Welcome Guest ( Log In | Register )

      
Discover the best free computer help!
Learn more about Geeks to Go by taking the tour. Spyware, virus, trojan, fake security or privacy alerts? Read the malware cleaning guide.
 
 Closed TopicStart new topic
Spyware (HJT log attached) [CLOSED]
icystorm
post Aug 26 2008, 02:51 PM
Post #1


Member
**
Posts: 61
OS: XP
Recently, i am gettin ga periodic voice spam "Congratulations, you have been selected to receive a 1000 dollar wallmart giftcard" repeantedly.

In addition, my computer is often depleted after awhile.

Please kindly help me fix this.

Many thanks.



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:51:05, on 27/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\samsung\Samsung Network Manager\SNMWLANService.exe
C:\Program Files\SRS Labs\WOWXT and TSXT Driver\SRS_PostInstaller.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Phoenix Technologies Ltd\RecoverPro_XP\VBPTASK.EXE
C:\Program Files\Samsung\AVStation Premium 3.75\AVSAgent.exe
C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\PROGRA~1\CYBERL~1\INSTAN~1\Win2K\IBurn.exe
C:\Program Files\Samsung\DisplayManager\DisplayManager.exe
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\SAMSUNG\MagicKBD\MagicKBD.exe
C:\WINDOWS\System\svchost.exe
C:\WINDOWS\vsnpstd.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqnrs08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\W2wUn3QO.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
c:\program files\internet explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\881903\IETOOLBAR\AudioUpdMgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\881903\IETOOLBAR\AudioUpdMgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\HPZinw12.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Hong Kong Toolbar - {481EE3EC-C026-4F9A-BA22-FD07654ADFC0} - C:\Program Files\881903\IETOOLBAR\IEToolBar.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [MagicKeyboard] C:\Program Files\SAMSUNG\MagicKBD\PreMKBD.exe
O4 - HKLM\..\Run: [RestoreIT!] "C:\Program Files\Phoenix Technologies Ltd\RecoverPro_XP\VBPTASK.EXE" VBStart
O4 - HKLM\..\Run: [DisplayManager] C:\Program Files\Samsung\DisplayManager\DMLoader.exe
O4 - HKLM\..\Run: [AVStation Premium 3.75] C:\Program Files\Samsung\AVStation Premium 3.75\AVSAgent.exe
O4 - HKLM\..\Run: [BatteryManager] C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [B'sCLiP] C:\PROGRA~1\CYBERL~1\INSTAN~1\Win2K\IBurn.exe
O4 - HKLM\..\Run: [Name of App] C:\Program Files\SAMSUNG\FW LiveUpdate\Liveupdate.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System\dumprep.exe
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System\svchost.exe
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Power2GoExpress] NA
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\IGN\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {072EE960-BBC2-4B20-A2A0-1EE882B6DF7A} (TeleQuote TQJava) - http://www.tq.net/61/tqjavainstall.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O18 - Protocol: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: cdl - {3DD53D40-7B8B-11D0-B013-00AA0059CE02} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll
O18 - Protocol: file - {79EAC9E7-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ftp - {79EAC9E3-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: gopher - {79EAC9E4-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: http - {79EAC9E2-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: https - {79EAC9E5-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ipp - (no CLSID) - (no file)
O18 - Protocol: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll
O18 - Protocol: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: local - {79EAC9E7-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: mailto - {3050F3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: mhtml - {05300401-BCBC-11D0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll
O18 - Protocol: mk - {79EAC9E6-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL
O18 - Protocol: msdaipp - (no CLSID) - (no file)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
O18 - Protocol: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: sysimage - {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll
O18 - Protocol: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour 服? (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: iPod 服務 (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Samsung Update Plus - Unknown owner - C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe
O23 - Service: SNM WLAN Service - Unknown owner - C:\Program Files\samsung\Samsung Network Manager\SNMWLANService.exe
O23 - Service: SRS PostInstaller Service (SRS_PostInstaller) - SRS Labs, Inc. - C:\Program Files\SRS Labs\WOWXT and TSXT Driver\SRS_PostInstaller.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--
End of file - 15652 bytes
Go to the top of the page
 
+Quote Post
icystorm
post Aug 26 2008, 04:47 PM
Post #2


Member
**
Posts: 61
OS: XP
can someone please help me on this...?
Go to the top of the page
 
+Quote Post
SpySentinel
post Aug 26 2008, 05:27 PM
Post #3


Trusted Helper
Group Icon
Posts: 1,630
From: The United States
OS: Windows XP SP2
Hey icystorm,

Welcome to Geeks to Go! My name is SpySentinel and I will be helping you fix your computer problem.

Take note that I'm still in training, and my posts will have to be checked by an expert. This may cause delays in between my responses, I ask for your patience. Please stick with me until we get your computer cleaned up.

I'm currently analyzing your log now, and I'll post back with a fix ASAP. Thanks for your patience.

Also for in the future, if you reply to your own log, it may get over looked. We look for logs with no replies and we try to work from oldest to newest, so if you reply to your own log, we may think you are being helped, and we may skip you.
Go to the top of the page
 
+Quote Post
SpySentinel
post Aug 28 2008, 05:41 PM
Post #4


Trusted Helper
Group Icon
Posts: 1,630
From: The United States
OS: Windows XP SP2
Sorry for the delay.


Please download Runscanner to your desktop and run it.
  • When the first page comes up select Beginner Mode
  • On the next page select Save a binary .Run file (Recommended) then click Start full scan at the top.
  • At this time Runscanner.exe may request access to the Internet through your firewall please allow it to do so, it will then run for two or three minutes.
  • On completion it will ask for a location to save the file and a name. It will do this for both the .run file and the log file
  • Call the .run file "Select a name" and save it to your desktop. You will see the .run file on your desktop. Upload that file here.


  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
Go to the top of the page
 
+Quote Post
icystorm
post Aug 28 2008, 07:58 PM
Post #5


Member
**
Posts: 61
OS: XP
Runscanner logfile http://www.runscanner.net

* = signed file
- = file not found

General info
------------
Computer name : MUIS_NB
Creation time : 29/8/2008 9:48:23
Hosts <> 127.0.0.1 : 1
Hosts file location : %SystemRoot%\System32\drivers\etc
IE version : 7.0.5730.11
OS : Microsoft Windows XP
OS Build : 2600
OS SP : Service Pack 2
RunScanner Version : 1.7.0.0
User Language : Chinese (Hong Kong S.A.R.)
User rights : Administrator
Windows folder : C:\WINDOWS

Running processes
-----------------
* C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft)
* C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
* C:\WINDOWS\System32\alg.exe (Microsoft Corporation)
C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe (Ulead Systems, Inc.)
* C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE (Symantec Corporation)
* C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (Symantec Corporation)
C:\Program Files\Samsung\AVStation Premium 3.75\AVSAgent.exe
C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE (Broadcom Corporation.)
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation.)
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
C:\WINDOWS\vsnpstd.exe
* C:\WINDOWS\system32\csrss.exe (Microsoft Corporation)
* C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
C:\Program Files\Samsung\DisplayManager\DisplayManager.exe (SAMSUNG)
* C:\WINDOWS\system32\svchost.exe (Microsoft Corporation)
* C:\WINDOWS\system32\svchost.exe (Microsoft Corporation)
* C:\WINDOWS\system32\svchost.exe (Microsoft Corporation)
* C:\WINDOWS\system32\svchost.exe (Microsoft Corporation)
* C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
* C:\WINDOWS\system32\svchost.exe (Microsoft Corporation)
* C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Development Company, L.P.)
* C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
* C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe (Hewlett-Packard Development Company, L.P.)
* C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Development Company, L.P.)
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqnrs08.exe (Hewlett-Packard Development Company, L.P.)
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe (Hewlett-Packard)
* C:\WINDOWS\system32\HPZinw12.exe (HP)
* C:\WINDOWS\system32\igfxext.exe (Intel Corporation)
* C:\WINDOWS\system32\igfxsrvc.exe (Intel Corporation)
* C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
C:\PROGRA~1\CYBERL~1\INSTAN~1\Win2K\IBurn.exe (CyberLink Corporation.)
* C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
* C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
* C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
* C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
* C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (Symantec Corporation)
* C:\WINDOWS\system32\lsass.exe (Microsoft Corporation)
C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
* C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
C:\Program Files\SAMSUNG\MagicKBD\MagicKBD.exe (SAMSUNG Electronics Co., Ltd.)
* C:\Program Files\MSN Messenger\MsnMsgr.Exe (Microsoft Corporation)
* C:\Program Files\MSN Messenger\usnsvc.exe (Microsoft Corporation)
* C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
* C:\Documents and Settings\Samsung\Desktop\RunScanner.exe (Runscanner.net)
C:\Program Files\SRS Labs\WOWXT and TSXT Driver\SRS_PostInstaller.exe (SRS Labs, Inc.)
* C:\WINDOWS\system32\services.exe (Microsoft Corporation)
* C:\Program Files\Skype\Phone\Skype.exe
* C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
C:\Program Files\samsung\Samsung Network Manager\SNMWLANService.exe
* C:\WINDOWS\AGRSMMSG.exe (Agere Systems)
* C:\WINDOWS\system32\spoolsv.exe (Microsoft Corporation)
C:\WINDOWS\System\svchost.exe
* C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe (Symantec Corporation)
* C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
* C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
* C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
* C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
C:\Program Files\Teamspeak2_RC2\TeamSpeak.exe (Dominating Bytes Design)
* C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
C:\Program Files\Phoenix Technologies Ltd\RecoverPro_XP\VBPTASK.EXE (FarStone Tech. Inc.)
* C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
* C:\WINDOWS\system32\winlogon.exe (Microsoft Corporation)
* c:\windows\System32\smss.exe (Microsoft Corporation)
* C:\WINDOWS\system32\wuauclt.exe (Microsoft Corporation)

Unrated items
-------------
002 C:\Program Files\Samsung\AVStation Premium 3.75\AVSAgent.exe
002 C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe
002 C:\PROGRA~1\CYBERL~1\INSTAN~1\Win2K\IBurn.exe (CyberLink Corporation.)
002 C:\Program Files\Samsung\DisplayManager\DMLoader.exe (SAMSUNG)
002 C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Development Company, L.P.)
002 C:\Program Files\SAMSUNG\MagicKBD\PreMKBD.exe
002 C:\WINDOWS\System\svchost.exe
002 C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
002 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
002 C:\Program Files\Phoenix Technologies Ltd\RecoverPro_XP\VBPTASK.EXE (FarStone Tech. Inc.)
002 C:\WINDOWS\vsnpstd.exe
002 C:\Program Files\Analog Devices\SoundMAX\Smax4.exe (Analog Devices, Inc.)
002 C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe (Ulead Systems, Inc.)
003 * C:\Program Files\IGN\Download Manager\DLM.exe (IGN Entertainment)
003 * C:\Program Files\Skype\Phone\Skype.exe
005 C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
005 C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
005 * C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Development Company, L.P.)
005 C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe (Hewlett-Packard)
010 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (ASP.NET State Service)
010 C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe (Bluetooth Service)
010 C:\Program Files\Bonjour\mDNSResponder.exe (Bonjour 服务)
010 C:\Program Files\CyberLink\Shared Files\RichVideo.exe (Cyberlink RichVideo Service(CRVS))
010 C:\Program Files\Common Files\LightScribe\LSSrvc.exe (LightScribeService Direct Disc Labeling Service)
010 C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe (Samsung Update Plus)
010 C:\Program Files\samsung\Samsung Network Manager\SNMWLANService.exe (SNM WLAN Service)
010 C:\Program Files\SRS Labs\WOWXT and TSXT Driver\SRS_PostInstaller.exe (SRS PostInstaller Service)
011 C:\WINDOWS\system32\drivers\BsStor.sys (B.H.A Storage Helper Driver)
011 C:\WINDOWS\system32\drivers\BsUDF.sys (B.H.A UDF Filesystem)
011 C:\WINDOWS\system32\DRIVERS\btkrnl.sys (Bluetooth Bus Enumerator)
011 C:\WINDOWS\system32\drivers\btserial.sys (Bluetooth Serial Driver)
011 C:\WINDOWS\system32\drivers\FBAPI.sys (FBAPI)
011 * C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys (GEARAspiWDM)
011 C:\WINDOWS\system32\MEMIO.SYS (MEMIO)
011 C:\WINDOWS\system32\drivers\RITCPT.sys (RITCPT)
011 C:\WINDOWS\system32\DRIVERS\SUE_PD.sys (SUE NDIS Protocol Driver)
011 C:\WINDOWS\system32\DRIVERS\snpstd.sys (USB PC Camera (SN9C101))
011 C:\WINDOWS\system32\drivers\VVBackd5.sys (VVBackd5)
011 C:\WINDOWS\System32\Drivers\btwusb.sys (WIDCOMM USB Bluetooth Driver)
011 C:\WINDOWS\system32\drivers\wowfilter.sys (WOW XT Filter Driver)
030 C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation) {1E66F26B-79EE-11D2-8710-00C04F79ED0D}
030 C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation) {1E66F26B-79EE-11D2-8710-00C04F79ED0D}
030 C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation) {1E66F26B-79EE-11D2-8710-00C04F79ED0D}
031 C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation) {0A9007C0-4076-11D3-8789-0000F8105754}
035 C:\WINDOWS\system32\mscories.dll (Microsoft Corporation) {89B4C1CD-B018-4511-B0A1-5476DBF70820}
052 GUID / CLSID not found {7E853D72-626A-48EC-A868-BA8D5E23E045}
061 C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation) {1D2680C9-0E2A-469d-B787-065558BC7D43}
061 C:\WINDOWS\system32\btneighborhood.dll (Broadcom Corporation.) {6af09ec9-b429-11d4-a1fb-0090960218cb}
061 C:\Program Files\VDMSound\LaunchPad.dll {64BC5640-700F-4E7E-8462-D3092DD74B0F}
061 C:\Program Files\WinRAR\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}
062 C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll (Adobe Systems, Inc.) {F9DB5320-233E-11D1-9F84-707F02C10627}
069 C:\WINDOWS\system32\bthcrp.dll (Broadcom Corporation.)
069 C:\WINDOWS\system32\HpTcpMon.dll (Hewlett Packard)
069 C:\WINDOWS\system32\mdimon.dll (Microsoft Corporation)
073 At1.job : C:\WINDOWS\system32\2QT1S2QP.exe
073 At10.job : C:\WINDOWS\system32\2QT1S2QP.exe
073 At11.job : C:\WINDOWS\system32\2QT1S2QP.exe
073 At12.job : C:\WINDOWS\system32\2QT1S2QP.exe
073 At13.job : C:\WINDOWS\system32\2QT1S2QP.exe
073 At14.job : C:\WINDOWS\system32\2QT1S2QP.exe
073 At15.job : C:\WINDOWS\system32\2QT1S2QP.exe
073 At16.job : C:\WINDOWS\system32\2QT1S2QP.exe
073 At17.job : C:\WINDOWS\system32\2QT1S2QP.exe
073 At18.job : C:\WINDOWS\system32\2QT1S2QP.exe
073 At19.job : C:\WINDOWS\system32\2QT1S2QP.exe
073 At2.job : C:\WINDOWS\system32\2QT1S2QP.exe
073 At20.job : C:\WINDOWS\system32\2QT1S2QP.exe
073 At21.job : C:\WINDOWS\system32\2QT1S2QP.exe
073 At22.job : C:\WINDOWS\system32\2QT1S2QP.exe
073 At23.job : C:\WINDOWS\system32\2QT1S2QP.exe
073 At24.job : C:\WINDOWS\system32\2QT1S2QP.exe
073 At25.job : C:\WINDOWS\system32\W2wUn3QO.exe
073 At26.job : C:\WINDOWS\system32\W2wUn3QO.exe
073 At27.job : C:\WINDOWS\system32\W2wUn3QO.exe
073 At28.job : C:\WINDOWS\system32\W2wUn3QO.exe
073 At29.job : C:\WINDOWS\system32\W2wUn3QO.exe
073 At3.job : C:\WINDOWS\system32\2QT1S2QP.exe
073 At30.job : C:\WINDOWS\system32\W2wUn3QO.exe
073 At31.job : C:\WINDOWS\system32\W2wUn3QO.exe
073 At32.job : C:\WINDOWS\system32\W2wUn3QO.exe
073 At33.job : C:\WINDOWS\system32\W2wUn3QO.exe
073 At34.job : C:\WINDOWS\system32\W2wUn3QO.exe
073 At35.job : C:\WINDOWS\system32\W2wUn3QO.exe
073 At36.job : C:\WINDOWS\system32\W2wUn3QO.exe
073 At37.job : C:\WINDOWS\system32\W2wUn3QO.exe
073 At38.job : C:\WINDOWS\system32\W2wUn3QO.exe
073 At39.job : C:\WINDOWS\system32\W2wUn3QO.exe
073 At4.job : C:\WINDOWS\system32\2QT1S2QP.exe
073 At40.job : C:\WINDOWS\system32\W2wUn3QO.exe
073 At41.job : C:\WINDOWS\system32\W2wUn3QO.exe
073 At42.job : C:\WINDOWS\system32\W2wUn3QO.exe
073 At43.job : C:\WINDOWS\system32\W2wUn3QO.exe
073 At44.job : C:\WINDOWS\system32\W2wUn3QO.exe
073 At45.job : C:\WINDOWS\system32\W2wUn3QO.exe
073 At46.job : C:\WINDOWS\system32\W2wUn3QO.exe
073 At47.job : C:\WINDOWS\system32\W2wUn3QO.exe
073 At48.job : C:\WINDOWS\system32\W2wUn3QO.exe
073 At5.job : C:\WINDOWS\system32\2QT1S2QP.exe
073 At6.job : C:\WINDOWS\system32\2QT1S2QP.exe
073 At7.job : C:\WINDOWS\system32\2QT1S2QP.exe
073 At8.job : C:\WINDOWS\system32\2QT1S2QP.exe
073 At9.job : C:\WINDOWS\system32\2QT1S2QP.exe
100 ProxyOverride HKCU : <local>;*.local
100 ProxyServer HKCU : 80.227.0.156:80
100 Start Page HKCU : http://www.biz.netvigator.com/
104 C:\WINDOWS\system32\MSJAVA.DLL (Microsoft Corporation) {072EE960-BBC2-4B20-A2A0-1EE882B6DF7A}
104 * C:\WINDOWS\Downloaded Program Files\ImageUploader5.ocx (Facebook, Inc.) {0CCA191D-13A6-4E29-B746-314DEE697D83}
104 * C:\WINDOWS\Downloaded Program Files\FacebookPhotoUploader.ocx (The Facebook) {5F8469B4-B055-49DD-83F7-62B522420ECC}
104 * C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.) {67DABFBF-D0AB-41FA-9C46-CC0F21721616}
104 GUID / CLSID not found {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
104 C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll (Sun Microsystems, Inc.) {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}
105 E&xport to Microsoft Excel : res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
105 Send to &Bluetooth Device... : C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
107 C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
173 C:\Program Files\WinRAR\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}
221 C:\Program Files\WinRAR\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}
225 C:\Program Files\WinRAR\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}
225 C:\Program Files\WinRAR\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}
227 C:\Program Files\WinRAR\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}
231 C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll (Adobe Systems, Inc.) PDF Column Info

Missing files
-------------
002 C:\Program Files\SAMSUNG\FW LiveUpdate\Liveupdate.exe
002 C:\WINDOWS\System\dumprep.exe
003 NA
011 C:\WINDOWS\system32\drivers\Abiosdsk.sys
011 C:\WINDOWS\system32\drivers\AliIde.sys
011 C:\WINDOWS\system32\drivers\Atdisk.sys
011 C:\WINDOWS\system32\drivers\Changer.sys
011 C:\WINDOWS\system32\drivers\lbrtfdc.sys
011 C:\WINDOWS\system32\drivers\PCIDump.sys
011 C:\WINDOWS\system32\drivers\PDCOMP.sys
011 C:\WINDOWS\system32\drivers\PDFRAME.sys
011 C:\WINDOWS\system32\drivers\PDRELI.sys
011 C:\WINDOWS\system32\drivers\PDRFRAME.sys
011 C:\WINDOWS\system32\drivers\Simbad.sys
011 C:\WINDOWS\system32\drivers\WDICA.sys
052 C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
061 deskpan.dll
Go to the top of the page
 
+Quote Post
icystorm
post Aug 28 2008, 07:59 PM
Post #6


Member
**
Posts: 61
OS: XP
Logfile of random's system information tool (written by random/random)
Run by Samsung at 2008-08-29 09:57:46
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 34 GB (59%) free of 59 GB
Total RAM: 1014 MB (39% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:57:49, on 29/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\samsung\Samsung Network Manager\SNMWLANService.exe
C:\Program Files\SRS Labs\WOWXT and TSXT Driver\SRS_PostInstaller.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Phoenix Technologies Ltd\RecoverPro_XP\VBPTASK.EXE
C:\Program Files\Samsung\AVStation Premium 3.75\AVSAgent.exe
C:\Program Files\Samsung\DisplayManager\DisplayManager.exe
C:\Program Files\SAMSUNG\MagicKBD\MagicKBD.exe
C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\PROGRA~1\CYBERL~1\INSTAN~1\Win2K\IBurn.exe
C:\WINDOWS\vsnpstd.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqnrs08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Teamspeak2_RC2\TeamSpeak.exe
C:\Documents and Settings\Samsung\Desktop\RunScanner.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\HPZinw12.exe
C:\Documents and Settings\Samsung\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Samsung.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [MagicKeyboard] C:\Program Files\SAMSUNG\MagicKBD\PreMKBD.exe
O4 - HKLM\..\Run: [RestoreIT!] "C:\Program Files\Phoenix Technologies Ltd\RecoverPro_XP\VBPTASK.EXE" VBStart
O4 - HKLM\..\Run: [DisplayManager] C:\Program Files\Samsung\DisplayManager\DMLoader.exe
O4 - HKLM\..\Run: [AVStation Premium 3.75] C:\Program Files\Samsung\AVStation Premium 3.75\AVSAgent.exe
O4 - HKLM\..\Run: [BatteryManager] C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [B'sCLiP] C:\PROGRA~1\CYBERL~1\INSTAN~1\Win2K\IBurn.exe
O4 - HKLM\..\Run: [Name of App] C:\Program Files\SAMSUNG\FW LiveUpdate\Liveupdate.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System\dumprep.exe
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System\svchost.exe
O4 - HKCU\..\Run: [Power2GoExpress] NA
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\IGN\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {072EE960-BBC2-4B20-A2A0-1EE882B6DF7A} (TeleQuote TQJava) - http://www.tq.net/61/tqjavainstall.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour 服? (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: iPod 服務 (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Samsung Update Plus - Unknown owner - C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe
O23 - Service: SNM WLAN Service - Unknown owner - C:\Program Files\samsung\Samsung Network Manager\SNMWLANService.exe
O23 - Service: SRS PostInstaller Service (SRS_PostInstaller) - SRS Labs, Inc. - C:\Program Files\SRS Labs\WOWXT and TSXT Driver\SRS_PostInstaller.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--
End of file - 13056 bytes

Scheduled tasks folder

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\At1.job
C:\WINDOWS\tasks\At10.job
C:\WINDOWS\tasks\At11.job
C:\WINDOWS\tasks\At12.job
C:\WINDOWS\tasks\At13.job
C:\WINDOWS\tasks\At14.job
C:\WINDOWS\tasks\At15.job
C:\WINDOWS\tasks\At16.job
C:\WINDOWS\tasks\At17.job
C:\WINDOWS\tasks\At18.job
C:\WINDOWS\tasks\At19.job
C:\WINDOWS\tasks\At2.job
C:\WINDOWS\tasks\At20.job
C:\WINDOWS\tasks\At21.job
C:\WINDOWS\tasks\At22.job
C:\WINDOWS\tasks\At23.job
C:\WINDOWS\tasks\At24.job
C:\WINDOWS\tasks\At25.job
C:\WINDOWS\tasks\At26.job
C:\WINDOWS\tasks\At27.job
C:\WINDOWS\tasks\At28.job
C:\WINDOWS\tasks\At29.job
C:\WINDOWS\tasks\At3.job
C:\WINDOWS\tasks\At30.job
C:\WINDOWS\tasks\At31.job
C:\WINDOWS\tasks\At32.job
C:\WINDOWS\tasks\At33.job
C:\WINDOWS\tasks\At34.job
C:\WINDOWS\tasks\At35.job
C:\WINDOWS\tasks\At36.job
C:\WINDOWS\tasks\At37.job
C:\WINDOWS\tasks\At38.job
C:\WINDOWS\tasks\At39.job
C:\WINDOWS\tasks\At4.job
C:\WINDOWS\tasks\At40.job
C:\WINDOWS\tasks\At41.job
C:\WINDOWS\tasks\At42.job
C:\WINDOWS\tasks\At43.job
C:\WINDOWS\tasks\At44.job
C:\WINDOWS\tasks\At45.job
C:\WINDOWS\tasks\At46.job
C:\WINDOWS\tasks\At47.job
C:\WINDOWS\tasks\At48.job
C:\WINDOWS\tasks\At5.job
C:\WINDOWS\tasks\At6.job
C:\WINDOWS\tasks\At7.job
C:\WINDOWS\tasks\At8.job
C:\WINDOWS\tasks\At9.job
C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - Samsung.job

Registry dump

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll [2006-11-09 440056]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar3.dll [2007-01-19 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll [2007-06-17 325048]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar3.dll [2007-01-19 2403392]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2005-12-14 98304]
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2005-12-14 77824]
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2005-12-14 118784]
"High Definition Audio Property Page Shortcut"=C:\WINDOWS\system32\HDAShCut.exe [2005-01-08 61952]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2005-05-20 925696]
"SoundMAX"=C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [2005-07-27 716800]
"SynTPLpr"=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [2005-02-02 102492]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2005-02-02 692316]
"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2005-12-12 88204]
"MagicKeyboard"=C:\Program Files\SAMSUNG\MagicKBD\PreMKBD.exe [2005-04-12 151552]
"farstone"= []
"RestoreIT!"=C:\Program Files\Phoenix Technologies Ltd\RecoverPro_XP\VBPTASK.EXE [2004-09-23 114688]
"DisplayManager"=C:\Program Files\Samsung\DisplayManager\DMLoader.exe [2005-11-17 356352]
"AVStation Premium 3.75"=C:\Program Files\Samsung\AVStation Premium 3.75\AVSAgent.exe [2006-04-28 155648]
"BatteryManager"=C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe [2006-04-26 2764800]
"RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2004-11-03 32768]
"B'sCLiP"=C:\PROGRA~1\CYBERL~1\INSTAN~1\Win2K\IBurn.exe [2005-12-01 700416]
"Name of App"=C:\Program Files\SAMSUNG\FW LiveUpdate\Liveupdate.exe []
"IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-04 208952]
"MSPY2002"=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [2004-08-04 59392]
"PHIME2002ASync"=C:\WINDOWS\System\dumprep.exe []
"snpstd"=C:\WINDOWS\vsnpstd.exe [2004-06-10 286720]
"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2007-01-09 115816]
"osCheck"=C:\Program Files\Norton AntiVirus\osCheck.exe [2006-09-06 26248]
"Ulead AutoDetector v2"=C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe [2006-11-29 90112]
"HP Software Update"=C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe [2006-02-19 49152]
"Symantec PIF AlertEng"=C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [2007-11-28 583048]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-07-10 116040]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-05-27 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-07-10 289064]
"PHIME2002A"=C:\WINDOWS\System\svchost.exe [2008-08-04 40960]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress"=NA []
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2006-11-24 19988008]
"MsnMsgr"=C:\Program Files\MSN Messenger\MsnMsgr.Exe [2007-01-19 5674352]
"igndlm.exe"=C:\Program Files\IGN\Download Manager\DLM.exe [2007-03-05 1103480]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-06-17 68856]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
HP Digital Imaging Monitor.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-12-14 135168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dll schannel.dll digest.dll msnsspc.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Internet Explorer\IEXPLORE.EXE"="C:\Program Files\Internet Explorer\IEXPLORE.EXE:*:Enabled:Internet Explorer"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\MSN Messenger\msncall.exe"="C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\Program Files\PPMate\PPMate\ppmate.exe"="C:\Program Files\PPMate\PPMate\ppmate.exe:*:Enabled:PPMate"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"D:\setup\HPZNET01.EXE"="D:\setup\HPZNET01.EXE:*:Enabled:hpznet01.exe"
"D:\setup\HPONICIFS01.EXE"="D:\setup\HPONICIFS01.EXE:*:Enabled:hponicifs01.exe"
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposid01.exe"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\