The other day i found OuterInfo when I was going through the "Remov/Add" function and stumbled on here. I followed the instructions by MrCharlie and then all the instructions under the topic "Hijack This Log" and I've saved all of the logs that were produced, but i'm not sure what to do now. My computer is definitely not back to normal because it keeps freezing every few minutes and then come back. The good news is I haven't seen any more pop up since i did the Outerinfo uninstall. Please advise. Thanks in advance. Lisa
1. Did the AFT Cleaner with no problems
2.AVG Anti-Spyware said "no reports available" so no "save report as" function for me. This is a an assumed good thing?
3. SUPERAntiSpyware Home Edition said something along the lines of " nothing harmful is detected" so I've uninstalled the progam
4. Did the online scan and the ActiveScan the log is below
5. Log for Combo fix is below
6. HiJack Log is below along with uninstall list
ActiveScan Report
Incident Status Location
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Boo Boo\Application Data\Mozilla\Firefox\Profiles\p18t1lwc.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Boo Boo\Application Data\Mozilla\Firefox\Profiles\p18t1lwc.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Boo Boo\Application Data\Mozilla\Firefox\Profiles\p18t1lwc.default\cookies.txt[.advertising.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Boo Boo\Application Data\Mozilla\Firefox\Profiles\p18t1lwc.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Boo Boo\Application Data\Mozilla\Firefox\Profiles\p18t1lwc.default\cookies.txt[.advertising.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Boo Boo\Application Data\Mozilla\Firefox\Profiles\p18t1lwc.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Boo Boo\Application Data\Mozilla\Firefox\Profiles\p18t1lwc.default\cookies.txt[.advertising.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Boo Boo\Application Data\Mozilla\Firefox\Profiles\p18t1lwc.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Boo Boo\Application Data\Mozilla\Firefox\Profiles\p18t1lwc.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Boo Boo\Application Data\Mozilla\Firefox\Profiles\p18t1lwc.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\Boo Boo\Application Data\Mozilla\Firefox\Profiles\p18t1lwc.default\cookies.txt[.888.com/]
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\Boo Boo\Application Data\Mozilla\Firefox\Profiles\p18t1lwc.default\cookies.txt[.adserver.easyad.info/]
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Boo Boo\Application Data\Mozilla\Firefox\Profiles\p18t1lwc.default\cookies.txt[.apmebf.com/]
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Boo Boo\Application Data\Mozilla\Firefox\Profiles\p18t1lwc.default\cookies.txt[.adultfriendfinder.com/]
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Boo Boo\Application Data\Mozilla\Firefox\Profiles\p18t1lwc.default\cookies.txt[.xiti.com/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Boo Boo\Application Data\Mozilla\Firefox\Profiles\p18t1lwc.default\cookies.txt[.atwola.com/]
Spyware:Cookie/DomainSponsor Not disinfected C:\Documents and Settings\Boo Boo\Application Data\Mozilla\Firefox\Profiles\p18t1lwc.default\cookies.txt[landing.domainsponsor.com/]
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\Boo Boo\Cookies\boo boo@888[1].txt
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\Boo Boo\Cookies\boo boo@888[2].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Boo Boo\Cookies\boo [email protected][1].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Boo Boo\Cookies\boo boo@advertising[1].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Boo Boo\Cookies\boo boo@burstnet[2].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Boo Boo\Cookies\boo boo@casalemedia[2].txt
Spyware:Cookie/Cassava Not disinfected C:\Documents and Settings\Boo Boo\Cookies\boo boo@cassava[1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Boo Boo\Cookies\boo boo@doubleclick[1].txt
Spyware:Cookie/Findwhat Not disinfected C:\Documents and Settings\Boo Boo\Cookies\boo boo@findwhat[1].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Boo Boo\Cookies\boo boo@zedo[1].txt
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\Boo Boo\Desktop\ComboFix.exe[327882R2FWJFW\nircmd.com]
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\Boo Boo\Desktop\ComboFix.exe[327882R2FWJFW\nircmd.cfexe]
Adware:Adware/TTC Not disinfected C:\Documents and Settings\Boo Boo\Local Settings\Temporary Internet Files\Content.IE5\83URA9CR\tk58[1].exe
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\LocalService\Desktop\ComboFix(2).exe[327882R2FWJFW\nircmd.com]
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\LocalService\Desktop\ComboFix(2).exe[327882R2FWJFW\nircmd.cfexe]
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\LocalService\Desktop\ComboFix(3).exe[327882R2FWJFW\nircmd.com]
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\LocalService\Desktop\ComboFix(3).exe[327882R2FWJFW\nircmd.cfexe]
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\LocalService\Desktop\ComboFix.exe[327882R2FWJFW\nircmd.com]
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\LocalService\Desktop\ComboFix.exe[327882R2FWJFW\nircmd.cfexe]
Adware:Adware/ErrClean Not disinfected C:\Documents and Settings\LocalService\Local Settings\Application Data\Mozilla\Firefox\Profiles\zj1zy86h.default\Cache\63E44336d01
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\LocalService\Local Settings\Application Data\Mozilla\Firefox\Profiles\zj1zy86h.default\Cache\6D952C06d01[327882R2FWJFW\nircmd.com]
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\LocalService\Local Settings\Application Data\Mozilla\Firefox\Profiles\zj1zy86h.default\Cache\6D952C06d01[327882R2FWJFW\nircmd.cfexe]
Adware:Adware/DollarRevenue Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\atmtd.dll.vir
Adware:Adware/DollarRevenue Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\atmtd.dll._.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\ftprwqee.dll.vir
Virus:Trj/Downloader.PLF Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\nGpxx01\nGpxx011065.exe.vir
Virus:Trj/ZapChast.DO Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\windows.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\xkyenegq.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\catchme2008-02-18_161235.81.zip[ftprwqee.dll]
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\WINDOWS\Nircmd.exe
Adware:Adware/TTC Not disinfected C:\WINDOWS\tk58.exe
COMBOFIX LOG
ComboFix 08-02-17.2 - Boo Boo 2008-02-18 15:48:53.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.207 [GMT -8:00]
Running from: C:\Documents and Settings\Boo Boo\Desktop\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\vtsqp.dll
C:\WINDOWS\system32\xxyvspn.dll
C:\Documents and Settings\LocalService\Application Data\NetMon
C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt
C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt
C:\Documents and Settings\NetworkService\Application Data\NetMon
C:\Documents and Settings\NetworkService\Application Data\NetMon\domains.txt
C:\Documents and Settings\NetworkService\Application Data\NetMon\log.txt
C:\Program Files\Common Files\Yazzle1281OinAdmin.exe
C:\Program Files\Common Files\Yazzle1281OinUninstaller.exe
C:\Program Files\network monitor
C:\Program Files\network monitor\netmon.exe
C:\Program Files\Windows Media Player\lavu.dll
C:\Program Files\ymante~1
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\Temp\isgTi19
C:\Temp\isgTi19\lPig.log
C:\WINDOWS\cookies.ini
C:\WINDOWS\Downloaded Program Files\UGA6P_0001_N122M0611NetInstaller.exe
C:\WINDOWS\mrofinu1000106.exe
C:\WINDOWS\mrofinu572.exe
C:\WINDOWS\Qm9vIEJvbw\
C:\WINDOWS\Qm9vIEJvbw\\asappsrv.dll
C:\WINDOWS\Qm9vIEJvbw\\command.exe
C:\WINDOWS\Qm9vIEJvbw\\kA6SKHLSvT.vbs
C:\WINDOWS\Qm9vIEJvbw\command.exe
C:\WINDOWS\system32\atmtd.dll
C:\WINDOWS\system32\atmtd.dll._
C:\WINDOWS\system32\aybdidlq.ini
C:\WINDOWS\system32\fccdefe.dll
C:\WINDOWS\system32\ftprwqee.dll
C:\WINDOWS\system32\ftprwqee.dll . . . . failed to delete
C:\WINDOWS\system32\ftprwqee.dllbox
C:\WINDOWS\system32\nGpxx01
C:\WINDOWS\system32\nGpxx01\nGpxx011065.exe
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\pqstv.ini
C:\WINDOWS\system32\pqstv.ini2
C:\WINDOWS\system32\qldidbya.dll
C:\WINDOWS\system32\qomliig.dll
C:\WINDOWS\system32\vtsqp.dll
C:\WINDOWS\system32\vyxkecoq.dll
C:\WINDOWS\system32\windows
C:\WINDOWS\system32\xkyenegq.dll
C:\WINDOWS\system32\xxyvspn.dll
C:\WINDOWS\tk58.exe
C:\WINDOWS\uninstall_nmon.vbs
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_CMDSERVICE
-------\LEGACY_NETWORK_MONITOR
-------\cmdService
-------\Network Monitor
((((((((((((((((((((((((( Files Created from 2008-01-19 to 2008-02-19 )))))))))))))))))))))))))))))))
.
2008-02-18 16:11 . 2008-02-18 16:14 19,054 ---hs---- C:\WINDOWS\system32\ftprwqee.dllbox
2008-02-18 10:18 . 2008-02-18 16:07 163,904 --a------ C:\WINDOWS\system32\ftprwqee.dll
2008-02-17 23:06 . 2008-02-18 10:15 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2008-02-17 21:38 . 2008-02-17 21:38 36,864 --a------ C:\WINDOWS\17PHolmes572.exe
2008-02-17 21:33 . 2008-02-17 21:33 <DIR> d-------- C:\WINDOWS\system32\lp6
2008-02-17 21:33 . 2008-02-17 21:33 <DIR> d-------- C:\WINDOWS\system32\kap8
2008-02-17 21:33 . 2008-02-17 21:33 <DIR> d-------- C:\WINDOWS\system32\er2
2008-02-17 21:33 . 2008-02-17 21:33 36,864 --a------ C:\WINDOWS\mrofinu572.exe.tmp
2008-02-17 21:32 . 2008-02-18 15:50 <DIR> d-------- C:\Temp
2008-02-16 17:53 . 2008-02-16 17:53 <DIR> d-------- C:\Program Files\iPod
2008-02-16 17:53 . 2008-02-17 19:46 <DIR> d-------- C:\Documents and Settings\Boo Boo\Application Data\Apple Computer
2008-02-16 17:53 . 2008-02-18 16:14 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-02-16 17:53 . 2008-02-16 17:53 1,409 --a------ C:\WINDOWS\QTFont.for
2008-02-16 17:52 . 2008-02-16 17:53 <DIR> d-------- C:\Program Files\iTunes
2008-02-16 17:45 . 2008-02-16 17:45 <DIR> d-------- C:\Program Files\QuickTime
2008-02-16 17:44 . 2008-02-16 17:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-02-07 22:48 . 2008-02-07 22:48 295,424 --a------ C:\WINDOWS\system32\bwmedia1.dll
2008-02-07 22:48 . 2008-02-07 22:48 150,016 --a------ C:\WINDOWS\system32\bwmedia.dll
2008-02-06 00:28 . 1999-09-10 12:06 45,056 --a------ C:\WINDOWS\system32\WNASPI32.DLL
2008-02-06 00:28 . 1999-09-10 12:06 25,244 --a------ C:\WINDOWS\system32\drivers\ASPI32.SYS
2008-02-06 00:28 . 1999-09-10 12:06 5,600 --a------ C:\WINDOWS\system\WINASPI.DLL
2008-02-06 00:28 . 1999-09-10 12:06 4,672 --a------ C:\WINDOWS\system\WOWPOST.EXE
2008-02-06 00:28 . 2008-02-06 00:28 0 --a------ C:\WINDOWS\olx98NT.sys
2008-02-06 00:25 . 1999-03-24 01:06 1,046,288 --a------ C:\WINDOWS\system32\msjet35.dll
2008-02-06 00:25 . 1998-05-18 02:06 368,912 --a------ C:\WINDOWS\system32\vbar332.dll
2008-02-06 00:25 . 2001-03-13 14:49 140,288 --a------ C:\WINDOWS\system32\COMDLG32.OCX
2008-02-06 00:25 . 1997-01-13 00:00 37,136 --a------ C:\WINDOWS\system32\MSJINT35.DLL
2008-02-06 00:25 . 1996-12-02 18:44 24,336 --a------ C:\WINDOWS\system32\MSJTER35.DLL
2008-01-31 23:13 . 2008-01-31 23:13 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-01-31 23:13 . 2008-01-31 23:13 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-12 05:26 --------- d-----w C:\Documents and Settings\Boo Boo\Application Data\uTorrent
2008-02-11 08:23 --------- d-----w C:\Program Files\ASUS Lifeframe
2008-02-11 02:36 --------- d-----w C:\Program Files\Winamp
2008-01-15 07:36 --------- d-----w C:\Program Files\Java
2008-01-15 07:34 --------- d-----w C:\Program Files\Common Files\Java
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{62B66D84-19D1-400F-A249-8BA3E5A19A8A}]
2008-02-07 17:07 217088 --a------ C:\Program Files\MSN\fehy89104.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
2008-02-18 16:07 163904 --a------ C:\WINDOWS\system32\ftprwqee.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HControl"="C:\WINDOWS\ATK0100\HControl.exe" [2005-05-11 23:15 102400]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-06-07 19:02 94208]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-06-07 18:59 77824]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2005-06-07 19:03 114688]
"ASUS Live Update"="C:\Program Files\ASUS\ASUS Live Update\ALU.exe" [2003-09-19 11:54 172032]
"Wireless Console"="C:\Program Files\ASUS\Wireless Console\wcourier.exe" [2005-06-20 18:16 57344]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-12-21 22:23 98394]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-12-21 22:23 688218]
"SoundMan"="SOUNDMAN.EXE" [2005-01-04 23:40 77824 C:\WINDOWS\SoundMan.exe]
"AlcWzrd"="ALCWZRD.EXE" [2005-01-04 23:02 2750464 C:\WINDOWS\ALCWZRD.EXE]
"Power_Gear"="C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe" [2004-09-21 15:55 81920]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-15 10:27 385024]
"EOUApp"="C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe" [2004-10-15 10:31 356352]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 23:47 31016]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-10 21:46 624248]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-31 23:13 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-04 14:18 267048]
C:\Documents and Settings\Boo Boo\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 18:16:50 113664]
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 19:24:54 98632]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2004-12-22 12:42:22 45056]
Logitech SetPoint.lnk - C:\Program Files\SetPoint\SetPoint.exe [2007-09-01 11:23:59 450560]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ftprwqee]
ftprwqee.dll 2008-02-18 16:07 163904 C:\WINDOWS\system32\ftprwqee.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 2004-10-15 10:27 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
S3 MSControlService;Microsoft cache control;C:\WINDOWS\system32\windows []
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-18 16:13:45
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\ftprwqee.dll
PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.2180]
-> C:\WINDOWS\system32\ftprwqee.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
.
**************************************************************************
.
Completion time: 2008-02-18 16:16:35 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-19 00:16:26
HIJACKTHIS LOG
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:48:37 PM, on 2/18/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\ASUS\Wireless Console\wcourier.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.canada.co...rsun/index.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.asus.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.library.ubc.ca:8000
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {62B66D84-19D1-400F-A249-8BA3E5A19A8A} - C:\Program Files\MSN\fehy89104.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\ftprwqee.dll (file missing)
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: 0 - {B973EAFF-D191-4FDA-F299-547A9433670E} - C:\Program Files\Windows Media Player\lavu.dll (file missing)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ASUS Live Update] C:\Program Files\ASUS\ASUS Live Update\ALU.exe
O4 - HKLM\..\Run: [Wireless Console] C:\Program Files\ASUS\Wireless Console\wcourier.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\SetPoint\SetPoint.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1203406209234
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1203406197046
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: ftprwqee - ftprwqee.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Microsoft cache control (MSControlService) - Unknown owner - C:\WINDOWS\system32\windows (file missing)
O23 - Service: OwnershipProtocol - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
--
End of file - 10172 bytes
UNINSTALL LIST
Adobe Acrobat 8.1.1 Professional
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Flash Player 9 ActiveX
Adobe Help Center 1.0
Adobe Photoshop CS2
Adobe Stock Photos 1.0
ASUS Live Update
ASUS Mobile Vision Camera W5-A01
ASUS Probe V2.11
ASUS ScreenSaver
ASUS Video Security
ATK0100 ACPI UTILITY
AVG Anti-Spyware 7.5
Bluetooth Stack for Windows by Toshiba
BSPlayer
Canon iP1700
Canon Utilities Easy-LayoutPrint
Canon Utilities Easy-PhotoPrint
DivX Codec 3.1
Easy-WebPrint
HDAUDIO SoftV92 Data Fax Modem with SmartCP
Herosoft 2001
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Windows XP (KB926239)
Intel® Graphics Media Accelerator Driver for Mobile
Intel® PROSet/Wireless Software
iTunes
Java 6 Update 3
jetAudio
K-Lite Mega Codec Pack 3.3.0
Lifeframe
mCore
mDriver
mDrWiFi
mEoU.msi
mHelp
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft User-Mode Driver Framework Feature Pack 1.0
mIWA
mIWCA
mLogView
mMHouse
Mozilla Firefox (2.0.0.12)
mPfMgr
mPfWiz
mProSafe
mWlsSafe
mXML
mZConfig
Nero Suite
Panda ActiveScan
Power4 Gear
QuickTime
Realtek High Definition Audio Driver
save2pc 3.13
SetPoint
Synaptics Pointing Device Driver
Update for Windows XP (KB898461)
Winamp
Windows Installer 3.1 (KB893803)
Windows Live Messenger
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
WinFlash
WinRAR archiver
Wireless Console
Yahoo! Messenger