERUNT -> [2009/12/31 22:09:02 | 00,000,000 | ---D | C]
cmdcons -> C:\cmdcons -> [2009/12/31 08:29:56 | 00,000,000 | RHSD | C]
Safer Networking -> C:\Program Files\Safer Networking -> [2009/12/30 20:11:49 | 00,000,000 | ---D | C]
EnsignBackup -> C:\EnsignBackup -> [2009/12/29 21:56:50 | 00,000,000 | ---D | C]
Malwarebytes -> C:\Documents and Settings\Admin\Application Data\Malwarebytes -> [2009/12/29 12:55:07 | 00,000,000 | ---D | C]
mbamswissarmy.sys -> C:\WINDOWS\System32\drivers\mbamswissarmy.sys -> [2009/12/29 12:54:59 | 00,038,224 | ---- | C] (Malwarebytes Corporation)
Malwarebytes -> C:\Documents and Settings\All Users\Application Data\Malwarebytes -> [2009/12/29 12:54:55 | 00,000,000 | ---D | C]
mbam.sys -> C:\WINDOWS\System32\drivers\mbam.sys -> [2009/12/29 12:54:52 | 00,019,160 | ---- | C] (Malwarebytes Corporation)
Malwarebytes' Anti-Malware -> C:\Program Files\Malwarebytes' Anti-Malware -> [2009/12/29 12:54:52 | 00,000,000 | ---D | C]
ParetoLogic -> C:\Program Files\ParetoLogic -> [2009/12/28 19:21:43 | 00,000,000 | ---D | C]
Microsoft -> C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft -> [2009/12/25 12:18:13 | 00,000,000 | ---D | M]
Adobe -> C:\Documents and Settings\LocalService\Application Data\Adobe -> [2009/12/25 12:18:00 | 00,000,000 | ---D | M]
Backups_Ensign -> C:\Backups_Ensign -> [2009/12/25 08:16:35 | 00,000,000 | ---D | C]
avipbb.sys -> C:\WINDOWS\System32\drivers\avipbb.sys -> [2009/12/24 15:38:52 | 00,096,104 | ---- | C] (Avira GmbH)
avgntflt.sys -> C:\WINDOWS\System32\drivers\avgntflt.sys -> [2009/12/24 15:38:51 | 00,056,816 | ---- | C] (Avira GmbH)
avgntdd.sys -> C:\WINDOWS\System32\drivers\avgntdd.sys -> [2009/12/24 15:38:51 | 00,045,416 | ---- | C] (Avira GmbH)
ssmdrv.sys -> C:\WINDOWS\System32\drivers\ssmdrv.sys -> [2009/12/24 15:38:51 | 00,028,520 | ---- | C] (Avira GmbH)
avgntmgr.sys -> C:\WINDOWS\System32\drivers\avgntmgr.sys -> [2009/12/24 15:38:51 | 00,022,360 | ---- | C] (Avira GmbH)
Avira -> C:\Program Files\Avira -> [2009/12/24 15:38:41 | 00,000,000 | ---D | C]
Avira -> C:\Documents and Settings\All Users\Application Data\Avira -> [2009/12/24 15:38:41 | 00,000,000 | ---D | C]
temp -> C:\WINDOWS\temp -> [2009/12/24 13:50:01 | 00,000,000 | ---D | C]
Microsoft -> C:\Documents and Settings\LocalService\Application Data\Microsoft -> [2009/11/01 11:21:19 | 00,000,000 | --SD | M]
Roxio -> C:\Documents and Settings\LocalService\Application Data\Roxio -> [2008/11/10 20:18:25 | 00,000,000 | ---D | M]
Microsoft -> C:\Documents and Settings\NetworkService\Application Data\Microsoft -> [2008/08/30 08:44:24 | 00,000,000 | --SD | M]
Microsoft -> C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft -> [2008/08/30 08:44:24 | 00,000,000 | ---D | M]

[Files/Folders - Modified Within 30 Days]
fidbox.dat -> C:\WINDOWS\System32\drivers\fidbox.dat -> [2010/01/23 12:26:31 | 17,869,31232 | -HS- | M] ()
OTS.exe -> C:\Documents and Settings\Admin\Desktop\OTS.exe -> [2010/01/23 12:23:36 | 00,631,296 | ---- | M] (OldTimer Tools)
GoogleUpdateTaskUserS-1-5-21-1844237615-1326574676-725345543-1004UA.job -> C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1844237615-1326574676-725345543-1004UA.job -> [2010/01/23 12:18:00 | 00,000,978 | ---- | M] ()
Spybot Bug Report_MyWebSearch.CLP -> C:\Documents and Settings\Admin\Desktop\Spybot Bug Report_MyWebSearch.CLP -> [2010/01/23 09:23:40 | 00,088,439 | ---- | M] ()
wpa.dbl -> C:\WINDOWS\System32\wpa.dbl -> [2010/01/23 07:00:23 | 00,013,646 | ---- | M] ()
nvapps.xml -> C:\WINDOWS\System32\nvapps.xml -> [2010/01/23 06:59:47 | 00,180,569 | ---- | M] ()
SA.DAT -> C:\WINDOWS\tasks\SA.DAT -> [2010/01/23 06:59:06 | 00,000,006 | -H-- | M] ()
bootstat.dat -> C:\WINDOWS\bootstat.dat -> [2010/01/23 06:58:58 | 00,002,048 | --S- | M] ()
hiberfil.sys -> C:\hiberfil.sys -> [2010/01/23 06:58:45 | 21,459,64032 | -HS- | M] ()
VSNAP.IDX -> C:\VSNAP.IDX -> [2010/01/23 06:09:09 | 00,004,096 | -HS- | M] ()
fidbox.idx -> C:\WINDOWS\System32\drivers\fidbox.idx -> [2010/01/23 06:09:08 | 20,933,888 | -HS- | M] ()
ntuser.dat -> C:\Documents and Settings\Admin\ntuser.dat -> [2010/01/23 06:07:40 | 11,534,336 | ---- | M] ()
ntuser.ini -> C:\Documents and Settings\Admin\ntuser.ini -> [2010/01/23 06:07:40 | 00,000,278 | -HS- | M] ()
GoogleUpdateTaskUserS-1-5-21-1844237615-1326574676-725345543-1004Core.job -> C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1844237615-1326574676-725345543-1004Core.job -> [2010/01/22 19:18:03 | 00,000,926 | ---- | M] ()
IconCache.db -> C:\Documents and Settings\Admin\Local Settings\Application Data\IconCache.db -> [2010/01/22 16:07:25 | 21,515,974 | -H-- | M] ()
FTGT32.INI -> C:\WINDOWS\FTGT32.INI -> [2010/01/22 16:05:51 | 00,000,550 | ---- | M] ()
solfire6.ini -> C:\WINDOWS\solfire6.ini -> [2010/01/22 14:55:11 | 00,005,755 | ---- | M] ()
astros.ini -> C:\WINDOWS\astros.ini -> [2010/01/22 10:51:05 | 00,000,405 | ---- | M] ()
KADJISYS.INI -> C:\WINDOWS\KADJISYS.INI -> [2010/01/22 07:33:12 | 00,000,024 | ---- | M] ()
FTROBOT.INI -> C:\WINDOWS\FTROBOT.INI -> [2010/01/22 07:21:27 | 00,000,023 | ---- | M] ()
ETF GROUPS & SHARES.xls -> C:\Documents and Settings\Admin\My Documents\ETF GROUPS & SHARES.xls -> [2010/01/21 21:06:29 | 00,029,184 | ---- | M] ()
ParetoLogic Registration3.job -> C:\WINDOWS\tasks\ParetoLogic Registration3.job -> [2010/01/21 18:00:01 | 00,000,444 | ---- | M] ()
TWS Previous Version.LNK -> C:\Documents and Settings\All Users\Desktop\TWS Previous Version.LNK -> [2010/01/21 07:36:04 | 00,001,667 | ---- | M] ()
Trader Workstation 4.0.LNK -> C:\Documents and Settings\All Users\Desktop\Trader Workstation 4.0.LNK -> [2010/01/21 07:36:04 | 00,001,647 | ---- | M] ()
ib.ini -> C:\WINDOWS\ib.ini -> [2010/01/21 07:36:04 | 00,000,042 | ---- | M] ()
Check for TWS Updates.lnk -> C:\Documents and Settings\Admin\Start Menu\Programs\Startup\Check for TWS Updates.lnk -> [2010/01/21 07:36:03 | 00,000,485 | ---- | M] ()
symlcbrd.sys -> C:\WINDOWS\System32\drivers\symlcbrd.sys -> [2010/01/20 19:36:22 | 00,004,608 | ---- | M] (Symantec Corporation)
HOSTS -> C:\WINDOWS\System32\drivers\etc\HOSTS -> [2010/01/20 19:03:05 | 00,619,870 | ---- | M] ()
GDIPFONTCACHEV1.DAT -> C:\Documents and Settings\Admin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT -> [2010/01/20 12:23:37 | 00,087,680 | ---- | M] ()
Shortcut to WinPatrolEx.exe.lnk -> C:\Documents and Settings\Admin\Desktop\Shortcut to WinPatrolEx.exe.lnk -> [2010/01/20 11:29:51 | 00,000,758 | ---- | M] ()
SpywareBlaster.lnk -> C:\Documents and Settings\Admin\Desktop\SpywareBlaster.lnk -> [2010/01/20 11:15:05 | 00,000,690 | ---- | M] ()
FNTCACHE.DAT -> C:\WINDOWS\System32\FNTCACHE.DAT -> [2010/01/20 10:48:16 | 00,327,504 | ---- | M] ()
system.ini -> C:\WINDOWS\system.ini -> [2010/01/20 08:34:20 | 00,000,227 | ---- | M] ()
HOSTS.MVP -> C:\WINDOWS\System32\drivers\etc\HOSTS.MVP -> [2010/01/20 07:21:55 | 00,374,883 | ---- | M] ()
Shortcut to clipbrd.exe.lnk -> C:\Documents and Settings\Admin\Desktop\Shortcut to clipbrd.exe.lnk -> [2010/01/19 12:54:56 | 00,000,631 | ---- | M] ()
Adobe Reader 9.lnk -> C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk -> [2010/01/19 09:21:39 | 00,001,729 | ---- | M] ()
cdplayer.ini -> C:\WINDOWS\cdplayer.ini -> [2010/01/16 08:50:05 | 00,040,418 | ---- | M] ()
ODBC.INI -> C:\WINDOWS\ODBC.INI -> [2010/01/16 07:41:50 | 00,000,376 | ---- | M] ()
win.ini -> C:\WINDOWS\win.ini -> [2010/01/16 07:41:12 | 00,002,680 | ---- | M] ()
Microsoft Office.lnk -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk -> [2010/01/16 07:41:06 | 00,001,725 | ---- | M] ()
hosts.20100120-072155.backup -> C:\WINDOWS\System32\drivers\etc\hosts.20100120-072155.backup -> [2010/01/15 19:01:31 | 00,374,883 | ---- | M] ()
imsins.BAK -> C:\WINDOWS\imsins.BAK -> [2010/01/13 07:49:36 | 00,001,374 | ---- | M] ()
hosts.20100115-190131.backup -> C:\WINDOWS\System32\drivers\etc\hosts.20100115-190131.backup -> [2010/01/12 19:09:51 | 00,373,249 | ---- | M] ()
rmoc3260.dll -> C:\WINDOWS\System32\rmoc3260.dll -> [2010/01/12 15:32:20 | 00,185,920 | ---- | M] (RealNetworks, Inc.)
pndx5016.dll -> C:\WINDOWS\System32\pndx5016.dll -> [2010/01/12 15:31:17 | 00,006,656 | ---- | M] (RealNetworks, Inc.)
pndx5032.dll -> C:\WINDOWS\System32\pndx5032.dll -> [2010/01/12 15:31:17 | 00,005,632 | ---- | M] (RealNetworks, Inc.)
pncrt.dll -> C:\WINDOWS\System32\pncrt.dll -> [2010/01/12 15:30:03 | 00,278,528 | ---- | M] (Real Networks, Inc)
1.hosts -> C:\WINDOWS\System32\drivers\etc\1.hosts -> [2010/01/12 04:36:26 | 00,619,896 | ---- | M] ()
hosts.20100112-190951.backup -> C:\WINDOWS\System32\drivers\etc\hosts.20100112-190951.backup -> [2010/01/09 19:53:28 | 00,373,249 | ---- | M] ()
Microsoft Excel (2).lnk -> C:\Documents and Settings\Admin\Desktop\Microsoft Excel (2).lnk -> [2010/01/08 08:04:32 | 00,002,471 | ---- | M] ()
Fibonacci Galactic Trader 4 (2).lnk -> C:\Documents and Settings\Admin\Desktop\Fibonacci Galactic Trader 4 (2).lnk -> [2010/01/08 07:57:21 | 00,001,307 | ---- | M] ()
mbamswissarmy.sys -> C:\WINDOWS\System32\drivers\mbamswissarmy.sys -> [2010/01/07 16:07:14 | 00,038,224 | ---- | M] (Malwarebytes Corporation)
mbam.sys -> C:\WINDOWS\System32\drivers\mbam.sys -> [2010/01/07 16:07:04 | 00,019,160 | ---- | M] (Malwarebytes Corporation)
Sierra Chart (C--SierraChart).lnk -> C:\Documents and Settings\Admin\Desktop\Sierra Chart (C--SierraChart).lnk -> [2010/01/06 14:54:19 | 00,000,560 | ---- | M] ()
XoftSpySE.job -> C:\WINDOWS\tasks\XoftSpySE.job -> [2010/01/06 01:46:03 | 00,000,376 | ---- | M] ()
Advanced SystemCare (2).lnk -> C:\Documents and Settings\Admin\Desktop\Advanced SystemCare (2).lnk -> [2010/01/05 19:54:12 | 00,000,898 | ---- | M] ()
OpenOffice.org (2).lnk -> C:\Documents and Settings\Admin\Desktop\OpenOffice.org (2).lnk -> [2010/01/05 19:17:47 | 00,000,917 | ---- | M] ()
Solar Fire Deluxe (2).lnk -> C:\Documents and Settings\Admin\Desktop\Solar Fire Deluxe (2).lnk -> [2010/01/05 19:15:54 | 00,001,547 | ---- | M] ()
TWS Previous Version.LNK -> C:\TWS Previous Version.LNK -> [2010/01/05 17:51:14 | 00,001,595 | ---- | M] ()
Trader Workstation 4.0.LNK -> C:\Trader Workstation 4.0.LNK -> [2010/01/05 17:51:14 | 00,001,575 | ---- | M] ()
Start AntiVir (2).lnk -> C:\Documents and Settings\Admin\Desktop\Start AntiVir (2).lnk -> [2010/01/04 20:36:09 | 00,001,725 | ---- | M] ()
Launch ParetoLogic Privacy Controls (2).lnk -> C:\Documents and Settings\Admin\Desktop\Launch ParetoLogic Privacy Controls (2).lnk -> [2010/01/04 19:14:00 | 00,000,891 | ---- | M] ()
Launch XoftSpySE (2).lnk -> C:\Documents and Settings\Admin\Desktop\Launch XoftSpySE (2).lnk -> [2010/01/04 19:12:48 | 00,000,819 | ---- | M] ()
Malwarebytes' Anti-Malware (2).lnk -> C:\Documents and Settings\Admin\Desktop\Malwarebytes' Anti-Malware (2).lnk -> [2010/01/04 19:11:40 | 00,000,708 | ---- | M] ()
Progs_.ini -> C:\WINDOWS\Progs_.ini -> [2010/01/04 12:58:44 | 00,000,041 | ---- | M] ()
Speaking Clock Deluxe.lnk -> C:\Documents and Settings\Admin\Desktop\Speaking Clock Deluxe.lnk -> [2010/01/04 12:58:30 | 00,000,688 | ---- | M] ()
Trader Workstation 4.0 (2).LNK -> C:\Documents and Settings\Admin\Desktop\Trader Workstation 4.0 (2).LNK -> [2010/01/04 08:23:59 | 00,001,661 | ---- | M] ()
javaws.exe -> C:\WINDOWS\System32\javaws.exe -> [2010/01/04 08:18:14 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.)
javaw.exe -> C:\WINDOWS\System32\javaw.exe -> [2010/01/04 08:18:14 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.)
java.exe -> C:\WINDOWS\System32\java.exe -> [2010/01/04 08:18:14 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.)
javacpl.cpl -> C:\WINDOWS\System32\javacpl.cpl -> [2010/01/04 08:18:14 | 00,073,728 | ---- | M] (Sun Microsystems, Inc.)
deploytk.dll -> C:\WINDOWS\System32\deploytk.dll -> [2010/01/04 08:18:13 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.)
Ensign Windows.lnk -> C:\Documents and Settings\Admin\Desktop\Ensign Windows.lnk -> [2010/01/03 15:46:35 | 00,000,494 | ---- | M] ()
NeroDigital.ini -> C:\WINDOWS\NeroDigital.ini -> [2010/01/03 10:57:02 | 00,000,069 | ---- | M] ()
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Documents and Settings\Admin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2010/01/02 18:58:18 | 00,006,656 | ---- | M] ()
Shortcut to HijackThis.exe.lnk -> C:\Documents and Settings\Admin\Desktop\Shortcut to HijackThis.exe.lnk -> [2010/01/01 10:49:03 | 00,000,411 | ---- | M] ()
HijackThis.exe -> C:\HijackThis.exe -> [2010/01/01 10:48:46 | 00,401,720 | ---- | M] (Trend Micro Inc.)
Admin.exe -> C:\Admin.exe -> [2010/01/01 10:48:46 | 00,401,720 | ---- | M] (Trend Micro Inc.)
ERUNT AutoBackup.lnk -> C:\Documents and Settings\Admin\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk -> [2009/12/31 22:09:11 | 00,000,767 | ---- | M] ()
ERUNT.lnk -> C:\Documents and Settings\Admin\Desktop\ERUNT.lnk -> [2009/12/31 22:09:04 | 00,000,592 | ---- | M] ()
requested-files[2009-12-31_22_01].cab -> C:\Documents and Settings\Admin\Desktop\requested-files[2009-12-31_22_01].cab -> [2009/12/31 22:01:40 | 00,013,840 | ---- | M] ()
boot.ini -> C:\boot.ini -> [2009/12/31 18:49:07 | 00,000,314 | RHS- | M] ()
hosts.20100109-195327.backup -> C:\WINDOWS\System32\drivers\etc\hosts.20100109-195327.backup -> [2009/12/31 11:16:11 | 00,372,665 | ---- | M] ()
hosts.20091231-111611.backup -> C:\WINDOWS\System32\drivers\etc\hosts.20091231-111611.backup -> [2009/12/31 08:01:29 | 00,372,665 | ---- | M] ()
hosts.20091231-080129.backup -> C:\WINDOWS\System32\drivers\etc\hosts.20091231-080129.backup -> [2009/12/31 07:20:13 | 00,372,665 | ---- | M] ()
1st_Quarter_2010_Almanac.pdf -> C:\Documents and Settings\Admin\My Documents\1st_Quarter_2010_Almanac.pdf -> [2009/12/30 15:48:58 | 03,084,487 | ---- | M] ()
ParetoLogic Privacy Controls_{25B399F8-F410-11DE-82C1-0016761CF813}.job -> C:\WINDOWS\tasks\ParetoLogic Privacy Controls_{25B399F8-F410-11DE-82C1-0016761CF813}.job -> [2009/12/28 19:21:47 | 00,000,446 | ---- | M] ()
MTPredictor Data Server v1.3.lnk -> C:\Documents and Settings\Admin\Desktop\MTPredictor Data Server v1.3.lnk -> [2009/12/28 13:17:47 | 00,002,243 | ---- | M] ()
hosts.20091231-072013.backup -> C:\WINDOWS\System32\drivers\etc\hosts.20091231-072013.backup -> [2009/12/27 21:13:18 | 00,372,089 | ---- | M] ()
avipbb.sys -> C:\WINDOWS\System32\drivers\avipbb.sys -> [2009/12/25 07:05:12 | 00,096,104 | ---- | M] (Avira GmbH)
avgntflt.sys -> C:\WINDOWS\System32\drivers\avgntflt.sys -> [2009/12/25 07:05:12 | 00,056,816 | ---- | M] (Avira GmbH)
ssmdrv.sys -> C:\WINDOWS\System32\drivers\ssmdrv.sys -> [2009/12/25 07:05:12 | 00,028,520 | ---- | M] (Avira GmbH)
Boot.bak -> C:\Boot.bak -> [2009/12/24 14:31:43 | 00,000,210 | ---- | M] ()
8 C:\Documents and Settings\Admin\Local Settings\temp\*.tmp files -> C:\Documents and Settings\Admin\Local Settings\temp\*.tmp ->

[Files - No Company Name]
Spybot Bug Report_MyWebSearch.CLP -> C:\Documents and Settings\Admin\Desktop\Spybot Bug Report_MyWebSearch.CLP -> [2010/01/23 09:23:40 | 00,088,439 | ---- | C] ()
TWS Previous Version.LNK -> C:\Documents and Settings\All Users\Desktop\TWS Previous Version.LNK -> [2010/01/21 07:36:04 | 00,001,667 | ---- | C] ()
Trader Workstation 4.0.LNK -> C:\Documents and Settings\All Users\Desktop\Trader Workstation 4.0.LNK -> [2010/01/21 07:36:04 | 00,001,647 | ---- | C] ()
Shortcut to WinPatrolEx.exe.lnk -> C:\Documents and Settings\Admin\Desktop\Shortcut to WinPatrolEx.exe.lnk -> [2010/01/20 11:29:51 | 00,000,758 | ---- | C] ()
SpywareBlaster.lnk -> C:\Documents and Settings\Admin\Desktop\SpywareBlaster.lnk -> [2010/01/20 11:15:05 | 00,000,690 | ---- | C] ()
Shortcut to clipbrd.exe.lnk -> C:\Documents and Settings\Admin\Desktop\Shortcut to clipbrd.exe.lnk -> [2010/01/19 12:54:56 | 00,000,631 | ---- | C] ()
Adobe Reader 9.lnk -> C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk -> [2010/01/19 09:21:39 | 00,001,729 | ---- | C] ()
hiberfil.sys -> C:\hiberfil.sys -> [2010/01/17 10:12:14 | 21,459,64032 | -HS- | C] ()
Calc_Furnaces.xls -> C:\Documents and Settings\Admin\My Documents\Calc_Furnaces.xls -> [2010/01/13 18:41:18 | 00,208,384 | ---- | C] ()
IconCache.db -> C:\Documents and Settings\Admin\Local Settings\Application Data\IconCache.db -> [2010/01/12 16:19:47 | 21,515,974 | -H-- | C] ()
Fibonacci Galactic Trader 4 (2).lnk -> C:\Documents and Settings\Admin\Desktop\Fibonacci Galactic Trader 4 (2).lnk -> [2010/01/08 07:57:21 | 00,001,307 | ---- | C] ()
Advanced SystemCare (2).lnk -> C:\Documents and Settings\Admin\Desktop\Advanced SystemCare (2).lnk -> [2010/01/05 19:54:12 | 00,000,898 | ---- | C] ()
OpenOffice.org (2).lnk -> C:\Documents and Settings\Admin\Desktop\OpenOffice.org (2).lnk -> [2010/01/05 19:17:47 | 00,000,917 | ---- | C] ()
Solar Fire Deluxe (2).lnk -> C:\Documents and Settings\Admin\Desktop\Solar Fire Deluxe (2).lnk -> [2010/01/05 19:15:54 | 00,001,547 | ---- | C] ()
TWS Previous Version.LNK -> C:\TWS Previous Version.LNK -> [2010/01/05 17:51:14 | 00,001,595 | ---- | C] ()
Trader Workstation 4.0.LNK -> C:\Trader Workstation 4.0.LNK -> [2010/01/05 17:51:13 | 00,001,575 | ---- | C] ()
Start AntiVir (2).lnk -> C:\Documents and Settings\Admin\Desktop\Start AntiVir (2).lnk -> [2010/01/04 20:36:09 | 00,001,725 | ---- | C] ()
Launch ParetoLogic Privacy Controls (2).lnk -> C:\Documents and Settings\Admin\Desktop\Launch ParetoLogic Privacy Controls (2).lnk -> [2010/01/04 19:14:00 | 00,000,891 | ---- | C] ()
Launch XoftSpySE (2).lnk -> C:\Documents and Settings\Admin\Desktop\Launch XoftSpySE (2).lnk -> [2010/01/04 19:12:48 | 00,000,819 | ---- | C] ()
Malwarebytes' Anti-Malware (2).lnk -> C:\Documents and Settings\Admin\Desktop\Malwarebytes' Anti-Malware (2).lnk -> [2010/01/04 19:11:40 | 00,000,708 | ---- | C] ()
Progs_.ini -> C:\WINDOWS\Progs_.ini -> [2010/01/04 12:58:44 | 00,000,041 | ---- | C] ()
Speaking Clock Deluxe.lnk -> C:\Documents and Settings\Admin\Desktop\Speaking Clock Deluxe.lnk -> [2010/01/04 12:58:30 | 00,000,688 | ---- | C] ()
Trader Workstation 4.0 (2).LNK -> C:\Documents and Settings\Admin\Desktop\Trader Workstation 4.0 (2).LNK -> [2010/01/04 08:23:59 | 00,001,661 | ---- | C] ()
ntuser.dat -> C:\Documents and Settings\Admin\ntuser.dat -> [2010/01/03 11:33:24 | 11,534,336 | ---- | C] ()
Shortcut to HijackThis.exe.lnk -> C:\Documents and Settings\Admin\Desktop\Shortcut to HijackThis.exe.lnk -> [2010/01/01 10:49:03 | 00,000,411 | ---- | C] ()
ERUNT AutoBackup.lnk -> C:\Documents and Settings\Admin\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk -> [2009/12/31 22:09:11 | 00,000,767 | ---- | C] ()
ERUNT.lnk -> C:\Documents and Settings\Admin\Desktop\ERUNT.lnk -> [2009/12/31 22:09:04 | 00,000,592 | ---- | C] ()
requested-files[2009-12-31_22_01].cab -> C:\Documents and Settings\Admin\Desktop\requested-files[2009-12-31_22_01].cab -> [2009/12/31 22:01:40 | 00,013,840 | ---- | C] ()
1st_Quarter_2010_Almanac.pdf -> C:\Documents and Settings\Admin\My Documents\1st_Quarter_2010_Almanac.pdf -> [2009/12/30 15:48:58 | 03,084,487 | ---- | C] ()
ParetoLogic Privacy Controls_{25B399F8-F410-11DE-82C1-0016761CF813}.job -> C:\WINDOWS\tasks\ParetoLogic Privacy Controls_{25B399F8-F410-11DE-82C1-0016761CF813}.job -> [2009/12/28 19:21:46 | 00,000,446 | ---- | C] ()
Microsoft Office.lnk -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk -> [2009/12/24 14:32:10 | 00,001,725 | ---- | C] ()
APC UPS Status.lnk -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup\APC UPS Status.lnk -> [2009/12/24 14:32:10 | 00,000,629 | ---- | C] ()
NtDirect.dll -> C:\WINDOWS\System32\NtDirect.dll -> [2009/12/09 06:24:54 | 00,098,304 | ---- | C] ()
mdm.ini -> C:\WINDOWS\mdm.ini -> [2009/05/09 19:32:30 | 00,000,063 | ---- | C] ()
RMDSConfig.ini -> C:\WINDOWS\System32\RMDSConfig.ini -> [2009/03/19 09:10:50 | 00,000,108 | ---- | C] ()
ss.drv -> C:\WINDOWS\System32\ss.drv -> [2008/12/29 12:53:57 | 00,006,144 | -HS- | C] ()
EurekaLog.ini -> C:\WINDOWS\EurekaLog.ini -> [2008/11/29 10:19:10 | 00,000,131 | ---- | C] ()
{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini -> C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini -> [2008/11/17 08:41:05 | 00,000,262 | ---- | C] ()
daptanmo.dll -> C:\WINDOWS\System32\daptanmo.dll -> [2008/08/05 11:39:47 | 00,004,608 | ---- | C] ()
winros_old.ini -> C:\WINDOWS\winros_old.ini -> [2008/08/04 18:48:05 | 00,000,306 | ---- | C] ()
winros.ini -> C:\WINDOWS\winros.ini -> [2008/08/04 18:48:05 | 00,000,301 | ---- | C] ()
WinSig_old.ini -> C:\WINDOWS\WinSig_old.ini -> [2008/08/04 18:48:05 | 00,000,072 | ---- | C] ()
WinSig.ini -> C:\WINDOWS\WinSig.ini -> [2008/08/04 18:48:05 | 00,000,072 | ---- | C] ()
reader_old.ini -> C:\WINDOWS\reader_old.ini -> [2008/08/04 18:48:05 | 00,000,070 | ---- | C] ()
reader.ini -> C:\WINDOWS\reader.ini -> [2008/08/04 18:48:05 | 00,000,070 | ---- | C] ()
msnotr32.dll -> C:\WINDOWS\System32\msnotr32.dll -> [2008/07/19 09:49:13 | 00,000,009 | ---- | C] ()
abaecdfdee_z.dll -> C:\WINDOWS\System32\abaecdfdee_z.dll -> [2008/07/11 19:20:54 | 00,000,023 | -HS- | C] ()
patchw32.dll -> C:\WINDOWS\System32\patchw32.dll -> [2008/07/04 06:23:45 | 00,164,864 | ---- | C] ()
LFCMP61N.DLL -> C:\WINDOWS\System32\LFCMP61N.DLL -> [2008/07/04 06:23:44 | 00,158,720 | ---- | C] ()
Lfpng61n.dll -> C:\WINDOWS\System32\Lfpng61n.dll -> [2008/07/04 06:23:44 | 00,110,080 | ---- | C] ()
LTFIL61N.DLL -> C:\WINDOWS\System32\LTFIL61N.DLL -> [2008/07/04 06:23:44 | 00,043,008 | ---- | C] ()
MSWTHK32.DLL -> C:\WINDOWS\System32\MSWTHK32.DLL -> [2008/07/04 06:23:44 | 00,017,920 | ---- | C] ()
MSWTHK16.DLL -> C:\WINDOWS\System32\MSWTHK16.DLL -> [2008/07/04 06:23:44 | 00,003,360 | ---- | C] ()
patchw32.dll -> C:\WINDOWS\patchw32.dll -> [2008/06/06 18:17:15 | 00,215,144 | R--- | C] ()
pw32a.dll -> C:\WINDOWS\pw32a.dll -> [2008/06/06 18:15:12 | 00,215,144 | R--- | C] ()
pdfxp.dll -> C:\WINDOWS\System32\pdfxp.dll -> [2008/04/07 09:18:59 | 00,081,920 | ---- | C] ()
adwarealert.sys -> C:\WINDOWS\System32\drivers\adwarealert.sys -> [2008/01/25 18:25:35 | 00,019,568 | ---- | C] ()
SierraChart.INI -> C:\WINDOWS\SierraChart.INI -> [2007/11/30 20:27:38 | 00,000,380 | ---- | C] ()
wininit.ini -> C:\WINDOWS\wininit.ini -> [2007/10/13 07:04:33 | 00,000,634 | ---- | C] ()
unninja.ini -> C:\WINDOWS\unninja.ini -> [2007/09/11 15:17:23 | 00,001,411 | ---- | C] ()
solfire6.ini -> C:\WINDOWS\solfire6.ini -> [2007/03/22 19:24:57 | 00,005,755 | ---- | C] ()
px.ini -> C:\WINDOWS\System32\px.ini -> [2007/01/17 12:57:34 | 00,000,000 | ---- | C] ()
vbupdtx.ini -> C:\WINDOWS\vbupdtx.ini -> [2006/12/19 15:39:53 | 00,000,035 | ---- | C] ()
CddbPlaylist2Roxio.dll -> C:\WINDOWS\System32\CddbPlaylist2Roxio.dll -> [2006/12/13 23:01:36 | 00,520,192 | ---- | C] ()
CddbFileTaggerRoxio.dll -> C:\WINDOWS\System32\CddbFileTaggerRoxio.dll -> [2006/12/13 23:01:36 | 00,204,800 | ---- | C] ()
cdplayer.ini -> C:\WINDOWS\cdplayer.ini -> [2006/11/24 11:25:38 | 00,040,418 | ---- | C] ()
ShareBarData.dll -> C:\WINDOWS\ShareBarData.dll -> [2006/11/10 21:06:02 | 00,059,904 | ---- | C] ()
ETSF0002.dll -> C:\WINDOWS\System32\ETSF0002.dll -> [2006/05/11 14:26:34 | 01,164,800 | ---- | C] ()
swedll32.dll -> C:\WINDOWS\System32\swedll32.dll -> [2006/05/05 12:38:42 | 00,434,176 | ---- | C] ()
NeroDigital.ini -> C:\WINDOWS\NeroDigital.ini -> [2006/04/12 18:25:12 | 00,000,069 | ---- | C] ()
PROTOCOL.INI -> C:\WINDOWS\PROTOCOL.INI -> [2006/04/11 20:23:34 | 00,000,000 | ---- | C] ()
acsatlas.ini -> C:\WINDOWS\acsatlas.ini -> [2006/04/11 20:22:50 | 00,000,140 | ---- | C] ()
ETASCII.INI -> C:\WINDOWS\ETASCII.INI -> [2006/04/11 20:19:43 | 00,001,520 | ---- | C] ()
ETPLAN1.DLL -> C:\WINDOWS\System32\ETPLAN1.DLL -> [2006/04/11 20:19:41 | 00,089,600 | ---- | C] ()
ETAST32.dll -> C:\WINDOWS\System32\ETAST32.dll -> [2006/04/11 20:19:41 | 00,043,520 | ---- | C] ()
solfire5.ini -> C:\WINDOWS\solfire5.ini -> [2006/04/11 20:19:26 | 00,004,626 | ---- | C] ()
ODBC.INI -> C:\WINDOWS\ODBC.INI -> [2006/04/06 21:57:41 | 00,000,376 | ---- | C] ()
ddedll.dll -> C:\WINDOWS\ddedll.dll -> [2006/04/06 09:42:45 | 00,200,704 | ---- | C] ()
ib.ini -> C:\WINDOWS\ib.ini -> [2006/04/06 09:36:37 | 00,000,042 | ---- | C] ()
toFront.dll -> C:\WINDOWS\toFront.dll -> [2006/04/06 09:36:36 | 00,027,136 | ---- | C] ()
GetIe.dll -> C:\WINDOWS\GetIe.dll -> [2006/04/06 09:36:36 | 00,026,624 | ---- | C] ()
KADJISYS.INI -> C:\WINDOWS\KADJISYS.INI -> [2006/04/06 09:03:27 | 00,000,024 | ---- | C] ()
astros.ini -> C:\WINDOWS\astros.ini -> [2006/04/06 09:03:11 | 00,000,405 | ---- | C] ()
FTGT32.INI -> C:\WINDOWS\FTGT32.INI -> [2006/04/06 09:03:04 | 00,000,550 | ---- | C] ()
FTROBOT.INI -> C:\WINDOWS\FTROBOT.INI -> [2006/04/06 09:03:04 | 00,000,023 | ---- | C] ()
IQ_API.dll -> C:\WINDOWS\System32\IQ_API.dll -> [2006/04/06 09:00:11 | 00,040,960 | ---- | C] ()
CTA32.dll -> C:\WINDOWS\System32\CTA32.dll -> [2006/04/06 09:00:08 | 00,065,536 | ---- | C] ()
CompDLL.dll -> C:\WINDOWS\System32\CompDLL.dll -> [2006/04/06 09:00:08 | 00,045,056 | ---- | C] ()
SX32W.DLL -> C:\WINDOWS\System32\SX32W.DLL -> [2006/04/06 09:00:08 | 00,036,352 | ---- | C] ()
proxydll.dll -> C:\WINDOWS\System32\proxydll.dll -> [2006/04/06 09:00:08 | 00,028,672 | ---- | C] ()
IMPLODE.DLL -> C:\WINDOWS\System32\IMPLODE.DLL -> [2006/04/06 09:00:08 | 00,017,920 | ---- | C] ()
MMP.DLL -> C:\WINDOWS\System32\MMP.DLL -> [2006/04/06 08:57:30 | 00,180,224 | ---- | C] ()
MAPMEMP.SYS -> C:\WINDOWS\System32\drivers\MAPMEMP.SYS -> [2006/04/06 08:57:30 | 00,063,080 | ---- | C] ()
FASTPCL.DLL -> C:\WINDOWS\System32\FASTPCL.DLL -> [2006/04/06 08:57:30 | 00,014,082 | ---- | C] ()
SETNTREG.DLL -> C:\WINDOWS\System32\SETNTREG.DLL -> [2006/04/06 08:57:30 | 00,010,752 | ---- | C] ()
FASTPCNT.DLL -> C:\WINDOWS\System32\FASTPCNT.DLL -> [2006/04/06 08:57:30 | 00,008,192 | ---- | C] ()
CALL32.DLL -> C:\WINDOWS\System32\CALL32.DLL -> [2006/04/06 08:57:30 | 00,003,776 | ---- | C] ()
revew2k.dll -> C:\WINDOWS\System32\revew2k.dll -> [2006/04/05 21:24:58 | 00,028,674 | ---- | C] ()
st2itwa.dll -> C:\WINDOWS\System32\st2itwa.dll -> [2006/04/05 21:24:58 | 00,024,576 | ---- | C] ()
noeyreg.dll -> C:\WINDOWS\System32\noeyreg.dll -> [2006/04/05 21:24:58 | 00,023,554 | ---- | C] ()
nvwdmcpl.dll -> C:\WINDOWS\System32\nvwdmcpl.dll -> [2006/03/09 14:29:00 | 01,703,936 | ---- | C] ()
nview.dll -> C:\WINDOWS\System32\nview.dll -> [2006/03/09 14:29:00 | 01,486,848 | ---- | C] ()
nvwimg.dll -> C:\WINDOWS\System32\nvwimg.dll -> [2006/03/09 14:29:00 | 01,019,904 | ---- | C] ()
nvhwvid.dll -> C:\WINDOWS\System32\nvhwvid.dll -> [2006/03/09 14:29:00 | 00,573,440 | ---- | C] ()
nvshell.dll -> C:\WINDOWS\System32\nvshell.dll -> [2006/03/09 14:29:00 | 00,466,944 | ---- | C] ()
nvnt4cpl.dll -> C:\WINDOWS\System32\nvnt4cpl.dll -> [2006/03/09 14:29:00 | 00,286,720 | ---- | C] ()
fmtkit60.dll -> C:\WINDOWS\System32\fmtkit60.dll -> [2005/06/08 22:00:00 | 00,360,448 | ---- | C] ()
ETSF0001.dll -> C:\WINDOWS\System32\ETSF0001.dll -> [2005/01/21 16:50:18 | 00,486,400 | ---- | C] ()
METALIB.DLL -> C:\WINDOWS\System32\METALIB.DLL -> [2004/04/19 19:13:00 | 00,434,176 | ---- | C] ()
ETPlan2.dll -> C:\WINDOWS\System32\ETPlan2.dll -> [2003/03/11 13:36:00 | 00,073,216 | ---- | C] ()
MSRTEDIT.DLL -> C:\WINDOWS\System32\MSRTEDIT.DLL -> [1999/01/22 13:46:58 | 00,065,536 | ---- | C] ()
REGOBJ.DLL -> C:\WINDOWS\System32\REGOBJ.DLL -> [1998/01/12 03:00:00 | 00,040,448 | ---- | C] ()

[Alternate Data Streams]
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7E95B6FD
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
< End of report >
[/code]
 
Hi condor

Have you used "Ask toolbar"

MyWebSearch and MyWay are Internet Explorer toolbars (Add-ons) often bundled with "free software" offered by third party software vendors. You can read more about it in What is MyWebSearch?. The MyWebSearch Help Center provides additional information and frequently asked questions related to the toolbar.

MyWebSearch and MyWay were pre-installed on new Dell computers starting in November 2004 as reported in The Pharmer In The Dell. Dell had a link to "What is the Dell MyWebSearch Home Page?" but it has since been redirected to The "Dell My Way" Home Page. Dell now uses the "Dell Search Assistant " where they address many of the same concerns previously addressed in the redirected link. To remove the Search Assistant, please follow Dell's Search Assistant removal instructions.

Some anti-virus and anti-malware programs detect the toolbar as a malware threat (not-a-virus:AdTool.Win32.MyWebSearch) while others (Spybot, MBAM, Ad-aware...) may detect or try removing its files and registry entries. Although these types of scanning tools detect its files/registry entries, remnants may still be found from time to time during subsequent scans. If that's all you are dealing with, then I wouldn't be too concerned.

To remove MyWebSearch, please follow the instructions for How do I "uninstall" the My Web Search toolbar? or try using MS-MVP Kelly Theriot's MyWaySearchAssistant Uninstaller.

Thanks peku006
 
Hi peku006,

I was wondering if you know of any software tool that would help me trace back from the MyWay.MyWebSearch entry in the registry to the source of the infection? We know the registry address of the problem. Can we work backwards to find it?

The problem probably started as you said with the Ask.com toolbar and I have tried the suggestions you made, as well as uninstalling & deleting anything toolbar or browser related, but still can not get to the source.

Thanks again for all your help.

condor
 
Hi condor
Ok, we can remove "Ask.com" totally......

Under the Paste Fix Here box on the right, paste in the contents of following code box

Code: 
[Registry - Safe List]
< FireFox Settings [Prefs.js] > -> C:\Documents and Settings\Admin\Application Data\Mozilla\FireFox\Profiles\4f99sura.default\prefs.js
YN -> browser.search.defaultenginename -> "Ask.com"
YN -> browser.search.order.1 -> "Ask.com"
YN -> browser.search.selectedEngine -> "Ask.com"
< FireFox SearchPlugins [User Folders] > -> 
YY -> askcom.xml -> C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\4f99sura.default\searchplugins\askcom.xml
< Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-1844237615-1326574676-725345543-1004\] > -> HKEY_USERS\S-1-5-21-1844237615-1326574676-725345543-1004\Software\Microsoft\Internet Explorer\Toolbar\
YN -> WebBrowser\\"{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
YN -> WebBrowser\\"{A057A204-BACC-4D26-9990-79A187E2698E}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
YN -> WebBrowser\\"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • * This will create a log in C:\_OTS\MovedFiles\<date>_<time>.log where date and time are those of when the fix was run. Open it from there if it does not appear automatically on reboot. Please copy and paste or attach the contents of that file here.

Thanks peku006
 
You must log in or register to reply here.
Back
Top