Find your solution!

rherder · 09-Nov-2009, 11:39 AM #1

Our five year old Dell laptop (Inspiron 1000) has a redirect virus. Google searches are redirected to other pages, esp. Gotoseek page and gambling pages. Have tried spybot, AVG, Malware Bytes, and SuperAnti-spyware pro. None of it worked. I also tried to update Java, but whatever malware we got blocks the update.
Help!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:29:55 AM, on 11/9/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Documents and Settings\Richard Herder\Local Settings\Application Data\Google\Update\1.2.183.13\GoogleCrashHandler.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Documents and Settings\Richard Herder\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Richard Herder\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Richard Herder\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Richard Herder\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.perimeter.org/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Richard Herder\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1181791605750
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: spkrmon - Unknown owner - C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe

--
End of file - 7252 bytes

rherder · 20-Nov-2009, 08:55 AM #2

I need to make one correction to my post. I said it frequently redirects to "gotoseek." That was a mistake. The website that comes up most frequently is "Toseeka." Then again, I just tested it by doing 10 random searches W/Google in Firefox. 7 of them redirected, none of them to the Toseeka site. In all but two of the redirects the signature blue "2" flashed in the address bar. Two of the searches redirected to a website called "NeXplore."

NeonFx · 20-Nov-2009, 02:45 PM #3

Hello there

Welcome to the TSG Forums.
My name is NeonFx. I'll be glad to help you with your computer problems. Logs can take some time to research, so please be patient with me.

Please note the following:

The fixes are specific to your problem and should only be used on this machine.
Please continue to review my answers until I tell you your machine appears to be clean. Absence of symptoms does not necessarily mean that the system is completely clean.
It's often worth reading through these instructions and printing them for ease of reference. I may ask you to boot into Safe Mode where you will be unable to follow my instructions online.
If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
Please reply to this thread. Do not start a new topic.

Step 1

Download OTS to your Desktop

Close ALL OTHER PROGRAMS.
Double-click on OTS.exe to start the program.
Check the box that says Scan All Users
Under Additional Scans check the following:
- Reg - Desktop Components
- Reg - Disabled MS Config Items
- Reg - NetSvcs
- Reg - Shell Spawning
- Reg - Uninstall List
- File - Lop Check
- File - Purity Scan
- Evnt - EvtViewer (last 10)
Please copy the following into the Custom Scans box at the bottom

Code:

%SYSTEMDRIVE%\eventlog.dll /s /md5
%SYSTEMDRIVE%\scecli.dll /s /md5
%SYSTEMDRIVE%\netlogon.dll /s /md5
%SYSTEMDRIVE%\cngaudit.dll /s /md5
%SYSTEMDRIVE%\sceclt.dll /s /md5
%SYSTEMDRIVE%\ntelogon.dll /s /md5
%SYSTEMDRIVE%\logevent.dll /s /md5
%SYSTEMDRIVE%\iaStor.sys /s /md5
%SYSTEMDRIVE%\nvstor.sys /s /md5
%SYSTEMDRIVE%\atapi.sys /s /md5
%SYSTEMDRIVE%\si3112.sys /s /md5
%SYSTEMDRIVE%\viadsk.sys /s /md5
%SYSTEMDRIVE%\nvatabus.sys /s /md5
%SYSTEMDRIVE%\IdeChnDr.sys /s /md5
%SYSTEMDRIVE%\viasraid.sys  /s /md5
%SYSTEMDRIVE%\AGP440.sys /s /md5
%SYSTEMDRIVE%\vaxscsi.sys /s /md5

Now click the Run Scan button on the toolbar.
Let it run unhindered until it finishes.
When the scan is complete Notepad will open with the report file loaded in it.
Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.

Please attach the log in your next post. To do so click on the blue "Reply" button or "Go Advanced" and click on the "Manage Attachments" button

To ensure that I get all the information this log will need to be attached. If it is too large to attach then upload it to Dropio and post the sharing link/url (The Drop's URL will be similar to : http:://drop.io/daerk)

Step 2

Download SysProt Antirootkit from the link below (you will find it at the bottom of the page under attachments, or you can get it from one of the mirrors).

http://sites.google.com/site/sysprotantirootkit/

Unzip it into a folder on your desktop.

Start the Sysprot.exe program.

Click on the Log tab.
In the Write to log box select All items.
Place a checkmark next to Hidden Objects Only
Click on the Create Log button on the bottom right.
After a few seconds a new Window should appear.
Make sure Scan all drives is selected and click on the Start button.
(Unless you have a floppy drive. In this case, please use "Scan Root Drive Only" and press Start)
When it is complete a new Window will appear to indicate that the scan is finished.
The log will be created and saved automatically in the same folder. Open the text file and copy/paste the log here.

rherder · 20-Nov-2009, 09:16 PM #4

Thank you for responding. I will do all of this as soon as possible... either later tonight or tomorrow morning.
RH

NeonFx · 20-Nov-2009, 10:04 PM #5

Alright

rherder · 21-Nov-2009, 06:13 AM #6

Here is the scan. What do you think?
RH

SysProt AntiRootkit v1.0.1.0
by swatkat

*************************************************************************** ***************
*************************************************************************** ***************

No Hidden Processes found

*************************************************************************** ***************
*************************************************************************** ***************
No Hidden Kernel Modules found

*************************************************************************** ***************
*************************************************************************** ***************
SSDT:
Function Name: ZwTerminateProcess
Address: F67390B0
Driver Base: F6730000
Driver End: F6755000
Driver Name: \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys

*************************************************************************** ***************
*************************************************************************** ***************
No Kernel Hooks found

*************************************************************************** ***************
*************************************************************************** ***************
No IRP Hooks found

*************************************************************************** ***************
*************************************************************************** ***************
Ports:
Local Address: RICKSLAPTOP.GATEWAY.2WIRE.NET:1363
Remote Address: GW-IN-F102.1E100.NET:HTTPS
Type: TCP
Process: C:\Documents and Settings\Richard Herder\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
State: ESTABLISHED

Local Address: RICKSLAPTOP.GATEWAY.2WIRE.NET:NETBIOS-SSN
Remote Address: 0.0.0.0:0
Type: TCP
Process: System
State: LISTENING

Local Address: RICKSLAPTOP:5152
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Java\jre6\bin\jqs.exe
State: LISTENING

Local Address: RICKSLAPTOP:1025
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS\system32\alg.exe
State: LISTENING

Local Address: RICKSLAPTOP:MICROSOFT-DS
Remote Address: 0.0.0.0:0
Type: TCP
Process: System
State: LISTENING

Local Address: RICKSLAPTOP:EPMAP
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS\system32\svchost.exe
State: LISTENING

Local Address: RICKSLAPTOP.GATEWAY.2WIRE.NET:1900
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: RICKSLAPTOP.GATEWAY.2WIRE.NET:138
Remote Address: NA
Type: UDP
Process: System
State: NA

Local Address: RICKSLAPTOP.GATEWAY.2WIRE.NET:NETBIOS-NS
Remote Address: NA
Type: UDP
Process: System
State: NA

Local Address: RICKSLAPTOP.GATEWAY.2WIRE.NET:123
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: RICKSLAPTOP:1900
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: RICKSLAPTOP:123
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: RICKSLAPTOP:4500
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\lsass.exe
State: NA

Local Address: RICKSLAPTOP:500
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\lsass.exe
State: NA

Local Address: RICKSLAPTOP:MICROSOFT-DS
Remote Address: NA
Type: UDP
Process: System
State: NA

*************************************************************************** ***************
*************************************************************************** ***************
Hidden files/folders:
Object: C:\System Volume Information\MountPointManagerRemoteDatabase
Status: Access denied

Object: C:\System Volume Information\tracking.log
Status: Access denied

Object: C:\System Volume Information\_restore{D866F547-D98C-40FC-8993-9F8109FC9880}
Status: Access denied

rherder · 08:48 AM

I just ran 4 or 5 Google searches in Firefox. It is still there, though it took 4 searches before the redirect page loaded. The first few redirects produced blank pages.

NeonFx · 21-Nov-2009, 02:44 PM #8

That's because those steps don't fix anything. They are to scan your system so that I can hunt down the culprit. Do you have the results from step 1?

rherder · 21-Nov-2009, 10:34 PM #9

OK, this is strange. I know I posted this scan earlier.
Let's try this again.

[code]
OTS logfile created on: 11/21/2009 10:22:36 PM - Run 2
OTS by OldTimer - Version 3.1.6.1 Folder = C:\Documents and Settings\Richard Herder\My Documents\Downloads
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

221.48 Mb Total Physical Memory | 137.51 Mb Available Physical Memory | 62.08% Memory free
786.57 Mb Paging File | 360.08 Mb Available in Paging File | 45.78% Paging File free
Paging file location(s): C:\pagefile.sys 336 672 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 27.92 Gb Total Space | 14.55 Gb Free Space | 52.09% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: RICKSLAPTOP
Current User Name: Richard Herder
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days

[Processes - Safe List]
ots (1).exe -> C:\Documents and Settings\Richard Herder\My Documents\Downloads\OTS (1).exe -> [2009/11/21 22:15:28 | 00,525,824 | ---- | M] (OldTimer Tools)
avgtray.exe -> C:\Program Files\AVG\AVG9\avgtray.exe -> [2009/11/12 16:48:03 | 02,020,120 | ---- | M] (AVG Technologies CZ, s.r.o.)
avgnsx.exe -> C:\Program Files\AVG\AVG9\avgnsx.exe -> [2009/11/12 16:47:56 | 00,600,344 | ---- | M] (AVG Technologies CZ, s.r.o.)
superantispyware.exe -> C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE -> [2009/11/11 22:41:50 | 02,001,648 | ---- | M] (SUPERAntiSpyware.com)
googlecrashhandler.exe -> C:\Documents and Settings\Richard Herder\Local Settings\Application Data\Google\Update\1.2.183.13\GoogleCrashHandler.exe -> [2009/11/10 16:17:21 | 00,136,176 | ---- | M] (Google Inc.)
jqs.exe -> C:\Program Files\Java\jre6\bin\jqs.exe -> [2009/11/08 09:59:22 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.)
jusched.exe -> C:\Program Files\Java\jre6\bin\jusched.exe -> [2009/11/08 09:59:22 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.)
avgchsvx.exe -> C:\Program Files\AVG\AVG9\avgchsvx.exe -> [2009/11/02 06:10:52 | 01,055,000 | ---- | M] (AVG Technologies CZ, s.r.o.)
avgrsx.exe -> C:\Program Files\AVG\AVG9\avgrsx.exe -> [2009/11/02 06:10:50 | 00,502,040 | ---- | M] (AVG Technologies CZ, s.r.o.)
avgcsrvx.exe -> C:\Program Files\AVG\AVG9\avgcsrvx.exe -> [2009/11/02 06:10:48 | 00,702,744 | ---- | M] (AVG Technologies CZ, s.r.o.)
avgwdsvc.exe -> C:\Program Files\AVG\AVG9\avgwdsvc.exe -> [2009/11/02 06:10:32 | 00,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.)
googletoolbarnotifier.exe -> C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe -> [2009/05/22 06:43:29 | 00,039,408 | ---- | M] (Google Inc.)
explorer.exe -> C:\WINDOWS\explorer.exe -> [2007/06/13 05:23:07 | 01,033,216 | ---- | M] (Microsoft Corporation)
qttask.exe -> C:\Program Files\QuickTime\qttask.exe -> [2006/11/22 00:24:31 | 00,098,304 | ---- | M] (Apple Computer, Inc.)
issch.exe -> C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe -> [2005/02/16 16:15:20 | 00,081,920 | ---- | M] (InstallShield Software Corporation)
msmsgs.exe -> C:\Program Files\Messenger\msmsgs.exe -> [2004/10/13 11:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)
wdfmgr.exe -> C:\WINDOWS\system32\wdfmgr.exe -> [2004/10/11 10:20:30 | 00,038,912 | ---- | M] (Microsoft Corporation)
spkrmon.exe -> C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe -> [2003/08/28 14:01:22 | 00,061,440 | ---- | M] ()

[Modules - Safe List]
ots (1).exe -> C:\Documents and Settings\Richard Herder\My Documents\Downloads\OTS (1).exe -> [2009/11/21 22:15:28 | 00,525,824 | ---- | M] (OldTimer Tools)
comctl32.dll -> C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll -> [2004/08/04 02:57:00 | 01,050,624 | ---- | M] (Microsoft Corporation)
framedyn.dll -> C:\WINDOWS\system32\wbem\framedyn.dll -> [2004/08/04 02:56:42 | 00,185,856 | ---- | M] (Microsoft Corporation)

[Win32 Services - Safe List]
(JavaQuickStarterService) Java Quick Starter [Auto | Running] -> C:\Program Files\Java\jre6\bin\jqs.exe -> [2009/11/08 09:59:22 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.)
(avg9wd) AVG Free WatchDog [Auto | Running] -> C:\Program Files\AVG\AVG9\avgwdsvc.exe -> [2009/11/02 06:10:32 | 00,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.)
(gusvc) Google Software Updater [On_Demand | Stopped] -> C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -> [2009/06/22 06:46:49 | 00,182,768 | ---- | M] (Google)
(IDriverT) InstallDriver Table Manager [On_Demand | Stopped] -> C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -> [2004/10/22 03:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation)
(UMWdf) Windows User Mode Driver Framework [Auto | Running] -> C:\WINDOWS\system32\wdfmgr.exe -> [2004/10/11 10:20:30 | 00,038,912 | ---- | M] (Microsoft Corporation)
(helpsvc) Help and Support [Auto | Running] -> C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -> [2004/08/04 02:56:44 | 00,038,912 | ---- | M] (Microsoft Corporation)
(spkrmon) spkrmon [Auto | Running] -> C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe -> [2003/08/28 14:01:22 | 00,061,440 | ---- | M] ()
(ose) Office Source Engine [On_Demand | Stopped] -> C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -> [2003/07/28 15:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation)

[Driver Services - Safe List]
(AvgTdiX) AVG Free8 Network Redirector [Kernel | System | Running] -> C:\WINDOWS\System32\Drivers\avgtdix.sys -> [2009/11/10 08:49:54 | 00,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.)
(AvgLdx86) AVG Free AVI Loader Driver x86 [Kernel | System | Running] -> C:\WINDOWS\System32\Drivers\avgldx86.sys -> [2009/11/02 06:11:55 | 00,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.)
(AvgMfx86) AVG Free On-access Scanner Minifilter Driver x86 [File_System | System | Running] -> C:\WINDOWS\System32\Drivers\avgmfx86.sys -> [2009/11/02 06:11:55 | 00,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.)
(SASENUM) SASENUM [Kernel | On_Demand | Running] -> C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -> [2009/10/12 21:24:56 | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
(SASDIFSV) SASDIFSV [Kernel | System | Running] -> C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -> [2009/10/12 21:24:54 | 00,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
(SASKUTIL) SASKUTIL [Kernel | System | Running] -> C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -> [2009/10/12 21:24:52 | 00,074,480 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
(GEARAspiWDM) GEAR ASPI Filter Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -> [2008/04/17 13:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.)
(Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\secdrv.sys -> [2007/11/13 05:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
(BCM43XX) Broadcom 802.11 Network Adapter Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\BCMWL5.SYS -> [2005/02/11 20:46:22 | 00,371,712 | ---- | M] (Broadcom Corporation)
(usbaudio) USB Audio Driver (WDM) [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\USBAUDIO.sys -> [2004/08/04 02:07:56 | 00,059,264 | ---- | M] (Microsoft Corporation)
(atapi) Standard IDE/ESDI Hard Disk Controller [Kernel | Boot | Running] -> C:\WINDOWS\System32\DRIVERS\atapi.sys -> [2004/08/04 00:59:42 | 00,095,360 | ---- | M] ()
(SISNIC) SiS PCI Fast Ethernet Adapter Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\sisnic.sys -> [2004/07/03 21:52:56 | 00,032,768 | ---- | M] (SiS Corporation)
(SiSkp) SiSkp [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\srvkp.sys -> [2004/06/10 19:56:24 | 00,012,160 | ---- | M] (Silicon Integrated Systems Corporation)
(SiS315) SiS315 [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\sisgrp.sys -> [2004/06/10 19:56:16 | 00,216,320 | ---- | M] (Silicon Integrated Systems Corporation)
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\ptilink.sys -> [2004/04/12 03:06:53 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.)
(smwdm) smwdm [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\smwdm.sys -> [2004/03/29 16:04:42 | 00,612,352 | ---- | M] (Analog Devices, Inc.)
(AgereSoftModem) Agere Systems Soft Modem [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\AGRSM.sys -> [2003/11/19 17:41:18 | 01,205,292 | ---- | M] (Agere Systems)
(sisagp) SiS AGP Filter [Kernel | Boot | Running] -> C:\WINDOWS\System32\DRIVERS\SISAGPX.sys -> [2003/07/18 11:58:20 | 00,036,992 | ---- | M] (Silicon Integrated Systems Corporation)
(WLAN_DCB) IEEE 802.11g Wireless LAN CardBus Driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\WLANDCB.sys -> [2003/06/20 00:45:14 | 00,056,416 | R--- | M] ()
(aeaudio) aeaudio [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\aeaudio.sys -> [2002/04/01 13:15:00 | 00,004,816 | ---- | M] (Andrea Electronics Corporation)
(OMCI) OMCI [Kernel | System | Running] -> C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -> [2001/08/22 10:42:58 | 00,013,632 | ---- | M] (Dell Computer Corporation)

[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKEY_LOCAL_MACHINE\: Main\\"Default_Search_URL" -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\"Default_Secondary_Page_URL" -> [binary data] ->
HKEY_LOCAL_MACHINE\: Main\\"Extensions Off Page" -> about:NoAdd-ons ->
HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> C:\WINDOWS\system32\blank.htm ->
HKEY_LOCAL_MACHINE\: Main\\"Search Page" -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\"Security Risk Page" -> about:SecurityRisk ->
HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKEY_LOCAL_MACHINE\: Search\\"CustomizeSearch" -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKEY_LOCAL_MACHINE\: Search\\"Default_Search_URL" -> http://www.google.com/ie ->
HKEY_LOCAL_MACHINE\: Search\\"SearchAssistant" -> http://www.google.com/ie ->
< Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> ->
HKEY_USERS\.DEFAULT\: "ProxyEnable" -> 0 ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> ->
HKEY_USERS\S-1-5-18\: "ProxyEnable" -> 0 ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> ->
HKEY_USERS\S-1-5-19\: "ProxyEnable" -> 0 ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> ->
HKEY_USERS\S-1-5-20\: "ProxyEnable" -> 0 ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-21-1482476501-484763869-682003330-1004\] > -> ->
HKEY_USERS\S-1-5-21-1482476501-484763869-682003330-1004\: Main\\"Local Page" -> C:\WINDOWS\system32\blank.htm ->
HKEY_USERS\S-1-5-21-1482476501-484763869-682003330-1004\: Main\\"Search Page" -> http://www.google.com ->
HKEY_USERS\S-1-5-21-1482476501-484763869-682003330-1004\: Main\\"Start Page" -> http://www.perimeter.org/ ->
HKEY_USERS\S-1-5-21-1482476501-484763869-682003330-1004\: Search\\"SearchAssistant" -> http://www.google.com/ie ->
HKEY_USERS\S-1-5-21-1482476501-484763869-682003330-1004\: SearchURL\\"" -> http://www.google.com/search?q=%s ->
HKEY_USERS\S-1-5-21-1482476501-484763869-682003330-1004\: URLSearchHooks\\"*{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
HKEY_USERS\S-1-5-21-1482476501-484763869-682003330-1004\: URLSearchHooks\\"{A3BC75A2-1F87-4686-AA43-5347D756017C}" [HKLM] -> C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll [AVG Security Toolbar BHO] -> [2009/10/16 12:12:42 | 01,119,488 | ---- | M] ()
HKEY_USERS\S-1-5-21-1482476501-484763869-682003330-1004\: "ProxyEnable" -> 1 ->
HKEY_USERS\S-1-5-21-1482476501-484763869-682003330-1004\: "ProxyOverride" -> <local> ->
< FireFox Settings [Prefs.js] > -> C:\Documents and Settings\Richard Herder\Application Data\Mozilla\FireFox\Profiles\2qa60jyq.default\prefs.js ->
browser.search.defaultenginename -> "Yahoo! Search" ->
browser.startup.homepage -> "http://www.perimeter.org/" ->
extensions.enabledItems -> {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.701 ->
extensions.enabledItems -> avg@igeared:2.710.016.005 ->
extensions.enabledItems -> {EF522540-89F5-46b9-B6FE-1829E2B572C6}:3.22 ->
extensions.enabledItems -> {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17 ->
extensions.enabledItems -> jqs@sun.com:1.0 ->
extensions.enabledItems -> LogMeInClient@logmein.com:1.0.0.464 ->
extensions.enabledItems -> zotero@chnm.gmu.edu:2.0b7.1 ->
extensions.enabledItems -> {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.5 ->
keyword.URL -> "http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=" ->
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
HKLM\software\mozilla\Firefox\Extensions -> ->
HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71} -> C:\Program Files\AVG\AVG9\Firefox [C:\PROGRAM FILES\AVG\AVG9\FIREFOX] -> [2009/11/10 23:08:32 | 00,000,000 | ---D | M]
HKLM\software\mozilla\Firefox\Extensions\\avg@igeared -> C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared [C:\PROGRAM FILES\AVG\AVG9\TOOLBAR\FIREFOX\AVG@IGEARED] -> [2009/11/10 23:08:32 | 00,000,000 | ---D | M]
HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com -> C:\Program Files\Java\jre6\lib\deploy\jqs\ff [C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF] -> [2009/11/10 23:08:32 | 00,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions -> ->
HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components -> C:\Program Files\Mozilla Firefox\components [C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS] -> [2009/11/07 11:44:53 | 00,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins -> C:\Program Files\Mozilla Firefox\plugins [C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS] -> [2009/11/08 10:01:18 | 00,000,000 | ---D | M]
< FireFox Extensions [User Folders] > ->
-> C:\Documents and Settings\Richard Herder\Application Data\Mozilla\Extensions -> [2009/02/28 09:17:24 | 00,000,000 | ---D | M]
-> C:\Documents and Settings\Richard Herder\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} -> [2009/02/28 09:17:24 | 00,000,000 | ---D | M]
-> C:\Documents and Settings\Richard Herder\Application Data\Mozilla\Firefox\Profiles\2qa60jyq.default\extensions -> [2009/11/20 08:49:18 | 00,000,000 | ---D | M]
-> C:\Documents and Settings\Richard Herder\Application Data\Mozilla\Firefox\Profiles\2qa60jyq.default\extensions\{EF522540-89F5-46b9-B6FE-1829E2B572C6} -> [2009/11/10 23:08:05 | 00,000,000 | ---D | M]
-> C:\Documents and Settings\Richard Herder\Application Data\Mozilla\Firefox\Profiles\2qa60jyq.default\extensions\LogMeInClient@log mein.com -> [2009/11/10 23:08:04 | 00,000,000 | ---D | M]
-> C:\Documents and Settings\Richard Herder\Application Data\Mozilla\Firefox\Profiles\2qa60jyq.default\extensions\zotero@chnm.gmu.e du -> [2009/11/10 23:08:04 | 00,000,000 | ---D | M]
< FireFox Extensions [Program Folders] > ->
-> C:\Program Files\Mozilla Firefox\extensions -> [2009/11/20 08:49:18 | 00,000,000 | ---D | M]
-> C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} -> [2009/11/07 11:44:50 | 00,000,000 | ---D | M]
-> C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} -> [2009/11/10 23:08:04 | 00,000,000 | ---D | M]
< FireFox Components [Program Folders] > ->
browserdirprovider.dll -> C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll -> [2009/11/07 11:44:33 | 00,023,512 | ---- | M] (Mozilla Foundation)
brwsrcmp.dll -> C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll -> [2009/11/07 11:44:33 | 00,137,176 | ---- | M] (Mozilla Foundation)
< HOSTS File > (734 bytes and 19 lines) -> C:\WINDOWS\system32\drivers\etc\hosts ->
Reset Hosts
127.0.0.1 localhost
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\ ->
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> [2006/10/22 23:08:42 | 00,062,080 | ---- | M] (Adobe Systems Incorporated)
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} [HKLM] -> C:\Program Files\AVG\AVG9\avgssie.dll [AVG Safe Search] -> [2009/11/10 08:49:45 | 01,475,864 | ---- | M] (AVG Technologies CZ, s.r.o.)
{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> [2009/01/26 14:31:02 | 01,879,896 | ---- | M] (Safer Networking Limited)
{A3BC75A2-1F87-4686-AA43-5347D756017C} [HKLM] -> C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll [AVG Security Toolbar BHO] -> [2009/10/16 12:12:42 | 01,119,488 | ---- | M] ()
{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKLM] -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [Google Toolbar Helper] -> [2009/11/02 05:45:34 | 00,256,112 | ---- | M] (Google Inc.)
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKLM] -> C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll [Google Toolbar Notifier BHO] -> [2009/09/30 08:48:08 | 00,762,864 | ---- | M] (Google Inc.)
{C84D72FE-E17D-4195-BB24-76C02E2E7C4E} [HKLM] -> C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll [Google Dictionary Compression sdch] -> [2009/11/02 05:45:31 | 00,458,736 | ---- | M] (Google Inc.)
{DBC80044-A445-435b-BC74-9C25C1C588A9} [HKLM] -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [Java(tm) Plug-In 2 SSV Helper] -> [2009/11/08 09:59:22 | 00,041,760 | ---- | M] (Sun Microsystems, Inc.)
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} [HKLM] -> C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [JQSIEStartDetectorImpl Class] -> [2009/11/08 09:59:28 | 00,073,728 | ---- | M] (Sun Microsystems, Inc.)
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" [HKLM] -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [Google Toolbar] -> [2009/11/02 05:45:34 | 00,256,112 | ---- | M] (Google Inc.)
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}" [HKLM] -> C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll [AVG Security Toolbar] -> [2009/10/16 12:12:42 | 01,119,488 | ---- | M] ()
< Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-1482476501-484763869-682003330-1004\] > -> HKEY_USERS\S-1-5-21-1482476501-484763869-682003330-1004\Software\Microsoft\Internet Explorer\Toolbar\ ->
ShellBrowser\\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" [HKLM] -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [Google Toolbar] -> [2009/11/02 05:45:34 | 00,256,112 | ---- | M] (Google Inc.)
WebBrowser\\"{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
WebBrowser\\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" [HKLM] -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [Google Toolbar] -> [2009/11/02 05:45:34 | 00,256,112 | ---- | M] (Google Inc.)
WebBrowser\\"{C4069E3A-68F1-403E-B40E-20066696354B}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"Adobe Reader Speed Launcher" -> C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe ["C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"] -> [2008/01/11 22:16:38 | 00,039,792 | ---- | M] (Adobe Systems Incorporated)
"AVG9_TRAY" -> C:\Program Files\AVG\AVG9\avgtray.exe [C:\PROGRA~1\AVG\AVG9\avgtray.exe] -> [2009/11/12 16:48:03 | 02,020,120 | ---- | M] (AVG Technologies CZ, s.r.o.)
"ISUSPM Startup" -> C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup] -> File not found
"ISUSScheduler" -> C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe ["C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start] -> [2005/02/16 16:15:20 | 00,081,920 | ---- | M] (InstallShield Software Corporation)
"QuickTime Task" -> C:\Program Files\QuickTime\qttask.exe ["C:\Program Files\QuickTime\qttask.exe" -atboottime] -> [2006/11/22 00:24:31 | 00,098,304 | ---- | M] (Apple Computer, Inc.)
"SunJavaUpdateSched" -> C:\Program Files\Java\jre6\bin\jusched.exe ["C:\Program Files\Java\jre6\bin\jusched.exe"] -> [2009/11/08 09:59:22 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.)
< Run [HKEY_USERS\S-1-5-21-1482476501-484763869-682003330-1004\] > -> HKEY_USERS\S-1-5-21-1482476501-484763869-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"Google Update" -> C:\Documents and Settings\Richard Herder\Local Settings\Application Data\Google\Update\GoogleUpdate.exe ["C:\Documents and Settings\Richard Herder\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c] -> [2009/11/10 16:17:21 | 00,135,664 | ---- | M] (Google Inc.)
"MSMSGS" -> C:\Program Files\Messenger\msmsgs.exe ["C:\Program Files\Messenger\msmsgs.exe" /background] -> [2004/10/13 11:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)
"SUPERAntiSpyware" -> C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE [C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe] -> [2009/11/11 22:41:50 | 02,001,648 | ---- | M] (SUPERAntiSpyware.com)
"swg" -> C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe ["C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"] -> [2009/05/22 06:43:29 | 00,039,408 | ---- | M] (Google Inc.)
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
< Default User Startup Folder > -> C:\Documents and Settings\Default User\Start Menu\Programs\Startup ->
< Richard Herder Startup Folder > -> C:\Documents and Settings\Richard Herder\Start Menu\Programs\Startup ->
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explo rer ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explo rer
\\"HonorAutoRunSetting" -> [1] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Syste m ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Syste m
\\"dontdisplaylastusername" -> [0] -> File not found
\\"legalnoticecaption" -> [] -> File not found
\\"legalnoticetext" -> [] -> File not found
\\"shutdownwithoutlogon" -> [1] -> File not found
\\"undockwithoutlogon" -> [1] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Expl orer ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Expl orer
\\"NoDriveTypeAutoRun" -> [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-1482476501-484763869-682003330-1004] > -> HKEY_USERS\S-1-5-21-1482476501-484763869-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_USERS\S-1-5-21-1482476501-484763869-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [145] -> File not found
< Internet Explorer Menu Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\MenuExt\ ->
E&xport to Microsoft Excel -> C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000] -> [2009/10/08 13:44:42 | 10,352,448 | ---- | M] (Microsoft Corporation)
< Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\MenuExt\ ->
E&xport to Microsoft Excel -> C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000] -> [2009/10/08 13:44:42 | 10,352,448 | ---- | M] (Microsoft Corporation)
< Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-1482476501-484763869-682003330-1004\] > -> HKEY_USERS\S-1-5-21-1482476501-484763869-682003330-1004\Software\Microsoft\Internet Explorer\MenuExt\ ->
E&xport to Microsoft Excel -> C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000] -> [2009/10/08 13:44:42 | 10,352,448 | ---- | M] (Microsoft Corporation)

rherder · 21-Nov-2009, 10:37 PM **#10**

Is it possible a virus could block the posting of a script?... Or am I "misremembering" like Roger Clemens?

NeonFx · 22-Nov-2009, 01:20 AM **#11**

Please try attaching it instead. The size limits have cut off the end of it, and that's probably the reason you weren't able to post it earlier.

To attach results click on either the blue "Reply" button or the "Go Advanced" button and then on the "Manage Attachments" button to browse for the results on your computer and attach them.

Tag Cloud
access audio black screen blue screen boot bsod connection crash dell desktop driver drivers dvd email error excel firefox hard drive hardware hijackthis internet keyboard laptop malware monitor motherboard network networking outlook problem recovery router safe mode screen slow sound spyware tdlwsp.dll trojan upgrade vba video virus vista vundo windows windows 7 windows vista windows xp wireless

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)