Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Laptop freezing and Virus scan freezing [Solved]

Started by imralphy , Jan 13 2009 09:32 AM

  • This topic is locked This topic is locked

#1
imralphy
Posted 13 January 2009 - 09:32 AM

imralphy

    Member

  • Member
  • PipPip
  • 13 posts
Hi all,

I hope someone can help me.
My laptop, in the past 2-3 days, has been freezing up. I have not downloaded anything in that timeframe.
At first it was when there was no activity for a while and the screen would just go black and I would have to manually restart the pc. Now, the freezing is more regular.and it freezes without going black but still I have to manually restart. I have F-Secure virus, updated, and during a full scan it freezes. I downloaded Malwarebytes and it also freezes in full scan.
I believe they are both freezing in the same spot: c:windows/winsxs/x86_security-malware-windows-defender...
I tried to target scan just that area and it freezes.
I have also tried Windows one live and it freezes too.

I used the ATF cleaner.

I did a quick scan with Malwarebytes and this is what it found:

Malwarebytes' Anti-Malware 1.32
Database version: 1648
Windows 6.0.6001 Service Pack 1
13/01/2009 8:01:49 AM
mbam-log-2009-01-13 (08-01-49).txt
Scan type: Quick Scan
Objects scanned: 48419
Time elapsed: 5 minute(s), 3 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8ca5 ed52-f3fb-4414-a105-2e3491156990} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4d b7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)


Here is the HijackThis log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:53:44 AM, on 13/01/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files\COGECO Security Services\Common\FSM32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Brownie\BrStsWnd.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\mobsync.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\DAEMON Tools Pro\DTProAgent.exe
C:\Windows\ehome\ehmsas.exe
C:\ProgramData\iWin Games\DesktopAlerts\DesktopAlerts.exe
C:\Program Files\Brownie\Brnipmon.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\COGECO Security Services\FSGUI\fsguidll.exe
C:\Windows\system32\Taskmgr.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10a.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h....ario&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\COGECO Security Services\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\COGECO Security Services\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BrStsWnd] C:\Program Files\Brownie\BrstsWnd.exe Autorun
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: iWin Desktop Alerts.lnk = C:\ProgramData\iWin Games\DesktopAlerts\DesktopAlerts.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\COGECO Security Services\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\COGECO Security Services\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\COGECO Security Services\FSPC\fspcmsie.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/res.....;/wlscctrl2.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\COGECO Security Services\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\COGECO Security Services\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\COGECO Security Services\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\COGECO Security Services\Common\FSMA32.EXE
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: iWinGamesInstaller - iWin Inc. - C:\Program Files\iWin Games\iWinGamesInstaller.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 8951 bytes

Here is the uninstall list:
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
Adobe Flash Player 10 ActiveX
Adobe Photoshop Elements 4.0
Adobe Reader 8.1.3
Adobe Shockwave Player
Adobe Shockwave Player 11
Agatha Christie - Evil Under the Sun
Apple Mobile Device Support
Apple Software Update
Bonjour
Brother HL-2170W
Chocolatier 2 (remove only)
COGECO Security Services
Compatibility Pack for the 2007 Office system
Conexant HD Audio
CyberLink YouCam
DVD Suite
EA Link
ESU for Microsoft Vista
HDAUDIO Soft Data Fax Modem with SmartCP
Heroes of Hellas (remove only)
Hewlett-Packard Active Check
Hewlett-Packard Asset Agent for Health Check
HijackThis 2.0.2
HP Customer Experience Enhancements
HP Doc Viewer
HP DVD Play 3.6
HP Easy Setup - Frontend
HP Help and Support
HP Photosmart Essential 2.5
HP Quick Launch Buttons 6.30 E2
HP Total Care Advisor
HP Update
HP User Guides 0093
HP Wireless Assistant
HPNetworkAssistant
Intel® Graphics Media Accelerator Driver
Intel® Matrix Storage Manager
Intel® TV Wizard
iTunes
iWin Games (remove only)
Java™ 6 Update 2
LabelPrint
Malwarebytes' Anti-Malware
Microsoft Office 2000 SR-1 Professional
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
MSCU for Microsoft Vista
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
muvee autoProducer 6.1
My HP Games
Power2Go
PowerDirector
QuickPlay SlingPlayer 0.4.4
QuickTime
Realtek 8139 and 8139C+ Ethernet Network Card Driver for Windows Vista
Realtek USB 2.0 Card Reader
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB958439)
Security Update for Microsoft Office Excel 2007 (KB958437)
Security Update for Microsoft Office OneNote 2007 (KB950130)
Security Update for Microsoft Office PowerPoint 2007 (KB951338)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB956828)
Security Update for Microsoft Office Word 2007 (KB956358)
Spelling Dictionaries Support For Adobe Reader 8
SUPER LOGIK
The Sims™ Life Stories
Touch Pad Driver
Update for Microsoft Office 2007 Help for Common Features (KB957244)
Update for Microsoft Office Excel 2007 Help (KB957242)
Update for Microsoft Office OneNote 2007 Help (KB957245)
Update for Microsoft Office PowerPoint 2007 Help (KB957247)
Update for Microsoft Office Word 2007 Help (KB957252)
Update for Microsoft Script Editor Help (KB957253)
Update for Office 2007 (KB946691)
Viewpoint Media Player
WeatherBug Gadget
Windows Live OneCare safety scanner
Windows Live OneCare safety scanner
WinRAR archiver
Xvid 1.1.3 final uninstall
Yahoo! Toolbar

I am only a beginner/intermediate with computers so please be patient with me.
I think there is a virus but I don't know how to get it if it keeps freezing on me. Please help!!!
  • 0

Advertisements

#2
handhfan
Posted 18 January 2009 - 06:32 PM

handhfan

    Trusted Helper

  • Expert
  • 13,659 posts
Hello, imralphy, and welcome to GeeksToGo! Sorry for the delay in reply, the forums have been busy.

  • Download OTListIt2 to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTListIt2.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

The log for OTListIt2 will be very long and may not fit in one post. Please make sure that it didn't get cut off, and feel free to post the rest of it in a separate reply. :)
  • 0

#3
imralphy
Posted 19 January 2009 - 07:06 AM

imralphy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Thanks so much for a response.
My computer has started freezing on me again. Here is the OTListit:
OTListIt logfile created on: 19/01/2009 8:01:30 AM - Run
OTListIt2 by OldTimer - Version 1.0.3.0 Folder = C:\Users\Sandra\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

1.99 Gb Total Physical Memory | 0.96 Gb Available Physical Memory | 48.03% Memory free
4.00 Gb Paging File | 2.88 Gb Available in Paging File | 71.94% Paging File free
Paging file location(s): ?:\pagefile.sys;

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 137.36 Gb Total Space | 68.80 Gb Free Space | 50.09% Space Free | Partition Type: NTFS
Drive D: | 11.69 Gb Total Space | 2.09 Gb Free Space | 17.88% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SANDRA-PC
Current User Name: Sandra
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

C:\Windows\System32\wininit.exe (Microsoft Corporation)
C:\Windows\System32\lsm.exe (Microsoft Corporation)
C:\Windows\System32\SLsvc.exe (Microsoft Corporation)
C:\Windows\System32\dwm.exe (Microsoft Corporation)
C:\Windows\System32\taskeng.exe (Microsoft Corporation)
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple, Inc.)
C:\Program Files\COGECO Security Services\Anti-Virus\fsgk32st.exe (F-Secure Corporation)
C:\Program Files\COGECO Security Services\Common\FSMA32.EXE (F-Secure Corporation)
C:\Program Files\COGECO Security Services\Anti-Virus\fsgk32.exe (F-Secure Corp.)
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
C:\Program Files\COGECO Security Services\Common\FSMB32.EXE (F-Secure Corporation)
C:\Program Files\iWin Games\iWinGamesInstaller.exe (iWin Inc.)
C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
C:\Windows\System32\igfxtray.exe (Intel Corporation)
C:\Windows\System32\hkcmd.exe (Intel Corporation)
C:\Program Files\CyberLink\Shared Files\RichVideo.exe ()
C:\Program Files\Apoint2K\Apoint.exe (Alps Electric Co., Ltd.)
C:\Windows\System32\SearchIndexer.exe (Microsoft Corporation)
C:\Program Files\COGECO Security Services\Common\FCH32.EXE (F-Secure Corporation)
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
C:\Program Files\COGECO Security Services\Anti-Virus\fsqh.exe (F-Secure Corporation)
C:\Program Files\COGECO Security Services\Common\FAMEH32.EXE (F-Secure Corporation)
C:\Program Files\COGECO Security Services\FSPC\fspc.exe (F-Secure Corporation)
C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
C:\Program Files\COGECO Security Services\Common\FSM32.EXE (F-Secure Corporation)
C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
C:\Program Files\Brownie\BrStsWnd.exe (brother)
C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe (Hewlett-Packard)
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company)
C:\Program Files\COGECO Security Services\FSGUI\fsguidll.exe (F-Secure Corporation)
C:\Windows\System32\drivers\XAudio.exe (Conexant Systems, Inc.)
C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe (Hewlett-Packard Development Company, L.P.)
C:\Windows\ehome\ehtray.exe (Microsoft Corporation)
C:\Windows\ehome\ehmsas.exe (Microsoft Corporation)
C:\Program Files\Brownie\BRNIPMON.exe (Brother Industries, Ltd.)
C:\Program Files\DAEMON Tools Pro\DTProAgent.exe (DT Soft Ltd.)
C:\Program Files\COGECO Security Services\Anti-Virus\fssm32.exe (F-Secure Corp.)
C:\Program Files\COGECO Security Services\FSAUA\program\fsaua.exe (F-Secure Corporation)
C:\Program Files\COGECO Security Services\FWES\program\fsdfwd.exe (F-Secure Corporation)
C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
C:\Program Files\Apoint2K\ApMsgFwd.exe (Alps Electric Co., Ltd.)
C:\Program Files\Apoint2K\ApntEx.exe (Alps Electric Co., Ltd.)
C:\Windows\System32\mobsync.exe (Microsoft Corporation)
C:\ProgramData\iWin Games\DesktopAlerts\DesktopAlerts.exe (iWin Inc.)
C:\Program Files\COGECO Security Services\FSAUA\program\fsus.exe (F-Secure Corporation)
C:\Windows\System32\taskeng.exe (Microsoft Corporation)
C:\Program Files\COGECO Security Services\Anti-Virus\fsav32.exe (F-Secure Corporation)
C:\Program Files\Internet Explorer\ieuser.exe (Microsoft Corporation)
C:\Windows\System32\conime.exe (Microsoft Corporation)
c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe (Hewlett-Packard)
C:\Windows\System32\igfxsrvc.exe (Intel Corporation)
C:\Users\Sandra\Desktop\OTListIt2.exe (OldTimer Tools)

========== (O23) Win32 Services (SafeList) ==========

(ACDaemon [Auto | Running]) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
(Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple, Inc.)
(Bonjour Service [Auto | Stopped]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
(CertPropSvc [Unknown | Stopped]) -- C:\Windows\System32\certprop.dll (Microsoft Corporation)
(clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
(Com4Qlb [On_Demand | Stopped]) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe (Hewlett-Packard Development Company, L.P.)
(DFSR [On_Demand | Stopped]) -- C:\Windows\System32\dfsr.exe (Microsoft Corporation)
(DPS [Unknown | Running]) -- C:\Windows\System32\dps.dll (Microsoft Corporation)
(ehRecvr [On_Demand | Stopped]) -- C:\Windows\ehome\ehrecvr.exe (Microsoft Corporation)
(ehSched [On_Demand | Stopped]) -- C:\Windows\ehome\ehsched.exe (Microsoft Corporation)
(F-Secure Gatekeeper Handler Starter [Auto | Running]) -- C:\Program Files\COGECO Security Services\Anti-Virus\fsgk32st.exe (F-Secure Corporation)
(FontCache3.0.0.0 [On_Demand | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
(FSAUA [On_Demand | Running]) -- C:\Program Files\COGECO Security Services\FSAUA\program\fsaua.exe (F-Secure Corporation)
(FSDFWD [On_Demand | Running]) -- C:\Program Files\COGECO Security Services\FWES\program\fsdfwd.exe (F-Secure Corporation)
(FSMA [Auto | Running]) -- C:\Program Files\COGECO Security Services\Common\FSMA32.EXE (F-Secure Corporation)
(GameConsoleService [On_Demand | Stopped]) -- C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe (WildTangent, Inc.)
(gpsvc [Unknown | Running]) -- C:\Windows\System32\gpsvc.dll (Microsoft Corporation)
(HP Health Check Service [Auto | Running]) -- c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe (Hewlett-Packard)
(hpqwmiex [Auto | Running]) -- C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe (Hewlett-Packard Development Company, L.P.)
(IAANTMON [Auto | Running]) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
(IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
(idsvc [Unknown | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
(iPod Service [On_Demand | Running]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
(iWinGamesInstaller [Auto | Running]) -- C:\Program Files\iWin Games\iWinGamesInstaller.exe (iWin Inc.)
(LightScribeService [Auto | Running]) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
(NetTcpPortSharing [Disabled | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
(odserv [On_Demand | Stopped]) -- C:\Program Files\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
(ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
(RichVideo [Auto | Running]) -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe ()
(SCardSvr [Unknown | Stopped]) -- C:\Windows\System32\SCardSvr.dll (Microsoft Corporation)
(SCPolicySvc [Unknown | Stopped]) -- C:\Windows\System32\certprop.dll (Microsoft Corporation)
(slsvc [Auto | Running]) -- C:\Windows\System32\SLsvc.exe (Microsoft Corporation)
(SNMPTRAP [On_Demand | Stopped]) -- C:\Windows\System32\snmptrap.exe (Microsoft Corporation)
(TrustedInstaller [Unknown | Stopped]) -- C:\Windows\servicing\TrustedInstaller.exe (Microsoft Corporation)
(UI0Detect [On_Demand | Stopped]) -- C:\Windows\System32\UI0Detect.exe (Microsoft Corporation)
(vds [On_Demand | Stopped]) -- C:\Windows\System32\vds.exe (Microsoft Corporation)
(WdiServiceHost [Unknown | Stopped]) -- C:\Windows\System32\wdi.dll (Microsoft Corporation)
(WdiSystemHost [Unknown | Running]) -- C:\Windows\System32\wdi.dll (Microsoft Corporation)
(WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
(WSearch [Auto | Running]) -- C:\Windows\System32\SearchIndexer.exe (Microsoft Corporation)
(XAudioService [Auto | Running]) -- C:\Windows\System32\drivers\XAudio.exe (Conexant Systems, Inc.)

========== Driver Services (SafeList) ==========

(adp94xx [Disabled | Stopped]) -- C:\Windows\System32\drivers\adp94xx.sys (Adaptec, Inc.)
(adpahci [Disabled | Stopped]) -- C:\Windows\System32\drivers\adpahci.sys (Adaptec, Inc.)
(adpu160m [Disabled | Stopped]) -- C:\Windows\System32\drivers\adpu160m.sys (Adaptec, Inc.)
(adpu320 [Disabled | Stopped]) -- C:\Windows\System32\drivers\adpu320.sys (Adaptec, Inc.)
(aic78xx [Disabled | Stopped]) -- C:\Windows\System32\drivers\djsvs.sys (Adaptec, Inc.)
(aliide [Disabled | Stopped]) -- C:\Windows\System32\drivers\aliide.sys (Acer Laboratories Inc.)
(amdagp [On_Demand | Stopped]) -- C:\Windows\System32\drivers\AMDAGP.SYS (Microsoft Corporation)
(amdide [Disabled | Stopped]) -- C:\Windows\System32\drivers\amdide.sys (Microsoft Corporation)
(AmdK7 [Disabled | Stopped]) -- C:\Windows\System32\drivers\amdk7.sys (Microsoft Corporation)
(AmdK8 [Disabled | Stopped]) -- C:\Windows\System32\drivers\amdk8.sys (Microsoft Corporation)
(ApfiltrService [On_Demand | Running]) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
(arc [Disabled | Stopped]) -- C:\Windows\System32\drivers\arc.sys (Adaptec, Inc.)
(arcsas [Disabled | Stopped]) -- C:\Windows\System32\drivers\arcsas.sys (Adaptec, Inc.)
(BCM43XV [On_Demand | Stopped]) -- C:\Windows\System32\drivers\BCMWL6.SYS (Broadcom Corporation)
(bowser [On_Demand | Running]) -- C:\Windows\System32\drivers\bowser.sys (Microsoft Corporation)
(BrFiltLo [On_Demand | Stopped]) -- C:\Windows\System32\drivers\BrFiltLo.sys (Brother Industries, Ltd.)
(BrFiltUp [On_Demand | Stopped]) -- C:\Windows\System32\drivers\BrFiltUp.sys (Brother Industries, Ltd.)
(Brserid [Disabled | Stopped]) -- C:\Windows\System32\drivers\BrSerId.sys (Brother Industries Ltd.)
(BrSerWdm [Disabled | Stopped]) -- C:\Windows\System32\drivers\BrSerWdm.sys (Brother Industries Ltd.)
(BrUsbMdm [Disabled | Stopped]) -- C:\Windows\System32\drivers\BrUsbMdm.sys (Brother Industries Ltd.)
(BrUsbSer [On_Demand | Stopped]) -- C:\Windows\System32\drivers\BrUsbSer.sys (Brother Industries Ltd.)
(BTHMODEM [Disabled | Stopped]) -- C:\Windows\System32\drivers\bthmodem.sys (Microsoft Corporation)
(circlass [Disabled | Stopped]) -- C:\Windows\System32\drivers\circlass.sys (Microsoft Corporation)
(CLFS [Unknown | Running]) -- C:\Windows\System32\clfs.sys (Microsoft Corporation)
(cmdide [Disabled | Stopped]) -- C:\Windows\System32\drivers\cmdide.sys (CMD Technology, Inc.)
(CnxtHdAudService [On_Demand | Running]) -- C:\Windows\System32\drivers\CHDRT32.sys (Conexant Systems Inc.)
(crcdisk [Boot | Running]) -- C:\Windows\System32\drivers\crcdisk.sys (Microsoft Corporation)
(Crusoe [Disabled | Stopped]) -- C:\Windows\System32\drivers\crusoe.sys (Microsoft Corporation)
(DfsC [System | Running]) -- C:\Windows\System32\drivers\dfsc.sys (Microsoft Corporation)
(DXGKrnl [On_Demand | Running]) -- C:\Windows\System32\drivers\dxgkrnl.sys (Microsoft Corporation)
(E100B [On_Demand | Stopped]) -- C:\Windows\System32\drivers\e100b325.sys (Intel Corporation)
(E1G60 [On_Demand | Stopped]) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
(Ecache [Boot | Running]) -- C:\Windows\System32\drivers\ecache.sys (Microsoft Corporation)
(elxstor [Disabled | Stopped]) -- C:\Windows\System32\drivers\elxstor.sys (Emulex)
(exfat [On_Demand | Stopped]) -- C:\Windows\System32\drivers\exfat.sys (Microsoft Corporation)
(F-Secure Filter [Disabled | Stopped]) -- C:\Program Files\COGECO Security Services\Anti-Virus\win2k\fsfilter.sys ()
(F-Secure Gatekeeper [On_Demand | Running]) -- C:\Program Files\COGECO Security Services\Anti-Virus\minifilter\fsgk.sys ()
(F-Secure HIPS [System | Running]) -- C:\Program Files\COGECO Security Services\HIPS\fshs.sys ()
(F-Secure Recognizer [Disabled | Stopped]) -- C:\Program Files\COGECO Security Services\Anti-Virus\win2k\fsrec.sys ()
(FileInfo [Boot | Running]) -- C:\Windows\System32\drivers\fileinfo.sys (Microsoft Corporation)
(Filetrace [On_Demand | Stopped]) -- C:\Windows\System32\drivers\filetrace.sys (Microsoft Corporation)
(FSES [System | Running]) -- C:\Windows\System32\drivers\fses.sys ()
(FSFW [System | Running]) -- C:\Windows\System32\drivers\fsdfw.sys (F-Secure Corporation)
(fsvista [System | Running]) -- C:\Program Files\COGECO Security Services\Anti-Virus\minifilter\fsvista.sys ()
(gagp30kx [On_Demand | Stopped]) -- C:\Windows\System32\drivers\GAGP30KX.SYS (Microsoft Corporation)
(GEARAspiWDM [On_Demand | Running]) -- C:\Windows\System32\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
(HBtnKey [On_Demand | Running]) -- C:\Windows\System32\drivers\CPQBttn.sys (Hewlett-Packard Development Company, L.P.)
(HdAudAddService [On_Demand | Stopped]) -- C:\Windows\System32\drivers\CHDART.sys (Conexant Systems Inc.)
(HDAudBus [On_Demand | Running]) -- C:\Windows\System32\drivers\hdaudbus.sys (Microsoft Corporation)
(HidBth [Disabled | Stopped]) -- C:\Windows\System32\drivers\hidbth.sys (Microsoft Corporation)
(HidIr [Disabled | Stopped]) -- C:\Windows\System32\drivers\hidir.sys (Microsoft Corporation)
(HpCISSs [Disabled | Stopped]) -- C:\Windows\System32\drivers\HpCISSs.sys (Hewlett-Packard Company)
(HpqKbFiltr [On_Demand | Running]) -- C:\Windows\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
(HSFHWAZL [On_Demand | Stopped]) -- C:\Windows\System32\drivers\VSTAZL3.SYS (Conexant Systems, Inc.)
(HSF_DPV [On_Demand | Running]) -- C:\Windows\System32\drivers\HSX_DPV.sys (Conexant Systems, Inc.)
(HSXHWAZL [On_Demand | Running]) -- C:\Windows\System32\drivers\HSXHWAZL.sys (Conexant Systems, Inc.)
(ialm [On_Demand | Stopped]) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
(iaStor [Boot | Running]) -- C:\Windows\System32\drivers\iaStor.sys (Intel Corporation)
(iaStorV [Disabled | Stopped]) -- C:\Windows\System32\drivers\iaStorV.sys (Intel Corporation)
(igfx [On_Demand | Running]) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
(iirsp [Disabled | Stopped]) -- C:\Windows\System32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
(IPMIDRV [Disabled | Stopped]) -- C:\Windows\System32\drivers\IPMIDrv.sys (Microsoft Corporation)
(iScsiPrt [On_Demand | Running]) -- C:\Windows\System32\drivers\msiscsi.sys (Microsoft Corporation)
(iteatapi [Disabled | Stopped]) -- C:\Windows\System32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
(iteraid [Disabled | Stopped]) -- C:\Windows\System32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
(kbdhid [System | Running]) -- C:\Windows\System32\drivers\kbdhid.sys (Microsoft Corporation)
(lltdio [Auto | Running]) -- C:\Windows\System32\drivers\lltdio.sys (Microsoft Corporation)
(LSI_FC [Disabled | Stopped]) -- C:\Windows\System32\drivers\lsi_fc.sys (LSI Logic)
(LSI_SAS [Disabled | Stopped]) -- C:\Windows\System32\drivers\lsi_sas.sys (LSI Logic)
(LSI_SCSI [Disabled | Stopped]) -- C:\Windows\System32\drivers\lsi_scsi.sys (LSI Logic)
(luafv [Auto | Running]) -- C:\Windows\System32\drivers\luafv.sys (Microsoft Corporation)
(MBAMSwissArmy [On_Demand | Stopped]) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
(mdmxsdk [Auto | Running]) -- C:\Windows\System32\drivers\mdmxsdk.sys (Conexant)
(megasas [Disabled | Stopped]) -- C:\Windows\System32\drivers\megasas.sys (LSI Logic Corporation)
(monitor [On_Demand | Running]) -- C:\Windows\System32\drivers\monitor.sys (Microsoft Corporation)
(mpio [Disabled | Stopped]) -- C:\Windows\System32\drivers\mpio.sys (Microsoft Corporation)
(mpsdrv [On_Demand | Running]) -- C:\Windows\System32\drivers\mpsdrv.sys (Microsoft Corporation)
(Mraid35x [Disabled | Stopped]) -- C:\Windows\System32\drivers\Mraid35x.sys (LSI Logic Corporation)
(mrxsmb10 [On_Demand | Running]) -- C:\Windows\System32\drivers\mrxsmb10.sys (Microsoft Corporation)
(mrxsmb20 [On_Demand | Running]) -- C:\Windows\System32\drivers\mrxsmb20.sys (Microsoft Corporation)
(msahci [Boot | Running]) -- C:\Windows\System32\drivers\msahci.sys (Microsoft Corporation)
(msdsm [Disabled | Stopped]) -- C:\Windows\System32\drivers\msdsm.sys (Microsoft Corporation)
(msisadrv [Boot | Running]) -- C:\Windows\System32\drivers\msisadrv.sys (Microsoft Corporation)
(MsRPC [On_Demand | Stopped]) -- C:\Windows\System32\drivers\msrpc.sys (Microsoft Corporation)
(NativeWifiP [On_Demand | Running]) -- C:\Windows\System32\drivers\nwifi.sys (Microsoft Corporation)
(NETw3v32 [On_Demand | Stopped]) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel® Corporation)
(NETw4v32 [On_Demand | Running]) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation)
(nfrd960 [Disabled | Stopped]) -- C:\Windows\System32\drivers\nfrd960.sys (IBM Corporation)
(nsiproxy [System | Running]) -- C:\Windows\System32\drivers\nsiproxy.sys (Microsoft Corporation)
(ntrigdigi [Disabled | Stopped]) -- C:\Windows\System32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
(nvraid [Disabled | Stopped]) -- C:\Windows\System32\drivers\nvraid.sys (NVIDIA Corporation)
(nvstor [Disabled | Stopped]) -- C:\Windows\System32\drivers\nvstor.sys (NVIDIA Corporation)
(nv_agp [On_Demand | Stopped]) -- C:\Windows\System32\drivers\NV_AGP.SYS (Microsoft Corporation)
(PEAUTH [Auto | Running]) -- C:\Windows\System32\drivers\PEAuth.sys (Microsoft Corporation)
(PSched [System | Running]) -- C:\Windows\System32\drivers\pacer.sys (Microsoft Corporation)
(ql2300 [Disabled | Stopped]) -- C:\Windows\System32\drivers\ql2300.sys (QLogic Corporation)
(ql40xx [Disabled | Stopped]) -- C:\Windows\System32\drivers\ql40xx.sys (QLogic Corporation)
(QWAVEdrv [On_Demand | Stopped]) -- C:\Windows\System32\drivers\qwavedrv.sys (Microsoft Corporation)
(RasSstp [On_Demand | Running]) -- C:\Windows\System32\drivers\rassstp.sys (Microsoft Corporation)
(RDPENCDD [System | Running]) -- C:\Windows\System32\drivers\RDPENCDD.sys (Microsoft Corporation)
(rspndr [Auto | Running]) -- C:\Windows\System32\drivers\rspndr.sys (Microsoft Corporation)
(RTL8023xp [On_Demand | Running]) -- C:\Windows\System32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation )
(RTSTOR [On_Demand | Running]) -- C:\Windows\System32\drivers\RTSTOR.sys (Realtek Semiconductor Corp.)
(sbp2port [Disabled | Stopped]) -- C:\Windows\System32\drivers\sbp2port.sys (Microsoft Corporation)
(secdrv [Auto | Running]) -- C:\Windows\System32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
(sermouse [Disabled | Stopped]) -- C:\Windows\System32\drivers\sermouse.sys (Microsoft Corporation)
(sffdisk [Disabled | Stopped]) -- C:\Windows\System32\drivers\sffdisk.sys (Microsoft Corporation)
(sffp_mmc [On_Demand | Stopped]) -- C:\Windows\System32\drivers\sffp_mmc.sys (Microsoft Corporation)
(sffp_sd [On_Demand | Stopped]) -- C:\Windows\System32\drivers\sffp_sd.sys (Microsoft Corporation)
(sisagp [On_Demand | Stopped]) -- C:\Windows\System32\drivers\SISAGP.SYS (Microsoft Corporation)
(SiSRaid2 [Disabled | Stopped]) -- C:\Windows\System32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
(SiSRaid4 [Disabled | Stopped]) -- C:\Windows\System32\drivers\sisraid4.sys (Silicon Integrated Systems)
(Smb [System | Running]) -- C:\Windows\System32\drivers\smb.sys (Microsoft Corporation)
(spldr [Boot | Running]) -- C:\Windows\System32\drivers\spldr.sys (Microsoft Corporation)
(sptd [Boot | Running]) -- C:\Windows\System32\drivers\sptd.sys ()
(srv2 [On_Demand | Running]) -- C:\Windows\System32\drivers\srv2.sys (Microsoft Corporation)
(srvnet [On_Demand | Running]) -- C:\Windows\System32\drivers\srvnet.sys (Microsoft Corporation)
(Symc8xx [Disabled | Stopped]) -- C:\Windows\System32\drivers\symc8xx.sys (LSI Logic)
(Sym_hi [Disabled | Stopped]) -- C:\Windows\System32\drivers\sym_hi.sys (LSI Logic)
(Sym_u3 [Disabled | Stopped]) -- C:\Windows\System32\drivers\sym_u3.sys (LSI Logic)
(tcpipreg [Auto | Running]) -- C:\Windows\System32\drivers\tcpipreg.sys (Microsoft Corporation)
(tdx [System | Running]) -- C:\Windows\System32\drivers\tdx.sys (Microsoft Corporation)
(tssecsrv [On_Demand | Stopped]) -- C:\Windows\System32\drivers\tssecsrv.sys (Microsoft Corporation)
(tunmp [On_Demand | Running]) -- C:\Windows\System32\drivers\TUNMP.SYS (Microsoft Corporation)
(tunnel [On_Demand | Running]) -- C:\Windows\System32\drivers\tunnel.sys (Microsoft Corporation)
(uagp35 [On_Demand | Stopped]) -- C:\Windows\System32\drivers\UAGP35.SYS (Microsoft Corporation)
(uliagpkx [On_Demand | Stopped]) -- C:\Windows\System32\drivers\ULIAGPKX.SYS (Microsoft Corporation)
(uliahci [Disabled | Stopped]) -- C:\Windows\System32\drivers\uliahci.sys (ULi Electronics Inc.)
(UlSata [Disabled | Stopped]) -- C:\Windows\System32\drivers\ulsata.sys (Promise Technology, Inc.)
(ulsata2 [Disabled | Stopped]) -- C:\Windows\System32\drivers\ulsata2.sys (Promise Technology, Inc.)
(umbus [On_Demand | Running]) -- C:\Windows\System32\drivers\umbus.sys (Microsoft Corporation)
(USBAAPL [On_Demand | Stopped]) -- C:\Windows\System32\drivers\usbaapl.sys (Apple, Inc.)
(usbcir [Disabled | Stopped]) -- C:\Windows\System32\drivers\usbcir.sys (Microsoft Corporation)
(usbvideo [On_Demand | Running]) -- C:\Windows\System32\drivers\usbvideo.sys (Microsoft Corporation)
(vga [On_Demand | Stopped]) -- C:\Windows\System32\drivers\vgapnp.sys (Microsoft Corporation)
(ViaC7 [Disabled | Stopped]) -- C:\Windows\System32\drivers\viac7.sys (Microsoft Corporation)
(viaide [Disabled | Stopped]) -- C:\Windows\System32\drivers\viaide.sys (VIA Technologies, Inc.)
(volmgr [Boot | Running]) -- C:\Windows\System32\drivers\volmgr.sys (Microsoft Corporation)
(volmgrx [Boot | Running]) -- C:\Windows\System32\drivers\volmgrx.sys (Microsoft Corporation)
(vsmraid [Disabled | Stopped]) -- C:\Windows\System32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
(WacomPen [Disabled | Stopped]) -- C:\Windows\System32\drivers\wacompen.sys (Microsoft Corporation)
(Wd [Disabled | Stopped]) -- C:\Windows\System32\drivers\wd.sys (Microsoft Corporation)
(Wdf01000 [Boot | Running]) -- C:\Windows\System32\drivers\Wdf01000.sys (Microsoft Corporation)
(winachsf [On_Demand | Running]) -- C:\Windows\System32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.)
(WmiAcpi [On_Demand | Running]) -- C:\Windows\System32\drivers\wmiacpi.sys (Microsoft Corporation)
(ws2ifsl [Disabled | Stopped]) -- C:\Windows\System32\drivers\ws2ifsl.sys (Microsoft Corporation)
(XAudio [Auto | Running]) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)

========== Standard Registry (All) ==========


========== Internet Explorer ==========

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...o&pf=laptop
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...p...ER}&ar=home
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache =
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

O1 HOSTS File: (761 bytes) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - Reg Error: Key does not exist or could not be opened. File not found
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Reg Error: Key does not exist or could not be opened. File not found
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [BrStsWnd] C:\Program Files\Brownie\BrstsWnd.exe Autorun (brother)
O4 - HKLM..\Run: [F-Secure Manager] "C:\Program Files\COGECO Security Services\Common\FSM32.EXE" /splash (F-Secure Corporation)
O4 - HKLM..\Run: [F-Secure TNB] "C:\Program Files\COGECO Security Services\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW (F-Secure Corporation)
O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
O4 - HKLM..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto (Microsoft Corporation)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0" (CyberLink Corp.)
O4 - HKLM..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide (Microsoft Corporation)
O4 - HKCU..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" (DT Soft Ltd.)
O4 - HKCU..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (Microsoft Corporation)
O4 - HKCU..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun (Hewlett-Packard)
O4 - HKCU..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden (Hewlett-Packard Company)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0



O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\COGECO Security Services\FSPC\fspcmsie.dll (F-Secure Corporation)
O9 - Extra 'Tools' menuitem : Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\COGECO Security Services\FSPC\fspcmsie.dll (F-Secure Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: 127.0.0.1 (http in Local intranet | )
O16 - DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} http://design-concep...yerAX_Win32.cab (20-20 3D Viewer)
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} http://cdn.scan.onec...S/wlscctrl2.cab (Windows Live OneCare safety scanner control)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key does not exist or could not be opened.)
O18 - Protocol\Handler: - about - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler: - cdl - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler: - dvd - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler: - file - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler: - ftp - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler: - http - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler: - http\0x00000001 - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler: - http\oledb - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler: - https - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler: - https\0x00000001 - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler: - https\oledb - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler: - ipp - No CLSID value found
O18 - Protocol\Handler: - ipp\0x00000001 - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler: - its - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler: - javascript - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler: - local - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler: - mailto - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler: - mhtml - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler: - mk - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler: - msdaipp - No CLSID value found
O18 - Protocol\Handler: - msdaipp\0x00000001 - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler: - msdaipp\oledb - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler: - ms-help - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler: - ms-its - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler: - ms-itss - C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler: - res - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler: - tv - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler: - vbscript - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/octet-stream - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/x-complus - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/x-msdownload - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - deflate - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - gzip - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - See sections below for AppInitDlls and Winlogon settings
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}C:\Windows\System32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: (Component Categories cache daemon) - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\System32\browseui.dll (Microsoft Corporation)

========== HKLM Winlogon Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Shell" = explorer.exe
>C:\Windows\explorer.exe (Microsoft Corporation)

"UserInit" = C:\Windows\system32\userinit.exe,
>C:\Windows\System32\userinit.exe (Microsoft Corporation)

"VMApplet" = rundll32 shell32,Control_RunDLL "sysdm.cpl"
>C:\Windows\System32\shell32.dll (Microsoft Corporation)
>C:\Windows\System32\sysdm.cpl (Microsoft Corporation)


========== Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
igfxcui: "DllName" = igfxdev.dll -- C:\Windows\System32\igfxdev.dll (Intel Corporation)

========== HKLM *SecurityProviders* ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders]
"SecurityProviders" = credssp.dll
>C:\Windows\System32\credssp.dll (Microsoft Corporation)

========== LSA *Authentication Packages* ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Authentication Packages" = msv1_0,
>C:\Windows\System32\msv1_0.dll (Microsoft Corporation)

========== LSA *Security Packages* ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Security Packages" = kerberos,msv1_0,schannel,wdigest,tspkg,
>C:\Windows\System32\kerberos.dll (Microsoft Corporation)
>C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
>C:\Windows\System32\schannel.dll (Microsoft Corporation)
>C:\Windows\System32\wdigest.dll (Microsoft Corporation)
>C:\Windows\System32\TSpkg.dll (Microsoft Corporation)

========== Safeboot Options ==========

"AlternateShell" = cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

autoexec.bat [REM Dummy file for NTVDMPATH=%PATH%;C:\PROGRA~1\COMMON~1\MUVEET~1\030625 | ]
C:\autoexec.bat () -- [ NTFS ]

AUTOMODE [@echo off | IF EXIST C:\ST_RP\MANUALMODE ECHO MANUAL BATCH MODE ALREADY SET ! | IF NOT EXIST C:\ST_RP\MANUALMODE ECHO SET TO MANUAL BATCH EXECUTION ! | IF NOT EXIST C:\ST_RP\MANUALMODE IF EXIST C:\ST_RP\AUTOMODE DEL C:\ST_RP\AUTOMODE /F > NUL | IF NOT EXIST C:\ST_RP\MANUALMODE COPY C:\ST_RP\SET_AUTO_MODE.CMD C:\ST_RP\MANUALMODE > NUL | ECHO. | ]
D:\AUTOMODE () -- [ NTFS ]

========== Files/Folders - Created Within 30 Days ==========

[1 C:\Windows\*.tmp files]
[2009/01/18 19:52:27 | 00,419,328 | ---- | C] (OldTimer Tools) -- C:\Users\Sandra\Desktop\OTListIt2.exe
[2009/01/18 09:07:21 | 00,000,000 | ---D | C] -- C:\Windows\System32\20-20 Technologies
[2009/01/14 18:09:16 | 00,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\srv.sys
[2009/01/13 14:51:32 | 00,000,006 | -HS- | C] () -- C:\Users\Sandra\AppData\Roaming\desktop.ini
[2009/01/13 14:51:32 | 00,000,006 | -HS- | C] () -- C:\Users\Sandra\AppData\Local\desktop.ini
[2009/01/13 14:48:40 | 00,000,000 | ---D | C] -- C:\Users\Sandra\AppData\Local\ArcSoft
[2009/01/13 14:48:12 | 00,000,000 | ---D | C] -- C:\Users\Sandra\Documents\My Print Creations
[2009/01/13 14:47:38 | 00,000,000 | ---D | C] -- C:\ProgramData\ArcSoft
[2009/01/13 14:47:34 | 00,000,000 | ---D | C] -- C:\Users\Sandra\AppData\Roaming\Arcsoft
[2009/01/13 14:46:22 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\ArcSoft
[2009/01/13 14:46:22 | 00,000,000 | ---D | C] -- C:\Program Files\ArcSoft
[2009/01/13 14:41:15 | 00,002,028 | ---- | C] () -- C:\Users\Public\Desktop\HP Photosmart Essential 3.5.lnk
[2009/01/13 14:37:48 | 00,101,605 | ---- | C] () -- C:\Windows\hpqins13.dat.temp
[2009/01/13 14:25:26 | 00,000,000 | ---D | C] -- C:\Users\Sandra\Documents\HP Photosmart Projects
[2009/01/13 08:52:00 | 00,001,874 | ---- | C] () -- C:\Users\Sandra\Desktop\HijackThis.lnk
[2009/01/13 08:51:59 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/01/13 08:51:33 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Users\Sandra\Desktop\HJTsetup.exe
[2009/01/12 19:05:38 | 00,000,000 | ---D | C] -- C:\Users\Sandra\AppData\Roaming\Malwarebytes
[2009/01/12 19:05:34 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/01/12 19:05:34 | 00,000,818 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/01/12 19:05:31 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/01/12 19:05:30 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009/01/12 19:05:29 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/01/12 18:54:36 | 00,000,000 | ---D | C] -- C:\Users\Sandra\AppData\Local\Adobe
[2009/01/12 16:32:05 | 21,370,22464 | -HS- | C] () -- C:\hiberfil.sys
[2009/01/11 20:01:38 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center
[2009/01/09 10:20:29 | 00,010,752 | ---- | C] () -- C:\Users\Sandra\Documents\PSMIP.wps
[2009/01/09 08:09:08 | 00,430,451 | ---- | C] () -- C:\Users\Sandra\Desktop\sample1.pdf.jpg
[2009/01/08 19:08:31 | 00,050,771 | ---- | C] () -- C:\Users\Sandra\Desktop\cutoutbaby.jpg
[2009/01/08 15:10:22 | 00,343,254 | ---- | C] () -- C:\Users\Sandra\Documents\no to small.bmp
[2009/01/08 14:48:27 | 00,165,831 | ---- | C] () -- C:\Users\Sandra\Desktop\costco_slider_dec_2008_v2.jpg
[2009/01/08 10:22:53 | 00,211,456 | ---- | C] () -- C:\Users\Sandra\Documents\sears name change.wps
[2009/01/06 20:27:42 | 00,000,000 | ---D | C] -- C:\Users\Sandra\Documents\JPGS
[2009/01/06 19:45:43 | 00,000,984 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Photoshop Elements 4.0.lnk
[2009/01/05 16:59:20 | 00,001,887 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk
[2009/01/05 16:58:18 | 00,000,000 | ---D | C] -- C:\Program Files\Adobe
[2009/01/05 08:03:51 | 00,212,480 | ---- | C] () -- C:\Users\Sandra\Documents\fax to work.wps
[2009/01/03 14:42:00 | 01,524,471 | ---- | C] () -- C:\Users\Sandra\Desktop\IMG_1079.JPG
[2009/01/02 20:34:43 | 00,000,000 | ---D | C] -- C:\Users\Sandra\Desktop\pic
[2009/01/01 00:17:53 | 00,000,388 | ---- | C] () -- C:\infect.htm
[2009/01/01 00:17:53 | 00,000,182 | ---- | C] () -- C:\error.htm
[2008/12/30 12:12:56 | 01,251,840 | ---- | C] () -- C:\Users\Sandra\Documents\Presentation1.ppt
[2008/12/29 08:40:28 | 00,483,943 | ---- | C] () -- C:\Users\Sandra\Documents\daves passport.pdf
[2008/12/27 19:28:16 | 00,000,000 | ---D | C] -- C:\Users\Sandra\Documents\80s
[2008/12/24 09:22:01 | 00,001,169 | ---- | C] () -- C:\Users\Sandra\Desktop\CaseBook - Shortcut.lnk
[2008/12/24 09:21:27 | 00,000,372 | ---- | C] () -- C:\Users\Sandra\Desktop\Documents - Shortcut.lnk
[2008/12/22 18:20:31 | 00,000,000 | ---D | C] -- C:\Users\Sandra\Documents\CaseBook
[2008/12/22 11:21:14 | 02,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_40.dll
[2008/12/22 11:21:14 | 00,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_40.dll
[2008/12/22 11:21:13 | 04,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_40.dll
[2008/12/22 11:21:13 | 00,514,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_3.dll
[2008/12/22 11:21:13 | 00,070,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_2.dll
[2008/12/22 11:21:12 | 00,235,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_3.dll
[2008/12/22 11:21:11 | 00,023,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_5.dll
[2008/12/22 11:21:10 | 00,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_2.dll
[2008/12/22 11:21:10 | 00,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_1.dll
[2008/12/22 11:21:09 | 03,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_39.dll
[2008/12/22 11:21:09 | 01,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_39.dll
[2008/12/22 11:21:09 | 00,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_39.dll
[2008/12/22 11:21:09 | 00,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_2.dll
[2008/12/22 11:21:07 | 00,507,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_1.dll
[2008/12/22 11:21:07 | 00,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_1.dll
[2008/12/22 11:21:07 | 00,065,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_0.dll
[2008/12/22 11:21:06 | 01,491,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_38.dll
[2008/12/22 11:21:06 | 00,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_38.dll
[2008/12/22 11:21:06 | 00,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_4.dll
[2008/12/22 11:21:04 | 03,850,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_38.dll
[2008/12/22 11:21:03 | 00,479,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_0.dll
[2008/12/22 11:21:03 | 00,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_0.dll
[2008/12/22 11:21:03 | 00,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_3.dll
[2008/12/22 11:21:02 | 01,420,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_37.dll
[2008/12/22 11:21:02 | 00,462,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_37.dll
[2008/12/22 11:21:01 | 03,786,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_37.dll
[2008/12/22 11:21:00 | 00,267,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_10.dll
[2008/12/22 11:20:56 | 01,374,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_36.dll
[2008/12/22 11:20:56 | 00,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_36.dll
[2008/12/22 11:20:55 | 03,734,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_36.dll
[2008/12/22 11:20:52 | 00,267,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_9.dll
[2008/12/22 11:20:51 | 01,358,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_35.dll
[2008/12/22 11:20:51 | 00,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_35.dll
[2008/12/22 11:20:50 | 03,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_35.dll
[2008/12/22 11:20:49 | 00,266,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_8.dll
[2008/12/22 11:20:49 | 00,017,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_2.dll
[2008/12/22 11:20:48 | 01,124,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_34.dll
[2008/12/22 11:20:48 | 00,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_34.dll
[2008/12/22 11:20:47 | 03,497,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_34.dll
[2008/12/22 11:20:46 | 00,261,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_7.dll
[2008/12/22 11:20:46 | 00,081,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_3.dll
[2008/12/22 11:20:45 | 01,123,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_33.dll
[2008/12/22 11:20:45 | 00,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_33.dll
[2008/12/22 11:20:44 | 00,255,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_6.dll
[2008/12/22 11:20:38 | 00,251,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_5.dll
[2008/12/22 11:20:37 | 00,440,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10.dll
[2008/12/22 11:20:36 | 03,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_32.dll
[2008/12/22 11:20:33 | 00,237,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_4.dll
[2008/12/22 11:20:33 | 00,015,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\x3daudio1_1.dll
[2008/12/22 11:20:31 | 02,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_31.dll
[2008/12/22 11:18:38 | 00,000,000 | -H-D | C] -- C:\Windows\msdownld.tmp
[2008/12/22 11:18:31 | 00,000,000 | ---D | C] -- C:\Windows\System32\directx
[2008/12/21 12:07:47 | 00,142,848 | ---- | C] () -- C:\Users\Sandra\Documents\gift tags2.doc

========== Files - Modified Within 30 Days ==========

[1 C:\Windows\*.tmp files]
[2009/01/19 07:44:10 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/01/19 07:44:09 | 00,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/01/19 07:44:09 | 00,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/01/18 19:52:31 | 00,419,328 | ---- | M] (OldTimer Tools) -- C:\Users\Sandra\Desktop\OTListIt2.exe
[2009/01/18 19:45:56 | 00,000,526 | ---- | M] () -- C:\Windows\tasks\Scheduled scanning task.job
[2009/01/18 17:16:15 | 00,701,418 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/01/18 17:16:15 | 00,607,068 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/01/18 17:16:15 | 00,108,836 | ---- | M] () -- C:\Windows\System
  • 0

#4
imralphy
Posted 19 January 2009 - 07:17 AM

imralphy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Part 2 of OTList:
[2009/01/18 17:11:50 | 00,000,321 | ---- | M] () -- C:\Windows\Brownie.ini
[2009/01/18 17:11:24 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/01/18 17:11:17 | 21,370,22464 | -HS- | M] () -- C:\hiberfil.sys
[2009/01/16 13:03:44 | 00,009,728 | ---- | M] () -- C:\Users\Sandra\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/01/14 09:38:18 | 00,000,426 | ---- | M] () -- C:\Windows\BRWMARK.INI
[2009/01/14 09:20:18 | 00,001,542 | ---- | M] () -- C:\Users\Sandra\AppData\Roaming\wklnhst.dat
[2009/01/13 19:35:54 | 00,001,889 | ---- | M] () -- C:\Users\Sandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iWin Desktop Alerts.lnk
[2009/01/13 14:51:35 | 00,000,402 | -HS- | M] () -- C:\Users\Sandra\Documents\desktop.ini
[2009/01/13 14:51:35 | 00,000,174 | -HS- | M] () -- C:\Users\Sandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
[2009/01/13 14:51:34 | 00,000,282 | -HS- | M] () -- C:\Users\Sandra\Desktop\desktop.ini
[2009/01/13 14:51:32 | 00,000,006 | -HS- | M] () -- C:\Users\Sandra\AppData\Roaming\desktop.ini
[2009/01/13 14:51:32 | 00,000,006 | -HS- | M] () -- C:\Users\Sandra\AppData\Local\desktop.ini
[2009/01/13 14:42:26 | 00,019,500 | ---- | M] () -- C:\Windows\hpqins13.dat
[2009/01/13 14:41:15 | 00,002,028 | ---- | M] () -- C:\Users\Public\Desktop\HP Photosmart Essential 3.5.lnk
[2009/01/13 08:52:00 | 00,001,874 | ---- | M] () -- C:\Users\Sandra\Desktop\HijackThis.lnk
[2009/01/13 08:51:36 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Users\Sandra\Desktop\HJTsetup.exe
[2009/01/12 19:05:34 | 00,000,818 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/01/12 12:59:04 | 00,393,424 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/01/12 11:05:00 | 00,078,312 | ---- | M] () -- C:\Users\Sandra\AppData\Local\GDIPFONTCACHEV1.DAT
[2009/01/09 20:35:28 | 20,853,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mrt.exe
[2009/01/09 10:20:29 | 00,010,752 | ---- | M] () -- C:\Users\Sandra\Documents\PSMIP.wps
[2009/01/09 10:07:05 | 00,212,480 | ---- | M] () -- C:\Users\Sandra\Documents\fax to work.wps
[2009/01/09 08:09:09 | 00,430,451 | ---- | M] () -- C:\Users\Sandra\Desktop\sample1.pdf.jpg
[2009/01/08 19:08:17 | 00,050,771 | ---- | M] () -- C:\Users\Sandra\Desktop\cutoutbaby.jpg
[2009/01/08 15:10:22 | 00,343,254 | ---- | M] () -- C:\Users\Sandra\Documents\no to small.bmp
[2009/01/08 14:48:12 | 00,165,831 | ---- | M] () -- C:\Users\Sandra\Desktop\costco_slider_dec_2008_v2.jpg
[2009/01/08 10:22:53 | 00,211,456 | ---- | M] () -- C:\Users\Sandra\Documents\sears name change.wps
[2009/01/06 19:45:43 | 00,000,984 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Photoshop Elements 4.0.lnk
[2009/01/06 14:39:21 | 02,419,518 | -H-- | M] () -- C:\Users\Sandra\AppData\Local\IconCache.db
[2009/01/05 16:59:20 | 00,001,887 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk
[2009/01/04 18:41:24 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/01/04 18:41:20 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/01/03 14:42:25 | 01,524,471 | ---- | M] () -- C:\Users\Sandra\Desktop\IMG_1079.JPG
[2009/01/01 00:33:31 | 00,000,182 | ---- | M] () -- C:\error.htm
[2009/01/01 00:21:44 | 00,000,388 | ---- | M] () -- C:\infect.htm
[2008/12/31 09:04:45 | 01,251,840 | ---- | M] () -- C:\Users\Sandra\Documents\Presentation1.ppt
[2008/12/29 08:54:06 | 00,628,322 | ---- | M] () -- C:\Users\Sandra\Desktop\PASSPORT.pdf
[2008/12/29 08:40:29 | 00,483,943 | ---- | M] () -- C:\Users\Sandra\Documents\daves passport.pdf
[2008/12/24 09:22:01 | 00,001,169 | ---- | M] () -- C:\Users\Sandra\Desktop\CaseBook - Shortcut.lnk
[2008/12/24 09:21:27 | 00,000,372 | ---- | M] () -- C:\Users\Sandra\Desktop\Documents - Shortcut.lnk
[2008/12/23 21:41:37 | 00,018,944 | ---- | M] () -- C:\Users\Sandra\Documents\christmas expenses.xlr
[2008/12/22 08:41:02 | 00,060,928 | ---- | M] () -- C:\Users\Sandra\Documents\new years invite.ppt
[2008/12/21 12:07:49 | 00,142,848 | ---- | M] () -- C:\Users\Sandra\Documents\gift tags2.doc

========== LOP Check ==========

[2009/01/18 17:11:24 | 00,000,006 | -H-- | M] () -- C:\Windows\Tasks\SA.DAT
[2009/01/06 14:39:39 | 00,032,586 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009/01/18 19:45:56 | 00,000,526 | ---- | M] () -- C:\Windows\Tasks\Scheduled scanning task.job

========== Purity Check ==========


========== Alternate Data Streams ==========

@Alternate Data Stream - 119 bytes -> %AllUsersProfile%\TEMP:3550534F
@Alternate Data Stream - 113 bytes -> %AllUsersProfile%\TEMP:49CABE45
@Alternate Data Stream - 112 bytes -> %AllUsersProfile%\TEMP:CDCE26D3
< End of report >

Here is the Extras.txt:
OTListIt Extras logfile created on: 19/01/2009 8:01:30 AM - Run
OTListIt2 by OldTimer - Version 1.0.3.0 Folder = C:\Users\Sandra\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

1.99 Gb Total Physical Memory | 0.96 Gb Available Physical Memory | 48.03% Memory free
4.00 Gb Paging File | 2.88 Gb Available in Paging File | 71.94% Paging File free
Paging file location(s): ?:\pagefile.sys;

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 137.36 Gb Total Space | 68.80 Gb Free Space | 50.09% Space Free | Partition Type: NTFS
Drive D: | 11.69 Gb Total Space | 2.09 Gb Free Space | 17.88% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SANDRA-PC
Current User Name: Sandra
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" =
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00010409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Professional
"{007B37D9-0C45-4202-834B-DD5FAAE99D63}" = ArcSoft Print Creations - Slimline Card
"{01A1A019-E1D8-482A-BE17-5E118D17C0A0}" = ArcSoft Print Creations - Brochures & Flyers
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{06E74B9B-631F-4378-BF3A-40D868450C05}" = HPPhotoSmartPhotobookHolidayPack1
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{11B83AD3-7A46-4C2E-A568-9505981D4C6F}" = HP Update
"{11BB336F-0E58-4977-B866-F24FA334616B}" = HP Active Support Library
"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{172AEB5E-CBB2-4CDD-A4CF-388600825839}" = HPPhotoSmartPhotobookPlayfulPack1
"{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}" = QuickTime
"{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}" = Adobe Shockwave Player
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite
"{209CDA54-D390-46A2-A97C-7BF61734418D}" = WeatherBug Gadget
"{2284D904-C138-4B58-93EC-5C362AB5130A}" = The Sims™ Life Stories
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{23B806E8-BA3C-4FC2-AAB8-116FC8514697}" = Agatha Christie - Evil Under the Sun
"{250E9609-E830-43EB-B379-DAB7546A2422}" = muvee autoProducer 6.1
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check
"{271C6608-69FD-4D6E-933C-4C08742AA33C}" = ArcSoft Print Creations
"{28EDCE9C-3304-4331-8AB3-F3EBE94C35B4}" = HP Help and Support
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.30 E2
"{3CE47E6B-AE27-4E40-AC54-329EED96B933}" = ArcSoft Print Creations - Funhouse II
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{44734179-8A79-4DEE-BB08-73037F065543}" = Apple Mobile Device Support
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 3.6
"{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}" = Bonjour
"{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout
"{5023B3E9-6B73-471E-8BD9-DA4442AE357C}" = ArcSoft Print Creations - Quick Photo Book
"{56589DFE-0C29-4DFE-8E42-887B771ECD23}" = ArcSoft Print Creations - Photo Book
"{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}" = iTunes
"{5D1C82E7-7EC0-4404-A8AD-36C3B444BC34}" = ArcSoft Print Creations - Poster Creator
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{71310D9B-7555-44FE-914C-A1B55CB7BC5D}" = Scrapbook
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{865DB1C9-D5E4-408B-B37D-9927E605BD2D}" = ESU for Microsoft Vista
"{89E052B2-5CA5-4B7A-AF0C-28CA2836B030}" = HPPhotoSmartPhotobookModernPack1
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9591C049-5CAE-4E89-A8D9-191F1899628B}" = ArcSoft Print Creations - Funhouse
"{95F875CC-1B85-43E6-B3E0-13EA04F3D995}" = ArcSoft Print Creations - Photo Prints
"{9885A11E-60E4-417C-B58B-8B31B21C0B8A}" = HP Easy Setup - Frontend
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Touch Pad Driver
"{A07840FC-CE63-4CB8-8030-EF4B9805925A}" = HPPhotoSmartDiscLabel_PaperLabel
"{A569A106-7EDB-43A1-8DAE-AB7D35C42F5B}" = Brother HL-2170W
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AC95121F-1576-45B8-82F7-3911D27882E6}" = HPPhotoSmartPhotobookScrapbookPack1
"{ADFB9653-F44C-460C-BF58-189CC552DFFE}" = hpphotosmartdisclabelplugin
"{AE46ABD3-D625-467F-B5A7-8D3FFF077F0D}" = Realtek 8139 and 8139C+ Ethernet Network Card Driver for Windows Vista
"{b02df929-29a7-4fd2-9a70-81a644b635f7}" = HP Total Care Advisor
"{B0D83FCD-9D42-43ED-8315-250326AADA02}" = ArcSoft Print Creations - Scrapbook
"{B4E91E95-A5BA-4E50-A465-DB7EFEB176E8}" = HPPhotoSmartDiscLabel_PrintOnDisc
"{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}" = Apple Software Update
"{BD0E2B92-3814-46F0-893B-4612EA010C7E}" = HP Customer Experience Enhancements
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{CA9ED5E4-1548-485B-A293-417840060158}" = ArcSoft Print Creations - Photo Calendar
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CBAE4F50-9FC9-4557-AB36-9826DF3C103C}" = HP Wireless Assistant
"{CC4A73BF-938E-4C19-A553-853C035C9BA1}" = LightScribe System Software 1.10.13.1
"{D7358B07-4F10-4014-9869-7999578BE8ED}" = HP User Guides 0093
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E6B4117F-AC59-4B13-9274-EB136E8897EE}" = ArcSoft Print Creations - Album Page
"{EBB7C1C1-D439-4D9B-9FDC-954C10F266B0}" = Adobe Photoshop Elements 4.0
"{F04F9557-81A9-4293-BC49-2C216FA325A7}" = ArcSoft Print Creations - Greeting Card
"{F5577101-33CC-4711-8235-3A95BCD49DB0}" = EA Link
"{F636EE9A-F9EC-4606-BCFA-77DD0E210788}" = HPPhotoSmartDiscLabel_Tattoo
"{F7F3B252-E772-48AA-93EB-7964BC326067}" = MSCU for Microsoft Vista
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Photoshop Elements 4" = Adobe Photoshop Elements 4.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Chocolatier 2" = Chocolatier 2 (remove only)
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"F-Secure Product 444" = COGECO Security Services
"HDMI" = Intel® Graphics Media Accelerator Driver
"Heroes of Hellas" = Heroes of Hellas (remove only)
"HijackThis" = HijackThis 2.0.2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{F5577101-33CC-4711-8235-3A95BCD49DB0}" = EA Link
"iWinArcade" = iWin Games (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"OfotoEZUpload" = KODAK EASYSHARE Gallery Upload ActiveX Control
"SlingMedia.QPSlingPlayer_is1" = QuickPlay SlingPlayer 0.4.4
"SUPER LOGIK_is1" = SUPER LOGIK
"TVWiz" = Intel® TV Wizard
"ViewpointMediaPlayer" = Viewpoint Media Player
"WildTangent hp Master Uninstall" = My HP Games
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"WinRAR archiver" = WinRAR archiver
"Xvid_is1" = Xvid 1.1.3 final uninstall
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Toolbar" = Yahoo! Toolbar

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 15/01/2009 12:38:58 PM | Computer Name = Sandra-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 15/01/2009 12:38:58 PM | Computer Name = Sandra-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 15/01/2009 12:38:58 PM | Computer Name = Sandra-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 15/01/2009 12:38:58 PM | Computer Name = Sandra-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 15/01/2009 12:38:58 PM | Computer Name = Sandra-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 15/01/2009 12:38:58 PM | Computer Name = Sandra-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 15/01/2009 8:09:36 PM | Computer Name = Sandra-PC | Source = F-Secure Anti-Virus | ID = 103
Description = 1 2009-01-15 19:09:36-04:00 sandra-pc Sandra-PC\Sandra F-Secure
Anti-Virus Scanning of could not be completed at this time.

Error - 15/01/2009 8:09:36 PM | Computer Name = Sandra-PC | Source = F-Secure Anti-Virus | ID = 103
Description = 2 2009-01-15 19:09:36-04:00 sandra-pc Sandra-PC\Sandra F-Secure
Anti-Virus Scanning of 1457d328 could not be completed at this time.

Error - 16/01/2009 11:43:49 AM | Computer Name = Sandra-PC | Source = F-Secure Anti-Virus | ID = 103
Description = 3 2009-01-16 10:43:49-04:00 sandra-pc Sandra-PC\Sandra F-Secure
Anti-Virus Scanning of could not be completed at this time.

Error - 16/01/2009 11:43:50 AM | Computer Name = Sandra-PC | Source = F-Secure Anti-Virus | ID = 103
Description = 4 2009-01-16 10:43:50-04:00 sandra-pc Sandra-PC\Sandra F-Secure
Anti-Virus Scanning of 10e75e70 could not be completed at this time.

[ System Events ]
Error - 04/12/2008 8:58:09 AM | Computer Name = Sandra-PC | Source = F-Secure Gatekeeper | ID = 327681
Description =

Error - 04/12/2008 8:58:09 AM | Computer Name = Sandra-PC | Source = F-Secure Gatekeeper | ID = 327681
Description =

Error - 05/12/2008 9:08:07 AM | Computer Name = Sandra-PC | Source = F-Secure Gatekeeper | ID = 327681
Description =

Error - 05/12/2008 9:08:07 AM | Computer Name = Sandra-PC | Source = F-Secure Gatekeeper | ID = 327681
Description =

Error - 06/12/2008 11:12:23 AM | Computer Name = Sandra-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 10:00:06 AM on 06/12/2008 was unexpected.

Error - 06/12/2008 11:12:46 AM | Computer Name = Sandra-PC | Source = HTTP | ID = 15016
Description =

Error - 06/12/2008 11:14:07 AM | Computer Name = Sandra-PC | Source = Service Control Manager | ID = 7024
Description =

Error - 06/12/2008 11:31:12 AM | Computer Name = Sandra-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 10:27:33 AM on 06/12/2008 was unexpected.

Error - 06/12/2008 11:31:18 AM | Computer Name = Sandra-PC | Source = HTTP | ID = 15016
Description =

Error - 06/12/2008 11:32:56 AM | Computer Name = Sandra-PC | Source = Service Control Manager | ID = 7024
Description =


< End of report >
  • 0

#5
handhfan
Posted 19 January 2009 - 09:53 AM

handhfan

    Trusted Helper

  • Expert
  • 13,659 posts
Please download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
  • Open JavaRa.exe again and select Search For Updates.
  • Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.

Please go to Start > Control Panel > Add/Remove Programs and remove the following (if present):

Viewpoint Media Player

Please download the OTMoveIt3 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt3.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    :Processes
explorer.exe

:Files
C:\infect.htm
C:\error.htm
C:\Program Files\Viewpoint

:Commands
[emptytemp]
[start explorer]
[Reboot]
  • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt3
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Please do an online scan with Kaspersky WebScanner

  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure the following is checked.
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Please post this log in your next reply, along with the OTMoveIt3 log, and a new HijackThis log.

  • 0

#6
imralphy
Posted 20 January 2009 - 09:40 AM

imralphy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Thanks so much for your help.

I downloaded JavaRa, removed Viewpoint and here is my MoveIt log:

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== FILES ==========
C:\infect.htm moved successfully.
C:\error.htm moved successfully.
File/Folder C:\Program Files\Viewpoint not found.
========== COMMANDS ==========
File delete failed. C:\Users\Sandra\AppData\Local\Temp\ehmsas.txt scheduled to be deleted on reboot.
File delete failed. C:\Users\Sandra\AppData\Local\Temp\ppcrlui_5156_2 scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\Windows\temp\nvcbin.def.76167175.TMP scheduled to be deleted on reboot.
Windows Temp folder emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 01192009_173554

Files moved on Reboot...
C:\Users\Sandra\AppData\Local\Temp\ehmsas.txt moved successfully.
C:\Users\Sandra\AppData\Local\Temp\ppcrlui_5156_2 moved successfully.
C:\Windows\temp\nvcbin.def.76167175.TMP moved successfully.


Then i tried to run the scan. I tried it twice and both times, my computer froze. I am not 100% sure but I think it was in the same spot. Here is what it said when it froze:
completed 21%, scanned 95,215 files
just over 1 hr
2 threat names
2 infected objects
scanning: data1.cab
Location: c:\SwSetup\YouCam

I had to power down manually. My laptop wasn't even idle around that time.

Should I run a quick scan with Malwarebytes?
I don't know what to do because it seems that everytime I try a full scan, it freezes. :) :)
  • 0

#7
handhfan
Posted 20 January 2009 - 12:54 PM

handhfan

    Trusted Helper

  • Expert
  • 13,659 posts
You can try to run Malwarebyte's Anti-Malware, but if scans are freezing, it might do so as well.

I'm curious though, so let's see if we can get this scan to work in Safe Mode, there should be no reason for it to freeze there. Please try the following, as well:

Please click here to download AVP Tool by Kaspersky.
  • Save it to your desktop.
  • Reboot your computer into SafeMode.

    You can do this by restarting your computer and continually tapping the F8 key until a menu appears.
    Use your up arrow key to highlight SafeMode then hit enter    .

  • Double click the setup file to run it.
  • Click Next to continue.
  • It will by default install it to your desktop folder.Click Next.
  • Hit ok at the prompt for scanning in Safe Mode.
  • It will then open a box There will be a tab that says Automatic scan.
  • Under Automatic scan make sure these are checked.

  • System Memory
  • Startup Objects
  • Disk Boot Sectors.
  • My Computer.
  • Also any other drives (Removable that you may have)


After that click on Security level then choose Customize then click on the tab that says Heuristic Analyzer then choose Enable Deep rootkit search then choose ok.
Then choose OK again then you are back to the main screen.

  • Then click on Scan at the to right hand Corner.
  • It will automatically Neutralize any objects found.
  • If some objects are left un-neutralized then click the button that says Neutralize all
  • If it says it cannot be Neutralized then chooose The delete option when prompted.
  • After that is done click on the reports button at the bottom and save it to file name it Kas.
  • Save it somewhere convenient like your desktop and just post only the detected Virus\malware in the report it will be at the very top under Detected post those results in your next reply.

    Note: This tool will self uninstall when you close it so please save the log before closing it.


  • 0

#8
imralphy
Posted 20 January 2009 - 07:06 PM

imralphy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
in safe mode, I ran the Kaspersky scan and it went to 50% and froze again at the same file - sacnning data1.cab in location c:\swsetup\youcam. Do I even need this? I don't know what youcam is?

During the scan, it found 3 issues:
1. In an email attachment subject: UPS notification - worm.win32.autorun.pzo
2. In c:programfiles/iwin.com/heroes of hellas/glworker.oxe//armadillo - trojan-spy.win32.sckeylog.fo
3. In c:program files/iwin.com/virtualvillagers/gamelauncher.oxe - trojan-dropper.win32.irsd.p

I can delete these if it would help.
I tried clicking neutralize all but i think it was frozen by then.

Can I manually do something? What do you suggest?
Thanks for your help!
  • 0

#9
handhfan
Posted 20 January 2009 - 07:23 PM

handhfan

    Trusted Helper

  • Expert
  • 13,659 posts
You can delete those three if you can find them. I'm going to try a few other things.

First:

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Please, never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      -----------------------------------------------------------

    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    -----------------------------------------------------------

  • Double click on combofix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**
  • 0

#10
imralphy
Posted 20 January 2009 - 08:28 PM

imralphy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
I couldn't find the email msg but deleted the 2 iwin games.

Ran combofix - here is the log:
ComboFix 09-01-19.05 - Sandra 2009-01-20 21:06:12.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2037.1070 [GMT -5:00]
Running from: c:\users\Sandra\Desktop\ComboFix.exe
AV: COGECO Security Services 7.03 *On-access scanning disabled* (Updated)
FW: COGECO Security Services 7.03 *enabled*
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\KBL.LOG

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_iWinGamesInstaller


((((((((((((((((((((((((( Files Created from 2008-12-21 to 2009-01-21 )))))))))))))))))))))))))))))))
.

2009-01-20 18:22 . 2009-01-20 18:22 <DIR> d-------- c:\users\All Users\is-ISB0U
2009-01-20 18:22 . 2009-01-20 18:22 <DIR> d-------- c:\programdata\is-ISB0U
2009-01-20 18:18 . 2009-01-20 18:18 7,168 --a------ c:\windows\System32\drivers\ute0mjux.sys
2009-01-20 18:13 . 2009-01-20 21:15 4,010,016 --ahs---- c:\windows\System32\drivers\fidbox.dat
2009-01-20 18:13 . 2009-01-20 21:11 46,148 --ahs---- c:\windows\System32\drivers\fidbox.idx
2009-01-20 17:11 . 2009-01-20 17:11 <DIR> d-------- c:\users\All Users\is-I1JG4
2009-01-20 17:11 . 2009-01-20 17:11 <DIR> d-------- c:\programdata\is-I1JG4
2009-01-20 17:11 . 2008-07-08 13:54 148,496 --a------ c:\windows\System32\drivers\41717604.sys
2009-01-19 17:35 . 2009-01-19 17:35 <DIR> d-------- C:\_OTMoveIt
2009-01-19 17:27 . 2009-01-19 17:26 410,984 --a------ c:\windows\System32\deploytk.dll
2009-01-18 09:07 . 2009-01-18 09:07 <DIR> d-------- c:\windows\System32\20-20 Technologies
2009-01-14 18:09 . 2008-12-15 21:42 288,768 --a------ c:\windows\System32\drivers\srv.sys
2009-01-13 14:51 . 2009-01-13 14:51 <DIR> dr------- c:\windows\System32\config\systemprofile\Searches
2009-01-13 14:51 . 2009-01-13 14:51 <DIR> dr------- c:\windows\System32\config\systemprofile\Saved Games
2009-01-13 14:51 . 2009-01-13 14:51 <DIR> dr------- c:\windows\System32\config\systemprofile\Links
2009-01-13 14:47 . 2009-01-14 09:19 <DIR> d-------- c:\users\Sandra\AppData\Roaming\Arcsoft
2009-01-13 14:47 . 2009-01-13 14:52 <DIR> d-------- c:\users\All Users\ArcSoft
2009-01-13 14:47 . 2009-01-13 14:52 <DIR> d-------- c:\programdata\ArcSoft
2009-01-13 14:46 . 2009-01-13 14:50 <DIR> d-------- c:\program files\Common Files\ArcSoft
2009-01-13 14:46 . 2009-01-13 14:46 <DIR> d-------- c:\program files\ArcSoft
2009-01-13 14:37 . 2008-05-19 15:30 101,605 --------- c:\windows\hpqins13.dat.temp
2009-01-13 08:51 . 2009-01-13 08:51 <DIR> d-------- c:\program files\Trend Micro
2009-01-12 19:05 . 2009-01-12 19:05 <DIR> d-------- c:\users\Sandra\AppData\Roaming\Malwarebytes
2009-01-12 19:05 . 2009-01-12 19:05 <DIR> d-------- c:\users\All Users\Malwarebytes
2009-01-12 19:05 . 2009-01-12 19:05 <DIR> d-------- c:\programdata\Malwarebytes
2009-01-12 19:05 . 2009-01-12 19:05 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-12 19:05 . 2009-01-04 18:41 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2009-01-12 19:05 . 2009-01-04 18:41 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2009-01-11 20:01 . 2009-01-12 10:39 <DIR> d-------- c:\program files\Windows Live Safety Center
2008-12-22 11:20 . 2007-10-12 15:14 3,734,536 --a------ c:\windows\System32\d3dx9_36.dll
2008-12-22 11:18 . 2008-12-22 11:19 <DIR> d--h----- c:\windows\msdownld.tmp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-21 01:36 --------- d-----w c:\program files\iWin.com
2009-01-19 22:26 --------- d-----w c:\program files\Java
2009-01-15 16:42 --------- d-----w c:\program files\iWin Games
2009-01-15 13:19 --------- d-----w c:\program files\Windows Mail
2009-01-14 14:20 1,542 ----a-w c:\users\Sandra\AppData\Roaming\wklnhst.dat
2009-01-14 00:37 --------- d-----w c:\programdata\WildTangent
2009-01-14 00:36 --------- d---a-w c:\programdata\TEMP
2009-01-13 19:52 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-07 00:44 --------- d-----w c:\program files\Common Files\Adobe
2009-01-06 03:21 --------- d-----w c:\users\Sandra\AppData\Roaming\uTorrent
2008-12-22 23:20 --------- d-----w c:\users\Sandra\AppData\Roaming\F-Secure
2008-12-21 15:48 --------- d-----w c:\programdata\Microsoft Help
2008-12-19 21:26 --------- d-----w c:\program files\The Adventure Company
2008-12-19 13:12 --------- d-----w c:\program files\Nancy Drew
2008-12-07 14:55 --------- d-----w c:\programdata\Media Center Programs
2008-12-07 14:47 --------- d-----w c:\users\Sandra\AppData\Roaming\InstallShield
2008-12-07 13:21 --------- d-----w c:\users\Sandra\AppData\Roaming\DAEMON Tools Pro
2008-12-07 13:21 --------- d-----w c:\programdata\DAEMON Tools Pro
2008-12-07 13:16 --------- d-----w c:\program files\DAEMON Tools Pro
2008-12-07 04:02 685,816 ----a-w c:\windows\system32\drivers\sptd.sys
2008-12-07 03:35 --------- d-----w c:\users\Sandra\AppData\Roaming\CyberLink
2008-11-21 22:37 --------- d-----r c:\users\Sandra\AppData\Roaming\Brother
2008-11-21 20:21 --------- d-----w c:\program files\Brownie
2008-11-21 20:21 --------- d-----w c:\program files\Brother
2008-11-21 20:13 --------- d-----w c:\programdata\Brother
2008-11-01 03:44 541,696 ----a-w c:\windows\AppPatch\AcLayers.dll
2008-11-01 03:44 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll
2008-11-01 03:44 460,288 ----a-w c:\windows\AppPatch\AcSpecfc.dll
2008-11-01 03:44 28,672 ----a-w c:\windows\System32\Apphlpdm.dll
2008-11-01 03:44 2,154,496 ----a-w c:\windows\AppPatch\AcGenral.dll
2008-11-01 03:44 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll
2008-11-01 01:21 4,240,384 ----a-w c:\windows\System32\GameUXLegacyGDFs.dll
2008-10-29 06:29 2,927,104 ----a-w c:\windows\explorer.exe
2008-10-27 15:04 70,992 ----a-w c:\windows\System32\XAPOFX1_2.dll
2008-10-27 15:04 514,384 ----a-w c:\windows\System32\XAudio2_3.dll
2008-10-27 15:04 235,856 ----a-w c:\windows\System32\xactengine3_3.dll
2008-10-27 15:04 23,376 ----a-w c:\windows\System32\X3DAudio1_5.dll
2008-10-22 03:57 241,152 ----a-w c:\windows\System32\PortableDeviceApi.dll
2008-10-22 01:22 2,048 ----a-w c:\windows\System32\tzres.dll
2008-10-21 05:25 296,960 ----a-w c:\windows\System32\gdi32.dll
2008-10-21 05:25 1,645,568 ----a-w c:\windows\System32\connect.dll
2008-07-21 13:12 174 --sha-w c:\program files\desktop.ini
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-08-23 455968]
"HPAdvisor"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2007-10-01 1783136]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 136136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-08-28 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-08-28 154136]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-06-30 159744]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 178712]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-09-13 222504]
"MSConfig"="c:\windows\system32\msconfig.exe" [2008-01-19 227840]
"F-Secure Manager"="c:\program files\COGECO Security Services\Common\FSM32.EXE" [2008-02-13 184800]
"F-Secure TNB"="c:\program files\COGECO Security Services\FSGUI\TNBUtil.exe" [2008-02-13 741800]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-03-28 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-03-30 267048]
"BrStsWnd"="c:\program files\Brownie\BrstsWnd.exe" [2008-01-08 864256]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2008-11-20 178688]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-19 136600]

c:\users\Sandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
is-I1JG4.lnk - c:\users\Sandra\Desktop\Virus Removal Tool\is-I1JG4\startup.exe [2009-01-20 65536]
iWin Desktop Alerts.lnk - c:\programdata\iWin Games\DesktopAlerts\DesktopAlerts.exe [2008-07-13 108032]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-01-21 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3codecp"= l3codecp.acm
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\isCfgWiz

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-10-15 01:04 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2007-05-08 14:24 54840 c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]
--a------ 2007-10-03 18:15 480560 c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
--a------ 2007-08-28 07:43 137752 c:\windows\System32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl]
--a------ 2007-09-27 19:05 202032 c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
--a------ 2007-09-30 22:34 181544 c:\program files\HP\QuickPlay\QPService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
--a------ 2008-01-19 02:33 1233920 c:\program files\Windows Sidebar\sidebar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-07-12 07:00 132496 c:\program files\Java\jre1.6.0_02\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter]
--a------ 2008-01-19 02:36 2153472 c:\windows\System32\oobefldr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{67EAD285-24E0-4D13-9328-BECCC47B61D5}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{28495F53-3DC3-4452-BD8E-0976C9FE8C8E}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play
"{46348CAD-7C71-4EAE-AC04-CA4B66340296}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{C1A39136-A319-42A5-BFE5-9FEAC850B68E}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{9086506A-9714-493C-8B5F-1F1BCDA54395}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{70C932A6-C860-4576-947B-BA187AF370E7}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{DB3E0176-E6B4-4703-B2E6-A28D6256C208}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{BAAA76A8-3F4C-4447-A5F5-1BF47ABD45BE}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{94F28621-2B36-4356-9A5D-5EA4AA840EE6}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{5C36C87C-C35D-4994-A03C-771D2B28DF9A}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{D6F0A7F8-B6C6-4F51-99A1-D5BBF119C78D}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{99FACF38-18CA-4AC9-ACE2-B97A0B8199AA}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent
"{B31BA21E-DF65-4561-AEF6-EC4CBC0590C1}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent
"{20EA3524-AE64-4D5A-AE18-5A92314F261E}"= UDP:c:\program files\iWin Games\iWinGames.exe:iWin Games application.
"{B96618BF-4677-4A11-85B0-780CCC200F20}"= TCP:c:\program files\iWin Games\iWinGames.exe:iWin Games application.
"{C16CC18C-09BD-4FC0-9843-791B00AE9BC4}"= UDP:c:\program files\iWin Games\WebUpdater.exe:iWin Games updater.
"{9642ABE5-8DE1-4543-AE07-89F226709424}"= TCP:c:\program files\iWin Games\WebUpdater.exe:iWin Games updater.
"{9290E9F9-75DB-49A3-A837-EBE9645C69A7}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{1AC5630E-D661-42ED-A81A-464C322E5260}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{4FC0EF40-4F6F-44ED-B13E-D35A9DE9903F}"= c:\program files\HP\Digital Imaging\bin\hpqpse.exe:hpqpse.exe
"{389E1867-BB5A-425D-8A53-051D261D97B2}"= c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe:hpqphotocrm.exe
"{5A15AEB4-8D6A-4A45-90A6-22DF4C342494}"= c:\program files\HP\Digital Imaging\bin\hpqsudi.exe:hpqsudi.exe
"{91A9169C-D0A7-46DE-8662-0355F72A43E6}"= c:\program files\HP\Digital Imaging\bin\hpqpsapp.exe:hpqpsapp.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R1 F-Secure HIPS;F-Secure HIPS;c:\program files\COGECO Security Services\HIPS\fshs.sys [2008-05-21 41184]
R1 FSES;F-Secure Email Scanning Driver;c:\windows\System32\drivers\fses.sys [2008-05-21 36616]
R1 FSFW;F-Secure Firewall Driver;c:\windows\System32\drivers\fsdfw.sys [2008-05-21 60064]
R1 fsvista;F-Secure Vista Support Driver;c:\program files\COGECO Security Services\Anti-Virus\minifilter\fsvista.sys [2008-05-21 14760]
R1 is-I1JG4drv;is-I1JG4drv;c:\windows\System32\drivers\41717604.sys [2009-01-20 148496]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\COGECO Security Services\Anti-Virus\minifilter\fsgk.sys [2008-05-21 63912]
S3 ute0mjux;AVZ Kernel Driver;c:\windows\System32\drivers\ute0mjux.sys [2009-01-20 7168]
S4 F-Secure Filter;F-Secure File System Filter;c:\program files\COGECO Security Services\Anti-Virus\win2k\fsfilter.sys [2008-05-21 41640]
S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\COGECO Security Services\Anti-Virus\win2k\fsrec.sys [2008-05-21 27048]

--- Other Services/Drivers In Memory ---

*Deregistered* - sptd

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder

2009-01-21 c:\windows\Tasks\Scheduled scanning task.job
- c:\progra~1\COGECO~1\ANTI-V~1\fsav.exe [2008-02-13 05:38]
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-HP Health Check Scheduler - [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
LSP: c:\program files\COGECO Security Services\FSPS\program\fslsp.dll
DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} - hxxp://design-concept.ca/Core/Player/2020PlayerAX_Win32.cab
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-20 21:12:29
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(836)
c:\program files\COGECO Security Services\FWES\Program\fsdc.dll

- - - - - - - > 'lsass.exe'(724)
c:\program files\COGECO Security Services\FWES\Program\fsdc.dll

- - - - - - - > 'Explorer.exe'(4324)
c:\program files\COGECO Security Services\Spam Control\fsscoepl.dll
c:\program files\Hewlett-Packard\HP Advisor\Pillars\Market\MLDeskBand.dll
c:\program files\iTunes\iTunesMiniPlayer.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\en.lproj\iTunesMiniPlayerLocalized.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\iTunesMiniPlayer.dll

- - - - - - - > 'csrss.exe'(624)
c:\program files\COGECO Security Services\FWES\Program\fsdc.dll

- - - - - - - > 'csrss.exe'(680)
c:\program files\COGECO Security Services\FWES\Program\fsdc.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\audiodg.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\COGECO Security Services\Anti-Virus\fsgk32st.exe
c:\program files\COGECO Security Services\Anti-Virus\fsgk32.exe
c:\program files\COGECO Security Services\Common\FSMA32.EXE
c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\COGECO Security Services\Common\FSMB32.EXE
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\COGECO Security Services\Common\FCH32.EXE
c:\program files\COGECO Security Services\Anti-Virus\fsqh.exe
c:\program files\COGECO Security Services\Common\FAMEH32.EXE
c:\program files\COGECO Security Services\FSPC\fspc.exe
c:\windows\System32\drivers\XAudio.exe
c:\program files\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\program files\COGECO Security Services\FSAUA\program\fsaua.exe
c:\program files\COGECO Security Services\Anti-Virus\fssm32.exe
c:\program files\COGECO Security Services\FWES\program\fsdfwd.exe
c:\program files\COGECO Security Services\FSAUA\program\fsus.exe
c:\windows\System32\conime.exe
c:\windows\System32\igfxsrvc.exe
c:\program files\COGECO Security Services\FSGUI\fsguidll.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Apoint2K\ApMsgFwd.exe
c:\combofix\hidec.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Apoint2K\ApntEx.exe
c:\program files\COGECO Security Services\Anti-Virus\fsav32.exe
c:\program files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
c:\combofix\Catchme.tmp
.
**************************************************************************
.
Completion time: 2009-01-20 21:22:16 - machine was rebooted
ComboFix-quarantined-files.txt 2009-01-21 02:20:28

Pre-Run: 74,783,678,464 bytes free
Post-Run: 74,822,963,200 bytes free

280 --- E O F --- 2009-01-20 13:43:59

Will reply again with a new HiJackthis for you.
  • 0

Advertisements

#11
imralphy
Posted 20 January 2009 - 08:31 PM

imralphy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Here is the latest hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:53:44 AM, on 13/01/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files\COGECO Security Services\Common\FSM32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Brownie\BrStsWnd.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\mobsync.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\DAEMON Tools Pro\DTProAgent.exe
C:\Windows\ehome\ehmsas.exe
C:\ProgramData\iWin Games\DesktopAlerts\DesktopAlerts.exe
C:\Program Files\Brownie\Brnipmon.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\COGECO Security Services\FSGUI\fsguidll.exe
C:\Windows\system32\Taskmgr.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10a.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...o&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\COGECO Security Services\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\COGECO Security Services\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BrStsWnd] C:\Program Files\Brownie\BrstsWnd.exe Autorun
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: iWin Desktop Alerts.lnk = C:\ProgramData\iWin Games\DesktopAlerts\DesktopAlerts.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\COGECO Security Services\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\COGECO Security Services\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\COGECO Security Services\FSPC\fspcmsie.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onec...S/wlscctrl2.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\COGECO Security Services\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\COGECO Security Services\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\COGECO Security Services\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\COGECO Security Services\Common\FSMA32.EXE
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: iWinGamesInstaller - iWin Inc. - C:\Program Files\iWin Games\iWinGamesInstaller.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 8951 bytes
  • 0

#12
handhfan
Posted 20 January 2009 - 11:25 PM

handhfan

    Trusted Helper

  • Expert
  • 13,659 posts
1. Please open Notepad
  • Click Start , then Run
  • Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

KillAll::

Driver::
is-I1JG4drv

File::
c:\windows\System32\drivers\41717604.sys
c:\windows\System32\drivers\ute0mjux.sys
c:\windows\hpqins13.dat.temp

Folder::
c:\programdata\is-I1JG4
c:\users\All Users\is-I1JG4
c:\users\All Users\is-ISB0U
c:\programdata\is-ISB0U
c:\program files\iWin.com
c:\program files\iWin Games



3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


After reboot, (in case it asks to reboot), please download OTScanIt2.exe to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt2 on your desktop.
  • Open the OTScanIt2 folder and double-click on OTScanIt.exe to start the program. Make sure you close all other programs and don't use the PC while the scan runs.
  • Under File Age at the top, change it from 30 days to 90 days
  • Under Additional Scans check the boxes beside the following:

    Reg - App Paths
    Reg - ColumnHandlers
    Reg - Desktop Components
    Reg - Disabled MS Config Items
    Reg - File Associations
    Reg - NetSvcs
    Reg - Protocol Filters
    Reg - Protocol Handlers
    Reg - SafeBoot Minimal
    Reg - SafeBoot Network
    Reg - Session Manager Settings
    Reg - Winsock2 Catalogs
    File - Lop Check
    File - Purity Scan
    Files - Signature Check
    Evnt - EventViewer Logs ( Last 10 Errors)

  • Under Rootkit Search change it to Yes.
  • Under the Custom Scans box at the bottom left paste the following in:

    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg
    %systemroot%\Prefetch\*.* /s
    %systemroot%\system32\drivers\*.dat
    %systemroot%\system32\*aef
    %systemroot%\system32\drivers\*aef
    %systemroot%\Temp\bca4e2da.$$$
    %systemroot%\Temp\ed47fa.$
    %systemroot%\Temp\fa56d7ec.$$$
    %systemroot%\Temp\*.$$$
    %systemroot%\System32\antiwpa.dll
    %systemroot%\SYSTEM32\wpa.dll
    %System%\AcroIeHelpe.dll
    %SYSTEMDRIVE%\*.epk
    %systemroot%\*.epk
    %systemroot%\system32\*.epk
    %systemroot%\system32\bb*.dat
    %systemroot%\system32\cookie*.dat
    %systemroot%\system32\kaxs.dat
    %systemroot%\system32\ps*.dat
    %systemroot%\system32\*32.sys
    %systemroot%\*.dr
    %SYSTEMDRIVE%\*.dr
    %systemroot%\system32\*.dr
    %systemroot%\system32\nods32.dll
    %systemroot%\*.res
    %SYSTEMDRIVE%\*.res
    %systemroot%\system32\*.res
    %systemroot%\system32\sockins32.dll
    %systemroot%\system32\Spool\*.*
    %systemroot%\system32\Spool\*.exe
    %systemroot%\system32\Spool\*.rar /s
    %systemroot%\system32\Spool\*.zip /s
    %systemroot%\system32\Spool\*.dat /s
    %ProgramFiles%\MSN Messenger\*.zip
    %ProgramFiles%\MSN Messenger\*.exe
    %ProgramFiles%\MSN Messenger\*.rar.
    %SYSTEMDRIVE%\*.zip
    %SYSTEMDRIVE%\*.rar
    %SYSTEMDRIVE%\*.exe
    %SYSTEMDRIVE%\*.dll
    %systemroot%\*.zip
    %systemroot%\*.rar
    %systemroot%\system32\*.zip
    %systemroot%\system32\*.rar
    %PROGRAMFILES%\*.*
    %DESKTOP%\*.zip
    %DESKTOP%\*.rar
    %DESKTOP%\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %PROGRAMFILES%\Common Files\*bak*.
    %systemroot%\SYSTEM32\*bak*.
    %PROGRAMFILES%\*bak*.
    %systemroot%\ime\imjp8_1\*bak*.
    %PROGRAMFILES%\QuickTime\*bak*.
    %PROGRAMFILES%\Viewpoint\Viewpoint Manager\*bak*.
    %PROGRAMFILES%\Analog Devices\Core\*bak*.
    %SYSTEMDRIVE%\hp\KBD\*bak*.
    %PROGRAMFILES%\Adobe\Photoshop Album Starter Edition\3.2\Apps\*bak*.
    %PROGRAMFILES%\BillP Studios\WinPatrol\*bak*.
    %PROGRAMFILES%\BroadJump\Client Foundation\*bak*.
    %PROGRAMFILES%\Common Files\Real\Update_OB\*bak*.
    %PROGRAMFILES%\Common Files\Sonic\Update Manager\*bak*.
    %PROGRAMFILES%\\Google\GoogleToolbarNotifier\*bak*.
    %PROGRAMFILES%\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\*bak*.
    %PROGRAMFILES%\Yahoo!\Messenger\*bak*.
    %USERNAME%\*.zip
    %USERNAME%\*.rar
    %USERNAME%\*.exe
    %USERPROFILE%\*.zip
    %USERPROFILE%\*.rar
    %USERPROFILE%\*.exe
    %ALLUSERSPROFILE%\*.zip
    %ALLUSERSPROFILE%\*.rar
    %ALLUSERSPROFILE%\*.exe
    %APPDATA%\*.zip
    %APPDATA%\*.rar
    %APPDATA%\*.exe
    %ALLUSERSSTARTMENU%\*.zip
    %ALLUSERSSTARTMENU%\*.rar
    %ALLUSERSSTARTMENU%\*.exe
    %ALLUSERSSTARTUP%\*.zip
    %ALLUSERSSTARTUP%\*.rar
    %ALLUSERSSTARTUP%\*.exe
    %ALLUSERSPROGRAMS%\*.zip
    %ALLUSERSPROGRAMS%\*.rar
    %ALLUSERSPROGRAMS%\*.exe
    %ALLUSERSAPPDATA%\*.zip
    %ALLUSERSAPPDATA%\*.rar
    %ALLUSERSAPPDATA%\*.exe
    %APPDATA%\*.zip
    %APPDATA%\*.rar
    %APPDATA%\*.exe
    %APPDATA%\*.dat
    %APPDATA%\*.dll
    %QUICKLAUNCH%\*.zip
    %QUICKLAUNCH%\*.rar
    %QUICKLAUNCH%\*.exe
    %STARTUP%\*.zip
    %STARTUP%\*.rar
    %STARTUP%\*.exe
    %STARTMENU%\*.zip
    %STARTMENU%\*.rar
    %STARTMENU%\*.exe
    %MYDOCUMENTS%\*.zip
    %MYDOCUMENTS%\*.rar
    %MYDOCUMENTS%\*.exe
    %MYDOCUMENTS%\*crack*.
    %MYDOCUMENTS%\*keygen*.
    %PROGRAMFILES%\Mozilla Firefox\plugins\*.*
    %PROGRAMFILES%\Internet Explorer\*.*
    %PROGRAMFILES%\Internet Explorer\PLUGINS\*.*
    %PROGRAMFILES%\Mozilla Firefox\*.zip /s
    %PROGRAMFILES%\Mozilla Firefox\*.rar /s
    %PROGRAMFILES%\Mozilla Firefox\*.exe /s
    %PROGRAMFILES%\Internet Explorer\*.zip /s
    %PROGRAMFILES%\Internet Explorer\*.rar /s
    %PROGRAMFILES%\Internet Explorer\*.exe /s
    %SYSTEMDRIVE%\*.dat
    %SYSTEMDRIVE%\*.sys
    %SYSTEMROOT%\*.dat
    %SYSTEMROOT%\*.sys
    %systemroot%\system32\drivers\*.exe /s
    %systemroot%\system32\drivers\*.zip /s
    %systemroot%\system32\drivers\*.rar /s
    %systemroot%\system\*.exe /s
    %systemroot%\system\*.zip /s
    %systemroot%\system\*.rar /s
    %systemroot%\AppPatch\*.exe /s
    %systemroot%\AppPatch\*.zip /s
    %systemroot%\AppPatch\*.rar /s
    %systemroot%\Cache\*.*
    %systemroot%\Downloaded Program Files\*.*
    %systemroot%\Fonts\*.exe /s
    %systemroot%\Fonts\*.zip /s
    %systemroot%\Fonts\*.rar /s
    %systemroot%\Fonts\*.dll /s
    %systemroot%\Help\*.exe /s
    %systemroot%\Help\*.zip /s
    %systemroot%\Help\*.rar /s
    %systemroot%\Tasks\*.*
    %APPDATA%\*.sys
    %APPDATA%\Google\*.*
    %systemroot%\system32\serauth1.dll
    %systemroot%\system32\serauth2.dll
    %systemroot%\system32\sysaudio.sys
    %systemroot%\system32\wdmaud.sys
    %PROGRAMFILES%\*TinyProxy*.
    HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla|extensions /rs
    %systemroot%\system32\inf\*.exe /s
    %systemroot%\system32\inf\*.zip /s
    %systemroot%\system32\inf\*.rar /s
    %systemroot%\system32\inf\*.dll /s
    %APPDATA%\Opera\Opera\profile\widgets\*.*
    %PROGRAMFILES%\Opera\program\plugins\*.* /s
    %APPDATA%\Opera\Opera\profile\toolbar\*.* /s
    %systemroot%\Web\*.exe /s
    %systemroot%\Web\*.dat /s
    %systemroot%\Web\*.dll /s
    %systemroot%\Web\*.sys /s
    %systemroot%\Web\*.zip /s
    %systemroot%\Web\*.rar /s
    %systemroot%\Wbem\*.exe /s
    %systemroot%\Wbem\*.rar /s
    %systemroot%\Wbem\*.zip /s
    %systemroot%\Wbem\*.dll /s
    %systemroot%\Wbem\*.sys /s
    %systemroot%\Wbem\*.dat /s
    %systemroot%\twain_32\*.exe
    %systemroot%\twain_32\*.dat
    %systemroot%\twain_32\*.dll
    %systemroot%\twain_32\*.sys /s
    %systemroot%\twain_32\*.zip /s
    %systemroot%\twain_32\*.rar /s
    %systemroot%\system\*.sys /s
    %systemroot%\system\*.dat /s
    %systemroot%\WinSxS\*.exe /s
    %systemroot%\WinSxS\*.dat /s
    %systemroot%\WinSxS\*.sys /s
    %systemroot%\WinSxS\*.zip /s
    %systemroot%\WinSxS\*.rar /s
    %systemroot%\Sun\*.dll /s
    %systemroot%\Sun\*.rar /s
    %systemroot%\Sun\*.zip /s
    %systemroot%\Sun\*.exe /s
    %systemroot%\Sun\*.sys /s
    %systemroot%\Sun\*.dat /s
    %systemroot%\srchasst\*.rar /s
    %systemroot%\srchasst\*.zip /s
    %systemroot%\srchasst\*.exe /s
    %systemroot%\srchasst\*.dat /s
    %systemroot%\srchasst\*.sys /s
    %systemroot%\Shellnew\*.rar /s
    %systemroot%\Shellnew\*.zip /s
    %systemroot%\Shellnew\*.dat /s
    %systemroot%\Shellnew\*.exe /s
    %systemroot%\Shellnew\*.sys /s
    %systemroot%\Shellnew\*.dll /s
    %systemroot%\Security\*.rar /s
    %systemroot%\Security\*.zip /s
    %systemroot%\Security\*.dat /s
    %systemroot%\Security\*.exe /s
    %systemroot%\Security\*.sys /s
    %systemroot%\Security\*.dll /s
    %systemroot%\Resources\*.rar /s
    %systemroot%\Resources\*.zip /s
    %systemroot%\Resources\*.dat /s
    %systemroot%\Resources\*.exe /s
    %systemroot%\Resources\*.sys /s
    %systemroot%\Repair\*.sys /s
    %systemroot%\Repair\*.exe /s
    %systemroot%\Repair\*.dll /s
    %systemroot%\Repair\*.zip /s
    %systemroot%\Repair\*.rar /s
    %systemroot%\Registration\*.exe /s
    %systemroot%\Registration\*.dat /s
    %systemroot%\Registration\*.zip /s
    %systemroot%\Registration\*.rar /s
    %systemroot%\Registration\*.dll /s
    %systemroot%\Registration\*.sys /s
    %systemroot%\RegisteredPackages\*.rar /s
    %systemroot%\RegisteredPackages\*.zip /s
    %systemroot%\pss\*.rar /s
    %systemroot%\pss\*.zip /s
    %systemroot%\pss\*.exe /s
    %systemroot%\pss\*.dll /s
    %systemroot%\pss\*.dat /s
    %systemroot%\pss\*.sys /s
    %systemroot%\Provisioning\*.rar /s
    %systemroot%\Provisioning\*.zip /s
    %systemroot%\Provisioning\*.exe /s
    %systemroot%\Provisioning\*.sys /s
    %systemroot%\Provisioning\*.dat /s
    %systemroot%\Provisioning\*.dll /s
    %systemroot%\PIF\*.*
    %systemroot%\PeerNet\*.rar /s
    %systemroot%\PeerNet\*.zip /s
    %systemroot%\PeerNet\*.dat /s
    %systemroot%\PeerNet\*.sys /s
    %systemroot%\PeerNet\*.exe /s
    %systemroot%\PcTel\*.rar /s
    %systemroot%\PcTel\*.zip /s
    %systemroot%\Offline Web Pages\*.exe /s
    %systemroot%\Offline Web Pages\*.zip /s
    %systemroot%\Offline Web Pages\*.rar /s
    %systemroot%\Offline Web Pages\*.sys /s
    %systemroot%\Offline Web Pages\*.dat /s
    %systemroot%\network diagnostic\*.sys /s
    %systemroot%\network diagnostic\*.rar /s
    %systemroot%\network diagnostic\*.zip /s
    %systemroot%\network diagnostic\*.dat /s
    %systemroot%\mui\*.*
    %systemroot%\msapps\*.*
    %systemroot%\msagent\*.zip /s
    %systemroot%\msagent\*.rar /s
    %systemroot%\msagent\*.sys /s
    %systemroot%\msagent\*.dat /s
    %systemroot%\minidump\*.*
    %systemroot%\media\*.sys /s
    %systemroot%\media\*.dat /s
    %systemroot%\media\*.rar /s
    %systemroot%\media\*.zip /s
    %systemroot%\media\*.exe /s
    %systemroot%\media\*.dll /s
    %systemroot%\Help\*.sys /s
    %systemroot%\Help\*.dat /s
    %systemroot%\ie7\*.sys /s
    %systemroot%\ie7\*.zip /s
    %systemroot%\ie7\*.rar /s
    %systemroot%\ie7\*.dat /s
    %systemroot%\ie7updates\*.sys /s
    %systemroot%\ie7updates\*.zip /s
    %systemroot%\ie7updates\*.rar /s
    %systemroot%\ime\*.sys /s
    %systemroot%\ime\*.zip /s
    %systemroot%\ime\*.rar /s
    %systemroot%\inf\*.sys /s
    %systemroot%\inf\*.dat /s
    %systemroot%\installer\*.sys /s
    %systemroot%\installer\*.zip /s
    %systemroot%\installer\*.rar /s
    %systemroot%\installer\*.dat /s
    %systemroot%\internet logs\*.sys /s
    %systemroot%\Cursors\*.rar /s
    %systemroot%\Cursors\*.sys /s
    %systemroot%\Cursors\*.exe /s
    %systemroot%\Cursors\*.dat /s
    %systemroot%\Cursors\*.zip /s
    %systemroot%\Cursors\*.vbs /s
    %systemroot%\Cursors\*.dll /s
    %systemroot%\Config\*.*
    %systemroot%\Config\*.rar /s
    %systemroot%\Config\*.sys /s
    %systemroot%\Config\*.exe /s
    %systemroot%\Config\*.dat /s
    %systemroot%\internet logs\*.dat /s
    %systemroot%\Assembly\*sys /s
    %systemroot%\Assembly\*.rar /s
    %systemroot%\internet logs\*.rar /s
    %systemroot%\AppPatch\*.sys
    %systemroot%\AppPatch\*.dat
    %systemroot%\internet logs\*.zip /s
    %systemroot%\internet logs\*.exe /s
    %systemroot%\internet logs\*.dll /s
    %systemroot%\l2schemas\*.sys /s
    %systemroot%\l2schemas\*.dat /s
    %systemroot%\l2schemas\*.rar /s
    %systemroot%\l2schemas\*.zip /s
    %systemroot%\l2schemas\*.exe /s
    %systemroot%\l2schemas\*.dll /s
    %systemroot%\Fonts\*.dat /s
    %systemroot%\Fonts\*.sys /s
    %systemroot%\Debug\*.rar /s
    %systemroot%\Debug\*.sys /s
    %systemroot%\Debug\*.exe /s
    %systemroot%\Debug\*.dat /s
    %systemroot%\Debug\*.zip /s
    %systemroot%\Debug\*.dll /s
    %systemroot%\ehome\*.dll /s
    %systemroot%\ehome\*.sys /s
    %systemroot%\ehome\*.rar /s
    %systemroot%\ehome\*.dat /s
    %systemroot%\ehome\*.zip /s
    %systemroot%\Connection Wizard\*.dat /s
    %systemroot%\Connection Wizard\*.exe /s
    %systemroot%\Connection Wizard\*.sys /s
    %systemroot%\Connection Wizard\*.rar /s
    %systemroot%\Connection Wizard\*.zip /s
    %systemroot%\Connection Wizard\*.*
    %systemroot%\system32\1025\*.*
    %systemroot%\system32\1028\*.*
    %systemroot%\system32\1031\*.*
    %systemroot%\system32\1033\*.exe
    %systemroot%\system32\1033\*.sys
    %systemroot%\system32\1033\*.zip
    %systemroot%\system32\1033\*.rar
    %systemroot%\system32\1033\*.dat
    %systemroot%\system32\1037\*.*
    %systemroot%\system32\1041\*.*
    %systemroot%\system32\1042\*.*
    %systemroot%\system32\1054\*.*
    %systemroot%\system32\2052\*.*
    %systemroot%\system32\3076\*.*
    %systemroot%\system32\appmgmt\*.exe /s
    %systemroot%\system32\appmgmt\*.sys /s
    %systemroot%\system32\appmgmt\*.dll /s
    %systemroot%\system32\appmgmt\*.dat /s
    %systemroot%\system32\appmgmt\*.zip /s
    %systemroot%\system32\appmgmt\*.rar /s
    %systemroot%\system32\bits\*.rar /s
    %systemroot%\system32\bits\*.zip /s
    %systemroot%\system32\bits\*.exe /s
    %systemroot%\system32\bits\*.dat /s
    %systemroot%\system32\bits\*.sys /s
    %systemroot%\system32\catroot\*.rar /s
    %systemroot%\system32\catroot\*.zip /s
    %systemroot%\system32\catroot\*.dll /s
    %systemroot%\system32\catroot\*.sys /s
    %systemroot%\system32\catroot\*.exe /s
    %systemroot%\system32\catroot\*.dat /s
    %systemroot%\system32\catroot2\*.rar /s
    %systemroot%\system32\catroot2\*.zip /s
    %systemroot%\system32\catroot2\*.exe /s
    %systemroot%\system32\catroot2\*.dat /s
    %systemroot%\system32\catroot2\*.dll /s
    %systemroot%\system32\catroot2\*.sys /s
    %systemroot%\system32\com\*.sys /s
    %systemroot%\system32\com\*.zip /s
    %systemroot%\system32\com\*.rar /s
    %systemroot%\system32\config\*.rar /s
    %systemroot%\system32\config\*.zip /s
    %systemroot%\system32\config\*.sys /s
    %systemroot%\system32\config\*.dll /s
    %systemroot%\system32\config\*.exe /s
    %systemroot%\system32\dhcp\*.*
    %systemroot%\system32\DirectX\*.rar /s
    %systemroot%\system32\DirectX\*.zip /s
    %systemroot%\system32\DirectX\*.sys /s
    %systemroot%\system32\DirectX\*.dll /s
    %systemroot%\system32\DirectX\*.exe /s
    %systemroot%\system32\DirectX\*.dat /s
    %systemroot%\system32\Dllcache\*.zip /s
    %systemroot%\system32\Dllcache\*.rar /s
    %systemroot%\system32\drivers\*.dat
    %systemroot%\system32\drivers\*.exe /s
    %systemroot%\system32\drivers\*.zip /s
    %systemroot%\system32\drivers\*.rar /s
    %systemroot%\system32\drvstore\*.dat
    %systemroot%\system32\drvstore\*.exe /s
    %systemroot%\system32\drvstore\*.zip /s
    %systemroot%\system32\drvstore\*.rar /s
    %systemroot%\system32\en\*.dat /s
    %systemroot%\system32\en\*.exe /s
    %systemroot%\system32\en\*.zip /s
    %systemroot%\system32\en\*.rar /s
    %systemroot%\system32\en\*.sys /s
    %systemroot%\system32\en\*.sys /s
    %systemroot%\system32\en\*.dat /s
    %systemroot%\system32\en-us\*.exe /s
    %systemroot%\system32\en-us\*.zip /s
    %systemroot%\system32\en-us\*.rar /s
    %systemroot%\system32\en-us\*.dll /s
    %systemroot%\system32\export\*.*
    %systemroot%\system32\GroupPolicy\*.sys /s
    %systemroot%\system32\GroupPolicy\*.dat /s
    %systemroot%\system32\GroupPolicy\*.exe /s
    %systemroot%\system32\GroupPolicy\*.zip /s
    %systemroot%\system32\GroupPolicy\*.rar /s
    %systemroot%\system32\GroupPolicy\*.dll /s
    %systemroot%\system32\ias\*.sys /s
    %systemroot%\system32\ias\*.dat /s
    %systemroot%\system32\ias\*.exe /s
    %systemroot%\system32\ias\*.zip /s
    %systemroot%\system32\ias\*.rar /s
    %systemroot%\system32\ias\*.dll /s
    %systemroot%\system32\icsxml\*.sys /s
    %systemroot%\system32\icsxml\*.dat /s
    %systemroot%\system32\icsxml\*.exe /s
    %systemroot%\system32\icsxml\*.zip /s
    %systemroot%\system32\icsxml\*.rar /s
    %systemroot%\system32\icsxml\*.dll /s
    %systemroot%\system32\ime\*.sys /s
    %systemroot%\system32\ime\*.dat /s
    %systemroot%\system32\ime\*.zip /s
    %systemroot%\system32\ime\*.rar /s
    %systemroot%\system32\inetsrv\*.sys /s
    %systemroot%\system32\inetsrv\*.dat /s
    %systemroot%\system32\inetsrv\*.exe /s
    %systemroot%\system32\inetsrv\*.zip /s
    %systemroot%\system32\inetsrv\*.rar /s
    %systemroot%\system32\LogFiles\*.sys /s
    %systemroot%\system32\LogFiles\*.dat /s
    %systemroot%\system32\LogFiles\*.exe /s
    %systemroot%\system32\LogFiles\*.zip /s
    %systemroot%\system32\LogFiles\*.rar /s
    %systemroot%\system32\LogFiles\*.dll /s
    %systemroot%\system32\Macromed\*.sys /s
    %systemroot%\system32\Macromed\*.dat /s
    %systemroot%\system32\Macromed\*.zip /s
    %systemroot%\system32\Macromed\*.rar /s
    %systemroot%\system32\Microsoft\*.sys /s
    %systemroot%\system32\Microsoft\*.dat /s
    %systemroot%\system32\Microsoft\*.exe /s
    %systemroot%\system32\Microsoft\*.zip /s
    %systemroot%\system32\Microsoft\*.rar /s
    %systemroot%\system32\Microsoft\*.dll /s
    %systemroot%\system32\Msdtc\*.sys /s
    %systemroot%\system32\Msdtc\*.dat /s
    %systemroot%\system32\Msdtc\*.exe /s
    %systemroot%\system32\Msdtc\*.zip /s
    %systemroot%\system32\Msdtc\*.rar /s
    %systemroot%\system32\Msdtc\*.dll /s
    %systemroot%\system32\Mui\*.sys /s
    %systemroot%\system32\Mui\*.dat /s
    %systemroot%\system32\Mui\*.exe /s
    %systemroot%\system32\Mui\*.zip /s
    %systemroot%\system32\Mui\*.rar /s
    %systemroot%\system32\npp\*.sys /s
    %systemroot%\system32\npp\*.dat /s
    %systemroot%\system32\npp\*.zip /s
    %systemroot%\system32\npp\*.rar /s
    %systemroot%\system32\NtMsData\*.sys /s
    %systemroot%\system32\NtMsData\*.dat /s
    %systemroot%\system32\NtMsData\*.exe /s
    %systemroot%\system32\NtMsData\*.zip /s
    %systemroot%\system32\NtMsData\*.rar /s
    %systemroot%\system32\NtMsData\*.dll /s
    %systemroot%\system32\oobe\*.sys /s
    %systemroot%\system32\oobe\*.dat /s
    %systemroot%\system32\oobe\*.zip /s
    %systemroot%\system32\oobe\*.rar /s
    %systemroot%\system32\PreInstall\*.sys /s
    %systemroot%\system32\PreInstall\*.dat /s
    %systemroot%\system32\PreInstall\*.exe /s
    %systemroot%\system32\PreInstall\*.zip /s
    %systemroot%\system32\PreInstall\*.rar /s
    %systemroot%\system32\PreInstall\*.dll /s
    %systemroot%\system32\ras\*.sys /s
    %systemroot%\system32\ras\*.dat /s
    %systemroot%\system32\ras\*.exe /s
    %systemroot%\system32\ras\*.zip /s
    %systemroot%\system32\ras\*.rar /s
    %systemroot%\system32\ras\*.dll /s
    %systemroot%\system32\ReInstallBackups\*.dat /s
    %systemroot%\system32\ReInstallBackups\*.zip /s
    %systemroot%\system32\ReInstallBackups\*.rar /s
    %systemroot%\system32\Restore\*.sys /s
    %systemroot%\system32\Restore\*.zip /s
    %systemroot%\system32\Restore\*.rar /s
    %systemroot%\system32\Restore\*.dll /s
    %systemroot%\system32\Scripting\*.sys /s
    %systemroot%\system32\Scripting\*.dat /s
    %systemroot%\system32\Scripting\*.exe /s
    %systemroot%\system32\Scripting\*.zip /s
    %systemroot%\system32\Scripting\*.rar /s
    %systemroot%\system32\Scripting\*.dll /s
    %systemroot%\system32\Setup\*.sys /s
    %systemroot%\system32\Setup\*.dat /s
    %systemroot%\system32\Setup\*.exe /s
    %systemroot%\system32\Setup\*.zip /s
    %systemroot%\system32\Setup\*.rar /s
    %systemroot%\system32\ShellExt\*.*
    %systemroot%\system32\SoftwareDistribution\*.sys /s
    %systemroot%\system32\SoftwareDistribution\*.dat /s
    %systemroot%\system32\SoftwareDistribution\*.exe /s
    %systemroot%\system32\SoftwareDistribution\*.zip /s
    %systemroot%\system32\SoftwareDistribution\*.rar /s
    %systemroot%\system32\URTTEmp\*.sys /s
    %systemroot%\system32\URTTEmp\*.dat /s
    %systemroot%\system32\URTTEmp\*.zip /s
    %systemroot%\system32\URTTEmp\*.rar /s
    %systemroot%\system32\USMT\*.sys /s
    %systemroot%\system32\USMT\*.dat /s
    %systemroot%\system32\USMT\*.zip /s
    %systemroot%\system32\USMT\*.rar /s
    %systemroot%\system32\Wbem\*.sys /s
    %systemroot%\system32\Wbem\*.zip /s
    %systemroot%\system32\Wbem\*.rar /s
    %systemroot%\system32\Wins\*.*
    %systemroot%\system32\Xircom\*.*
    %systemroot%\system32\XPSViewer\*.sys /s
    %systemroot%\system32\XPSViewer\*.dat /s
    %systemroot%\system32\XPSViewer\*.zip /s
    %systemroot%\system32\XPSViewer\*.rar /s
    %systemroot%\system32\XPSViewer\*.dll /s
    %COMMONPROGRAMFILES%\*.sys /s
    %COMMONPROGRAMFILES%\*.zip /s
    %COMMONPROGRAMFILES%\*.rar /s
    %COMMONPROGRAMFILES%\*.*

  • Now click the Run Scan button on the toolbar. Make sure not to use the PC while the program is running or it will freeze.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.


Use the Add Reply button and post the information back here in an attachment. I will review it when it comes in. The last line is < End of Report >, so make sure that is the last line in the attached report.


Make sure you attach the report in your reply. If it is too big to upload, then zip the text file and upload it that way.

Please post the ComboFix log, a new HijackThis log, and (attach) the OTScanIt2 log in your next reply.

Edited by handhfan, 20 January 2009 - 11:25 PM.

  • 0

#13
imralphy
Posted 21 January 2009 - 08:07 AM

imralphy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Thanks

I ran combofix again and here is the log:

ComboFix 09-01-20.05 - Sandra 2009-01-21 7:50:27.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2037.1181 [GMT -5:00]
Running from: c:\users\Sandra\Desktop\ComboFix.exe
Command switches used :: c:\users\Sandra\Desktop\CFScript.txt
AV: COGECO Security Services 7.03 *On-access scanning disabled* (Updated)
FW: COGECO Security Services 7.03 *disabled*
* Created a new restore point

FILE ::
c:\windows\hpqins13.dat.temp
c:\windows\System32\drivers\41717604.sys
c:\windows\System32\drivers\ute0mjux.sys
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\iWin Games
c:\program files\iWin Games\AdminWorker.exe
c:\program files\iWin Games\firefox\chrome\iwinarcade.jar
c:\program files\iWin Games\firefox\install.rdf
c:\program files\iWin Games\firefox\version
c:\program files\iWin Games\ftdownload.dat
c:\program files\iWin Games\host.cfg
c:\program files\iWin Games\iWinGames.exe
c:\program files\iWin Games\iWinGamesInstaller.exe
c:\program files\iWin Games\pages\alert32x32.gif
c:\program files\iWin Games\pages\arcadeCheck.js
c:\program files\iWin Games\pages\blank.html
c:\program files\iWin Games\pages\blank2.html
c:\program files\iWin Games\pages\error.html
c:\program files\iWin Games\pages\iwin_logo.gif
c:\program files\iWin Games\pages\login.html
c:\program files\iWin Games\pages\maintenance.html
c:\program files\iWin Games\pages\offline_tag.gif
c:\program files\iWin Games\pages\offlineBg.gif
c:\program files\iWin Games\pages\test.html
c:\program files\iWin Games\sounds\animation.wav
c:\program files\iWin Games\sounds\animationBack.wav
c:\program files\iWin Games\sounds\button_click.wav
c:\program files\iWin Games\sounds\download_completed.wav
c:\program files\iWin Games\sounds\slidebackin.wav
c:\program files\iWin Games\sounds\slideout.wav
c:\program files\iWin Games\sounds\start.wav
c:\program files\iWin Games\Uninstall.exe
c:\program files\iWin Games\WebInstaller.exe
c:\program files\iWin Games\WebUpdater.bmp
c:\program files\iWin Games\WebUpdater.exe
c:\program files\iWin.com
c:\program files\iWin.com\Chocolatier 2\assets\assets.pfp
c:\program files\iWin.com\Chocolatier 2\assets\credits.txt
c:\program files\iWin.com\Chocolatier 2\assets\settings.xml
c:\program files\iWin.com\Chocolatier 2\assets\splash\distributor_logo.jpg
c:\program files\iWin.com\Chocolatier 2\assets\splash\playfirst_animated_logo.swf
c:\program files\iWin.com\Chocolatier 2\assets\strings.xml
c:\program files\iWin.com\Chocolatier 2\chocotwo.ifn
c:\program files\iWin.com\Chocolatier 2\ddraw.dll
c:\program files\iWin.com\Chocolatier 2\detours.dll
c:\program files\iWin.com\Chocolatier 2\EULA.txt
c:\program files\iWin.com\Chocolatier 2\GameLauncher.0xe
c:\program files\iWin.com\Chocolatier 2\gamepage\buynow.html
c:\program files\iWin.com\Chocolatier 2\gamepage\common.js
c:\program files\iWin.com\Chocolatier 2\gamepage\css\offline.css
c:\program files\iWin.com\Chocolatier 2\gamepage\end.html
c:\program files\iWin.com\Chocolatier 2\gamepage\expired.html
c:\program files\iWin.com\Chocolatier 2\gamepage\images\alert32x32.gif
c:\program files\iWin.com\Chocolatier 2\gamepage\images\bg_header.gif
c:\program files\iWin.com\Chocolatier 2\gamepage\images\continuefreetrial-32.gif
c:\program files\iWin.com\Chocolatier 2\gamepage\images\logo.jpg
c:\program files\iWin.com\Chocolatier 2\gamepage\images\product\feature.jpg
c:\program files\iWin.com\Chocolatier 2\gamepage\open.html
c:\program files\iWin.com\Chocolatier 2\gamepage\operationfailed.html
c:\program files\iWin.com\Chocolatier 2\gamepage\success.html
c:\program files\iWin.com\Chocolatier 2\GameuxInstallHelper.dll
c:\program files\iWin.com\Chocolatier 2\gas.dll
c:\program files\iWin.com\Chocolatier 2\gas_game.zip
c:\program files\iWin.com\Chocolatier 2\gas_shared.zip
c:\program files\iWin.com\Chocolatier 2\glcfg.date
c:\program files\iWin.com\Chocolatier 2\GLWorker.exe
c:\program files\iWin.com\Chocolatier 2\icon.ico
c:\program files\iWin.com\Chocolatier 2\Microsoft.VC80.CRT.manifest
c:\program files\iWin.com\Chocolatier 2\msvcp80.dll
c:\program files\iWin.com\Chocolatier 2\msvcr80.dll
c:\program files\iWin.com\Chocolatier 2\readme.htm
c:\program files\iWin.com\Chocolatier 2\stdat.dat
c:\program files\iWin.com\Chocolatier 2\Uninstall.exe
c:\programdata\is-I1JG4
c:\programdata\is-I1JG4\~PRCustomProps#122.dat
c:\programdata\is-I1JG4\~PRObjects#122.dat
c:\programdata\is-ISB0U
c:\programdata\is-ISB0U\~PRCustomProps#122.dat
c:\programdata\is-ISB0U\~PRObjects#122.dat
c:\users\All Users\is-I1JG4\~PRCustomProps#122.dat
c:\users\All Users\is-I1JG4\~PRObjects#122.dat
c:\users\All Users\is-ISB0U\~PRCustomProps#122.dat
c:\users\All Users\is-ISB0U\~PRObjects#122.dat
c:\windows\hpqins13.dat.temp
c:\windows\System32\drivers\ute0mjux.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_IS-I1JG4DRV


((((((((((((((((((((((((( Files Created from 2008-12-21 to 2009-01-21 )))))))))))))))))))))))))))))))
.

2009-01-20 18:13 . 2009-01-21 07:44 8,488,992 --ahs---- c:\windows\System32\drivers\fidbox.dat
2009-01-20 18:13 . 2009-01-21 07:44 100,556 --ahs---- c:\windows\System32\drivers\fidbox.idx
2009-01-19 17:35 . 2009-01-19 17:35 <DIR> d-------- C:\_OTMoveIt
2009-01-19 17:27 . 2009-01-19 17:26 410,984 --a------ c:\windows\System32\deploytk.dll
2009-01-18 09:07 . 2009-01-18 09:07 <DIR> d-------- c:\windows\System32\20-20 Technologies
2009-01-14 18:09 . 2008-12-15 21:42 288,768 --a------ c:\windows\System32\drivers\srv.sys
2009-01-13 14:51 . 2009-01-13 14:51 <DIR> dr------- c:\windows\System32\config\systemprofile\Searches
2009-01-13 14:51 . 2009-01-13 14:51 <DIR> dr------- c:\windows\System32\config\systemprofile\Saved Games
2009-01-13 14:51 . 2009-01-13 14:51 <DIR> dr------- c:\windows\System32\config\systemprofile\Links
2009-01-13 14:47 . 2009-01-14 09:19 <DIR> d-------- c:\users\Sandra\AppData\Roaming\Arcsoft
2009-01-13 14:47 . 2009-01-13 14:52 <DIR> d-------- c:\users\All Users\ArcSoft
2009-01-13 14:47 . 2009-01-13 14:52 <DIR> d-------- c:\programdata\ArcSoft
2009-01-13 14:46 . 2009-01-13 14:50 <DIR> d-------- c:\program files\Common Files\ArcSoft
2009-01-13 14:46 . 2009-01-13 14:46 <DIR> d-------- c:\program files\ArcSoft
2009-01-13 08:51 . 2009-01-13 08:51 <DIR> d-------- c:\program files\Trend Micro
2009-01-12 19:05 . 2009-01-12 19:05 <DIR> d-------- c:\users\Sandra\AppData\Roaming\Malwarebytes
2009-01-12 19:05 . 2009-01-12 19:05 <DIR> d-------- c:\users\All Users\Malwarebytes
2009-01-12 19:05 . 2009-01-12 19:05 <DIR> d-------- c:\programdata\Malwarebytes
2009-01-12 19:05 . 2009-01-12 19:05 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-12 19:05 . 2009-01-04 18:41 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2009-01-12 19:05 . 2009-01-04 18:41 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2009-01-11 20:01 . 2009-01-12 10:39 <DIR> d-------- c:\program files\Windows Live Safety Center
2008-12-22 11:20 . 2007-10-12 15:14 3,734,536 --a------ c:\windows\System32\d3dx9_36.dll
2008-12-22 11:18 . 2008-12-22 11:19 <DIR> d--h----- c:\windows\msdownld.tmp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-19 22:26 --------- d-----w c:\program files\Java
2009-01-15 13:19 --------- d-----w c:\program files\Windows Mail
2009-01-14 14:20 1,542 ----a-w c:\users\Sandra\AppData\Roaming\wklnhst.dat
2009-01-14 00:37 --------- d-----w c:\programdata\WildTangent
2009-01-14 00:36 --------- d---a-w c:\programdata\TEMP
2009-01-13 19:52 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-07 00:44 --------- d-----w c:\program files\Common Files\Adobe
2009-01-06 03:21 --------- d-----w c:\users\Sandra\AppData\Roaming\uTorrent
2008-12-22 23:20 --------- d-----w c:\users\Sandra\AppData\Roaming\F-Secure
2008-12-21 15:48 --------- d-----w c:\programdata\Microsoft Help
2008-12-19 21:26 --------- d-----w c:\program files\The Adventure Company
2008-12-19 13:12 --------- d-----w c:\program files\Nancy Drew
2008-12-07 14:55 --------- d-----w c:\programdata\Media Center Programs
2008-12-07 14:47 --------- d-----w c:\users\Sandra\AppData\Roaming\InstallShield
2008-12-07 13:21 --------- d-----w c:\users\Sandra\AppData\Roaming\DAEMON Tools Pro
2008-12-07 13:21 --------- d-----w c:\programdata\DAEMON Tools Pro
2008-12-07 13:16 --------- d-----w c:\program files\DAEMON Tools Pro
2008-12-07 04:02 685,816 ----a-w c:\windows\system32\drivers\sptd.sys
2008-12-07 03:35 --------- d-----w c:\users\Sandra\AppData\Roaming\CyberLink
2008-11-21 22:37 --------- d-----r c:\users\Sandra\AppData\Roaming\Brother
2008-11-21 20:21 --------- d-----w c:\program files\Brownie
2008-11-21 20:21 --------- d-----w c:\program files\Brother
2008-11-21 20:13 --------- d-----w c:\programdata\Brother
2008-11-01 03:44 541,696 ----a-w c:\windows\AppPatch\AcLayers.dll
2008-11-01 03:44 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll
2008-11-01 03:44 460,288 ----a-w c:\windows\AppPatch\AcSpecfc.dll
2008-11-01 03:44 2,154,496 ----a-w c:\windows\AppPatch\AcGenral.dll
2008-11-01 03:44 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll
2008-10-29 06:29 2,927,104 ----a-w c:\windows\explorer.exe
2008-07-21 13:12 174 --sha-w c:\program files\desktop.ini
.

((((((((((((((((((((((((((((( snapshot@2009-01-20_21.18.10.40 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-01-21 02:10:53 285,096 ----a-w c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2009-01-21 12:40:29 285,096 ----a-w c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2009-01-21 02:12:19 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2009-01-21 12:57:24 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2009-01-21 12:57:24 262,144 ---ha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2009-01-21 02:12:19 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2009-01-21 12:57:24 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2009-01-21 12:57:24 262,144 ---ha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2009-01-20 23:13:41 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-01-21 03:00:11 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-01-20 23:13:41 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-01-21 03:00:11 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-01-20 23:13:41 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-01-21 03:00:11 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-01-21 02:05:44 262,144 ----a-w c:\windows\System32\config\systemprofile\ntuser.dat
+ 2009-01-21 12:49:56 262,144 ----a-w c:\windows\System32\config\systemprofile\ntuser.dat
- 2009-01-21 01:57:30 108,836 ----a-w c:\windows\System32\perfc009.dat
+ 2009-01-21 12:49:34 108,836 ----a-w c:\windows\System32\perfc009.dat
- 2009-01-21 01:57:30 607,068 ----a-w c:\windows\System32\perfh009.dat
+ 2009-01-21 12:49:34 607,068 ----a-w c:\windows\System32\perfh009.dat
- 2009-01-21 02:13:45 9,600 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4154665472-3905096956-328042086-1000_UserData.bin
+ 2009-01-21 12:59:05 9,632 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4154665472-3905096956-328042086-1000_UserData.bin
- 2009-01-21 02:13:42 60,450 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-01-21 12:59:03 60,676 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2009-01-21 01:52:32 40,892 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-01-21 12:46:42 41,004 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
- 2009-01-20 20:36:59 251,292 ----a-w c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S4.bin
+ 2009-01-21 12:26:06 252,442 ----a-w c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S4.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-08-23 455968]
"HPAdvisor"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2007-10-01 1783136]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 136136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-08-28 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-08-28 154136]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-06-30 159744]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 178712]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-09-13 222504]
"MSConfig"="c:\windows\system32\msconfig.exe" [2008-01-19 227840]
"F-Secure Manager"="c:\program files\COGECO Security Services\Common\FSM32.EXE" [2008-02-13 184800]
"F-Secure TNB"="c:\program files\COGECO Security Services\FSGUI\TNBUtil.exe" [2008-02-13 741800]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-03-28 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-03-30 267048]
"BrStsWnd"="c:\program files\Brownie\BrstsWnd.exe" [2008-01-08 864256]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2008-11-20 178688]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-19 136600]

c:\users\Sandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
iWin Desktop Alerts.lnk - c:\programdata\iWin Games\DesktopAlerts\DesktopAlerts.exe [2008-07-13 108032]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-01-21 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3codecp"= l3codecp.acm

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-10-15 01:04 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2007-05-08 14:24 54840 c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]
--a------ 2007-10-03 18:15 480560 c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
--a------ 2007-08-28 07:43 137752 c:\windows\System32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl]
--a------ 2007-09-27 19:05 202032 c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
--a------ 2007-09-30 22:34 181544 c:\program files\HP\QuickPlay\QPService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
--a------ 2008-01-19 02:33 1233920 c:\program files\Windows Sidebar\sidebar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-07-12 07:00 132496 c:\program files\Java\jre1.6.0_02\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter]
--a------ 2008-01-19 02:36 2153472 c:\windows\System32\oobefldr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{67EAD285-24E0-4D13-9328-BECCC47B61D5}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{28495F53-3DC3-4452-BD8E-0976C9FE8C8E}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play
"{46348CAD-7C71-4EAE-AC04-CA4B66340296}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{C1A39136-A319-42A5-BFE5-9FEAC850B68E}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{9086506A-9714-493C-8B5F-1F1BCDA54395}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{70C932A6-C860-4576-947B-BA187AF370E7}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{DB3E0176-E6B4-4703-B2E6-A28D6256C208}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{BAAA76A8-3F4C-4447-A5F5-1BF47ABD45BE}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{94F28621-2B36-4356-9A5D-5EA4AA840EE6}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{5C36C87C-C35D-4994-A03C-771D2B28DF9A}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{D6F0A7F8-B6C6-4F51-99A1-D5BBF119C78D}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{99FACF38-18CA-4AC9-ACE2-B97A0B8199AA}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent
"{B31BA21E-DF65-4561-AEF6-EC4CBC0590C1}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent
"{20EA3524-AE64-4D5A-AE18-5A92314F261E}"= UDP:c:\program files\iWin Games\iWinGames.exe:iWin Games application.
"{B96618BF-4677-4A11-85B0-780CCC200F20}"= TCP:c:\program files\iWin Games\iWinGames.exe:iWin Games application.
"{C16CC18C-09BD-4FC0-9843-791B00AE9BC4}"= UDP:c:\program files\iWin Games\WebUpdater.exe:iWin Games updater.
"{9642ABE5-8DE1-4543-AE07-89F226709424}"= TCP:c:\program files\iWin Games\WebUpdater.exe:iWin Games updater.
"{9290E9F9-75DB-49A3-A837-EBE9645C69A7}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{1AC5630E-D661-42ED-A81A-464C322E5260}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{4FC0EF40-4F6F-44ED-B13E-D35A9DE9903F}"= c:\program files\HP\Digital Imaging\bin\hpqpse.exe:hpqpse.exe
"{389E1867-BB5A-425D-8A53-051D261D97B2}"= c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe:hpqphotocrm.exe
"{5A15AEB4-8D6A-4A45-90A6-22DF4C342494}"= c:\program files\HP\Digital Imaging\bin\hpqsudi.exe:hpqsudi.exe
"{91A9169C-D0A7-46DE-8662-0355F72A43E6}"= c:\program files\HP\Digital Imaging\bin\hpqpsapp.exe:hpqpsapp.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R1 F-Secure HIPS;F-Secure HIPS;c:\program files\COGECO Security Services\HIPS\fshs.sys [2008-05-21 41184]
R1 FSES;F-Secure Email Scanning Driver;c:\windows\System32\drivers\fses.sys [2008-05-21 36616]
R1 FSFW;F-Secure Firewall Driver;c:\windows\System32\drivers\fsdfw.sys [2008-05-21 60064]
R1 fsvista;F-Secure Vista Support Driver;c:\program files\COGECO Security Services\Anti-Virus\minifilter\fsvista.sys [2008-05-21 14760]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\COGECO Security Services\Anti-Virus\minifilter\fsgk.sys [2008-05-21 63912]
S4 F-Secure Filter;F-Secure File System Filter;c:\program files\COGECO Security Services\Anti-Virus\win2k\fsfilter.sys [2008-05-21 41640]
S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\COGECO Security Services\Anti-Virus\win2k\fsrec.sys [2008-05-21 27048]

--- Other Services/Drivers In Memory ---

*Deregistered* - sptd

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder

2009-01-21 c:\windows\Tasks\Scheduled scanning task.job
- c:\progra~1\COGECO~1\ANTI-V~1\fsav.exe [2008-02-13 05:38]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
LSP: c:\program files\COGECO Security Services\FSPS\program\fslsp.dll
DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} - hxxp://design-concept.ca/Core/Player/2020PlayerAX_Win32.cab
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-21 07:57:29
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(808)
c:\program files\COGECO Security Services\FWES\Program\fsdc.dll

- - - - - - - > 'lsass.exe'(720)
c:\program files\COGECO Security Services\FWES\Program\fsdc.dll

- - - - - - - > 'Explorer.exe'(4960)
c:\program files\COGECO Security Services\Spam Control\fsscoepl.dll
c:\program files\Hewlett-Packard\HP Advisor\Pillars\Market\MLDeskBand.dll
c:\program files\iTunes\iTunesMiniPlayer.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\en.lproj\iTunesMiniPlayerLocalized.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\iTunesMiniPlayer.dll

- - - - - - - > 'csrss.exe'(616)
c:\program files\COGECO Security Services\FWES\Program\fsdc.dll

- - - - - - - > 'csrss.exe'(676)
c:\program files\COGECO Security Services\FWES\Program\fsdc.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\audiodg.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\COGECO Security Services\Anti-Virus\fsgk32st.exe
c:\program files\COGECO Security Services\Anti-Virus\fsgk32.exe
c:\program files\COGECO Security Services\Common\FSMA32.EXE
c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\COGECO Security Services\Common\FSMB32.EXE
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\windows\System32\drivers\XAudio.exe
c:\program files\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\program files\COGECO Security Services\Common\FCH32.EXE
c:\program files\COGECO Security Services\Common\FAMEH32.EXE
c:\program files\COGECO Security Services\Anti-Virus\fsqh.exe
c:\program files\COGECO Security Services\FSPC\fspc.exe
c:\program files\COGECO Security Services\FSAUA\program\fsaua.exe
c:\program files\COGECO Security Services\Anti-Virus\fssm32.exe
c:\program files\COGECO Security Services\FWES\program\fsdfwd.exe
c:\windows\System32\conime.exe
c:\program files\COGECO Security Services\FSAUA\program\fsus.exe
c:\windows\System32\igfxsrvc.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Apoint2K\ApMsgFwd.exe
c:\program files\COGECO Security Services\FSGUI\fsguidll.exe
c:\program files\Apoint2K\ApntEx.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\COGECO Security Services\Anti-Virus\fsav32.exe
c:\program files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
c:\windows\System32\dllhost.exe
.
**************************************************************************
.
Completion time: 2009-01-21 8:06:06 - machine was rebooted
ComboFix-quarantined-files.txt 2009-01-21 13:05:55
ComboFix2.txt 2009-01-21 02:22:27

Pre-Run: 74,644,004,864 bytes free
Post-Run: 74,306,797,568 bytes free

371 --- E O F --- 2009-01-20 13:43:59


I tried the OTScanlt2 and it froze near the beginning of scanning. I tried it twice to be sure. When it was scanning application even log, an error box came up. It said: access violation at address 77065973 in module 'ntdll.dll'. Read of address 00000022. I pressed ok.

Do you still want me to run hijackthis?
Should I try the OTScanlt2 again but with different characteristics?

I am so glad you are helping me because I have no idea what I am doing.
Sandra
  • 0

#14
handhfan
Posted 21 January 2009 - 09:37 AM

handhfan

    Trusted Helper

  • Expert
  • 13,659 posts
Do you happen to have your Operating System disk for Windows Vista?
  • 0

#15
imralphy
Posted 21 January 2009 - 06:53 PM

imralphy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Sorry I took a while to respond. I had to find the laptop box and stuff it came with. It did not come with any discs. I just had to insert the battery and turn it on - everything was preloaded. It's a compaq presario (bought new) C700 notebook.

I guess this is not sounding very good :)
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP