[maulingpastry]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:44:01 PM, on 12/13/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\McAfee\Managed VirusScan\VScan\EngineServer.exe
C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\Program Files\SiteAdvisor\6173\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\AlienGUIse\wbload.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe
C:\Program Files\SiteAdvisor\6173\SiteAdv.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Ideazon\ZEngine\Zboard.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AlienGUIse\AlienwareDock\ObjectDock.exe
C:\PROGRA~1\McAfee\MANAGE~1\VScan\McShield.exe
C:\Program Files\McAfee\Managed VirusScan\Agent\myAgttry.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\TVersity\Media Server\MediaServer.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6173\SiteAdv.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\nnnmLfcD.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {77AB59B4-55A3-4737-9FD5-B93C6430BF78} - C:\WINDOWS\system32\gsixorfw.dll
O2 - BHO: (no name) - {a9d1d9ab-3748-4be1-9e16-b745289ba484} - C:\WINDOWS\system32\hufowebi.dll
O2 - BHO: (no name) - {E0F33E99-4171-47A6-88F8-F1A61885C538} - C:\WINDOWS\system32\rqRkJASJ.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6173\SiteAdv.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [IntelAudioStudio] "C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" TRAY
O4 - HKLM\..\Run: [MVS Splash] "C:\Program Files\McAfee\Managed VirusScan\Agent\Splash.exe"
O4 - HKLM\..\Run: [McAfee Managed Services Tray] "C:\Program Files\McAfee\Managed VirusScan\Agent\StartMyagtTry.exe"
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6173\SiteAdv.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Zboard] C:\Program Files\Ideazon\ZEngine\Zboard.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Windows Media Connect 2] "C:\Program Files\Windows Media Connect 2\WMCCFG.exe" /StartQuiet
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [peyuwuhoju] Rundll32.exe "C:\WINDOWS\system32\sizehawi.dll",s
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [gadcom] "C:\Documents and Settings\Greg\Application Data\gadcom\gadcom.exe" 61A847B5BBF72815308B2B27128065E9C084320161C4661227A755E9C2933154389A
O4 - HKUS\S-1-5-18\..\Run: [Microsoft Location Finder] "C:\Program Files\Microsoft Location Finder\LocationFinder.exe" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Microsoft Location Finder] "C:\Program Files\Microsoft Location Finder\LocationFinder.exe" (User 'Default user')
O4 - Startup: Alienware Dock.lnk = C:\Program Files\AlienGUIse\AlienwareDock\ObjectDock.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1006.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1176852686703
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O20 - AppInit_DLLs: WBSYS.DLL C:\PROGRA~1\GOOGLE\GOOGLE~2\GOEC62~1.DLL etmcuu.dll fqdprk.dll,C:\WINDOWS\system32\niwogepi.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: nnnmLfcD - C:\WINDOWS\SYSTEM32\nnnmLfcD.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: EngineServer - McAfee, Inc. - C:\Program Files\McAfee\Managed VirusScan\VScan\EngineServer.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.8.809.8522 (GoogleDesktopManager-090808-172447) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McShield - McAfee, Inc. - C:\PROGRA~1\McAfee\MANAGE~1\VScan\McShield.exe
O23 - Service: McAfee Virus and Spyware Protection Service (myAgtSvc) - McAfee, Inc. - C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6173\SAService.exe
O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 11023 bytes







Please help im really stuck

[Advertisements]

Hello maulingpastry

Welcome to G2Go.
=====================
Before running a new scan let's clean out the temporary folders.

Download ATF Cleaner to your Desktop.

• Double-click ATF-Cleaner.exe to run the program.
• Click Select All found at the bottom of the list.
• Click the Empty Selected button.

If you use Firefox browser, do this also:

• Click Firefox at the top and choose Select All from the list.
• Click the Empty Selected button.
• NOTE : If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser, do this also:

• Click Opera at the top and choose Select All from the list.
• Close ALL Internet browsers (very important).
• Click the Empty Selected button.
• NOTE : If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.
===========================================
Download OTScanIt2.exe to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt2 on your desktop.

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.

• Close ALL OTHER PROGRAMS.
• Open the OTScanIt2 folder and double-click on OTScanIt2.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
• Under Additional Scans click the checkboxes in front of the following items to select them:
  • 
    File - Lop check
    File - Purity Scan
    Under Basic scans:
    Rootkit Search -Yes
• Do not change any other settings.
• Now click the Run Scan button on the toolbar.
• Let it run unhindered until it finishes.
• When the scan is complete Notepad will open with the report file loaded in it.
• Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.

Use the Add Reply button and Attach the information back here. I will review it when it comes in.

[kahdah]

Hello maulingpastry

Welcome to G2Go.
=====================
Before running a new scan let's clean out the temporary folders.

Download ATF Cleaner to your Desktop.

• Double-click ATF-Cleaner.exe to run the program.
• Click Select All found at the bottom of the list.
• Click the Empty Selected button.

If you use Firefox browser, do this also:

• Click Firefox at the top and choose Select All from the list.
• Click the Empty Selected button.
• NOTE : If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser, do this also:

• Click Opera at the top and choose Select All from the list.
• Close ALL Internet browsers (very important).
• Click the Empty Selected button.
• NOTE : If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.
===========================================
Download OTScanIt2.exe to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt2 on your desktop.

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.

• Close ALL OTHER PROGRAMS.
• Open the OTScanIt2 folder and double-click on OTScanIt2.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
• Under Additional Scans click the checkboxes in front of the following items to select them:
  • 
    File - Lop check
    File - Purity Scan
    Under Basic scans:
    Rootkit Search -Yes
• Do not change any other settings.
• Now click the Run Scan button on the toolbar.
• Let it run unhindered until it finishes.
• When the scan is complete Notepad will open with the report file loaded in it.
• Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.

Use the Add Reply button and Attach the information back here. I will review it when it comes in.

[maulingpastry]

Here it is thanks so much btw

[code=auto:0]OTScanIt2 logfile created on: 12/14/2008 10:53:47 AM - Run 1
OTScanIt2 by OldTimer - Version 1.0.3.1 Folder = C:\Documents and Settings\Greg\Desktop\Greg\OTScanIt2
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.47 Gb Available Physical Memory | 73.82% Memory free
3.33 Gb Paging File | 2.89 Gb Available in Paging File | 86.77% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 68.30 Gb Total Space | 13.46 Gb Free Space | 19.70% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CABOOSE
Current User Name: Greg
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On
File Age = 30 Days

[Processes - Safe List]
aim6.exe -> %ProgramFiles%\AIM6\aim6.exe -> [2008/10/31 14:22:38 | 00,050,480 | ---- | M] (AOL LLC)
aolsoftware.exe -> %ProgramFiles%\AIM6\aolsoftware.exe -> [2007/10/08 16:50:56 | 00,041,824 | ---- | M] (AOL LLC)
engineserver.exe -> %ProgramFiles%\McAfee\Managed VirusScan\VScan\EngineServer.exe -> [2007/12/01 11:30:14 | 00,014,144 | ---- | M] (McAfee, Inc.)
intelaudiostudio.exe -> %ProgramFiles%\Intel Audio Studio\IntelAudioStudio.exe -> [2005/04/08 21:37:22 | 07,081,984 | ---- | M] (Intel Corporation)
jusched.exe -> %ProgramFiles%\Java\jre1.6.0_07\bin\jusched.exe -> [2008/06/10 03:27:04 | 00,144,784 | ---- | M] (Sun Microsystems, Inc.)
mcshield.exe -> %ProgramFiles%\McAfee\Managed VirusScan\VScan\McShield.exe -> [2007/12/01 11:31:34 | 00,144,704 | ---- | M] (McAfee, Inc.)
mdnsresponder.exe -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> [2007/07/24 14:17:08 | 00,229,376 | ---- | M] (Apple Inc.)
myagtsvc.exe -> %ProgramFiles%\McAfee\Managed VirusScan\Agent\myAgtSvc.exe -> [2008/01/22 22:09:38 | 00,169,280 | ---- | M] (McAfee, Inc.)
myagttry.exe -> %ProgramFiles%\McAfee\Managed VirusScan\Agent\myAgtTry.exe -> [2008/01/22 22:09:30 | 00,247,104 | ---- | M] (McAfee, Inc.)
nvsvc32.exe -> %SystemRoot%\system32\nvsvc32.exe -> [2008/10/07 13:33:00 | 00,163,908 | ---- | M] (NVIDIA Corporation)
objectdock.exe -> %ProgramFiles%\AlienGUIse\AlienwareDock\ObjectDock.exe -> [2006/10/03 17:12:08 | 02,074,360 | ---- | M] (Stardock)
otscanit2.exe -> %UserProfile%\Desktop\Greg\OTScanIt2\OTScanIt2.exe -> [2008/12/12 09:24:20 | 00,477,184 | ---- | M] (OldTimer Tools)
rundll32.exe -> %SystemRoot%\system32\rundll32.exe -> [2008/04/13 19:12:33 | 00,033,280 | ---- | M] (Microsoft Corporation)
rundll32.exe -> %SystemRoot%\system32\rundll32.exe -> [2008/04/13 19:12:33 | 00,033,280 | ---- | M] (Microsoft Corporation)
saservice.exe -> %ProgramFiles%\SiteAdvisor\6173\SAService.exe -> [2008/02/09 10:07:32 | 00,341,280 | ---- | M] ()
siteadv.exe -> %ProgramFiles%\SiteAdvisor\6173\SiteAdv.exe -> [2007/02/03 13:25:38 | 00,036,904 | ---- | M] (McAfee, Inc.)
tcpsvcs.exe -> %SystemRoot%\system32\tcpsvcs.exe -> [2006/02/28 07:00:00 | 00,019,456 | ---- | M] (Microsoft Corporation)
ulcdrsvr.exe -> %CommonProgramFiles%\Ulead Systems\DVD\ulcdrsvr.exe -> [2004/03/12 15:04:16 | 00,049,152 | ---- | M] (Ulead Systems, Inc.)
viewpointservice.exe -> %ProgramFiles%\Viewpoint\Common\ViewpointService.exe -> [2007/01/04 16:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation)
wbload.exe -> %ProgramFiles%\AlienGUIse\wbload.exe -> [2005/05/12 11:02:24 | 00,437,760 | ---- | M] (Stardock Systems, Inc)
zboard.exe -> %ProgramFiles%\Ideazon\ZEngine\Zboard.exe -> [2007/09/24 15:57:28 | 00,057,344 | ---- | M] (Ideazon, Inc.)

[Win32 Services - Safe List]
(6to4) IPv6 Helper Service [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\6to4svc.dll -> [2008/04/13 19:11:48 | 00,100,352 | ---- | M] (Microsoft Corporation)
(aawservice) Lavasoft Ad-Aware Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Lavasoft\Ad-Aware\aawservice.exe -> [2008/06/15 18:41:38 | 00,611,664 | ---- | M] (Lavasoft)
(aspnet_state) ASP.NET State Service [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -> [2007/10/24 00:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation)
(awhost32) pcAnywhere Host Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Symantec\pcAnywhere\awhost32.exe -> [2002/02/15 10:51:00 | 00,114,749 | ---- | M] (Symantec Corporation)
(Bonjour Service) Bonjour Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> [2007/07/24 14:17:08 | 00,229,376 | ---- | M] (Apple Inc.)
(clr_optimization_v2.0.50727_32) .NET Runtime Optimization Service v2.0.50727_X86 [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -> [2007/10/24 00:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation)
(EngineServer) EngineServer [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee\Managed VirusScan\VScan\EngineServer.exe -> [2007/12/01 11:30:14 | 00,014,144 | ---- | M] (McAfee, Inc.)
(FLEXnet Licensing Service) FLEXnet Licensing Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -> [2008/02/05 16:12:04 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.)
(FontCache3.0.0.0) Windows Presentation Foundation Font Cache 3.0.0.0 [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -> [2006/10/20 20:21:24 | 00,036,864 | ---- | M] (Microsoft Corporation)
(GoogleDesktopManager-090808-172447) Google Desktop Manager 5.8.809.8522 [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Google\Google Desktop Search\GoogleDesktop.exe -> [2008/09/27 09:08:09 | 00,030,192 | ---- | M] (Google)
(helpsvc) Help and Support [Win32_Shared | Auto | Running] -> %SystemRoot%\pchealth\helpctr\binaries\pchsvc.dll -> [2008/04/13 19:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation)
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\1050\Intel 32\IDriverT.exe -> [2004/10/22 05:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation)
(idsvc) Windows CardSpace [Win32_Shared | Unknown | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -> [2006/10/30 02:33:58 | 00,741,376 | ---- | M] (Microsoft Corporation)
(iPod Service) iPod Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\iPod\bin\iPodService.exe -> [2008/07/30 09:47:48 | 00,532,264 | ---- | M] (Apple Inc.)
(Iprip) RIP Listener [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\iprip.dll -> [2008/04/13 19:11:55 | 00,035,328 | ---- | M] (Microsoft Corporation)
(Irmon) Infrared Monitor [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\irmon.dll -> [2008/04/13 19:11:55 | 00,028,160 | ---- | M] (Microsoft Corporation)
(McShield) McShield [Win32_Own | On_Demand | Running] -> %ProgramFiles%\McAfee\Managed VirusScan\VScan\McShield.exe -> [2007/12/01 11:31:34 | 00,144,704 | ---- | M] (McAfee, Inc.)
(myAgtSvc) McAfee Virus and Spyware Protection Service [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee\Managed VirusScan\Agent\myAgtSvc.exe -> [2008/01/22 22:09:38 | 00,169,280 | ---- | M] (McAfee, Inc.)
(NetTcpPortSharing) Net.Tcp Port Sharing Service [Win32_Shared | Disabled | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -> [2006/10/30 02:34:02 | 00,122,880 | ---- | M] (Microsoft Corporation)
(NVSvc) NVIDIA Display Driver Service [Win32_Own | Auto | Running] -> %SystemRoot%\system32\nvsvc32.exe -> [2008/10/07 13:33:00 | 00,163,908 | ---- | M] (NVIDIA Corporation)
(p2pgasvc) Peer Networking Group Authentication [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\p2pgasvc.dll -> [2008/04/13 19:12:02 | 00,105,472 | ---- | M] (Microsoft Corporation)
(p2pimsvc) Peer Networking Identity Manager [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\p2psvc.dll -> [2008/04/13 19:12:02 | 00,554,496 | ---- | M] (Microsoft Corporation)
(p2psvc) Peer Networking [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\p2psvc.dll -> [2008/04/13 19:12:02 | 00,554,496 | ---- | M] (Microsoft Corporation)
(PnkBstrA) PnkBstrA [Win32_Own | Disabled | Stopped] -> %SystemRoot%\system32\PnkBstrA.exe -> [2008/02/16 13:22:42 | 00,066,872 | ---- | M] ()
(PNRPSvc) Peer Name Resolution Protocol [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\p2psvc.dll -> [2008/04/13 19:12:02 | 00,554,496 | ---- | M] (Microsoft Corporation)
(SimpTcp) Simple TCP/IP Services [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\tcpsvcs.exe -> [2006/02/28 07:00:00 | 00,019,456 | ---- | M] (Microsoft Corporation)
(SiteAdvisor Service) SiteAdvisor Service [Win32_Own | Auto | Running] -> %ProgramFiles%\SiteAdvisor\6173\SAService.exe -> [2008/02/09 10:07:32 | 00,341,280 | ---- | M] ()
(TVersityMediaServer) TVersityMediaServer [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\TVersity\Media Server\MediaServer.exe -> [2008/11/27 16:00:46 | 00,827,392 | ---- | M] ()
(UleadBurningHelper) Ulead Burning Helper [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Ulead Systems\DVD\ulcdrsvr.exe -> [2004/03/12 15:04:16 | 00,049,152 | ---- | M] (Ulead Systems, Inc.)
(usnjsvc) Messenger Sharing Folders USN Journal Reader service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\MSN Messenger\usnsvc.exe -> [2007/01/19 11:54:14 | 00,097,136 | ---- | M] (Microsoft Corporation)
(Viewpoint Manager Service) Viewpoint Manager Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Viewpoint\Common\ViewpointService.exe -> [2007/01/04 16:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation)
(WMPNetworkSvc) Windows Media Player Network Sharing Service [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\Windows Media Player\wmpnetwk.exe -> [2006/10/18 22:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation)
(WudfSvc) Windows Driver Foundation - User-mode Driver Framework [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\WudfSvc.dll -> [2006/09/28 20:56:14 | 00,055,808 | ---- | M] (Microsoft Corporation)

[Driver Services - Safe List]
(AliIde) AliIde [Kernel | Boot | Stopped] -> %SystemRoot%\system32\drivers\aliide.sys -> [2001/08/17 15:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.)
(Alpham) Ideazon Merc Composite Keyboard Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\Alpham.sys -> [2005/12/04 15:55:40 | 00,034,944 | ---- | M] (Ideazon Corporation)
(Alpham1) Ideazon Merc USB Human Interface Device [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\Alpham1.sys -> [2007/07/23 09:56:58 | 00,042,624 | ---- | M] (Ideazon Corporation)
(Alpham2) Ideazon Merc MM USB Human Interface Device [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\Alpham2.sys -> [2007/03/20 11:49:52 | 00,018,432 | ---- | M] (Ideazon Corporation)
(amdagp) AMD AGP Bus Filter Driver [Kernel | Boot | Stopped] -> %SystemRoot%\system32\drivers\amdagp.sys -> [2008/04/13 13:36:39 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.)
(asc) asc [Kernel | Boot | Stopped] -> %SystemRoot%\system32\drivers\asc.sys -> [2001/08/17 15:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.)
(asc3550) asc3550 [Kernel | Boot | Stopped] -> %SystemRoot%\system32\drivers\asc3550.sys -> [2001/08/17 15:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.)
(awlegacy) awlegacy [Kernel | System | Running] -> %SystemRoot%\system32\drivers\AWLEGACY.sys -> [2000/09/11 10:51:00 | 00,010,816 | ---- | M] (Symantec Corporation)
(AW_HOST) AW_HOST [Kernel | System | Running] -> %SystemRoot%\system32\drivers\AW_HOST5.sys -> [2002/02/11 10:51:00 | 00,033,496 | ---- | M] (Symantec Corporation)
(CmdIde) CmdIde [Kernel | Boot | Stopped] -> %SystemRoot%\system32\drivers\cmdide.sys -> [2001/08/17 15:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.)
(dac2w2k) dac2w2k [Kernel | Boot | Stopped] -> %SystemRoot%\system32\drivers\dac2w2k.sys -> [2001/08/17 15:52:16 | 00,179,584 | ---- | M] (Mylex Corporation)
(e1express) Intel(R) PRO/1000 PCI Express Network Connection Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\e1e5132.sys -> [2005/04/01 07:04:52 | 00,180,736 | ---- | M] (Intel Corporation)
(ENTECH) ENTECH [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\Entech.sys -> [2007/10/11 11:55:40 | 00,027,672 | R--- | M] (EnTech Taiwan)
(GEARAspiWDM) GEARAspiWDM [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\GEARAspiWDM.sys -> [2008/01/29 11:01:28 | 00,016,168 | ---- | M] (GEAR Software Inc.)
(Gernuwa) Gernuwa [Kernel | Boot | Running] -> %SystemRoot%\System32\drivers\GERNUWA.sys -> [2001/10/09 10:51:00 | 00,014,944 | ---- | M] (Symantec Corporation)
(HDAudBus) Microsoft UAA Bus Driver for High Definition Audio [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\hdaudbus.sys -> [2008/04/13 11:36:05 | 00,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider)
(HWiNFO32) HWiNFO32 Kernel Driver [Kernel | Auto | Running] -> %SystemDrive%\Essential Files\hwinfo\HWiNFO32.SYS -> [2008/03/10 11:09:36 | 00,008,192 | ---- | M] (REALiX(tm))
(ialm) ialm [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ialmnt5.sys -> [2005/04/05 16:46:28 | 00,830,684 | ---- | M] (Intel Corporation)
(IAMTXP) Driver for Intel(R) Active Management Technology - KCS [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\IAMTXP.sys -> [2005/03/09 21:43:34 | 00,038,528 | ---- | M] (Intel Corporation)
(kbdhid) Keyboard HID Driver [Kernel | System | Running] -> %SystemRoot%\system32\drivers\kbdhid.sys -> [2008/04/13 13:39:48 | 00,014,592 | ---- | M] (Microsoft Corporation)
(LVUSBSta) Logitech USB Monitor Filter [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\LVUSBSta.sys -> [2007/05/09 21:51:34 | 00,041,888 | ---- | M] (Logitech Inc.)
(MfeAVFK) McAfee Inc. MfeAVFK [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\MfeAVFK.sys -> [2007/12/01 11:32:00 | 00,079,304 | ---- | M] (McAfee, Inc.)
(MfeBOPK) McAfee Inc. MfeBOPK [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\MfeBOPK.sys -> [2007/12/01 11:32:06 | 00,035,240 | ---- | M] (McAfee, Inc.)
(mfehidk) McAfee Inc. mfehidk [Kernel | System | Running] -> %SystemRoot%\system32\drivers\mfehidk.sys -> [2007/12/01 11:32:26 | 00,201,320 | ---- | M] (McAfee, Inc.)
(MfeRKDK) McAfee Inc. MfeRKDK [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\MfeRKDK.sys -> [2007/12/01 11:32:54 | 00,033,832 | ---- | M] (McAfee, Inc.)
(mfetdik) McAfee Inc. mfetdik [Kernel | System | Running] -> %SystemRoot%\system32\drivers\mfetdik.sys -> [2007/12/01 11:33:14 | 00,055,016 | ---- | M] (McAfee, Inc.)
(mraid35x) mraid35x [Kernel | Boot | Stopped] -> %SystemRoot%\system32\drivers\mraid35x.sys -> [2001/08/17 15:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.)
(nv) nv [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\nv4_mini.sys -> [2008/10/07 13:33:00 | 06,133,856 | ---- | M] (NVIDIA Corporation)
(pcouffin) VSO Software pcouffin [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\pcouffin.sys -> [2008/06/24 09:17:26 | 00,047,360 | ---- | M] (VSO Software)
(PID_PEPI) Logitech QuickCam IM(PID_PEPI) [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\LV302V32.SYS -> [2007/05/09 21:47:00 | 01,276,832 | ---- | M] (Logitech Inc.)
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ptilink.sys -> [2006/02/28 07:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.)
(ql1080) ql1080 [Kernel | Boot | Stopped] -> %SystemRoot%\system32\drivers\ql1080.sys -> [2001/08/17 15:52:20 | 00,040,320 | ---- | M] (QLogic Corporation)
(ql12160) ql12160 [Kernel | Boot | Stopped] -> %SystemRoot%\system32\drivers\ql12160.sys -> [2001/08/17 15:52:20 | 00,045,312 | ---- | M] (QLogic Corporation)
(ql1280) ql1280 [Kernel | Boot | Stopped] -> %SystemRoot%\system32\drivers\ql1280.sys -> [2001/08/17 15:52:18 | 00,049,024 | ---- | M] (QLogic Corporation)
(RTL8023xp) Realtek RTL8139/810x/8169/8110 all in one NDIS XP Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\Rtlnicxp.sys -> [2004/07/16 04:19:52 | 00,070,400 | ---- | M] (Realtek Semiconductor Corporation )
(SASDIFSV) SASDIFSV [Kernel | System | Running] -> %ProgramFiles%\SUPERAntiSpyware\sasdifsv.sys -> [2008/11/17 15:11:06 | 00,008,944 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
(SASENUM) SASENUM [Kernel | On_Demand | Stopped] -> %ProgramFiles%\SUPERAntiSpyware\SASENUM.SYS -> [2008/11/17 15:11:08 | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
(SASKUTIL) SASKUTIL [Kernel | System | Running] -> %ProgramFiles%\SUPERAntiSpyware\SASKUTIL.SYS -> [2008/11/17 15:11:04 | 00,055,024 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
(Secdrv) Secdrv [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\secdrv.sys -> [2007/11/13 05:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
(sfng32) Sonic Focus Plugin for Sigmatel HDA [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\sfng32.sys -> [2005/04/04 07:01:34 | 00,035,712 | ---- | M] (Sonic Focus, Inc)
(sisagp) SIS AGP Bus Filter [Kernel | Boot | Stopped] -> %SystemRoot%\system32\drivers\sisagp.sys -> [2008/04/13 13:36:39 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation)
(SMCIRDA) SMC IrCC Miniport Device Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\smcirda.sys -> [2001/08/17 07:10:28 | 00,035,913 | ---- | M] (SMC)
(SONYPVU1) Sony USB Filter Driver (SONYPVU1) [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\SONYPVU1.SYS -> [2001/08/17 13:56:16 | 00,007,552 | ---- | M] (Sony Corporation)
(Sparrow) Sparrow [Kernel | Boot | Stopped] -> %SystemRoot%\system32\drivers\sparrow.sys -> [2001/08/17 16:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.)
(STHDA) High Definition Audio Driver (WDM) - SigmaTel CODEC [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\sthda.sys -> [2005/04/27 09:45:08 | 00,300,672 | ---- | M] (SigmaTel, Inc.)
(symc810) symc810 [Kernel | Boot | Stopped] -> %SystemRoot%\system32\drivers\symc810.sys -> [2001/08/17 16:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.)
(symc8xx) symc8xx [Kernel | Boot | Stopped] -> %SystemRoot%\system32\drivers\symc8xx.sys -> [2001/08/17 16:07:36 | 00,032,640 | ---- | M] (LSI Logic)
(SymEvent) SymEvent [Kernel | On_Demand | Stopped] -> %ProgramFiles%\Symantec\SYMEVENT.SYS -> [2001/09/18 20:25:48 | 00,057,968 | ---- | M] (Symantec Corporation)
(sym_hi) sym_hi [Kernel | Boot | Stopped] -> %SystemRoot%\system32\drivers\sym_hi.sys -> [2001/08/17 16:07:40 | 00,028,384 | ---- | M] (LSI Logic)
(sym_u3) sym_u3 [Kernel | Boot | Stopped] -> %SystemRoot%\system32\drivers\sym_u3.sys -> [2001/08/17 16:07:42 | 00,030,688 | ---- | M] (LSI Logic)
(Tcpip6) Microsoft IPv6 Protocol Driver [Kernel | System | Running] -> %SystemRoot%\system32\drivers\tcpip6.sys -> [2008/06/20 06:08:27 | 00,225,856 | ---- | M] (Microsoft Corporation)
(tunmp) Microsoft Tun Miniport Adapter Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\tunmp.sys -> [2008/04/13 13:56:01 | 00,012,288 | ---- | M] (Microsoft Corporation)
(ultra) ultra [Kernel | Boot | Stopped] -> %SystemRoot%\system32\drivers\ultra.sys -> [2001/08/17 15:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.)
(usbaudio) USB Audio Driver (WDM) [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\usbaudio.sys -> [2008/04/13 13:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation)
(WmiAcpi) Microsoft Windows Management Interface for ACPI [Kernel | System | Stopped] -> %SystemRoot%\system32\drivers\wmiacpi.sys -> [2008/04/13 13:36:38 | 00,008,832 | ---- | M] (Microsoft Corporation)
(MBAMSwissArmy) MBAMSwissArmy [Kernel | On_Demand | Running] -> -> File not found

[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKEY_LOCAL_MACHINE\: Main\\"Default_Search_URL" -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\"Default_Secondary_Page_URL" -> ->
HKEY_LOCAL_MACHINE\: Main\\"Extensions Off Page" -> about:NoAdd-ons ->
HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> %SystemRoot%\system32\blank.htm ->
HKEY_LOCAL_MACHINE\: Main\\"Search Page" -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\"Security Risk Page" -> about:SecurityRisk ->
HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> ->
HKEY_CURRENT_USER\: Main\\"Local Page" -> C:\WINDOWS\system32\blank.htm ->
HKEY_CURRENT_USER\: Main\\"Page_Transitions" -> ->
HKEY_CURRENT_USER\: Main\\"Search Page" -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_CURRENT_USER\: Main\\"Start Page" -> http://www.google.com/ ->
HKEY_CURRENT_USER\: "ProxyEnable" -> 0 ->
HKEY_CURRENT_USER\: "ProxyOverride" -> *.local ->
< FireFox Settings [Default Profile] > -> C:\Documents and Settings\Greg\Application Data\Mozilla\FireFox\Profiles\nzi312re.default\prefs.js ->
browser.startup.homepage -> "Google.com" ->
browser.startup.homepage_override.mstone -> "rv:1.9.0.4" ->
< HOSTS File > (289917 bytes and 10030 lines) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
First 25 entries...
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 www.1001namen.com
127.0.0.1 1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123haustiereundmehr.com
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{089FD14D-132B-48FC-8861-0048AE113215} [HKLM] -> %ProgramFiles%\SiteAdvisor\6173\SiteAdv.dll [Reg Error: Value does not exist or could not be read.] -> [2007/08/28 15:06:54 | 00,910,624 | ---- | M] ()
{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> [2008/09/15 14:25:44 | 01,562,960 | RHS- | M] (Safer Networking Limited)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_07\bin\ssv.dll [SSVHelper Class] -> [2008/06/10 03:27:02 | 00,509,328 | ---- | M] (Sun Microsystems, Inc.)
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
"{0BF43445-2F28-4351-9252-17FE6E806AA0}" [HKLM] -> %ProgramFiles%\SiteAdvisor\6173\SiteAdv.dll [McAfee SiteAdvisor] -> [2007/08/28 15:06:54 | 00,910,624 | ---- | M] ()
"{724d43a0-0d85-11d4-9908-00400523e39a}" [HKLM] -> %ProgramFiles%\Siber Systems\AI RoboForm\roboform.dll [&RoboForm] -> [2008/09/28 08:47:08 | 05,759,816 | ---- | M] (Siber Systems Inc.)
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
WebBrowser\\"{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}" [HKLM] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
WebBrowser\\"{724D43A0-0D85-11D4-9908-00400523E39A}" [HKLM] -> %ProgramFiles%\Siber Systems\AI RoboForm\roboform.dll [&RoboForm] -> [2008/09/28 08:47:08 | 05,759,816 | ---- | M] (Siber Systems Inc.)
WebBrowser\\"{DB87BFA2-A2E3-451E-8E5A-C89982D87CBF}" [HKLM] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"Adobe Reader Speed Launcher" -> %ProgramFiles%\Adobe\Reader 8.0\Reader\reader_sl.exe ["C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"] -> [2008/01/11 21:16:38 | 00,039,792 | ---- | M] (Adobe Systems Incorporated)
"IgfxTray" -> %SystemRoot%\system32\igfxtray.exe [C:\WINDOWS\system32\igfxtray.exe] -> [2005/04/05 16:22:32 | 00,094,208 | ---- | M] (Intel Corporation)
"IntelAudioStudio" -> %ProgramFiles%\Intel Audio Studio\IntelAudioStudio.exe ["C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" TRAY] -> [2005/04/08 21:37:22 | 07,081,984 | ---- | M] (Intel Corporation)
"McAfee Managed Services Tray" -> %ProgramFiles%\McAfee\Managed VirusScan\Agent\StartMyAgtTry.exe ["C:\Program Files\McAfee\Managed VirusScan\Agent\StartMyagtTry.exe"] -> [2008/01/22 22:09:14 | 00,087,360 | ---- | M] (McAfee, Inc.)
"MVS Splash" -> %ProgramFiles%\McAfee\Managed VirusScan\Agent\Splash.exe ["C:\Program Files\McAfee\Managed VirusScan\Agent\Splash.exe"] -> [2008/01/22 22:09:32 | 00,468,288 | ---- | M] (McAfee, Inc.)
"NvCplDaemon" -> %SystemRoot%\system32\nvcpl.dll [RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup] -> [2008/10/07 13:33:00 | 13,574,144 | ---- | M] (NVIDIA Corporation)
"NvMediaCenter" -> %SystemRoot%\system32\nvmctray.dll [RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit] -> [2008/10/07 13:33:00 | 00,086,016 | ---- | M] (NVIDIA Corporation)
"nwiz" -> %SystemRoot%\system32\nwiz.exe [nwiz.exe /install] -> [2008/10/07 13:33:00 | 01,630,208 | ---- | M] ()
"Persistence" -> %SystemRoot%\system32\igfxpers.exe [C:\WINDOWS\system32\igfxpers.exe] -> [2005/04/05 16:23:14 | 00,114,688 | ---- | M] (Intel Corporation)
"QuickTime Task" -> %ProgramFiles%\QuickTime\QTTask.exe ["C:\Program Files\QuickTime\QTTask.exe" -atboottime] -> [2008/05/27 09:50:30 | 00,413,696 | ---- | M] (Apple Inc.)
"Recguard" -> %SystemRoot%\SMINST\Recguard.exe [C:\WINDOWS\SMINST\RECGUARD.EXE] -> [2002/09/13 17:42:26 | 00,212,992 | ---- | M] ()
"SiteAdvisor" -> %ProgramFiles%\SiteAdvisor\6173\SiteAdv.exe [C:\Program Files\SiteAdvisor\6173\SiteAdv.exe] -> [2007/02/03 13:25:38 | 00,036,904 | ---- | M] (McAfee, Inc.)
"SunJavaUpdateSched" -> %ProgramFiles%\Java\jre1.6.0_07\bin\jusched.exe ["C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"] -> [2008/06/10 03:27:04 | 00,144,784 | ---- | M] (Sun Microsystems, Inc.)
"Windows Media Connect 2" -> ["C:\Program Files\Windows Media Connect 2\WMCCFG.exe" /StartQuiet] -> File not found
"Zboard" -> %ProgramFiles%\Ideazon\ZEngine\Zboard.exe [C:\Program Files\Ideazon\ZEngine\Zboard.exe] -> [2007/09/24 15:57:28 | 00,057,344 | ---- | M] (Ideazon, Inc.)
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"Aim6" -> [] -> File not found
"gadcom" -> %AppData%\gadcom\gadcom.exe ["C:\Documents and Settings\Greg\Application Data\gadcom\gadcom.exe" 61A847B5BBF72815308B2B27128065E9C084320161C4661227A755E9C2933154389A] -> File not found
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
%AllUsersProfile%\Start Menu\Programs\Startup\Microsoft Office.lnk -> %ProgramFiles%\Microsoft Office\Office10\OSA.EXE -> [2001/02/13 01:01:04 | 00,083,360 | ---- | M] (Microsoft Corporation)
< Greg Startup Folder > -> C:\Documents and Settings\Greg\Start Menu\Programs\Startup ->
%UserProfile%\Start Menu\Programs\Startup\Alienware Dock.lnk -> %ProgramFiles%\AlienGUIse\AlienwareDock\ObjectDock.exe -> [2006/10/03 17:12:08 | 02,074,360 | ---- | M] (Stardock)
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
\\"dontdisplaylastusername" -> [0] -> File not found
\\"legalnoticecaption" -> [] -> File not found
\\"legalnoticetext" -> [] -> File not found
\\"shutdownwithoutlogon" -> [1] -> File not found
\\"undockwithoutlogon" -> [1] -> File not found
< CurrentVersion Policy Settings - Explorer [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [145] -> File not found
< CurrentVersion Policy Settings - System [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->
Customize Menu -> %ProgramFiles%\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html [file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html] -> [2008/09/28 08:47:31 | 00,000,212 | ---- | M] ()
Fill Forms -> %ProgramFiles%\Siber Systems\AI RoboForm\RoboFormComFillForms.html [file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html] -> [2008/09/28 08:47:31 | 00,000,206 | ---- | M] ()
RoboForm Toolbar -> %ProgramFiles%\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html [file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html] -> [2008/09/28 08:47:31 | 00,000,208 | ---- | M] ()
Save Forms -> %ProgramFiles%\Siber Systems\AI RoboForm\RoboFormComSavePass.html [file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html] -> [2008/09/28 08:47:31 | 00,000,205 | ---- | M] ()
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [Menu: Sun Java Console] -> [2008/06/10 03:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
{320AF880-6646-11D3-ABEE-C5DBF3571F46}:file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html [HKLM] -> %ProgramFiles%\Siber Systems\AI RoboForm\RoboFormComFillForms.html [Button: Fill Forms] -> [2008/09/28 08:47:31 | 00,000,206 | ---- | M] ()
{320AF880-6646-11D3-ABEE-C5DBF3571F46}:file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html [HKLM] -> %ProgramFiles%\Siber Systems\AI RoboForm\RoboFormComFillForms.html [Menu: Fill Forms] -> [2008/09/28 08:47:31 | 00,000,206 | ---- | M] ()
{320AF880-6646-11D3-ABEE-C5DBF3571F49}:file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html [HKLM] -> %ProgramFiles%\Siber Systems\AI RoboForm\RoboFormComSavePass.html [Button: Save] -> [2008/09/28 08:47:31 | 00,000,205 | ---- | M] ()
{320AF880-6646-11D3-ABEE-C5DBF3571F49}:file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html [HKLM] -> %ProgramFiles%\Siber Systems\AI RoboForm\RoboFormComSavePass.html [Menu: Save Forms] -> [2008/09/28 08:47:31 | 00,000,205 | ---- | M] ()
{724d43aa-0d85-11d4-9908-00400523e39a}:file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html [HKLM] -> %ProgramFiles%\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html [Button: RoboForm] -> [2008/09/28 08:47:31 | 00,000,208 | ---- | M] ()
{724d43aa-0d85-11d4-9908-00400523e39a}:file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html [HKLM] -> %ProgramFiles%\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html [Menu: RoboForm Toolbar] -> [2008/09/28 08:47:31 | 00,000,208 | ---- | M] ()
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Menu: Spybot - Search & Destroy Configuration] -> [2008/09/15 14:25:44 | 01,562,960 | RHS- | M] (Safer Networking Limited)
{e2e2dd38-d088-4134-82b7-f2ba38496583}:Exec [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [Menu: @xpsp3res.dll,-20001] -> [2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Button: Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | -HS- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Menu: Windows Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | -HS- | M] (Microsoft Corporation)
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | -HS- | M] (Microsoft Corporation)
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
PluginsPageFriendlyName -> Microsoft ActiveX Gallery ->
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s ->
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 5220 domain(s) found. ->
49 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. ->
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 5220 domain(s) found. ->
49 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. ->
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{33564D57-0000-0010-8000-00AA00389B71} [HKLM] -> http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB[Reg Error: Key does not exist or could not be opened.] ->
{48DD0448-9209-4F81-9F6D-D83562940134} [HKLM] -> http://lads.myspace.com/upload/MySpaceUploader1006.cab[MySpace Uploader Control] ->
{6414512B-B978-451D-A0D8-FCFDF33E833C} [HKLM] -> http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1176852686703[WUWebControl Class] ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab[Java Plug-in 1.6.0_07] ->
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab[Java Plug-in 1.6.0_01] ->
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab[Java Plug-in 1.6.0_03] ->
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab[Java Plug-in 1.6.0_05] ->
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab[Java Plug-in 1.6.0_07] ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab[Java Plug-in 1.6.0_07] ->
{D27CDB6E-AE6D-11CF-96B8-444553540000} [HKLM] -> http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab[Shockwave Flash Object] ->
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{07A3C739-8572-4B5C-8CA6-1E2C6201944B} -> (1394 Net Adapter) ->
{757B2333-5F9B-45FC-8B74-405EFB8E7AAC} -> () ->
{D5B26ED4-1C21-476C-B464-FDFCE96CD212} -> (Intel(R) PRO/1000 PM Network Connection) ->
< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs ->
*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls ->
WBSYS.DLL -> %SystemRoot%\system32\wbsys.dll -> [2003/02/26 22:27:44 | 00,036,864 | ---- | M] (Stardock.Net, Inc)
C:\PROGRA~1\GOOGLE\GOOGLE~2\GOEC62~1.DLL -> %ProgramFiles%\Google\Google Desktop Search\GoogleDesktopNetwork3.dll -> [2008/09/27 09:08:15 | 00,119,296 | ---- | M] (Google)
etmcuu.dll -> -> File not found
fqdprk.dll -> -> File not found
*MultiFile Done* -> ->
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
!SASWinLogon -> %ProgramFiles%\SUPERAntiSpyware\SASWINLO.dll -> [2008/07/23 15:28:18 | 00,352,256 | ---- | M] (SUPERAntiSpyware.com)
igfxcui -> %SystemRoot%\system32\igfxdev.dll -> [2005/04/05 16:18:22 | 00,131,072 | ---- | M] (Intel Corporation)
PCANotify -> %SystemRoot%\system32\PCANotify.dll -> [2002/02/15 10:51:00 | 00,024,638 | ---- | M] (Symantec Corporation)
WB -> %ProgramFiles%\AlienGUIse\fastload.dll -> [2001/12/20 23:34:52 | 00,024,576 | ---- | M] (Stardock)
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks ->
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}" [HKLM] -> %ProgramFiles%\SUPERAntiSpyware\SASSEH.DLL [] -> [2008/05/13 09:13:36 | 00,077,824 | ---- | M] (SuperAdBlocker.com)
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
*SecurityProviders* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
digeste.dll -> -> File not found
*MultiFile Done* -> ->
< LSA Authentication Packages [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages ->
*LSA Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages ->
C:\WINDOWS\system32\rqRkJASJ -> -> File not found
*MultiFile Done* -> ->
< Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List ->
"%windir%\Network Diagnostic\xpnetdiag.exe" -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> [2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> [2008/04/13 19:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation)
"C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe" -> C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe [C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe:*:Enabled:Managed Services Agent] -> [2008/01/22 22:09:38 | 00,169,280 | ---- | M] (McAfee, Inc.)
"C:\Program Files\MSN Messenger\livecall.exe" -> C:\Program Files\MSN Messenger\livecall.exe [C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)] -> [2007/01/04 15:10:02 | 00,297,752 | ---- | M] (Microsoft Corporation)
"C:\Program Files\MSN Messenger\msnmsgr.exe" -> C:\Program Files\MSN Messenger\msnmsgr.exe [C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1] -> [2007/01/19 11:54:56 | 05,674,352 | ---- | M] (Microsoft Corporation)
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List ->
"%windir%\Network Diagnostic\xpnetdiag.exe" -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> [2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> [2008/04/13 19:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation)
"C:\Program Files\AIM6\aim6.exe" -> C:\Program Files\AIM6\aim6.exe [C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM] -> [2008/10/31 14:22:38 | 00,050,480 | ---- | M] (AOL LLC)
"C:\Program Files\BitTorrent\bittorrent.exe" -> C:\Program Files\BitTorrent\bittorrent.exe [C:\Program Files\BitTorrent\bittorrent.exe:*:Disabled:BitTorrent] -> File not found
"C:\Program Files\BitTorrent_DNA\dna.exe" -> C:\Program Files\BitTorrent_DNA\dna.exe [C:\Program Files\BitTorrent_DNA\dna.exe:*:Disabled:BitTorrent DNA] -> File not found
"C:\Program Files\Bonjour\mDNSResponder.exe" -> C:\Program Files\Bonjour\mDNSResponder.exe [C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour] -> [2007/07/24 14:17:08 | 00,229,376 | ---- | M] (Apple Inc.)
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" -> C:\Program Files\Common Files\AOL\Loader\aolload.exe [C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader] -> [2006/11/03 02:17:27 | 00,010,800 | ---- | M] (AOL LLC)
"C:\Program Files\iTunes\iTunes.exe" -> C:\Program Files\iTunes\iTunes.exe [C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes] -> [2008/07/30 09:47:50 | 20,252,968 | ---- | M] (Apple Inc.)
"C:\Program Files\LimeWire\LimeWire.exe" -> C:\Program Files\LimeWire\LimeWire.exe [C:\Program Files\LimeWire\LimeWire.exe:*:Disabled:LimeWire] -> [2008/01/10 13:17:20 | 00,147,456 | ---- | M] (Lime Wire, LLC)
"C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe" -> C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe [C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe:*:Enabled:Managed Services Agent] -> [2008/01/22 22:09:38 | 00,169,280 | ---- | M] (McAfee, Inc.)
"C:\Program Files\McAfee\Managed VirusScan\Agent\UpdDlg.exe" -> C:\Program Files\McAfee\Managed VirusScan\Agent\UpdDlg.exe [C:\Program Files\McAfee\Managed VirusScan\Agent\UpdDlg.exe:*:Enabled:UpdDlg] -> [2008/01/22 22:09:18 | 00,107,840 | ---- | M] (McAfee, Inc.)
"C:\Program Files\McAfee\Managed VirusScan\VScan\EngineServer.exe" -> C:\Program Files\McAfee\Managed VirusScan\VScan\EngineServer.exe [C:\Program Files\McAfee\Managed VirusScan\VScan\EngineServer.exe:*:Enabled:EngineServer] -> [2007/12/01 11:30:14 | 00,014,144 | ---- | M] (McAfee, Inc.)
"C:\Program Files\MSN Messenger\livecall.exe" -> C:\Program Files\MSN Messenger\livecall.exe [C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)] -> [2007/01/04 15:10:02 | 00,297,752 | ---- | M] (Microsoft Corporation)
"C:\Program Files\MSN Messenger\msnmsgr.exe" -> C:\Program Files\MSN Messenger\msnmsgr.exe [C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1] -> [2007/01/19 11:54:56 | 05,674,352 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Steam\steamapps\jsrusso\counter-strike source\hl2.exe" -> C:\Program Files\Steam\steamapps\jsrusso\counter-strike source\hl2.exe [C:\Program Files\Steam\steamapps\jsrusso\counter-strike source\hl2.exe:*:Disabled:hl2] -> [2008/12/13 22:31:05 | 00,106,496 | ---- | M] ()
"C:\Program Files\Symantec\pcAnywhere\awhost32.exe" -> C:\Program Files\Symantec\pcAnywhere\awhost32.exe [C:\Program Files\Symantec\pcAnywhere\awhost32.exe:*:Disabled:pcAnywhere Host Service] -> [2002/02/15 10:51:00 | 00,114,749 | ---- | M] (Symantec Corporation)
"C:\Program Files\Symantec\pcAnywhere\awrem32.exe" -> C:\Program Files\Symantec\pcAnywhere\awrem32.exe [C:\Program Files\Symantec\pcAnywhere\awrem32.exe:*:Disabled:pcAnywhere Remote Service] -> [2002/02/15 10:51:00 | 00,172,092 | ---- | M] (Symantec Corporation)
"C:\Program Files\TVersity\Media Server\MediaServer.exe" -> C:\Program Files\TVersity\Media Server\MediaServer.exe [C:\Program Files\TVersity\Media Server\MediaServer.exe:*:Enabled:TVersity Media Server] -> [2008/11/27 16:00:46 | 00,827,392 | ---- | M] ()
"C:\Program Files\uTorrent\uTorrent.exe" -> C:\Program Files\uTorrent\uTorrent.exe [C:\Program Files\uTorrent\uTorrent.exe:*:Disabled:µTorrent] -> File not found
"C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" -> C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe [C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Enabled:Veoh Web Player ] -> File not found
"C:\WINDOWS\explorer.exe" -> C:\WINDOWS\explorer.exe [C:\WINDOWS\explorer.exe:*:Enabled:Explorer] -> [2008/04/13 19:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation)
"C:\WINDOWS\system32\PnkBstrA.exe" -> C:\WINDOWS\system32\PnkBstrA.exe [C:\WINDOWS\system32\PnkBstrA.exe:*:Disabled:PnkBstrA] -> [2008/02/16 13:22:42 | 00,066,872 | ---- | M] 

[kahdah]

H that did not fit completely.
Click Here to upload the file please.

[maulingpastry]

i uploaded it i think i put this url did i make a mistake?

[maulingpastry]

I attached it here

Attached Files

•  Scan.txt   371.48KB   170 downloads

[kahdah]

Open the OTScanIt folder and double-click on OTScanIt.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
Copy/Paste the information in the codebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Unregister Dlls]
[Registry - Safe List]
< LSA Authentication Packages [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages
*LSA Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages
YY -> C:\WINDOWS\system32\rqRkJASJ -> 
< LSA Authentication Packages [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2
YN -> \{1041010f-0f1c-11dc-bec8-806d6172696f} -> 
YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1041010f-0f1c-11dc-bec8-806d6172696f}\Shell -> 
YN -> \{1041010f-0f1c-11dc-bec8-806d6172696f}\Shell\\"" -> [AutoRun]
YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1041010f-0f1c-11dc-bec8-806d6172696f}\Shell\AutoRun -> 
YN -> \{1041010f-0f1c-11dc-bec8-806d6172696f}\Shell\AutoRun\\"" -> [Auto&Play]
[Files/Folders - Created Within 30 Days]
NY -> ~.exe -> %SystemRoot%\System32\~.exe
NY -> mreuyuja.dll -> %SystemRoot%\System32\mreuyuja.dll
NY -> rskmgajs.job -> %SystemRoot%\tasks\rskmgajs.job
NY -> pmnoNGwu.dll -> %SystemRoot%\System32\pmnoNGwu.dll
NY -> ixchkmhx.ini -> %SystemRoot%\System32\ixchkmhx.ini
NY -> tgvrrrbd.dll -> %SystemRoot%\System32\tgvrrrbd.dll
NY -> aKUBaGgh.ini -> %SystemRoot%\System32\aKUBaGgh.ini
NY -> dxvryrbp.job -> %SystemRoot%\tasks\dxvryrbp.job
NY -> opnmMcAS.dll -> %SystemRoot%\System32\opnmMcAS.dll
NY -> prunnet.exe -> %SystemRoot%\System32\prunnet.exe
NY -> dPI19 -> %SystemRoot%\System32\dPI19
NY -> ID2 -> %SystemRoot%\System32\ID2
NY -> gp2 -> %SystemRoot%\System32\gp2
NY -> mp -> %SystemRoot%\System32\mp
NY -> x4 -> %SystemRoot%\System32\x4
NY -> dim -> %SystemRoot%\System32\dim
NY -> Viewpoint -> %ProgramFiles%\Viewpoint
[Files/Folders - Modified Within 30 Days]
NY -> rskmgajs.job -> %SystemRoot%\tasks\rskmgajs.job
NY -> dxvryrbp.job -> %SystemRoot%\tasks\dxvryrbp.job
NY -> ~.exe -> %SystemRoot%\System32\~.exe
NY -> karozeza.dll -> %SystemRoot%\System32\karozeza.dll
NY -> mreuyuja.dll -> %SystemRoot%\System32\mreuyuja.dll
NY -> pmnoNGwu.dll -> %SystemRoot%\System32\pmnoNGwu.dll
NY -> aKUBaGgh.ini -> %SystemRoot%\System32\aKUBaGgh.ini
NY -> ixchkmhx.ini -> %SystemRoot%\System32\ixchkmhx.ini
NY -> tgvrrrbd.dll -> %SystemRoot%\System32\tgvrrrbd.dll
NY -> opnmMcAS.dll -> %SystemRoot%\System32\opnmMcAS.dll
NY -> prunnet.exe -> %SystemRoot%\System32\prunnet.exe
[File - Lop Check]
NY -> Viewpoint -> C:\Documents and Settings\All Users\Application Data\Viewpoint
NY -> Viewpoint -> C:\Documents and Settings\Greg\Application Data\Viewpoint
NY -> dxvryrbp.job -> C:\WINDOWS\Tasks\dxvryrbp.job
NY -> rskmgajs.job -> C:\WINDOWS\Tasks\rskmgajs.job
[Empty Temp Folders]

The fix should only take a very short time. When the fix is completed either a message box will popup telling you that it is finished or you will be asked to reboot to finish the fix. If it is finished, click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here.
If a reboot is required, click the "Yes" button to reboot the machine. After the reboot, OTScanIt will finish moving any files that could not be moved during the fix and NotePad will open with the final results at that time. Post that information back here.
I will review the information when it comes back in.
Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.
================================
ALso please scan with OT scanit again and attach a fresh new log here.

[maulingpastry]

Thank you so much for your time everything is working much better and here's the list

Attached Files

•  Scan.txt   8.79KB   272 downloads

[kahdah]

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatley.