Welcome guest. Before posting on our computer help forum, you must register. Click here it's easy and free.

Author Topic: HELP basenados32 ???  (Read 13237 times)

0 Members and 1 Guest are viewing this topic.

Broni


    Mastermind
  • Kraków my love :)
  • Thanked: 614
    • Computer Help Forum
  • Computer: Specs
  • Experience: Experienced
  • OS: Windows 8
Re: HELP basenados32 ???
« Reply #15 on: June 07, 2008, 10:44:38 PM »
Good job :)
Now, you can sleep well....

zrob_12

    Topic Starter


    Rookie

    Re: HELP basenados32 ???
    « Reply #16 on: June 08, 2008, 08:28:00 AM »
    That did the trick! Thank you very much!

    Broni


      Mastermind
    • Kraków my love :)
    • Thanked: 614
      • Computer Help Forum
    • Computer: Specs
    • Experience: Experienced
    • OS: Windows 8
    Re: HELP basenados32 ???
    « Reply #17 on: June 08, 2008, 10:40:17 AM »
    You're very welcome :)
    Since, it was repair only, not reinstall, I'd like to make sure, your computer is clean...

    Download HijackThis:
    http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download
    Click on Download HijackThis Installer
    Post HijackTHis log.

    zrob_12

      Topic Starter


      Rookie

      Re: HELP basenados32 ???
      « Reply #18 on: June 08, 2008, 11:10:59 PM »
      Computer is acting up again. I'm running through the above process again. Thereafter, I'll post HijackThis.

      Broni


        Mastermind
      • Kraków my love :)
      • Thanked: 614
        • Computer Help Forum
      • Computer: Specs
      • Experience: Experienced
      • OS: Windows 8
      Re: HELP basenados32 ???
      « Reply #19 on: June 08, 2008, 11:20:40 PM »
      I thought, it would.
      You can actually go through a whole set:

      Print these instructions out.

      1. Download SUPERAntiSpyware Free for Home Users:
      http://www.superantispyware.com/

          * Double-click SUPERAntiSpyware.exe and use the default settings for installation.
          * An icon will be created on your desktop. Double-click that icon to launch the program.
          * If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here: http://www.superantispyware.com/definitions.html.)
          * Close SUPERAntiSpyware.

      PHYSICALLY DISCONNECT  FROM THE INTERNET

      Restart computer in Safe Mode.
      To enter Safe Mode, restart computer, and keep tapping F8 key, until menu appears; select Safe Mode; you'll see "Safe Mode" in all four corners of your screen

          * Open SUPERAntiSpyware.
          * Under "Configuration and Preferences", click the Preferences button.
          * Click the Scanning Control tab.
          * Under Scanner Options make sure the following are checked (leave all others unchecked):
                o Close browsers before scanning.
                o Scan for tracking cookies.
                o Terminate memory threats before quarantining.
          * Click the "Close" button to leave the control center screen.
          * Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
          * On the left, make sure you check C:\Fixed Drive.
          * On the right, under "Complete Scan", choose Perform Complete Scan.
          * Click "Next" to start the scan. Please be patient while it scans your computer.
          * After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
          * Make sure everything has a checkmark next to it and click "Next".
          * A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
          * If asked if you want to reboot, click "Yes".
          * To retrieve the removal information after reboot, launch SUPERAntispyware again.
                o Click Preferences, then click the Statistics/Logs tab.
                o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
                o If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
                o Please copy and paste the Scan Log results in your next reply.
          * Click Close to exit the program.
      Post SUPERAntiSpyware log.

      RECONNECT TO THE INTERNET

      RESTART COMPUTER!

      2. Download Malwarebytes' Anti-Malware: http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html to your desktop.

          * Double-click mbam-setup.exe and follow the prompts to install the program.
          * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
          * If an update is found, it will download and install the latest version.
          * Once the program has loaded, select Perform full scan, then click Scan.
          * When the scan is complete, click OK, then Show Results to view the results.
          * Be sure that everything is checked, and click Remove Selected.
          * When completed, a log will open in Notepad.
          * Post the log back here.

      The log can also be found here:
      C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
      Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

      RESTART COMPUTER!

      3. Download HijackThis:
      http://www.snapfiles.com/get/hijackthis.html
      Post HijackThis log.

      zrob_12

        Topic Starter


        Rookie

        Re: HELP basenados32 ???
        « Reply #20 on: June 08, 2008, 11:30:48 PM »
        Okay, so here's what's happening now. I tried to go through the repair link you told me and I am now at the Installing Windows screen and this has popped up:
        Windows cannot open this file:
        File:  rundll32.exe


        What now?

        Broni


          Mastermind
        • Kraków my love :)
        • Thanked: 614
          • Computer Help Forum
        • Computer: Specs
        • Experience: Experienced
        • OS: Windows 8
        Re: HELP basenados32 ???
        « Reply #21 on: June 08, 2008, 11:36:49 PM »
        Well, you may be headed to clean install.
        Do you have any important data there?
        Clean install: http://www.michaelstevenstech.com/cleanxpinstall.html

        ...and why you didn't post HJT log right away, when your computer was back up?

        zrob_12

          Topic Starter


          Rookie

          Re: HELP basenados32 ???
          « Reply #22 on: June 08, 2008, 11:40:41 PM »
          Sorry for not posting the log, after I activated Windows this morning, I ran SuperAntiSpyware then left for the day. When I came home, lots of viruses were found, so I removed them. After reboot, I couldn't click on or do anything so I decided to check back here...too late I guess.

          Yes, I have very important data. Is there anything else we can try first?

          Broni


            Mastermind
          • Kraków my love :)
          • Thanked: 614
            • Computer Help Forum
          • Computer: Specs
          • Experience: Experienced
          • OS: Windows 8
          Re: HELP basenados32 ???
          « Reply #23 on: June 08, 2008, 11:48:41 PM »
          Did you try to boot into Safe Mode?

          zrob_12

            Topic Starter


            Rookie

            Re: HELP basenados32 ???
            « Reply #24 on: June 08, 2008, 11:51:37 PM »
            Tried booting into Safe Mode and encountered the same problem.

            I am currently sitting at the Windows XP Installation page and cannot do anything until I address the rundll32.exe concern. Should I just do a hard reboot?

            Broni


              Mastermind
            • Kraków my love :)
            • Thanked: 614
              • Computer Help Forum
            • Computer: Specs
            • Experience: Experienced
            • OS: Windows 8
            Re: HELP basenados32 ???
            « Reply #25 on: June 08, 2008, 11:55:38 PM »
            My bed is waiting for me, so go for hard reboot, clean Windows CD, and try repair one more time.
            If that doesn't work, hook up hard drive in another computer as a slave, or in enclosure, retrieve data, and format.
            I'll check on you tomorrow, or maybe someone from "night shift" will chime in.

            zrob_12

              Topic Starter


              Rookie

              Re: HELP basenados32 ???
              « Reply #26 on: June 08, 2008, 11:57:17 PM »
              I'll give a try, thanks Broni

              zrob_12

                Topic Starter


                Rookie

                Re: HELP basenados32 ???
                « Reply #27 on: June 09, 2008, 06:35:01 AM »
                SUPERAntiSpyware Scan Log
                http://www.superantispyware.com

                Generated 06/09/2008 at 06:49 AM

                Application Version : 4.15.1000

                Core Rules Database Version : 3469
                Trace Rules Database Version: 1460

                Scan type       : Complete Scan
                Total Scan Time : 01:07:07

                Memory items scanned      : 151
                Memory threats detected   : 0
                Registry items scanned    : 5745
                Registry threats detected : 5
                File items scanned        : 61283
                File threats detected     : 3

                Unclassified.Unknown Origin
                   HKLM\Software\Classes\CLSID\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}
                   HKCR\CLSID\{6D794CB4-C7CD-4C6F-BFDC-9B77AFBDC02C}
                   HKCR\CLSID\{6D794CB4-C7CD-4C6F-BFDC-9B77AFBDC02C}\InprocServer32
                   HKCR\CLSID\{6D794CB4-C7CD-4C6F-BFDC-9B77AFBDC02C}\InprocServer32#ThreadingModel
                   C:\WINDOWS\SYSTEM32\VTUKIFEB.DLL
                   HKCR\CLSID\{6D794CB4-C7CD-4C6F-BFDC-9B77AFBDC02C}

                Adware.Tracking Cookie
                   C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
                   C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt

                zrob_12

                  Topic Starter


                  Rookie

                  Re: HELP basenados32 ???
                  « Reply #28 on: June 09, 2008, 06:36:13 AM »
                  Malwarebytes' Anti-Malware 1.15
                  Database version: 841

                  11:23:42 AM 6/9/2008
                  mbam-log-6-9-2008 (11-23-42).txt

                  Scan type: Full Scan (C:\|)
                  Objects scanned: 118306
                  Time elapsed: 35 minute(s), 42 second(s)

                  Memory Processes Infected: 0
                  Memory Modules Infected: 1
                  Registry Keys Infected: 28
                  Registry Values Infected: 2
                  Registry Data Items Infected: 0
                  Folders Infected: 4
                  Files Infected: 15

                  Memory Processes Infected:
                  (No malicious items detected)

                  Memory Modules Infected:
                  C:\WINDOWS\system32\__c001D801.dat (Trojan.Agent) -> Unloaded module successfully.

                  Registry Keys Infected:
                  HKEY_CLASSES_ROOT\Interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca} (Adware.PopCap) -> Quarantined and deleted successfully.
                  HKEY_CLASSES_ROOT\Interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe} (Adware.PopCap) -> Quarantined and deleted successfully.
                  HKEY_CLASSES_ROOT\Typelib\{c9c5deaf-0a1f-4660-8279-9edfad6fefe1} (Adware.PopCap) -> Quarantined and deleted successfully.
                  HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully.
                  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\c:/windows/downloaded program files/popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.
                  HKEY_CLASSES_ROOT\CLSID\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
                  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
                  HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully.
                  HKEY_CLASSES_ROOT\CLSID\{32341e7e-c319-46de-91d0-e30bb1a3caba} (Trojan.Vundo) -> Quarantined and deleted successfully.
                  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{90b5a95a-afd5-4d11-b9bd-a69d53d22226} (Adware.Hotbar) -> Quarantined and deleted successfully.
                  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8109fd3d-d891-4f80-8339-50a4913ace6f} (Adware.Zango) -> Quarantined and deleted successfully.
                  HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
                  HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
                  HKEY_CLASSES_ROOT\CLSID\{a4730ebe-43a6-443e-9776-36915d323ad3} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
                  HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
                  HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
                  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
                  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
                  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c001d801 (Trojan.Agent) -> Quarantined and deleted successfully.
                  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
                  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
                  HKEY_CURRENT_USER\Software\sbtv (Adware.Hotbar) -> Quarantined and deleted successfully.
                  HKEY_CURRENT_USER\Software\WinAntivirusPro (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
                  HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
                  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
                  HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
                  HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
                  HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.

                  Registry Values Infected:
                  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\Downloaded Program Files\popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.
                  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{32341e7e-c319-46de-91d0-e30bb1a3caba} (Trojan.Vundo) -> Quarantined and deleted successfully.

                  Registry Data Items Infected:
                  (No malicious items detected)

                  Folders Infected:
                  C:\Program Files\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
                  C:\Program Files\FunWebProducts\ScreenSaver (Adware.MyWebSearch) -> Quarantined and deleted successfully.
                  C:\Program Files\FunWebProducts\Shared (Adware.MyWebSearch) -> Quarantined and deleted successfully.
                  C:\Program Files\FunWebProducts\ScreenSaver\Images (Adware.MyWebSearch) -> Quarantined and deleted successfully.

                  Files Infected:
                  C:\WINDOWS\Downloaded Program Files\popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.
                  C:\Documents and Settings\Administrator\ftp34.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
                  C:\Documents and Settings\LocalService\ftp34.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
                  C:\Documents and Settings\mstark\Local Settings\Temporary Internet Files\Content.IE5\CZ67M40E\afj[1].exe (Trojan.Vundo) -> Quarantined and deleted successfully.
                  C:\WINDOWS\system32\ftp34.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
                  C:\Program Files\FunWebProducts\ScreenSaver\Images\19F43617.urr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
                  C:\WINDOWS\system32\__c001D801.dat (Trojan.Agent) -> Delete on reboot.
                  C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
                  C:\WINDOWS\system32\__c0020FB0.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
                  C:\Documents and Settings\mstark\Start Menu\Programs\WinAntivirusPro.lnk (Rogue.SpyRemover) -> Quarantined and deleted successfully.
                  C:\Documents and Settings\Administrator\Start Menu\Programs\WinAntivirusPro.lnk (Rogue.SpyRemover) -> Quarantined and deleted successfully.
                  C:\Documents and Settings\mstark\Application Data\Install.dat (Trojan.Agent) -> Quarantined and deleted successfully.
                  C:\Documents and Settings\mstark\Desktop\WinAntivirusPro.lnk (Rogue.Link) -> Quarantined and deleted successfully.
                  C:\Documents and Settings\mstark\Local Settings\Temp\cd1C3.tmp (Heuristics.Malware) -> Quarantined and deleted successfully.
                  C:\Documents and Settings\mstark\Desktop\Find And Fix Errors.lnk (Rogue.Link) -> Quarantined and deleted successfully.

                  zrob_12

                    Topic Starter


                    Rookie

                    Re: HELP basenados32 ???
                    « Reply #29 on: June 09, 2008, 06:37:44 AM »
                    Logfile of Trend Micro HijackThis v2.0.2
                    Scan saved at 11:26:55 AM, on 6/9/2008
                    Platform: Windows XP SP2 (WinNT 5.01.2600)
                    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
                    Boot mode: Normal

                    Running processes:
                    C:\WINDOWS\System32\smss.exe
                    C:\WINDOWS\system32\winlogon.exe
                    C:\WINDOWS\system32\services.exe
                    C:\WINDOWS\system32\lsass.exe
                    C:\WINDOWS\System32\Ati2evxx.exe
                    C:\WINDOWS\system32\svchost.exe
                    C:\WINDOWS\System32\svchost.exe
                    C:\WINDOWS\system32\svchost.exe
                    C:\WINDOWS\system32\spoolsv.exe
                    C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
                    C:\Program Files\iWin Games\iWinGamesInstaller.exe
                    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
                    C:\UPS\WSTD\MSSQL$UPSWSDBSERVER\Binn\sqlservr.exe
                    C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
                    C:\Program Files\Trend Micro\BM\TMBMSRV.exe
                    C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
                    C:\WINDOWS\system32\Ati2evxx.exe
                    C:\WINDOWS\Explorer.EXE
                    C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
                    C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
                    C:\WINDOWS\system32\ctfmon.exe
                    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
                    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
                    C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
                    C:\UPS\WSTD\WSTDMessaging.exe
                    C:\WINDOWS\system32\userinit.exe
                    C:\WINDOWS\system32\wuauclt.exe
                    C:\Program Files\Trend Micro\TrendSecure\TSCFCommander.exe
                    C:\Program Files\Trend Micro\TrendSecure\TSCFPlatformCOMSvr.exe
                    C:\Documents and Settings\Administrator\Desktop\HiJackThis.exe

                    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
                    O2 - BHO: (no name) - {6528C5A4-3DAC-4EE2-B7BA-9D6AA3053C9F} - C:\WINDOWS\system32\fccdedCu.dll (file missing)
                    O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll (file missing)
                    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
                    O2 - BHO: (no name) - {C0690CA5-C80B-4F09-8DAA-31C0924AE1B9} - C:\PROGRA~1\NETFIL~1\NETFIL~1.DLL
                    O2 - BHO: TransactionProtector BHO - {C1656CCA-D2EA-4A32-94AE-AE0B180E6449} - C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll
                    O2 - BHO: {4ed99217-bff1-182a-d164-8d9111d6e31d} - {d13e6d11-19d8-461d-a281-1ffb71299de4} - C:\WINDOWS\system32\naagolro.dll (file missing)
                    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (file missing)
                    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
                    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
                    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
                    O3 - Toolbar: Transaction Protector - {E7620C98-FCCC-40E5-92EC-C7685D2E1E40} - C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll
                    O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
                    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
                    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
                    O4 - HKUS\S-1-5-18\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe (User 'SYSTEM')
                    O4 - HKUS\S-1-5-18\..\Run: [autoload] C:\Documents and Settings\LocalService\cftmon.exe (User 'SYSTEM')
                    O4 - HKUS\.DEFAULT\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe (User 'Default user')
                    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
                    O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
                    O4 - Global Startup: UPS WorldShip Messaging Utility.lnk = C:\UPS\WSTD\WSTDMessaging.exe
                    O4 - Global Startup: UPS WorldShip PLD Reminder Utility.lnk = C:\UPS\WSTD\wstdPldReminder.exe
                    O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
                    O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
                    O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
                    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
                    O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
                    O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
                    O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
                    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
                    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
                    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
                    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
                    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
                    O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
                    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
                    O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - https://secure.netlinksolution.com/includes/icaweb.cab
                    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
                    O16 - DPF: {485D813E-EE26-4DF8-9FAF-DEDF2885306E} (NSHelp Class) - http://moengco-srv0/connectcomputer/nshelp.dll
                    O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
                    O16 - DPF: {49E67060-2C0D-415E-94C7-52A49F73B2F1} (CPlayFirstPiratePoppersControl Object) - http://zone.msn.com/bingame/pppp/default/PiratePoppers.1.0.0.39.cab
                    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://mel-stark.spaces.live.com//PhotoUpload/MsnPUpld.cab
                    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
                    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
                    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
                    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = moengco.local
                    O17 - HKLM\Software\..\Telephony: DomainName = moengco.local
                    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = moengco.local
                    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = moengco.local
                    O20 - Winlogon Notify: rqRHxwUm - rqRHxwUm.dll (file missing)
                    O20 - Winlogon Notify: vtUkifeb - vtUkifeb.dll (file missing)
                    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
                    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
                    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
                    O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
                    O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
                    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
                    O23 - Service: F-Prot Antivirus Update Monitor - Unknown owner - C:\Program Files\FSI\F-Prot\fpavupdm.exe (file missing)
                    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
                    O23 - Service: iWinGamesInstaller - iWin Inc. - C:\Program Files\iWin Games\iWinGamesInstaller.exe
                    O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
                    O23 - Service: LiveUpdate Notice - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
                    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZipm12.exe
                    O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
                    O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe (file missing)
                    O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
                    O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
                    O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe

                    --
                    End of file - 10175 bytes