Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Repetitive Pop-Ups and Trojans


  • Please log in to reply

#1
ajdavid

ajdavid

    New Member

  • Member
  • Pip
  • 6 posts
Hello, this is my first timeere so I'm no sure what to say, so I'm just going to go for it.

I am having Internet Explorer problems involving annoying Pop-Ups, or ads or websites or ads telling me to download a fake virus protection from an invalid website (which I have not done), and my Inernet is slower which also caused problems when watching videos online (the video and sound do not match) and then when I type online it refuses to acknowledge some typed characters (but this does not happen on Microsoft Word).

I am unsure what to say besides going on to copy/paste my Hijackhis log.

Please help, I have used my McAfee Security scan and whether it finds trojans and takes care of them or it comes back as a clean computer, the problems continue to exist. I can scan all want but I am not sure what to look for or how to deal with these problems better.



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:03:08 PM, on 12/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Norton Ghost 10.0] "C:\Program Files\Norton Ghost\Agent\GhostTray.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [Akuxerocoh] rundll32.exe "C:\WINDOWS\Asevutoka.dll",e
O4 - HKLM\..\Run: [Bdowucipihax] rundll32.exe "C:\WINDOWS\ufuyubaderoteg.dll",e
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebo...toUploader5.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...01/mcinsctl.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinn...ed/wwlaunch.cab
O16 - DPF: {CF969D51-F764-4FBF-9E90-475248601C8A} (FamilyFeud Control) - http://www.worldwinn.../familyfeud.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.m...ash/swflash.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL hfydll.dll qjnmbl.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\hpbpro.exe
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\hpboid.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 12314 bytes
  • 0

Advertisements


#2
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Hello ajdavid

Welcome to G2Go. :)
=====================
Before running a new scan let's clean out the temporary folders.

Download ATF Cleaner to your Desktop.
  • Double-click ATF-Cleaner.exe to run the program.
  • Click Select All found at the bottom of the list.
  • Click the Empty Selected button.
If you use Firefox browser, do this also:
  • Click Firefox at the top and choose Select All from the list.
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser, do this also:
  • Click Opera at the top and choose Select All from the list.
  • Close ALL Internet browsers (very important).
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
===========================================
Download OTScanIt2.exe to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt2 on your desktop.

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Open the OTScanIt2 folder and double-click on OTScanIt2.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
  • Under Additional Scans click the checkboxes in front of the following items to select them:

    • File - Lop check
      File - Purity Scan

      Under Basic scans:
      Rootkit Search -Yes
  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and Attach the information back here. I will review it when it comes in.
  • 0

#3
ajdavid

ajdavid

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
[code=auto:0]OTScanIt2 logfile created on: 12/7/2008 1:10:18 AM - Run 1
OTScanIt2 by OldTimer - Version 1.0.2.1 Folder = C:\Documents and Settings\Alex Davidson\Desktop\OTScanIt2
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

503.37 Mb Total Physical Memory | 170.94 Mb Available Physical Memory | 33.96% Memory free
1.20 Gb Paging File | 0.66 Gb Available in Paging File | 54.75% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 52.72 Gb Total Space | 14.53 Gb Free Space | 27.56% Space Free | Partition Type: NTFS
Drive D: | 18.61 Gb Total Space | 5.96 Gb Free Space | 32.00% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ALEX
Current User Name: Alex Davidson
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On
File Age = 30 Days

[Processes - Safe List]
agent.exe -> %CommonProgramFiles%\InstallShield\UpdateService\agent.exe -> [2005/06/10 09:44:02 | 00,618,496 | ---- | M] (InstallShield Software Corporation)
aolacsd.exe -> %CommonProgramFiles%\AOL\ACS\AOLacsd.exe -> [2004/04/07 11:07:32 | 01,135,728 | ---- | M] (America Online, Inc.)
applemobiledeviceservice.exe -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> [2008/01/15 02:40:04 | 00,110,592 | ---- | M] (Apple, Inc.)
bcmwltry.exe -> %SystemRoot%\system32\BCMWLTRY.EXE -> [2005/12/19 14:08:40 | 01,200,128 | ---- | M] (Dell Inc.)
ccapp.exe -> %CommonProgramFiles%\Symantec Shared\ccApp.exe -> [2004/12/13 14:30:00 | 00,058,992 | ---- | M] (Symantec Corporation)
ccevtmgr.exe -> %CommonProgramFiles%\Symantec Shared\ccEvtMgr.exe -> [2004/12/13 14:30:04 | 00,198,256 | ---- | M] (Symantec Corporation)
ccsetmgr.exe -> %CommonProgramFiles%\Symantec Shared\ccSetMgr.exe -> [2004/12/13 14:30:10 | 00,165,488 | ---- | M] (Symantec Corporation)
cvpnd.exe -> %ProgramFiles%\Cisco Systems\VPN Client\cvpnd.exe -> [2006/04/20 07:34:26 | 01,520,688 | ---- | M] (Cisco Systems, Inc.)
dlg.exe -> %ProgramFiles%\Digital Line Detect\DLG.exe -> [2003/10/29 01:06:00 | 00,024,576 | ---- | M] (BVRP Software)
dsagnt.exe -> %ProgramFiles%\DellSupport\DSAgnt.exe -> [2007/03/15 10:09:36 | 00,460,784 | ---- | M] (Gteko Ltd.)
dvdlauncher.exe -> %ProgramFiles%\CyberLink\PowerDVD\DVDLauncher.exe -> [2005/02/23 15:19:56 | 00,053,248 | ---- | M] (CyberLink Corp.)
easyshare.exe -> %ProgramFiles%\Kodak\Kodak EasyShare software\bin\EasyShare.exe -> [2006/06/02 03:29:26 | 00,180,224 | ---- | M] ()
gearsec.exe -> %SystemRoot%\system32\gearsec.exe -> [2005/12/07 15:05:12 | 00,053,248 | ---- | M] (GEAR Software)
googledesktop.exe -> %ProgramFiles%\Google\Google Desktop Search\GoogleDesktop.exe -> [2006/08/03 12:36:52 | 00,169,984 | ---- | M] ()
googledesktopdisplay.exe -> %ProgramFiles%\Google\Google Desktop Search\GoogleDesktopDisplay.exe -> [2006/08/03 12:36:52 | 00,415,744 | ---- | M] ()
googledesktopindex.exe -> %ProgramFiles%\Google\Google Desktop Search\GoogleDesktopIndex.exe -> [2006/08/03 12:36:52 | 00,555,008 | ---- | M] ()
hkcmd.exe -> %SystemRoot%\system32\hkcmd.exe -> [2005/10/14 19:46:34 | 00,077,824 | ---- | M] (Intel Corporation)
hpwuschd2.exe -> %ProgramFiles%\Hewlett-Packard\HP Software Update\hpwuSchd2.exe -> [2006/01/13 18:28:18 | 00,049,152 | ---- | M] (Hewlett-Packard Company)
iexplore.exe -> %ProgramFiles%\Internet Explorer\iexplore.exe -> [2008/08/22 23:56:15 | 00,635,848 | ---- | M] (Microsoft Corporation)
igfxpers.exe -> %SystemRoot%\system32\igfxpers.exe -> [2005/10/14 19:50:30 | 00,114,688 | ---- | M] (Intel Corporation)
igfxsrvc.exe -> %SystemRoot%\system32\igfxsrvc.exe -> [2005/10/14 19:46:24 | 00,159,744 | ---- | M] (Intel Corporation)
ipodservice.exe -> %ProgramFiles%\iPod\bin\iPodService.exe -> [2008/01/15 03:22:44 | 00,504,104 | ---- | M] (Apple Inc.)
issch.exe -> %CommonProgramFiles%\InstallShield\UpdateService\issch.exe -> [2005/06/10 09:44:02 | 00,081,920 | ---- | M] (InstallShield Software Corporation)
isuspm.exe -> %CommonProgramFiles%\InstallShield\UpdateService\ISUSPM.exe -> [2005/06/10 09:44:02 | 00,249,856 | ---- | M] (InstallShield Software Corporation)
ituneshelper.exe -> %ProgramFiles%\iTunes\iTunesHelper.exe -> [2008/01/15 03:22:56 | 00,267,048 | ---- | M] (Apple Inc.)
jusched.exe -> %ProgramFiles%\Java\jre1.5.0_08\bin\jusched.exe -> [2006/07/26 02:03:14 | 00,049,263 | ---- | M] (Sun Microsystems, Inc.)
kodak software updater.exe -> %ProgramFiles%\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe -> [2004/02/13 13:12:08 | 00,016,423 | ---- | M] ()
mcagent.exe -> %ProgramFiles%\McAfee.com\Agent\mcagent.exe -> [2007/11/01 18:12:38 | 00,582,992 | ---- | M] (McAfee, Inc.)
mcmscsvc.exe -> %ProgramFiles%\McAfee\MSC\mcmscsvc.exe -> [2008/01/09 15:50:22 | 00,767,976 | ---- | M] (McAfee, Inc.)
mcnasvc.exe -> %CommonProgramFiles%\McAfee\MNA\McNASvc.exe -> [2008/01/25 00:38:12 | 02,458,128 | ---- | M] (McAfee, Inc.)
mcproxy.exe -> %CommonProgramFiles%\McAfee\McProxy\McProxy.exe -> [2007/08/15 11:36:04 | 00,359,248 | ---- | M] (McAfee, Inc.)
mcsacore.exe -> %ProgramFiles%\McAfee\SiteAdvisor\McSACore.exe -> [2008/10/08 12:04:44 | 00,203,280 | ---- | M] ()
mcshield.exe -> %ProgramFiles%\McAfee\VirusScan\Mcshield.exe -> [2007/07/24 11:02:14 | 00,144,704 | ---- | M] (McAfee, Inc.)
mcsysmon.exe -> %ProgramFiles%\McAfee\VirusScan\mcsysmon.exe -> [2007/12/05 09:04:10 | 00,695,624 | ---- | M] (McAfee, Inc.)
mcuimgr.exe -> %ProgramFiles%\McAfee\MSC\mcuimgr.exe -> [2007/11/01 18:12:38 | 00,265,040 | ---- | M] (McAfee, Inc.)
mpfsrv.exe -> %ProgramFiles%\McAfee\MPF\MpfSrv.exe -> [2007/06/19 07:55:24 | 00,841,256 | ---- | M] (McAfee, Inc.)
mps.exe -> %ProgramFiles%\McAfee\MPS\mps.exe -> [2007/04/18 13:08:06 | 00,906,792 | ---- | M] (McAfee, Inc.)
mpsevh.exe -> %ProgramFiles%\McAfee\MPS\mpsevh.exe -> [2007/04/18 13:08:10 | 00,304,680 | ---- | M] (McAfee, Inc.)
msksrver.exe -> %ProgramFiles%\McAfee\MSK\msksrver.exe -> [2007/11/26 09:46:14 | 00,023,880 | ---- | M] (McAfee, Inc.)
netwaiting.exe -> %ProgramFiles%\NetWaiting\netwaiting.exe -> [2003/09/10 01:24:00 | 00,020,480 | ---- | M] ()
nicconfigsvc.exe -> %ProgramFiles%\Dell\QuickSet\NicConfigSvc.exe -> [2006/04/06 13:57:54 | 00,380,928 | ---- | M] (Dell Inc.)
otscanit2.exe -> %UserProfile%\Desktop\OTScanIt2\OTScanIt2.exe -> [2008/12/01 10:28:50 | 00,477,184 | ---- | M] (OldTimer Tools)
quickset.exe -> %ProgramFiles%\Dell\QuickSet\quickset.exe -> [2006/04/06 13:58:52 | 01,032,192 | ---- | M] (Dell Inc)
realsched.exe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> [2007/03/23 19:29:42 | 00,185,896 | ---- | M] (RealNetworks, Inc.)
rundll32.exe -> %SystemRoot%\system32\rundll32.exe -> [2004/08/04 04:00:00 | 00,033,280 | ---- | M] (Microsoft Corporation)
rundll32.exe -> %SystemRoot%\system32\rundll32.exe -> [2004/08/04 04:00:00 | 00,033,280 | ---- | M] (Microsoft Corporation)
rundll32.exe -> %SystemRoot%\system32\rundll32.exe -> [2004/08/04 04:00:00 | 00,033,280 | ---- | M] (Microsoft Corporation)
searchprotection.exe -> %ProgramFiles%\Yahoo!\Search Protection\SearchProtection.exe -> [2008/10/07 09:23:46 | 00,111,856 | ---- | M] (Yahoo! Inc)
stsystra.exe -> %SystemRoot%\stsystra.exe -> [2006/03/24 22:30:44 | 00,282,624 | ---- | M] (SigmaTel, Inc.)
syntpenh.exe -> %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe -> [2006/03/08 17:48:02 | 00,761,947 | ---- | M] (Synaptics, Inc.)
tfswctrl.exe -> %SystemRoot%\system32\dla\tfswctrl.exe -> [2004/12/06 00:05:00 | 00,127,035 | ---- | M] (Sonic Solutions)
viewmgr.exe -> %ProgramFiles%\Viewpoint\Viewpoint Manager\ViewMgr.exe -> [2007/01/04 15:38:18 | 00,112,336 | ---- | M] (Viewpoint Corporation)
viewpointservice.exe -> %ProgramFiles%\Viewpoint\Common\ViewpointService.exe -> [2007/01/04 15:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation)
wdfmgr.exe -> %SystemRoot%\system32\wdfmgr.exe -> [2005/01/28 12:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation)
wltray.exe -> %SystemRoot%\system32\WLTRAY.EXE -> [2005/12/19 14:08:42 | 01,347,584 | ---- | M] (Dell Inc.)
wltrysvc.exe -> %SystemRoot%\system32\WLTRYSVC.EXE -> [2005/12/19 14:08:42 | 00,018,944 | ---- | M] ()
wmiprvse.exe -> %SystemRoot%\system32\wbem\wmiprvse.exe -> [2004/08/04 04:00:00 | 00,218,112 | ---- | M] (Microsoft Corporation)
wscntfy.exe -> %SystemRoot%\system32\wscntfy.exe -> [2004/08/04 04:00:00 | 00,013,824 | ---- | M] (Microsoft Corporation)
ymsgr_tray.exe -> %ProgramFiles%\Yahoo!\Messenger\Ymsgr_tray.exe -> [2007/08/30 17:43:18 | 00,103,664 | ---- | M] (Yahoo! Inc.)

[Win32 Services - Safe List]
(AOL ACS) AOL Connectivity Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\AOL\ACS\AOLacsd.exe -> [2004/04/07 11:07:32 | 01,135,728 | ---- | M] (America Online, Inc.)
(Apple Mobile Device) Apple Mobile Device [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> [2008/01/15 02:40:04 | 00,110,592 | ---- | M] (Apple, Inc.)
(aspnet_state) ASP.NET State Service [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -> [2004/07/15 00:49:26 | 00,032,768 | ---- | M] (Microsoft Corporation)
(ccEvtMgr) Symantec Event Manager [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccEvtMgr.exe -> [2004/12/13 14:30:04 | 00,198,256 | ---- | M] (Symantec Corporation)
(ccPwdSvc) Symantec Password Validation [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Symantec Shared\ccPwdSvc.exe -> [2004/12/13 14:30:08 | 00,079,472 | ---- | M] (Symantec Corporation)
(ccSetMgr) Symantec Settings Manager [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccSetMgr.exe -> [2004/12/13 14:30:10 | 00,165,488 | ---- | M] (Symantec Corporation)
(CVPND) Cisco Systems, Inc. VPN Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Cisco Systems\VPN Client\cvpnd.exe -> [2006/04/20 07:34:26 | 01,520,688 | ---- | M] (Cisco Systems, Inc.)
(DSBrokerService) DSBrokerService [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\DellSupport\brkrsvc.exe -> [2007/03/07 14:47:46 | 00,076,848 | ---- | M] ()
(GEARSecurity) GEARSecurity [Win32_Own | Auto | Running] -> %SystemRoot%\system32\gearsec.exe -> [2005/12/07 15:05:12 | 00,053,248 | ---- | M] (GEAR Software)
(helpsvc) Help and Support [Win32_Shared | Auto | Running] -> %SystemRoot%\pchealth\helpctr\binaries\pchsvc.dll -> [2004/08/04 04:00:00 | 00,038,912 | ---- | M] (Microsoft Corporation)
(HP Port Resolver) HP Port Resolver [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\system32\hpbpro.exe -> [2006/01/13 18:28:18 | 00,077,824 | ---- | M] (Hewlett-Packard Company)
(HP Status Server) HP Status Server [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\system32\hpboid.exe -> [2006/01/13 18:28:18 | 00,073,728 | ---- | M] (Hewlett-Packard Company)
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> [2005/04/03 23:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation)
(iPod Service) iPod Service [Win32_Own | On_Demand | Running] -> %ProgramFiles%\iPod\bin\iPodService.exe -> [2008/01/15 03:22:44 | 00,504,104 | ---- | M] (Apple Inc.)
(McAfee SiteAdvisor Service) McAfee SiteAdvisor Service [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee\SiteAdvisor\McSACore.exe -> [2008/10/08 12:04:44 | 00,203,280 | ---- | M] ()
(mcmscsvc) McAfee Services [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee\MSC\mcmscsvc.exe -> [2008/01/09 15:50:22 | 00,767,976 | ---- | M] (McAfee, Inc.)
(McNASvc) McAfee Network Agent [Win32_Own | Auto | Running] -> %CommonProgramFiles%\McAfee\MNA\McNASvc.exe -> [2008/01/25 00:38:12 | 02,458,128 | ---- | M] (McAfee, Inc.)
(McODS) McAfee Scanner [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\McAfee\VirusScan\mcods.exe -> [2007/11/07 08:35:40 | 00,378,184 | ---- | M] (McAfee, Inc.)
(McProxy) McAfee Proxy Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\McAfee\McProxy\McProxy.exe -> [2007/08/15 11:36:04 | 00,359,248 | ---- | M] (McAfee, Inc.)
(McShield) McAfee Real-time Scanner [Win32_Own | Unknown | Running] -> %ProgramFiles%\McAfee\VirusScan\Mcshield.exe -> [2007/07/24 11:02:14 | 00,144,704 | ---- | M] (McAfee, Inc.)
(McSysmon) McAfee SystemGuards [Win32_Own | On_Demand | Running] -> %ProgramFiles%\McAfee\VirusScan\mcsysmon.exe -> [2007/12/05 09:04:10 | 00,695,624 | ---- | M] (McAfee, Inc.)
(MpfService) McAfee Personal Firewall Service [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee\MPF\MpfSrv.exe -> [2007/06/19 07:55:24 | 00,841,256 | ---- | M] (McAfee, Inc.)
(MPS9) McAfee Privacy Service [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee\MPS\mps.exe -> [2007/04/18 13:08:06 | 00,906,792 | ---- | M] (McAfee, Inc.)
(MSK80Service) McAfee SpamKiller Service [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee\MSK\msksrver.exe -> [2007/11/26 09:46:14 | 00,023,880 | ---- | M] (McAfee, Inc.)
(NICCONFIGSVC) NICCONFIGSVC [Win32_Own | Auto | Running] -> %ProgramFiles%\Dell\QuickSet\NicConfigSvc.exe -> [2006/04/06 13:57:54 | 00,380,928 | ---- | M] (Dell Inc.)
(Norton Ghost) Norton Ghost [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Norton Ghost\Agent\VProSvc.exe -> [2005/12/07 15:05:34 | 02,066,072 | ---- | M] (Symantec Corporation)
(Pml Driver HPZ12) Pml Driver HPZ12 [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\system32\HPZipm12.exe -> [2004/03/18 15:55:48 | 00,065,536 | ---- | M] (HP)
(Symantec Core LC) Symantec Core LC [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Symantec Shared\CCPD-LC\symlcsvc.exe -> [2006/08/03 12:29:45 | 00,822,424 | ---- | M] (Symantec Corporation)
(UMWdf) Windows User Mode Driver Framework [Win32_Own | Auto | Running] -> %SystemRoot%\system32\wdfmgr.exe -> [2005/01/28 12:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation)
(Viewpoint Manager Service) Viewpoint Manager Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Viewpoint\Common\ViewpointService.exe -> [2007/01/04 15:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation)
(wltrysvc) Dell Wireless WLAN Tray Service [Win32_Own | Auto | Running] -> %SystemRoot%\system32\WLTRYSVC.EXE -> [2005/12/19 14:08:42 | 00,018,944 | ---- | M] ()

[Driver Services - Safe List]
(AliIde) AliIde [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\aliide.sys -> [2001/08/17 12:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.)
(amdagp) AMD AGP Bus Filter Driver [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\AMDAGP.SYS -> [2004/08/03 22:07:44 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.)
(APPDRV) APPDRV [Kernel | System | Running] -> %SystemRoot%\system32\drivers\APPDRV.SYS -> [2005/08/12 16:50:46 | 00,016,128 | ---- | M] (Dell Inc)
(asc) asc [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\asc.sys -> [2001/08/17 12:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.)
(asc3550) asc3550 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\asc3550.sys -> [2001/08/17 12:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.)
(BCM43XX) Dell Wireless WLAN Card Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\BCMWL5.SYS -> [2005/11/02 18:24:34 | 00,424,320 | ---- | M] (Broadcom Corporation)
(bcm4sbxp) Broadcom 440x 10/100 Integrated Controller XP Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\bcm4sbxp.sys -> [2005/08/05 02:32:16 | 00,045,312 | R--- | M] (Broadcom Corporation)
(CmdIde) CmdIde [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\cmdide.sys -> [2001/08/17 12:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.)
(CVirtA) Cisco Systems VPN Adapter [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\CVirtA.sys -> [2005/05/17 03:51:34 | 00,005,315 | ---- | M] (Cisco Systems, Inc.)
(CVPNDRVA) Cisco Systems IPsec Driver [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\CVPNDRVA.sys -> [2006/04/20 07:33:40 | 00,303,740 | ---- | M] (Cisco Systems, Inc.)
(dac2w2k) dac2w2k [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dac2w2k.sys -> [2001/08/17 12:52:16 | 00,179,584 | ---- | M] (Mylex Corporation)
(DNE) Deterministic Network Enhancer Miniport [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\dne2000.sys -> [2005/06/29 18:50:30 | 00,110,080 | ---- | M] (Deterministic Networks, Inc.)
(drvmcdb) drvmcdb [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\drvmcdb.sys -> [2004/12/01 02:22:00 | 00,087,488 | ---- | M] (Sonic Solutions)
(drvnddm) drvnddm [File_System | Auto | Running] -> %SystemRoot%\system32\drivers\drvnddm.sys -> [2004/11/23 01:56:00 | 00,040,480 | ---- | M] (Sonic Solutions)
(DSproct) DSproct [Kernel | On_Demand | Running] -> %ProgramFiles%\DellSupport\GTAction\triggers\DSproct.sys -> [2006/10/05 15:07:28 | 00,004,736 | ---- | M] (Gteko Ltd.)
(dsunidrv) DellSupport UniDriver [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\dsunidrv.sys -> [2007/02/25 11:10:48 | 00,005,376 | --S- | M] (Gteko Ltd.)
(E100B) Intel(R) PRO Adapter Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\e100b325.sys -> [2001/08/17 11:12:10 | 00,117,760 | ---- | M] (Intel Corporation)
(GearAspiWDM) GearAspiWDM [Kernel | On_Demand | Running] -> %SystemRoot%\System32\drivers\GEARAspiWDM.sys -> [2006/09/19 13:44:04 | 00,015,664 | ---- | M] (GEAR Software Inc.)
(HDAudBus) Microsoft UAA Bus Driver for High Definition Audio [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\Hdaudbus.sys -> [2004/08/12 16:45:54 | 00,137,728 | ---- | M] (Windows (R) Server 2003 DDK provider)
(HSFHWAZL) HSFHWAZL [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\HSFHWAZL.sys -> [2005/07/22 02:01:08 | 00,201,600 | ---- | M] (Conexant Systems, Inc.)
(HSF_DPV) HSF_DPV [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\HSF_DPV.sys -> [2005/07/22 02:02:12 | 01,035,008 | ---- | M] (Conexant Systems, Inc.)
(ialm) ialm [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ialmnt5.sys -> [2005/10/14 20:15:18 | 01,302,812 | ---- | M] (Intel Corporation)
(mdmxsdk) mdmxsdk [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\mdmxsdk.sys -> [2004/03/17 02:04:14 | 00,013,059 | ---- | M] (Conexant)
(mfeavfk) McAfee Inc. mfeavfk [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\mfeavfk.sys -> [2007/11/22 05:44:08 | 00,079,304 | ---- | M] (McAfee, Inc.)
(mfebopk) McAfee Inc. mfebopk [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\mfebopk.sys -> [2007/11/22 05:44:08 | 00,035,240 | ---- | M] (McAfee, Inc.)
(mfehidk) McAfee Inc. mfehidk [Kernel | System | Running] -> %SystemRoot%\system32\drivers\mfehidk.sys -> [2007/11/22 05:44:08 | 00,201,320 | ---- | M] (McAfee, Inc.)
(mferkdk) McAfee Inc. mferkdk [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\mferkdk.sys -> [2007/11/22 05:44:04 | 00,033,832 | ---- | M] (McAfee, Inc.)
(mfesmfk) McAfee Inc. mfesmfk [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\mfesmfk.sys -> [2007/12/02 11:51:42 | 00,040,488 | ---- | M] (McAfee, Inc.)
(MPFP) MPFP [Kernel | System | Running] -> %SystemRoot%\system32\drivers\Mpfp.sys -> [2007/07/13 05:20:24 | 00,113,952 | ---- | M] (McAfee, Inc.)
(mraid35x) mraid35x [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\mraid35x.sys -> [2001/08/17 12:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.)
(nv) nv [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\nv4_mini.sys -> [2004/08/03 21:29:56 | 01,897,408 | ---- | M] (NVIDIA Corporation)
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ptilink.sys -> [2004/08/04 04:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.)
(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\pxhelp20.sys -> [2005/11/03 02:00:00 | 00,046,080 | ---- | M] (Sonic Solutions)
(ql1080) ql1080 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\ql1080.sys -> [2001/08/17 12:52:20 | 00,040,320 | ---- | M] (QLogic Corporation)
(ql12160) ql12160 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\ql12160.sys -> [2001/08/17 12:52:20 | 00,045,312 | ---- | M] (QLogic Corporation)
(ql1280) ql1280 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\ql1280.sys -> [2001/08/17 12:52:18 | 00,049,024 | ---- | M] (QLogic Corporation)
(Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\secdrv.sys -> [2007/11/13 04:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
(sisagp) SIS AGP Bus Filter [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\SISAGP.SYS -> [2004/08/03 22:07:44 | 00,041,088 | ---- | M] (Silicon Integrated Systems Corporation)
(Sparrow) Sparrow [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\sparrow.sys -> [2001/08/17 13:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.)
(sscdbhk5) sscdbhk5 [File_System | System | Running] -> %SystemRoot%\system32\drivers\sscdbhk5.sys -> [2004/07/14 10:29:04 | 00,005,627 | ---- | M] (Sonic Solutions)
(ssrtln) ssrtln [File_System | System | Running] -> %SystemRoot%\system32\drivers\ssrtln.sys -> [2004/07/14 10:28:50 | 00,023,545 | ---- | M] (Sonic Solutions)
(STHDA) SigmaTel High Definition Audio CODEC [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\sthda.sys -> [2006/03/24 22:34:30 | 01,156,648 | ---- | M] (SigmaTel, Inc.)
(symc810) symc810 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\symc810.sys -> [2001/08/17 13:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.)
(symc8xx) symc8xx [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\symc8xx.sys -> [2001/08/17 13:07:36 | 00,032,640 | ---- | M] (LSI Logic)
(symlcbrd) symlcbrd [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\symlcbrd.sys -> [2006/08/03 12:29:45 | 00,004,608 | ---- | M] (Symantec Corporation)
(SymSnap) SymSnap [File_System | Boot | Running] -> %SystemRoot%\System32\drivers\SymSnap.sys -> [2005/12/07 15:05:26 | 00,144,880 | ---- | M] (StorageCraft)
(sym_hi) sym_hi [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\sym_hi.sys -> [2001/08/17 13:07:40 | 00,028,384 | ---- | M] (LSI Logic)
(sym_u3) sym_u3 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\sym_u3.sys -> [2001/08/17 13:07:42 | 00,030,688 | ---- | M] (LSI Logic)
(SynTP) Synaptics TouchPad Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\SynTP.sys -> [2006/03/08 17:35:10 | 00,191,872 | ---- | M] (Synaptics, Inc.)
(tfsnboio) tfsnboio [File_System | Auto | Running] -> %SystemRoot%\system32\dla\tfsnboio.sys -> [2004/12/06 00:05:00 | 00,025,883 | ---- | M] (Sonic Solutions)
(tfsncofs) tfsncofs [File_System | Auto | Running] -> %SystemRoot%\system32\dla\tfsncofs.sys -> [2004/12/06 00:05:00 | 00,034,843 | ---- | M] (Sonic Solutions)
(tfsndrct) tfsndrct [File_System | Auto | Running] -> %SystemRoot%\system32\dla\tfsndrct.sys -> [2004/12/06 00:05:00 | 00,004,123 | ---- | M] (Sonic Solutions)
(tfsndres) tfsndres [File_System | Auto | Running] -> %SystemRoot%\system32\dla\tfsndres.sys -> [2004/12/06 00:05:00 | 00,002,239 | ---- | M] (Sonic Solutions)
(tfsnifs) tfsnifs [File_System | Auto | Running] -> %SystemRoot%\system32\dla\tfsnifs.sys -> [2004/12/06 00:05:00 | 00,086,586 | ---- | M] (Sonic Solutions)
(tfsnopio) tfsnopio [File_System | Auto | Running] -> %SystemRoot%\system32\dla\tfsnopio.sys -> [2004/12/06 00:05:00 | 00,015,227 | ---- | M] (Sonic Solutions)
(tfsnpool) tfsnpool [File_System | Auto | Running] -> %SystemRoot%\system32\dla\tfsnpool.sys -> [2004/12/06 00:05:00 | 00,006,363 | ---- | M] (Sonic Solutions)
(tfsnudf) tfsnudf [File_System | Auto | Running] -> %SystemRoot%\system32\dla\tfsnudf.sys -> [2004/12/06 00:05:00 | 00,098,714 | ---- | M] (Sonic Solutions)
(tfsnudfa) tfsnudfa [File_System | Auto | Running] -> %SystemRoot%\system32\dla\tfsnudfa.sys -> [2004/12/06 00:05:00 | 00,100,603 | ---- | M] (Sonic Solutions)
(ultra) ultra [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\ultra.sys -> [2001/08/17 12:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.)
(USBAAPL) Apple Mobile USB Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\usbaapl.sys -> [2008/01/15 02:39:58 | 00,030,464 | ---- | M] (Apple, Inc.)
(V2IMount) V2IMount [Kernel | System | Running] -> %SystemRoot%\System32\drivers\V2iMount.sys -> [2005/12/07 15:05:24 | 00,056,240 | ---- | M] (Symantec Corporation)
(vsdatant) vsdatant [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\vsdatant.sys -> [2005/01/26 05:22:20 | 00,280,344 | ---- | M] (Zone Labs LLC)
(wanatw) WAN Miniport (ATW) [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\wanatw4.sys -> [2003/01/10 15:13:04 | 00,033,588 | ---- | M] (America Online, Inc.)
(winachsf) winachsf [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\HSF_CNXT.sys -> [2005/07/22 02:01:00 | 00,717,952 | ---- | M] (Conexant Systems, Inc.)
(WS2IFSL) Windows Socket 2.0 Non-IFS Service Provider Support Environment [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\ws2ifsl.sys -> [2004/08/04 04:00:00 | 00,012,032 | ---- | M] (Microsoft Corporation)

[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKEY_LOCAL_MACHINE\: Main\\"Default_Search_URL" -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\"Default_Secondary_Page_URL" -> ->
HKEY_LOCAL_MACHINE\: Main\\"Extensions Off Page" -> about:NoAdd-ons ->
HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> %SystemRoot%\system32\blank.htm ->
HKEY_LOCAL_MACHINE\: Main\\"Search Page" -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\"Security Risk Page" -> about:SecurityRisk ->
HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKEY_LOCAL_MACHINE\: Search\\"CustomizeSearch" -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKEY_LOCAL_MACHINE\: Search\\"CustomSearch" -> http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr8/*http://www.yahoo.com/ext/search/search.html ->
HKEY_LOCAL_MACHINE\: Search\\"Default_Page_URL" -> www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us ->
HKEY_LOCAL_MACHINE\: Search\\"Default_Search_URL" -> http://www.google.com/ie ->
HKEY_LOCAL_MACHINE\: Search\\"SearchAssistant" -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
HKEY_LOCAL_MACHINE\: Search\\"Start Page" -> www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us ->
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> ->
HKEY_CURRENT_USER\: Main\\"Local Page" -> C:\WINDOWS\system32\blank.htm ->
HKEY_CURRENT_USER\: Main\\"Page_Transitions" -> ->
HKEY_CURRENT_USER\: Main\\"Search Page" -> http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com ->
HKEY_CURRENT_USER\: Main\\"SearchMigratedDefaultName" -> Yahoo! Search ->
HKEY_CURRENT_USER\: Main\\"SearchMigratedDefaultURL" -> http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 ->
HKEY_CURRENT_USER\: Main\\"Start Page" -> http://my.yahoo.com/ ->
HKEY_CURRENT_USER\: Search\\"SearchAssistant" -> http://www.google.com/ie ->
HKEY_CURRENT_USER\: SearchURL\\"" -> http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com ->
HKEY_CURRENT_USER\: "ProxyEnable" -> 0 ->
< HOSTS File > (734 bytes and 19 lines) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
127.0.0.1 localhost
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{02478D38-C3F9-4efb-9B51-7695ECA05670} [HKLM] -> Reg Error: Key does not exist or could not be opened. [Yahoo! Toolbar Helper] -> File not found
{16485484-D3B2-466A-B463-1A9A5C0171A5} [HKLM] -> %SystemRoot%\system32\khfdbBTK.dll [Reg Error: Value does not exist or could not be read.] -> [2008/12/03 17:35:42 | 00,302,592 | ---- | M] ()
{1af050eb-beb4-4d45-a704-43c571d01061} [HKLM] -> %SystemRoot%\system32\lolaab.dll [Reg Error: Value does not exist or could not be read.] -> [2008/12/04 18:43:36 | 00,114,688 | ---- | M] ()
{41861377-359f-4acc-9349-2e237074065c} [HKLM] -> %SystemRoot%\system32\qjnmbl.dll [Reg Error: Value does not exist or could not be read.] -> [2008/12/06 21:21:00 | 00,129,024 | ---- | M] ()
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKLM] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Yahoo! IE Services Button] -> [2006/10/31 14:33:52 | 00,198,136 | ---- | M] (Yahoo! Inc.)
{B164E929-A1B6-4A06-B104-2CD0E90A88FF} [HKLM] -> %ProgramFiles%\McAfee\SiteAdvisor\McIEPlg.dll [McAfee SiteAdvisor BHO] -> [2008/09/30 13:05:24 | 00,145,424 | ---- | M] ()
{D2E1BB7B-5888-5892-9AEE-D3C75C32C347} [HKLM] -> %SystemRoot%\system32\xeuoyxxcknidfg.dll [banners4u browser enhancer] -> File not found
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
"{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}" [HKLM] -> %ProgramFiles%\McAfee\SiteAdvisor\McIEPlg.dll [McAfee SiteAdvisor Toolbar] -> [2008/09/30 13:05:24 | 00,145,424 | ---- | M] ()
"SITEguard" [HKLM] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
ShellBrowser\\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" [HKLM] -> %ProgramFiles%\Google\GoogleToolbar4.dll [&Google] -> [2006/11/17 15:43:34 | 02,133,056 | R--- | M] (Google Inc.)
WebBrowser\\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" [HKLM] -> %ProgramFiles%\Google\GoogleToolbar4.dll [&Google] -> [2006/11/17 15:43:34 | 02,133,056 | R--- | M] (Google Inc.)
WebBrowser\\"{DE9C389F-3316-41A7-809B-AA305ED9D922}" [HKLM] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
WebBrowser\\"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> Reg Error: Key does not exist or could not be opened. [Yahoo! Toolbar] -> File not found
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"88b257cf" -> %SystemRoot%\system32\sobvatvw.dll [rundll32.exe "C:\WINDOWS\system32\sobvatvw.dll",b] -> [2008/12/06 21:24:00 | 00,072,704 | ---- | M] ()
"Akuxerocoh" -> %SystemRoot%\Asevutoka.dll [rundll32.exe "C:\WINDOWS\Asevutoka.dll",e] -> [2008/12/03 17:40:11 | 00,039,424 | ---- | M] ()
"Bdowucipihax" -> %SystemRoot%\ufuyubaderoteg.dll [rundll32.exe "C:\WINDOWS\ufuyubaderoteg.dll",e] -> [2008/12/03 17:53:02 | 00,142,336 | ---- | M] (Microsoft Corporation)
"Broadcom Wireless Manager UI" -> %SystemRoot%\system32\WLTRAY.EXE [C:\WINDOWS\system32\WLTRAY.exe] -> [2005/12/19 14:08:42 | 01,347,584 | ---- | M] (Dell Inc.)
"ccApp" -> %CommonProgramFiles%\Symantec Shared\ccApp.exe ["C:\Program Files\Common Files\Symantec Shared\ccApp.exe"] -> [2004/12/13 14:30:00 | 00,058,992 | ---- | M] (Symantec Corporation)
"Dell QuickSet" -> %ProgramFiles%\Dell\QuickSet\quickset.exe [C:\Program Files\Dell\QuickSet\quickset.exe] -> [2006/04/06 13:58:52 | 01,032,192 | ---- | M] (Dell Inc)
"dla" -> %SystemRoot%\system32\dla\tfswctrl.exe [C:\WINDOWS\system32\dla\tfswctrl.exe] -> [2004/12/06 00:05:00 | 00,127,035 | ---- | M] (Sonic Solutions)
"DVDLauncher" -> %ProgramFiles%\CyberLink\PowerDVD\DVDLauncher.exe ["C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"] -> [2005/02/23 15:19:56 | 00,053,248 | ---- | M] (CyberLink Corp.)
"Google Desktop Search" -> ["C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup] -> File not found
"HP Software Update" -> %ProgramFiles%\Hewlett-Packard\HP Software Update\hpwuSchd2.exe ["C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"] -> [2006/01/13 18:28:18 | 00,049,152 | ---- | M] (Hewlett-Packard Company)
"igfxhkcmd" -> %SystemRoot%\system32\hkcmd.exe [C:\WINDOWS\system32\hkcmd.exe] -> [2005/10/14 19:46:34 | 00,077,824 | ---- | M] (Intel Corporation)
"igfxpers" -> %SystemRoot%\system32\igfxpers.exe [C:\WINDOWS\system32\igfxpers.exe] -> [2005/10/14 19:50:30 | 00,114,688 | ---- | M] (Intel Corporation)
"igfxtray" -> %SystemRoot%\system32\igfxtray.exe [C:\WINDOWS\system32\igfxtray.exe] -> [2005/10/14 19:49:46 | 00,094,208 | ---- | M] (Intel Corporation)
"ISUSPM Startup" -> %CommonProgramFiles%\InstallShield\UpdateService\ISUSPM.exe ["c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup] -> [2005/06/10 09:44:02 | 00,249,856 | ---- | M] (InstallShield Software Corporation)
"ISUSScheduler" -> %CommonProgramFiles%\InstallShield\UpdateService\issch.exe ["C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start] -> [2005/06/10 09:44:02 | 00,081,920 | ---- | M] (InstallShield Software Corporation)
"iTunesHelper" -> %ProgramFiles%\iTunes\iTunesHelper.exe ["C:\Program Files\iTunes\iTunesHelper.exe"] -> [2008/01/15 03:22:56 | 00,267,048 | ---- | M] (Apple Inc.)
"mcagent_exe" -> %ProgramFiles%\McAfee.com\Agent\mcagent.exe [C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey] -> [2007/11/01 18:12:38 | 00,582,992 | ---- | M] (McAfee, Inc.)
"Norton Ghost 10.0" -> %ProgramFiles%\Norton Ghost\Agent\GhostTray.exe ["C:\Program Files\Norton Ghost\Agent\GhostTray.exe"] -> [2005/12/07 15:05:30 | 01,537,696 | ---- | M] (Symantec Corporation)
"QuickTime Task" -> %ProgramFiles%\QuickTime\QTTask.exe ["C:\Program Files\QuickTime\qttask.exe" -atboottime] -> [2008/01/10 15:27:36 | 00,385,024 | ---- | M] (Apple Inc.)
"SigmatelSysTrayApp" -> %SystemRoot%\stsystra.exe [stsystra.exe] -> [2006/03/24 22:30:44 | 00,282,624 | ---- | M] (SigmaTel, Inc.)
"SunJavaUpdateSched" -> %ProgramFiles%\Java\jre1.5.0_08\bin\jusched.exe ["C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"] -> [2006/07/26 02:03:14 | 00,049,263 | ---- | M] (Sun Microsystems, Inc.)
"SynTPEnh" -> %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [C:\Program Files\Synaptics\SynTP\SynTPEnh.exe] -> [2006/03/08 17:48:02 | 00,761,947 | ---- | M] (Synaptics, Inc.)
"TkBellExe" -> %CommonProgramFiles%\Real\Update_OB\realsched.exe ["C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot] -> [2007/03/23 19:29:42 | 00,185,896 | ---- | M] (RealNetworks, Inc.)
"YSearchProtection" -> %ProgramFiles%\Yahoo!\Search Protection\SearchProtection.exe ["C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"] -> [2008/10/07 09:23:46 | 00,111,856 | ---- | M] (Yahoo! Inc)
< RunOnceEx [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx ->
"" -> [] -> File not found
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"DellSupport" -> ["C:\Program Files\DellSupport\DSAgnt.exe" /startup] -> File not found
"ModemOnHold" -> %ProgramFiles%\NetWaiting\netwaiting.exe [C:\Program Files\NetWaiting\netWaiting.exe] -> [2003/09/10 01:24:00 | 00,020,480 | ---- | M] ()
"MSMSGS" -> %ProgramFiles%\Messenger\msmsgs.exe ["C:\Program Files\Messenger\msmsgs.exe" /background] -> [2004/10/13 10:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)
"Search Protection" -> %ProgramFiles%\Yahoo!\Search Protection\SearchProtection.exe [C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe] -> [2008/10/07 09:23:46 | 00,111,856 | ---- | M] (Yahoo! Inc)
"Yahoo! Pager" -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe ["C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet] -> [2007/08/30 17:43:18 | 04,670,704 | ---- | M] (Yahoo! Inc.)
"YSearchProtection" -> %ProgramFiles%\Yahoo!\Search Protection\SearchProtection.exe [C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe] -> [2008/10/07 09:23:46 | 00,111,856 | ---- | M] (Yahoo! Inc)
< Alex Davidson Startup Folder > -> C:\Documents and Settings\Alex Davidson\Start Menu\Programs\Startup ->
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
%AllUsersProfile%\Start Menu\Programs\Startup\Cisco Systems VPN Client.lnk -> %ProgramFiles%\Cisco Systems\VPN Client\vpngui.exe -> [2006/04/20 07:34:30 | 01,528,880 | ---- | M] (Cisco Systems, Inc.)
%AllUsersProfile%\Start Menu\Programs\Startup\Digital Line Detect.lnk -> %ProgramFiles%\Digital Line Detect\DLG.exe -> [2003/10/29 01:06:00 | 00,024,576 | ---- | M] (BVRP Software)
%AllUsersProfile%\Start Menu\Programs\Startup\Kodak EasyShare software.lnk -> %ProgramFiles%\Kodak\Kodak EasyShare software\bin\EasyShare.exe -> [2006/06/02 03:29:26 | 00,180,224 | ---- | M] ()
%AllUsersProfile%\Start Menu\Programs\Startup\KODAK Software Updater.lnk -> %ProgramFiles%\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe -> [2004/02/13 13:12:08 | 00,016,423 | ---- | M] ()
%AllUsersProfile%\Start Menu\Programs\Startup\Microsoft Office.lnk -> %ProgramFiles%\Microsoft Office\Office\OSA9.EXE -> [1999/02/17 22:05:56 | 00,065,588 | ---- | M] (Microsoft Corporation)
< Software Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer ->
< Software Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer ->
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
\\"dontdisplaylastusername" -> [0] -> File not found
\\"legalnoticecaption" -> [] -> File not found
\\"legalnoticetext" -> [] -> File not found
\\"shutdownwithoutlogon" -> [1] -> File not found
\\"undockwithoutlogon" -> [1] -> File not found
< CurrentVersion Policy Settings - Explorer [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [145] -> File not found
< CurrentVersion Policy Settings - System [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}:{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKLM] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Button: Yahoo! Services] -> [2006/10/31 14:33:52 | 00,198,136 | ---- | M] (Yahoo! Inc.)
{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}:Exec [HKLM] -> %ProgramFiles%\AIM\aim.exe [Button: AIM] -> [2006/08/01 15:35:36 | 00,067,112 | ---- | M] (America Online, Inc.)
{FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Button: Messenger] -> [2004/10/13 10:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Menu: Windows Messenger] -> [2004/10/13 10:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\\"{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}" [HKLM] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Yahoo! IE Services Button] -> [2006/10/31 14:33:52 | 00,198,136 | ---- | M] (Yahoo! Inc.)
CmdMapping\\"{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}" [HKLM] -> %ProgramFiles%\AIM\aim.exe [AIM] -> [2006/08/01 15:35:36 | 00,067,112 | ---- | M] (America Online, Inc.)
CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/10/13 10:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
PluginsPageFriendlyName -> Microsoft ActiveX Gallery ->
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s ->
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 2 domain(s) found. ->
online_musicmatch.com [https] -> Trusted sites ->
2 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 2 domain(s) found. ->
internet .[about] -> Trusted sites ->
mcafee.com .[http] -> Trusted sites ->
mcafee.com .[https] -> Trusted sites ->
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{0CCA191D-13A6-4E29-B746-314DEE697D83} [HKLM] -> http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab[Facebook Photo Uploader 5 Control] ->
{166B1BCA-3F9C-11CF-8075-444553540000} [HKLM] -> http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab[Shockwave ActiveX Control] ->
{30528230-99f7-4bb4-88d8-fa1d4f56a2ab} [HKLM] -> C:\Program Files\Yahoo!\Common\Yinsthelper.dll[Installation Support] ->
{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} [HKLM] -> http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab[McAfee.com Operating System Class] ->
{8A94C905-FF9D-43B6-8708-F0F22D22B1CB} [HKLM] -> http://www.worldwinner.com/games/shared/wwlaunch.cab[Wwlaunch Control] ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_08-windows-i586.cab[Java Plug-in 1.5.0_08] ->
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [HKLM] -> http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab[Reg Error: Key does not exist or could not be opened.] ->
{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab[Java Plug-in 1.4.2_03] ->
{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_08-windows-i586.cab[Java Plug-in 1.5.0_08] ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_08-windows-i586.cab[Java Plug-in 1.5.0_08] ->
{CF969D51-F764-4FBF-9E90-475248601C8A} [HKLM] -> http://www.worldwinner.com/games/v47/familyfeud/familyfeud.cab[FamilyFeud Control] ->
{D27CDB6E-AE6D-11CF-96B8-444553540000} [HKLM] -> https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab[Shockwave Flash Object] ->
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{36EAF0B3-1DB8-4AD2-AB90-E3686DA7B1F8} -> () ->
{41E1BC79-DA2A-4C60-B253-39FE9B53D592} -> (Dell Wireless 1370 WLAN Mini-PCI Card) ->
{4DFC1A2C-2171-4FC9-A94F-6FBB5F21D968} -> (Broadcom 440x 10/100 Integrated Controller) ->
< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs ->
*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls ->
C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL -> %ProgramFiles%\Google\Google Desktop Search\GoogleDesktopNetwork3.dll -> [2006/08/03 12:36:52 | 00,111,616 | ---- | M] ()
hfydll.dll -> -> File not found
qjnmbl.dll -> %SystemRoot%\system32\qjnmbl.dll -> [2008/12/06 21:21:00 | 00,129,024 | ---- | M] ()
*MultiFile Done* -> ->
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
igfxcui -> %SystemRoot%\system32\igfxdev.dll -> [2005/10/14 19:45:38 | 00,135,168 | ---- | M] (Intel Corporation)
< LSA Authentication Packages [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages ->
*LSA Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages ->
C:\WINDOWS\system32\khfdbBTK -> %SystemRoot%\system32\khfdbBTK.dll -> [2008/12/03 17:35:42 | 00,302,592 | ---- | M] ()
*MultiFile Done* -> ->
< Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List ->
"%windir%\Network Diagnostic\xpnetdiag.exe" -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> [2006/10/10 06:44:50 | 00,557,568 | ---- | M] (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> [2004/08/04 04:00:00 | 00,140,800 | ---- | M] (Microsoft Corporation)
"C:\Program Files\America Online 9.0\
  • 0

#4
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
HI the log was cut off can you please attach it here?
  • 0

#5
ajdavid

ajdavid

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
I copy/pasted it to a word document.

Hopefully you can read it all.

Attached Files


  • 0

#6
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Hi it looks like it was the same one pasted it is still cut off.
I will also need it in .txt format.
Please try running the scan again if you cannot find the original log.
Try to attach the log here in it's entirety and as a text file please word splits it up too much for me to read it.
Thanks.
  • 0

#7
ajdavid

ajdavid

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Hopefully attached you will find what you need and nothing will be cut off.

Attached Files


  • 0

#8
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
1. Please download The Avenger2 by Swandog46 to your Desktop.
  • Right click on the Avenger.zip folder and select "Extract All..."
  • Follow the prompts and extract the avenger folder to your desktop
2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Files to delete:
%systemdrive%\bflkwx.exe
%systemdrive%\fjytg.exe
%systemroot%\asevutoka.dll
%systemroot%\icicapaqekojoto.dll
%systemroot%\igijiyed.dll
%systemroot%\ikubuvog.dll
%systemroot%\itexaqakoy.dll
%systemroot%\system32\a.exe
%systemroot%\system32\ayszgfctqzwiwwdas.exe
%systemroot%\system32\bhbang.dll
%systemroot%\system32\dakfwl.dll
%systemroot%\system32\etblghnc.dll
%systemroot%\system32\fjkqbgph.ini
%systemroot%\system32\g85.exe
%systemroot%\system32\gside.exe
%systemroot%\system32\gylwfleykigbldt.exe
%systemroot%\system32\hpgbqkjf.dll
%systemroot%\system32\hsiokd.dll
%systemroot%\system32\ijqqjyos.ini
%systemroot%\system32\jjgdsknpjlwoa.dll-uninst.exe
%systemroot%\system32\keecxgjs.dll
%systemroot%\system32\khfdbbtk.dll
%systemroot%\system32\ktbbdfhk.ini
%systemroot%\system32\ktbbdfhk.ini2
%systemroot%\system32\ljjypqkk.dll
%systemroot%\system32\lolaab.dll
%systemroot%\system32\mbfdax.dll
%systemroot%\system32\msnav32.ax
%systemroot%\system32\nhbsrdcb.dll
%systemroot%\system32\pbudrtnb.dll
%systemroot%\system32\pinkip.ico
%systemroot%\system32\qjnmbl.dll
%systemroot%\system32\rcgrmbcb.dll
%systemroot%\system32\rgrciauj.ini
%systemroot%\system32\sobvatvw.dll
%systemroot%\system32\tbyupkip.ini
%systemroot%\system32\vxjjqrxg.dll
%systemroot%\system32\winpfz33.sys
%systemroot%\system32\wvtavbos.ini
%systemroot%\system32\ykvucipp.ini
%systemroot%\system32\zxdnt3d.cfg
%systemroot%\tasks\nvjloejg.job
%systemroot%\ufuyubaderoteg.dll
c:\windows\tasks\nvjloejg.job
Folders to delete:
%appdata%\gadcom
%appdata%\iupd721
%appdata%\ni.gscns
%systemroot%\system32\bin
%systemroot%\system32\ki3
%systemroot%\system32\uv9
%systemroot%\system32\vc
%userprofile%\local settings\application data\.#
c:\documents and settings\alex davidson\application data\gadcom
c:\documents and settings\alex davidson\application data\iupd721
c:\documents and settings\alex davidson\application data\ni.gscns
c:\documents and settings\alex davidson\application data\zango
c:\documents and settings\all users\application data\zangosa


Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


3. Now, open the avenger folder and start The Avenger program by clicking on its icon.
  • Right click on the window under Input script here:, and select Paste.
  • You can also Paste the text copied to the clipboard into this window by pressing (Ctrl+V), or click on the third button under the menu to paste it from the clipboard.
  • Click on Execute
  • Answer "Yes" twice when prompted.
4. The Avenger will automatically do the following:
  • It will Restart your computer. ( In cases where the code to execute contains "Drivers to Delete" or "Drivers to Disable", The Avenger will actually restart your system twice.)
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
5. Please copy/paste the content of c:\avenger.txt into your reply.
====================
Open the OTScanIt2 folder and double-click on OTScanIt2.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
Copy/Paste the information in the codebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Kill Explorer]
[Unregister Dlls]
[Registry - Safe List]
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YY -> {1af050eb-beb4-4d45-a704-43c571d01061} [HKLM] -> %SystemRoot%\system32\lolaab.dll [Reg Error: Value  does not exist or could not be read.]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YY -> "Akuxerocoh" -> %SystemRoot%\Asevutoka.dll [rundll32.exe "C:\WINDOWS\Asevutoka.dll",e]
NY -> "Bdowucipihax" -> %SystemRoot%\ufuyubaderoteg.dll [rundll32.exe "C:\WINDOWS\ufuyubaderoteg.dll",e]
< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls
YN -> hfydll.dll -> 
YY -> mbfdax.dll -> %SystemRoot%\system32\mbfdax.dll
< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
< LSA Authentication Packages [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages
*LSA Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages
YY -> C:\WINDOWS\system32\khfdbBTK -> %SystemRoot%\system32\khfdbBTK.dll
< LSA Authentication Packages [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages
[Files/Folders - Created Within 30 Days]
NY -> fjkqbgph.ini -> %SystemRoot%\System32\fjkqbgph.ini
NY -> hpgbqkjf.dll -> %SystemRoot%\System32\hpgbqkjf.dll
NY -> mbfdax.dll -> %SystemRoot%\System32\mbfdax.dll
NY -> vxjjqrxg.dll -> %SystemRoot%\System32\vxjjqrxg.dll
NY -> wvtavbos.ini -> %SystemRoot%\System32\wvtavbos.ini
NY -> sobvatvw.dll -> %SystemRoot%\System32\sobvatvw.dll
NY -> qjnmbl.dll -> %SystemRoot%\System32\qjnmbl.dll
NY -> etblghnc.dll -> %SystemRoot%\System32\etblghnc.dll
NY -> rgrciauj.ini -> %SystemRoot%\System32\rgrciauj.ini
NY -> bhbang.dll -> %SystemRoot%\System32\bhbang.dll
NY -> keecxgjs.dll -> %SystemRoot%\System32\keecxgjs.dll
NY -> dakfwl.dll -> %SystemRoot%\System32\dakfwl.dll
NY -> nhbsrdcb.dll -> %SystemRoot%\System32\nhbsrdcb.dll
NY -> ijqqjyos.ini -> %SystemRoot%\System32\ijqqjyos.ini
NY -> hsiokd.dll -> %SystemRoot%\System32\hsiokd.dll
NY -> pbudrtnb.dll -> %SystemRoot%\System32\pbudrtnb.dll
NY -> tbyupkip.ini -> %SystemRoot%\System32\tbyupkip.ini
NY -> lolaab.dll -> %SystemRoot%\System32\lolaab.dll
NY -> rcgrmbcb.dll -> %SystemRoot%\System32\rcgrmbcb.dll
NY -> itexaqakoy.dll -> %SystemRoot%\itexaqakoy.dll
NY -> igijiyed.dll -> %SystemRoot%\igijiyed.dll
NY -> icicapaqekojoto.dll -> %SystemRoot%\icicapaqekojoto.dll
NY -> pinkip.ico -> %SystemRoot%\System32\pinkip.ico
NY -> ikubuvog.dll -> %SystemRoot%\ikubuvog.dll
NY -> winpfz33.sys -> %SystemRoot%\System32\winpfz33.sys
NY -> ayszgfctqzwiwwdas.exe -> %SystemRoot%\System32\ayszgfctqzwiwwdas.exe
NY -> g85.exe -> %SystemRoot%\System32\g85.exe
NY -> IUpd721 -> %AppData%\IUpd721
NY -> ufuyubaderoteg.dll -> %SystemRoot%\ufuyubaderoteg.dll
NY -> ljJYpQkK.dll -> %SystemRoot%\System32\ljJYpQkK.dll
NY -> NI.GSCNS -> %AppData%\NI.GSCNS
NY -> ykvucipp.ini -> %SystemRoot%\System32\ykvucipp.ini
NY -> jjgdsknpjlwoa.dll-uninst.exe -> %SystemRoot%\System32\jjgdsknpjlwoa.dll-uninst.exe
NY -> zxdnt3d.cfg -> %SystemRoot%\System32\zxdnt3d.cfg
NY -> gside.exe -> %SystemRoot%\System32\gside.exe
NY -> Asevutoka.dll -> %SystemRoot%\Asevutoka.dll
NY -> bflkwx.exe -> %SystemDrive%\bflkwx.exe
NY -> gylwfleykigbldt.exe -> %SystemRoot%\System32\gylwfleykigbldt.exe
NY -> fjytg.exe -> %SystemDrive%\fjytg.exe
NY -> msnav32.ax -> %SystemRoot%\System32\msnav32.ax
NY -> KTBbdfhk.ini2 -> %SystemRoot%\System32\KTBbdfhk.ini2
NY -> KTBbdfhk.ini -> %SystemRoot%\System32\KTBbdfhk.ini
NY -> khfdbBTK.dll -> %SystemRoot%\System32\khfdbBTK.dll
NY -> uv9 -> %SystemRoot%\System32\uv9
NY -> ki3 -> %SystemRoot%\System32\ki3
NY -> nvjloejg.job -> %SystemRoot%\tasks\nvjloejg.job
NY -> bin -> %SystemRoot%\System32\bin
NY -> VC -> %SystemRoot%\System32\VC
NY -> gadcom -> %AppData%\gadcom
NY -> .# -> %UserProfile%\Local Settings\Application Data\.#
NY -> a.exe -> %SystemRoot%\System32\a.exe
[Files/Folders - Modified Within 30 Days]
NY -> KTBbdfhk.ini -> %SystemRoot%\System32\KTBbdfhk.ini
NY -> KTBbdfhk.ini2 -> %SystemRoot%\System32\KTBbdfhk.ini2
NY -> nvjloejg.job -> %SystemRoot%\tasks\nvjloejg.job
NY -> fjkqbgph.ini -> %SystemRoot%\System32\fjkqbgph.ini
NY -> hpgbqkjf.dll -> %SystemRoot%\System32\hpgbqkjf.dll
NY -> vxjjqrxg.dll -> %SystemRoot%\System32\vxjjqrxg.dll
NY -> mbfdax.dll -> %SystemRoot%\System32\mbfdax.dll
NY -> wvtavbos.ini -> %SystemRoot%\System32\wvtavbos.ini
NY -> sobvatvw.dll -> %SystemRoot%\System32\sobvatvw.dll
NY -> rgrciauj.ini -> %SystemRoot%\System32\rgrciauj.ini
NY -> qjnmbl.dll -> %SystemRoot%\System32\qjnmbl.dll
NY -> etblghnc.dll -> %SystemRoot%\System32\etblghnc.dll
NY -> keecxgjs.dll -> %SystemRoot%\System32\keecxgjs.dll
NY -> bhbang.dll -> %SystemRoot%\System32\bhbang.dll
NY -> nhbsrdcb.dll -> %SystemRoot%\System32\nhbsrdcb.dll
NY -> dakfwl.dll -> %SystemRoot%\System32\dakfwl.dll
NY -> ijqqjyos.ini -> %SystemRoot%\System32\ijqqjyos.ini
NY -> tbyupkip.ini -> %SystemRoot%\System32\tbyupkip.ini
NY -> pbudrtnb.dll -> %SystemRoot%\System32\pbudrtnb.dll
NY -> hsiokd.dll -> %SystemRoot%\System32\hsiokd.dll
NY -> rcgrmbcb.dll -> %SystemRoot%\System32\rcgrmbcb.dll
NY -> lolaab.dll -> %SystemRoot%\System32\lolaab.dll
NY -> itexaqakoy.dll -> %SystemRoot%\itexaqakoy.dll
NY -> igijiyed.dll -> %SystemRoot%\igijiyed.dll
NY -> icicapaqekojoto.dll -> %SystemRoot%\icicapaqekojoto.dll
NY -> pinkip.ico -> %SystemRoot%\System32\pinkip.ico
NY -> ikubuvog.dll -> %SystemRoot%\ikubuvog.dll
NY -> winpfz33.sys -> %SystemRoot%\System32\winpfz33.sys
NY -> ayszgfctqzwiwwdas.exe -> %SystemRoot%\System32\ayszgfctqzwiwwdas.exe
NY -> g85.exe -> %SystemRoot%\System32\g85.exe
NY -> msnav32.ax -> %SystemRoot%\System32\msnav32.ax
NY -> gylwfleykigbldt.exe -> %SystemRoot%\System32\gylwfleykigbldt.exe
NY -> bflkwx.exe -> %SystemDrive%\bflkwx.exe
NY -> fjytg.exe -> %SystemDrive%\fjytg.exe
NY -> ufuyubaderoteg.dll -> %SystemRoot%\ufuyubaderoteg.dll
NY -> ljJYpQkK.dll -> %SystemRoot%\System32\ljJYpQkK.dll
NY -> ykvucipp.ini -> %SystemRoot%\System32\ykvucipp.ini
NY -> jjgdsknpjlwoa.dll-uninst.exe -> %SystemRoot%\System32\jjgdsknpjlwoa.dll-uninst.exe
NY -> zxdnt3d.cfg -> %SystemRoot%\System32\zxdnt3d.cfg
NY -> gside.exe -> %SystemRoot%\System32\gside.exe
NY -> Asevutoka.dll -> %SystemRoot%\Asevutoka.dll
NY -> khfdbBTK.dll -> %SystemRoot%\System32\khfdbBTK.dll
NY -> a.exe -> %SystemRoot%\System32\a.exe
[File - Lop Check]
NY -> gadcom -> C:\Documents and Settings\Alex Davidson\Application Data\gadcom
NY -> IUpd721 -> C:\Documents and Settings\Alex Davidson\Application Data\IUpd721
NY -> NI.GSCNS -> C:\Documents and Settings\Alex Davidson\Application Data\NI.GSCNS
NY -> Zango -> C:\Documents and Settings\Alex Davidson\Application Data\Zango
NY -> ZangoSA -> C:\Documents and Settings\All Users\Application Data\ZangoSA
NY -> nvjloejg.job -> C:\WINDOWS\Tasks\nvjloejg.job
[Empty Temp Folders]
[Start Explorer]

The fix should only take a very short time. When the fix is completed either a message box will popup telling you that it is finished or you will be asked to reboot to finish the fix. If it is finished, click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here.
If a reboot is required, click the "Yes" button to reboot the machine. After the reboot, OTScanIt will finish moving any files that could not be moved during the fix and NotePad will open with the final results at that time. Post that information back here.
I will review the information when it comes back in.
=====================================================
Then:

Download ComboFix from one of these locations:

Link 1
Link 2
Link 3


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
  • 0

#9
ajdavid

ajdavid

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Three logs for you to look over.

Attached Files


  • 0

#10
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatley.
================
After that please post a new Hijackthis log and the MalwareBytes log and let me lknow how it's it running?
  • 0

#11
ajdavid

ajdavid

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
It seems to be running much better, thank you.

Here are the final two logs attached. Let me know if you find anything else that needs attention.

Attached Files


  • 0

#12
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Cleanup:

Please download OT CLeanit from Here save it to your desktop.
Double click on OT Clean it to run it.
Then click on Clean up.
Restart your computer when prompted.
This will remove what tools we used.
===============
Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Scroll down to where it says "Java SE Runtime Environment (JRE) 6 Update 11...allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u10-windows-i586-p.exe to install the newest version.

======================
Use a Firewall:

Install and use a firewall with outbound protection
While the firewall built into Windows XP is adequate to protect you from incoming attacks, it will not be much help in alerting you to programs already on your PC attempting to connect to remote servers
I therefore strongly recommend that you install one of the following free firewalls: Sunbelt Free Firewall or Zonealarm
See Bleepingcomputer's excellent tutorial to help using and understanding a firewall here
Note: You should only have one firewall installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as seriously impairing the performance of your PC.


=============================
Delete\uninstall anything else that we have used.

System Restore
Then I will need you to reset your System Restore points.
The link below shows how to create a clean restore point.
How to Turn On and Turn Off System Restore in Windows XP
http://support.micro...kb/310405/en-us

If you are using Vista then see this link > http://www.bleepingc...143.html#manual
=====================================
After that your log is clean. :)

The following is a list of tools and utilities that I like to suggest to people.
You do not have to have all or any of them they are only suggestions.
This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.

Spybot Search & Destroy-Uber powerful tool which can search and annhilate nasties that make it onto your system. Now with an Immunize section that will help prevent future infections.

Spyware Blaster - Great prevention tool to keep nasties from installing on your system.

Spywareguard-Works as a Spyware "Shield" to protect your computer from getting malware in the first place.

Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.

Prevention article To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections please read the Prevention artice by Miekiemoes.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP