Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Blue Screen after running AdAware [CLOSED]

Started by yankee999us , Jul 26 2008 02:16 PM

  • This topic is locked This topic is locked

#1
yankee999us
Posted 26 July 2008 - 02:16 PM

yankee999us

    New Member

  • Member
  • Pip
  • 2 posts
After running Adaware I get a "bluescreen of death". I usually run Spybot (so far no problem) and adaware at least one a week. I got Hijacked by Antivirus XP. I think I got rid of it but I still have a yellow message in the middle of my screen informing me I have been infected.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:54:27, on 26/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\csrss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\Program Files\PC Tools Firewall Plus\FWService.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\system32\svchost.exe
F:\Program Files\Adware\aawservice.exe
F:\WINDOWS\system32\spoolsv.exe
F:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
F:\WINDOWS\System32\CbEvtSvc.exe
F:\Program Files\LogMeIn\x86\RaMaint.exe
F:\Program Files\LogMeIn\x86\LogMeIn.exe
F:\Program Files\LogMeIn\x86\LMIGuardian.exe
F:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
F:\Program Files\Eset\nod32krn.exe
F:\WINDOWS\system32\svchost.exe
F:\Program Files\Streamload\MediaMax XL\StreamloadService.exe
F:\Program Files\UPSmart Server\UPServ.exe
F:\WINDOWS\system32\fxssvc.exe
F:\WINDOWS\Explorer.EXE
F:\WINDOWS\system32\ctfmon.exe
F:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
F:\WINDOWS\system32\LVCOMSX.EXE
F:\Program Files\Logitech\Video\LogiTray.exe
G:\Program Files\ICQLite\ICQLite.exe
F:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
F:\Program Files\LogMeIn\x86\LogMeInSystray.exe
F:\Program Files\HP\hpcoretech\hpcmpmgr.exe
F:\Program Files\Eset\nod32kui.exe
F:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
F:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
F:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
F:\Program Files\iTunes\iTunesHelper.exe
F:\Program Files\LogMeIn\x86\LMIGuardian.exe
F:\Program Files\QuickTime\QTTask.exe
F:\WINDOWS\system32\lphcrfdj0ev7d.exe
F:\Program Files\UPSmart Server\UPSmart.EXE
F:\Program Files\Messenger\msmsgs.exe
F:\Program Files\Skype\Phone\Skype.exe
F:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
F:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
F:\Program Files\Logitech\Video\FxSvr2.exe
F:\Program Files\Photo Express 3.0 SE\CalCheck.exe
F:\WINDOWS\twain_32\C6U14K\WATCH.exe
F:\Program Files\WinZip\WZQKPICK.EXE
F:\Program Files\iPod\bin\iPodService.exe
F:\WINDOWS\System32\alg.exe
F:\Program Files\Skype\Plugin Manager\skypePM.exe
F:\Program Files\Mozilla Firefox\firefox.exe
F:\Program Files\spyhunter\Spyhunter-Detection-Utility-Install.exe
F:\Program Files\Internet Explorer\IEXPLORE.EXE
F:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
F:\Program Files\Hijack\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.kfar-etzion.co.il/Default.aspx?tabid=158
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - G:\Program Files\ICQToolbar\tbu1E7\toolbaru.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - G:\Program Files\ICQToolbar\tbu1E7\toolbaru.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - F:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - f:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - F:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - G:\Program Files\ICQToolbar\tbu1E7\toolbaru.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - f:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] F:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [LVCOMSX] F:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] "F:\Program Files\Logitech\Video\ISStart.exe"
O4 - HKLM\..\Run: [LogitechVideoTray] "F:\Program Files\Logitech\Video\LogiTray.exe"
O4 - HKLM\..\Run: [ICQ Lite] "G:\Program Files\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [VTPreset] VTPreset.exe
O4 - HKLM\..\Run: [LogMeIn GUI] "F:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [HP Component Manager] "F:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [nod32kui] "F:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Google Desktop Search] "F:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [GrooveMonitor] "F:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [00PCTFW] "F:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "F:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [iTunesHelper] "F:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] F:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [lphcrfdj0ev7d] F:\WINDOWS\system32\lphcrfdj0ev7d.exe
O4 - HKLM\..\Run: [SMrhcvfdj0ev7d] F:\Program Files\rhcvfdj0ev7d\rhcvfdj0ev7d.exe
O4 - HKLM\..\Run: [SpyHunter Security Suite] F:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
O4 - HKCU\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "F:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Magentic] F:\PROGRA~1\Magentic\bin\Magentic.exe /c
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "F:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [TritUPSAutoRun] F:\PROGRA~1\WINSTA~1\UPS.EXE
O4 - HKCU\..\Run: [Skype] "F:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] F:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Startup: âåæø îñê ùì OneNote 2007 å- Launcher.lnk = F:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = F:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Ulead Photo Express 3.0 SE Calendar Checker.lnk = F:\Program Files\Photo Express 3.0 SE\CalCheck.exe
O4 - Global Startup: Watch.lnk = F:\WINDOWS\twain_32\C6U14K\WATCH.exe
O4 - Global Startup: WinZip Quick Pick.lnk = F:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &ICQ Toolbar Search - res://G:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: &ééöåà àì Microsoft Excel - res://F:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: &éöà ì- Microsoft Excel - res://F:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: ùìç àì OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: ù&ìç àì OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - G:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - G:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {106E49CF-797A-11D2-81A2-00E02C015623} (AlternaTIFF ActiveX) - http://www.alternati...-ie/alttiff.cab
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin....nderControl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1211387127555
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1211387103260
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://upload.mediam...oad/XUpload.ocx
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - F:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - F:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: F:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - F:\Program Files\Adware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - F:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: CbEvtSvc - Unknown owner - F:\WINDOWS\System32\CbEvtSvc.exe
O23 - Service: GoogleDesktopManager - Google - F:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - F:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - F:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - F:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - F:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - F:\Program Files\Eset\nod32krn.exe
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - F:\Program Files\PC Tools Firewall Plus\FWService.exe
O23 - Service: Streamload Service (StreamloadService) - Streamload - F:\Program Files\Streamload\MediaMax XL\StreamloadService.exe
O23 - Service: UPSmart - Unknown owner - F:\Program Files\UPSmart Server\UPServ.exe

--
End of file - 11576 bytes

Attached Files


  • 0

Advertisements

#2
Essexboy
Posted 26 July 2008 - 02:48 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi lets see if we can cure your ills

Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\lphcrfdj0ev7d
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\SMrhcvfdj0ev7d
F:\WINDOWS\system32\lphcrfdj0ev7d.exe
F:\Program Files\rhcvfdj0ev7d
Purity
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

THEN

Download OTScanit to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.
  • Close ALL OTHER PROGRAMS.
  • Open the OTScanit folder and double-click on OTScanit.exe to start the program.
  • Check the box that says Scan All User Accounts
  • Check the Radio buttons for Files/Folders Created Within 90 Days and Files/Folders Modified Within 90 Days
  • Under Additional Scans check the following:
    • Reg - BotCheck
    • Reg - Desktop Components
    • File - Additional Folder Scans
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Please attach the log in your next post.

To attach a file, do the following:
  • Click Add Reply
  • Under the reply panel is the Attachments Panel
  • Browse for the attachment file you want to upload, then click the green Upload button
  • Once it has uploaded, click the Manage Current Attachments drop down box
  • Click on Posted Image to insert the attachment into your post

  • 0

#3
yankee999us
Posted 26 July 2008 - 04:16 PM

yankee999us

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\lphcrfdj0ev7d >
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\lphcrfdj0ev7d deleted successfully.
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\SMrhcvfdj0ev7d >
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\SMrhcvfdj0ev7d deleted successfully.
F:\WINDOWS\system32\lphcrfdj0ev7d.exe moved successfully.
File/Folder F:\Program Files\rhcvfdj0ev7d not found.
< Purity >

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 07272008_005848

Here is the log from Notepad (Couldn't find upload button:

[code=auto:0]OTScanIt logfile created on: 27/07/2008 01:06:49
OTScanIt by OldTimer - Version 1.0.16.2 Folder = F:\Documents and Settings\Yaacov\Desktop\OTScanIt
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 0000040D | Country: Israel | Language: HEB | Date Format: dd/MM/yyyy

991.48 Mb Total Physical Memory | 270.18 Mb Available Physical Memory | 27.25% Memory free
3.04 Gb Paging File | 2.30 Gb Available in Paging File | 75.74% Paging File free
Paging file location(s): C:\pagefile.sys 720 1440;F:\pagefile.sys 0 0;

%SystemDrive% = F: | %SystemRoot% = F:\WINDOWS | %ProgramFiles% = F:\Program Files
Drive C: | 37.26 Gb Total Space | 25.64 Gb Free Space | 68.81% Space Free | Partition Type: FAT32
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 78.13 Gb Total Space | 29.94 Gb Free Space | 38.33% Space Free | Partition Type: NTFS
Drive G: | 70.92 Gb Total Space | 61.53 Gb Free Space | 86.76% Space Free | Partition Type: NTFS
Drive H: | 93.16 Gb Total Space | 48.99 Gb Free Space | 52.59% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded
Drive K: | 93.15 Gb Total Space | 31.01 Gb Free Space | 33.29% Space Free | Partition Type: NTFS

Computer Name: TAUBE
Current User Name: Yaacov
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users

[Processes - Non-Microsoft Only]
fwservice.exe -> %ProgramFiles%\PC Tools Firewall Plus\FWService.exe -> PC Tools [Ver = 3, 0, 0, 36 | Size = 91480 bytes | Modified Date = 19/09/2007 15:26:14 | Attr = ]
aawservice.exe -> %ProgramFiles%\Adware\aawservice.exe -> Lavasoft [Ver = 7,0,2,7 | Size = 607576 bytes | Modified Date = 23/04/2008 01:01:09 | Attr = ]
applemobiledeviceservice.exe -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 06/09/2007 13:28:18 | Attr = ]
cbevtsvc.exe -> %SystemRoot%\system32\CbEvtSvc.exe -> [Ver = | Size = 78848 bytes | Modified Date = 25/07/2008 12:14:53 | Attr = ]
ramaint.exe -> %ProgramFiles%\LogMeIn\x86\ramaint.exe -> LogMeIn, Inc. [Ver = 4.0.734 | Size = 116032 bytes | Modified Date = 28/05/2008 12:32:34 | Attr = ]
logmein.exe -> %ProgramFiles%\LogMeIn\x86\LogMeIn.exe -> LogMeIn, Inc. [Ver = 3.0.596 | Size = 63040 bytes | Modified Date = 17/04/2007 14:03:50 | Attr = ]
lmiguardian.exe -> %ProgramFiles%\LogMeIn\x86\LMIGuardian.exe -> LogMeIn, Inc. [Ver = 8.0.734 | Size = 87360 bytes | Modified Date = 28/05/2008 12:32:28 | Attr = ]
nod32krn.exe -> %ProgramFiles%\ESET\nod32krn.exe -> Eset [Ver = 2, 50, 16 | Size = 495616 bytes | Modified Date = 02/07/2007 00:32:56 | Attr = ]
streamloadservice.exe -> %ProgramFiles%\Streamload\MediaMax XL\StreamloadService.exe -> Streamload [Ver = 1.0.0.0 | Size = 49152 bytes | Modified Date = 12/09/2006 16:20:00 | Attr = ]
upserv.exe -> %ProgramFiles%\UPSmart Server\UPServ.exe -> [Ver = 1, 0, 0, 1 | Size = 61440 bytes | Modified Date = 11/01/2005 09:53:00 | Attr = ]
upsmart.exe -> %ProgramFiles%\UPSmart Server\UPSmart.exe -> [Ver = 1, 0, 0, 1 | Size = 356352 bytes | Modified Date = 21/02/2005 10:47:06 | Attr = ]
hpztsb09.exe -> %SystemRoot%\system32\spool\drivers\w32x86\3\hpztsb09.exe -> HP [Ver = 2.236.2.0 | Size = 188416 bytes | Modified Date = 28/07/2003 15:43:44 | Attr = ]
lvcomsx.exe -> %SystemRoot%\system32\LVCOMSX.EXE -> Logitech Inc. [Ver = 8.4.1.1092 | Size = 221184 bytes | Modified Date = 08/10/2004 11:52:32 | Attr = ]
logitray.exe -> %ProgramFiles%\Logitech\Video\LogiTray.exe -> Logitech Inc. [Ver = 8.4.6.1012 | Size = 217088 bytes | Modified Date = 18/01/2005 17:37:30 | Attr = ]
icqlite.exe -> G:\Program Files\ICQLite\ICQLite.exe -> ICQ Ltd. [Ver = 20, 52, 2573, 0 | Size = 3144800 bytes | Modified Date = 11/07/2006 12:06:40 | Attr = ]
jusched.exe -> %ProgramFiles%\Java\jre1.6.0_05\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 144784 bytes | Modified Date = 22/02/2008 04:25:21 | Attr = ]
logmeinsystray.exe -> %ProgramFiles%\LogMeIn\x86\LogMeInSystray.exe -> LogMeIn, Inc. [Ver = 3.0.596 | Size = 63048 bytes | Modified Date = 17/04/2007 14:03:50 | Attr = ]
hpcmpmgr.exe -> %ProgramFiles%\HP\hpcoretech\hpcmpmgr.exe -> Hewlett-Packard Company [Ver = 2.1.1.0 | Size = 241664 bytes | Modified Date = 12/05/2004 15:18:56 | Attr = ]
nod32kui.exe -> %ProgramFiles%\ESET\nod32kui.exe -> Eset [Ver = 2, 50, 16 | Size = 917504 bytes | Modified Date = 02/07/2007 00:32:56 | Attr = ]
googledesktop.exe -> %ProgramFiles%\Google\Google Desktop Search\GoogleDesktop.exe -> Google [Ver = 5.1.706.29690 | Size = 1836544 bytes | Modified Date = 19/07/2007 07:19:01 | Attr = ]
firewallgui.exe -> %ProgramFiles%\PC Tools Firewall Plus\FirewallGUI.exe -> PC Tools [Ver = 3, 0, 0, 36 | Size = 2483504 bytes | Modified Date = 19/09/2007 15:27:06 | Attr = ]
lmiguardian.exe -> %ProgramFiles%\LogMeIn\x86\LMIGuardian.exe -> LogMeIn, Inc. [Ver = 8.0.734 | Size = 87360 bytes | Modified Date = 28/05/2008 12:32:28 | Attr = ]
ituneshelper.exe -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Inc. [Ver = 7.6.1.9 | Size = 267048 bytes | Modified Date = 19/02/2008 13:10:32 | Attr = ]
qttask.exe -> %ProgramFiles%\QuickTime\QTTask.exe -> Apple Inc. [Ver = 7.5 (861) | Size = 413696 bytes | Modified Date = 27/05/2008 10:50:30 | Attr = ]
lphcrfdj0ev7d.exe -> %SystemRoot%\system32\lphcrfdj0ev7d.exe -> File not found
skype.exe -> %ProgramFiles%\Skype\Phone\Skype.exe -> Skype Technologies S.A. [Ver = 3.6.0.216 | Size = 21760296 bytes | Modified Date = 16/11/2007 12:36:48 | Attr = R ]
googletoolbarnotifier.exe -> %ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe -> Google Inc. [Ver = 2, 0, 301, 1654 | Size = 68856 bytes | Modified Date = 27/06/2007 22:51:32 | Attr = ]
googledesktop.exe -> %ProgramFiles%\Google\Google Desktop Search\GoogleDesktop.exe -> Google [Ver = 5.1.706.29690 | Size = 1836544 bytes | Modified Date = 19/07/2007 07:19:01 | Attr = ]
fxsvr2.exe -> %ProgramFiles%\Logitech\Video\FxSvr2.exe -> Logitech Inc. [Ver = 8.4.6.1012 | Size = 192512 bytes | Modified Date = 18/01/2005 17:08:36 | Attr = ]
calcheck.exe -> %ProgramFiles%\Photo Express 3.0 SE\CalCheck.exe -> Ulead Systems, Inc. [Ver = 3, 0, 0, 1 | Size = 61440 bytes | Modified Date = 15/06/1999 18:19:42 | Attr = ]
watch.exe -> %SystemRoot%\twain_32\C6U14K\WATCH.exe -> Common Group [Ver = 2, 3, 5, 0 | Size = 356352 bytes | Modified Date = 09/07/2001 15:38:10 | Attr = ]
ipodservice.exe -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.6.1.9 | Size = 504104 bytes | Modified Date = 19/02/2008 13:10:24 | Attr = ]
wzqkpick.exe -> %ProgramFiles%\WinZip\WZQKPICK.EXE -> WinZip Computing, Inc. [Ver = 1.0 (32-bit) | Size = 106560 bytes | Modified Date = 11/02/2003 08:10:00 | Attr = ]
skypepm.exe -> %ProgramFiles%\Skype\Plugin Manager\skypePM.exe -> Skype Technologies [Ver = 1.5.0.32 | Size = 2051016 bytes | Modified Date = 16/11/2007 12:36:48 | Attr = R ]
hpztsb09.exe -> %SystemRoot%\system32\spool\drivers\w32x86\3\hpztsb09.exe -> HP [Ver = 2.236.2.0 | Size = 188416 bytes | Modified Date = 28/07/2003 15:43:44 | Attr = ]
lvcomsx.exe -> %SystemRoot%\system32\LVCOMSX.EXE -> Logitech Inc. [Ver = 8.4.1.1092 | Size = 221184 bytes | Modified Date = 08/10/2004 11:52:32 | Attr = ]
logitray.exe -> %ProgramFiles%\Logitech\Video\LogiTray.exe -> Logitech Inc. [Ver = 8.4.6.1012 | Size = 217088 bytes | Modified Date = 18/01/2005 17:37:30 | Attr = ]
icqlite.exe -> G:\Program Files\ICQLite\ICQLite.exe -> ICQ Ltd. [Ver = 20, 52, 2573, 0 | Size = 3144800 bytes | Modified Date = 11/07/2006 12:06:40 | Attr = ]
jusched.exe -> %ProgramFiles%\Java\jre1.6.0_05\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 144784 bytes | Modified Date = 22/02/2008 04:25:21 | Attr = ]
logmeinsystray.exe -> %ProgramFiles%\LogMeIn\x86\LogMeInSystray.exe -> LogMeIn, Inc. [Ver = 3.0.596 | Size = 63048 bytes | Modified Date = 17/04/2007 14:03:50 | Attr = ]
hpcmpmgr.exe -> %ProgramFiles%\HP\hpcoretech\hpcmpmgr.exe -> Hewlett-Packard Company [Ver = 2.1.1.0 | Size = 241664 bytes | Modified Date = 12/05/2004 15:18:56 | Attr = ]
nod32kui.exe -> %ProgramFiles%\ESET\nod32kui.exe -> Eset [Ver = 2, 50, 16 | Size = 917504 bytes | Modified Date = 02/07/2007 00:32:56 | Attr = ]
googledesktop.exe -> %ProgramFiles%\Google\Google Desktop Search\GoogleDesktop.exe -> Google [Ver = 5.1.706.29690 | Size = 1836544 bytes | Modified Date = 19/07/2007 07:19:01 | Attr = ]
firewallgui.exe -> %ProgramFiles%\PC Tools Firewall Plus\FirewallGUI.exe -> PC Tools [Ver = 3, 0, 0, 36 | Size = 2483504 bytes | Modified Date = 19/09/2007 15:27:06 | Attr = ]
ituneshelper.exe -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Inc. [Ver = 7.6.1.9 | Size = 267048 bytes | Modified Date = 19/02/2008 13:10:32 | Attr = ]
qttask.exe -> %ProgramFiles%\QuickTime\QTTask.exe -> Apple Inc. [Ver = 7.5 (861) | Size = 413696 bytes | Modified Date = 27/05/2008 10:50:30 | Attr = ]
lphcrfdj0ev7d.exe -> %SystemRoot%\system32\lphcrfdj0ev7d.exe -> File not found
lmiguardian.exe -> %ProgramFiles%\LogMeIn\x86\LMIGuardian.exe -> LogMeIn, Inc. [Ver = 8.0.734 | Size = 87360 bytes | Modified Date = 28/05/2008 12:32:28 | Attr = ]
fxsvr2.exe -> %ProgramFiles%\Logitech\Video\FxSvr2.exe -> Logitech Inc. [Ver = 8.4.6.1012 | Size = 192512 bytes | Modified Date = 18/01/2005 17:08:36 | Attr = ]
calcheck.exe -> %ProgramFiles%\Photo Express 3.0 SE\CalCheck.exe -> Ulead Systems, Inc. [Ver = 3, 0, 0, 1 | Size = 61440 bytes | Modified Date = 15/06/1999 18:19:42 | Attr = ]
watch.exe -> %SystemRoot%\twain_32\C6U14K\WATCH.exe -> Common Group [Ver = 2, 3, 5, 0 | Size = 356352 bytes | Modified Date = 09/07/2001 15:38:10 | Attr = ]
wzqkpick.exe -> %ProgramFiles%\WinZip\WZQKPICK.EXE -> WinZip Computing, Inc. [Ver = 1.0 (32-bit) | Size = 106560 bytes | Modified Date = 11/02/2003 08:10:00 | Attr = ]
nero.exe -> %ProgramFiles%\Ahead\Nero\nero.exe -> Ahead Software AG [Ver = 6, 3, 1, 6 | Size = 13983802 bytes | Modified Date = 19/03/2004 19:11:18 | Attr = ]
firefox.exe -> %ProgramFiles%\Mozilla Firefox\firefox.exe -> Mozilla Corporation [Ver = 1.9.0.1 | Size = 307712 bytes | Modified Date = 18/07/2008 14:30:37 | Attr = ]
otscanit.exe -> %UserProfile%\Desktop\OTScanIt\OTScanIt.exe -> OldTimer Tools [Ver = 1.0.16.2 | Size = 397312 bytes | Modified Date = 12/07/2008 09:29:54 | Attr = ]

[Win32 Services - Non-Microsoft Only]
(aawservice) Ad-Aware 2007 Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Adware\aawservice.exe -> Lavasoft [Ver = 7,0,2,7 | Size = 607576 bytes | Modified Date = 23/04/2008 01:01:09 | Attr = ]
(Apple Mobile Device) Apple Mobile Device [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 06/09/2007 13:28:18 | Attr = ]
(CbEvtSvc) CbEvtSvc [Win32_Own | Auto | Running] -> %SystemRoot%\system32\CbEvtSvc.exe -> [Ver = | Size = 78848 bytes | Modified Date = 25/07/2008 12:14:53 | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 04/08/2004 14:00:00 | Attr = ]
(GoogleDesktopManager) GoogleDesktopManager [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Google\Google Desktop Search\GoogleDesktop.exe -> Google [Ver = 5.1.706.29690 | Size = 1836544 bytes | Modified Date = 19/07/2007 07:19:01 | Attr = ]
(gusvc) Google Updater Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.0.734.29932.beta | Size = 138168 bytes | Modified Date = 31/01/2007 22:38:27 | Attr = ]
(iPod Service) iPod Service [Win32_Own | On_Demand | Running] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.6.1.9 | Size = 504104 bytes | Modified Date = 19/02/2008 13:10:24 | Attr = ]
(LMIMaint) LogMeIn Maintenance Service [Win32_Own | Auto | Running] -> %ProgramFiles%\LogMeIn\x86\ramaint.exe -> LogMeIn, Inc. [Ver = 4.0.734 | Size = 116032 bytes | Modified Date = 28/05/2008 12:32:34 | Attr = ]
(LogMeIn) LogMeIn [Win32_Own | Auto | Running] -> %ProgramFiles%\LogMeIn\x86\LogMeIn.exe -> LogMeIn, Inc. [Ver = 3.0.596 | Size = 63040 bytes | Modified Date = 17/04/2007 14:03:50 | Attr = ]
(NOD32krn) NOD32 Kernel Service [Win32_Own | Auto | Running] -> %ProgramFiles%\ESET\nod32krn.exe -> Eset [Ver = 2, 50, 16 | Size = 495616 bytes | Modified Date = 02/07/2007 00:32:56 | Attr = ]
(PCToolsFirewallPlus) PC Tools Firewall Plus [Win32_Own | Auto | Running] -> %ProgramFiles%\PC Tools Firewall Plus\FWService.exe -> PC Tools [Ver = 3, 0, 0, 36 | Size = 91480 bytes | Modified Date = 19/09/2007 15:26:14 | Attr = ]
(StreamloadService) Streamload Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Streamload\MediaMax XL\StreamloadService.exe -> Streamload [Ver = 1.0.0.0 | Size = 49152 bytes | Modified Date = 12/09/2006 16:20:00 | Attr = ]
(UPSmart) UPSmart [Win32_Own | Auto | Running] -> %ProgramFiles%\UPSmart Server\UPServ.exe -> [Ver = 1, 0, 0, 1 | Size = 61440 bytes | Modified Date = 11/01/2005 09:53:00 | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
00PCTFW -> %ProgramFiles%\PC Tools Firewall Plus\FirewallGUI.exe ["F:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s] -> PC Tools [Ver = 3, 0, 0, 36 | Size = 2483504 bytes | Modified Date = 19/09/2007 15:27:06 | Attr = ]
Adobe Reader Speed Launcher -> %ProgramFiles%\Adobe\Reader 8.0\Reader\reader_sl.exe ["F:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"] -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 39792 bytes | Modified Date = 11/01/2008 22:16:38 | Attr = ]
Google Desktop Search -> %ProgramFiles%\Google\Google Desktop Search\GoogleDesktop.exe ["F:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup] -> Google [Ver = 5.1.706.29690 | Size = 1836544 bytes | Modified Date = 19/07/2007 07:19:01 | Attr = ]
HP Component Manager -> %ProgramFiles%\HP\hpcoretech\hpcmpmgr.exe ["F:\Program Files\HP\hpcoretech\hpcmpmgr.exe"] -> Hewlett-Packard Company [Ver = 2.1.1.0 | Size = 241664 bytes | Modified Date = 12/05/2004 15:18:56 | Attr = ]
HPDJ Taskbar Utility -> %SystemRoot%\system32\spool\drivers\w32x86\3\hpztsb09.exe [F:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe] -> HP [Ver = 2.236.2.0 | Size = 188416 bytes | Modified Date = 28/07/2003 15:43:44 | Attr = ]
ICQ Lite -> G:\Program Files\ICQLite\ICQLite.exe ["G:\Program Files\ICQLite\ICQLite.exe" -minimize] -> ICQ Ltd. [Ver = 20, 52, 2573, 0 | Size = 3144800 bytes | Modified Date = 11/07/2006 12:06:40 | Attr = ]
iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper.exe ["F:\Program Files\iTunes\iTunesHelper.exe"] -> Apple Inc. [Ver = 7.6.1.9 | Size = 267048 bytes | Modified Date = 19/02/2008 13:10:32 | Attr = ]
LogitechVideoRepair -> %ProgramFiles%\Logitech\Video\ISStart.exe ["F:\Program Files\Logitech\Video\ISStart.exe" ] -> Logitech Inc. [Ver = 8.4.6.1012 | Size = 458752 bytes | Modified Date = 18/01/2005 17:47:30 | Attr = ]
LogitechVideoTray -> %ProgramFiles%\Logitech\Video\LogiTray.exe ["F:\Program Files\Logitech\Video\LogiTray.exe"] -> Logitech Inc. [Ver = 8.4.6.1012 | Size = 217088 bytes | Modified Date = 18/01/2005 17:37:30 | Attr = ]
LogMeIn GUI -> %ProgramFiles%\LogMeIn\x86\LogMeInSystray.exe ["F:\Program Files\LogMeIn\x86\LogMeInSystray.exe"] -> LogMeIn, Inc. [Ver = 3.0.596 | Size = 63048 bytes | Modified Date = 17/04/2007 14:03:50 | Attr = ]
LVCOMSX -> %SystemRoot%\system32\LVCOMSX.EXE [F:\WINDOWS\system32\LVCOMSX.EXE] -> Logitech Inc. [Ver = 8.4.1.1092 | Size = 221184 bytes | Modified Date = 08/10/2004 11:52:32 | Attr = ]
NeroFilterCheck -> %SystemRoot%\system32\NeroCheck.exe [F:\WINDOWS\system32\NeroCheck.exe] -> Ahead Software Gmbh [Ver = 1, 0, 0, 2 | Size = 155648 bytes | Modified Date = 09/07/2001 12:50:42 | Attr = R ]
nod32kui -> %ProgramFiles%\ESET\nod32kui.exe ["F:\Program Files\Eset\nod32kui.exe" /WAITSERVICE] -> Eset [Ver = 2, 50, 16 | Size = 917504 bytes | Modified Date = 02/07/2007 00:32:56 | Attr = ]
QuickTime Task -> %ProgramFiles%\QuickTime\QTTask.exe ["F:\Program Files\QuickTime\QTTask.exe" -atboottime] -> Apple Inc. [Ver = 7.5 (861) | Size = 413696 bytes | Modified Date = 27/05/2008 10:50:30 | Attr = ]
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_05\bin\jusched.exe ["F:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 144784 bytes | Modified Date = 22/02/2008 04:25:21 | Attr = ]
VTPreset -> %SystemRoot%\system32\VTPreset.exe [VTPreset.exe] -> S3 Graphics, Inc. [Ver = 1.01.00.0102 | Size = 45056 bytes | Modified Date = 24/02/2004 20:17:18 | Attr = ]
< OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ ->
IMAIL-> Installed = 1 ->
MAPI-> Installed = 1 ->
MSFS-> Installed = 1 ->
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
LogitechSoftwareUpdate -> %ProgramFiles%\Logitech\Video\ManifestEngine.exe ["F:\Program Files\Logitech\Video\ManifestEngine.exe" boot] -> Logitech Inc. [Ver = 8.4.6.1012 | Size = 196608 bytes | Modified Date = 18/01/2005 17:07:54 | Attr = ]
Magentic -> %SystemDrive%\PROGRA~1\Magentic\bin\Magentic.exe [F:\PROGRA~1\Magentic\bin\Magentic.exe /c] -> File not found
Skype -> %ProgramFiles%\Skype\Phone\Skype.exe ["F:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized] -> Skype Technologies S.A. [Ver = 3.6.0.216 | Size = 21760296 bytes | Modified Date = 16/11/2007 12:36:48 | Attr = R ]
swg -> %ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [F:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe] -> Google Inc. [Ver = 2, 0, 301, 1654 | Size = 68856 bytes | Modified Date = 27/06/2007 22:51:32 | Attr = ]
TritUPSAutoRun -> %SystemDrive%\PROGRA~1\WINSTA~1\UPS.EXE [F:\PROGRA~1\WINSTA~1\UPS.EXE] -> File not found
< Run [HKEY_USERS\s-1-5-21-1606980848-746137067-854245398-1003\] > -> HKEY_USERS\s-1-5-21-1606980848-746137067-854245398-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
LogitechSoftwareUpdate -> %ProgramFiles%\Logitech\Video\ManifestEngine.exe ["F:\Program Files\Logitech\Video\ManifestEngine.exe" boot] -> Logitech Inc. [Ver = 8.4.6.1012 | Size = 196608 bytes | Modified Date = 18/01/2005 17:07:54 | Attr = ]
Magentic -> %SystemDrive%\PROGRA~1\Magentic\bin\Magentic.exe [F:\PROGRA~1\Magentic\bin\Magentic.exe /c] -> File not found
Skype -> %ProgramFiles%\Skype\Phone\Skype.exe ["F:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized] -> Skype Technologies S.A. [Ver = 3.6.0.216 | Size = 21760296 bytes | Modified Date = 16/11/2007 12:36:48 | Attr = R ]
swg -> %ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [F:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe] -> Google Inc. [Ver = 2, 0, 301, 1654 | Size = 68856 bytes | Modified Date = 27/06/2007 22:51:32 | Attr = ]
TritUPSAutoRun -> %SystemDrive%\PROGRA~1\WINSTA~1\UPS.EXE [F:\PROGRA~1\WINSTA~1\UPS.EXE] -> File not found
< Run [HKEY_USERS\s-1-5-21-1606980848-746137067-854245398-1004\] > -> HKEY_USERS\s-1-5-21-1606980848-746137067-854245398-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
Google Desktop Search -> %ProgramFiles%\Google\Google Desktop Search\GoogleDesktop.exe ["F:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup] -> Google [Ver = 5.1.706.29690 | Size = 1836544 bytes | Modified Date = 19/07/2007 07:19:01 | Attr = ]
updateMgr -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe ["F:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_5] -> File not found
< Administrator Startup Folder > -> F:\Documents and Settings\Administrator\Start Menu\Programs\Startup ->
< All Users Startup Folder > -> F:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
%AllUsersProfile%\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk -> %CommonProgramFiles%\Adobe\Calibration\Adobe Gamma Loader.exe -> Adobe Systems, Inc. [Ver = 1, 0, 0, 1 | Size = 113664 bytes | Modified Date = 04/11/1999 15:06:48 | Attr = ]
%AllUsersProfile%\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk -> C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe -> File not found
%AllUsersProfile%\Start Menu\Programs\Startup\Ulead Photo Express 3.0 SE Calendar Checker.lnk -> %ProgramFiles%\Photo Express 3.0 SE\CalCheck.exe -> Ulead Systems, Inc. [Ver = 3, 0, 0, 1 | Size = 61440 bytes | Modified Date = 15/06/1999 18:19:42 | Attr = ]
%AllUsersProfile%\Start Menu\Programs\Startup\Watch.lnk -> %SystemRoot%\twain_32\C6U14K\WATCH.exe -> Common Group [Ver = 2, 3, 5, 0 | Size = 356352 bytes | Modified Date = 09/07/2001 15:38:10 | Attr = ]
%AllUsersProfile%\Start Menu\Programs\Startup\WinZip Quick Pick.lnk -> %ProgramFiles%\WinZip\WZQKPICK.EXE -> WinZip Computing, Inc. [Ver = 1.0 (32-bit) | Size = 106560 bytes | Modified Date = 11/02/2003 08:10:00 | Attr = ]
< Default User Startup Folder > -> F:\Documents and Settings\Default User\Start Menu\Programs\Startup ->
< Eli Startup Folder > -> F:\Documents and Settings\Eli\Start Menu\Programs\Startup ->
< LogMeInRemoteUser Startup Folder > -> F:\Documents and Settings\LogMeInRemoteUser\Start Menu\Programs\Startup ->
< Roseanne Startup Folder > -> F:\Documents and Settings\Roseanne\Start Menu\Programs\Startup ->
< Talia Startup Folder > -> F:\Documents and Settings\Talia\Start Menu\Programs\Startup ->
< Yaacov Startup Folder > -> F:\Documents and Settings\Yaacov\Start Menu\Programs\Startup ->
< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs ->
*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls ->
F:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL -> %ProgramFiles%\Google\Google Desktop Search\GoogleDesktopNetwork3.dll -> Google [Ver = 5.1.706.29690 | Size = 145408 bytes | Modified Date = 19/07/2007 01:34:19 | Attr = ]
*MultiFile Done* -> ->
< SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad ->
{fbeb8a05-beee-4442-804e-409d6c4515e9} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [CDBurn] -> File not found
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell ->
Explorer.exe -> %SystemRoot%\explorer.exe -> Microsoft Corporation [Ver = 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234) | Size = 1033216 bytes | Modified Date = 13/06/2007 12:23:07 | Attr = ]
*MultiFile Done* -> ->
*UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit ->
F:\WINDOWS\system32\userinit.exe -> %SystemRoot%\system32\userinit.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 24576 bytes | Modified Date = 04/08/2004 14:00:00 | Attr = ]
*MultiFile Done* -> ->
*UIHost* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost ->
logonui.exe -> %SystemRoot%\system32\logonui.exe -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 514560 bytes | Modified Date = 04/08/2004 14:00:00 | Attr = ]
*MultiFile Done* -> ->
*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet ->
rundll32 shell32 -> %SystemRoot%\system32\shell32.dll -> Microsoft Corporation [Ver = 6.00.2900.3051 (xpsp_sp2_gdr.061219-0316) | Size = 8453632 bytes | Modified Date = 19/12/2006 23:52:18 | Attr = ]
Control_RunDLL "sysdm.cpl" -> %SystemRoot%\system32\sysdm.cpl -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 298496 bytes | Modified Date = 04/08/2004 14:00:00 | Attr = ]
*MultiFile Done* -> ->
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKEY_USERS\.default] > -> HKEY_USERS\.default\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKEY_USERS\s-1-5-18] > -> HKEY_USERS\s-1-5-18\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKEY_USERS\s-1-5-19] > -> HKEY_USERS\s-1-5-19\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKEY_USERS\s-1-5-20] > -> HKEY_USERS\s-1-5-20\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKEY_USERS\s-1-5-21-1606980848-746137067-854245398-1003] > -> HKEY_USERS\s-1-5-21-1606980848-746137067-854245398-1003\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKEY_USERS\s-1-5-21-1606980848-746137067-854245398-1004] > -> HKEY_USERS\s-1-5-21-1606980848-746137067-854245398-1004\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
LMIinit -> %SystemRoot%\system32\LMIinit.dll -> LogMeIn, Inc. [Ver = 4.0.734 | Size = 87352 bytes | Modified Date = 28/05/2008 12:32:54 | Attr = ]
WRNotifier -> -> File not found
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 255 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\_NoDriveTypeAutoRun -> 145 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\NoDispBackgroundPage -> 1 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\NoDispScrSavPage -> 1 ->
< CurrentVersion Policy Settings [HKEY_USERS\.default] > -> HKEY_USERS\.default\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_USERS\.default\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_USERS\.default\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_USERS\.default\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
< CurrentVersion Policy Settings [HKEY_USERS\s-1-5-18] > -> HKEY_USERS\s-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_USERS\s-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_USERS\s-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_USERS\s-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
< CurrentVersion Policy Settings [HKEY_USERS\s-1-5-19] > -> HKEY_USERS\s-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_USERS\s-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_USERS\s-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_USERS\s-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
< CurrentVersion Policy Settings [HKEY_USERS\s-1-5-20] > -> HKEY_USERS\s-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_USERS\s-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_USERS\s-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_USERS\s-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
< CurrentVersion Policy Settings [HKEY_USERS\s-1-5-21-1606980848-746137067-854245398-1003] > -> HKEY_USERS\s-1-5-21-1606980848-746137067-854245398-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_USERS\s-1-5-21-1606980848-746137067-854245398-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_USERS\s-1-5-21-1606980848-746137067-854245398-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_USERS\s-1-5-21-1606980848-746137067-854245398-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 255 ->
HKEY_USERS\s-1-5-21-1606980848-746137067-854245398-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\_NoDriveTypeAutoRun -> 145 ->
HKEY_USERS\s-1-5-21-1606980848-746137067-854245398-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
HKEY_USERS\s-1-5-21-1606980848-746137067-854245398-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\NoDispBackgroundPage -> 1 ->
HKEY_USERS\s-1-5-21-1606980848-746137067-854245398-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\NoDispScrSavPage -> 1 ->
< CurrentVersion Policy Settings [HKEY_USERS\s-1-5-21-1606980848-746137067-854245398-1004] > -> HKEY_USERS\s-1-5-21-1606980848-746137067-854245398-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_USERS\s-1-5-21-1606980848-746137067-854245398-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_USERS\s-1-5-21-1606980848-746137067-854245398-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_USERS\s-1-5-21-1606980848-746137067-854245398-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
HKEY_USERS\s-1-5-21-1606980848-746137067-854245398-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_USERS\s-1-5-21-1606980848-746137067-854245398-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\NoDispBackgroundPage -> 1 ->
HKEY_USERS\s-1-5-21-1606980848-746137067-854245398-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\NoDispScrSavPage -> 1 ->
< CDROM Autorun Settings > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\ -> ->
*DependOnGroup* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DependOnGroup ->
SCSI miniport -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Group -> SCSI CDROM Class ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Start -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Tag -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Type -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DisplayName -> CD-ROM Driver ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ImagePath -> %SystemRoot%\system32\drivers\cdrom.sys [system32\DRIVERS\cdrom.sys] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 49536 bytes | Modified Date = 04/08/2004 14:00:00 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun -> 1 ->
*AutoRunAlwaysDisable* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRunAlwaysDisable ->
NEC MBR-7 -> -> File not found
NEC MBR-7.4 -> -> File not found
PIONEER CHANGR DRM-1804X -> -> File not found
PIONEER CD-ROM DRM-6324X -> -> File not found
PIONEER CD-ROM DRM-624X -> -> File not found
TORiSAN CD-ROM CDR_C36 -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\0 -> IDE\CdRomIDE_DVD-ROM_16X_________________________7.b2____\5&1a3c7cc5&0&0.0.0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\Count -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\NextInstance -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\1 -> IDE\CdRomHL-DT-ST_DVD-RAM_GSA-H55N_______________1.05____\5&1a3c7cc5&0&0.1.0 ->
< Drives - Autoruns > -> ->
AUTOEXEC.BAT [] -> C:\AUTOEXEC.BAT [ FAT32 ] -> [Ver = | Size = 0 bytes | Modified Date = 24/07/2006 20:46:28 | Attr = ]
< HOSTS File > (770 bytes) -> F:\WINDOWS\System32\drivers\etc\Hosts ->
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm ->
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKEY_LOCAL_MACHINE\: Search\\Default_Search_URL -> http://www.google.com/ie ->
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://www.google.com/ie ->
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> ->
HKEY_CURRENT_USER\: Main\\Local Page -> F:\WINDOWS\system32\blank.htm ->
HKEY_CURRENT_USER\: Main\\Search Bar -> http://www.google.com/ie ->
HKEY_CURRENT_USER\: Main\\Search Page -> http://www.google.com ->
HKEY_CURRENT_USER\: Main\\Start Page -> www.kfar-etzion.co.il/Default.aspx?tabid=158 ->
HKEY_CURRENT_USER\: Search\\SearchAssistant -> http://www.google.com/ie ->
HKEY_CURRENT_USER\: SearchURL\\ -> http://www.google.com/keyword/%s[Reg Error: Value provider does not exist or could not be read.] ->
HKEY_CURRENT_USER\: URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} [HKEY_LOCAL_MACHINE] -> G:\Program Files\ICQToolbar\tbu1E7\toolbaru.dll [ICQ Toolbar] -> IE Toolbar [Ver = 2, 0, 20, 7 | Size = 701952 bytes | Modified Date = 10/10/2006 11:18:24 | Attr = ]
HKEY_CURRENT_USER\: ProxyEnable -> 0 ->
< Internet Explorer Settings [HKEY_USERS\.default\] > -> ->
HKEY_USERS\.default\: ProxyEnable -> 0 ->
< Internet Explorer Settings [HKEY_USERS\s-1-5-18\] > -> ->
HKEY_USERS\s-1-5-18\: ProxyEnable -> 0 ->
< Internet Explorer Settings [HKEY_USERS\s-1-5-19\] > -> ->
< Internet Explorer Settings [HKEY_USERS\s-1-5-20\] > -> ->
< Internet Explorer Settings [HKEY_USERS\s-1-5-21-1606980848-746137067-854245398-1003\] > -> ->
HKEY_USERS\s-1-5-21-1606980848-746137067-854245398-1003\: Main\\Local Page -> F:\WINDOWS\system32\blank.htm ->
HKEY_USERS\s-1-5-21-1606980848-746137067-854245398-1003\: Main\\Search Bar -> http://www.google.com/ie ->
HKEY_USERS\s-1-5-21-1606980848-746137067-854245398-1003\: Main\\Search Page -> http://www.google.com ->
HKEY_USERS\s-1-5-21-1606980848-746137067-854245398-1003\: Main\\Start Page -> www.kfar-etzion.co.il/Default.aspx?tabid=158 ->
HKEY_USERS\s-1-5-21-1606980848-746137067-854245398-1003\: Search\\SearchAssistant -> http://www.google.com/ie ->
HKEY_USERS\s-1-5-21-1606980848-746137067-854245398-1003\: SearchURL\\ -> http://www.google.com/keyword/%s[Reg Error: Value provider does not exist or could not be read.] ->
HKEY_USERS\s-1-5-21-1606980848-746137067-854245398-1003\: URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} [HKEY_LOCAL_MACHINE] -> G:\Program Files\ICQToolbar\tbu1E7\toolbaru.dll [ICQ Toolbar] -> IE Toolbar [Ver = 2, 0, 20, 7 | Size = 701952 bytes | Modified Date = 10/10/2006 11:18:24 | Attr = ]
HKEY_USERS\s-1-5-21-1606980848-746137067-854245398-1003\: ProxyEnable -> 0 ->
< Internet Explorer Settings [HKEY_USERS\s-1-5-21-1606980848-746137067-854245398-1004\] > -> ->
HKEY_USERS\s-1-5-21-1606980848-746137067-854245398-1004\: Main\\Local Page -> F:\WINDOWS\system32\blank.htm ->
HKEY_USERS\s-1-5-21-1606980848-746137067-854245398-1004\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKEY_USERS\s-1-5-21-1606980848-746137067-854245398-1004\: Main\\Start Page -> www.kfar-etzion.co.il/default.aspx?tabid=158 ->
HKEY_USERS\s-1-5-21-1606980848-746137067-854245398-1004\: URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} [HKEY_LOCAL_MACHINE] -> G:\Program Files\ICQToolbar\tbu1E7\toolbaru.dll [ICQ Toolbar] -> IE Toolbar [Ver = 2, 0, 20, 7 | Size = 701952 bytes | Modified Date = 10/10/2006 11:18:24 | Attr = ]
HKEY_USERS\s-1-5-21-1606980848-746137067-854245398-1004\: ProxyEnable -> 0 ->
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. ->
1 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 3412 domain(s) found. ->
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 70 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\.default\] > -> HKEY_USERS\.default\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\.default\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\.default\] > -> HKEY_USERS\.default\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\.default\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\s-1-5-18\] > -> HKEY_USERS\s-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\s-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\s-1-5-18\] > -> HKEY_USERS\s-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\s-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\s-1-5-19\] > -> HKEY_USERS\s-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\s-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\s-1-5-19\] > -> HKEY_USERS\s-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\s-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\s-1-5-20\] > -> HKEY_USERS\s-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\s-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\s-1-5-20\] > -> HKEY_USERS\s-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\s-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\s-1-5-21-1606980848-746137067-854245398-1003\] > -> HKEY_USERS\s-1-5-21-1606980848-746137067-854245398-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\s-1-5-21-1606980848-746137067-854245398-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 3412 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\s-1-5-21-1606980848-746137067-854245398-1003\] > -> HKEY_USERS\s-1-5-21-1606980848-746137067-854245398-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\s-1-5-21-1606980848-746137067-854245398-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 70 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\s-1-5-21-1606980848-746137067-854245398-1004\] > -> HKEY_USERS\s-1-5-21-1606980848-746137067-854245398-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\s-1-5-21-1606980848-746137067-854245398-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\s-1-5-21-1606980848-746137067-854245398-1004\] > -> HKEY_USERS\s-1-5-21-1606980848-746137067-854245398-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\s-1-5-21-1606980848-746137067-854245398-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{055FD26D-3A88-4e15-963D-DC8493744B1D} [HKEY_LOCAL_MACHINE] -> G:\Program Files\ICQToolbar\tbu1E7\toolbaru.dll [XTTBPos00 Class] -> IE Toolbar [Ver = 2, 0, 20, 7 | Size = 701952 bytes | Modified Date = 10/10/2006 11:18:24 | Attr = ]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 8.0.0.2006102200 | Size = 62080 bytes | Modified Date = 22/10/2006 23:08:42 | Attr = ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_05\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 509328 bytes | Modified Date = 22/02/2008 04:25:19 | Attr = ]
{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar3.dll [Google Toolbar Helper] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 19/01/2007 23:55:32 | Attr = R ]
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll [Google Toolbar Notifier BHO] -> Google Inc. [Ver = 3, 0, 1225, 9868 | Size = 734704 bytes | Modified Date = 05/04/2008 19:03:25 | Attr = ]
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
{2318C2B1-4965-11d4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar3.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 19/01/2007 23:55:32 | Attr = R ]
{855F3B16-6D32-4fe6-8A56-BBB695989046} [HKEY_LOCAL_MACHINE] -> G:\Program Files\ICQToolbar\tbu1E7\toolbaru.dll [ICQ Toolbar] -> IE Toolbar [Ver = 2, 0, 20, 7 | Size = 701952 bytes | Modified Date = 10/10/2006 11:18:24 | Attr =
  • 0

#4
Essexboy
Posted 27 July 2008 - 04:53 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there I did not get the full report, but I can do a partial fix.. On completion of this re-run OTSCanit with the same parameters and attach the report
To attach a file, do the following:
  • Click Add Reply
  • Under the reply panel is the Attachments Panel
  • Browse for the attachment file you want to upload, then click the green Upload button
  • Once it has uploaded, click the Manage Current Attachments drop down box
  • Click on Posted Image to insert the attachment into your post

Start OTScanit. Copy/Paste the information in the quotebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Unregister Dlls]
[Processes - Non-Microsoft Only]
YY -> cbevtsvc.exe -> %SystemRoot%\system32\CbEvtSvc.exe
YN -> lphcrfdj0ev7d.exe -> %SystemRoot%\system32\lphcrfdj0ev7d.exe
YN -> lphcrfdj0ev7d.exe -> %SystemRoot%\system32\lphcrfdj0ev7d.exe
[Empty Temp Folders]

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here along with a new Hijackthis log.

I will review the information when it comes back in.

Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.
  • 0

#5
Essexboy
Posted 03 August 2008 - 04:48 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP