Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Google/ Yahoo Browser Hijack

Started by alasyx , Jan 03 2009 12:01 PM

  • Please log in to reply

#1
alasyx
Posted 03 January 2009 - 12:01 PM

alasyx

    New Member

  • Member
  • Pip
  • 2 posts
Hi,

I would appreciate some help as I have ran Syntamac, Malwarebytes, and Sybot and nothing helps. These programs are finding nothing but my google and yahoo stll redirect. I spent hours re-running and now have computer in safe mode. I would so appreciate your help! Here is my hijack log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:59:10 PM, on 1/3/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\cwintoa\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://smforms.john...tal/myportal/cg (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://smforms.john...tal/myportal/cg (obfuscated)
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://autoconfig.jci.com:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: eMusic Toolbar - {9ee802e8-c931-47ab-b570-aa8f791598ca} - C:\Program Files\eMusic\tbeMus.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [FRYMXINS] "C:\Program Files\ATI Technologies\Fire GL 3D Studio Max\atiimxgl"
O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AClntUsr] C:\Program Files\Altiris\AClient\AClntUsr.EXE
O4 - HKLM\..\Run: [AeXAgentLogon] C:\Program Files\Altiris\Altiris Agent\AeXAgentActivate.exe /logon
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] c:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [AccessManager] C:\Program Files\AccessManager\Client\AccessMgr.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\RunOnce: [!CleanupNetMeetingDispDriver] "C:\WINDOWS\system32\rundll32.exe" msconf.dll,CleanupNetMeetingDispDriver 0
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKLM\..\RunOnce: [GrpConv] grpconv -o
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcStd7_0_9 -reboot 1
O4 - HKCU\..\Run: [Sametime Connect] "C:\Program Files\Lotus\Sametime Client\Connect.exe"
O4 - HKCU\..\Run: [NetZero_uoltray] C:\Program Files\NetZero\exec.exe regrun
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: AIM Version Update Reminder.lnk = C:\Program Files\Johnson Controls\AIM\AimVer\reminder.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - https://jwimkns8.na....om/iNotes6W.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = cg.na.jci.com
O17 - HKLM\Software\..\Telephony: DomainName = cg.na.jci.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = cg.na.jci.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = cg.na.jci.com,cg.jci.com,naremote.amer.york.com,yorkpa.amer.york.com,mke.cg.na.j
ci.com,mke.cg.jci.com,corp.na.jci.com,na.jci.com,corp.jci.com,jci.com,johnsoncont
rols.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = cg.na.jci.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = cg.na.jci.com,cg.jci.com,naremote.amer.york.com,yorkpa.amer.york.com,mke.cg.na.j
ci.com,mke.cg.jci.com,corp.na.jci.com,na.jci.com,corp.jci.com,jci.com,johnsoncont
rols.com
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = cg.na.jci.com
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: SearchList = cg.na.jci.com,cg.jci.com,naremote.amer.york.com,yorkpa.amer.york.com,mke.cg.na.j
ci.com,mke.cg.jci.com,corp.na.jci.com,na.jci.com,corp.jci.com,jci.com,johnsoncont
rols.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = cg.na.jci.com,cg.jci.com,naremote.amer.york.com,yorkpa.amer.york.com,mke.cg.na.j
ci.com,mke.cg.jci.com,corp.na.jci.com,na.jci.com,corp.jci.com,jci.com,johnsoncont
rols.com
O20 - Winlogon Notify: DeviceNP - C:\WINDOWS\SYSTEM32\DeviceNP.dll
O23 - Service: Altiris Client Service (AClient) - Altiris, Inc. - C:\Program Files\Altiris\AClient\AClient.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Altiris Agent (AeXNSClient) - Altiris, Inc. - C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe
O23 - Service: Access Manager Configuration Service (AMBroker) - Unknown owner - C:\Program Files\AccessManager\Client\AMBroker.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Altiris Carbon Copy (CarbonCopy32) - Altiris - C:\WINDOWS\system32\ccsrvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Visual Insight DA Plugin (DAPlugin) - WorldCom - C:\Program Files\AccessManager\Client\DAPlugin.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - c:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: DameWare Mini Remote Control (DWMRCS) - DameWare Development LLC - C:\WINDOWS\SYSTEM32\DWRCS.EXE
O23 - Service: HP ProtectTools Device Locking / Auditing (FLCDLOCK) - Hewlett-Packard Ltd - c:\WINDOWS\system32\flcdlock.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - C:\WINDOWS\system32\IFXSPMGT.exe
O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - C:\WINDOWS\system32\IFXTCS.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Personal Secure Drive Service (PersonalSecureDriveService) - Infineon Technologies AG - C:\Program Files\ProtectTools\Embedded Security Software\PSDsrvc.EXE
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SP Software Installer - Smartpipes, Inc. - C:\Program Files\AccessManager\PMAC\sp_SWIns.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Visual Insight Dial Analysis (sp_spi_da) - Smartpipes, Inc. - C:\Program Files\AccessManager\SMOC\spi_da.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - c:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: TSM Scheduler - IBM Corporation - c:\Program Files\Tivoli\TSM\baclient\dsmcsvc.exe

--
End of file - 13956 bytes
  • 0

Advertisements

#2
alasyx
Posted 03 January 2009 - 01:09 PM

alasyx

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
Also, I ran OTScan after looking at another post, results are below:

Current Boot Mode: SafeMode with Networking
Scan Mode: All users
Whitelist: On
File Age = 30 Days

[Processes - Safe List]
iexplore.exe -> %ProgramFiles%\Internet Explorer\IEXPLORE.EXE -> [2006/02/28 07:00:00 | 00,093,184 | ---- | M] (Microsoft Corporation)
otscanit2.exe -> %UserProfile%\Desktop\OTScanIt2\OTScanIt2.exe -> [2009/01/03 12:44:42 | 00,485,888 | ---- | M] (OldTimer Tools)
otscanit2.exe -> %UserProfile%\Desktop\OTScanIt2\OTScanIt2.exe -> [2009/01/03 12:44:42 | 00,485,888 | ---- | M] (OldTimer Tools)

[Win32 Services - Safe List]
(AClient) Altiris Client Service [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Altiris\AClient\ACLIENT.EXE -> [2004/06/21 19:17:20 | 04,837,452 | ---- | M] (Altiris, Inc.)
(Adobe LM Service) Adobe LM Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Adobe Systems Shared\Service\Adobelmsvc.exe -> [2007/07/03 10:10:18 | 00,069,632 | ---- | M] (Adobe Systems)
(AeXNSClient) Altiris Agent [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Altiris\Altiris Agent\AeXNSAgent.exe -> [2008/05/12 02:11:50 | 01,523,712 | ---- | M] (Altiris, Inc.)
(AMBroker) Access Manager Configuration Service [Win32_Own | Auto | Stopped] -> %ProgramFiles%\AccessManager\Client\AMBroker.exe -> [2004/03/04 13:57:58 | 00,081,920 | ---- | M] ()
(Apple Mobile Device) Apple Mobile Device [Win32_Own | Auto | Stopped] -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> [2008/02/18 10:16:30 | 00,110,592 | ---- | M] (Apple, Inc.)
(aspnet_state) ASP.NET State Service [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -> [2005/09/23 07:28:32 | 00,029,896 | ---- | M] (Microsoft Corporation)
(Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Auto | Stopped] -> %SystemRoot%\system32\ati2evxx.exe -> [2006/05/10 09:21:08 | 00,405,504 | ---- | M] (ATI Technologies Inc.)
(Bonjour Service) Bonjour Service [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> [2007/07/24 14:17:08 | 00,229,376 | ---- | M] (Apple Inc.)
(btwdins) Bluetooth Service [Win32_Own | Auto | Stopped] -> %ProgramFiles%\WIDCOMM\Bluetooth Software\bin\btwdins.exe -> [2006/02/27 15:55:44 | 00,258,103 | ---- | M] (Broadcom Corporation.)
(CarbonCopy32) Altiris Carbon Copy [Win32_Own | Auto | Stopped] -> %SystemRoot%\system32\CCSRVC.exe -> [2007/05/29 18:52:10 | 00,049,152 | ---- | M] (Altiris)
(ccEvtMgr) Symantec Event Manager [Win32_Own | Auto | Stopped] -> %CommonProgramFiles%\Symantec Shared\ccEvtMgr.exe -> [2006/07/19 18:26:06 | 00,192,160 | ---- | M] (Symantec Corporation)
(ccSetMgr) Symantec Settings Manager [Win32_Own | Auto | Stopped] -> %CommonProgramFiles%\Symantec Shared\ccSetMgr.exe -> [2006/07/19 18:26:12 | 00,169,632 | ---- | M] (Symantec Corporation)
(clr_optimization_v2.0.50727_32) .NET Runtime Optimization Service v2.0.50727_X86 [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -> [2005/09/23 07:28:56 | 00,066,240 | ---- | M] (Microsoft Corporation)
(CVPND) Cisco Systems, Inc. VPN Service [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Cisco Systems\VPN Client\cvpnd.exe -> [2004/04/14 09:31:40 | 01,425,424 | ---- | M] (Cisco Systems, Inc.)
(DAPlugin) Visual Insight DA Plugin [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\AccessManager\Client\DAPlugin.exe -> [2004/03/04 13:58:16 | 00,081,920 | ---- | M] (WorldCom)
(DefWatch) Symantec AntiVirus Definition Watcher [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Symantec AntiVirus\DefWatch.exe -> [2006/09/27 19:33:22 | 00,031,472 | ---- | M] (Symantec Corporation)
(DWMRCS) DameWare Mini Remote Control [Win32_Own | Auto | Stopped] -> %SystemRoot%\system32\DWRCS.EXE -> [2008/02/13 17:46:38 | 00,232,960 | ---- | M] (DameWare Development LLC)
(FLCDLOCK) HP ProtectTools Device Locking / Auditing [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\system32\flcdlock.exe -> [2006/02/28 16:46:36 | 00,155,733 | ---- | M] (Hewlett-Packard Ltd)
(FontCache3.0.0.0) Windows Presentation Foundation Font Cache 3.0.0.0 [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -> [2006/10/20 20:21:24 | 00,036,864 | ---- | M] (Microsoft Corporation)
(gusvc) Google Software Updater [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> [2008/12/28 22:51:47 | 00,182,768 | ---- | M] (Google)
(helpsvc) Help and Support [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\pchealth\helpctr\binaries\pchsvc.dll -> [2006/02/28 07:00:00 | 00,038,912 | ---- | M] (Microsoft Corporation)
(hpqcxs08) hpqcxs08 [Win32_Shared | On_Demand | Stopped] -> %ProgramFiles%\HP\Digital Imaging\bin\hpqcxs08.dll -> [2007/06/04 21:14:50 | 00,217,088 | ---- | M] (Hewlett-Packard Co.)
(hpqddsvc) HP CUE DeviceDiscovery Service [Win32_Shared | Auto | Stopped] -> %ProgramFiles%\HP\Digital Imaging\bin\hpqddsvc.dll -> [2007/06/04 21:14:50 | 00,131,072 | ---- | M] (Hewlett-Packard Co.)
(hpqwmiex) hpqwmiex [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Hewlett-Packard\Shared\hpqwmiex.exe -> [2006/01/12 14:31:22 | 00,098,304 | ---- | M] (Hewlett-Packard Development Company, L.P.)
(IAANTMon) Intel® Matrix Storage Event Monitor [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Intel\Intel Matrix Storage Manager\IAANTMon.exe -> [2005/10/12 12:30:24 | 00,086,140 | ---- | M] (Intel Corporation)
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> [2005/04/04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation)
(idsvc) Windows CardSpace [Win32_Shared | Unknown | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -> [2006/10/30 02:33:58 | 00,741,376 | ---- | M] (Microsoft Corporation)
(IFXSpMgtSrv) Security Platform Management Service [Win32_Own | Auto | Stopped] -> %SystemRoot%\system32\IFXSPMGT.exe -> [2006/03/03 15:29:04 | 00,507,904 | ---- | M] (Infineon Technologies AG)
(IFXTCS) Trusted Platform Core Service [Win32_Own | Auto | Stopped] -> %SystemRoot%\system32\IFXTCS.exe -> [2006/03/03 15:07:40 | 00,741,376 | ---- | M] (Infineon Technologies AG)
(iPod Service) iPod Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\iPod\bin\iPodService.exe -> [2008/02/19 12:10:24 | 00,504,104 | ---- | M] (Apple Inc.)
(Irmon) Infrared Monitor [Win32_Shared | Auto | Stopped] -> %SystemRoot%\system32\irmon.dll -> [2004/08/04 00:56:44 | 00,027,136 | ---- | M] (Microsoft Corporation)
(LiveUpdate) LiveUpdate [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Symantec\LiveUpdate\LuComServer_3_1.EXE -> [2006/08/25 11:00:38 | 02,528,960 | ---- | M] (Symantec Corporation)
(MDM) Machine Debug Manager [Win32_Own | Auto | Stopped] -> %CommonProgramFiles%\Microsoft Shared\VS7DEBUG\MDM.EXE -> [2003/06/19 22:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation)
(MSSQLSERVER) MSSQLSERVER [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe -> [2005/05/03 23:04:28 | 09,150,464 | ---- | M] (Microsoft Corporation)
(MSSQLServerADHelper) MSSQLServerADHelper [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe -> [2005/05/03 21:50:28 | 00,073,728 | ---- | M] (Microsoft Corporation)
(Net Driver HPZ12) Net Driver HPZ12 [Win32_Own | Auto | Stopped] -> %SystemRoot%\system32\HPZinw12.dll -> [2006/11/08 15:35:36 | 00,043,520 | ---- | M] (Hewlett-Packard)
(NetTcpPortSharing) Net.Tcp Port Sharing Service [Win32_Shared | Disabled | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -> [2006/10/30 02:34:02 | 00,122,880 | ---- | M] (Microsoft Corporation)
(ose) Office Source Engine [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Microsoft Shared\Source Engine\OSE.EXE -> [2003/07/28 11:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation)
(PersonalSecureDriveService) Personal Secure Drive Service [Win32_Own | Auto | Stopped] -> %ProgramFiles%\ProtectTools\Embedded Security Software\PSDsrvc.EXE -> [2005/11/29 16:56:36 | 00,099,872 | ---- | M] (Infineon Technologies AG)
(Pml Driver HPZ12) Pml Driver HPZ12 [Win32_Own | Auto | Stopped] -> %SystemRoot%\system32\HPZipm12.dll -> [2006/11/08 15:35:38 | 00,053,248 | ---- | M] (Hewlett-Packard)
(SavRoam) SavRoam [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\Symantec AntiVirus\SavRoam.exe -> [2006/09/27 19:33:38 | 00,116,464 | ---- | M] (symantec)
(SNDSrvc) Symantec Network Drivers Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Symantec Shared\SNDSrvc.exe -> [2006/08/07 15:03:02 | 00,214,720 | ---- | M] (Symantec Corporation)
(SP Software Installer) SP Software Installer [Win32_Own | Auto | Stopped] -> %ProgramFiles%\AccessManager\PMAC\sp_SWIns.exe -> [2004/04/22 15:13:24 | 00,118,784 | ---- | M] (Smartpipes, Inc.)
(SPBBCSvc) Symantec SPBBCSvc [Win32_Own | Auto | Stopped] -> %CommonProgramFiles%\Symantec Shared\SPBBC\SPBBCSvc.exe -> [2006/04/11 16:13:38 | 01,160,848 | ---- | M] (Symantec Corporation)
(sp_spi_da) Visual Insight Dial Analysis [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\AccessManager\SMOC\spi_da.exe -> [2003/04/17 08:59:16 | 00,081,920 | ---- | M] (Smartpipes, Inc.)
(SQLSERVERAGENT) SQLSERVERAGENT [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Microsoft SQL Server\MSSQL\Binn\sqlagent.EXE -> [2005/05/03 20:42:56 | 00,323,584 | ---- | M] (Microsoft Corporation)
(Symantec AntiVirus) Symantec AntiVirus [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Symantec AntiVirus\Rtvscan.exe -> [2006/09/27 19:33:32 | 01,813,232 | ---- | M] (Symantec Corporation)
(TSM Scheduler) TSM Scheduler [Win32_Own | Auto | Stopped] -> %ProgramFiles%\tivoli\tsm\baclient\dsmcsvc.exe -> [2007/02/21 13:14:56 | 03,117,056 | ---- | M] (IBM Corporation)
(WMPNetworkSvc) Windows Media Player Network Sharing Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Windows Media Player\wmpnetwk.exe -> [2006/10/18 19:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation)
(WudfSvc) Windows Driver Foundation - User-mode Driver Framework [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\WudfSvc.dll -> [2006/09/28 17:56:14 | 00,055,808 | ---- | M] (Microsoft Corporation)

[Driver Services - Safe List]
(Accelerometer) Accelerometer [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\Accelerometer.sys -> [2006/10/17 09:59:06 | 00,022,016 | ---- | M] (Hewlett-Packard Corporation)
(ADIHdAudAddService) ADI UAA Function Driver for High Definition Audio Service [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\ADIHdAud.sys -> [2006/02/28 14:36:20 | 00,176,128 | ---- | M] (Analog Devices, Inc.)
(AEAudioService) AEAudio Service [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\aeaudio.sys -> [2005/06/07 14:53:46 | 00,152,960 | ---- | M] (Andrea Electronics Corporation)
(AgereSoftModem) Agere Systems Soft Modem [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\AGRSM.sys -> [2006/06/29 16:13:08 | 01,160,320 | ---- | M] (Agere Systems)
(AlKernel) Altiris Kernel Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\AlKernel.sys -> [2008/12/31 08:09:45 | 00,002,401 | ---- | M] ()
(ati2mtag) ati2mtag [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\ati2mtag.sys -> [2006/05/10 09:27:22 | 01,543,168 | ---- | M] (ATI Technologies Inc.)
(ATSWPDRV) AuthenTec TruePrint USB Driver (AES2500) [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\atswpdrv.sys -> [2006/03/30 14:39:48 | 00,130,432 | ---- | M] (AuthenTec, Inc.)
(b57w2k) Broadcom NetXtreme Gigabit Ethernet [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\b57xp32.sys -> [2005/10/26 10:01:02 | 00,142,720 | ---- | M] (Broadcom Corporation)
(btaudio) Bluetooth Audio Device [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\btaudio.sys -> [2006/02/27 15:48:20 | 00,401,664 | ---- | M] (Broadcom Corporation.)
(BTDriver) Bluetooth Virtual Communications Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\btport.sys -> [2006/02/27 15:43:44 | 00,030,363 | ---- | M] (Broadcom Corporation.)
(BTKRNL) Bluetooth Bus Enumerator [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\btkrnl.sys -> [2006/02/27 15:45:48 | 01,342,602 | ---- | M] (Broadcom Corporation.)
(BTWDNDIS) Bluetooth LAN Access Server [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\btwdndis.sys -> [2006/02/27 15:40:16 | 00,148,168 | ---- | M] (Broadcom Corporation.)
(BTWUSB) WIDCOMM USB Bluetooth Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\btwusb.sys -> [2006/02/27 15:43:06 | 00,057,096 | ---- | M] (Broadcom Corporation.)
(CCDevice) CCDevice [Kernel | System | Stopped] -> %SystemRoot%\System32\drivers\CCDevice.sys -> [2007/05/29 18:55:50 | 00,009,216 | ---- | M] (Altiris)
(CVirtA) Cisco Systems VPN Adapter [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\CVirtA.sys -> [2003/05/01 12:26:34 | 00,005,220 | ---- | M] (Cisco Systems, Inc.)
(CVPNDRVA) Cisco Systems IPsec Driver [Kernel | Auto | Stopped] -> %SystemRoot%\system32\drivers\CVPNDRVA.sys -> [2004/04/14 09:30:56 | 00,268,874 | ---- | M] (Cisco Systems, Inc.)
(DNE) Deterministic Network Enhancer Miniport [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\dne2000.sys -> [2003/07/24 17:55:50 | 00,139,604 | ---- | M] (Deterministic Networks, Inc.)
(DwMirror) DwMirror [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\DamewareMini.sys -> [2007/02/07 07:00:00 | 00,002,944 | ---- | M] (DameWare Development, Inc.)
(dwvkbd) DameWare Virtual Keyboard 32 bit Driver [Kernel | System | Running] -> %SystemRoot%\system32\drivers\dwvkbd.sys -> [2007/02/15 07:00:00 | 00,026,624 | ---- | M] (DameWare)
(eabfiltr) eabfiltr [Kernel | System | Stopped] -> %SystemRoot%\system32\drivers\eabfiltr.sys -> [2005/09/19 13:23:52 | 00,007,808 | ---- | M] (Hewlett-Packard Development Company, L.P.)
(eabusb) eabusb [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\EabUsb.sys -> [2005/09/19 13:24:20 | 00,005,760 | ---- | M] (Hewlett-Packard Development Company, L.P.)
(eeCtrl) Symantec Eraser Control driver [Kernel | System | Stopped] -> %CommonProgramFiles%\Symantec Shared\EENGINE\eeCtrl.sys -> [2008/12/17 08:35:52 | 00,371,248 | ---- | M] (Symantec Corporation)
(EraserUtilRebootDrv) EraserUtilRebootDrv [Kernel | On_Demand | Stopped] -> %CommonProgramFiles%\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -> [2008/09/08 15:46:27 | 00,099,376 | ---- | M] (Symantec Corporation)
(GEARAspiWDM) GEARAspiWDM [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\GEARAspiWDM.sys -> [2006/09/19 13:44:04 | 00,015,664 | ---- | M] (GEAR Software Inc.)
(GTIPCI21) GTIPCI21 [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\gtipci21.sys -> [2005/05/31 11:46:26 | 00,087,936 | R--- | M] (Texas Instruments)
(HBtnKey) HBtnKey [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\CPQBttn.sys -> [2005/09/19 13:24:10 | 00,009,344 | ---- | M] (Hewlett-Packard Development Company, L.P.)
(HDAudBus) Microsoft UAA Bus Driver for High Definition Audio [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\Hdaudbus.sys -> [2005/01/07 17:07:18 | 00,138,752 | ---- | M] (Windows ® Server 2003 DDK provider)
(hpdskflt) HP Disk Filter Driver [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\hpdskflt.sys -> [2006/10/17 09:57:58 | 00,017,920 | ---- | M] (Hewlett-Packard Corporation)
(HPZid412) IEEE-1284.4 Driver HPZid412 [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\HPZid412.sys -> [2007/03/07 23:20:48 | 00,049,920 | R--- | M] (HP)
(HPZipr12) Print Class Driver for IEEE-1284.4 HPZipr12 [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\HPZipr12.sys -> [2007/03/07 23:20:49 | 00,016,496 | R--- | M] (HP)
(HPZius12) USB to IEEE-1284.4 Translation Driver HPZius12 [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\HPZius12.sys -> [2007/03/07 23:20:50 | 00,021,568 | R--- | M] (HP)
(ialm) ialm [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\ialmnt5.sys -> [2006/06/06 10:32:54 | 01,168,860 | ---- | M] (Intel Corporation)
(iaStor) Intel AHCI Controller [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\iaStor.sys -> [2005/10/12 12:07:12 | 00,874,240 | ---- | M] (Intel Corporation)
(IFXTPM) IFXTPM [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ifxtpm.sys -> [2005/10/21 11:19:34 | 00,036,352 | ---- | M] (Infineon Technologies AG)
(kbdhid) Keyboard HID Driver [Kernel | System | Running] -> %SystemRoot%\system32\drivers\kbdhid.sys -> [2004/08/03 22:58:36 | 00,014,848 | ---- | M] (Microsoft Corporation)
(NAVENG) NAVENG [Kernel | On_Demand | Stopped] -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20090102.006\naveng.sys -> [2008/12/17 08:35:52 | 00,089,104 | ---- | M] (Symantec Corporation)
(NAVEX15) NAVEX15 [Kernel | On_Demand | Stopped] -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20090102.006\navex15.sys -> [2008/12/17 08:35:52 | 00,876,112 | ---- | M] (Symantec Corporation)
(NETw3x32) Intel® PRO/Wireless 3945ABG Adapter Driver for Windows XP 32 Bit [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\NETw3x32.sys -> [2006/09/27 08:36:00 | 01,709,696 | ---- | M] (Intel® Corporation)
(PersonalSecureDrive) PersonalSecureDrive [Kernel | System | Running] -> %SystemRoot%\system32\drivers\psd.sys -> [2005/11/29 16:56:28 | 00,036,768 | ---- | M] (Infineon Technologies AG)
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ptilink.sys -> [2006/02/28 07:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.)
(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\pxhelp20.sys -> [2007/06/28 15:24:50 | 00,020,576 | ---- | M] (Sonic Solutions)
(SAVRT) SAVRT [Kernel | System | Stopped] -> %ProgramFiles%\Symantec AntiVirus\savrt.sys -> [2006/09/06 13:41:20 | 00,337,592 | ---- | M] (Symantec Corporation)
(SAVRTPEL) SAVRTPEL [Kernel | System | Stopped] -> %ProgramFiles%\Symantec AntiVirus\Savrtpel.sys -> [2006/09/06 13:41:20 | 00,054,968 | ---- | M] (Symantec Corporation)
(sdbus) sdbus [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\sdbus.sys -> [2006/02/28 07:00:00 | 00,067,584 | ---- | M] (Microsoft Corporation)
(Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\secdrv.sys -> [2006/02/28 07:00:00 | 00,027,440 | ---- | M] ()
(SMCIRDA) SMC IrCC Miniport Device Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\smcirda.sys -> [2001/08/17 12:10:28 | 00,035,913 | ---- | M] (SMC)
(SPBBCDrv) SPBBCDrv [Kernel | System | Stopped] -> %CommonProgramFiles%\Symantec Shared\SPBBC\SPBBCDrv.sys -> [2006/04/11 16:13:34 | 00,389,776 | ---- | M] (Symantec Corporation)
(SymEvent) SymEvent [Kernel | On_Demand | Stopped] -> %ProgramFiles%\Symantec\SYMEVENT.SYS -> [2006/09/18 16:55:28 | 00,109,744 | ---- | M] (Symantec Corporation)
(SYMREDRV) SYMREDRV [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\symredrv.sys -> [2006/08/07 15:02:22 | 00,024,768 | ---- | M] (Symantec Corporation)
(SYMTDI) SYMTDI [Kernel | System | Stopped] -> %SystemRoot%\system32\drivers\symtdi.sys -> [2006/08/07 15:02:26 | 00,195,776 | ---- | M] (Symantec Corporation)
(SynTP) Synaptics TouchPad Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\SynTP.sys -> [2006/03/31 15:41:40 | 00,193,056 | ---- | M] (Synaptics, Inc.)
(tifm21) tifm21 [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\tifm21.sys -> [2005/09/20 10:30:56 | 00,162,432 | ---- | M] (Texas Instruments)
(vsdatant) vsdatant [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\vsdatant.sys -> [2003/08/28 20:40:26 | 00,189,792 | ---- | M] (Zone Labs Inc.)
(w39n51) Intel® PRO/Wireless 3945ABG Adapter Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\w39n51.sys -> [2006/04/21 17:06:26 | 01,429,632 | ---- | M] (Intel® Corporation)
(WmiAcpi) Microsoft Windows Management Interface for ACPI [Kernel | System | Running] -> %SystemRoot%\system32\drivers\wmiacpi.sys -> [2004/08/03 18:07:42 | 00,008,832 | ---- | M] (Microsoft Corporation)

[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://www.microsoft...p...&ar=msnhome ->
HKEY_LOCAL_MACHINE\: Main\\"Default_Search_URL" -> http://www.google.com/ie ->
HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> %SystemRoot%\system32\blank.htm ->
HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> https://smforms.john.....2fmyportal/cg ->
HKEY_LOCAL_MACHINE\: Search\\"CustomizeSearch" -> http://ie.search.msn...st/srchcust.htm ->
HKEY_LOCAL_MACHINE\: Search\\"Default_Search_URL" -> http://www.google.com/ie ->
HKEY_LOCAL_MACHINE\: Search\\"SearchAssistant" -> http://www.google.com/ie ->
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> ->
HKEY_CURRENT_USER\: Main\\"Local Page" -> C:\WINDOWS\system32\blank.htm ->
HKEY_CURRENT_USER\: Main\\"Page_Transitions" -> ->
HKEY_CURRENT_USER\: Main\\"Search Page" -> http://www.google.com ->
HKEY_CURRENT_USER\: Main\\"Start Page" -> https://smforms.john.....2fmyportal/cg ->
HKEY_CURRENT_USER\: Search\\"SearchAssistant" -> http://www.google.com/ie ->
HKEY_CURRENT_USER\: "ProxyEnable" -> 0 ->
HKEY_CURRENT_USER\: "ProxyOverride" -> *.local ->
< Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> ->
HKEY_USERS\.DEFAULT\: "ProxyEnable" -> 0 ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> ->
HKEY_USERS\S-1-5-18\: "ProxyEnable" -> 0 ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> ->
HKEY_USERS\S-1-5-19\: "ProxyEnable" -> 0 ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-21-1390067357-1202660629-682003330-23309\] > -> ->
HKEY_USERS\S-1-5-21-1390067357-1202660629-682003330-23309\: Main\\"Local Page" -> C:\WINDOWS\system32\blank.htm ->
HKEY_USERS\S-1-5-21-1390067357-1202660629-682003330-23309\: Main\\"Page_Transitions" -> ->
HKEY_USERS\S-1-5-21-1390067357-1202660629-682003330-23309\: Main\\"Search Page" -> http://www.google.com ->
HKEY_USERS\S-1-5-21-1390067357-1202660629-682003330-23309\: Main\\"Start Page" -> https://smforms.john.....2fmyportal/cg ->
HKEY_USERS\S-1-5-21-1390067357-1202660629-682003330-23309\: Search\\"SearchAssistant" -> http://www.google.com/ie ->
HKEY_USERS\S-1-5-21-1390067357-1202660629-682003330-23309\: "ProxyEnable" -> 0 ->
HKEY_USERS\S-1-5-21-1390067357-1202660629-682003330-23309\: "ProxyOverride" -> *.local ->
< HOSTS File > (228383 bytes and 8055 lines) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
First 25 entries...
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.1001-search.info
127.0.0.1 1001-search.info
127.0.0.1 www.100888290cs.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.10sek.com
127.0.0.1 10sek.com
127.0.0.1 www.123topsearch.com
127.0.0.1 123topsearch.com
127.0.0.1 www.132.com
127.0.0.1 132.com
127.0.0.1 www.136136.net
127.0.0.1 136136.net
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{053F9267-DC04-4294-A72C-58F732D338C0} [HKLM] -> %ProgramFiles%\HP\Smart Web Printing\hpswp_framework.dll [HP Print Clips] -> [2007/03/02 15:52:08 | 00,177,768 | R--- | M] (Hewlett-Packard Co.)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_07\bin\ssv.dll [SSVHelper Class] -> [2008/06/10 03:27:02 | 00,509,328 | ---- | M] (Sun Microsystems, Inc.)
{9ee802e8-c931-47ab-b570-aa8f791598ca} [HKLM] -> %ProgramFiles%\eMusic\tbeMus.dll [eMusic Toolbar] -> [2008/11/23 23:03:54 | 01,784,856 | ---- | M] (Conduit Ltd.)
{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKLM] -> %ProgramFiles%\Google\Google Toolbar\GoogleToolbar.dll [Google Toolbar Helper] -> [2008/12/25 23:44:38 | 00,251,504 | ---- | M] ()
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKLM] -> %ProgramFiles%\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll [Google Toolbar Notifier BHO] -> [2008/12/25 23:45:13 | 00,657,904 | ---- | M] (Google Inc.)
{C84D72FE-E17D-4195-BB24-76C02E2E7C4E} [HKLM] -> %ProgramFiles%\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll [Google Dictionary Compression sdch] -> [2008/12/25 23:44:36 | 00,522,224 | ---- | M] (Google Inc.)
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" [HKLM] -> %ProgramFiles%\Google\Google Toolbar\GoogleToolbar.dll [&Google Toolbar] -> [2008/12/25 23:44:38 | 00,251,504 | ---- | M] ()
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> [2006/12/18 03:18:14 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
ShellBrowser\\"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> [2006/12/18 03:18:14 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)
WebBrowser\\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" [HKLM] -> %ProgramFiles%\Google\Google Toolbar\GoogleToolbar.dll [&Google Toolbar] -> [2008/12/25 23:44:38 | 00,251,504 | ---- | M] ()
WebBrowser\\"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> [2006/12/18 03:18:14 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)
WebBrowser\\"{F0F8ECBE-D460-4B34-B007-56A92E8F84A7}" [HKLM] -> %ProgramFiles%\NetZero\Toolbar.dll [ZeroBar] -> [2008/05/07 11:30:52 | 00,325,120 | ---- | M] (NetZero, Inc.)
< Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-1390067357-1202660629-682003330-23309\] > -> HKEY_USERS\S-1-5-21-1390067357-1202660629-682003330-23309\Software\Microsoft\Internet Explorer\Toolbar\ ->
ShellBrowser\\"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> [2006/12/18 03:18:14 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)
WebBrowser\\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" [HKLM] -> %ProgramFiles%\Google\Google Toolbar\GoogleToolbar.dll [&Google Toolbar] -> [2008/12/25 23:44:38 | 00,251,504 | ---- | M] ()
WebBrowser\\"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> [2006/12/18 03:18:14 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)
WebBrowser\\"{F0F8ECBE-D460-4B34-B007-56A92E8F84A7}" [HKLM] -> %ProgramFiles%\NetZero\Toolbar.dll [ZeroBar] -> [2008/05/07 11:30:52 | 00,325,120 | ---- | M] (NetZero, Inc.)
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"" -> [] -> File not found
"AccessManager" -> %ProgramFiles%\AccessManager\Client\AccessMgr.exe [C:\Program Files\AccessManager\Client\AccessMgr.exe] -> [2004/03/04 13:57:52 | 00,618,496 | ---- | M] (WorldCom)
"AClntUsr" -> %ProgramFiles%\Altiris\AClient\AClntUsr.EXE [C:\Program Files\Altiris\AClient\AClntUsr.EXE] -> [2009/01/02 15:24:06 | 00,180,224 | ---- | M] ()
"Acrobat Assistant 7.0" -> %ProgramFiles%\Adobe\Acrobat 7.0\Distillr\acrotray.exe ["C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"] -> [2006/01/12 19:52:32 | 00,483,328 | ---- | M] (Adobe Systems Inc.)
"AeXAgentLogon" -> %ProgramFiles%\Altiris\Altiris Agent\AeXAgentActivate.exe [C:\Program Files\Altiris\Altiris Agent\AeXAgentActivate.exe /logon] -> [2008/05/12 02:09:41 | 00,143,360 | ---- | M] (Altiris, Inc.)
"AGRSMMSG" -> %SystemRoot%\AGRSMMSG.exe [AGRSMMSG.exe] -> [2005/12/12 15:00:46 | 00,088,203 | ---- | M] (Agere Systems)
"ccApp" -> %CommonProgramFiles%\Symantec Shared\ccApp.exe ["c:\Program Files\Common Files\Symantec Shared\ccApp.exe"] -> [2006/07/19 18:26:04 | 00,052,896 | ---- | M] (Symantec Corporation)
"FRYMXINS" -> %ProgramFiles%\ATI Technologies\Fire GL 3D Studio Max\atiimxgl.exe ["C:\Program Files\ATI Technologies\Fire GL 3D Studio Max\atiimxgl"] -> [2006/03/02 21:00:00 | 00,057,344 | ---- | M] (ATI Technologies, Inc.)
"HP Software Update" -> %ProgramFiles%\HP\HP Software Update\hpwuSchd2.exe [C:\Program Files\HP\HP Software Update\HPWuSchd2.exe] -> [2007/03/11 20:34:40 | 00,049,152 | ---- | M] (Hewlett-Packard Co.)
"hpWirelessAssistant" -> %ProgramFiles%\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe [C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe] -> [2006/02/14 10:49:22 | 00,454,656 | ---- | M] (Hewlett-Packard Development Company, L.P.)
"IAAnotif" -> %ProgramFiles%\Intel\Intel Matrix Storage Manager\IAAnotif.exe [C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe] -> [2005/10/12 12:30:42 | 00,139,264 | ---- | M] (Intel Corporation)
"igfxhkcmd" -> %SystemRoot%\system32\hkcmd.exe [C:\WINDOWS\system32\hkcmd.exe] -> [2006/06/06 10:06:44 | 00,077,824 | ---- | M] (Intel Corporation)
"igfxpers" -> %SystemRoot%\system32\igfxpers.exe [C:\WINDOWS\system32\igfxpers.exe] -> [2006/06/06 10:10:40 | 00,118,784 | ---- | M] (Intel Corporation)
"igfxtray" -> %SystemRoot%\system32\igfxtray.exe [C:\WINDOWS\system32\igfxtray.exe] -> [2006/06/06 10:09:58 | 00,094,208 | ---- | M] (Intel Corporation)
"ISUSPM Startup" -> %CommonProgramFiles%\InstallShield\UpdateService\ISUSPM.exe [C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup] -> [2004/08/09 05:03:58 | 00,221,184 | ---- | M] (InstallShield Software Corporation)
"ISUSScheduler" -> %CommonProgramFiles%\InstallShield\UpdateService\issch.exe ["C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start] -> [2004/08/09 05:03:38 | 00,081,920 | ---- | M] (InstallShield Software Corporation)
"PTHOSTTR" -> [C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start] -> File not found
"QlbCtrl" -> [%ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start] -> File not found
"QuickTime Task" -> %ProgramFiles%\QuickTime\qttask.exe ["C:\Program Files\QuickTime\qttask.exe" -atboottime] -> [2008/02/20 09:32:16 | 00,385,024 | ---- | M] (Apple Inc.)
"SoundMAX" -> %ProgramFiles%\Analog Devices\SoundMAX\SMax4.exe [C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray] -> [2005/05/06 14:06:12 | 00,716,800 | ---- | M] (Analog Devices, Inc.)
"SoundMAXPnP" -> %ProgramFiles%\Analog Devices\Core\smax4pnp.exe [C:\Program Files\Analog Devices\Core\smax4pnp.exe] -> [2005/05/20 09:11:06 | 00,925,696 | ---- | M] (Analog Devices, Inc.)
"SynTPEnh" -> %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [C:\Program Files\Synaptics\SynTP\SynTPEnh.exe] -> [2006/03/31 16:01:48 | 00,761,946 | ---- | M] (Synaptics, Inc.)
"vptray" -> %ProgramFiles%\Symantec AntiVirus\VPTray.exe [c:\PROGRA~1\SYMANT~1\VPTray.exe] -> [2006/09/27 19:33:44 | 00,125,168 | ---- | M] (Symantec Corporation)
< RunOnce [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce ->
"" -> [] -> File not found
"!CleanupNetMeetingDispDriver" -> %SystemRoot%\system32\msconf.dll ["C:\WINDOWS\system32\rundll32.exe" msconf.dll,CleanupNetMeetingDispDriver 0] -> [2006/02/28 07:00:00 | 00,069,632 | ---- | M] (Microsoft Corporation)
"GrpConv" -> %SystemRoot%\system32\grpconv.exe [grpconv -o] -> [2006/02/28 07:00:00 | 00,039,424 | ---- | M] (Microsoft Corporation)
"Malwarebytes' Anti-Malware" -> [C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent] -> File not found
"SpybotSnD" -> %ProgramFiles%\Spybot - Search & Destroy\SpybotSD.exe ["C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck] -> [2008/01/28 11:43:36 | 05,146,448 | RHS- | M] (Safer Networking Limited)
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"EasyLinkAdvisor" -> ["C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup] -> File not found
"NetZero_uoltray" -> %ProgramFiles%\NetZero\exec.exe [C:\Program Files\NetZero\exec.exe regrun] -> [2008/05/06 20:11:08 | 01,701,376 | ---- | M] (NetZero, Inc.)
"Sametime Connect" -> %ProgramFiles%\Lotus\Sametime Client\Connect.exe ["C:\Program Files\Lotus\Sametime Client\Connect.exe"] -> [2003/06/28 20:13:00 | 01,302,528 | ---- | M] (Lotus Development Corporation)
"SpybotSD TeaTimer" -> %ProgramFiles%\Spybot - Search & Destroy\TeaTimer.exe [C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe] -> [2008/01/28 11:43:40 | 02,097,488 | RHS- | M] (Safer Networking Limited)
"updateMgr" -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe ["C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcStd7_0_9 -reboot 1] -> [2006/03/30 15:45:08 | 00,313,472 | ---- | M] (Adobe Systems Incorporated)
< Run [HKEY_USERS\S-1-5-21-1390067357-1202660629-682003330-23309\] > -> HKEY_USERS\S-1-5-21-1390067357-1202660629-682003330-23309\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"EasyLinkAdvisor" -> ["C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup] -> File not found
"NetZero_uoltray" -> %ProgramFiles%\NetZero\exec.exe [C:\Program Files\NetZero\exec.exe regrun] -> [2008/05/06 20:11:08 | 01,701,376 | ---- | M] (NetZero, Inc.)
"Sametime Connect" -> %ProgramFiles%\Lotus\Sametime Client\Connect.exe ["C:\Program Files\Lotus\Sametime Client\Connect.exe"] -> [2003/06/28 20:13:00 | 01,302,528 | ---- | M] (Lotus Development Corporation)
"SpybotSD TeaTimer" -> %ProgramFiles%\Spybot - Search & Destroy\TeaTimer.exe [C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe] -> [2008/01/28 11:43:40 | 02,097,488 | RHS- | M] (Safer Networking Limited)
"updateMgr" -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe ["C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcStd7_0_9 -reboot 1] -> [2006/03/30 15:45:08 | 00,313,472 | ---- | M] (Adobe Systems Incorporated)
< AdminTech Startup Folder > -> C:\Documents and Settings\AdminTech\Start Menu\Programs\Startup ->
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
%AllUsersProfile%\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk -> %SystemRoot%\Installer\{AC76BA86-1033-0000-BA7E-000000000002}\SC_Acrobat.exe -> [2007/10/08 07:33:53 | 00,025,214 | R--- | M] ()
%AllUsersProfile%\Start Menu\Programs\Startup\AIM Version Update Reminder.lnk -> %ProgramFiles%\Johnson Controls\AIM\AimVer\reminder.exe -> [2006/11/01 11:01:56 | 00,519,168 | ---- | M] ()
%AllUsersProfile%\Start Menu\Programs\Startup\Bluetooth.lnk -> %ProgramFiles%\WIDCOMM\Bluetooth Software\BTTray.exe -> [2006/02/27 16:02:06 | 00,581,693 | ---- | M] (Broadcom Corporation.)
%AllUsersProfile%\Start Menu\Programs\Startup\Cisco Systems VPN Client.lnk -> %ProgramFiles%\Cisco Systems\VPN Client\vpngui.exe -> [2004/04/14 09:31:44 | 01,466,384 | ---- | M] (Cisco Systems, Inc.)
%AllUsersProfile%\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk -> %ProgramFiles%\HP\Digital Imaging\bin\hpqtra08.exe -> [2007/03/11 20:26:24 | 00,210,520 | ---- | M] (Hewlett-Packard Co.)
%AllUsersProfile%\Start Menu\Programs\Startup\Service Manager.lnk -> %ProgramFiles%\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe -> [2005/05/03 21:07:32 | 00,081,920 | ---- | M] (Microsoft Corporation)
< csmithr25 Startup Folder > -> C:\Documents and Settings\csmithr25\Start Menu\Programs\Startup ->
< cwintoa Startup Folder > -> C:\Documents and Settings\cwintoa\Start Menu\Programs\Startup ->
< Default User Startup Folder > -> C:\Documents and Settings\Default User\Start Menu\Programs\Startup ->
< JCINABackdoor Startup Folder > -> C:\Documents and Settings\JCINABackdoor\Start Menu\Programs\Startup ->
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoCDBurning" -> [0] -> File not found
\\"NoWelcomeScreen" -> [1] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
\\"dontdisplaylastusername" -> [1] -> File not found
\\"legalnoticecaption" -> [] -> File not found
\\"legalnoticetext" -> [] -> File not found
\\"shutdownwithoutlogon" -> [1] -> File not found
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP