Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Xxosed to Windows Vista Antivirus or Trojan.Vundo [RESOLVED]


  • This topic is locked This topic is locked

#1
SexyBlonde

SexyBlonde

    New Member

  • Member
  • Pip
  • 5 posts
Help! On July 14, 2008 my computer acquired a the Vista Antirus 2008. I tried manually deleting some files and it's not as aggressive as it used to be. However, There are still problems remaining. My computer keeps displaying a Rundll32 Error when I try to run some of my applications and my firefox browser will not open anymore. Here is a log that I just did. Any help will be greatly appreciated.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:18:04 PM, on 8/17/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16711)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\OEM02Mon.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DELL\MediaDirect\PCMService.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\DELL\DELL Webcam Manager\DellWMgr.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\p2phost.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\DELL\QuickSet\quickset.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: Pop-up Blocker - {52706EF7-D7A2-49AD-A615-E903858CF284} - C:\Program Files\NetZero\qsacc\X1IEBHO.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5B2112E5-76CC-43EF-B3DE-A3F77D05E09C} - (no file)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {69CDD379-E39E-4292-864D-72E0A64AB68B} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\Toolbar.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: (no name) - {F37B3BD0-55F4-4087-A42A-E6AAEBBF06B4} - (no file)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [ECenter] c:\dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\System32\msconfig.exe" /auto
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MsnMsgr] ~"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DELL Webcam Manager] "C:\Program Files\DELL\DELL Webcam Manager\DellWMgr.exe" /s
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Active Desktop Calendar] C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - HKCU\..\Run: [Sys4836.exe] C:\Windows\Sys4836.exe
O4 - HKCU\..\Run: [Sys49FB.exe] C:\Windows\Sys49FB.exe
O4 - HKCU\..\Run: [Sys4AC6.exe] C:\Windows\Sys4AC6.exe
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [CollaborationHost] C:\Windows\system32\p2phost.exe -s
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: QuickSet.lnk = ?
O8 - Extra context menu item: Display All Images with Full Quality - "res://C:\Program Files\NetZero\qsacc\appres.dll/228"
O8 - Extra context menu item: Display Image with Full Quality - "res://C:\Program Files\NetZero\qsacc\appres.dll/227"
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O15 - Trusted Zone: *.netzero.com
O15 - Trusted Zone: *.netzero.net
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.v...quish_load.html
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebo...toUploader5.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1006.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail....NPUplden-us.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebo...toUploader3.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zon...O/GAME_UNO1.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinn...ed/wwlaunch.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zon...ro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com...obat/nos/gp.cab
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebo...Uploader4_5.cab
O16 - DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} (Imikimi_activex_plugin Control) - http://imikimi.com/d...kimi_plugin.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O20 - AppInit_DLLs: kmxdum.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 16569 bytes
  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there and sorry for the delay. I would like a deeper look at your system

As a Vista user I will require that all the programmes I ask you to run, be run by right clicking the icon and selecting Run as Administrator. Otherwise some programmes may fail to do their job properly

Download OTScanit to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.
  • Close ALL OTHER PROGRAMS.
  • Open the OTScanit folder and double-click on OTScanit.exe to start the program.
  • Check the box that says Scan All User Accounts
  • Check the Radio buttons for Files/Folders Created Within 90 Days and Files/Folders Modified Within 90 Days
  • Under Additional Scans check the following:
    • Reg - BotCheck
    • File - Additional Folder Scans
    • File - Purity Scan
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Please attach the log in your next post.

To attach a file, do the following:
  • Click Add Reply
  • Under the reply panel is the Attachments Panel
  • Browse for the attachment file you want to upload, then click the green Upload button
  • Once it has uploaded, click the Manage Current Attachments drop down box
  • Click on Posted Image to insert the attachment into your post

  • 0

#3
SexyBlonde

SexyBlonde

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Thanks for Responding. . . .I tried uploading the file but it failed because it was larger than 500K. I copied and pasted it..i hope thats okay.

[code=auto:0]
OTScanIt logfile created on: 8/22/2008 12:10:11 AM
OTScanIt by OldTimer - Version 1.0.16.2 Folder = C:\Users\Monda\Desktop\OTScanIt
Windows Vista (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16711)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 0.64 Gb Available Physical Memory | 31.97% Memory free
4.00 Gb Paging File | 1.86 Gb Available in Paging File | 46.41% Paging File free
Paging file location(s): ?:\pagefile.sys;

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 136.48 Gb Total Space | 70.35 Gb Free Space | 51.54% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 6.00 Gb Free Space | 60.01% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 952.19 Mb Total Space | 54.89 Mb Free Space | 5.76% Space Free | Partition Type: FAT
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MONDA-04
Current User Name: Monda
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users

[Processes - Non-Microsoft Only]
ccsvchst.exe -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 106.1.1.4 | Size = 107624 bytes | Modified Date = 12/3/2006 6:25:30 PM | Attr = ]
appsvc32.exe -> %CommonProgramFiles%\Symantec Shared\AppCore\AppSvc32.exe -> Symantec Corporation [Ver = 1.1.00.7 | Size = 46736 bytes | Modified Date = 12/3/2006 6:24:46 PM | Attr = ]
aluschedulersvc.exe -> %ProgramFiles%\Symantec\LiveUpdate\AluSchedulerSvc.exe -> Symantec Corporation [Ver = 3.2.0.59 | Size = 554352 bytes | Modified Date = 7/3/2007 3:08:01 PM | Attr = ]
mdnsresponder.exe -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> Apple Computer, Inc. [Ver = 1,0,3,1 | Size = 229376 bytes | Modified Date = 2/28/2006 2:42:36 PM | Attr = ]
googleupdaterservice.exe -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.2.824.5515.beta | Size = 138680 bytes | Modified Date = 9/18/2007 10:13:48 PM | Attr = ]
mcshield.exe -> %ProgramFiles%\McAfee\VirusScan Enterprise\Mcshield.exe -> McAfee, Inc. [Ver = VSCORE.13.3.1.100.x86 | Size = 144960 bytes | Modified Date = 11/30/2006 8:50:00 AM | Attr = ]
vstskmgr.exe -> %ProgramFiles%\McAfee\VirusScan Enterprise\VsTskMgr.exe -> McAfee, Inc. [Ver = 8.5.0.781 | Size = 54872 bytes | Modified Date = 11/30/2006 8:50:00 AM | Attr = ]
roxwatch9.exe -> %CommonProgramFiles%\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe -> Sonic Solutions [Ver = 9.0.1.64 | Size = 159744 bytes | Modified Date = 11/5/2006 11:13:00 AM | Attr = ]
sprtsvc.exe -> %ProgramFiles%\Dell Support Center\bin\sprtsvc.exe -> SupportSoft, Inc. [Ver = 7.0.585.0 | Size = 202544 bytes | Modified Date = 11/15/2007 10:23:56 AM | Attr = ]
stacsv.exe -> %SystemRoot%\System32\stacsv.exe -> SigmaTel, Inc. [Ver = 1.0.5511.0 nd595 cp1 | Size = 94208 bytes | Modified Date = 6/25/2007 12:17:00 AM | Attr = ]
xaudio.exe -> %SystemRoot%\System32\drivers\XAudio.exe -> Conexant Systems, Inc. [Ver = 1.00.00 | Size = 386560 bytes | Modified Date = 8/4/2006 7:39:20 PM | Attr = ]
sdwinsec.exe -> %ProgramFiles%\Spybot - Search & Destroy\SDWinSec.exe -> Safer Networking Ltd. [Ver = 1, 0, 0, 12 | Size = 809296 bytes | Modified Date = 7/7/2008 9:42:02 AM | Attr = ]
apoint.exe -> %ProgramFiles%\DellTPad\Apoint.exe -> Alps Electric Co., Ltd. [Ver = 7.0.101.201 | Size = 159744 bytes | Modified Date = 5/21/2007 12:42:40 AM | Attr = ]
oem02mon.exe -> %SystemRoot%\OEM02Mon.exe -> Creative Technology Ltd. [Ver = 1.00.02.00 | Size = 36864 bytes | Modified Date = 2/2/2007 4:00:00 AM | Attr = ]
sttray.exe -> %ProgramFiles%\Sigmatel\C-Major Audio\WDM\sttray.exe -> SigmaTel, Inc. [Ver = 1.0.5511.0 nd595 cp1 | Size = 405504 bytes | Modified Date = 6/25/2007 12:17:04 AM | Attr = ]
hkcmd.exe -> %SystemRoot%\System32\hkcmd.exe -> Intel Corporation [Ver = 7.14.10.1253 | Size = 154392 bytes | Modified Date = 5/21/2007 12:44:44 AM | Attr = ]
igfxpers.exe -> %SystemRoot%\System32\igfxpers.exe -> Intel Corporation [Ver = 7.14.10.1253 | Size = 133912 bytes | Modified Date = 5/21/2007 12:44:48 AM | Attr = ]
ccapp.exe -> %CommonProgramFiles%\Symantec Shared\ccApp.exe -> Symantec Corporation [Ver = 106.1.1.4 | Size = 107112 bytes | Modified Date = 12/3/2006 6:25:26 PM | Attr = ]
apmsgfwd.exe -> %ProgramFiles%\DellTPad\ApMsgFwd.exe -> Alps Electric Co., Ltd. [Ver = 7, 0, 0, 16 | Size = 50736 bytes | Modified Date = 5/21/2007 12:42:40 AM | Attr = ]
igfxsrvc.exe -> %SystemRoot%\System32\igfxsrvc.exe -> Intel Corporation [Ver = 7.14.10.1253 | Size = 252696 bytes | Modified Date = 5/21/2007 12:44:52 AM | Attr = ]
pcmservice.exe -> %ProgramFiles%\DELL\MediaDirect\PCMService.exe -> CyberLink Corp. [Ver = 4, 5, 0, 0 | Size = 184320 bytes | Modified Date = 4/16/2007 4:10:26 PM | Attr = ]
apntex.exe -> %ProgramFiles%\DellTPad\ApntEx.exe -> Alps Electric Co., Ltd. [Ver = 7.0.1.26 | Size = 40960 bytes | Modified Date = 5/21/2007 12:42:40 AM | Attr = ]
hidfind.exe -> %ProgramFiles%\DellTPad\hidfind.exe -> Alps Electric Co., Ltd. [Ver = 7.0.0.26 | Size = 40960 bytes | Modified Date = 5/21/2007 12:42:44 AM | Attr = ]
apdproxy.exe -> %ProgramFiles%\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe -> Adobe Systems Incorporated [Ver = 3.2.0.77764 | Size = 63712 bytes | Modified Date = 3/9/2007 12:09:58 PM | Attr = ]
udaterui.exe -> %ProgramFiles%\McAfee\Common Framework\UdaterUI.exe -> McAfee, Inc. [Ver = 3.6.0.453 | Size = 136768 bytes | Modified Date = 11/17/2006 1:39:58 PM | Attr = ]
sprtcmd.exe -> %ProgramFiles%\Dell Support Center\bin\sprtcmd.exe -> SupportSoft, Inc. [Ver = 7.0.585.0 | Size = 202544 bytes | Modified Date = 11/15/2007 10:23:56 AM | Attr = ]
dellwmgr.exe -> %ProgramFiles%\DELL\DELL Webcam Manager\DellWMgr.exe -> Creative Technology Ltd. [Ver = 1.2.1.0 | Size = 118784 bytes | Modified Date = 6/7/2007 11:14:36 AM | Attr = ]
myspaceim.exe -> %ProgramFiles%\MySpace\IM\MySpaceIM.exe -> [Ver = 1.0.754.0 | Size = 8699904 bytes | Modified Date = 2/1/2008 3:32:54 PM | Attr = ]
sepcsuite.exe -> %ProgramFiles%\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe -> Sony Ericsson Mobile Communications AB [Ver = 3.10 | Size = 356352 bytes | Modified Date = 11/20/2007 4:29:16 PM | Attr = ]
dlg.exe -> %ProgramFiles%\Digital Line Detect\DLG.exe -> Avanquest Software [Ver = 1, 0, 0, 2 | Size = 50688 bytes | Modified Date = 11/3/2006 6:02:14 PM | Attr = ]
googleupdater.exe -> %ProgramFiles%\Google\Google Updater\GoogleUpdater.exe -> Google [Ver = 2.2.1111.1511.beta | Size = 125624 bytes | Modified Date = 4/30/2008 8:26:07 AM | Attr = ]
quickset.exe -> %ProgramFiles%\DELL\QuickSet\quickset.exe -> Dell Inc [Ver = 8, 0, 11, 0 | Size = 1125088 bytes | Modified Date = 2/20/2007 1:01:12 PM | Attr = ]
mctray.exe -> %ProgramFiles%\McAfee\Common Framework\Mctray.exe -> McAfee, Inc. [Ver = 1.0.0.125 | Size = 86016 bytes | Modified Date = 11/17/2006 3:06:00 AM | Attr = ]
myspaceim.exe -> %ProgramFiles%\MySpace\IM\MySpaceIM.exe -> [Ver = 1.0.754.0 | Size = 8699904 bytes | Modified Date = 2/1/2008 3:32:54 PM | Attr = ]
acrord32.exe -> %ProgramFiles%\Adobe\Reader 8.0\Reader\AcroRd32.exe -> Adobe Systems Incorporated [Ver = 8.1.0.2007051100 | Size = 341616 bytes | Modified Date = 5/11/2007 4:06:38 AM | Attr = ]
startfx.exe -> %ProgramFiles%\Creative Live! Cam\VideoFX\StartFX.exe -> Creative Technology Ltd. [Ver = 2.01.04.00 | Size = 20480 bytes | Modified Date = 6/7/2007 11:27:56 AM | Attr = ]
firefox.exe -> %ProgramFiles%\Mozilla Firefox\firefox.exe -> Mozilla Corporation [Ver = 1.8.1.6: 2007072518 | Size = 7644520 bytes | Modified Date = 7/26/2007 2:32:45 PM | Attr = ]
symlcsvc.exe -> %CommonProgramFiles%\Symantec Shared\CCPD-LC\symlcsvc.exe -> [Ver = | Size = 1247600 bytes | Modified Date = 9/6/2007 8:41:47 PM | Attr = ]
yahoomessenger.exe -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe -> Yahoo! Inc. [Ver = 8,1,0,421 | Size = 4670704 bytes | Modified Date = 8/30/2007 6:43:18 PM | Attr = ]
otscanit.exe -> %UserProfile%\Desktop\OTScanIt\OTScanIt.exe -> OldTimer Tools [Ver = 1.0.16.2 | Size = 397312 bytes | Modified Date = 7/12/2008 9:29:54 AM | Attr = ]

[Win32 Services - Non-Microsoft Only]
(AresChatServer) Ares Chatroom server [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\Ares\chatServer.exe -> Ares Development Group [Ver = 2.0.7.3029 | Size = 263168 bytes | Modified Date = 3/19/2007 8:19:14 PM | Attr = ]
(Automatic LiveUpdate Scheduler) Automatic LiveUpdate Scheduler [Win32_Own | Auto | Running] -> %ProgramFiles%\Symantec\LiveUpdate\AluSchedulerSvc.exe -> Symantec Corporation [Ver = 3.2.0.59 | Size = 554352 bytes | Modified Date = 7/3/2007 3:08:01 PM | Attr = ]
(Bonjour Service) ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## [Win32_Own | Auto | Running] -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> Apple Computer, Inc. [Ver = 1,0,3,1 | Size = 229376 bytes | Modified Date = 2/28/2006 2:42:36 PM | Attr = ]
(ccEvtMgr) Symantec Event Manager [Win32_Shared | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 106.1.1.4 | Size = 107624 bytes | Modified Date = 12/3/2006 6:25:30 PM | Attr = ]
(ccSetMgr) Symantec Settings Manager [Win32_Shared | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 106.1.1.4 | Size = 107624 bytes | Modified Date = 12/3/2006 6:25:30 PM | Attr = ]
(CertPropSvc) Certificate Propagation [Win32_Shared | Unknown | Stopped] -> %SystemRoot%\system32\svchost.exe -> File not found
(CLTNetCnService) Symantec Lic NetConnect service [Win32_Shared | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 106.1.1.4 | Size = 107624 bytes | Modified Date = 12/3/2006 6:25:30 PM | Attr = ]
(comHost) COM Host [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Symantec Shared\VAScanner\comHost.exe -> Symantec Corporation [Ver = 1.1.0.9 | Size = 49296 bytes | Modified Date = 12/3/2006 6:24:04 PM | Attr = ]
(DcomLaunch) DCOM Server Process Launcher [Win32_Shared | Unknown | Running] -> %SystemRoot%\system32\svchost.exe -> File not found
(DSBrokerService) DSBrokerService [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\DellSupport\brkrsvc.exe -> [Ver = 1, 0, 0, 9 | Size = 70656 bytes | Modified Date = 3/19/2007 12:44:44 PM | Attr = ]
(FLEXnet Licensing Service) FLEXnet Licensing Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -> Macrovision Europe Ltd. [Ver = 11.03.005 | Size = 654848 bytes | Modified Date = 7/2/2008 4:37:37 PM | Attr = ]
(gusvc) Google Updater Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.2.824.5515.beta | Size = 138680 bytes | Modified Date = 9/18/2007 10:13:48 PM | Attr = ]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\1050\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 10.50.125 | Size = 73728 bytes | Modified Date = 10/22/2004 3:24:18 AM | Attr = ]
(idsvc) Windows CardSpace [Win32_Shared | Unknown | Stopped] -> %systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -> File not found
(ISPwdSvc) Symantec IS Password Validation [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Norton Internet Security\isPwdSvc.exe -> Symantec Corporation [Ver = 10.1.0.38 | Size = 80552 bytes | Modified Date = 12/3/2006 6:23:32 PM | Attr = ]
(LiveUpdate) LiveUpdate [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Symantec\LiveUpdate\LuComServer_3_2.EXE -> Symantec Corporation [Ver = 3.2.0.59 | Size = 2983280 bytes | Modified Date = 7/3/2007 3:08:01 PM | Attr = ]
(McAfeeFramework) McAfee Framework Service [Win32_Own | Auto | Stopped] -> %ProgramFiles%\McAfee\Common Framework\FrameworkService.exe -> McAfee, Inc. [Ver = 3.6.0.453 | Size = 104000 bytes | Modified Date = 11/17/2006 1:37:44 PM | Attr = ]
(McShield) McAfee McShield [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee\VirusScan Enterprise\Mcshield.exe -> McAfee, Inc. [Ver = VSCORE.13.3.1.100.x86 | Size = 144960 bytes | Modified Date = 11/30/2006 8:50:00 AM | Attr = ]
(McTaskManager) McAfee Task Manager [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee\VirusScan Enterprise\VsTskMgr.exe -> McAfee, Inc. [Ver = 8.5.0.781 | Size = 54872 bytes | Modified Date = 11/30/2006 8:50:00 AM | Attr = ]
(MSDTC) Distributed Transaction Coordinator [Win32_Own | Unknown | Stopped] -> %SystemRoot%\System32\msdtc.exe -> File not found
(RoxMediaDB9) RoxMediaDB9 [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe -> Sonic Solutions [Ver = 9.0.1.64 | Size = 880640 bytes | Modified Date = 11/5/2006 11:15:12 AM | Attr = ]
(RoxWatch9) Roxio Hard Drive Watcher 9 [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe -> Sonic Solutions [Ver = 9.0.1.64 | Size = 159744 bytes | Modified Date = 11/5/2006 11:13:00 AM | Attr = ]
(rpcapd) Remote Packet Capture Protocol v.0 (experimental) [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\WinPcap\rpcapd.exe -> CACE Technologies [Ver = 4.0.0.901 | Size = 92792 bytes | Modified Date = 6/28/2007 7:01:48 PM | Attr = ]
(SBSDWSCService) SBSD Security Center Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Spybot - Search & Destroy\SDWinSec.exe -> Safer Networking Ltd. [Ver = 1, 0, 0, 12 | Size = 809296 bytes | Modified Date = 7/7/2008 9:42:02 AM | Attr = ]
(Schedule) Task Scheduler [Win32_Shared | Unknown | Running] -> %systemroot%\system32\svchost.exe -> File not found
(SCPolicySvc) Smart Card Removal Policy [Win32_Shared | Unknown | Stopped] -> %SystemRoot%\system32\svchost.exe -> File not found
(sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter) [Win32_Own | Auto | Running] -> %ProgramFiles%\Dell Support Center\bin\sprtsvc.exe -> SupportSoft, Inc. [Ver = 7.0.585.0 | Size = 202544 bytes | Modified Date = 11/15/2007 10:23:56 AM | Attr = ]
(STacSV) SigmaTel Audio Service [Win32_Own | Auto | Running] -> %SystemRoot%\System32\stacsv.exe -> SigmaTel, Inc. [Ver = 1.0.5511.0 nd595 cp1 | Size = 94208 bytes | Modified Date = 6/25/2007 12:17:00 AM | Attr = ]
(stllssvr) stllssvr [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\SureThing Shared\stllssvr.exe -> MicroVision Development, Inc. [Ver = 1.2.447 | Size = 73728 bytes | Modified Date = 9/14/2006 2:54:34 PM | Attr = ]
(Symantec Core LC) Symantec Core LC [Win32_Own | On_Demand | Running] -> %CommonProgramFiles%\Symantec Shared\CCPD-LC\symlcsvc.exe -> [Ver = | Size = 1247600 bytes | Modified Date = 9/6/2007 8:41:47 PM | Attr = ]
(SymAppCore) Symantec AppCore Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\AppCore\AppSvc32.exe -> Symantec Corporation [Ver = 1.1.00.7 | Size = 46736 bytes | Modified Date = 12/3/2006 6:24:46 PM | Attr = ]
(TrustedInstaller) Windows Modules Installer [Win32_Own | Unknown | Stopped] -> %SystemRoot%\servicing\TrustedInstaller.exe -> File not found
(WdiServiceHost) Diagnostic Service Host [Win32_Shared | Unknown | Stopped] -> %SystemRoot%\System32\svchost.exe -> File not found
(WdiSystemHost) Diagnostic System Host [Win32_Shared | Unknown | Running] -> %SystemRoot%\System32\svchost.exe -> File not found
(XAudioService) XAudioService [Win32_Own | Auto | Running] -> %SystemRoot%\System32\drivers\XAudio.exe -> Conexant Systems, Inc. [Ver = 1.00.00 | Size = 386560 bytes | Modified Date = 8/4/2006 7:39:20 PM | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
-> [] -> File not found
Adobe Photo Downloader -> %ProgramFiles%\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe ["C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"] -> Adobe Systems Incorporated [Ver = 3.2.0.77764 | Size = 63712 bytes | Modified Date = 3/9/2007 12:09:58 PM | Attr = ]
Adobe Reader Speed Launcher -> %ProgramFiles%\Adobe\Reader 8.0\Reader\reader_sl.exe ["C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"] -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 39792 bytes | Modified Date = 1/11/2008 11:16:38 PM | Attr = ]
Apoint -> %ProgramFiles%\DellTPad\Apoint.exe [C:\Program Files\DellTPad\Apoint.exe] -> Alps Electric Co., Ltd. [Ver = 7.0.101.201 | Size = 159744 bytes | Modified Date = 5/21/2007 12:42:40 AM | Attr = ]
ccApp -> %CommonProgramFiles%\Symantec Shared\ccApp.exe ["C:\Program Files\Common Files\Symantec Shared\ccApp.exe"] -> Symantec Corporation [Ver = 106.1.1.4 | Size = 107112 bytes | Modified Date = 12/3/2006 6:25:26 PM | Attr = ]
DellSupportCenter -> %ProgramFiles%\Dell Support Center\bin\sprtcmd.exe ["C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter] -> SupportSoft, Inc. [Ver = 7.0.585.0 | Size = 202544 bytes | Modified Date = 11/15/2007 10:23:56 AM | Attr = ]
dscactivate -> %ProgramFiles%\Dell Support Center\gs_agent\custom\dsca.exe ["C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"] -> [Ver = 1.0.2767.18581 | Size = 16384 bytes | Modified Date = 11/15/2007 10:24:00 AM | Attr = ]
ECenter -> %SystemDrive%\DELL\E-Center\EULALauncher.exe [c:\dell\E-Center\EULALauncher.exe] -> [Ver = 1.0.2489.24404 | Size = 17920 bytes | Modified Date = 3/16/2007 5:20:42 AM | Attr = ]
HotKeysCmds -> %SystemRoot%\System32\hkcmd.exe [C:\Windows\system32\hkcmd.exe] -> Intel Corporation [Ver = 7.14.10.1253 | Size = 154392 bytes | Modified Date = 5/21/2007 12:44:44 AM | Attr = ]
IgfxTray -> %SystemRoot%\System32\igfxtray.exe [C:\Windows\system32\igfxtray.exe] -> Intel Corporation [Ver = 7.14.10.1253 | Size = 138008 bytes | Modified Date = 5/21/2007 12:44:52 AM | Attr = ]
ISUSScheduler -> %CommonProgramFiles%\InstallShield\UpdateService\issch.exe ["C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start] -> Macrovision Corporation [Ver = 3, 20, 100, 1123 | Size = 81920 bytes | Modified Date = 10/3/2006 11:37:04 AM | Attr = ]
McAfeeUpdaterUI -> %ProgramFiles%\McAfee\Common Framework\UdaterUI.exe ["C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey] -> McAfee, Inc. [Ver = 3.6.0.453 | Size = 136768 bytes | Modified Date = 11/17/2006 1:39:58 PM | Attr = ]
OEM02Mon.exe -> %SystemRoot%\OEM02Mon.exe [C:\Windows\OEM02Mon.exe] -> Creative Technology Ltd. [Ver = 1.00.02.00 | Size = 36864 bytes | Modified Date = 2/2/2007 4:00:00 AM | Attr = ]
osCheck -> %ProgramFiles%\Norton Internet Security\osCheck.exe ["C:\Program Files\Norton Internet Security\osCheck.exe"] -> Symantec Corporation [Ver = 10.1.0.38 | Size = 22696 bytes | Modified Date = 12/3/2006 6:23:34 PM | Attr = ]
PCMService -> %ProgramFiles%\DELL\MediaDirect\PCMService.exe ["C:\Program Files\Dell\MediaDirect\PCMService.exe"] -> CyberLink Corp. [Ver = 4, 5, 0, 0 | Size = 184320 bytes | Modified Date = 4/16/2007 4:10:26 PM | Attr = ]
Persistence -> %SystemRoot%\System32\igfxpers.exe [C:\Windows\system32\igfxpers.exe] -> Intel Corporation [Ver = 7.14.10.1253 | Size = 133912 bytes | Modified Date = 5/21/2007 12:44:48 AM | Attr = ]
QuickTime Task -> %ProgramFiles%\QuickTime\QTTask.exe ["C:\Program Files\QuickTime\QTTask.exe" -atboottime] -> Apple Inc. [Ver = 7.2 | Size = 286720 bytes | Modified Date = 6/29/2007 6:24:52 AM | Attr = ]
SigmatelSysTrayApp -> %ProgramFiles%\Sigmatel\C-Major Audio\WDM\sttray.exe [C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe] -> SigmaTel, Inc. [Ver = 1.0.5511.0 nd595 cp1 | Size = 405504 bytes | Modified Date = 6/25/2007 12:17:04 AM | Attr = ]
< OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ ->
IMAIL-> Installed = 1 ->
MAPI-> Installed = 1 ->
MSFS-> Installed = 1 ->
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
Active Desktop Calendar -> %ProgramFiles%\XemiComputers\Active Desktop Calendar\ADC.exe [C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe] -> File not found
AdobeUpdater -> %CommonProgramFiles%\Adobe\Updater5\AdobeUpdater.exe [C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe] -> Adobe Systems Incorporated [Ver = 5, 1, 0, 1082 | Size = 2321600 bytes | Modified Date = 2/28/2007 11:06:56 PM | Attr = ]
DELL Webcam Manager -> %ProgramFiles%\DELL\DELL Webcam Manager\DellWMgr.exe ["C:\Program Files\DELL\DELL Webcam Manager\DellWMgr.exe" /s] -> Creative Technology Ltd. [Ver = 1.2.1.0 | Size = 118784 bytes | Modified Date = 6/7/2007 11:14:36 AM | Attr = ]
DellSupportCenter -> %ProgramFiles%\Dell Support Center\bin\sprtcmd.exe ["C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter] -> SupportSoft, Inc. [Ver = 7.0.585.0 | Size = 202544 bytes | Modified Date = 11/15/2007 10:23:56 AM | Attr = ]
MySpaceIM -> %ProgramFiles%\MySpace\IM\MySpaceIM.exe [C:\Program Files\MySpace\IM\MySpaceIM.exe] -> [Ver = 1.0.754.0 | Size = 8699904 bytes | Modified Date = 2/1/2008 3:32:54 PM | Attr = ]
Sony Ericsson PC Suite -> %ProgramFiles%\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe ["C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon] -> Sony Ericsson Mobile Communications AB [Ver = 3.10 | Size = 356352 bytes | Modified Date = 11/20/2007 4:29:16 PM | Attr = ]
swg -> %ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe] -> Google Inc. [Ver = 2, 0, 301, 1654 | Size = 68856 bytes | Modified Date = 9/18/2007 10:13:50 PM | Attr = ]
Sys4836.exe -> %SystemRoot%\Sys4836.exe [C:\Windows\Sys4836.exe] -> File not found
Sys49FB.exe -> %SystemRoot%\Sys49FB.exe [C:\Windows\Sys49FB.exe] -> File not found
Sys4AC6.exe -> %SystemRoot%\Sys4AC6.exe [C:\Windows\Sys4AC6.exe] -> File not found
Yahoo! Pager -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe ["C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet] -> Yahoo! Inc. [Ver = 8,1,0,421 | Size = 4670704 bytes | Modified Date = 8/30/2007 6:43:18 PM | Attr = ]
< Run [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
MySpaceIM -> %ProgramFiles%\MySpace\IM\MySpaceIM.exe [C:\Program Files\MySpace\IM\MySpaceIM.exe] -> [Ver = 1.0.754.0 | Size = 8699904 bytes | Modified Date = 2/1/2008 3:32:54 PM | Attr = ]
< Run [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
MySpaceIM -> %ProgramFiles%\MySpace\IM\MySpaceIM.exe [C:\Program Files\MySpace\IM\MySpaceIM.exe] -> [Ver = 1.0.754.0 | Size = 8699904 bytes | Modified Date = 2/1/2008 3:32:54 PM | Attr = ]
< Run [HKEY_USERS\S-1-5-21-2760771892-1141853175-2970158905-1000\] > -> HKEY_USERS\S-1-5-21-2760771892-1141853175-2970158905-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
Active Desktop Calendar -> %ProgramFiles%\XemiComputers\Active Desktop Calendar\ADC.exe [C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe] -> File not found
AdobeUpdater -> %CommonProgramFiles%\Adobe\Updater5\AdobeUpdater.exe [C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe] -> Adobe Systems Incorporated [Ver = 5, 1, 0, 1082 | Size = 2321600 bytes | Modified Date = 2/28/2007 11:06:56 PM | Attr = ]
DELL Webcam Manager -> %ProgramFiles%\DELL\DELL Webcam Manager\DellWMgr.exe ["C:\Program Files\DELL\DELL Webcam Manager\DellWMgr.exe" /s] -> Creative Technology Ltd. [Ver = 1.2.1.0 | Size = 118784 bytes | Modified Date = 6/7/2007 11:14:36 AM | Attr = ]
DellSupportCenter -> %ProgramFiles%\Dell Support Center\bin\sprtcmd.exe ["C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter] -> SupportSoft, Inc. [Ver = 7.0.585.0 | Size = 202544 bytes | Modified Date = 11/15/2007 10:23:56 AM | Attr = ]
MySpaceIM -> %ProgramFiles%\MySpace\IM\MySpaceIM.exe [C:\Program Files\MySpace\IM\MySpaceIM.exe] -> [Ver = 1.0.754.0 | Size = 8699904 bytes | Modified Date = 2/1/2008 3:32:54 PM | Attr = ]
Sony Ericsson PC Suite -> %ProgramFiles%\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe ["C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon] -> Sony Ericsson Mobile Communications AB [Ver = 3.10 | Size = 356352 bytes | Modified Date = 11/20/2007 4:29:16 PM | Attr = ]
swg -> %ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe] -> Google Inc. [Ver = 2, 0, 301, 1654 | Size = 68856 bytes | Modified Date = 9/18/2007 10:13:50 PM | Attr = ]
Sys4836.exe -> %SystemRoot%\Sys4836.exe [C:\Windows\Sys4836.exe] -> File not found
Sys49FB.exe -> %SystemRoot%\Sys49FB.exe [C:\Windows\Sys49FB.exe] -> File not found
Sys4AC6.exe -> %SystemRoot%\Sys4AC6.exe [C:\Windows\Sys4AC6.exe] -> File not found
Yahoo! Pager -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe ["C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet] -> Yahoo! Inc. [Ver = 8,1,0,421 | Size = 4670704 bytes | Modified Date = 8/30/2007 6:43:18 PM | Attr = ]
< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs ->
*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls ->
kmxdum.dll -> -> File not found
*MultiFile Done* -> ->
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks ->
{1B44E59C-165C-4EE2-B3CD-4DFD348BE123} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [] -> File not found
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell ->
explorer.exe -> %SystemRoot%\explorer.exe -> Microsoft Corporation [Ver = 6.0.6000.16386 (vista_rtm.061101-2205) | Size = 2923520 bytes | Modified Date = 1/3/2008 4:06:27 AM | Attr = ]
*MultiFile Done* -> ->
*UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit ->
C:\Windows\system32\userinit.exe -> %SystemRoot%\System32\userinit.exe -> Microsoft Corporation [Ver = 6.0.6000.16386 (vista_rtm.061101-2205) | Size = 24576 bytes | Modified Date = 11/2/2006 4:45:50 AM | Attr = ]
*MultiFile Done* -> ->
*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet ->
rundll32 shell32 -> %SystemRoot%\System32\shell32.dll -> Microsoft Corporation [Ver = 6.0.6000.16386 (vista_rtm.061101-2205) | Size = 11315712 bytes | Modified Date = 4/23/2008 11:51:39 PM | Attr = ]
Control_RunDLL "sysdm.cpl" -> %SystemRoot%\System32\sysdm.cpl -> Microsoft Corporation [Ver = 6.0.6000.16386 (vista_rtm.061101-2205) | Size = 238080 bytes | Modified Date = 11/2/2006 4:44:42 AM | Attr = ]
*MultiFile Done* -> ->
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKEY_USERS\S-1-5-21-2760771892-1141853175-2970158905-1000] > -> HKEY_USERS\S-1-5-21-2760771892-1141853175-2970158905-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
igfxcui -> %SystemRoot%\System32\igfxdev.dll -> Intel Corporation [Ver = 7.14.10.1253 | Size = 204800 bytes | Modified Date = 5/21/2007 12:44:46 AM | Attr = ]
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments\\ScanWithAntiVirus -> 3 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoCDBurning -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin -> 2 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableInstallerDetection -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLUA -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableSecureUIAPaths -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableVirtualization -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\PromptOnSecureDesktop -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ValidateAdminCodeSignatures -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\scforceoption -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\undockwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\FilterAdministratorToken -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_TEXT -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_BITMAP -> 2 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_OEMTEXT -> 7 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_DIB -> 8 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_PALETTE -> 9 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_UNICODETEXT -> 13 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_DIBV5 -> 17 ->
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> ->
< CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
Reg Error: Key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ not found. -> ->
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
Reg Error: Key HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ not found. -> ->
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-2760771892-1141853175-2970158905-1000] > -> HKEY_USERS\S-1-5-21-2760771892-1141853175-2970158905-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_USERS\S-1-5-21-2760771892-1141853175-2970158905-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_USERS\S-1-5-21-2760771892-1141853175-2970158905-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_USERS\S-1-5-21-2760771892-1141853175-2970158905-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
HKEY_USERS\S-1-5-21-2760771892-1141853175-2970158905-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> ->
< CDROM Autorun Settings > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun -> 1 ->
*AutoRunAlwaysDisable* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRunAlwaysDisable ->
TORiSAN CD-ROM CDR_C36 -> -> File not found
NEC MBR-7 -> -> File not found
NEC MBR-7.4 -> -> File not found
PIONEER CHANGR DRM-1804X -> -> File not found
PIONEER CD-ROM DRM-6324X -> -> File not found
PIONEER CD-ROM DRM-624X -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DisplayName -> CD-ROM Driver ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Group -> SCSI CDROM Class ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ImagePath -> %SystemRoot%\System32\drivers\cdrom.sys [system32\DRIVERS\cdrom.sys] -> Microsoft Corporation [Ver = 6.0.6000.16386 (vista_rtm.061101-2205) | Size = 67072 bytes | Modified Date = 11/2/2006 3:51:44 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Start -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Type -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Tag -> 3 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\0 -> IDE\CdRomTSSTcorp_DVD+-RW_TS-L632D_______________DE04____\5&1d23a6ce&0&0.0.0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\Count -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\NextInstance -> 1 ->
< Drives - Autoruns > -> ->
autoexec.bat [REM Dummy file for NTVDM | ] -> %SystemDrive%\autoexec.bat [ NTFS ] -> [Ver = | Size = 24 bytes | Modified Date = 9/18/2006 4:43:36 PM | Attr = ]
< HOSTS File > (761 bytes) -> C:\Windows\System32\drivers\etc\Hosts ->
::1 localhost -> ->
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://www.google.co...amp;ibd=4070718 ->
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://us.rd.yahoo.c...//www.yahoo.com ->
HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm ->
HKEY_LOCAL_MACHINE\: Main\\Search Bar -> http://us.rd.yahoo.c...rch/search.html ->
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://us.rd.yahoo.c...//www.yahoo.com ->
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://www.yahoo.com/ ->
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> ->
HKEY_CURRENT_USER\: Main\\Local Page -> C:\Windows\system32\blank.htm ->
HKEY_CURRENT_USER\: Main\\Search Bar -> http://us.rd.yahoo.c...rch/search.html ->
HKEY_CURRENT_USER\: Main\\Search Page -> http://us.rd.yahoo.c...//www.yahoo.com ->
HKEY_CURRENT_USER\: Main\\Start Page -> http://www.yahoo.com/ ->
HKEY_CURRENT_USER\: SearchURL\\ -> http://us.rd.yahoo.c...//www.yahoo.com[Reg Error: Value provider does not exist or could not be read.] ->
HKEY_CURRENT_USER\: URLSearchHooks\\{EEE6C35D-6118-11DC-9C72-001320C79847} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\SweetIM\Toolbars\Internet Explorer\mgHelper.dll [SweetIM ToolbarURLSearchHook Class] -> SweetIM Technologies Ltd. [Ver = 3, 1, 0, 6 | Size = 173368 bytes | Modified Date = 3/27/2008 2:12:42 PM | Attr = ]
HKEY_CURRENT_USER\: URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn0\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2007, 9, 5, 1 | Size = 816400 bytes | Modified Date = 9/5/2007 4:48:58 PM | Attr = ]
HKEY_CURRENT_USER\: ProxyEnable -> 0 ->
HKEY_CURRENT_USER\: ProxyOverride -> *.local ->
< Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> ->
HKEY_USERS\.DEFAULT\: ProxyEnable -> 0 ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> ->
HKEY_USERS\S-1-5-18\: ProxyEnable -> 0 ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-21-2760771892-1141853175-2970158905-1000\] > -> ->
HKEY_USERS\S-1-5-21-2760771892-1141853175-2970158905-1000\: Main\\Local Page -> C:\Windows\system32\blank.htm ->
HKEY_USERS\S-1-5-21-2760771892-1141853175-2970158905-1000\: Main\\Search Bar -> http://us.rd.yahoo.c...rch/search.html ->
HKEY_USERS\S-1-5-21-2760771892-1141853175-2970158905-1000\: Main\\Search Page -> http://us.rd.yahoo.c...//www.yahoo.com ->
HKEY_USERS\S-1-5-21-2760771892-1141853175-2970158905-1000\: Main\\Start Page -> http://www.yahoo.com/ ->
HKEY_USERS\S-1-5-21-2760771892-1141853175-2970158905-1000\: SearchURL\\ -> http://us.rd.yahoo.c...//www.yahoo.com[Reg Error: Value provider does not exist or could not be read.] ->
HKEY_USERS\S-1-5-21-2760771892-1141853175-2970158905-1000\: URLSearchHooks\\{EEE6C35D-6118-11DC-9C72-001320C79847} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\SweetIM\Toolbars\Internet Explorer\mgHelper.dll [SweetIM ToolbarURLSearchHook Class] -> SweetIM Technologies Ltd. [Ver = 3, 1, 0, 6 | Size = 173368 bytes | Modified Date = 3/27/2008 2:12:42 PM | Attr = ]
HKEY_USERS\S-1-5-21-2760771892-1141853175-2970158905-1000\: URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn0\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2007, 9, 5, 1 | Size = 816400 bytes | Modified Date = 9/5/2007 4:48:58 PM | Attr = ]
HKEY_USERS\S-1-5-21-2760771892-1141853175-2970158905-1000\: ProxyEnable -> 0 ->
HKEY_USERS\S-1-5-21-2760771892-1141853175-2970158905-1000\: ProxyOverride -> *.local ->
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Inte
  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Nope I'm afraid there is some missing please upload it to mediafire and post the sharing link
  • 0

#5
SexyBlonde

SexyBlonde

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
http://www.mediafire...2db6fb9a8902bda
  • 0

#6
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK lets remove the remnants shall we :)

Start OTScanit. Copy/Paste the information in the quotebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Unregister Dlls]
[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> ~EmptyValue -> []
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> Sys4836.exe -> %SystemRoot%\Sys4836.exe [C:\Windows\Sys4836.exe]
YN -> Sys49FB.exe -> %SystemRoot%\Sys49FB.exe [C:\Windows\Sys49FB.exe]
YN -> Sys4AC6.exe -> %SystemRoot%\Sys4AC6.exe [C:\Windows\Sys4AC6.exe]
< Run [HKEY_USERS\S-1-5-21-2760771892-1141853175-2970158905-1000\] > -> HKEY_USERS\S-1-5-21-2760771892-1141853175-2970158905-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> Sys4836.exe -> %SystemRoot%\Sys4836.exe [C:\Windows\Sys4836.exe]
YN -> Sys49FB.exe -> %SystemRoot%\Sys49FB.exe [C:\Windows\Sys49FB.exe]
YN -> Sys4AC6.exe -> %SystemRoot%\Sys4AC6.exe [C:\Windows\Sys4AC6.exe]
< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls
YN -> kmxdum.dll -> 
< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
YN -> {1B44E59C-165C-4EE2-B3CD-4DFD348BE123} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. []
[Files/Folders - Created Within 90 days]
NY -> covjqnmy.ini -> %SystemRoot%\System32\covjqnmy.ini
NY -> ladvqlad.ini -> %SystemRoot%\System32\ladvqlad.ini
NY -> spoijirm.ini -> %SystemRoot%\System32\spoijirm.ini
NY -> viptpuyw.ini -> %SystemRoot%\System32\viptpuyw.ini
NY -> yolhhjmn.ini -> %SystemRoot%\System32\yolhhjmn.ini
[Files Created - Additional Folder Scans - Non-Microsoft Only]
NY -> BM99a523bb.xml -> %AllUsersProfile%\BM99a523bb.xml
[Files/Folders - Modified Within 90 days]
NY -> covjqnmy.ini -> %SystemRoot%\System32\covjqnmy.ini
NY -> ladvqlad.ini -> %SystemRoot%\System32\ladvqlad.ini
NY -> spoijirm.ini -> %SystemRoot%\System32\spoijirm.ini
NY -> viptpuyw.ini -> %SystemRoot%\System32\viptpuyw.ini
NY -> yolhhjmn.ini -> %SystemRoot%\System32\yolhhjmn.ini
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
NY -> BM99a523bb.xml -> %AllUsersProfile%\BM99a523bb.xml
[Empty Temp Folders]

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here along with a new Hijackthis log.

I will review the information when it comes back in.

Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.

THEN

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Logs required : OTScanit report, MBAM and a new Hijackthis . Plus how is your computer running now ?
  • 0

#7
SexyBlonde

SexyBlonde

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
http://www.mediafire.com/?ztzenzjwoqm (ScanIt Log)

http://www.mediafire.com/?ylumo1yumuh (Malware Log)

http://www.mediafire.com/?y95qndydgli (Hi Jack This Log)

My computer is running alot smoother. My firefox will still not load, i will try deleting it and downloading it again though. Thanks for the help, I really appreciate it. I dont see any signs of the Vista Antivirus lingering.
  • 0

#8
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

My firefox will still not load,

Spooky you are the second one tonight

Go to C:\Mozilla\Firefox\Profiles\myprofile and delete or rename the "profiles.ini" file
reboot and then try
  • 0

#9
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Now the best part of the day ----- Your log now appears clean :)

A good workman allways cleans up after himself so...Download and run this small programme and hit the cleanup button. It will remove all the programmes we have used plus itself

To manually create a new Restore Point
  • Go to Control Panel and select System and Maintenance
  • Select System
  • On the left select Advance System Settings and accept the warning if you get one
  • Select System Protection Tab
  • Select Create at the bottom
  • Type in a name i.e. Clean
  • Select Create
Now we can purge the infected ones
  • Go back to the System and Maintenance page
  • Select Performance Information and Tools
  • On the left select Open Disk Cleanup
  • Select Files from all users and accept the warning if you get one
  • In the drop down box select your main drive i.e. C
  • For a few moments the system will make some calculations
  • Select the More Options tab
  • In the System Restore and Shadow Backups select Clean up
  • Select Delete on the pop up
  • Select OK
  • Select Delete
You are now done

Now that you are clean, to help protect your computer in the future I recommend that you get the following free program: It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To keep your operating system up to date visit

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?
Keep safe :)
  • 0

#10
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP