Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

IE randomly pops up

Started by Duragon88 , Feb 18 2009 02:44 AM

  • Please log in to reply

#1
Duragon88
Posted 18 February 2009 - 02:44 AM

Duragon88

    Member

  • Member
  • PipPip
  • 39 posts
Recently as of tonight that is IE keeps popping up while running firefox. I do not prompt this program to run at all it just decides to do so. It is now giving me runtime errors asking me if I wish to debug which thankfully this time I was able to get out of, without getting another virus chained to this thing. I really don't know what to do with this thing it seems like its finding ways around what I am trying to do to prevent it from reoccurring. I have already run Malware-bytes and NOD 32 to try and catch this virus.

-Please Advise

-Duragon
  • 0

Advertisements

#2
Duragon88
Posted 18 February 2009 - 02:48 AM

Duragon88

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
Sorry forgot the Hijack this Log here ya go:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:45:45 AM, on 2/18/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\LClock\LClock.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\prunnet.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\r_server.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\SafeConnect\scManager.sys
c:\program files\safeconnect\SCClient.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: AIM Toolbar Search Class - {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll
O4 - HKLM\..\Run: [LClock] C:\Program Files\LClock\LClock.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [prunnet] "C:\WINDOWS\system32\prunnet.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [prunnet] "C:\WINDOWS\system32\prunnet.exe"
O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user')
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Global Startup: SafeConnect.lnk = ?
O8 - Extra context menu item: &AIM Toolbar Search - C:\Documents and Settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.fileplanet.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1185068057437
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1185068047937
O17 - HKLM\System\CCS\Services\Tcpip\..\{C260A4A4-C266-44D3-830D-6A42BF603074}: NameServer = 192.168.1.1
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: Remote Administrator Service (r_server) - Unknown owner - C:\WINDOWS\system32\r_server.exe
O23 - Service: SafeConnect Manager (SCManager) - Unknown owner - C:\Program Files\SafeConnect\scManager.sys servicestart (file missing)
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 13626 bytes
  • 0

#3
kahdah
Posted 18 February 2009 - 06:41 AM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Hello Duragon88

Welcome to G2Go. :)
=====================
Before running a new scan let's clean out the temporary folders.

Download ATF Cleaner to your Desktop.
  • Double-click ATF-Cleaner.exe to run the program.
  • Click Select All found at the bottom of the list.
  • Click the Empty Selected button.
If you use Firefox browser, do this also:
  • Click Firefox at the top and choose Select All from the list.
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser, do this also:
  • Click Opera at the top and choose Select All from the list.
  • Close ALL Internet browsers (very important).
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
===========================================
Download OTScanIt2.exe to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt2 on your desktop.

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Open the OTScanIt2 folder and double-click on OTScanIt2.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
  • Under Additional Scans click the checkboxes in front of the following items to select them:

    • File - Lop check
      File - Purity Scan
      Under Basic scans:
      Rootkit Search -Yes
  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and Attach the information back here. I will review it when it comes in.
======================================================================
  • 0

#4
Duragon88
Posted 18 February 2009 - 11:29 AM

Duragon88

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
Hey while i was doing the scan NOD 32 came up with an inject trojan warning and quaratine whatever it was immediately twice but here is the log non the less

[code=auto:0]OTScanIt2 logfile created on: 2/18/2009 12:23:52 PM - Run 1
OTScanIt2 by OldTimer - Version 1.0.7.1 Folder = C:\Documents and Settings\Administrator\Desktop\OTScanIt2
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 372.60 Gb Total Space | 260.09 Gb Free Space | 69.80% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: THAD
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On
File Age = 90 Days

[Processes - Safe List]
acrotray.exe -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe -> [2008/01/11 18:54:31 | 00,623,992 | ---- | M] (Adobe Systems Inc.)
applemobiledeviceservice.exe -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> [2008/11/07 14:28:16 | 00,132,424 | ---- | M] (Apple Inc.)
firefox.exe -> %ProgramFiles%\Mozilla Firefox\firefox.exe -> [2009/02/06 19:30:24 | 00,307,704 | ---- | M] (Mozilla Corporation)
fnplicensingservice.exe -> %CommonProgramFiles%\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -> [2008/09/16 12:15:43 | 00,651,720 | ---- | M] (Macrovision Europe Ltd.)
googletoolbarnotifier.exe -> %ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe -> [2008/11/11 13:15:15 | 00,068,856 | ---- | M] (Google Inc.)
ipodservice.exe -> %ProgramFiles%\iPod\bin\iPodService.exe -> [2008/11/20 13:20:44 | 00,536,872 | ---- | M] (Apple Inc.)
ituneshelper.exe -> %ProgramFiles%\iTunes\iTunesHelper.exe -> [2008/11/20 13:20:54 | 00,290,088 | ---- | M] (Apple Inc.)
jqs.exe -> %ProgramFiles%\Java\jre6\bin\jqs.exe -> [2008/12/03 16:03:44 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.)
jusched.exe -> %ProgramFiles%\Java\jre6\bin\jusched.exe -> [2008/12/03 16:03:44 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.)
lclock.exe -> %ProgramFiles%\LClock\LClock.exe -> [2004/09/19 11:27:46 | 00,065,536 | ---- | M] ()
magicdisc.exe -> %ProgramFiles%\MagicDisc\MagicDisc.exe -> [2006/09/26 08:59:14 | 00,534,016 | ---- | M] ()
mdm.exe -> %CommonProgramFiles%\Microsoft Shared\VS7DEBUG\MDM.EXE -> [2003/06/19 22:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation)
mdnsresponder.exe -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.)
nmbgmonitor.exe -> %CommonProgramFiles%\Ahead\Lib\NMBgMonitor.exe -> [2007/03/12 12:49:26 | 00,153,136 | ---- | M] (Nero AG)
nmindexingservice.exe -> %CommonProgramFiles%\Ahead\Lib\NMIndexingService.exe -> [2007/03/12 12:49:46 | 00,271,920 | ---- | M] (Nero AG)
nmindexstoresvr.exe -> %CommonProgramFiles%\Ahead\Lib\NMIndexStoreSvr.exe -> [2007/03/12 12:49:46 | 01,209,904 | ---- | M] (Nero AG)
nod32krn.exe -> %ProgramFiles%\ESET\nod32krn.exe -> [2007/07/21 17:54:54 | 00,549,256 | ---- | M] (Eset )
nod32kui.exe -> %ProgramFiles%\ESET\nod32kui.exe -> [2007/07/21 17:54:54 | 00,950,664 | ---- | M] (Eset )
nsvcappflt.exe -> %ProgramFiles%\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe -> [2007/01/30 22:20:42 | 00,172,032 | ---- | M] ()
nsvcip.exe -> %ProgramFiles%\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe -> [2007/01/30 22:18:02 | 00,180,285 | ---- | M] (NVIDIA Corporation)
ntuneservice.exe -> %ProgramFiles%\NVIDIA Corporation\nTune\nTuneService.exe -> [2007/04/04 13:20:16 | 00,126,976 | ---- | M] (NVIDIA)
nvsvc32.exe -> %SystemRoot%\system32\nvsvc32.exe -> [2008/05/16 13:01:00 | 00,159,812 | ---- | M] (NVIDIA Corporation)
otscanit2.exe -> %UserProfile%\Desktop\OTScanIt2\OTScanIt2.exe -> [2009/01/26 12:13:22 | 00,485,376 | ---- | M] (OldTimer Tools)
pdvdserv.exe -> %ProgramFiles%\CyberLink\PowerDVD\PDVDServ.exe -> [2007/02/07 15:24:52 | 00,071,216 | ---- | M] (Cyberlink Corp.)
pnkbstra.exe -> %SystemRoot%\system32\PnkBstrA.exe -> [2007/12/28 17:02:30 | 00,066,872 | ---- | M] ()
pnkbstrb.exe -> %SystemRoot%\system32\PnkBstrB.exe -> [2009/01/13 16:12:35 | 00,202,040 | ---- | M] ()
r_server.exe -> %SystemRoot%\system32\r_server.exe -> [2005/06/21 15:16:45 | 00,724,992 | ---- | M] ()
richvideo.exe -> %ProgramFiles%\CyberLink\Shared files\RichVideo.exe -> [2007/02/07 16:29:50 | 00,173,616 | ---- | M] ()
rthdcpl.exe -> %SystemRoot%\RTHDCPL.exe -> [2007/03/21 16:49:20 | 16,126,464 | R--- | M] (Realtek Semiconductor Corp.)
rundll32.exe -> %SystemRoot%\system32\rundll32.exe -> [2008/04/14 04:42:34 | 00,033,280 | ---- | M] (Microsoft Corporation)
scclient.exe -> %ProgramFiles%\SafeConnect\SCClient.exe -> [2007/11/13 10:39:10 | 00,271,640 | ---- | M] (Impulse Point, LLC)
scmanager.sys -> %ProgramFiles%\SafeConnect\scManager.sys -> [2009/02/18 02:53:47 | 00,136,472 | ---- | M] (Impulse Point, LLC)
viewpointservice.exe -> %ProgramFiles%\Viewpoint\Common\ViewpointService.exe -> [2007/01/04 16:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation)
wmiprvse.exe -> %SystemRoot%\system32\wbem\wmiprvse.exe -> [2008/04/14 04:42:42 | 00,218,112 | ---- | M] (Microsoft Corporation)
wscntfy.exe -> %SystemRoot%\system32\wscntfy.exe -> [2008/04/14 04:42:42 | 00,013,824 | ---- | M] (Microsoft Corporation)

[Win32 Services - Safe List]
(Adobe Version Cue CS3) Adobe Version Cue CS3 [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe -> [2007/03/20 15:41:24 | 00,153,792 | ---- | M] (Adobe Systems Incorporated)
(Apple Mobile Device) Apple Mobile Device [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> [2008/11/07 14:28:16 | 00,132,424 | ---- | M] (Apple Inc.)
(aspnet_state) ASP.NET State Service [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -> [2007/10/24 00:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation)
(Bonjour Service) Bonjour Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.)
(clr_optimization_v2.0.50727_32) .NET Runtime Optimization Service v2.0.50727_X86 [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -> [2007/10/24 00:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation)
(FLEXnet Licensing Service) FLEXnet Licensing Service [Win32_Own | On_Demand | Running] -> %CommonProgramFiles%\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -> [2008/09/16 12:15:43 | 00,651,720 | ---- | M] (Macrovision Europe Ltd.)
(ForceWare Intelligent Application Manager (IAM)) ForceWare Intelligent Application Manager (IAM) [Win32_Own | Auto | Running] -> %ProgramFiles%\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe -> [2007/01/30 22:20:42 | 00,172,032 | ---- | M] ()
(GoogleDesktopManager-061008-081103) Google Desktop Manager 5.7.806.10245 [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Google\Google Desktop Search\GoogleDesktop.exe -> [2008/10/03 18:41:36 | 00,029,744 | ---- | M] (Google)
(gusvc) Google Updater Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> [2008/10/03 18:43:27 | 00,138,168 | ---- | M] (Google)
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> [2005/04/03 23:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation)
(iPod Service) iPod Service [Win32_Own | On_Demand | Running] -> %ProgramFiles%\iPod\bin\iPodService.exe -> [2008/11/20 13:20:44 | 00,536,872 | ---- | M] (Apple Inc.)
(JavaQuickStarterService) Java Quick Starter [Win32_Own | Auto | Running] -> %ProgramFiles%\Java\jre6\bin\jqs.exe -> [2008/12/03 16:03:44 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.)
(MDM) Machine Debug Manager [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Microsoft Shared\VS7DEBUG\MDM.EXE -> [2003/06/19 22:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation)
(NBService) NBService [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Nero\Nero 7\Nero BackItUp\NBService.exe -> [2007/03/14 18:19:10 | 00,779,824 | ---- | M] (Nero AG)
(NMIndexingService) NMIndexingService [Win32_Own | On_Demand | Running] -> %CommonProgramFiles%\Ahead\Lib\NMIndexingService.exe -> [2007/03/12 12:49:46 | 00,271,920 | ---- | M] (Nero AG)
(NOD32krn) NOD32 Kernel Service [Win32_Own | Auto | Running] -> %ProgramFiles%\ESET\nod32krn.exe -> [2007/07/21 17:54:54 | 00,549,256 | ---- | M] (Eset )
(nSvcIp) ForceWare IP service [Win32_Own | Auto | Running] -> %ProgramFiles%\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe -> [2007/01/30 22:18:02 | 00,180,285 | ---- | M] (NVIDIA Corporation)
(nTuneService) nTune Service [Win32_Own | Auto | Running] -> %ProgramFiles%\NVIDIA Corporation\nTune\nTuneService.exe -> [2007/04/04 13:20:16 | 00,126,976 | ---- | M] (NVIDIA)
(NVSvc) NVIDIA Display Driver Service [Win32_Own | Auto | Running] -> %SystemRoot%\system32\nvsvc32.exe -> [2008/05/16 13:01:00 | 00,159,812 | ---- | M] (NVIDIA Corporation)
(ose) Office Source Engine [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Microsoft Shared\Source Engine\OSE.EXE -> [2003/07/28 11:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation)
(PnkBstrA) PnkBstrA [Win32_Own | Auto | Running] -> %SystemRoot%\system32\PnkBstrA.exe -> [2007/12/28 17:02:30 | 00,066,872 | ---- | M] ()
(PnkBstrB) PnkBstrB [Win32_Own | Auto | Running] -> %SystemRoot%\system32\PnkBstrB.exe -> [2009/01/13 16:12:35 | 00,202,040 | ---- | M] ()
(RichVideo) Cyberlink RichVideo Service(CRVS) [Win32_Own | Auto | Running] -> %ProgramFiles%\CyberLink\Shared files\RichVideo.exe -> [2007/02/07 16:29:50 | 00,173,616 | ---- | M] ()
(r_server) Remote Administrator Service [Win32_Own | Auto | Running] -> %SystemRoot%\system32\r_server.exe -> [2005/06/21 15:16:45 | 00,724,992 | ---- | M] ()
(SCManager) SafeConnect Manager [Win32_Own | Auto | Running] -> %ProgramFiles%\SafeConnect\scManager.sys -> [2009/02/18 02:53:47 | 00,136,472 | ---- | M] (Impulse Point, LLC)
(UMWdf) Windows User Mode Driver Framework [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\system32\wdfmgr.exe -> [2006/01/13 19:16:30 | 00,038,912 | ---- | M] (Microsoft Corporation)
(Viewpoint Manager Service) Viewpoint Manager Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Viewpoint\Common\ViewpointService.exe -> [2007/01/04 16:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation)

[Driver Services - Safe List]
(A5AGU) D-Link USB Wireless Network Adapter Service [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\A5AGU.sys -> [2005/03/15 20:11:00 | 00,283,904 | R--- | M] (D-Link Corporation)
(AMON) AMON [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\amon.sys -> [2007/07/21 17:54:54 | 00,512,096 | ---- | M] (Eset )
(ATHFMWDL) D-Link predator Bootloader driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\Athfmwdl.sys -> [2005/03/15 20:11:00 | 00,043,392 | R--- | M] (Windows (R) 2000 DDK provider)
(athrusb) Wireless LAN USB device driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\athrusb.sys -> [2006/11/30 05:14:40 | 00,446,976 | R--- | M] (Atheros Communications, Inc.)
(aylnlfdx) aylnlfdx [Kernel | Boot | Stopped] -> %SystemRoot%\system32\drivers\phqghume.sys -> [2009/02/09 08:59:35 | 00,025,088 | ---- | M] ()
(GEARAspiWDM) GEAR ASPI Filter Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\GEARAspiWDM.sys -> [2008/04/17 12:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.)
(HDAudBus) Microsoft UAA Bus Driver for High Definition Audio [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\hdaudbus.sys -> [2008/04/13 21:06:06 | 00,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider)
(IntcAzAudAddService) Service for Realtek HD Audio (WDM) [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\RtkHDAud.sys -> [2007/03/26 21:21:06 | 04,395,008 | R--- | M] (Realtek Semiconductor Corp.)
(kbdhid) Keyboard HID Driver [Kernel | System | Running] -> %SystemRoot%\system32\drivers\kbdhid.sys -> [2008/04/13 23:09:50 | 00,014,592 | ---- | M] (Microsoft Corporation)
(mcdbus) Driver for MagicISO SCSI Host Controller [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\mcdbus.sys -> [2006/09/22 13:06:10 | 00,092,160 | ---- | M] (MagicISO, Inc.)
(nod32drv) nod32drv [Kernel | System | Running] -> %SystemRoot%\system32\drivers\nod32drv.sys -> [2007/07/21 17:54:54 | 00,015,424 | ---- | M] ()
(nv) nv [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\nv4_mini.sys -> [2008/05/16 13:01:00 | 06,557,408 | ---- | M] (NVIDIA Corporation)
(nvata) nvata [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\nvata.sys -> [2006/10/18 18:31:38 | 00,105,472 | R--- | M] (NVIDIA Corporation)
(NVENETFD) NVIDIA nForce Networking Controller Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\NVENETFD.sys -> [2006/11/20 04:35:24 | 00,062,592 | R--- | M] (NVIDIA Corporation)
(nvnetbus) NVIDIA Network Bus Enumerator [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\nvnetbus.sys -> [2006/11/20 04:35:26 | 00,019,968 | R--- | M] (NVIDIA Corporation)
(NVR0Dev) NVR0Dev [Kernel | On_Demand | Running] -> %SystemRoot%\nvoclock.sys -> [2007/04/04 13:21:00 | 00,006,912 | ---- | M] (NVidia Corp.)
(oaeiwgfw) oaeiwgfw [Kernel | Boot | Stopped] -> %SystemRoot%\system32\drivers\fgrpiifw.sys -> [2009/02/06 20:32:35 | 00,025,088 | ---- | M] ()
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ptilink.sys -> [2001/08/23 05:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.)
(Secdrv) Secdrv [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\secdrv.sys -> [2007/11/13 05:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
(sfdrv01) StarForce Protection Environment Driver (version 1.x) [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\sfdrv01.sys -> [2005/08/10 07:44:04 | 00,050,688 | ---- | M] (Protection Technology)
(sfhlp02) StarForce Protection Helper Driver (version 2.x) [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\sfhlp02.sys -> [2005/05/16 08:20:39 | 00,006,656 | ---- | M] (Protection Technology)
(sfvfs02) StarForce Protection VFS Driver (version 2.x) [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\sfvfs02.sys -> [2005/11/03 09:40:07 | 00,063,488 | ---- | M] (Protection Technology)
(tuggjahu) tuggjahu [Kernel | Boot | Stopped] -> %SystemRoot%\system32\drivers\ajojqvpf.sys -> [2009/02/06 19:24:35 | 00,025,088 | ---- | M] ()
(WS2IFSL) Windows Socket 2.0 Non-IFS Service Provider Support Environment [Kernel | System | Running] -> %SystemRoot%\system32\drivers\ws2ifsl.sys -> [2001/08/23 05:00:00 | 00,012,032 | ---- | M] (Microsoft Corporation)
(xfwwnyng) xfwwnyng [Kernel | Boot | Stopped] -> %SystemRoot%\system32\drivers\irajqlgp.sys -> [2009/02/09 07:03:28 | 00,025,088 | ---- | M] ()
(xwbrwsze) xwbrwsze [Kernel | Boot | Stopped] -> %SystemRoot%\system32\drivers\icpglfqf.sys -> [2009/02/08 22:50:41 | 00,025,088 | ---- | M] ()
(zbgxdfnk) zbgxdfnk [Kernel | Boot | Stopped] -> %SystemRoot%\zbgxdfnk -> [2009/02/18 03:50:58 | 00,002,328 | ---- | M] ()
(ZD1211BU(EDUP)) EDUP IEEE 802.11 b+g Wireless LAN Driver (USB)(EDUP) [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\ZD1211BU.sys -> [2006/08/24 12:44:14 | 00,477,696 | ---- | M] (ZyDAS Technology Corporation)
(ZDPSp50) ZDPSp50 NDIS Protocol Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\ZDPSp50.sys -> [2004/10/25 12:40:58 | 00,017,664 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA))
({95808DC4-FA4A-4c74-92FE-5B863F82066B}) {95808DC4-FA4A-4c74-92FE-5B863F82066B} [Kernel | Auto | Running] -> %ProgramFiles%\CyberLink\PowerDVD\000.fcl -> [2006/11/02 15:51:58 | 00,013,560 | ---- | M] (Cyberlink Corp.)

[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKEY_LOCAL_MACHINE\: Main\\"Default_Search_URL" -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\"Default_Secondary_Page_URL" -> ->
HKEY_LOCAL_MACHINE\: Main\\"Extensions Off Page" -> about:NoAdd-ons ->
HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> %SystemRoot%\system32\blank.htm ->
HKEY_LOCAL_MACHINE\: Main\\"Search Page" -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\"Security Risk Page" -> about:SecurityRisk ->
HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKEY_LOCAL_MACHINE\: Search\\"CustomizeSearch" -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKEY_LOCAL_MACHINE\: Search\\"SearchAssistant" -> http://www.google.com/ie ->
HKEY_LOCAL_MACHINE\: URLSearchHooks\\"{03402f96-3dc7-4285-bc50-9e81fefafe43}" [HKLM] -> %ProgramFiles%\AIM Toolbar\aimtb.dll [AIM Toolbar Search Class] -> [2008/10/07 14:09:18 | 01,275,176 | ---- | M] (AOL LLC.)
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> ->
HKEY_CURRENT_USER\: Main\\"Local Page" -> C:\WINDOWS\system32\blank.htm ->
HKEY_CURRENT_USER\: Main\\"Page_Transitions" -> ->
HKEY_CURRENT_USER\: Main\\"Search Page" -> http://www.google.com ->
HKEY_CURRENT_USER\: Main\\"Start Page" -> http://www.aol.com/?src=aim ->
HKEY_CURRENT_USER\: SearchURL\\"" -> http://www.google.com/keyword/%s ->
HKEY_CURRENT_USER\: SearchURL\g\\"" -> http://www.google.com/search?hl=en&q=%s ->
HKEY_CURRENT_USER\: URLSearchHooks\\"{03402f96-3dc7-4285-bc50-9e81fefafe43}" [HKLM] -> %ProgramFiles%\AIM Toolbar\aimtb.dll [AIM Toolbar Search Class] -> [2008/10/07 14:09:18 | 01,275,176 | ---- | M] (AOL LLC.)
HKEY_CURRENT_USER\: "ProxyEnable" -> 0 ->
HKEY_CURRENT_USER\: "ProxyOverride" -> *.local ->
< FireFox Settings [Default Profile] > -> C:\Documents and Settings\Administrator\Application Data\Mozilla\FireFox\Profiles\h9pnv6tg.default\prefs.js ->
browser.search.defaultenginename -> "AIM Search" ->
browser.search.defaulturl -> "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query=" ->
browser.search.selectedEngine -> "AIM Search" ->
browser.startup.homepage -> "google.com" ->
browser.startup.homepage_override.mstone -> "rv:1.9.0.6" ->
extensions.enabledItems -> {c2f863cd-0429-48c7-bb54-db756a951760}:5.20.1.1 ->
extensions.enabledItems -> {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}:6.0.05 ->
extensions.enabledItems -> {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}:6.0.02 ->
extensions.enabledItems -> {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}:6.0.03 ->
extensions.enabledItems -> {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07 ->
extensions.enabledItems -> {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11 ->
extensions.enabledItems -> [email protected]:1.0 ->
extensions.enabledItems -> {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.6 ->
extensions.enabledItems -> {e213bb8f-8ebd-11db-96b7-005056c00008}:2.0.0.62 ->
< HOSTS File > (781 bytes and 22 lines) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
127.0.0.1 localhost
127.0.0.1 mpa.one.microsoft.com
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> [2008/06/11 21:33:22 | 00,061,816 | ---- | M] (Adobe Systems Incorporated)
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} [HKLM] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [Adobe PDF Link Helper] -> [2008/06/11 21:33:16 | 00,075,128 | ---- | M] (Adobe Systems Incorporated)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre6\bin\ssv.dll [Java(tm) Plug-In SSV Helper] -> [2008/12/03 16:03:44 | 00,320,920 | ---- | M] (Sun Microsystems, Inc.)
{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKLM] -> %ProgramFiles%\Google\GoogleToolbar1.dll [Google Toolbar Helper] -> [2008/10/03 18:43:27 | 02,403,392 | R--- | M] (Google Inc.)
{AE7CD045-E861-484f-8273-0445EE161910} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [Adobe PDF Conversion Toolbar Helper] -> [2007/05/10 21:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKLM] -> %ProgramFiles%\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll [Google Toolbar Notifier BHO] -> [2008/11/11 13:15:15 | 00,737,776 | ---- | M] (Google Inc.)
{b0cda128-b425-4eef-a174-61a11ac5dbf8} [HKLM] -> %ProgramFiles%\AIM Toolbar\aimtb.dll [AIM Toolbar Loader] -> [2008/10/07 14:09:18 | 01,275,176 | ---- | M] (AOL LLC.)
{DBC80044-A445-435b-BC74-9C25C1C588A9} [HKLM] -> %ProgramFiles%\Java\jre6\bin\jp2ssv.dll [Java(tm) Plug-In 2 SSV Helper] -> [2008/12/03 16:03:44 | 00,034,816 | ---- | M] (Sun Microsystems, Inc.)
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} [HKLM] -> %ProgramFiles%\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [JQSIEStartDetectorImpl Class] -> [2008/12/03 16:03:45 | 00,073,728 | ---- | M] (Sun Microsystems, Inc.)
{F4971EE7-DAA0-4053-9964-665D8EE6A077} [HKLM] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [SmartSelect Class] -> [2008/06/11 21:42:44 | 00,345,480 | ---- | M] (Adobe Systems Incorporated)
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" [HKLM] -> %ProgramFiles%\Google\GoogleToolbar1.dll [&Google] -> [2008/10/03 18:43:27 | 02,403,392 | R--- | M] (Google Inc.)
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" [HKLM] -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> [2007/05/10 21:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
"{61539ecd-cc67-4437-a03c-9aaccbd14326}" [HKLM] -> %ProgramFiles%\AIM Toolbar\aimtb.dll [AIM Toolbar] -> [2008/10/07 14:09:18 | 01,275,176 | ---- | M] (AOL LLC.)
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
WebBrowser\\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" [HKLM] -> %ProgramFiles%\Google\GoogleToolbar1.dll [&Google] -> [2008/10/03 18:43:27 | 02,403,392 | R--- | M] (Google Inc.)
WebBrowser\\"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" [HKLM] -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> [2007/05/10 21:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
WebBrowser\\"{61539ECD-CC67-4437-A03C-9AACCBD14326}" [HKLM] -> %ProgramFiles%\AIM Toolbar\aimtb.dll [AIM Toolbar] -> [2008/10/07 14:09:18 | 01,275,176 | ---- | M] (AOL LLC.)
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"" -> [] -> File not found
"Acrobat Assistant 8.0" -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe ["C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"] -> [2008/01/11 18:54:31 | 00,623,992 | ---- | M] (Adobe Systems Inc.)
"Adobe Acrobat Speed Launcher" -> %ProgramFiles%\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe ["C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"] -> [2008/06/12 01:25:18 | 00,037,232 | ---- | M] (Adobe Systems Incorporated)
"Adobe Reader Speed Launcher" -> %ProgramFiles%\Adobe\Reader 8.0\Reader\reader_sl.exe ["C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"] -> [2008/01/11 22:16:38 | 00,039,792 | ---- | M] (Adobe Systems Incorporated)
"Adobe_ID0EYTHM" -> %CommonProgramFiles%\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3Tray.exe [C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE] -> [2007/03/20 15:40:44 | 01,884,160 | ---- | M] (Adobe Systems Incorporated)
"Alcmtr" -> %SystemRoot%\Alcmtr.exe [ALCMTR.EXE] -> [2005/05/03 20:43:28 | 00,069,632 | R--- | M] (Realtek Semiconductor Corp.)
"AppleSyncNotifier" -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe] -> [2008/09/03 19:12:50 | 00,111,936 | ---- | M] (Apple Inc.)
"Google Desktop Search" -> ["C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup] -> File not found
"iTunesHelper" -> %ProgramFiles%\iTunes\iTunesHelper.exe ["C:\Program Files\iTunes\iTunesHelper.exe"] -> [2008/11/20 13:20:54 | 00,290,088 | ---- | M] (Apple Inc.)
"KernelFaultCheck" -> [%systemroot%\system32\dumprep 0 -k] -> File not found
"LanguageShortcut" -> %ProgramFiles%\CyberLink\PowerDVD\Language\Language.exe ["C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"] -> [2007/02/07 15:21:30 | 00,054,832 | ---- | M] ()
"LClock" -> %ProgramFiles%\LClock\LClock.exe [C:\Program Files\LClock\LClock.exe] -> [2004/09/19 11:27:46 | 00,065,536 | ---- | M] ()
"NeroFilterCheck" -> %CommonProgramFiles%\Ahead\Lib\NeroCheck.exe [C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe] -> [2007/03/09 17:53:56 | 00,153,136 | ---- | M] (Nero AG)
"nod32kui" -> %ProgramFiles%\ESET\nod32kui.exe ["C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE] -> [2007/07/21 17:54:54 | 00,950,664 | ---- | M] (Eset )
"NvCplDaemon" -> %SystemRoot%\system32\nvcpl.dll [RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup] -> [2008/05/16 13:01:00 | 13,529,088 | ---- | M] (NVIDIA Corporation)
"NvMediaCenter" -> %SystemRoot%\system32\nvmctray.dll [RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit] -> [2008/05/16 13:01:00 | 00,086,016 | ---- | M] (NVIDIA Corporation)
"nwiz" -> %SystemRoot%\system32\nwiz.exe [nwiz.exe /install] -> [2008/05/16 13:01:00 | 01,630,208 | ---- | M] ()
"prunnet" -> %SystemRoot%\system32\prunnet.exe ["C:\WINDOWS\system32\prunnet.exe"] -> [2009/02/06 18:05:17 | 00,044,824 | ---- | M] ()
"QuickTime Task" -> %ProgramFiles%\QuickTime\QTTask.exe ["C:\Program Files\QuickTime\QTTask.exe" -atboottime] -> [2008/11/04 10:30:50 | 00,413,696 | ---- | M] (Apple Inc.)
"RemoteControl" -> %ProgramFiles%\CyberLink\PowerDVD\PDVDServ.exe ["C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"] -> [2007/02/07 15:24:52 | 00,071,216 | ---- | M] (Cyberlink Corp.)
"RTHDCPL" -> %SystemRoot%\RTHDCPL.exe [RTHDCPL.EXE] -> [2007/03/21 16:49:20 | 16,126,464 | R--- | M] (Realtek Semiconductor Corp.)
"SunJavaUpdateSched" -> %ProgramFiles%\Java\jre6\bin\jusched.exe ["C:\Program Files\Java\jre6\bin\jusched.exe"] -> [2008/12/03 16:03:44 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.)
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"Aim6" -> [] -> File not found
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" -> %CommonProgramFiles%\Ahead\Lib\NMBgMonitor.exe ["C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"] -> [2007/03/12 12:49:26 | 00,153,136 | ---- | M] (Nero AG)
"igndlm.exe" -> [C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork] -> File not found
"NVIDIA nTune" -> %ProgramFiles%\NVIDIA Corporation\nTune\nTuneCmd.exe ["C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear] -> [2007/04/04 13:20:10 | 00,081,920 | ---- | M] (NVIDIA)
"prunnet" -> %SystemRoot%\system32\prunnet.exe ["C:\WINDOWS\system32\prunnet.exe"] -> [2009/02/06 18:05:17 | 00,044,824 | ---- | M] ()
"Steam" -> %ProgramFiles%\Steam\Steam.exe ["C:\Program Files\Steam\Steam.exe" -silent] -> [2009/01/11 19:44:10 | 01,410,296 | ---- | M] (Valve Corporation)
"swg" -> %ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe] -> [2008/11/11 13:15:15 | 00,068,856 | ---- | M] (Google Inc.)
< Administrator Startup Folder > -> C:\Documents and Settings\Administrator\Start Menu\Programs\Startup ->
%UserProfile%\Start Menu\Programs\Startup\MagicDisc.lnk -> %ProgramFiles%\MagicDisc\MagicDisc.exe -> [2006/09/26 08:59:14 | 00,534,016 | ---- | M] ()
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
%AllUsersProfile%\Start Menu\Programs\Startup\SafeConnect.lnk -> %ProgramFiles%\SafeConnect\SCClient.exe -> [2007/11/13 10:39:10 | 00,271,640 | ---- | M] (Impulse Point, LLC)
< Software Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer ->
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Main\Feature Control
\Main\Feature Control\\"IMAGING_EMF_USE_RCLFRAMESIZE_KB905299" -> [1] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BUFFERBREAKING_818408
\Main\FeatureControl\FEATURE_BUFFERBREAKING_818408\\"Iexplore.exe" -> [1] -> File not found
\Main\FeatureControl\FEATURE_BUFFERBREAKING_818408\\"BufferBreakingSize" -> [10485760] -> File not found
< Software Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer ->
HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer
\\"Windows Update Menu Text" -> [Microsoft Update] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer\Main\Feature Control
\Main\Feature Control\\"IMAGING_EMF_USE_RCLFRAMESIZE_KB905299" -> [1] -> File not found
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
\\"dontdisplaylastusername" -> [0] -> File not found
\\"legalnoticecaption" -> [] -> File not found
\\"legalnoticetext" -> [] -> File not found
\\"shutdownwithoutlogon" -> [1] -> File not found
\\"undockwithoutlogon" -> [1] -> File not found
< CurrentVersion Policy Settings - Explorer [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [145] -> File not found
< CurrentVersion Policy Settings - System [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->
&AIM Toolbar Search -> %AllUsersProfile%\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html [C:\Documents and Settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html] -> [2008/05/22 09:44:38 | 00,000,747 | ---- | M] ()
Append to existing PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html] -> [2007/05/10 21:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert link target to Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html] -> [2007/05/10 21:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert link target to existing PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html] -> [2007/05/10 21:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert selected links to Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html] -> [2007/05/10 21:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert selected links to existing PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html] -> [2007/05/10 21:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert selection to Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html] -> [2007/05/10 21:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert selection to existing PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html] -> [2007/05/10 21:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert to Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html] -> [2007/05/10 21:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
E&xport to Microsoft Excel -> %ProgramFiles%\Microsoft Office\OFFICE11\EXCEL.EXE [res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000] -> [2008/10/13 11:29:28 | 10,351,944 | ---- | M] (Microsoft Corporation)
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{0b83c99c-1efa-4259-858f-bcb33e007a5b}:{61539ecd-cc67-4437-a03c-9aaccbd14326} [HKLM] -> %ProgramFiles%\AIM Toolbar\aimtb.dll [Button: AIM Toolbar] -> [2008/10/07 14:09:18 | 01,275,176 | ---- | M] (AOL LLC.)
{92780B25-18CC-41C8-B9BE-3C9C571A8263}:{FF059E31-CC5A-4E2E-BF3B-96E929D65503} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Button: Research] -> [2007/04/19 13:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation)
{e2e2dd38-d088-4134-82b7-f2ba38496583}:Exec [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [Menu: @xpsp3res.dll,-20001] -> [2008/04/13 23:23:34 | 00,558,080 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Button: Messenger] -> [2008/04/14 04:42:30 | 01,695,232 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Menu: Windows Messenger] -> [2008/04/14 04:42:30 | 01,695,232 | ---- | M] (Microsoft Corporation)
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
PluginsPageFriendlyName -> Microsoft ActiveX Gallery ->
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s ->
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. ->
1 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. ->
www_fileplanet.com [http] -> Trusted sites ->
1 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{428A9DEF-F057-402B-9F2D-A5887F4544ED} [HKLM] -> http://download.microsoft.com/download/f/0/2/f02b515c-7076-4cee-bc08-fd6fea594578/VirtualEarth3D.cab [SentinelProxy Class] ->
{6414512B-B978-451D-A0D8-FCFDF33E833C} [HKLM] -> http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1185068057437 [WUWebControl Class] ->
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} [HKLM] -> http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1185068047937 [MUWebControl Class] ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab [Java Plug-in 1.6.0_11] ->
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab [Java Plug-in 1.6.0_02] ->
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab [Java Plug-in 1.6.0_03] ->
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab [Java Plug-in 1.6.0_05] ->
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab [Java Plug-in 1.6.0_07] ->
{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab [Java Plug-in 1.6.0_11] ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab [Java Plug-in 1.6.0_11] ->
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{12DE5A91-0C48-4AA0-9F71-B4BE10579E59} -> (EDUP IEEE 802.11 b+g USB Adapter) ->
{28F13B58-08BA-430D-938D-4C0F685252AB} -> (NVIDIA nForce Networking Controller) ->
{C260A4A4-C266-44D3-830D-6A42BF603074} -> 192.168.1.1 (D-Link AirPlus Xtreme G DWL-G132 Wireless USB Adapter(rev.A)) ->
< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs ->
*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls ->
C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL -> %ProgramFiles%\Google\Google Desktop Search\GoogleDesktopNetwork3.dll -> [2008/10/03 22:05:56 | 00,113,664 | ---- | M] (Google)
*MultiFile Done* -> ->
< Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List ->
"%windir%\Network Diagnostic\xpnetdiag.exe" -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> [2008/04/13 23:23:34 | 00,558,080 | ---- | M] (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> [2008/04/14 04:42:36 | 00,141,312 | ---- | M] (Microsoft Corporation)
"C:\Nexon\Combat Arms\CombatArms.exe" -> C:\Nexon\Combat Arms\CombatArms.exe [C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe] -> File not found
"C:\Nexon\Combat Arms\Engine.exe" -> C:\Nexon\Combat Arms\Engine.exe [C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe] -> File not found
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List ->
"%windir%\Network Diagnostic\xpnetdiag.exe" -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> [2008/04/13 23:23:34 | 00,558,080 | ---- | M] (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> [2008/04/14 04:42:36 | 00,141,312 | ---- | M] (Microsoft Corporation)
"C:\Documents and Settings\Administrator\Local Settings\Temp\Blizzard Launcher Temporary - 4b1493e8\Launcher.exe" -> C:\Documents and Settings\Administrator\Local Settings\Temp\Blizzard Launcher Temporary - 4b1493e8\Launcher.exe [C:\Documents and Settings\Administrator\Local Settings\Temp\Blizzard Launcher Temporary - 4b1493e8\Launcher.exe:*:Enabled:Blizzard Launcher] -> File not found
"C:\Documents and Settings\Administrator\Local Settings\Temp\Blizzard Launcher Temporary - 512f2b58\Launcher.exe" -> C:\Documents and Settings\Administrator\Local Settings\Temp\Blizzard Launcher Temporary - 512f2b58\Launcher.exe [C:\Documents and Settings\Administrator\Local Settings\Temp\Blizzard Launcher Temporary - 512f2b58\Launcher.exe:*:Enabled:Blizzard Launcher] -> File not found
"C:\Documents and Settings\Administrator\Local Settings\Temp\Blizzard Launcher Temporary - 57cb75e8\Launcher.exe" -> C:\Documents and Settings\Administrator\Local Settings\Temp\Blizzard Launcher Temporary - 57cb75e8\Launcher.exe [C:\Documents and Settings\Administrator\Local Settings\Temp\Blizzard Launcher Temporary - 57cb75e8\Launcher.exe:*:Enabled:Blizzard Launcher] -> File not found
"C:\Documents and Settings\Administrator\Local Settings\Temp\Blizzard Launcher Temporary - 5d0a7b40\Launcher.exe" -> C:\Documents and Settings\Administrator\Local Settings\Temp\Blizzard Launcher Temporary - 5d0a7b40\Launcher.exe [C:\Documents and Settings\Administrator\Local Settings\Temp\Blizzard Launcher Temporary - 5d0a7b40\Launcher.exe:*:Enabled:Blizzard Launcher] -> File not found
"C:\Documents and Settings\Administrator\Local Settings\Temp\Blizzard Launcher Temporary - 9701e5e0\Launcher.exe" -> C:\Documents and Settings\Administrator\Local Settings\Temp\Blizzard Launcher Temporary - 9701e5e0\Launcher.exe [C:\Documents and Settings\Administrator\Local Settings\Temp\Blizzard Launcher Temporary - 9701e5e0\Launcher.exe:*:Enabled:Blizzard Launcher] -> File not found
"C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe" -> C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe [C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager] -> [2008/08/11 15:04:53 | 00,159,744 | ---- | M] (Nexon)
"C:\Games\World of Warcraft\BackgroundDownloader.exe" -> C:\Games\World of Warcraft\BackgroundDownloader.exe [C:\Games\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader] -> [2009/02/12 02:21:30 | 02,172,400 | ---- | M] (Blizzard Entertainment)
"C:\Games\World of Warcraft\WoW-3.0.1-to-3.0.2-enUS-Win-Update-downloader.exe" -> C:\Games\World of Warcraft\WoW-3.0.1-to-3.0.2-enUS-Win-Update-downloader.exe [C:\Games\World of Warcraft\WoW-3.0.1-to-3.0.2-enUS-Win-Update-downloader.exe:*:Enabled:Blizzard Downloader] -> [2009/01/24 12:40:23 | 01,101,608 | ---- | M] (Blizzard Entertainment)
"C:\Games\World of Warcraft\WoW-3.0.2.9056-to-3.0.3.9183-enUS-downloader.exe" -> C:\Games\World of Warcraft\WoW-3.0.2.9056-to-3.0.3.9183-enUS-downloader.exe [C:\Games\World of Warcraft\WoW-3.0.2.9056-to-3.0.3.9183-enUS-downloader.exe:*:Enabled:Blizzard Downloader] -> [2009/01/24 12:57:28 | 01,072,200 | ---- | M] (Blizzard Entertainment)
"C:\Games\World of Warcraft\WoW-3.0.3.9183-to-3.0.8.9464-enUS-downloader.exe" -> C:\Games\World of Warcraft\WoW-3.0.3.9183-to-3.0.8.9464-enUS-downloader.exe [C:\Games\World of Warcraft\WoW-3.0.3.9183-to-3.0.8.9464-enUS-downloader.exe:*:Enabled:Blizzard Downloader] -> [2009/01/24 13:08:01 | 01,074,664 | ---- | M] (Blizzard Entertainment)
"C:\Games\World of Warcraft\WoW-3.0.8.9464-to-3.0.8.9506-enUS-downloader.exe" -> C:\Games\World of Warcraft\WoW-3.0.8.9464-to-3.0.8.9506-enUS-downloader.exe [C:\Games\World of Warcraft\WoW-3.0.8.9464-to-3.0.8.9506-enUS-downloader.exe:*:Enabled:Blizzard Downloader] -> [2009/01/31 12:45:25 | 02,173,784 | ---- | M] (Blizzard Entertainment)
"C:\Nexon\Combat Arms\CombatArms.exe" -> C:\Nexon\Combat Arms\CombatArms.exe [C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe] -> File not found
"C:\Nexon\Combat Arms\Engine.exe" -> C:\Nexon\Combat Arms\Engine.exe [C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe] -> File not found
"C:\Nexon\Combat Arms\NMService.exe" -> C:\Nexon\Combat Arms\NMService.exe [C:\Nexon\Combat Arms\NMService.exe:*:Enabled:Nexon Messenger Core] -> File not found
"C:\Program Files\Activision\Call of Duty - World at War Beta\CoDWaWbeta.exe" -> C:\Program Files\Activision\Call of Duty - World at War Beta\CoDWaWbeta.exe [C:\Program Files\Activision\Call of Duty - World at War Beta\CoDWaWbeta.exe:*:Enabled:Call of Duty(R): World at War Multiplayer] -> [2008/10/25 22:45:42 | 05,424,400 | ---- | M] (Activision Blizzard, Inc.)
"C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe" -> C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe [C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM) ] -> [2008/06/20 14:43:00 | 03,330,048 | ---- | M] ()
"C:\Program Files\AIM6\aim6.exe" -> C:\Program Files\AIM6\aim6.exe [C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM] -> [2008/10/31 14:22:38 | 00,050,480 | ---- | M] (AOL LLC)
"C:\Program Files\BitTorrent\bittorrent.exe" -> C:\Program Files\BitTorrent\bittorrent.exe [C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent] -> File not found
"C:\Program Files\Bonjour\mDNSResponder.exe" -> C:\Program Files\Bonjour\mDNSResponder.exe [C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour] -> [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.)
"C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe" -> C:\Program Files&#
  • 0

#5
kahdah
Posted 19 February 2009 - 06:38 AM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Ok that log was cut off can you please upload it here > http://www.bleepingc....php?channel=44

The alarm set off by NOD was a false one it was from the rootkit scanner catchme.exe most antivirus try to block tools we use here but I think they should try to stick catching the malware that they often miss.

Nothing to worry about.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP