Randomn Browser Pop-Ups

system · December 12, 2008, 8:25pm

Every time I open my Firefox browser and use the Google search field, I experience random pop-ups. My wife and I have tried to find and remove this virus but without success. We’ve used Ad-Aware, Spybot, Hijack This, Vundofix, McAfee and now Avast! with no success. How should we proceed? Thanks in advance for your assistance.

essexboy · December 12, 2008, 8:42pm

Hi there this is sometimes difficult to track down. However some very clever people have been working on a tool to find the miscreant. So if you have no objections I would like to try it out. The first stage is purely analysis and makes no changes to your system at all, but it will help to find the FF addon that is at fault

To ensure that I get all the information this log will need to be uploaded to Mediafire and post the sharing link.

Download OTScanit2 to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.

[*]Close ALL OTHER PROGRAMS.
[*]Open the OTScanit folder and double-click on OTScanit.exe to start the program.
[*]Check the box that says Scan All Users
[*]Check the Radio button for Rootkit check YES
[]Under Additional Scans check the following:
[]File - Lop Check
[]File - Purity Scan
[]Evnt - EventViewer Errors/Warnings (last 10)
[*]In the custom scan box (bottom left) copy and paste all in the quote box to this area

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla|extensions /rs

[*]Now click the [b]Run Scan[/b] button on the toolbar. [*]Let it run unhindered until it finishes. [*]When the scan is complete [b]Notepad[/b] will open with the report file loaded in it. [*]Click the [b]Format[/b] menu and make sure that [b]Wordwrap[/b] is not checked. If it is then click on it to uncheck it.

DavidR · December 12, 2008, 11:05pm

essexboy,

Is this an example of the fake firefox add-on issue we have been hearing about ?

essexboy · December 12, 2008, 11:12pm

Appears to be but the log will answer that ;D

DavidR · December 12, 2008, 11:22pm

Interesting, not so interesting for Samshadows though.

system · December 13, 2008, 4:58pm

The random pop-ups are not exclusive to FF. It also affects IE.

Here are the scan results:


OTScanIt2 logfile created on: 12/13/2008 11:20:08 AM - Run 1
OTScanIt2 by OldTimer - Version 1.0.3.1     Folder = C:\Documents and Settings\Kinzer family\Desktop\OTScanIt2
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1.50 Gb Total Physical Memory | 0.76 Gb Available Physical Memory | 50.77% Memory free
2.10 Gb Paging File | 1.40 Gb Available in Paging File | 66.80% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536;
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 228.13 Gb Total Space | 150.96 Gb Free Space | 66.17% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 651.63 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: KINZERCOM
Current User Name: Kinzer family
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days
 
[Processes - Safe List]
aawservice.exe -> %ProgramFiles%\Lavasoft\Ad-Aware\aawservice.exe -> [2008/10/26 16:39:56 | 00,611,664 | ---- | M] (Lavasoft)
acrotray.exe -> %ProgramFiles%\Adobe\Adobe Acrobat 7.0\Distillr\AcroTray.exe -> [2006/01/12 19:52:32 | 00,483,328 | ---- | M] (Adobe Systems Inc.)
applemobiledeviceservice.exe -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> [2008/11/07 14:28:16 | 00,132,424 | ---- | M] (Apple Inc.)
ashdisp.exe -> %ProgramFiles%\Alwil Software\Avast4\ashDisp.exe -> [2008/11/26 12:18:51 | 00,081,000 | ---- | M] (ALWIL Software)
ashmaisv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashMaiSv.exe -> [2008/11/26 12:18:32 | 00,254,040 | ---- | M] (ALWIL Software)
ashserv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashServ.exe -> [2008/11/26 12:18:46 | 00,155,160 | ---- | M] (ALWIL Software)
ashwebsv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashWebSv.exe -> [2008/11/26 12:16:23 | 00,352,920 | ---- | M] (ALWIL Software)
aswupdsv.exe -> %ProgramFiles%\Alwil Software\Avast4\aswUpdSv.exe -> [2008/11/26 12:12:08 | 00,018,752 | ---- | M] (ALWIL Software)
ati2evxx.exe -> %SystemRoot%\system32\ati2evxx.exe -> [2008/09/23 21:04:49 | 00,581,632 | ---- | M] (ATI Technologies Inc.)
ati2evxx.exe -> %SystemRoot%\system32\ati2evxx.exe -> [2008/09/23 21:04:49 | 00,581,632 | ---- | M] (ATI Technologies Inc.)
dpupdchk.exe -> %ProgramFiles%\Microsoft IntelliPoint\dpupdchk.exe -> [2007/08/31 13:58:50 | 00,357,800 | ---- | M] (Microsoft Corporation)
dvdlauncher.exe -> %ProgramFiles%\CyberLink\PowerDVD\DVDLauncher.exe -> [2005/02/23 17:19:56 | 00,053,248 | ---- | M] (CyberLink Corp.)
ehmsas.exe -> %SystemRoot%\ehome\ehmsas.exe -> [2005/08/05 14:56:28 | 00,046,592 | ---- | M] (Microsoft Corporation)
ehrecvr.exe -> %SystemRoot%\ehome\ehrecvr.exe -> [2006/10/09 16:16:56 | 00,237,568 | ---- | M] (Microsoft Corporation)
ehsched.exe -> %SystemRoot%\ehome\ehSched.exe -> [2005/08/05 14:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation)
ehtray.exe -> %SystemRoot%\ehome\ehtray.exe -> [2005/08/05 14:56:34 | 00,064,512 | ---- | M] (Microsoft Corporation)
ezprint.exe -> %ProgramFiles%\Lexmark 4300 Series\ezprint.exe -> [2005/02/15 05:07:48 | 00,061,440 | ---- | M] ()
firefox.exe -> %ProgramFiles%\Mozilla Firefox\firefox.exe -> [2008/11/14 21:36:11 | 00,307,712 | ---- | M] (Mozilla Corporation)
googletoolbarnotifier.exe -> %ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe -> [2007/06/14 18:55:18 | 00,068,856 | ---- | M] (Google Inc.)
iaanotif.exe -> %ProgramFiles%\Intel\Intel Matrix Storage Manager\IAAnotif.exe -> [2005/06/17 08:56:14 | 00,139,264 | ---- | M] (Intel Corporation)
iaantmon.exe -> %ProgramFiles%\Intel\Intel Matrix Storage Manager\IAANTMon.exe -> [2005/06/17 08:55:58 | 00,086,140 | ---- | M] (Intel Corporation)
ipodservice.exe -> %ProgramFiles%\iPod\bin\iPodService.exe -> [2008/11/20 13:20:44 | 00,536,872 | ---- | M] (Apple Inc.)
ipoint.exe -> %ProgramFiles%\Microsoft IntelliPoint\ipoint.exe -> [2007/08/31 14:01:21 | 01,037,736 | ---- | M] (Microsoft Corporation)
issch.exe -> %CommonProgramFiles%\InstallShield\UpdateService\issch.exe -> [2005/06/10 11:44:02 | 00,081,920 | ---- | M] (InstallShield Software Corporation)
ituneshelper.exe -> %ProgramFiles%\iTunes\iTunesHelper.exe -> [2008/11/20 13:20:54 | 00,290,088 | ---- | M] (Apple Inc.)
jusched.exe -> %ProgramFiles%\Java\jre1.6.0_07\bin\jusched.exe -> [2008/06/10 03:27:04 | 00,144,784 | ---- | M] (Sun Microsystems, Inc.)
lxcecoms.exe -> %SystemRoot%\system32\lxcecoms.exe -> [2005/02/25 13:49:52 | 00,466,944 | ---- | M] (Lexmark International, Inc.)
mcagent.exe -> %ProgramFiles%\McAfee.com\Agent\mcagent.exe -> [2007/08/03 21:33:14 | 00,582,992 | ---- | M] (McAfee, Inc.)
mcmscsvc.exe -> %ProgramFiles%\McAfee\MSC\mcmscsvc.exe -> [2008/01/09 15:50:22 | 00,767,976 | ---- | M] (McAfee, Inc.)
mcnasvc.exe -> %CommonProgramFiles%\McAfee\MNA\McNASvc.exe -> [2008/01/25 00:38:12 | 02,458,128 | ---- | M] (McAfee, Inc.)
mcproxy.exe -> %CommonProgramFiles%\McAfee\McProxy\McProxy.exe -> [2007/08/15 11:36:04 | 00,359,248 | ---- | M] (McAfee, Inc.)
mcrdsvc.exe -> %SystemRoot%\ehome\mcrdsvc.exe -> [2005/08/05 14:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation)
mcsacore.exe -> %ProgramFiles%\McAfee\SiteAdvisor\McSACore.exe -> [2008/10/08 11:04:44 | 00,203,280 | ---- | M] ()
mcshield.exe -> %ProgramFiles%\McAfee\VirusScan\Mcshield.exe -> [2007/07/24 11:02:14 | 00,144,704 | ---- | M] (McAfee, Inc.)
mcsysmon.exe -> %ProgramFiles%\McAfee\VirusScan\mcsysmon.exe -> [2007/12/05 09:04:10 | 00,695,624 | ---- | M] (McAfee, Inc.)
mdm.exe -> %CommonProgramFiles%\Microsoft Shared\VS7DEBUG\MDM.EXE -> [2003/06/20 00:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation)
mdnsresponder.exe -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> [2008/08/29 09:18:44 | 00,238,888 | ---- | M] (Apple Inc.)
mpfsrv.exe -> %ProgramFiles%\McAfee\MPF\MpfSrv.exe -> [2007/07/18 14:54:42 | 00,856,864 | ---- | M] (McAfee, Inc.)
msksrver.exe -> %ProgramFiles%\McAfee\MSK\msksrver.exe -> [2007/11/26 09:46:14 | 00,023,880 | ---- | M] (McAfee, Inc.)
otscanit2.exe -> %UserProfile%\Desktop\OTScanIt2\OTScanIt2.exe -> [2008/12/12 09:24:20 | 00,477,184 | ---- | M] (OldTimer Tools)
realsched.exe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> [2008/04/10 06:55:43 | 00,185,896 | ---- | M] (RealNetworks, Inc.)
rundll32.exe -> %SystemRoot%\system32\rundll32.exe -> [2008/04/13 19:12:33 | 00,033,280 | ---- | M] (Microsoft Corporation)
rundll32.exe -> %SystemRoot%\system32\rundll32.exe -> [2008/04/13 19:12:33 | 00,033,280 | ---- | M] (Microsoft Corporation)
searchindexer.exe -> %SystemRoot%\system32\searchindexer.exe -> [2008/05/26 21:18:44 | 00,439,808 | ---- | M] (Microsoft Corporation)
stsystra.exe -> %SystemRoot%\stsystra.exe -> [2005/03/23 01:20:44 | 00,339,968 | ---- | M] (SigmaTel, Inc.)
tablet.exe -> %SystemRoot%\system32\Tablet.exe -> [2005/06/17 15:00:46 | 00,749,568 | ---- | M] (Wacom Technology, Corp.)
tabuserw.exe -> %SystemRoot%\system32\WTablet\TabUserW.exe -> [2005/06/17 15:35:50 | 00,114,688 | ---- | M] (Wacom Technology, Corp.)
tfswctrl.exe -> %SystemRoot%\system32\dla\tfswctrl.exe -> [2004/12/06 02:05:00 | 00,127,035 | ---- | M] (Sonic Solutions)
versioncuecs2tray.exe -> %ProgramFiles%\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe -> [2005/04/04 18:58:30 | 00,856,064 | ---- | M] (Adobe Sytems Incorporated)

system · December 13, 2008, 4:59pm

Section 2:

[Win32 Services - Safe List]
(aawservice) Lavasoft Ad-Aware Service [Win32_Own | Auto | Running] → %ProgramFiles%\Lavasoft\Ad-Aware\aawservice.exe → [2008/10/26 16:39:56 | 00,611,664 | ---- | M] (Lavasoft)
(Adobe LM Service) Adobe LM Service [Win32_Own | On_Demand | Stopped] → %CommonProgramFiles%\Adobe Systems Shared\Service\Adobelmsvc.exe → [2006/03/15 18:23:24 | 00,072,704 | ---- | M] (Adobe Systems)
(Adobe Version Cue CS2) Adobe Version Cue CS2 [Win32_Own | On_Demand | Stopped] → %ProgramFiles%\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe → [2005/04/04 18:58:28 | 00,163,840 | ---- | M] (Adobe Systems Incorporated)
(Apple Mobile Device) Apple Mobile Device [Win32_Own | Auto | Running] → %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe → [2008/11/07 14:28:16 | 00,132,424 | ---- | M] (Apple Inc.)
(aspnet_state) ASP.NET State Service [Win32_Own | On_Demand | Stopped] → %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe → [2007/10/24 00:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation)
(aswUpdSv) avast! iAVS4 Control Service [Win32_Own | Auto | Running] → %ProgramFiles%\Alwil Software\Avast4\aswUpdSv.exe → [2008/11/26 12:12:08 | 00,018,752 | ---- | M] (ALWIL Software)
(Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Auto | Running] → %SystemRoot%\system32\ati2evxx.exe → [2008/09/23 21:04:49 | 00,581,632 | ---- | M] (ATI Technologies Inc.)
(ATI Smart) ATI Smart [Win32_Own | Auto | Stopped] → %SystemRoot%\system32\ati2sgag.exe → [2008/09/23 21:05:00 | 00,593,920 | ---- | M] ()
(avast! Antivirus) avast! Antivirus [Win32_Own | Auto | Running] → %ProgramFiles%\Alwil Software\Avast4\ashServ.exe → [2008/11/26 12:18:46 | 00,155,160 | ---- | M] (ALWIL Software)
(avast! Mail Scanner) avast! Mail Scanner [Win32_Own | On_Demand | Running] → %ProgramFiles%\Alwil Software\Avast4\ashMaiSv.exe → [2008/11/26 12:18:32 | 00,254,040 | ---- | M] (ALWIL Software)
(avast! Web Scanner) avast! Web Scanner [Win32_Own | On_Demand | Running] → %ProgramFiles%\Alwil Software\Avast4\ashWebSv.exe → [2008/11/26 12:16:23 | 00,352,920 | ---- | M] (ALWIL Software)
(Bonjour Service) Bonjour Service [Win32_Own | Auto | Running] → %ProgramFiles%\Bonjour\mDNSResponder.exe → [2008/08/29 09:18:44 | 00,238,888 | ---- | M] (Apple Inc.)
(clr_optimization_v2.0.50727_32) .NET Runtime Optimization Service v2.0.50727_X86 [Win32_Own | On_Demand | Stopped] → %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe → [2007/10/24 00:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation)
(DSBrokerService) DSBrokerService [Win32_Own | On_Demand | Stopped] → %ProgramFiles%\DellSupport\brkrsvc.exe → [2007/03/07 14:47:46 | 00,076,848 | ---- | M] ()
(ehRecvr) Media Center Receiver Service [Win32_Own | Auto | Running] → %SystemRoot%\ehome\ehrecvr.exe → [2006/10/09 16:16:56 | 00,237,568 | ---- | M] (Microsoft Corporation)
(ehSched) Media Center Scheduler Service [Win32_Own | Auto | Running] → %SystemRoot%\ehome\ehSched.exe → [2005/08/05 14:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation)
(FontCache3.0.0.0) Windows Presentation Foundation Font Cache 3.0.0.0 [Win32_Own | On_Demand | Stopped] → %SystemRoot%\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe → [2006/10/20 20:21:24 | 00,036,864 | ---- | M] (Microsoft Corporation)
(getPlus(R) Helper) getPlus(R) Helper [Win32_Own | On_Demand | Stopped] → %ProgramFiles%\NOS\bin\getPlus_HelperSvc.exe → [2008/06/26 09:24:08 | 00,031,592 | ---- | M] (NOS Microsystems Ltd.)
(gusvc) Google Updater Service [Win32_Own | On_Demand | Stopped] → %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe → [2007/01/26 20:27:17 | 00,138,168 | ---- | M] (Google)
(helpsvc) Help and Support [Win32_Shared | Auto | Running] → %SystemRoot%\pchealth\helpctr\binaries\pchsvc.dll → [2008/04/13 19:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation)
(IAANTMon) Intel(R) Matrix Storage Event Monitor [Win32_Own | Auto | Running] → %ProgramFiles%\Intel\Intel Matrix Storage Manager\IAANTMon.exe → [2005/06/17 08:55:58 | 00,086,140 | ---- | M] (Intel Corporation)
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] → %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe → [2005/04/03 23:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation)
(idsvc) Windows CardSpace [Win32_Shared | Unknown | Stopped] → %SystemRoot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe → [2006/10/30 02:33:58 | 00,741,376 | ---- | M] (Microsoft Corporation)
(iPod Service) iPod Service [Win32_Own | On_Demand | Running] → %ProgramFiles%\iPod\bin\iPodService.exe → [2008/11/20 13:20:44 | 00,536,872 | ---- | M] (Apple Inc.)
(lxce_device) lxce_device [Win32_Own | On_Demand | Running] → %SystemRoot%\system32\lxcecoms.exe → [2005/02/25 13:49:52 | 00,466,944 | ---- | M] (Lexmark International, Inc.)
(McAfee SiteAdvisor Service) McAfee SiteAdvisor Service [Win32_Own | Auto | Running] → %ProgramFiles%\McAfee\SiteAdvisor\McSACore.exe → [2008/10/08 11:04:44 | 00,203,280 | ---- | M] ()
(mcmscsvc) McAfee Services [Win32_Own | Auto | Running] → %ProgramFiles%\McAfee\MSC\mcmscsvc.exe → [2008/01/09 15:50:22 | 00,767,976 | ---- | M] (McAfee, Inc.)
(McNASvc) McAfee Network Agent [Win32_Own | Auto | Running] → %CommonProgramFiles%\McAfee\MNA\McNASvc.exe → [2008/01/25 00:38:12 | 02,458,128 | ---- | M] (McAfee, Inc.)
(McODS) McAfee Scanner [Win32_Own | On_Demand | Stopped] → %ProgramFiles%\McAfee\VirusScan\mcods.exe → [2007/11/07 08:35:40 | 00,378,184 | ---- | M] (McAfee, Inc.)
(McProxy) McAfee Proxy Service [Win32_Own | Auto | Running] → %CommonProgramFiles%\McAfee\McProxy\McProxy.exe → [2007/08/15 11:36:04 | 00,359,248 | ---- | M] (McAfee, Inc.)
(McrdSvc) Media Center Extender Service [Win32_Own | Auto | Running] → %SystemRoot%\ehome\mcrdsvc.exe → [2005/08/05 14:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation)
(McShield) McAfee Real-time Scanner [Win32_Own | Unknown | Running] → %ProgramFiles%\McAfee\VirusScan\Mcshield.exe → [2007/07/24 11:02:14 | 00,144,704 | ---- | M] (McAfee, Inc.)
(McSysmon) McAfee SystemGuards [Win32_Own | On_Demand | Running] → %ProgramFiles%\McAfee\VirusScan\mcsysmon.exe → [2007/12/05 09:04:10 | 00,695,624 | ---- | M] (McAfee, Inc.)
(MDM) Machine Debug Manager [Win32_Own | Auto | Running] → %CommonProgramFiles%\Microsoft Shared\VS7DEBUG\MDM.EXE → [2003/06/20 00:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation)
(MHN) MHN [Win32_Shared | On_Demand | Stopped] → %SystemRoot%\system32\mhn.dll → [2004/08/10 05:11:50 | 00,085,504 | ---- | M] (Microsoft Corporation)
(MpfService) McAfee Personal Firewall Service [Win32_Own | Auto | Running] → %ProgramFiles%\McAfee\MPF\MpfSrv.exe → [2007/07/18 14:54:42 | 00,856,864 | ---- | M] (McAfee, Inc.)
(MSK80Service) McAfee SpamKiller Service [Win32_Own | Auto | Running] → %ProgramFiles%\McAfee\MSK\msksrver.exe → [2007/11/26 09:46:14 | 00,023,880 | ---- | M] (McAfee, Inc.)
(NetSvc) Intel NCS NetService [Win32_Own | On_Demand | Stopped] → %ProgramFiles%\Intel\PROSetWired\NCS\Sync\NetSvc.exe → [2004/11/19 12:26:40 | 00,147,456 | ---- | M] (Intel(R) Corporation)
(NetTcpPortSharing) Net.Tcp Port Sharing Service [Win32_Shared | Disabled | Stopped] → %SystemRoot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe → [2006/10/30 02:34:02 | 00,122,880 | ---- | M] (Microsoft Corporation)
(ose) Office Source Engine [Win32_Own | On_Demand | Stopped] → %CommonProgramFiles%\Microsoft Shared\Source Engine\OSE.EXE → [2003/07/28 13:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation)
(TabletService) TabletService [Win32_Own | Auto | Running] → %SystemRoot%\system32\Tablet.exe → [2005/06/17 15:00:46 | 00,749,568 | ---- | M] (Wacom Technology, Corp.)
(WMPNetworkSvc) Windows Media Player Network Sharing Service [Win32_Own | On_Demand | Stopped] → %ProgramFiles%\Windows Media Player\wmpnetwk.exe → [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation)
(WSearch) Windows Search [Win32_Own | Auto | Running] → %SystemRoot%\system32\searchindexer.exe → [2008/05/26 21:18:44 | 00,439,808 | ---- | M] (Microsoft Corporation)
(WudfSvc) Windows Driver Foundation - User-mode Driver Framework [Win32_Shared | On_Demand | Stopped] → %SystemRoot%\system32\WudfSvc.dll → [2006/09/28 18:56:14 | 00,055,808 | ---- | M] (Microsoft Corporation)

system · December 13, 2008, 5:01pm

Section 3a:

[Driver Services - Safe List]
(Aavmker4) avast! Asynchronous Virus Monitor [Kernel | System | Running] → %SystemRoot%\System32\drivers\aavmker4.sys → [2008/11/26 12:15:35 | 00,026,944 | ---- | M] (ALWIL Software)
(AliIde) AliIde [Kernel | Disabled | Stopped] → %SystemRoot%\system32\drivers\aliide.sys → [2001/08/17 14:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.)
(amdagp) AMD AGP Bus Filter Driver [Kernel | Disabled | Stopped] → %SystemRoot%\system32\drivers\amdagp.sys → [2008/04/13 13:36:39 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.)
(asc) asc [Kernel | Disabled | Stopped] → %SystemRoot%\system32\drivers\asc.sys → [2001/08/17 14:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.)
(asc3550) asc3550 [Kernel | Disabled | Stopped] → %SystemRoot%\system32\drivers\asc3550.sys → [2001/08/17 14:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.)
(ASPI32) ASPI32 [Kernel | Auto | Running] → %SystemRoot%\system32\drivers\Aspi32.sys → [2005/11/21 00:48:21 | 00,016,512 | ---- | M] (Adaptec)
(aswFsBlk) aswFsBlk [File_System | Auto | Running] → %SystemRoot%\system32\drivers\aswFsBlk.sys → [2008/11/26 12:17:25 | 00,020,560 | ---- | M] (ALWIL Software)
(aswMon2) avast! Standard Shield Support [File_System | Auto | Running] → %SystemRoot%\System32\drivers\aswmon2.sys → [2008/11/26 12:18:18 | 00,094,032 | ---- | M] (ALWIL Software)
(aswRdr) aswRdr [Kernel | On_Demand | Running] → %SystemRoot%\System32\drivers\aswRdr.sys → [2008/11/26 12:16:29 | 00,023,152 | ---- | M] (ALWIL Software)
(aswSP) avast! Self Protection [Kernel | System | Running] → %SystemRoot%\System32\drivers\aswSP.sys → [2008/11/26 12:17:36 | 00,111,184 | ---- | M] (ALWIL Software)
(aswTdi) avast! Network Shield Support [Kernel | System | Running] → %SystemRoot%\System32\drivers\aswTdi.sys → [2008/11/26 12:16:38 | 00,050,864 | ---- | M] (ALWIL Software)
(ati2mtag) ati2mtag [Kernel | On_Demand | Running] → %SystemRoot%\system32\drivers\ati2mtag.sys → [2008/09/23 22:09:07 | 03,331,072 | ---- | M] (ATI Technologies Inc.)
(atksgt) atksgt [Kernel | Auto | Running] → %SystemRoot%\system32\drivers\atksgt.sys → [2008/08/25 18:18:04 | 00,278,984 | ---- | M] ()
(BEFCMU10V4XP) Linksys BEFCMU10 ver. 4 Cable Modem [Kernel | On_Demand | Stopped] → %SystemRoot%\system32\drivers\BEFCMU10V4XP.sys → [2004/07/05 11:12:00 | 00,014,336 | R— | M] (Cisco-Linksys, LLC)
(CmdIde) CmdIde [Kernel | Disabled | Stopped] → %SystemRoot%\system32\drivers\cmdide.sys → [2001/08/17 14:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.)
(dac2w2k) dac2w2k [Kernel | Disabled | Stopped] → %SystemRoot%\system32\drivers\dac2w2k.sys → [2001/08/17 14:52:16 | 00,179,584 | ---- | M] (Mylex Corporation)
(drvmcdb) drvmcdb [Kernel | Boot | Running] → %SystemRoot%\system32\drivers\drvmcdb.sys → [2004/12/01 04:22:00 | 00,087,488 | ---- | M] (Sonic Solutions)
(drvnddm) drvnddm [File_System | Auto | Running] → %SystemRoot%\system32\drivers\drvnddm.sys → [2004/11/23 03:56:00 | 00,040,480 | ---- | M] (Sonic Solutions)
(DSproct) DSproct [Kernel | On_Demand | Stopped] → %ProgramFiles%\DellSupport\GTAction\triggers\DSproct.sys → [2006/10/05 15:07:28 | 00,004,736 | ---- | M] (Gteko Ltd.)
(dsunidrv) DellSupport UniDriver [Kernel | Auto | Running] → %SystemRoot%\system32\drivers\dsunidrv.sys → [2007/02/25 11:10:48 | 00,005,376 | --S- | M] (Gteko Ltd.)
(E100B) Intel(R) PRO Adapter Driver [Kernel | On_Demand | Stopped] → %SystemRoot%\system32\drivers\e100b325.sys → [2001/08/17 13:12:10 | 00,117,760 | ---- | M] (Intel Corporation)
(e1express) Intel(R) PRO/1000 PCI Express Network Connection Driver [Kernel | On_Demand | Running] → %SystemRoot%\system32\drivers\e1e5132.sys → [2005/04/01 00:04:52 | 00,180,736 | ---- | M] (Intel Corporation)
(GEARAspiWDM) GEAR ASPI Filter Driver [Kernel | On_Demand | Running] → %SystemRoot%\system32\drivers\GEARAspiWDM.sys → [2008/04/17 13:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.)
(HDAudBus) Microsoft UAA Bus Driver for High Definition Audio [Kernel | On_Demand | Running] → %SystemRoot%\system32\drivers\hdaudbus.sys → [2008/04/13 11:36:05 | 00,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider)
(HSFHWBS2) HSFHWBS2 [Kernel | On_Demand | Running] → %SystemRoot%\system32\drivers\HSFHWBS2.sys → [2003/11/17 22:59:20 | 00,212,224 | ---- | M] (Conexant Systems, Inc.)
(HSF_DP) HSF_DP [Kernel | On_Demand | Running] → %SystemRoot%\system32\drivers\HSF_DP.sys → [2003/11/17 22:56:26 | 01,042,432 | ---- | M] (Conexant Systems, Inc.)
(iastor) Intel AHCI Controller [Kernel | Boot | Running] → %SystemRoot%\system32\drivers\iaStor.sys → [2005/06/17 13:33:40 | 00,872,064 | ---- | M] (Intel Corporation)
(kbdhid) Keyboard HID Driver [Kernel | System | Running] → %SystemRoot%\system32\drivers\kbdhid.sys → [2008/04/13 13:39:48 | 00,014,592 | ---- | M] (Microsoft Corporation)
(lirsgt) lirsgt [Kernel | Auto | Running] → %SystemRoot%\system32\drivers\lirsgt.sys → [2008/08/25 18:16:11 | 00,018,048 | ---- | M] ()

system · December 13, 2008, 5:01pm

Section 3b:

(mdmxsdk) mdmxsdk [Kernel | Auto | Running] → %SystemRoot%\system32\drivers\mdmxsdk.sys → [2003/04/09 19:48:08 | 00,011,043 | ---- | M] (Conexant)
(mfeavfk) McAfee Inc. mfeavfk [Kernel | On_Demand | Running] → %SystemRoot%\system32\drivers\mfeavfk.sys → [2007/11/22 05:44:08 | 00,079,304 | ---- | M] (McAfee, Inc.)
(mfebopk) McAfee Inc. mfebopk [Kernel | On_Demand | Running] → %SystemRoot%\system32\drivers\mfebopk.sys → [2007/11/22 05:44:08 | 00,035,240 | ---- | M] (McAfee, Inc.)
(mfehidk) McAfee Inc. mfehidk [Kernel | System | Running] → %SystemRoot%\system32\drivers\mfehidk.sys → [2007/11/22 05:44:08 | 00,201,320 | ---- | M] (McAfee, Inc.)
(mferkdk) McAfee Inc. mferkdk [Kernel | On_Demand | Stopped] → %SystemRoot%\system32\drivers\mferkdk.sys → [2007/11/22 05:44:04 | 00,033,832 | ---- | M] (McAfee, Inc.)
(mfesmfk) McAfee Inc. mfesmfk [Kernel | On_Demand | Running] → %SystemRoot%\system32\drivers\mfesmfk.sys → [2007/12/02 11:51:42 | 00,040,488 | ---- | M] (McAfee, Inc.)
(MODEMCSA) Unimodem Streaming Filter Device [Kernel | On_Demand | Running] → %SystemRoot%\system32\drivers\MODEMCSA.sys → [2001/08/17 14:57:38 | 00,016,128 | ---- | M] (Microsoft Corporation)
(MPFP) MPFP [Kernel | System | Running] → %SystemRoot%\system32\drivers\Mpfp.sys → [2007/07/13 08:20:24 | 00,113,952 | ---- | M] (McAfee, Inc.)
(mraid35x) mraid35x [Kernel | Disabled | Stopped] → %SystemRoot%\system32\drivers\mraid35x.sys → [2001/08/17 14:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.)
(nv) nv [Kernel | On_Demand | Stopped] → %SystemRoot%\system32\drivers\nv4_mini.sys → [2004/08/03 23:29:56 | 01,897,408 | ---- | M] (NVIDIA Corporation)
(PenClass) Pen Class [Kernel | Boot | Running] → %SystemRoot%\system32\drivers\PenClass.sys → [2001/04/09 15:45:00 | 00,008,138 | ---- | M] (Wacom Technology Corporation)
(Point32) Microsoft IntelliPoint Filter Driver [Kernel | On_Demand | Running] → %SystemRoot%\system32\drivers\point32.sys → [2007/08/21 03:12:59 | 00,021,760 | ---- | M] (Microsoft Corporation)
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] → %SystemRoot%\system32\drivers\ptilink.sys → [2004/08/10 06:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.)
(PxHelp20) PxHelp20 [Kernel | Boot | Running] → %SystemRoot%\system32\drivers\pxhelp20.sys → [2006/08/14 11:43:24 | 00,036,528 | ---- | M] (Sonic Solutions)
(ql1080) ql1080 [Kernel | Disabled | Stopped] → %SystemRoot%\system32\drivers\ql1080.sys → [2001/08/17 14:52:20 | 00,040,320 | ---- | M] (QLogic Corporation)
(ql12160) ql12160 [Kernel | Disabled | Stopped] → %SystemRoot%\system32\drivers\ql12160.sys → [2001/08/17 14:52:20 | 00,045,312 | ---- | M] (QLogic Corporation)
(ql1280) ql1280 [Kernel | Disabled | Stopped] → %SystemRoot%\system32\drivers\ql1280.sys → [2001/08/17 14:52:18 | 00,049,024 | ---- | M] (QLogic Corporation)
(Secdrv) Secdrv [Kernel | Auto | Running] → %SystemRoot%\system32\drivers\secdrv.sys → [2007/11/13 05:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
(sisagp) SIS AGP Bus Filter [Kernel | Disabled | Stopped] → %SystemRoot%\system32\drivers\sisagp.sys → [2008/04/13 13:36:39 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation)
(Sparrow) Sparrow [Kernel | Disabled | Stopped] → %SystemRoot%\system32\drivers\sparrow.sys → [2001/08/17 15:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.)
(sscdbhk5) sscdbhk5 [File_System | System | Running] → %SystemRoot%\system32\drivers\sscdbhk5.sys → [2004/07/14 12:29:04 | 00,005,627 | ---- | M] (Sonic Solutions)
(ssrtln) ssrtln [File_System | System | Running] → %SystemRoot%\system32\drivers\ssrtln.sys → [2004/07/14 12:28:50 | 00,023,545 | ---- | M] (Sonic Solutions)
(STHDA) High Definition Audio Driver (WDM) - SigmaTel CODEC [Kernel | On_Demand | Running] → %SystemRoot%\system32\drivers\sthda.sys → [2005/06/14 23:40:08 | 00,180,864 | ---- | M] (SigmaTel, Inc.)
(symc810) symc810 [Kernel | Disabled | Stopped] → %SystemRoot%\system32\drivers\symc810.sys → [2001/08/17 15:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.)
(symc8xx) symc8xx [Kernel | Disabled | Stopped] → %SystemRoot%\system32\drivers\symc8xx.sys → [2001/08/17 15:07:36 | 00,032,640 | ---- | M] (LSI Logic)
(sym_hi) sym_hi [Kernel | Disabled | Stopped] → %SystemRoot%\system32\drivers\sym_hi.sys → [2001/08/17 15:07:40 | 00,028,384 | ---- | M] (LSI Logic)
(sym_u3) sym_u3 [Kernel | Disabled | Stopped] → %SystemRoot%\system32\drivers\sym_u3.sys → [2001/08/17 15:07:42 | 00,030,688 | ---- | M] (LSI Logic)
(tfsnboio) tfsnboio [File_System | Auto | Running] → %SystemRoot%\system32\dla\tfsnboio.sys → [2004/12/06 02:05:00 | 00,025,883 | ---- | M] (Sonic Solutions)
(tfsncofs) tfsncofs [File_System | Auto | Running] → %SystemRoot%\system32\dla\tfsncofs.sys → [2004/12/06 02:05:00 | 00,034,843 | ---- | M] (Sonic Solutions)
(tfsndrct) tfsndrct [File_System | Auto | Running] → %SystemRoot%\system32\dla\tfsndrct.sys → [2004/12/06 02:05:00 | 00,004,123 | ---- | M] (Sonic Solutions)
(tfsndres) tfsndres [File_System | Auto | Running] → %SystemRoot%\system32\dla\tfsndres.sys → [2004/12/06 02:05:00 | 00,002,239 | ---- | M] (Sonic Solutions)
(tfsnifs) tfsnifs [File_System | Auto | Running] → %SystemRoot%\system32\dla\tfsnifs.sys → [2004/12/06 02:05:00 | 00,086,586 | ---- | M] (Sonic Solutions)
(tfsnopio) tfsnopio [File_System | Auto | Running] → %SystemRoot%\system32\dla\tfsnopio.sys → [2004/12/06 02:05:00 | 00,015,227 | ---- | M] (Sonic Solutions)
(tfsnpool) tfsnpool [File_System | Auto | Running] → %SystemRoot%\system32\dla\tfsnpool.sys → [2004/12/06 02:05:00 | 00,006,363 | ---- | M] (Sonic Solutions)
(tfsnudf) tfsnudf [File_System | Auto | Running] → %SystemRoot%\system32\dla\tfsnudf.sys → [2004/12/06 02:05:00 | 00,098,714 | ---- | M] (Sonic Solutions)
(tfsnudfa) tfsnudfa [File_System | Auto | Running] → %SystemRoot%\system32\dla\tfsnudfa.sys → [2004/12/06 02:05:00 | 00,100,603 | ---- | M] (Sonic Solutions)
(ultra) ultra [Kernel | Disabled | Stopped] → %SystemRoot%\system32\drivers\ultra.sys → [2001/08/17 14:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.)
(winachsf) winachsf [Kernel | On_Demand | Running] → %SystemRoot%\system32\drivers\HSF_CNXT.sys → [2003/11/17 22:58:02 | 00,680,704 | ---- | M] (Conexant Systems, Inc.)
(WS2IFSL) Windows Socket 2.0 Non-IFS Service Provider Support Environment [Kernel | Disabled | Stopped] → %SystemRoot%\system32\drivers\ws2ifsl.sys → [2004/08/10 06:00:00 | 00,012,032 | ---- | M] (Microsoft Corporation)

system · December 13, 2008, 5:03pm

Section 4a:

[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE] > → ->
HKEY_LOCAL_MACHINE: Main\“Default_Page_URL” → http://go.microsoft.com/fwlink/?LinkId=69157 →
HKEY_LOCAL_MACHINE: Main\“Default_Search_URL” → http://www.google.com/ie →
HKEY_LOCAL_MACHINE: Main\“Default_Secondary_Page_URL” → →
HKEY_LOCAL_MACHINE: Main\“Extensions Off Page” → about:NoAdd-ons →
HKEY_LOCAL_MACHINE: Main\“Local Page” → %SystemRoot%\system32\blank.htm →
HKEY_LOCAL_MACHINE: Main\“Search Page” → http://www.google.com →
HKEY_LOCAL_MACHINE: Main\“Security Risk Page” → about:SecurityRisk →
HKEY_LOCAL_MACHINE: Main\“Start Page” → http://www.google.com →
HKEY_LOCAL_MACHINE: Search\“CustomizeSearch” → http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm →
HKEY_LOCAL_MACHINE: Search\“CustomSearch” → http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr8/*http://www.yahoo.com/ext/search/search.html →
HKEY_LOCAL_MACHINE: Search\“Default_Search_URL” → http://www.google.com/ie →
HKEY_LOCAL_MACHINE: Search\“SearchAssistant” → http://www.google.com →
< Internet Explorer Settings [HKEY_CURRENT_USER] > → ->
HKEY_CURRENT_USER: Main\“Default_Page_URL” → http://www.dell4me.com/myway →
HKEY_CURRENT_USER: Main\“Local Page” → C:\WINDOWS\system32\blank.htm →
HKEY_CURRENT_USER: Main\“Page_Transitions” → →
HKEY_CURRENT_USER: Main\“Search Page” → http://www.google.com →
HKEY_CURRENT_USER: Main\“SearchMigratedDefaultName” → Google →
HKEY_CURRENT_USER: Main\“SearchMigratedDefaultURL” → http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 →
HKEY_CURRENT_USER: Main\“Start Page” → http://www.google.com →
HKEY_CURRENT_USER: Search\“SearchAssistant” → http://www.google.com →
HKEY_CURRENT_USER: SearchURL\“” → http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com →
HKEY_CURRENT_USER: URLSearchHooks\“{EF99BD32-C1FB-11D2-892F-0090271D4F88}” [HKLM] → %ProgramFiles%\Yahoo!\Companion\Installs\cpn0\yt.dll [Yahoo! Toolbar] → [2007/03/20 16:39:26 | 00,803,864 | ---- | M] (Yahoo! Inc.)
HKEY_CURRENT_USER: “ProxyEnable” → 0 →
HKEY_CURRENT_USER: “ProxyOverride” → *.local →
< Internet Explorer Settings [HKEY_USERS.DEFAULT] > → ->
HKEY_USERS.DEFAULT: Main\“Default_Page_URL” → http://www.dell4me.com/myway →
HKEY_USERS.DEFAULT: Main\“First Home Page” → http://www.dell4me.com/myway →
HKEY_USERS.DEFAULT: Main\“Start Page” → http://www.dell4me.com/myway →
HKEY_USERS.DEFAULT: “ProxyEnable” → 0 →
< Internet Explorer Settings [HKEY_USERS\S-1-5-18] > → ->
HKEY_USERS\S-1-5-18: Main\“Default_Page_URL” → http://www.dell4me.com/myway →
HKEY_USERS\S-1-5-18: Main\“First Home Page” → http://www.dell4me.com/myway →
HKEY_USERS\S-1-5-18: Main\“Start Page” → http://www.dell4me.com/myway →
HKEY_USERS\S-1-5-18: “ProxyEnable” → 0 →
< Internet Explorer Settings [HKEY_USERS\S-1-5-19] > → ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-20] > → ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-21-1839122157-949777392-379700491-1006] > → ->
HKEY_USERS\S-1-5-21-1839122157-949777392-379700491-1006: Main\“Default_Page_URL” → http://www.dell4me.com/myway →
HKEY_USERS\S-1-5-21-1839122157-949777392-379700491-1006: Main\“Local Page” → C:\WINDOWS\system32\blank.htm →
HKEY_USERS\S-1-5-21-1839122157-949777392-379700491-1006: Main\“Page_Transitions” → →
HKEY_USERS\S-1-5-21-1839122157-949777392-379700491-1006: Main\“Search Page” → http://www.google.com →
HKEY_USERS\S-1-5-21-1839122157-949777392-379700491-1006: Main\“SearchMigratedDefaultName” → Google →
HKEY_USERS\S-1-5-21-1839122157-949777392-379700491-1006: Main\“SearchMigratedDefaultURL” → http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 →
HKEY_USERS\S-1-5-21-1839122157-949777392-379700491-1006: Main\“Start Page” → http://www.google.com →
HKEY_USERS\S-1-5-21-1839122157-949777392-379700491-1006: Search\“SearchAssistant” → http://www.google.com →
HKEY_USERS\S-1-5-21-1839122157-949777392-379700491-1006: SearchURL\“” → http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com →
HKEY_USERS\S-1-5-21-1839122157-949777392-379700491-1006: URLSearchHooks\“{EF99BD32-C1FB-11D2-892F-0090271D4F88}” [HKLM] → %ProgramFiles%\Yahoo!\Companion\Installs\cpn0\yt.dll [Yahoo! Toolbar] → [2007/03/20 16:39:26 | 00,803,864 | ---- | M] (Yahoo! Inc.)
HKEY_USERS\S-1-5-21-1839122157-949777392-379700491-1006: “ProxyEnable” → 0 →
HKEY_USERS\S-1-5-21-1839122157-949777392-379700491-1006: “ProxyOverride” → *.local →

system · December 13, 2008, 5:03pm

Section 4b:

< FireFox Settings [Default Profile] > → C:\Documents and Settings\Kinzer family\Application Data\Mozilla\FireFox\Profiles\xcci5rcp.default\prefs.js →
browser.search.defaultenginename → “AIM Search” →
browser.search.defaulturl → “http://search.aol.com/aolcom/search?invocationType=tbff50ie7&query=” →
browser.search.selectedEngine → “Google” →
browser.startup.homepage → “http://my.yahoo.com/” →
browser.startup.homepage_override.mstone → “rv:1.9.0.4” →
extensions.enabledItems → toolbar@alexa.com:1.3.0 →
extensions.enabledItems → {7affbfae-c4e2-4915-8c0f-00fa3ec610a1}:5.5.10.1 →
extensions.enabledItems → {3112ca9c-de6d-4884-a869-9855de68056c}:3.1.20081127W →
extensions.enabledItems → {77b819fa-95ad-4f2c-ac7c-486b356188a9}:1.5.20080823 →
extensions.enabledItems → {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}:6.0.01 →
extensions.enabledItems → {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}:6.0.03 →
extensions.enabledItems → {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}:6.0.05 →
extensions.enabledItems → {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07 →
extensions.enabledItems → {B7082FAA-CB62-4872-9106-E42DD88EDE45}:2.8 →
extensions.enabledItems → moveplayer@movenetworks.com:1.0.0.07103010 →
extensions.enabledItems → videofinder@veoh.com:1.3 →
extensions.enabledItems → {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.6 →
extensions.enabledItems → {C1273352-9340-4d54-A6D7-17DC157EC0B9}:1.0 →
extensions.enabledItems → {03102E6B-7DF5-49DC-8BE4-EBA9ECEFB73F}:1.0 →
extensions.enabledItems → {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.2.20080910 →
extensions.enabledItems → {47d1d620-5e5b-11da-8cd6-0800200c9a66}:2.0 →
extensions.enabledItems → {7694c49c-9fbd-11dc-8314-0800200c9a66}:3.0.1 →
extensions.enabledItems → {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.4 →
extensions.enabledItems → {bbf8fc30-5280-11db-b0de-0800200c9a66}:2.100608 →
extensions.enabledItems → {d3d70bca-2d54-425e-b02c-b7e2f4b07688}:3.0.3 →
extensions.enabledItems → {c9c58820-7bd4-11da-a72b-0800200c9a66}:2.071508 →
extensions.enabledItems → {66871bd1-5ba2-4739-b485-2a15f5969bd8}:2.081108 →
extensions.enabledItems → {a02c0c70-605c-11da-8cd6-0800200c9a66}:4.04 →
< HOSTS File > (268233 bytes and 9329 lines) → C:\WINDOWS\System32\drivers\etc\Hosts →
First 25 entries…
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 123topsearch.com
127.0.0.1 www.123topsearch.com
127.0.0.1 132.com
127.0.0.1 www.132.com
127.0.0.1 www.136136.net
127.0.0.1 136136.net

system · December 13, 2008, 5:06pm

Section 4c:

< BHO’s [HKEY_LOCAL_MACHINE] > → HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ →
{9e917783-4849-44d9-81a7-4a692480b5b3} [HKLM] → %SystemRoot%\system32\bajukeko.dll [Reg Error: Value does not exist or could not be read.] → File not found
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > → HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar →
“{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}” [HKLM] → %SystemDrive%\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [McAfee SiteAdvisor Toolbar] → File not found
“{2318C2B1-4965-11d4-9B18-009027A5CD4F}” [HKLM] → %ProgramFiles%\Google\GoogleToolbar4.dll [&Google] → [2007/01/19 23:55:32 | 02,403,392 | R— | M] (Google Inc.)
“{47833539-D0C5-4125-9FA8-0819E2EAAC93}” [HKLM] → %ProgramFiles%\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] → [2005/09/24 00:41:42 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)
“{D0943516-5076-4020-A3B5-AEFAF26AB263}” [HKLM] → %ProgramFiles%\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll [Veoh Browser Plug-in] → [2008/05/15 14:59:54 | 00,352,256 | ---- | M] (Veoh Networks Inc)
“{EF99BD32-C1FB-11D2-892F-0090271D4F88}” [HKLM] → %ProgramFiles%\Yahoo!\Companion\Installs\cpn0\yt.dll [Yahoo! Toolbar] → [2007/03/20 16:39:26 | 00,803,864 | ---- | M] (Yahoo! Inc.)
< Internet Explorer ToolBars [HKEY_CURRENT_USER] > → HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ →
ShellBrowser\“{2318C2B1-4965-11D4-9B18-009027A5CD4F}” [HKLM] → %ProgramFiles%\Google\GoogleToolbar4.dll [&Google] → [2007/01/19 23:55:32 | 02,403,392 | R— | M] (Google Inc.)
ShellBrowser\“{47833539-D0C5-4125-9FA8-0819E2EAAC93}” [HKLM] → %ProgramFiles%\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] → [2005/09/24 00:41:42 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)
WebBrowser\“{19E452E4-8FE0-4165-A27B-0D00C05D4ACA}” [HKLM] → Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] → File not found
WebBrowser\“{2318C2B1-4965-11D4-9B18-009027A5CD4F}” [HKLM] → %ProgramFiles%\Google\GoogleToolbar4.dll [&Google] → [2007/01/19 23:55:32 | 02,403,392 | R— | M] (Google Inc.)
WebBrowser\“{47833539-D0C5-4125-9FA8-0819E2EAAC93}” [HKLM] → %ProgramFiles%\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] → [2005/09/24 00:41:42 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)
WebBrowser\“{B78BDEB2-AD27-4549-B5B8-95B8197BF56E}” [HKLM] → Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] → File not found
WebBrowser\“{EF99BD32-C1FB-11D2-892F-0090271D4F88}” [HKLM] → %ProgramFiles%\Yahoo!\Companion\Installs\cpn0\yt.dll [Yahoo! Toolbar] → [2007/03/20 16:39:26 | 00,803,864 | ---- | M] (Yahoo! Inc.)
< Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-1839122157-949777392-379700491-1006] > → HKEY_USERS\S-1-5-21-1839122157-949777392-379700491-1006\Software\Microsoft\Internet Explorer\Toolbar\ →
ShellBrowser\“{2318C2B1-4965-11D4-9B18-009027A5CD4F}” [HKLM] → %ProgramFiles%\Google\GoogleToolbar4.dll [&Google] → [2007/01/19 23:55:32 | 02,403,392 | R— | M] (Google Inc.)
ShellBrowser\“{47833539-D0C5-4125-9FA8-0819E2EAAC93}” [HKLM] → %ProgramFiles%\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] → [2005/09/24 00:41:42 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)
WebBrowser\“{19E452E4-8FE0-4165-A27B-0D00C05D4ACA}” [HKLM] → Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] → File not found
WebBrowser\“{2318C2B1-4965-11D4-9B18-009027A5CD4F}” [HKLM] → %ProgramFiles%\Google\GoogleToolbar4.dll [&Google] → [2007/01/19 23:55:32 | 02,403,392 | R— | M] (Google Inc.)
WebBrowser\“{47833539-D0C5-4125-9FA8-0819E2EAAC93}” [HKLM] → %ProgramFiles%\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] → [2005/09/24 00:41:42 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)
WebBrowser\“{B78BDEB2-AD27-4549-B5B8-95B8197BF56E}” [HKLM] → Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] → File not found
WebBrowser\“{EF99BD32-C1FB-11D2-892F-0090271D4F88}” [HKLM] → %ProgramFiles%\Yahoo!\Companion\Installs\cpn0\yt.dll [Yahoo! Toolbar] → [2007/03/20 16:39:26 | 00,803,864 | ---- | M] (Yahoo! Inc.)
< Run [HKEY_LOCAL_MACHINE] > → HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run →
“” → → File not found

system · December 13, 2008, 5:06pm

Section 4d:

“44c8d1ca” → %SystemRoot%\system32\dapavama.dll [rundll32.exe “C:\WINDOWS\system32\dapavama.dll”,b] → [2008/12/13 08:24:25 | 00,085,811 | -HS- | M] ()
“Acrobat Assistant 7.0” → %ProgramFiles%\Adobe\Adobe Acrobat 7.0\Distillr\AcroTray.exe [“C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe”] → [2006/01/12 19:52:32 | 00,483,328 | ---- | M] (Adobe Systems Inc.)
“Adobe Reader Speed Launcher” → %ProgramFiles%\Adobe\Reader 8.0\Reader\reader_sl.exe [“C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe”] → [2008/01/11 22:16:38 | 00,039,792 | ---- | M] (Adobe Systems Incorporated)
“Adobe Version Cue CS2” → %ProgramFiles%\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe [C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe] → [2005/04/04 18:58:30 | 00,856,064 | ---- | M] (Adobe Sytems Incorporated)
“ATICCC” → %ProgramFiles%\ATI Technologies\ATI.ACE\CLIStart.exe [“C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe”] → [2006/05/10 10:12:06 | 00,090,112 | ---- | M] ()
“ATIPTA” → %ProgramFiles%\ATI Technologies\ATI Control Panel\atiptaxx.exe [“C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe”] → [2005/08/05 22:05:00 | 00,344,064 | ---- | M] (ATI Technologies, Inc.)
“avast!” → %ProgramFiles%\Alwil Software\Avast4\ashDisp.exe [C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe] → [2008/11/26 12:18:51 | 00,081,000 | ---- | M] (ALWIL Software)
“CPM47fbe256” → %SystemRoot%\system32\regoyivu.dll [Rundll32.exe “c:\windows\system32\regoyivu.dll”,a] → [2008/12/13 08:24:25 | 00,091,304 | -HS- | M] ()
“dla” → %SystemRoot%\system32\dla\tfswctrl.exe [C:\WINDOWS\system32\dla\tfswctrl.exe] → [2004/12/06 02:05:00 | 00,127,035 | ---- | M] (Sonic Solutions)
“DVDLauncher” → %ProgramFiles%\CyberLink\PowerDVD\DVDLauncher.exe [“C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe”] → [2005/02/23 17:19:56 | 00,053,248 | ---- | M] (CyberLink Corp.)
“ehTray” → %SystemRoot%\ehome\ehtray.exe [C:\WINDOWS\ehome\ehtray.exe] → [2005/08/05 14:56:34 | 00,064,512 | ---- | M] (Microsoft Corporation)
“EzPrint” → %ProgramFiles%\Lexmark 4300 Series\ezprint.exe [“C:\Program Files\Lexmark 4300 Series\ezprint.exe”] → [2005/02/15 05:07:48 | 00,061,440 | ---- | M] ()
“FaxCenterServer” → [“C:\Program Files\Lexmark Fax Solutions\fm3032.exe” /s] → File not found
“IAAnotif” → %ProgramFiles%\Intel\Intel Matrix Storage Manager\IAAnotif.exe [C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe] → [2005/06/17 08:56:14 | 00,139,264 | ---- | M] (Intel Corporation)
“IntelliPoint” → %ProgramFiles%\Microsoft IntelliPoint\ipoint.exe [“C:\Program Files\Microsoft IntelliPoint\ipoint.exe”] → [2007/08/31 14:01:21 | 01,037,736 | ---- | M] (Microsoft Corporation)
“ISUSPM Startup” → %CommonProgramFiles%\InstallShield\UpdateService\ISUSPM.exe [“C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe” -startup] → [2005/06/10 11:44:02 | 00,249,856 | ---- | M] (InstallShield Software Corporation)
“ISUSScheduler” → %CommonProgramFiles%\InstallShield\UpdateService\issch.exe [“C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe” -start] → [2005/06/10 11:44:02 | 00,081,920 | ---- | M] (InstallShield Software Corporation)
“iTunesHelper” → %ProgramFiles%\iTunes\iTunesHelper.exe [“C:\Program Files\iTunes\iTunesHelper.exe”] → [2008/11/20 13:20:54 | 00,290,088 | ---- | M] (Apple Inc.)
“LXCECATS” → %SystemRoot%\system32\spool\drivers\w32x86\3\lxcetime.dll [rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll,_RunDLLEntry@16] → [2005/03/22 05:45:48 | 00,069,632 | ---- | M] ()
“lxcemon.exe” → %ProgramFiles%\Lexmark 4300 Series\lxcemon.exe [“C:\Program Files\Lexmark 4300 Series\lxcemon.exe”] → [2005/03/22 12:25:04 | 00,192,512 | ---- | M] (Lexmark International, Inc.)
“mcagent_exe” → %ProgramFiles%\McAfee.com\Agent\mcagent.exe [C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey] → [2007/08/03 21:33:14 | 00,582,992 | ---- | M] (McAfee, Inc.)
“Nnijatu” → %SystemRoot%\system32\rundll32.exe [rundll32.exe “C:\WINDOWS\Bvomitozofaneya.dat”,e] → [2008/04/13 19:12:33 | 00,033,280 | ---- | M] (Microsoft Corporation)
“QuickTime Task” → %ProgramFiles%\QuickTime\QTTask.exe [“C:\Program Files\QuickTime\QTTask.exe” -atboottime] → [2008/11/04 10:30:50 | 00,413,696 | ---- | M] (Apple Inc.)
“SigmatelSysTrayApp” → %SystemRoot%\stsystra.exe [stsystra.exe] → [2005/03/23 01:20:44 | 00,339,968 | ---- | M] (SigmaTel, Inc.)
“SunJavaUpdateSched” → %ProgramFiles%\Java\jre1.6.0_07\bin\jusched.exe [“C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe”] → [2008/06/10 03:27:04 | 00,144,784 | ---- | M] (Sun Microsystems, Inc.)
“TkBellExe” → %CommonProgramFiles%\Real\Update_OB\realsched.exe [“C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot] → [2008/04/10 06:55:43 | 00,185,896 | ---- | M] (RealNetworks, Inc.)
“wufolejabe” → %SystemRoot%\system32\zinasemi.dll [Rundll32.exe “C:\WINDOWS\system32\zinasemi.dll”,s] → [2008/09/10 18:25:39 | 00,062,147 | -HS- | M] ()
< Run [HKEY_CURRENT_USER] > → HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run →
“” → → File not found

system · December 13, 2008, 5:07pm

Section 4e:

“CurseClient” → %ProgramFiles%\Curse\CurseClient.exe [C:\Program Files\Curse\CurseClient.exe] → [2008/10/28 05:40:30 | 04,789,760 | ---- | M] ()
“DellSupport” → [“C:\Program Files\DellSupport\DSAgnt.exe” /startup] → File not found
“EA Core” → %ProgramFiles%\Electronic Arts\EADM\Core.exe [C:\Program Files\Electronic Arts\EADM\Core.exe -silent] → [2008/07/21 13:07:44 | 02,752,512 | ---- | M] (Electronic Arts)
“MSMSGS” → %ProgramFiles%\Messenger\msmsgs.exe [“C:\Program Files\Messenger\msmsgs.exe” /background] → [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
“swg” → %ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe] → [2007/06/14 18:55:18 | 00,068,856 | ---- | M] (Google Inc.)
“updateMgr” → %ProgramFiles%\Adobe\Adobe Acrobat 7.0\Acrobat\AdobeUpdateManager.exe [“C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AdobeUpdateManager.exe” AcPro7_0_7 -reboot 1] → [2005/10/24 15:53:40 | 00,307,200 | ---- | M] (Adobe Systems Incorporated)
“Veoh” → %ProgramFiles%\Veoh Networks\Veoh\VeohClient.exe [“C:\Program Files\Veoh Networks\Veoh\VeohClient.exe” /VeohHide] → [2008/08/28 09:18:24 | 03,660,848 | ---- | M] (Veoh Networks)
“Yahoo! Pager” → %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe [“C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe” -quiet] → [2007/06/07 13:08:16 | 04,670,968 | ---- | M] (Yahoo! Inc.)
< Run [HKEY_USERS\S-1-5-19] > → HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run →
“wufolejabe” → %SystemRoot%\system32\zinasemi.dll [Rundll32.exe “C:\WINDOWS\system32\zinasemi.dll”,s] → [2008/09/10 18:25:39 | 00,062,147 | -HS- | M] ()
< Run [HKEY_USERS\S-1-5-20] > → HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run →
“wufolejabe” → %SystemRoot%\system32\zinasemi.dll [Rundll32.exe “C:\WINDOWS\system32\zinasemi.dll”,s] → [2008/09/10 18:25:39 | 00,062,147 | -HS- | M] ()
< Run [HKEY_USERS\S-1-5-21-1839122157-949777392-379700491-1006] > → HKEY_USERS\S-1-5-21-1839122157-949777392-379700491-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Run →
“” → → File not found
“CurseClient” → %ProgramFiles%\Curse\CurseClient.exe [C:\Program Files\Curse\CurseClient.exe] → [2008/10/28 05:40:30 | 04,789,760 | ---- | M] ()
“DellSupport” → [“C:\Program Files\DellSupport\DSAgnt.exe” /startup] → File not found
“EA Core” → %ProgramFiles%\Electronic Arts\EADM\Core.exe [C:\Program Files\Electronic Arts\EADM\Core.exe -silent] → [2008/07/21 13:07:44 | 02,752,512 | ---- | M] (Electronic Arts)
“MSMSGS” → %ProgramFiles%\Messenger\msmsgs.exe [“C:\Program Files\Messenger\msmsgs.exe” /background] → [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
“swg” → %ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe] → [2007/06/14 18:55:18 | 00,068,856 | ---- | M] (Google Inc.)
“updateMgr” → %ProgramFiles%\Adobe\Adobe Acrobat 7.0\Acrobat\AdobeUpdateManager.exe [“C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AdobeUpdateManager.exe” AcPro7_0_7 -reboot 1] → [2005/10/24 15:53:40 | 00,307,200 | ---- | M] (Adobe Systems Incorporated)
“Veoh” → %ProgramFiles%\Veoh Networks\Veoh\VeohClient.exe [“C:\Program Files\Veoh Networks\Veoh\VeohClient.exe” /VeohHide] → [2008/08/28 09:18:24 | 03,660,848 | ---- | M] (Veoh Networks)
“Yahoo! Pager” → %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe [“C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe” -quiet] → [2007/06/07 13:08:16 | 04,670,968 | ---- | M] (Yahoo! Inc.)
< Administrator Startup Folder > → C:\Documents and Settings\Administrator\Start Menu\Programs\Startup →
< All Users Startup Folder > → C:\Documents and Settings\All Users\Start Menu\Programs\Startup →
%AllUsersProfile%\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk → → File not found
%AllUsersProfile%\Start Menu\Programs\Startup\Adobe Gamma.lnk → %CommonProgramFiles%\Adobe\Calibration\Adobe Gamma Loader.exe → [2005/03/16 19:16:50 | 00,113,664 | ---- | M] (Adobe Systems, Inc.)
%AllUsersProfile%\Start Menu\Programs\Startup\OneClickProtect.lnk → %ProgramFiles%\PC-Encrypt Security\OneClickProtect.exe → [2004/01/29 23:55:20 | 00,319,488 | ---- | M] (PC-Encrypt, Inc.)
%AllUsersProfile%\Start Menu\Programs\Startup\TabUserW.exe.lnk → %SystemRoot%\system32\WTablet\TabUserW.exe → [2005/06/17 15:35:50 | 00,114,688 | ---- | M] (Wacom Technology, Corp.)
%AllUsersProfile%\Start Menu\Programs\Startup\Windows Search.lnk → %ProgramFiles%\Windows Desktop Search\WindowsSearch.exe → [2008/05/26 21:19:14 | 00,123,904 | ---- | M] (Microsoft Corporation)
< Default User Startup Folder > → C:\Documents and Settings\Default User\Start Menu\Programs\Startup →
< Kinzer family Startup Folder > → C:\Documents and Settings\Kinzer family\Start Menu\Programs\Startup →
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > → HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\“NoCDBurning” → [0] → File not found

system · December 13, 2008, 5:10pm

Section 4f:

< Internet Explorer Menu Extensions [HKEY_CURRENT_USER] > → HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ →
&Yahoo! Search → %ProgramFiles%\Yahoo!\Common [file:///C:\Program Files\Yahoo!\Common/ycsrch.htm] → [2007/08/17 11:18:57 | 00,000,000 | —D | M]
Convert link target to Adobe PDF → %ProgramFiles%\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll [res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html] → [2005/09/24 00:41:42 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)
Convert link target to existing PDF → %ProgramFiles%\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll [res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html] → [2005/09/24 00:41:42 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)
Convert selected links to Adobe PDF → %ProgramFiles%\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll [res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html] → [2005/09/24 00:41:42 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)
Convert selected links to existing PDF → %ProgramFiles%\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll [res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html] → [2005/09/24 00:41:42 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)
Convert selection to Adobe PDF → %ProgramFiles%\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll [res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html] → [2005/09/24 00:41:42 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)
Convert selection to existing PDF → %ProgramFiles%\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll [res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html] → [2005/09/24 00:41:42 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)
Convert to Adobe PDF → %ProgramFiles%\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll [res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html] → [2005/09/24 00:41:42 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)
Convert to existing PDF → %ProgramFiles%\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll [res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html] → [2005/09/24 00:41:42 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)
E&xport to Microsoft Excel → %ProgramFiles%\Microsoft Office\OFFICE11\EXCEL.EXE [res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000] → [2008/08/04 15:12:50 | 10,354,176 | ---- | M] (Microsoft Corporation)
Yahoo! &Dictionary → %ProgramFiles%\Yahoo!\Common [file:///C:\Program Files\Yahoo!\Common/ycdict.htm] → [2007/08/17 11:18:57 | 00,000,000 | —D | M]
Yahoo! &Maps → %ProgramFiles%\Yahoo!\Common [file:///C:\Program Files\Yahoo!\Common/ycmap.htm] → [2007/08/17 11:18:57 | 00,000,000 | —D | M]
Yahoo! &SMS → %ProgramFiles%\Yahoo!\Common [file:///C:\Program Files\Yahoo!\Common/ycsms.htm] → [2007/08/17 11:18:57 | 00,000,000 | —D | M]
< Internet Explorer Menu Extensions [HKEY_USERS.DEFAULT] > → HKEY_USERS.DEFAULT\Software\Microsoft\Internet Explorer\MenuExt\ →
E&xport to Microsoft Excel → %ProgramFiles%\Microsoft Office\OFFICE11\EXCEL.EXE [res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000] → [2008/08/04 15:12:50 | 10,354,176 | ---- | M] (Microsoft Corporation)
< Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-18] > → HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\MenuExt\ →
E&xport to Microsoft Excel → %ProgramFiles%\Microsoft Office\OFFICE11\EXCEL.EXE [res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000] → [2008/08/04 15:12:50 | 10,354,176 | ---- | M] (Microsoft Corporation)
< Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-1839122157-949777392-379700491-1006] > → HKEY_USERS\S-1-5-21-1839122157-949777392-379700491-1006\Software\Microsoft\Internet Explorer\MenuExt\ →
&Yahoo! Search → %ProgramFiles%\Yahoo!\Common [file:///C:\Program Files\Yahoo!\Common/ycsrch.htm] → [2007/08/17 11:18:57 | 00,000,000 | —D | M]
Convert link target to Adobe PDF → %ProgramFiles%\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll [res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html] → [2005/09/24 00:41:42 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)
Convert link target to existing PDF → %ProgramFiles%\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll [res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html] → [2005/09/24 00:41:42 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)
Convert selected links to Adobe PDF → %ProgramFiles%\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll [res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html] → [2005/09/24 00:41:42 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)
Convert selected links to existing PDF → %ProgramFiles%\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll [res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html] → [2005/09/24 00:41:42 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)
Convert selection to Adobe PDF → %ProgramFiles%\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll [res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html] → [2005/09/24 00:41:42 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)
Convert selection to existing PDF → %ProgramFiles%\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll [res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html] → [2005/09/24 00:41:42 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)
Convert to Adobe PDF → %ProgramFiles%\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll [res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html] → [2005/09/24 00:41:42 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)
Convert to existing PDF → %ProgramFiles%\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll [res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html] → [2005/09/24 00:41:42 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)
E&xport to Microsoft Excel → %ProgramFiles%\Microsoft Office\OFFICE11\EXCEL.EXE [res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000] → [2008/08/04 15:12:50 | 10,354,176 | ---- | M] (Microsoft Corporation)
Yahoo! &Dictionary → %ProgramFiles%\Yahoo!\Common [file:///C:\Program Files\Yahoo!\Common/ycdict.htm] → [2007/08/17 11:18:57 | 00,000,000 | —D | M]
Yahoo! &Maps → %ProgramFiles%\Yahoo!\Common [file:///C:\Program Files\Yahoo!\Common/ycmap.htm] → [2007/08/17 11:18:57 | 00,000,000 | —D | M]
Yahoo! &SMS → %ProgramFiles%\Yahoo!\Common [file:///C:\Program Files\Yahoo!\Common/ycsms.htm] → [2007/08/17 11:18:57 | 00,000,000 | —D | M]

system · December 13, 2008, 5:11pm

Section 4g:

< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > → HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ →
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} [HKLM] → %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [Menu: Sun Java Console] → [2008/06/10 03:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}:{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKLM] → %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Button: Yahoo! Services] → [2006/10/31 15:29:16 | 00,198,136 | ---- | M] (Yahoo! Inc.)
{92780B25-18CC-41C8-B9BE-3C9C571A8263}:{FF059E31-CC5A-4E2E-BF3B-96E929D65503} [HKLM] → %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Button: Research] → [2007/04/19 14:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation)
{e2e2dd38-d088-4134-82b7-f2ba38496583}:Exec [HKLM] → %SystemRoot%\network diagnostic\xpnetdiag.exe [Menu: @xpsp3res.dll,-20001] → [2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}:Exec [HKLM] → %SystemDrive%\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe [Button: Yahoo! Messenger] → File not found
{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}:Exec [HKLM] → %SystemDrive%\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe [Menu: Yahoo! Messenger] → File not found
{FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] → %ProgramFiles%\Messenger\msmsgs.exe [Button: Messenger] → [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] → %ProgramFiles%\Messenger\msmsgs.exe [Menu: Windows Messenger] → [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
< Internet Explorer Extensions [HKEY_CURRENT_USER] > → HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ →
CmdMapping\“{08B0E5C0-4FCB-11CF-AAA5-00401C608501}” [HKLM] → %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [Sun Java Console] → [2008/06/10 03:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
CmdMapping\“{39FD89BF-D3F1-45b6-BB56-3582CCF489E1}” [HKLM] → [Reg Error: Key does not exist or could not be opened.] → File not found
CmdMapping\“{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}” [HKLM] → %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Yahoo! IE Services Button] → [2006/10/31 15:29:16 | 00,198,136 | ---- | M] (Yahoo! Inc.)
CmdMapping\“{92780B25-18CC-41C8-B9BE-3C9C571A8263}” [HKLM] → %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] → [2007/04/19 14:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation)
CmdMapping\“{A75C6120-9B36-11d4-A3F0-009027427750}” [HKLM] → [Reg Error: Key does not exist or could not be opened.] → File not found
CmdMapping\“{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}” [HKLM] → %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe [Messenger Class] → [2007/06/07 13:08:16 | 04,670,968 | ---- | M] (Yahoo! Inc.)
CmdMapping\“{FB5F1910-F110-11d2-BB9E-00C04F795683}” [HKLM] → %ProgramFiles%\Messenger\msmsgs.exe [Messenger] → [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
< Internet Explorer Extensions [HKEY_USERS.DEFAULT] > → HKEY_USERS.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\ →
CmdMapping\“{08B0E5C0-4FCB-11CF-AAA5-00401C608501}” [HKLM] → %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [Sun Java Console] → [2008/06/10 03:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
CmdMapping\“{92780B25-18CC-41C8-B9BE-3C9C571A8263}” [HKLM] → %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] → [2007/04/19 14:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation)
CmdMapping\“{FB5F1910-F110-11d2-BB9E-00C04F795683}” [HKLM] → %ProgramFiles%\Messenger\msmsgs.exe [Messenger] → [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
< Internet Explorer Extensions [HKEY_USERS\S-1-5-18] > → HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\ →
CmdMapping\“{08B0E5C0-4FCB-11CF-AAA5-00401C608501}” [HKLM] → %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [Sun Java Console] → [2008/06/10 03:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
CmdMapping\“{92780B25-18CC-41C8-B9BE-3C9C571A8263}” [HKLM] → %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] → [2007/04/19 14:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation)
CmdMapping\“{FB5F1910-F110-11d2-BB9E-00C04F795683}” [HKLM] → %ProgramFiles%\Messenger\msmsgs.exe [Messenger] → [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
< Internet Explorer Extensions [HKEY_USERS\S-1-5-21-1839122157-949777392-379700491-1006] > → HKEY_USERS\S-1-5-21-1839122157-949777392-379700491-1006\Software\Microsoft\Internet Explorer\Extensions\ →
CmdMapping\“{08B0E5C0-4FCB-11CF-AAA5-00401C608501}” [HKLM] → %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [Sun Java Console] → [2008/06/10 03:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
CmdMapping\“{39FD89BF-D3F1-45b6-BB56-3582CCF489E1}” [HKLM] → [Reg Error: Key does not exist or could not be opened.] → File not found
CmdMapping\“{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}” [HKLM] → %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Yahoo! IE Services Button] → [2006/10/31 15:29:16 | 00,198,136 | ---- | M] (Yahoo! Inc.)
CmdMapping\“{92780B25-18CC-41C8-B9BE-3C9C571A8263}” [HKLM] → %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] → [2007/04/19 14:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation)
CmdMapping\“{A75C6120-9B36-11d4-A3F0-009027427750}” [HKLM] → [Reg Error: Key does not exist or could not be opened.] → File not found
CmdMapping\“{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}” [HKLM] → %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe [Messenger Class] → [2007/06/07 13:08:16 | 04,670,968 | ---- | M] (Yahoo! Inc.)
CmdMapping\“{FB5F1910-F110-11d2-BB9E-00C04F795683}” [HKLM] → %ProgramFiles%\Messenger\msmsgs.exe [Messenger] → [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > → HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ →

system · December 13, 2008, 5:12pm

Section 4h:

PluginsPageFriendlyName → Microsoft ActiveX Gallery →
PluginsPage → http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s →
< Default Prefix > → HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
“” → http://
< Trusted Sites Domains [HKEY_LOCAL_MACHINE] > → HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ → [Key] 4871 domain(s) found. →
47 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE] > → HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ → [Key] 36 range(s) found. →
< Trusted Sites Domains [HKEY_CURRENT_USER] > → HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ →
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ → [Key] 4912 domain(s) found. →
internet .[about] → Trusted sites →
mcafee.com .[http] → Trusted sites →
mcafee.com .[https] → Trusted sites →
48 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_CURRENT_USER] > → HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ →
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ → [Key] 103 range(s) found. →
< Trusted Sites Domains [HKEY_USERS.DEFAULT] > → HKEY_USERS.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ →
HKEY_USERS.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ → [Key] 4896 domain(s) found. →
48 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_USERS.DEFAULT] > → HKEY_USERS.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ →
HKEY_USERS.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ → [Key] 103 range(s) found. →
< Trusted Sites Domains [HKEY_USERS\S-1-5-18] > → HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ →
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ → [Key] 4896 domain(s) found. →
48 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_USERS\S-1-5-18] > → HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ →
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ → [Key] 103 range(s) found. →
< Trusted Sites Domains [HKEY_USERS\S-1-5-19] > → HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ →
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ → [Key] 4439 domain(s) found. →
34 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_USERS\S-1-5-19] > → HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ →
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ → [Key] 103 range(s) found. →
< Trusted Sites Domains [HKEY_USERS\S-1-5-20] > → HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ →
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ → [Key] 4439 domain(s) found. →
34 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_USERS\S-1-5-20] > → HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ →
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ → [Key] 103 range(s) found. →
< Trusted Sites Domains [HKEY_USERS\S-1-5-21-1839122157-949777392-379700491-1006] > → HKEY_USERS\S-1-5-21-1839122157-949777392-379700491-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ →
HKEY_USERS\S-1-5-21-1839122157-949777392-379700491-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ → [Key] 4912 domain(s) found. →

system · December 13, 2008, 5:14pm

Section 4i:

internet .[about] → Trusted sites →
mcafee.com .[http] → Trusted sites →
mcafee.com .[https] → Trusted sites →
48 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_USERS\S-1-5-21-1839122157-949777392-379700491-1006] > → HKEY_USERS\S-1-5-21-1839122157-949777392-379700491-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ →
HKEY_USERS\S-1-5-21-1839122157-949777392-379700491-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ → [Key] 103 range(s) found. →
< Downloaded Program Files > → HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ →
{01111F00-3E00-11D2-8470-0060089874ED} [HKLM] → http://supportsoft.adelphia.net/sdccommon/download/tgctlins.cab[Reg Error: Key does not exist or could not be opened.] →
{05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} [HKLM] → http://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab[Office Genuine Advantage Validation Tool] →
{17492023-C23A-453E-A040-C7C580BBF700} [HKLM] → http://go.microsoft.com/fwlink/?linkid=39204[Windows Genuine Advantage Validation Tool] →
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] → http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab[Java Plug-in 1.6.0_07] →
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [HKLM] → http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab[Reg Error: Key does not exist or could not be opened.] →
{C7DB51B4-BCF7-4923-8874-7F1A0DC92277} [HKLM] → http://office.microsoft.com/officeupdate/content/opuc4.cab[Office Update Installation Engine] →
{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} [HKLM] → http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab[Java Plug-in 1.4.2_03] →
{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} [HKLM] → http://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab[Java Plug-in 1.5.0_05] →
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} [HKLM] → http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab[Java Plug-in 1.5.0_06] →
{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} [HKLM] → http://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab[Java Plug-in 1.5.0_09] →
{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} [HKLM] → http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab[Java Plug-in 1.5.0_10] →
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} [HKLM] → http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab[Java Plug-in 1.6.0_01] →
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} [HKLM] → http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab[Java Plug-in 1.6.0_03] →
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} [HKLM] → http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab[Java Plug-in 1.6.0_05] →
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [HKLM] → http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab[Java Plug-in 1.6.0_07] →
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] → http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab[Java Plug-in 1.6.0_07] →
{CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} [HKLM] → http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab[get_atlcom Class] →
{D27CDB6E-AE6D-11CF-96B8-444553540000} [HKLM] → http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab[Shockwave Flash Object] →
{E473A65C-8087-49A3-AFFD-C5BC4A10669B} [HKLM] → http://mvnet.xlontech.net/qm/fox/06101102/qsp2ie06101001.cab[Reg Error: Key does not exist or could not be opened.] →
< DNS Name Servers [HKEY_LOCAL_MACHINE] > → HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ →
{085745BC-BE5C-4D3B-A107-A53B85B1BD86} → (Linksys BEFCMU10 ver. 4 Cable Modem) →
{73041C30-810A-434F-89FB-59C465402058} → (Intel(R) PRO/1000 PL Network Connection) →
< AppInit_DLLs [HKEY_LOCAL_MACHINE] > → HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs →
AppInit_DLLs → HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_Dlls →
C:\WINDOWS\system32\horijige.dll → %SystemRoot%\system32\horijige.dll → [2008/09/10 18:25:39 | 00,062,147 | -HS- | M] ()
cjvlue.dll → → File not found
c:\windows\system32\regoyivu.dll → %SystemRoot%\system32\regoyivu.dll → [2008/12/13 08:24:25 | 00,091,304 | -HS- | M] ()
MultiFile Done → ->
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > → HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ →
AtiExtEvent → %SystemRoot%\system32\ati2evxx.dll → [2008/09/23 21:06:19 | 00,143,360 | ---- | M] (ATI Technologies Inc.)
cbXqonoM → → File not found
< SSODL [HKEY_LOCAL_MACHINE] > → HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad →
“{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}” [HKLM] → %SystemRoot%\system32\regoyivu.dll [SSODL] → [2008/12/13 08:24:25 | 00,091,304 | -HS- | M] ()
< SharedTaskScheduler [HKEY_LOCAL_MACHINE] > → HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler →
“{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}” [HKLM] → %SystemRoot%\system32\regoyivu.dll [STS] → [2008/12/13 08:24:25 | 00,091,304 | -HS- | M] ()
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > → HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks →
“{56F9679E-7826-4C84-81F3-532071A8BCC5}” [HKLM] → %ProgramFiles%\Windows Desktop Search\MSNLNamespaceMgr.dll → [2008/05/26 21:19:02 | 00,304,128 | ---- | M] (Microsoft Corporation)
< LSA Authentication Packages [HKEY_LOCAL_MACHINE] > → HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages →
LSA Authentication Packages → HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages →
C:\WINDOWS\system32\pmnnmnmm → → File not found
MultiFile Done → ->

system · December 13, 2008, 5:15pm

Section 4j:

< Domain Profile Authorized Applications List > → HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List →
“%windir%\Network Diagnostic\xpnetdiag.exe” → C:\WINDOWS\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe::Enabled:@xpsp3res.dll,-20000] → [2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
“%windir%\system32\sessmgr.exe” → C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe::enabled:@xpsp2res.dll,-22019] → [2008/04/13 19:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation)
“C:\Nexon\Combat Arms\CombatArms.exe” → C:\Nexon\Combat Arms\CombatArms.exe [C:\Nexon\Combat Arms\CombatArms.exe:Enabled:CombatArms.exe] → [2008/11/28 01:23:55 | 01,093,632 | ---- | M] (Nexon)
“C:\Nexon\Combat Arms\Engine.exe” → C:\Nexon\Combat Arms\Engine.exe [C:\Nexon\Combat Arms\Engine.exe:Enabled:Engine.exe] → [2008/11/07 07:11:10 | 01,055,744 | ---- | M] (Nexon)
“C:\Program Files\America Online 9.0\waol.exe” → C:\Program Files\America Online 9.0\waol.exe [C:\Program Files\America Online 9.0\waol.exe::Enabled:AOL] → File not found
“C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe” → C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe [C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe::Enabled:AOL] → File not found
“C:\Program Files\Common Files\AOL\ACS\AOLDial.exe” → C:\Program Files\Common Files\AOL\ACS\AOLDial.exe [C:\Program Files\Common Files\AOL\ACS\AOLDial.exe::Enabled:AOL] → File not found
< Standard Profile Authorized Applications List > → HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List →
“%windir%\Network Diagnostic\xpnetdiag.exe” → C:\WINDOWS\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe::Enabled:@xpsp3res.dll,-20000] → [2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
“%windir%\system32\sessmgr.exe” → C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe::enabled:@xpsp2res.dll,-22019] → [2008/04/13 19:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation)
“C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe” → C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe [C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe::Enabled:Nexon Game Manager] → [2008/08/06 02:17:51 | 00,159,744 | ---- | M] (Nexon)
“C:\Nexon\Combat Arms\CombatArms.exe” → C:\Nexon\Combat Arms\CombatArms.exe [C:\Nexon\Combat Arms\CombatArms.exe:Enabled:CombatArms.exe] → [2008/11/28 01:23:55 | 01,093,632 | ---- | M] (Nexon)
“C:\Nexon\Combat Arms\Engine.exe” → C:\Nexon\Combat Arms\Engine.exe [C:\Nexon\Combat Arms\Engine.exe:Enabled:Engine.exe] → [2008/11/07 07:11:10 | 01,055,744 | ---- | M] (Nexon)
“C:\Nexon\Combat Arms\NMService.exe” → C:\Nexon\Combat Arms\NMService.exe [C:\Nexon\Combat Arms\NMService.exe::Enabled:Nexon Messenger Core] → [2008/09/30 23:39:08 | 01,470,464 | ---- | M] (Nexon Corp.)
“C:\Program Files\1701 A.D\1701-AddOn.exe” → C:\Program Files\1701 A.D\1701-AddOn.exe [C:\Program Files\1701 A.D\1701-AddOn.exe::Enabled:1701 A.D. Add-On] → [2008/06/27 16:30:22 | 05,012,448 | ---- | M] (Related Designs Software GmbH)
“C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe” → C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe [C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe::Enabled:Adobe Version Cue CS2] → [2005/04/04 18:58:28 | 00,163,840 | ---- | M] (Adobe Systems Incorporated)
“C:\Program Files\AIM6\aim6.exe” → C:\Program Files\AIM6\aim6.exe [C:\Program Files\AIM6\aim6.exe::Enabled:AIM] → File not found

essexboy · December 13, 2008, 6:05pm

Hi there this is such a large log that uploading to mediafire would have been easier and I would have got it all ;D

However, I saw enough to make a start

Start OTScanit. Copy/Paste the information in the quotebox below into the pane where it says “Paste fix here” and then click the Run Fix button.


[Unregister Dlls]
[Registry - Safe List]
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YN -> {9e917783-4849-44d9-81a7-4a692480b5b3} [HKLM] -> %SystemRoot%\system32\bajukeko.dll [Reg Error: Value  does not exist or could not be read.]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
YN -> WebBrowser\\"{19E452E4-8FE0-4165-A27B-0D00C05D4ACA}" [HKLM] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> WebBrowser\\"{B78BDEB2-AD27-4549-B5B8-95B8197BF56E}" [HKLM] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
< Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-1839122157-949777392-379700491-1006\] > -> HKEY_USERS\S-1-5-21-1839122157-949777392-379700491-1006\Software\Microsoft\Internet Explorer\Toolbar\
YN -> WebBrowser\\"{19E452E4-8FE0-4165-A27B-0D00C05D4ACA}" [HKLM] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> WebBrowser\\"{B78BDEB2-AD27-4549-B5B8-95B8197BF56E}" [HKLM] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> "" -> []
YY -> "44c8d1ca" -> %SystemRoot%\system32\dapavama.dll [rundll32.exe "C:\WINDOWS\system32\dapavama.dll",b]
YY -> "CPM47fbe256" -> %SystemRoot%\system32\regoyivu.dll [Rundll32.exe "c:\windows\system32\regoyivu.dll",a]
YY -> "Nnijatu" -> %SystemRoot%\system32\rundll32.exe [rundll32.exe "C:\WINDOWS\Bvomitozofaneya.dat",e]
YY -> "wufolejabe" -> %SystemRoot%\system32\zinasemi.dll [Rundll32.exe "C:\WINDOWS\system32\zinasemi.dll",s]
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> "" -> []
< Run [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YY -> "wufolejabe" -> %SystemRoot%\system32\zinasemi.dll [Rundll32.exe "C:\WINDOWS\system32\zinasemi.dll",s]
< Run [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YY -> "wufolejabe" -> %SystemRoot%\system32\zinasemi.dll [Rundll32.exe "C:\WINDOWS\system32\zinasemi.dll",s]
< Run [HKEY_USERS\S-1-5-21-1839122157-949777392-379700491-1006\] > -> HKEY_USERS\S-1-5-21-1839122157-949777392-379700491-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> "" -> []
< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls
YY -> C:\WINDOWS\system32\horijige.dll -> %SystemRoot%\system32\horijige.dll
YN -> cjvlue.dll -> 
YY -> c:\windows\system32\regoyivu.dll -> %SystemRoot%\system32\regoyivu.dll
< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
YN -> cbXqonoM -> 
< SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
YY -> "{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}" [HKLM] -> %SystemRoot%\system32\regoyivu.dll [SSODL]
< SharedTaskScheduler [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
YY -> "{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}" [HKLM] -> %SystemRoot%\system32\regoyivu.dll [STS]
< LSA Authentication Packages [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages
*LSA Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages
YY -> C:\WINDOWS\system32\pmnnmnmm -> 
< LSA Authentication Packages [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages
[Empty Temp Folders]

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here along with a new Hijackthis log.

I will review the information when it comes back in.

Could you them re-run OTScanit with the same parameters and upload to media fire

upload to Mediafire and post the sharing link.

Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.

Randomn Browser Pop-Ups

Announcements