Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Computer won't run anything even Hijakthis [Solved]

Started by Kritayot , Jan 19 2009 08:20 PM

  • This topic is locked This topic is locked

#1
Kritayot
Posted 19 January 2009 - 08:20 PM

Kritayot

    Member

  • Member
  • PipPip
  • 61 posts
I accidentally opened email and got Malware on my computer. Now, I cannot run anything and lots of pop ups and error. Can you please help?

Thanks,
CP
  • 0

Advertisements

#2
Thunderbird1988
Posted 20 January 2009 - 08:23 AM

Thunderbird1988

    Member 2k

  • Member
  • PipPipPipPipPip
  • 2,416 posts
Hello Kritayot,

  • First, download OTListIt2 to your desktop.
  • Once it has finished downloading, please double click on the icon.
  • When the window appears, please make the following changes:
    • Click Output: Minimal Output
  • When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
  • You may close these windows when you have posted the contents of the files.
[/quote]

Disable resident protections (Antivirus...); you'll re-enable them after the scan

Download Lop S&D < here

Double-click Lop S&D.exe
Choose the language, then choose Option 1 (Search)
Wait till the end of the scan
Post the log which is created: (%SystemDrive%\lopR.txt)

Thunderbird1988
  • 0

#3
Kritayot
Posted 20 January 2009 - 01:55 PM

Kritayot

    Member

  • Topic Starter
  • Member
  • PipPip
  • 61 posts
Thank you for your response Thunderbird1988. Here are the logs.
OTListIt.Txt

OTListIt logfile created on: 1/20/2009 2:07:21 PM - Run
OTListIt2 by OldTimer - Version 1.0.3.0 Folder = C:\Documents and Settings\Chris\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.10 Gb Available Physical Memory | 54.83% Memory free
3.35 Gb Paging File | 2.62 Gb Available in Paging File | 78.32% Paging File free
Paging file location(s): c:\pagefile.sys 1536 3072;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.50 Gb Total Space | 7.29 Gb Free Space | 10.20% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive W: | 465.23 Gb Total Space | 157.13 Gb Free Space | 33.77% Space Free | Partition Type: NTFS
Drive X: | 279.47 Gb Total Space | 230.21 Gb Free Space | 82.37% Space Free | Partition Type: NTFS

Computer Name: CHRIS-ABOD
Current User Name: Chris
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

C:\WINDOWS\system32\ati2evxx.exe (ATI Technologies Inc.)
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe (Intel® Corporation)
c:\Program Files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
C:\Program Files\NavNT\defwatch.exe (Symantec Corporation)
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
C:\Program Files\LogMeIn\x86\ramaint.exe (LogMeIn, Inc.)
C:\Program Files\LogMeIn\x86\LogMeIn.exe (LogMeIn, Inc.)
C:\Program Files\LogMeIn\x86\LMIGuardian.exe (LogMeIn, Inc.)
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
C:\Program Files\Dell\NicConfigSvc\NicConfigSvc.exe (Dell Inc.)
C:\Program Files\ZyXEL\AG-225H\NICServ.exe ()
C:\Program Files\NavNT\rtvscan.exe (Symantec Corporation)
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
C:\WINDOWS\system32\TSSchBkpService.exe ()
C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
C:\WINDOWS\system32\wbem\wmiprvse.exe (Microsoft Corporation)
C:\WINDOWS\system32\MSGSYS.EXE (Intel Corporation)
C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe (Intel Corporation)
C:\Program Files\Intel\Wireless\Bin\1XConfig.exe (Intel)
C:\WINDOWS\system32\ati2evxx.exe (ATI Technologies Inc.)
C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe (Intel Corporation)
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
C:\Program Files\Dell\Media Experience\PCMService.exe (CyberLink Corp.)
C:\Program Files\Dell\QuickSet\quickset.exe ()
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe (CyberLink Corp.)
C:\Program Files\Apoint\ApntEx.exe (Alps Electric Co., Ltd.)
C:\WINDOWS\system32\dla\tfswctrl.exe (Sonic Solutions)
C:\WINDOWS\system32\rundll32.exe (Microsoft Corporation)
C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.)
C:\Program Files\Logitech\Video\CameraAssistant.exe (Logitech Inc.)
C:\WINDOWS\system32\ElkCtrl.exe (Logitech Inc.)
C:\Program Files\Maxtor\Maxtor Quick Start\MaxBackService.exe (Maxtor Corp)
C:\Program Files\Maxtor\OneTouch Status\MaxMenuMgr.exe (Maxtor Corp.)
C:\Program Files\Maxtor\Maxtor Quick Start\msssort.exe (Maxtor)
C:\Program Files\NavNT\vptray.exe (Symantec Corporation)
C:\Program Files\SamsungODD\Magic Speed\MagicSL.exe (SAMSUNG ELECTRONICS CO., LTD)
C:\Program Files\SAMSUNG\FW LiveUpdate\FWManager.exe ( )
C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe ( TOSHIBA CORPORATION)
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe (ACD Systems)
C:\Program Files\LogMeIn\x86\LMIGuardian.exe (LogMeIn, Inc.)
C:\WINDOWS\system32\shdocvw.exe ()
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe (Adobe Systems Inc.)
C:\Program Files\palmOne\AlarmApp.exe (Palm, Inc.)
C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
C:\Program Files\SiteDevelopers.Com\Dynamic DNS Client .NET Edition - Desktop\ClientGUI.exe (Mike Hacker)
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
C:\Program Files\palmOne\Hotsync.exe (PalmSource, Inc)
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
C:\Program Files\Common Files\Intuit\QuickBooks\QBWebConnector\QBWebConnector.exe (Intuit)
C:\Program Files\ZyXEL\AG-225H\AG-225Hv2.exe ()
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe (TOSHIBA CORPORATION.)
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe (TOSHIBA CORPORATION.)
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe (TOSHIBA CORPORATION.)
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosOBEX.exe (TOSHIBA CORPORATION.)
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe (TOSHIBA CORPORATION.)
C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
C:\Program Files\Mozilla Thunderbird\thunderbird.exe (Mozilla Corporation)
C:\Documents and Settings\Chris\Desktop\OTListIt2.exe (OldTimer Tools)

========== (O23) Win32 Services (SafeList) ==========

(Adobe LM Service [On_Demand | Stopped]) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe (Adobe Systems)
(aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
(Ati HotKey Poller [Auto | Running]) -- C:\WINDOWS\system32\ati2evxx.exe (ATI Technologies Inc.)
(awhost32 [On_Demand | Stopped]) -- C:\Program Files\Symantec\pcAnywhere\awhost32.exe (Symantec Corporation)
(clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
(DefWatch [Auto | Running]) -- C:\Program Files\NavNT\defwatch.exe (Symantec Corporation)
(EvtEng [Auto | Running]) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
(gusvc [Auto | Running]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
(IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)
(IntuitUpdateService [Auto | Running]) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
(JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
(LMIMaint [Auto | Running]) -- C:\Program Files\LogMeIn\x86\ramaint.exe (LogMeIn, Inc.)
(LogMeIn [Auto | Running]) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe (LogMeIn, Inc.)
(LVPrcSrv [Auto | Running]) -- c:\Program Files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
(MDM [Auto | Running]) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
(NICCONFIGSVC [Auto | Running]) -- C:\Program Files\Dell\NicConfigSvc\NicConfigSvc.exe (Dell Inc.)
(NICSer_AG225H [Auto | Running]) -- C:\Program Files\ZyXEL\AG-225H\NICServ.exe ()
(Norton AntiVirus Server [Auto | Running]) -- C:\Program Files\NavNT\rtvscan.exe (Symantec Corporation)
(ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
(Pml Driver HPZ12 [On_Demand | Stopped]) -- C:\WINDOWS\system32\HPZipm12.exe (HP)
(QBCFMonitorService [Disabled | Stopped]) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit)
(QBFCService [On_Demand | Stopped]) -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe (Intuit Inc.)
(RegSrvc [Auto | Running]) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
(RoxLiveShare9 [Auto | Stopped]) -- File not found
(rpcapd [On_Demand | Stopped]) -- C:\Program Files\WinPcap\rpcapd.exe ()
(S24EventMonitor [Auto | Running]) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
(TOSHIBA Bluetooth Service [Auto | Running]) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
(TSScheduleBackup [Auto | Running]) -- C:\WINDOWS\system32\TSSchBkpService.exe ()
(UMWdf [On_Demand | Stopped]) -- C:\WINDOWS\system32\wdfmgr.exe (Microsoft Corporation)
(usnjsvc [On_Demand | Stopped]) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe (Microsoft Corporation)
(Viewpoint Manager Service [Auto | Running]) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
(WLANKEEPER [Auto | Running]) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe (Intel® Corporation)
(WLSetupSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

(AegisP [Auto | Running]) -- C:\WINDOWS\system32\drivers\AegisP.sys (Meetinghouse Data Communications)
(AliIde [Disabled | Stopped]) -- C:\WINDOWS\system32\drivers\aliide.sys (Acer Laboratories Inc.)
(amdagp [Disabled | Stopped]) -- C:\WINDOWS\system32\drivers\AMDAGP.SYS (Advanced Micro Devices, Inc.)
(ApfiltrService [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
(APPDRV [System | Running]) -- C:\WINDOWS\system32\drivers\APPDRV.SYS (Dell Inc)
(asc [Disabled | Stopped]) -- C:\WINDOWS\system32\drivers\asc.sys (Advanced System Products, Inc.)
(asc3550 [Disabled | Stopped]) -- C:\WINDOWS\system32\drivers\asc3550.sys (Advanced System Products, Inc.)
(ati2mtag [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
(awecho [System | Running]) -- C:\WINDOWS\system32\drivers\awechomd.sys (Symantec Corporation)
(AW_HOST [System | Running]) -- C:\WINDOWS\system32\drivers\AW_HOST5.sys (Symantec Corporation)
(bcm4sbxp [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys (Broadcom Corporation)
(BthEnum [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\BthEnum.sys (Microsoft Corporation)
(BthPan [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\bthpan.sys (Microsoft Corporation)
(BTHPORT [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\bthport.sys (Microsoft Corporation)
(BTHUSB [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\BTHUSB.SYS (Microsoft Corporation)
(CmdIde [Disabled | Stopped]) -- C:\WINDOWS\system32\drivers\cmdide.sys (CMD Technology, Inc.)
(dac2w2k [Disabled | Stopped]) -- C:\WINDOWS\system32\drivers\dac2w2k.sys (Mylex Corporation)
(Dot4 [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\Dot4.sys (Microsoft Corporation)
(Dot4Print [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\Dot4Prt.sys (Microsoft Corporation)
(dot4usb [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\Dot4usb.sys (Microsoft Corporation)
(drvmcdb [Boot | Running]) -- C:\WINDOWS\system32\drivers\drvmcdb.sys (Sonic Solutions)
(drvnddm [Auto | Running]) -- C:\WINDOWS\system32\drivers\drvnddm.sys (Sonic Solutions)
(E100B [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\e100b325.sys (Intel Corporation)
(FilterService [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\lvuvcflt.sys (Logitech Inc.)
(Gernuwa [Boot | Running]) -- C:\WINDOWS\system32\drivers\GERNUWA.sys (Symantec Corporation)
(HSFHWICH [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\HSFHWICH.sys (Conexant Systems, Inc.)
(HSF_DP [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.)
(HSF_DPV [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\HSF_DPV.SYS (Conexant Systems, Inc.)
(IWCA [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\iwca.sys (Intel Corporation)
(kbdhid [System | Running]) -- C:\WINDOWS\system32\drivers\kbdhid.sys (Microsoft Corporation)
(lgatbus [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\lgatbus.sys (MCCI)
(lgatmdm [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\lgatmdm.sys (MCCI)
(lgatserd [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\lgatserd.sys (MCCI)
(LMIInfo [Auto | Running]) -- C:\Program Files\LogMeIn\x86\rainfo.sys (LogMeIn, Inc.)
(lmimirr [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\lmimirr.sys (LogMeIn, Inc.)
(LMIRfsClientNP [Disabled | Stopped]) -- C:\WINDOWS\system32\LMIRfsClientNP.dll (LogMeIn, Inc.)
(LMIRfsDriver [Auto | Running]) -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys (LogMeIn, Inc.)
(Lvckap [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\Lvckap.sys ()
(lvmvdrv [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\LVMVdrv.sys ()
(lvpopflt [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\lvpopflt.sys (Logitech Inc.)
(LVPrcMon [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\LVPrcMon.sys ()
(LVUSBSta [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys (Logitech Inc.)
(LVUVC [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\lvuvc.sys (Logitech Inc.)
(mdmxsdk [Auto | Running]) -- C:\WINDOWS\system32\drivers\mdmxsdk.sys (Conexant)
(mraid35x [Disabled | Stopped]) -- C:\WINDOWS\system32\drivers\mraid35x.sys (American Megatrends Inc.)
(NAVAP [On_Demand | Running]) -- C:\Program Files\NavNT\navap.sys ()
(NAVAPEL [Auto | Running]) -- C:\Program Files\NavNT\Navapel.sys ()
(NAVENG [On_Demand | Running]) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090114.017\NAVENG.SYS (Symantec Corporation)
(NAVEX15 [On_Demand | Running]) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090114.017\NAVEX15.SYS (Symantec Corporation)
(nv [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
(omci [System | Running]) -- C:\WINDOWS\system32\drivers\omci.sys (Dell Inc)
(PalmUSBD [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\PalmUSBD.sys (PalmSource, Inc.)
(pcouffin [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\pcouffin.sys (VSO Software)
(Ptilink [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.)
(PxHelp20 [Boot | Running]) -- C:\WINDOWS\system32\drivers\pxhelp20.sys (Sonic Solutions)
(ql1080 [Disabled | Stopped]) -- C:\WINDOWS\system32\drivers\ql1080.sys (QLogic Corporation)
(ql12160 [Disabled | Stopped]) -- C:\WINDOWS\system32\drivers\ql12160.sys (QLogic Corporation)
(ql1280 [Disabled | Stopped]) -- C:\WINDOWS\system32\drivers\ql1280.sys (QLogic Corporation)
(RFCOMM [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\rfcomm.sys (Microsoft Corporation)
(RimVSerPort [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\RimSerial.sys (Research in Motion Ltd)
(ROOTMODEM [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\rootmdm.sys (Microsoft Corporation)
(s24trans [Auto | Running]) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)
(sdbus [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\sdbus.sys (Microsoft Corporation)
(Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
(Ser2pl [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\ser2pl.sys (Prolific Technology Inc.)
(sffdisk [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\sffdisk.sys (Microsoft Corporation)
(sffp_sd [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\sffp_sd.sys (Microsoft Corporation)
(sisagp [Disabled | Stopped]) -- C:\WINDOWS\system32\drivers\SISAGP.SYS (Silicon Integrated Systems Corporation)
(Sparrow [Disabled | Stopped]) -- C:\WINDOWS\system32\drivers\sparrow.sys (Adaptec, Inc.)
(sscdbhk5 [System | Running]) -- C:\WINDOWS\system32\drivers\sscdbhk5.sys (Sonic Solutions)
(ssrtln [System | Running]) -- C:\WINDOWS\system32\drivers\ssrtln.sys (Sonic Solutions)
(STAC97 [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\STAC97.sys (SigmaTel, Inc.)
(symc810 [Disabled | Stopped]) -- C:\WINDOWS\system32\drivers\symc810.sys (Symbios Logic Inc.)
(symc8xx [Disabled | Stopped]) -- C:\WINDOWS\system32\drivers\symc8xx.sys (LSI Logic)
(SymEvent [On_Demand | Running]) -- C:\Program Files\Symantec\SYMEVENT.SYS (Symantec Corporation)
(sym_hi [Disabled | Stopped]) -- C:\WINDOWS\system32\drivers\sym_hi.sys (LSI Logic)
(sym_u3 [Disabled | Stopped]) -- C:\WINDOWS\system32\drivers\sym_u3.sys (LSI Logic)
(tbhsd [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\tbhsd.sys (RapidSolution Software AG)
(Tcpip6 [System | Running]) -- C:\WINDOWS\system32\drivers\tcpip6.sys (Microsoft Corporation)
(tfsnboio [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsnboio.sys (Sonic Solutions)
(tfsncofs [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsncofs.sys (Sonic Solutions)
(tfsndrct [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsndrct.sys (Sonic Solutions)
(tfsndres [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsndres.sys (Sonic Solutions)
(tfsnifs [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsnifs.sys (Sonic Solutions)
(tfsnopio [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsnopio.sys (Sonic Solutions)
(tfsnpool [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsnpool.sys (Sonic Solutions)
(tfsnudf [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsnudf.sys (Sonic Solutions)
(tfsnudfa [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsnudfa.sys (Sonic Solutions)
(toshidpt [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\Toshidpt.sys (TOSHIBA Corporation.)
(tosporte [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\tosporte.sys (TOSHIBA Corporation)
(Tosrfbd [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\tosrfbd.sys (TOSHIBA CORPORATION)
(Tosrfbnp [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\tosrfbnp.sys (TOSHIBA Corporation)
(Tosrfcom [System | Running]) -- C:\WINDOWS\system32\drivers\tosrfcom.sys (TOSHIBA Corporation)
(Tosrfhid [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\Tosrfhid.sys (TOSHIBA Corporation.)
(tosrfnds [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\tosrfnds.sys (TOSHIBA Corporation.)
(TosRfSnd [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\TosRfSnd.sys (TOSHIBA Corporation)
(Tosrfusb [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\tosrfusb.sys (TOSHIBA CORPORATION)
(tunmp [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\tunmp.sys (Microsoft Corporation)
(ultra [Disabled | Stopped]) -- C:\WINDOWS\system32\drivers\ultra.sys (Promise Technology, Inc.)
(usbaudio [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation)
(w29n51 [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\w29n51.sys (Intel® Corporation)
(winachsf [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
(WS2IFSL [Disabled | Stopped]) -- C:\WINDOWS\system32\drivers\ws2ifsl.sys (Microsoft Corporation)
(ZDA211BU(ZyXEL) [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\ZDA211BU.sys (ZyDAS Technology Corporation)
(ZDPSp50 [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\ZDPSp50.sys (Printing Communications Assoc., Inc. (PCAUSA))

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...p...ER}&ar=home
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft...amp;ar=iesearch
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions =
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig
HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

O1 HOSTS File: (291504 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 127.0.0.1 www.163ns.com
O1 - Hosts: 127.0.0.1 163ns.com
O1 - Hosts: 10040 more lines...
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKCU\..\Toolbar: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKCU\..\Toolbar: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKCU\..\Toolbar: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKCU\..\Toolbar: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKCU\..\Toolbar: (no name) - {BC4FFE41-DE9F-46FA-B455-AAD49B9F9938} - Reg Error: Key does not exist or could not be opened. File not found
O3 - HKCU\..\Toolbar: (no name) - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - Reg Error: Key does not exist or could not be opened. File not found
O4 - HKLM..\Run: [Apoint] "C:\Program Files\Apoint\Apoint.exe" (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" (ATI Technologies, Inc.)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] "rundll32.exe" bthprops.cpl,,BluetoothAuthenticationAgent (Microsoft Corporation)
O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe ()
O4 - HKLM..\Run: [Device Detector] DevDetect.exe -autorun File not found
O4 - HKLM..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe (Sonic Solutions)
O4 - HKLM..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" (CyberLink Corp.)
O4 - HKLM..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless (Intel Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup (Macrovision Corporation)
O4 - HKLM..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start (Macrovision Corporation)
O4 - HKLM..\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START ( TOSHIBA CORPORATION)
O4 - HKLM..\Run: [LogitechCameraAssistant] "C:\Program Files\Logitech\Video\CameraAssistant.exe" (Logitech Inc.)
O4 - HKLM..\Run: [LogitechCameraService(E)] "C:\WINDOWS\system32\ElkCtrl.exe" /automation (Logitech Inc.)
O4 - HKLM..\Run: [LogitechVideo[inspector]] "C:\Program Files\Logitech\Video\InstallHelper.exe" /inspect (Logitech Inc.)
O4 - HKLM..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" (LogMeIn, Inc.)
O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.)
O4 - HKLM..\Run: [MagicSpeed] "C:\Program Files\SamsungODD\Magic Speed\MagicSL.exe" /autorun (SAMSUNG ELECTRONICS CO., LTD)
O4 - HKLM..\Run: [MaxBackSchedule] "C:\Program Files\Maxtor\Maxtor Quick Start\maxbackservice.exe" (Maxtor Corp)
O4 - HKLM..\Run: [mssSort] "C:\Program Files\Maxtor\Maxtor Quick Start\msssort.exe" (Maxtor)
O4 - HKLM..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe" (Maxtor Corp.)
O4 - HKLM..\Run: [Name of App] C:\Program Files\SAMSUNG\FW LiveUpdate\FWManager.exe r ( )
O4 - HKLM..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe" (CyberLink Corp.)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [vptray] "C:\Program Files\NavNT\vptray.exe" (Symantec Corporation)
O4 - HKLM..\Run: [Windows Service Processor] shdocvw.exe ()
O4 - HKCU..\Run: [cogad] "C:\Documents and Settings\Chris\Application Data\cogad\cogad.exe" 61A847B5BBF728133B923E466188719AB689201522886B092CBD44BD8689220221DD3257 File not found
O4 - HKCU..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (Microsoft Corporation)
O4 - HKCU..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler (Macrovision Corporation)
O4 - HKCU..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot (Logitech Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKLM..\RunServices: [Windows Service Processor] shdocvw.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe (Adobe Systems Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Alarm Manager.LNK = C:\Program Files\palmOne\AlarmApp.exe (Palm, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk = C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe (TOSHIBA CORPORATION.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Dynamic DNS Client.lnk = C:\WINDOWS\Installer\{BA0DB8B7-7DCF-4F5E-AD6E-49F8DDFB9176}\_2cd672ae.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\palmOne\Hotsync.exe (PalmSource, Inc)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Web Connector.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBWebConnector\QBWebConnector.exe (Intuit)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ZyXEL AG-225H Utility.lnk = C:\Program Files\ZyXEL\AG-225H\AG-225Hv2.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Sites: 49 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Sites: turbotax.com (https in Trusted sites)
O15 - HKCU\..Trusted Sites: 48 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell....iler/SysPro.CAB (SysProWmi Class)
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} http://downloadcente...trolLite_EN.cab (DjVuCtl Class)
O16 - DPF: {240EEE8D-91DB-4D74-A87E-671026601333} http://www.rightnetw...eb/eolupcli.cab (EOLUP.Version)
O16 - DPF: {2D360201-FFF5-11D1-8D03-00A0C959BC0A} http://unakrt-wm.unlb.org/DHTMLED.cab (DHTML Edit Control Safe for Scripting for IE5)
O16 - DPF: {315B0BFB-2BD4-481B-80A3-A9B80727C61B} http://webiq005.webi...6-6D5536C585C9} (WebIQ Engine Application Object)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.micros...ntent/opuc2.cab (Office Update Installation Engine)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1120072921953 (WUWebControl Class)
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} http://www.rightnetw...rdp20050324.cab (Microsoft RDP Client Control (redist))
O16 - DPF: {843EE768-3A97-455C-9076-741BA3AD7B62} https://accounting.q...156/qboax10.cab (QuickBooks Online Edition Utilities Class v10)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {8CE3BAE6-AB66-40B6-9019-41E5282FF1E2} https://accounting.q....255/qboax8.cab (Reg Error: Key does not exist or could not be opened.)
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} http://messenger.msn...pDownloader.cab (MsnMessengerSetupDownloadControl Class)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} (Java Plug-in 1.4.2_03)
O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} (Reg Error: Key does not exist or could not be opened.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} (Reg Error: Key does not exist or could not be opened.)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} (Reg Error: Key does not exist or could not be opened.)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} (Java Plug-in 1.5.0_10)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler: - intu-help-qb1 - C:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll (TODO: <Company name>)
O18 - Protocol\Handler: - ipp - No CLSID value found
O18 - Protocol\Handler: - ipp\0x00000001 - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler: - livecall - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler: - msdaipp - No CLSID value found
O18 - Protocol\Handler: - msdaipp\0x00000001 - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler: - msdaipp\oledb - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler: - ms-itss - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler: - msnim - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler: - mso-offdap - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler: - mso-offdap11 - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - See sections below for AppInitDlls and Winlogon settings

========== Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
AtiExtEvent: "DllName" = Ati2evxx.dll -- C:\WINDOWS\system32\ati2evxx.dll (ATI Technologies Inc.)
fuldqzhh: "DllName" = fuldqzhh32.dll -- C:\WINDOWS\system32\fuldqzhh32.dll ()
IntelWireless: "DllName" = C:\Program Files\Intel\Wireless\Bin\LgNotify.dll -- C:\Program Files\Intel\Wireless\Bin\LgNotify.dll (Intel Corporation)
LMIinit: "DllName" = LMIinit.dll -- C:\WINDOWS\system32\LMIinit.dll (LogMeIn, Inc.)
NavLogon: "DllName" = C:\WINDOWS\system32\NavLogon.dll -- C:\WINDOWS\system32\NavLogon.dll ()
PCANotify: "DllName" = PCANotify.dll -- C:\WINDOWS\system32\PCANotify.dll (Symantec Corporation)

========== Shell Execute Hooks ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}" (HKLM) -- C:\Program Files\SUPERAntiSpyware\SASSEH.DLL File not found

========== Safeboot Options ==========

"AlternateShell" = cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
C:\AUTOEXEC.BAT () -- [ NTFS ]


========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{909b79da-bb3c-11dc-8f9d-00123fd631a9}\Shell\AutoRun\command]
"" = E:\InstallTomTomHOME.exe -- File not found


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9b66b87b-c35a-11dd-9cbb-0010c67e438b}\Shell\AutoRun\command]
"" = E:\start.exe -- File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f212b86c-cb41-11db-9e74-00123fd631a9}\Shell\autorun]
"" = Auto&Play



[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f212b86c-cb41-11db-9e74-00123fd631a9}\Shell\explore\command]
"" = system.exe


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f212b86c-cb41-11db-9e74-00123fd631a9}\Shell\open\command]
"" = system.exe

========== Files/Folders - Created Within 30 Days ==========

[4 C:\WINDOWS\*.tmp files]
[2009/01/20 14:08:02 | 00,530,106 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\LopSD.exe
[2009/01/20 14:05:55 | 00,419,328 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Chris\Desktop\OTListIt2.exe
[2009/01/20 14:02:09 | 00,024,366 | ---- | C] () -- C:\Documents and Settings\Chris\My Documents\Generic host.JPG
[2009/01/20 14:01:11 | 00,018,888 | ---- | C] () -- C:\Documents and Settings\Chris\My Documents\DEP.JPG
[2009/01/20 07:37:53 | 00,000,933 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\Spybot - Search & Destroy.lnk
[2009/01/20 01:10:38 | 00,388,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cmd.execf
[2009/01/20 01:06:47 | 00,388,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CF4482.exe
[2009/01/20 01:06:47 | 00,388,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CF4476.exe
[2009/01/20 01:06:11 | 00,000,000 | ---D | C] -- C:\32788R22FWJFW
[2009/01/20 00:54:55 | 03,043,320 | R--- | C] () -- C:\Documents and Settings\Chris\Desktop\CF.exe
[2009/01/20 00:53:41 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/01/20 00:05:40 | 00,000,000 | ---D | C] -- C:\WINDOWS\pss
[2009/01/19 23:43:44 | 21,468,93824 | -HS- | C] () -- C:\hiberfil.sys
[2009/01/19 23:27:03 | 01,529,241 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\SDFix.exe
[2009/01/19 22:37:34 | 00,016,896 | ---- | C] () -- C:\WINDOWS\System32\fuldqzhh32.dll
[2009/01/19 21:00:38 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/01/19 21:00:38 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/01/19 21:00:38 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/01/19 21:00:38 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/01/19 21:00:38 | 00,089,504 | ---- | C] (Smallfrogs Studio) -- C:\WINDOWS\fdsv.exe
[2009/01/19 21:00:38 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/01/19 21:00:38 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/01/19 21:00:38 | 00,049,152 | ---- | C] () -- C:\WINDOWS\VFIND.exe
[2009/01/19 21:00:38 | 00,029,696 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/01/19 21:00:29 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/01/19 21:00:26 | 00,388,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CF21786.exe
[2009/01/19 21:00:26 | 00,388,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CF21776.exe
[2009/01/19 21:00:26 | 00,388,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CF21772.exe
[2009/01/19 20:27:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Local Settings\Application Data\{27E17E67-C78F-4032-8ED3-44A2446403A2}
[2009/01/19 20:11:37 | 00,016,896 | ---- | C] () -- C:\WINDOWS\System32\fuldqzhh.dll
[2009/01/19 20:07:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Application Data\cogad
[2009/01/19 20:07:22 | 00,133,254 | ---- | C] () -- C:\WINDOWS\Promo3-Is_it_safe.png
[2009/01/19 20:07:18 | 00,289,840 | ---- | C] () -- C:\WINDOWS\Promo2-Petri.png
[2009/01/19 20:07:16 | 00,298,242 | ---- | C] () -- C:\WINDOWS\Promo1-map.png
[2009/01/18 18:02:35 | 00,000,384 | ---- | C] () -- C:\Documents and Settings\Chris\My Documents\license.dat
[2009/01/16 18:04:53 | 00,020,602 | ---- | C] () -- C:\Documents and Settings\Chris\My Documents\error.JPG
[2009/01/16 14:50:35 | 00,000,040 | ---- | C] () -- C:\WINDOWS\BO5140.INI
[2008/12/30 15:10:34 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\AnswerWorks 5.0
[2008/12/30 11:22:10 | 00,203,378 | ---- | C] () -- C:\Documents and Settings\Chris\My Documents\BestBuy.pdf
[2008/12/30 10:47:43 | 00,152,401 | ---- | C] () -- C:\WINDOWS\hpbvspst.his
[2008/12/30 10:47:43 | 00,000,395 | ---- | C] () -- C:\WINDOWS\hpbvspst.ini
[2008/12/30 10:47:38 | 00,002,010 | ---- | C] () -- C:\WINDOWS\hpbvnstp.hi1
[2008/12/30 10:47:38 | 00,000,783 | ---- | C] () -- C:\WINDOWS\hpbvnstp.bu1
[2008/12/25 08:49:55 | 00,190,232 | ---- | C] () -- C:\WINDOWS\hplj1320.hi1
[2008/12/25 08:49:55 | 00,013,266 | ---- | C] () -- C:\WINDOWS\hplj1320.bu1
[2008/12/24 15:53:09 | 00,000,782 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\ABC Amber BlackBerry Converter.lnk
[2008/12/24 15:53:04 | 00,000,000 | ---D | C] -- C:\Program Files\ABC Amber BlackBerry Converter
[2008/12/24 07:55:52 | 00,000,000 | ---D | C] -- C:\Program Files\MSXML 6.0
[2008/12/24 07:49:06 | 00,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin
[2008/12/24 03:21:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sonic
[2008/12/24 03:12:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Roxio
[2008/12/24 03:12:28 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Roxio Shared
[2008/12/24 02:58:40 | 00,026,496 | R--- | C] (Research in Motion Ltd) -- C:\WINDOWS\System32\drivers\RimSerial.sys
[2008/12/24 02:45:19 | 00,000,000 | -HSD | C] -- C:\WINDOWS\ftpcache

========== Files - Modified Within 30 Days ==========

[2 C:\WINDOWS\System32\*.tmp files]
[4 C:\WINDOWS\*.tmp files]
[2009/01/20 14:08:02 | 00,530,106 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\LopSD.exe
[2009/01/20 14:05:56 | 00,419,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Chris\Desktop\OTListIt2.exe
[2009/01/20 14:02:09 | 00,024,366 | ---- | M] () -- C:\Documents and Settings\Chris\My Documents\Generic host.JPG
[2009/01/20 14:01:11 | 00,018,888 | ---- | M] () -- C:\Documents and Settings\Chris\My Documents\DEP.JPG
[2009/01/20 14:01:05 | 00,000,450 | ---- | M] () -- C:\Documents and Settings\Chris\Application Data\SamsungLiveUpdateConfig.ini
[2009/01/20 13:58:28 | 00,002,593 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Dynamic DNS Client.lnk
[2009/01/20 13:54:55 | 00,000,440 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics
[2009/01/20 13:54:28 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/01/20 13:54:19 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/01/20 13:54:15 | 21,468,93824 | -HS- | M] () -- C:\hiberfil.sys
[2009/01/20 08:56:57 | 00,000,282 | RHS- | M] () -- C:\boot.ini
[2009/01/20 08:56:56 | 00,000,573 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/01/20 08:56:56 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/01/20 07:43:07 | 00,291,504 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\HOSTS
[2009/01/20 07:37:53 | 00,000,933 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\Spybot - Search & Destroy.lnk
[2009/01/20 01:10:38 | 00,388,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\cmd.execf
[2009/01/20 01:06:20 | 00,388,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\CF4482.exe
[2009/01/20 01:06:20 | 00,388,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\CF4476.exe
[2009/01/20 01:02:34 | 00,250,387 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20090120-074307.backup
[2009/01/19 23:36:46 | 00,000,686 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20090120-010234.backup
[2009/01/19 22:52:44 | 01,529,241 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\SDFix.exe
[2009/01/19 22:37:34 | 00,016,896 | ---- | M] () -- C:\WINDOWS\System32\fuldqzhh32.dll
[2009/01/19 22:37:34 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\svchost.exe
[2009/01/19 22:37:34 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\svchost.exe
[2009/01/19 22:16:00 | 00,016,896 | ---- | M] () -- C:\WINDOWS\System32\fuldqzhh.dll
[2009/01/19 21:00:07 | 00,388,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\CF21786.exe
[2009/01/19 21:00:07 | 00,388,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\CF21776.exe
[2009/01/19

Attached Thumbnails

  • DEP.JPG
  • Generic_host.JPG

  • 0

#4
Kritayot
Posted 20 January 2009 - 01:57 PM

Kritayot

    Member

  • Topic Starter
  • Member
  • PipPip
  • 61 posts
OTListIt Extras logfile created on: 1/20/2009 2:07:22 PM - Run
OTListIt2 by OldTimer - Version 1.0.3.0 Folder = C:\Documents and Settings\Chris\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.10 Gb Available Physical Memory | 54.83% Memory free
3.35 Gb Paging File | 2.62 Gb Available in Paging File | 78.32% Paging File free
Paging file location(s): c:\pagefile.sys 1536 3072;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.50 Gb Total Space | 7.29 Gb Free Space | 10.20% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive W: | 465.23 Gb Total Space | 157.13 Gb Free Space | 33.77% Space Free | Partition Type: NTFS
Drive X: | 279.47 Gb Total Space | 230.21 Gb Free Space | 82.37% Space Free | Partition Type: NTFS

Computer Name: CHRIS-ABOD
Current User Name: Chris
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger File not found
C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger (Microsoft Corporation)
C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
C:\Program Files\Symantec\pcAnywhere\Winaw32.exe:*:Enabled:pcAnywhere Main Executable (Symantec Corporation)
C:\Program Files\Symantec\pcAnywhere\awhost32.exe:*:Enabled:pcAnywhere Host Service (Symantec Corporation)
C:\Program Files\Symantec\pcAnywhere\awrem32.exe:*:Enabled:pcAnywhere Remote Service (Symantec Corporation)
C:\Program Files\BitPim\bitpim.exe:*:Enabled:BitPim 0.7.33 (http://www.bitpim.org)
C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger (Microsoft Corporation)
C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader (AOL LLC)
C:\Program Files\Maxtor\Maxtor Quick Start\mssManager.exe:*:Enabled:mssManager ()
C:\Program Files\Ipswitch\WS_FTP Pro\wsftpgui.exe:*:Enabled:WS_FTP Pro Application (Ipswitch, Inc. 10 Maguire Road - Suite 220 Lexington, MA 02421)
C:\Program Files\Intuit\QuickBooks 2006\QBDBMgrN.exe:*:Enabled:QuickBooks 2006 Data Manager (Intuit, Inc.)
C:\Program Files\Intuit\QuickBooks 2007\QBDBMgrN.exe:*:Enabled:QuickBooks 2007 Data Manager (iAnywhere Solutions, Inc.)
C:\Program Files\TurboTax\Premier 2006\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax (Intuit, Inc.)
C:\Program Files\TurboTax\Premier 2006\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager (Intuit, Inc.)
C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM (AOL LLC)
C:\WINDOWS\system32\fxsclnt.exe:*:Enabled:Microsoft Fax Console (Microsoft Corporation)
C:\Program Files\Remote Support System\Source\vncviewer.exe:*:Enabled:RSS Server (R.D.H. LLC (www.RemoteSupportSystem.com))
C:\Program Files\Remote Support System\Source\repeater.exe:*:Enabled:repeater ()
C:\Program Files\Intuit\QuickBooks Enterprise Solutions 8.0\QBDBMgrN.exe:*:Enabled:QuickBooks Enterprise 8.0 Data Manager (iAnywhere Solutions, Inc.)
C:\Program Files\Intuit\QuickBooks 2008\QBDBMgrN.exe:*:Enabled:QuickBooks 2008 Data Manager (iAnywhere Solutions, Inc.)
C:\Program Files\PrinterAnywhere\paConsole.exe:*:Enabled:PrinterAnywhere Console (PrinterAnywhere)
C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent (BitTorrent, Inc.)
C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger (Microsoft Corporation)
C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) (Microsoft Corporation)
C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Mozilla Firefox (Mozilla Corporation)
C:\Program Files\TurboTax\Premier 2007\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax (Intuit, Inc.)
C:\Program Files\TurboTax\Premier 2007\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager (Intuit, Inc.)
C:\Program Files\WebSite X5 Evolution\WebSite.exe:*:Enabled:WebSite X5 Evolution (Incomedia - www.websitex5.com)
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server (Intuit Inc.)
"" = :*:Enabled:Windows Service Processor
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe:*:Enabled:Malwarebytes' Anti-Malware (Malwarebytes Corporation)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0030188A-533E-42EE-9837-E044F10E4369}" = Palm
"{0456ebd7-5f67-4ab6-852e-63781e3f389c}" = Macromedia Flash Player
"{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}" = mSSO
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{079446C0-A852-4CF8-9EE0-63BDF8F76A0F}" = Web Easy Professional 7
"{0985219E-8B06-417B-A202-A1B66163F78E}" = Web Easy Professional 7
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{115E8183-866A-11D3-97DF-0000F8D8F2E9}" = Symantec pcAnywhere
"{11F5D779-7BD9-465A-BBC4-10701386BCB9}" = FW LiveUpdate
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{14374622-0900-4056-BA06-C87C900AF9E6}" = QuickBooks Pro 2005
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1C875160-7E87-45C6-85C5-4FE2A840A3B8}" = Maxtor Quick Start
"{1F528948-0E80-4C96-B455-DE4167CB1DF7}" = Internal Network Card Power Management
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD LE
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{237a4b22-78c2-11d6-a394-00104bd190b1}" = QuickBooks Pro Edition 2003
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Dell Media Experience
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 11
"{29521505-F489-4822-ADFA-32C6DEE4F114}" = TurboTax 2008 WinPerUserEducation
"{2A7141A5-1178-4BB6-B98D-41B3D4B04888}" = Timeslips 2005
"{2b02f822-a9b9-458c-80e5-3ea8c0de8471}" = QuickBooks Pro Edition 2004
"{2BAB02C5-DAFF-45AD-839E-2DE186891E47}" = VBA (2627.01)
"{2BD5C305-1B27-4D41-B690-7A61172D2FEB}" = Macromedia Flash 8
"{2D95950E-6D76-43E7-94A5-D9DBA2FD29E4}" = ACDSee Pro 2.5
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java™ 6 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{3404CD66-E6F3-4CD9-B5A0-56AA1E1C1520}" = Web Easy Professional 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{4192EAC0-6B36-4723-B216-D0E86E7757AC}" = Jasc Paint Shop Photo Album 5
"{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}" = mHlpDell
"{4F5A1F00-0DC9-45A5-8CDA-59A0FAE5CBE4}" = PrinterAnywhere
"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}" = Windows Live Messenger
"{54D0CC3E-A83A-475A-83EE-E9AF8AFB9538}" = WebEx Meeting Manager for Mozilla Firefox/Netscape Navigator
"{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}" = Macromedia Extension Manager
"{55584E16-4D70-44EE-93DD-F144E8B7D4B7}" = QuickBooks Product Listing Service
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service
"{621FCD24-4498-4324-A81E-07D331376EDF}" = PixiePack Codec Pack
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{64A77F14-0E08-4A97-A859-E93CFF428756}" = Broadcom Management Programs 2
"{675F65BF-F58A-44DD-9555-6F439759C4E4}" = SOAP3 and XML4
"{679423B8-A7DD-46A4-BB35-6AD19D0E5B9A}" = Magic Speed
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.5
"{698AC01B-DF0C-4BCE-940C-EB29AD23A560}" = Stamps.com
"{69A83D99-D41B-4396-BCC4-3DCB77DFFED0}" = WebIQ Technology Engine
"{69B02159-7623-4DBB-B9EE-F933039830AD}" = QuickBooks Premier: Accountant Edition 2006
"{6DE14BE4-6F04-4935-8ABD-A0A19FE2E55A}" = mCore
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{6E927113-C406-4205-843E-E947C224A075}_is1" = Remote Support System
"{6FFFE74E-3FBD-4E2E-97F9-5E9A2A077626}" = mIWCA
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74EC78BC-B379-4E29-9006-8F161DCAABA6}" = Apple Software Update
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{7570F1CA-016D-46AC-B586-CD74645EFB52}" = TurboTax 2008 WinPerFedFormset
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{78C496B9-5A6B-4692-8C2E-AFFFC34E4961}" = Jasc Paint Shop Pro Studio, Dell Editon
"{78D944D7-A97B-4004-AB0A-B5AD06839940}" = My Way Search Assistant
"{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}" = AnswerWorks 4.0 Runtime - English
"{7E545666-F423-45FD-B3DF-C0B99A1A579F}" = QuickBooks Premier: Accountant Edition 2007
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{84F1DE76-C48C-4281-87A0-CC9548D1E7F9}" = Rhapsody Player Engine
"{88214092-836F-4E22-A5AC-569AC9EE6A0F}" = TurboTax 2008 WinPerReleaseEngine
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}" = Macromedia Flash 8 Video Encoder
"{8ECB8220-F423-4BEB-9596-97033C533702}" = QuickBooks Premier: Accountant Edition 2008
"{8ECB8220-F440-4BEB-9596-97033C533702}" = QuickBooks Enterprise Solutions: Retail Edition 8.0
"{8FD74784-0C6E-4AE0-A729-84A1624BB273}" = Color Network ScanGear Ver.1.3
"{900A92BA-19EF-4A34-86CF-7B6C85BDD971}" = VC_MergeModuleToMSI
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90170409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office FrontPage 2003
"{90260409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Web Components
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{94CDD59F-8E30-4B37-BFD1-5B3CD9538B83}" = System Files
"{9578C0CD-8108-4379-9026-4601F59859A0}" = Google Earth Pro
"{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}" = QuickTime
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{9D81998C-2227-4301-8E77-5021EE0FA8A7}" = ZyXEL AG-225H
"{9E5A03E3-6246-4920-9630-0527D5DA9B07}" = AnswerWorks 5.0 English Runtime
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
"{AC76BA86-0000-0000-0000-6028747ADE01}" = Adobe Acrobat - Reader 6.0.2 Update
"{AC76BA86-0000-7EC8-7489-000000000603}" = Adobe Acrobat and Reader 6.0.3 Update
"{AC76BA86-0000-7EC8-7489-000000000604}" = Adobe Acrobat and Reader 6.0.4 Update
"{AC76BA86-0000-7EC8-7489-000000000605}" = Adobe Acrobat and Reader 6.0.5 Update
"{AC76BA86-0000-7EC8-7489-000000000606}" = Adobe Acrobat and Reader 6.0.6 Update
"{AC76BA86-1033-F400-7760-000000000001}" = Adobe Acrobat 6.0.1 Professional - English, Français, Deutsch
"{AD88355B-A4E0-4DA1-BAC3-EA4FEA930691}" = Ipswitch WS_FTP Pro
"{AF06CAE4-C134-44B1-B699-14FBDB63BD37}" = Dell Picture Studio v3.0
"{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}" = Windows Live Sign-in Assistant
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{B1DB1AD8-C07E-4052-81A1-D2930232BA70}" = TurboTax 2008 wrapper
"{B23726CF-68BF-41A6-A4EB-72F12F87FE05}" = TurboTax 2008 WinPerTaxSupport
"{B2AE44CB-2AAB-4C08-A54B-D264BD604DA8}" = Citrix Presentation Server Client
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B43357AA-3A6D-4D94-B56E-43C44D09E548}" = Microsoft .NET Framework (English)
"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
"{B74D4E10-6884-0000-0000-000000000103}" = Adobe Bridge 1.0
"{BA0DB8B7-7DCF-4F5E-AD6E-49F8DDFB9176}" = Dynamic DNS Client .NET Edition - Desktop
"{BD12EB47-DBDF-11D3-BEEA-00A0CC272509}" = Norton AntiVirus Corporate Edition
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{C82A848F-E98A-4451-9E71-2BD9B8AB8A6B}_is1" = ComScan 24 September 2003
"{CA9BAADB-C262-4E05-B2E2-CEE8CE9809EC}" = mToolkit
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{CF110B43-07D4-4D80-8F6A-0154680F3622}" = Global fx Components
"{D16AA51D-2BE9-421A-84A7-759578E64A74}" = Web Easy Professional 7
"{D2A6C498-9484-4C1F-A944-38CC62079157}" = Web Easy Professional 7
"{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer
"{DF81B441-BBE3-4A1E-AB7A-A430F806E682}" = Tunebite
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E6D9BC25-0DBC-4368-8E4A-7DEE80661CD9}" = TurboTax 2008 WinPerProgramHelp
"{E93E5EF6-D361-481E-849D-F16EF5C78EBC}" = Musicmatch for Windows Media Player
"{EA2BEBD6-87B9-41E5-95AC-7E4C165A9475}" = WexTech AnswerWorks
"{EB866374-B705-4749-83D9-997AC77146B3}" = LGUsbDriver
"{ED0042CA-CBEA-4ADF-B262-FE0518AF2221}" = LogMeIn
"{EE0D5DCD-2B97-4473-98DF-E93C0BD92F7A}" = Adobe Stock Photos 1.0
"{EE3EB6B9-5A4A-42F7-B545-42B2878021E6}" = Timeslips by Sage 2007
"{EF1B5DF7-8DF5-4D38-BFF0-FDC7B7847C00}" = Logitech QuickCam Software
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{FA61D601-A0FC-48BD-AE7A-54946BCD7FB6}_is1" = BitPim 1.0.1
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"{FD4776A5-A39D-4208-AC34-AF4373C81967}" = EOL Universal Printer Client
"{FF47C88B-7713-4113-8A74-A8BDC3D350EB}" = Web Easy Professional 7
"ABC Amber BlackBerry Converter" = ABC Amber BlackBerry Converter
"ActiveTouchMeetingClient" = WebEx
"Ad-Aware SE Professional" = Ad-Aware SE Professional
"Adobe Atmosphere Player" = Adobe Atmosphere Player for Acrobat and Adobe Reader
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Advanced Intuit Password Recovery" = Advanced Intuit Password Recovery (remove only)
"AIM_6" = AIM 6
"ATI Display Driver" = ATI Display Driver
"CANONBJ_Deinstall_CNMCP6l.DLL" = Canon PIXMA iP8500
"CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1" = Conexant D110 MDC V.92 Modem
"Curitel PC Card" = Curitel PC Card Software
"Easy-WebPrint" = Easy-WebPrint
"Google Updater" = Google Updater
"Hex Editor 3" = HHD Software Free Hex Editor 3.12
"Incomedia WebSite X5 Evolution" = Incomedia WebSite X5 Evolution
"InstallShield_{1C875160-7E87-45C6-85C5-4FE2A840A3B8}" = Maxtor Quick Start
"InstallShield_{64A77F14-0E08-4A97-A859-E93CFF428756}" = Broadcom Management Programs 2
"InstallShield_{CF110B43-07D4-4D80-8F6A-0154680F3622}" = Global fx Components
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 3.9.0
"LiveReg" = LiveReg (Symantec Corporation)
"LiveUpdate" = LiveUpdate 2.5 (Symantec Corporation)
"Magic DVD Copier_is1" = Magic DVD Copier V4.7
"Magic DVD Ripper_is1" = Magic DVD Ripper V5.2
"malwarebytes' anti-malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework Full v1.0.3705 (1033)" = Microsoft .NET Framework (English) v1.0.3705
"Mozilla Firefox (3.0.5)" = Mozilla Firefox (3.0.5)
"Mozilla Thunderbird (2.0.0.19)" = Mozilla Thunderbird (2.0.0.19)
"MyWaySearchAssistantDE" = My Way Search Assistant
"NetTools_is1" = NetTools 5.0
"ProInst" = Intel® PROSet/Wireless Software
"QcDrv" = Logitech Camera Driver
"Stamps.com" = Stamps.com
"TomTom HOME" = TomTom HOME
"TurboTax 2008" = TurboTax 2008
"TurboTax Premier 2005" = TurboTax Premier 2005
"TurboTax Premier 2007" = TurboTax Premier 2007
"TurboTax Premier Investments 2006" = TurboTax Premier Investments 2006
"Viewpoint Manager" = Viewpoint Manager (Remove Only)
"ViewpointMediaPlayer" = Viewpoint Media Player
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"WinPcapInst" = WinPcap 3.0
"WinRAR archiver" = WinRAR archiver
"WinZip" = WinZip

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/20/2009 4:52:02 AM | Computer Name = CHRIS-ABOD | Source = Norton AntiVirus | ID = 16711685
Description = Virus Found!Virus name: Trojan.Vundo in File: C:\Program Files\Trend
Micro\HijackThis\backups\backup-20080623-130248-261.dll by: Realtime Protection
scan. Action: Clean failed : Quarantine succeeded : Access denied

Error - 1/20/2009 5:37:34 AM | Computer Name = CHRIS-ABOD | Source = Norton AntiVirus | ID = 16711685
Description = Virus Found!Virus name: Packed.Generic.200 in File: C:\System Volume
Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP202\A0023074.dll by:
Realtime Protection scan. Action: Clean failed : Quarantine succeeded : Access
denied

Error - 1/20/2009 6:37:35 AM | Computer Name = CHRIS-ABOD | Source = Norton AntiVirus | ID = 16711685
Description = Virus Found!Virus name: Trojan.Pandex in File: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP202\A0023079.sys
by: Realtime Protection scan. Action: Clean failed : Quarantine succeeded : Access
denied

Error - 1/20/2009 7:37:35 AM | Computer Name = CHRIS-ABOD | Source = Norton AntiVirus | ID = 16711685
Description = Virus Found!Virus name: Trojan Horse in File: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP202\A0023084.exe
by: Realtime Protection scan. Action: Clean failed : Quarantine succeeded : Access
denied

Error - 1/20/2009 8:31:09 AM | Computer Name = CHRIS-ABOD | Source = Application Error | ID = 1000
Description = Faulting application , version 0.0.0.0, faulting module unknown, version
0.0.0.0, fault address 0x00000000.

Error - 1/20/2009 8:32:40 AM | Computer Name = CHRIS-ABOD | Source = Application Error | ID = 1004
Description = Faulting application svchost.exe, version 0.0.0.0, faulting module
unknown, version 0.0.0.0, fault address 0x00000000.

Error - 1/20/2009 9:09:08 AM | Computer Name = CHRIS-ABOD | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.2180, faulting
module svchost.exe, version 5.1.2600.2180, fault address 0x00001000.

Error - 1/20/2009 9:56:12 AM | Computer Name = CHRIS-ABOD | Source = Application Error | ID = 1004
Description = Faulting application svchost.exe, version 5.1.2600.2180, faulting
module svchost.exe, version 5.1.2600.2180, fault address 0x00001000.

Error - 1/20/2009 2:57:01 PM | Computer Name = CHRIS-ABOD | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.2180, faulting
module svchost.exe, version 5.1.2600.2180, fault address 0x00001000.

Error - 1/20/2009 2:58:06 PM | Computer Name = CHRIS-ABOD | Source = Application Error | ID = 1004
Description = Faulting application svchost.exe, version 5.1.2600.2180, faulting
module svchost.exe, version 5.1.2600.2180, fault address 0x00001000.

[ System Events ]
Error - 1/20/2009 4:51:17 AM | Computer Name = CHRIS-ABOD | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 1/20/2009 4:51:21 AM | Computer Name = CHRIS-ABOD | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 1/20/2009 4:51:23 AM | Computer Name = CHRIS-ABOD | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 1/20/2009 4:51:26 AM | Computer Name = CHRIS-ABOD | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 1/20/2009 4:51:29 AM | Computer Name = CHRIS-ABOD | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 1/20/2009 5:08:31 AM | Computer Name = CHRIS-ABOD | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 1/20/2009 5:08:33 AM | Computer Name = CHRIS-ABOD | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 1/20/2009 8:31:22 AM | Computer Name = CHRIS-ABOD | Source = ipnathlp | ID = 30013
Description = The DHCP allocator has disabled itself on IP address 192.168.123.129,
since
the IP address is outside the 192.168.0.0/255.255.255.0 scope from which addresses
are being allocated to DHCP clients. To enable the DHCP allocator on this IP address,
please
change the scope to include the IP address, or change the IP address to fall within
the scope.

Error - 1/20/2009 9:09:24 AM | Computer Name = CHRIS-ABOD | Source = ipnathlp | ID = 30013
Description = The DHCP allocator has disabled itself on IP address 192.168.123.129,
since
the IP address is outside the 192.168.0.0/255.255.255.0 scope from which addresses
are being allocated to DHCP clients. To enable the DHCP allocator on this IP address,
please
change the scope to include the IP address, or change the IP address to fall within
the scope.

Error - 1/20/2009 2:54:55 PM | Computer Name = CHRIS-ABOD | Source = ipnathlp | ID = 30013
Description = The DHCP allocator has disabled itself on IP address 192.168.123.129,
since
the IP address is outside the 192.168.0.0/255.255.255.0 scope from which addresses
are being allocated to DHCP clients. To enable the DHCP allocator on this IP address,
please
change the scope to include the IP address, or change the IP address to fall within
the scope.


< End of report >
  • 0

#5
Kritayot
Posted 20 January 2009 - 02:03 PM

Kritayot

    Member

  • Topic Starter
  • Member
  • PipPip
  • 61 posts
OTListIt.Txt log is not completed so, I have attached the file here.

Attached Files


  • 0

#6
Kritayot
Posted 20 January 2009 - 02:05 PM

Kritayot

    Member

  • Topic Starter
  • Member
  • PipPip
  • 61 posts
--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 2
X86-based PC ( Uniprocessor Free : Intel® Pentium® M processor 2.00GHz )
BIOS : Phoenix ROM BIOS PLUS Version 1.10 A09
USER : Chris ( Administrator )
BOOT : Normal boot
C:\ (Local Disk) - NTFS - Total:71 Go (Free:7 Go)
D:\ (CD or DVD)
W:\ (Network Disk) - NTFS - Total:465 Go (Free:157 Go)
X:\ (Network Disk) - NTFS - Total:279 Go (Free:230 Go)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [1] ( Tue 01/20/2009|15:00 )

--------------------\\ Listing folders in APPLIC~1

[06/09/2005|11:44] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Gtek
[08/10/2004|01:08] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Identities
[06/04/2005|01:51] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Intel
[06/04/2005|02:01] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Jasc Software Inc
[08/10/2004|12:57] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Microsoft
[06/04/2005|01:49] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Sun

[05/09/2008|10:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> {CD803408-B546-4715-B3C6-C8DB70765DFB}
[12/11/2008|09:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> acccore
[10/12/2008|11:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> ACD Systems
[07/31/2007|09:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Adobe
[07/31/2007|09:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Adobe Systems
[02/20/2008|09:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> AOL
[12/11/2008|09:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> AOL Downloads
[12/14/2006|10:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> AOL OCP
[09/24/2007|11:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Apple
[09/24/2007|11:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Apple Computer
[10/24/2008|01:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Avanquest
[10/24/2008|01:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> BVRP Software
[10/22/2007|11:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> CanonBJ
[03/16/2008|08:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Cogniview
[01/31/2007|11:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> COMMON FILES
[06/04/2005|01:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> CyberLink
[09/13/2006|08:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Google
[01/18/2009|09:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Google Updater
[06/09/2005|11:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> GTek
[12/20/2007|03:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Hewlett-Packard
[05/11/2006|08:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> HotSync
[06/04/2005|02:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> InstallShield
[06/04/2005|01:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Intel
[12/30/2008|03:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Intuit
[07/23/2008|11:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> LogMeIn
[07/31/2007|11:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Macromedia
[07/07/2008|12:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Malwarebytes
[05/02/2006|09:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Maxtor
[06/09/2005|11:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> McAfee.com
[06/25/2008|11:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Microsoft
[01/23/2008|02:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> MSScanAppDataDir
[08/24/2008|09:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> RapidSolution
[05/07/2008|10:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Real
[12/24/2008|04:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Roxio
[08/10/2004|01:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> SBSI
[12/24/2008|03:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Sonic
[01/20/2009|08:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Spybot - Search & Destroy
[06/01/2007|10:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Symantec
[06/13/2008|08:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> TomTom
[02/20/2008|09:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Viewpoint
[12/21/2007|01:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> vsosdk
[12/06/2005|02:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Windows Genuine Advantage
[06/18/2008|10:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> WLInstaller
[07/12/2007|09:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Yahoo!

[02/07/2006|10:07] C:\DOCUME~1\Chris\APPLIC~1\<DIR> acccore
[06/27/2005|07:02] C:\DOCUME~1\Chris\APPLIC~1\<DIR> ACD Systems
[12/24/2008|05:52] C:\DOCUME~1\Chris\APPLIC~1\<DIR> Adobe
[01/16/2009|02:51] C:\DOCUME~1\Chris\APPLIC~1\<DIR> AdobeUM
[02/07/2006|10:14] C:\DOCUME~1\Chris\APPLIC~1\<DIR> Aim
[09/24/2007|11:41] C:\DOCUME~1\Chris\APPLIC~1\<DIR> Apple Computer
[06/23/2005|11:47] C:\DOCUME~1\Chris\APPLIC~1\<DIR> Arcsoft
[10/24/2008|01:51] C:\DOCUME~1\Chris\APPLIC~1\<DIR> Avanquest
[01/20/2009|12:30] C:\DOCUME~1\Chris\APPLIC~1\<DIR> cogad
[03/16/2008|08:13] C:\DOCUME~1\Chris\APPLIC~1\<DIR> Cogniview
[06/10/2005|01:48] C:\DOCUME~1\Chris\APPLIC~1\<DIR> CyberLink
[10/25/2007|08:54] C:\DOCUME~1\Chris\APPLIC~1\<DIR> eFax Messenger
[01/19/2006|11:03] C:\DOCUME~1\Chris\APPLIC~1\<DIR> Google
[06/09/2005|11:44] C:\DOCUME~1\Chris\APPLIC~1\<DIR> Gtek
[06/27/2005|10:02] C:\DOCUME~1\Chris\APPLIC~1\<DIR> Help
[05/11/2006|07:50] C:\DOCUME~1\Chris\APPLIC~1\<DIR> HotSync
[05/27/2008|02:21] C:\DOCUME~1\Chris\APPLIC~1\<DIR> ICAClient
[08/10/2004|01:08] C:\DOCUME~1\Chris\APPLIC~1\<DIR> Identities
[12/24/2008|05:26] C:\DOCUME~1\Chris\APPLIC~1\<DIR> InstallShield
[06/04/2005|01:51] C:\DOCUME~1\Chris\APPLIC~1\<DIR> Intel
[07/24/2008|11:01] C:\DOCUME~1\Chris\APPLIC~1\<DIR> Intuit
[06/27/2005|06:44] C:\DOCUME~1\Chris\APPLIC~1\<DIR> Ipswitch
[06/12/2005|09:12] C:\DOCUME~1\Chris\APPLIC~1\<DIR> Jasc Software Inc
[05/31/2007|01:48] C:\DOCUME~1\Chris\APPLIC~1\<DIR> Lavasoft
[06/10/2005|01:47] C:\DOCUME~1\Chris\APPLIC~1\<DIR> Leadertech
[12/25/2008|08:53] C:\DOCUME~1\Chris\APPLIC~1\<DIR> Macromedia
[07/07/2008|12:41] C:\DOCUME~1\Chris\APPLIC~1\<DIR> Malwarebytes
[05/02/2006|09:46] C:\DOCUME~1\Chris\APPLIC~1\<DIR> Maxtor Quick Start
[06/09/2005|11:41] C:\DOCUME~1\Chris\APPLIC~1\<DIR> McAfee.com Personal Firewall
[05/07/2008|10:19] C:\DOCUME~1\Chris\APPLIC~1\<DIR> Media Player Classic
[07/07/2008|12:36] C:\DOCUME~1\Chris\APPLIC~1\<DIR> Microsoft
[07/18/2008|03:21] C:\DOCUME~1\Chris\APPLIC~1\<DIR> Mozilla
[01/03/2008|01:40] C:\DOCUME~1\Chris\APPLIC~1\<DIR> Opera
[05/19/2008|10:48] C:\DOCUME~1\Chris\APPLIC~1\<DIR> Real
[06/10/2005|01:47] C:\DOCUME~1\Chris\APPLIC~1\<DIR> Sonic
[12/23/2008|12:56] C:\DOCUME~1\Chris\APPLIC~1\<DIR> Stamps.com Internet Postage
[06/04/2005|01:49] C:\DOCUME~1\Chris\APPLIC~1\<DIR> Sun
[05/24/2008|10:23] C:\DOCUME~1\Chris\APPLIC~1\<DIR> SUPERAntiSpyware.com
[06/10/2005|01:22] C:\DOCUME~1\Chris\APPLIC~1\<DIR> Symantec
[07/09/2007|11:18] C:\DOCUME~1\Chris\APPLIC~1\<DIR> Talkback
[08/31/2005|10:07] C:\DOCUME~1\Chris\APPLIC~1\<DIR> Thunderbird
[01/07/2008|09:12] C:\DOCUME~1\Chris\APPLIC~1\<DIR> TomTom
[07/14/2005|01:43] C:\DOCUME~1\Chris\APPLIC~1\<DIR> Toshiba
[08/26/2008|08:33] C:\DOCUME~1\Chris\APPLIC~1\<DIR> Tunebite
[08/19/2008|10:26] C:\DOCUME~1\Chris\APPLIC~1\<DIR> U3
[10/30/2008|12:59] C:\DOCUME~1\Chris\APPLIC~1\<DIR> uTorrent
[06/07/2007|01:05] C:\DOCUME~1\Chris\APPLIC~1\<DIR> Viewpoint
[12/21/2007|12:01] C:\DOCUME~1\Chris\APPLIC~1\<DIR> Vso
[11/06/2008|02:31] C:\DOCUME~1\Chris\APPLIC~1\<DIR> webex
[08/16/2007|09:50] C:\DOCUME~1\Chris\APPLIC~1\<DIR> WinRAR
[11/26/2007|11:09] C:\DOCUME~1\Chris\APPLIC~1\<DIR> Xara

[06/09/2005|11:44] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Gtek
[08/10/2004|01:08] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Identities
[06/04/2005|01:51] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Intel
[06/04/2005|02:01] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Jasc Software Inc
[08/10/2004|12:57] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Microsoft
[06/04/2005|01:49] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Sun

[05/24/2008|11:31] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Adobe
[05/24/2008|11:31] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Google
[05/24/2008|03:56] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Identities
[05/24/2008|03:57] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Intel
[05/24/2008|11:31] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Macromedia
[06/09/2005|11:41] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> McAfee.com Personal Firewall
[01/31/2007|11:08] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Microsoft

[12/21/2007|09:53] C:\DOCUME~1\NETWOR~1\APPLIC~1\<DIR> Microsoft

--------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks

[01/20/2009 01:54 PM][--ah-----] C:\WINDOWS\tasks\SA.DAT
[08/04/2004 05:00 AM][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing Folders in C:\Program Files

[12/24/2008|04:01] C:\Program Files\<DIR> ABC Amber BlackBerry Converter
[10/12/2008|11:01] C:\Program Files\<DIR> ACD Systems
[12/24/2008|05:55] C:\Program Files\<DIR> Adobe
[02/07/2006|10:15] C:\Program Files\<DIR> AIM
[12/11/2008|09:58] C:\Program Files\<DIR> AIM6
[12/07/2006|09:08] C:\Program Files\<DIR> AOD
[06/04/2005|01:35] C:\Program Files\<DIR> Apoint
[09/24/2007|11:38] C:\Program Files\<DIR> Apple Software Update
[06/04/2005|01:54] C:\Program Files\<DIR> ATI Technologies
[10/24/2008|01:45] C:\Program Files\<DIR> Avanquest
[10/24/2008|01:46] C:\Program Files\<DIR> Avanquest update
[06/22/2008|10:44] C:\Program Files\<DIR> AVSMedia
[08/14/2007|07:55] C:\Program Files\<DIR> BitPim
[06/10/2005|06:57] C:\Program Files\<DIR> Borland
[06/04/2005|01:52] C:\Program Files\<DIR> Broadcom
[08/11/2006|10:31] C:\Program Files\<DIR> Canon
[05/27/2008|01:05] C:\Program Files\<DIR> Citrix
[12/30/2008|03:10] C:\Program Files\<DIR> Common Files
[08/10/2004|01:02] C:\Program Files\<DIR> ComPlus Applications
[07/18/2005|08:08] C:\Program Files\<DIR> ComScan
[06/04/2005|01:36] C:\Program Files\<DIR> CONEXANT
[06/04/2005|01:57] C:\Program Files\<DIR> CyberLink
[02/01/2006|09:56] C:\Program Files\<DIR> Dell
[06/04/2005|02:02] C:\Program Files\<DIR> Dell Inc
[06/04/2005|01:57] C:\Program Files\<DIR> Digital Line Detect
[05/07/2008|10:16] C:\Program Files\<DIR> DivX
[10/19/2007|08:57] C:\Program Files\<DIR> Dynamic DNS 5
[10/12/2007|11:40] C:\Program Files\<DIR> Elcomsoft
[11/20/2007|12:08] C:\Program Files\<DIR> Folder Password Expert
[06/12/2005|12:25] C:\Program Files\<DIR> GlobeSoft
[12/24/2008|09:52] C:\Program Files\<DIR> Google
[05/31/2007|12:55] C:\Program Files\<DIR> Grisoft
[05/27/2008|01:43] C:\Program Files\<DIR> Hewlett-Packard
[08/15/2007|10:31] C:\Program Files\<DIR> HHD Software
[11/07/2006|01:43] C:\Program Files\<DIR> HP
[10/24/2008|01:46] C:\Program Files\<DIR> InstallShield Installation Information
[06/04/2005|01:56] C:\Program Files\<DIR> Intel
[06/04/2005|01:51] C:\Program Files\<DIR> Intel, Inc
[12/10/2008|03:20] C:\Program Files\<DIR> Internet Explorer
[12/26/2007|01:55] C:\Program Files\<DIR> Intuit
[06/27/2005|06:44] C:\Program Files\<DIR> Ipswitch
[02/11/2006|11:24] C:\Program Files\<DIR> ItsDeductible2005
[06/04/2005|02:02] C:\Program Files\<DIR> Jasc Software Inc
[12/11/2008|09:31] C:\Program Files\<DIR> Java
[05/07/2008|10:18] C:\Program Files\<DIR> K-Lite Codec Pack
[05/26/2008|11:07] C:\Program Files\<DIR> Lavasoft
[07/18/2005|09:25] C:\Program Files\<DIR> LGUsbDriver
[11/15/2007|09:58] C:\Program Files\<DIR> LizardTech
[02/06/2006|08:39] C:\Program Files\<DIR> Logitech
[01/20/2009|12:26] C:\Program Files\<DIR> LogMeIn
[06/01/2007|11:22] C:\Program Files\<DIR> Macrogaming
[12/25/2008|08:58] C:\Program Files\<DIR> Macromedia
[12/21/2007|01:29] C:\Program Files\<DIR> MagicDVDCopier
[12/20/2007|12:22] C:\Program Files\<DIR> MagicDVDRipper
[01/20/2009|01:15] C:\Program Files\<DIR> Malwarebytes' Anti-Malware
[05/02/2006|09:46] C:\Program Files\<DIR> Maxtor
[08/13/2008|11:09] C:\Program Files\<DIR> Messenger
[06/10/2005|01:04] C:\Program Files\<DIR> Microsoft ActiveSync
[08/10/2004|01:04] C:\Program Files\<DIR> microsoft frontpage
[01/30/2008|02:47] C:\Program Files\<DIR> Microsoft Office
[06/04/2005|02:00] C:\Program Files\<DIR> Microsoft Plus! Digital Media Edition
[06/04/2005|02:00] C:\Program Files\<DIR> Microsoft Plus! Photo Story 2 LE
[12/28/2007|10:05] C:\Program Files\<DIR> Microsoft SQL Server
[06/10/2005|01:03] C:\Program Files\<DIR> Microsoft Visual Studio
[06/10/2005|01:11] C:\Program Files\<DIR> Microsoft Works
[12/21/2007|10:01] C:\Program Files\<DIR> Microsoft.NET
[06/04/2005|01:56] C:\Program Files\<DIR> Modem Helper
[08/10/2004|01:02] C:\Program Files\<DIR> Movie Maker
[01/20/2009|02:12] C:\Program Files\<DIR> Mozilla Firefox
[01/20/2009|02:12] C:\Program Files\<DIR> Mozilla Thunderbird
[06/18/2008|10:21] C:\Program Files\<DIR> MSECache
[08/10/2004|01:01] C:\Program Files\<DIR> MSN
[08/10/2004|01:01] C:\Program Files\<DIR> MSN Gaming Zone
[03/03/2008|09:48] C:\Program Files\<DIR> MSN Messenger
[11/17/2006|05:32] C:\Program Files\<DIR> MSXML 4.0
[12/24/2008|07:55] C:\Program Files\<DIR> MSXML 6.0
[01/20/2009|02:00] C:\Program Files\<DIR> MUSICMATCH
[01/23/2008|09:48] C:\Program Files\<DIR> MyPasswordGenerator
[06/01/2007|01:51] C:\Program Files\<DIR> NavNT
[09/04/2008|01:02] C:\Program Files\<DIR> Net Tools
[08/10/2004|01:02] C:\Program Files\<DIR> NetMeeting
[06/04/2005|01:56] C:\Program Files\<DIR> NetWaiting
[10/19/2007|08:57] C:\Program Files\<DIR> No-IP
[06/10/2005|01:16] C:\Program Files\<DIR> OfficeUpdate11
[08/10/2004|01:01] C:\Program Files\<DIR> Online Services
[01/14/2008|09:37] C:\Program Files\<DIR> ORL
[06/13/2007|08:30] C:\Program Files\<DIR> Outlook Express
[10/25/2008|09:43] C:\Program Files\<DIR> palmOne
[08/24/2008|09:19] C:\Program Files\<DIR> PixiePack Codec Pack
[08/16/2007|12:08] C:\Program Files\<DIR> Plato Video To 3GP Converter
[01/04/2008|10:37] C:\Program Files\<DIR> PrinterAnywhere
[09/24/2007|11:39] C:\Program Files\<DIR> QuickTime
[08/24/2008|02:18] C:\Program Files\<DIR> RapidSolution
[01/18/2007|03:46] C:\Program Files\<DIR> RE7
[06/13/2007|03:37] C:\Program Files\<DIR> Real
[01/18/2009|06:43] C:\Program Files\<DIR> Remote Support System
[11/15/2007|10:21] C:\Program Files\<DIR> SAMSUNG
[11/15/2007|10:16] C:\Program Files\<DIR> SamsungODD
[06/04/2005|01:37] C:\Program Files\<DIR> Sigmatel
[10/19/2007|08:57] C:\Program Files\<DIR> SiteDevelopers.Com
[06/04/2005|02:04] C:\Program Files\<DIR> Sonic
[01/20/2009|07:39] C:\Program Files\<DIR> Spybot - Search & Destroy
[05/22/2008|03:40] C:\Program Files\<DIR> Stamps.com Internet Postage
[05/27/2008|01:36] C:\Program Files\<DIR> SUPERAntiSpyware
[06/01/2007|10:08] C:\Program Files\<DIR> Symantec
[06/21/2008|11:52] C:\Program Files\<DIR> TGTSoft
[11/20/2008|10:13] C:\Program Files\<DIR> Timeslips
[06/13/2008|08:55] C:\Program Files\<DIR> TomTom HOME 2
[07/08/2008|10:26] C:\Program Files\<DIR> Toshiba
[05/25/2008|09:39] C:\Program Files\<DIR> Trend Micro
[12/30/2008|03:05] C:\Program Files\<DIR> TurboTax
[09/19/2006|01:27] C:\Program Files\<DIR> Uninstall Information
[10/17/2007|03:22] C:\Program Files\<DIR> Usability Sciences
[05/06/2008|01:19] C:\Program Files\<DIR> uTorrent
[12/11/2008|09:55] C:\Program Files\<DIR> Viewpoint
[06/21/2008|01:16] C:\Program Files\<DIR> WebSite X5 Evolution
[06/18/2008|10:21] C:\Program Files\<DIR> Windows Installer Clean Up
[06/18/2008|10:28] C:\Program Files\<DIR> Windows Live
[02/18/2006|03:01] C:\Program Files\<DIR> Windows Media Player
[08/10/2004|01:01] C:\Program Files\<DIR> Windows NT
[08/10/2004|01:02] C:\Program Files\<DIR> WindowsUpdate
[09/04/2008|01:02] C:\Program Files\<DIR> WinPcap
[08/16/2007|09:50] C:\Program Files\<DIR> WinRAR
[06/10/2005|07:40] C:\Program Files\<DIR> WinZip
[11/26/2007|11:06] C:\Program Files\<DIR> Xara
[08/10/2004|01:04] C:\Program Files\<DIR> xerox
[08/17/2007|10:08] C:\Program Files\<DIR> Yahoo!
[06/10/2005|07:17] C:\Program Files\<DIR> Zone Labs
[07/10/2007|12:54] C:\Program Files\<DIR> ZyXEL

--------------------\\ Listing Folders in C:\Program Files\Common Files

[10/12/2008|11:02] C:\Program Files\Common Files\<DIR> ACD Systems
[12/24/2008|05:53] C:\Program Files\Common Files\<DIR> Adobe
[07/31/2007|09:34] C:\Program Files\Common Files\<DIR> Adobe Systems Shared
[12/11/2007|12:04] C:\Program Files\Common Files\<DIR> AnswerWorks 4.0
[12/30/2008|03:10] C:\Program Files\Common Files\<DIR> AnswerWorks 5.0
[12/14/2006|09:26] C:\Program Files\Common Files\<DIR> AOL
[12/04/2007|10:30] C:\Program Files\Common Files\<DIR> ATX
[05/07/2008|12:00] C:\Program Files\Common Files\<DIR> AVSMedia
[09/19/2006|01:07] C:\Program Files\Common Files\<DIR> Blackbaud
[09/19/2006|01:05] C:\Program Files\Common Files\<DIR> DESIGNER
[12/21/2007|09:56] C:\Program Files\Common Files\<DIR> Hewlett-Packard
[06/04/2005|01:58] C:\Program Files\Common Files\<DIR> InstallShield
[12/30/2008|03:07] C:\Program Files\Common Files\<DIR> Intuit
[06/04/2005|02:01] C:\Program Files\Common Files\<DIR> Jasc Software Inc
[06/04/2005|01:49] C:\Program Files\Common Files\<DIR> Java
[06/10/2005|01:04] C:\Program Files\Common Files\<DIR> L&H
[06/10/2005|08:12] C:\Program Files\Common Files\<DIR> LHSPF
[02/06/2006|08:41] C:\Program Files\Common Files\<DIR> Logitech
[12/25/2008|08:58] C:\Program Files\Common Files\<DIR> Macromedia
[08/21/2008|04:00] C:\Program Files\Common Files\<DIR> Microsoft Shared
[08/10/2004|01:02] C:\Program Files\Common Files\<DIR> MSSoap
[02/07/2006|10:06] C:\Program Files\Common Files\<DIR> Nullsoft
[08/10/2004|12:57] C:\Program Files\Common Files\<DIR> ODBC
[12/24/2008|04:18] C:\Program Files\Common Files\<DIR> Roxio Shared
[08/10/2004|01:02] C:\Program Files\Common Files\<DIR> Services
[12/24/2008|04:18] C:\Program Files\Common Files\<DIR> Sonic Shared
[08/10/2004|12:57] C:\Program Files\Common Files\<DIR> SpeechEngines
[01/31/2007|11:10] C:\Program Files\Common Files\<DIR> supportsoft
[11/07/2006|01:40] C:\Program Files\Common Files\<DIR> SWF Studio
[06/01/2007|10:08] C:\Program Files\Common Files\<DIR> Symantec Shared
[06/13/2007|08:30] C:\Program Files\Common Files\<DIR> System
[06/04/2005|02:04] C:\Program Files\Common Files\<DIR> TiVo Shared
[10/24/2005|10:01] C:\Program Files\Common Files\<DIR> Verizon Online
[06/10/2005|08:12] C:\Program Files\Common Files\<DIR> WexTech Shared
[06/18/2008|10:16] C:\Program Files\Common Files\<DIR> WindowsLiveInstaller
[05/26/2008|11:07] C:\Program Files\Common Files\<DIR> Wise Installation Wizard

--------------------\\ Process

( 91 Processes )

... OK !

--------------------\\ Searching with S_Lop

No Lop folder found !

--------------------\\ Searching for Lop Files - Folders

No Lop folder found !

--------------------\\ Searching within the Registry

..... OK !

--------------------\\ Checking the Hosts file

Hosts file CLEAN


--------------------\\ Searching for hidden files with Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-20 15:01:33
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\\ Searching for other infections

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\Chris\Application Data\uTorrent\Style XP Incl Keygen.torrent
C:\DOCUME~1\Chris\Favorites\Chris\Software\Find Cracks.url
C:\DOCUME~1\Chris\My Documents\My Download Files\remote[1].support.system.1.6-patch to internal keygen.zip
C:\DOCUME~1\Chris\Recent\aircrack-ng-win-0.9.1.lnk


[F:20][D:11]-> C:\DOCUME~1\Chris\LOCALS~1\Temp
[F:4][D:0]-> C:\DOCUME~1\Chris\Cookies
[F:52][D:4]-> C:\DOCUME~1\Chris\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - Tue 01/20/2009|15:04 - Option : [1]

--------------------\\ Scan completed at 15:04:15
  • 0

#7
Thunderbird1988
Posted 20 January 2009 - 02:51 PM

Thunderbird1988

    Member 2k

  • Member
  • PipPipPipPipPip
  • 2,416 posts
Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.
  • 0

#8
Kritayot
Posted 20 January 2009 - 04:42 PM

Kritayot

    Member

  • Topic Starter
  • Member
  • PipPip
  • 61 posts
Malwarebytes' Anti-Malware 1.33
Database version: 1673
Windows 5.1.2600 Service Pack 2

1/20/2009 5:42:13 PM
mbam-log-2009-01-20 (17-42-13).txt

Scan type: Quick Scan
Objects scanned: 66335
Time elapsed: 9 minute(s), 22 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

#9
Thunderbird1988
Posted 21 January 2009 - 01:43 AM

Thunderbird1988

    Member 2k

  • Member
  • PipPipPipPipPip
  • 2,416 posts
Hello Kritayot,

Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

Please go to Start > Control Panel > Add/Remove Programs and remove the following (if present):

My Way Search Assistant

Please note any other programs that you dont recognize in that list in your next response

After that reboot in regular mode.

Please download the OTMoveIt3 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    :Processes
teatimer.exe
explorer.exe

:Reg
[-HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9b66b87b-c35a-11dd-9cbb-0010c67e438b}]
[-HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f212b86c-cb41-11db-9e74-00123fd631a9}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Service Processor"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"Windows Service Processor"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
"fuldqzhh"=-

:Files

C:\WINDOWS\system32\shdocvw.exe
C:\WINDOWS\System32\fuldqzhh32.dll
C:\WINDOWS\System32\fuldqzhh.dll
C:\DOCUME~1\Chris\Application Data\uTorrent\Style XP Incl Keygen.torrent
C:\DOCUME~1\Chris\Favorites\Chris\Software\Find Cracks.url
C:\DOCUME~1\Chris\My Documents\My Download Files\remote[1].support.system.1.6-patch to internal keygen.zip
C:\DOCUME~1\Chris\Recent\aircrack-ng-win-0.9.1.lnk

:Commands
[Purity]
[EmptyTemp]
[Start Explorer]
[Reboot]
  • Return to OTMoveIt3, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt3
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

After that, please try if you can psot a new Hijackthislog.

Thunderbird1988
  • 0

#10
Kritayot
Posted 21 January 2009 - 09:39 AM

Kritayot

    Member

  • Topic Starter
  • Member
  • PipPip
  • 61 posts
I cannot remove My Way Search Assistant. I got an error that some files are missing.

========== PROCESSES ==========
Process teatimer.exe killed successfully.
Process explorer.exe killed successfully.
========== REGISTRY ==========
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9b66b87b-c35a-11dd-9cbb-0010c67e438b}\\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f212b86c-cb41-11db-9e74-00123fd631a9}\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Windows Service Processor deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\\Windows Service Processor deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\\\"fuldqzhh" not found.
========== FILES ==========
C:\WINDOWS\system32\shdocvw.exe moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\fuldqzhh32.dll
C:\WINDOWS\System32\fuldqzhh32.dll NOT unregistered.
C:\WINDOWS\System32\fuldqzhh32.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\fuldqzhh.dll
C:\WINDOWS\System32\fuldqzhh.dll NOT unregistered.
C:\WINDOWS\System32\fuldqzhh.dll moved successfully.
C:\DOCUME~1\Chris\Application Data\uTorrent\Style XP Incl Keygen.torrent moved successfully.
C:\DOCUME~1\Chris\Favorites\Chris\Software\Find Cracks.url moved successfully.
C:\DOCUME~1\Chris\My Documents\My Download Files\remote[1].support.system.1.6-patch to internal keygen.zip moved successfully.
C:\DOCUME~1\Chris\Recent\aircrack-ng-win-0.9.1.lnk moved successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\Chris\LOCALS~1\Temp\etilqs_Vn2YUt1PEhEuran0UGVp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_4bc.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\Chris\Local Settings\Application Data\Mozilla\Firefox\Profiles\h54swgs5.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Chris\Local Settings\Application Data\Mozilla\Firefox\Profiles\h54swgs5.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Chris\Local Settings\Application Data\Mozilla\Firefox\Profiles\h54swgs5.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Chris\Local Settings\Application Data\Mozilla\Firefox\Profiles\h54swgs5.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Chris\Local Settings\Application Data\Mozilla\Firefox\Profiles\h54swgs5.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Chris\Local Settings\Application Data\Mozilla\Firefox\Profiles\h54swgs5.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 01212009_100931

Files moved on Reboot...
File C:\DOCUME~1\Chris\LOCALS~1\Temp\etilqs_Vn2YUt1PEhEuran0UGVp not found!
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
File C:\WINDOWS\temp\Perflib_Perfdata_4bc.dat not found!
C:\Documents and Settings\Chris\Local Settings\Application Data\Mozilla\Firefox\Profiles\h54swgs5.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\Chris\Local Settings\Application Data\Mozilla\Firefox\Profiles\h54swgs5.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\Chris\Local Settings\Application Data\Mozilla\Firefox\Profiles\h54swgs5.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\Chris\Local Settings\Application Data\Mozilla\Firefox\Profiles\h54swgs5.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\Chris\Local Settings\Application Data\Mozilla\Firefox\Profiles\h54swgs5.default\urlclassifier3.sqlite moved successfully.
C:\Documents and Settings\Chris\Local Settings\Application Data\Mozilla\Firefox\Profiles\h54swgs5.default\XUL.mfl moved successfully.
  • 0

Advertisements

#11
Kritayot
Posted 21 January 2009 - 09:40 AM

Kritayot

    Member

  • Topic Starter
  • Member
  • PipPip
  • 61 posts
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:39:55 AM, on 1/21/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\ZyXEL\AG-225H\NICServ.exe
C:\Program Files\NavNT\rtvscan.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\WINDOWS\system32\TSSchBkpService.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\Program Files\Maxtor\Maxtor Quick Start\maxbackservice.exe
C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe
C:\Program Files\Maxtor\Maxtor Quick Start\msssort.exe
C:\Program Files\NavNT\vptray.exe
C:\Program Files\SamsungODD\Magic Speed\MagicSL.exe
C:\Program Files\SAMSUNG\FW LiveUpdate\FWManager.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\palmOne\AlarmApp.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\SiteDevelopers.Com\Dynamic DNS Client .NET Edition - Desktop\ClientGUI.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\palmOne\HOTSYNC.EXE
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBWebConnector\QBWebConnector.exe
C:\Program Files\ZyXEL\AG-225H\AG-225Hv2.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint\Apoint.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] "rundll32.exe" bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraAssistant] "C:\Program Files\Logitech\Video\CameraAssistant.exe"
O4 - HKLM\..\Run: [LogitechVideo[inspector]] "C:\Program Files\Logitech\Video\InstallHelper.exe" /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] "C:\WINDOWS\system32\ElkCtrl.exe" /automation
O4 - HKLM\..\Run: [MaxBackSchedule] "C:\Program Files\Maxtor\Maxtor Quick Start\maxbackservice.exe"
O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"
O4 - HKLM\..\Run: [mssSort] "C:\Program Files\Maxtor\Maxtor Quick Start\msssort.exe"
O4 - HKLM\..\Run: [vptray] "C:\Program Files\NavNT\vptray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MagicSpeed] "C:\Program Files\SamsungODD\Magic Speed\MagicSL.exe" /autorun
O4 - HKLM\..\Run: [Name of App] C:\Program Files\SAMSUNG\FW LiveUpdate\FWManager.exe r
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun
O4 - HKLM\..\Run: [Windows Service Processor] shdocvw.exe
O4 - HKLM\..\RunServices: [Windows Service Processor] shdocvw.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [cogad] "C:\Documents and Settings\Chris\Application Data\cogad\cogad.exe" 61A847B5BBF728133B923E466188719AB689201522886B092CBD44BD8689220221DD3257
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Alarm Manager.LNK = C:\Program Files\palmOne\AlarmApp.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Dynamic DNS Client.lnk = ?
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\palmOne\HOTSYNC.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: QuickBooks Web Connector.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBWebConnector\QBWebConnector.exe
O4 - Global Startup: ZyXEL AG-225H Utility.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://downloadcente...trolLite_EN.cab
O16 - DPF: {240EEE8D-91DB-4D74-A87E-671026601333} (EOLUP.Version) - http://www.rightnetw...eb/eolupcli.cab
O16 - DPF: {2D360201-FFF5-11D1-8D03-00A0C959BC0A} (DHTML Edit Control Safe for Scripting for IE5) - http://unakrt-wm.unlb.org/DHTMLED.cab
O16 - DPF: {315B0BFB-2BD4-481B-80A3-A9B80727C61B} (WebIQ Engine Application Object) - http://webiq005.webi...6-6D5536C585C9}
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1120072921953
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - http://www.rightnetw...rdp20050324.cab
O16 - DPF: {843EE768-3A97-455C-9076-741BA3AD7B62} (QuickBooks Online Edition Utilities Class v10) - https://accounting.q...156/qboax10.cab
O16 - DPF: {8CE3BAE6-AB66-40B6-9019-41E5282FF1E2} - https://accounting.q....255/qboax8.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} (Java Plug-in 1.4.2_03) -
O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} (Java Plug-in 1.5.0_04) -
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} (Java Plug-in 1.5.0_06) -
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} (Java Plug-in 1.5.0_09) -
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} (Java Plug-in 1.5.0_10) -
O18 - Protocol: intu-help-qb1 - {9B0F96C7-2E4B-433E-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll
O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
O20 - Winlogon Notify: fuldqzhh - fuldqzhh32.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: NICSer_AG225H - Unknown owner - C:\Program Files\ZyXEL\AG-225H\NICServ.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: TimeslipsBackup (TSScheduleBackup) - Unknown owner - C:\WINDOWS\system32\TSSchBkpService.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 15718 bytes
  • 0

#12
Thunderbird1988
Posted 21 January 2009 - 11:29 AM

Thunderbird1988

    Member 2k

  • Member
  • PipPipPipPipPip
  • 2,416 posts
Hello Kritayot,

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

O4 - HKLM\..\Run: [Windows Service Processor] shdocvw.exe
O4 - HKLM\..\RunServices: [Windows Service Processor] shdocvw.exe
O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
O20 - Winlogon Notify: fuldqzhh - fuldqzhh32.dll (file missing)

Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis.

After that, please post a new Hijackthislog and tell me how your computer is running.

Thunderbird1988
  • 0

#13
Kritayot
Posted 21 January 2009 - 11:48 AM

Kritayot

    Member

  • Topic Starter
  • Member
  • PipPip
  • 61 posts
Thank you Thunderbird1988. It's better now. No error pop up!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:45:42 PM, on 1/21/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\ZyXEL\AG-225H\NICServ.exe
C:\Program Files\NavNT\rtvscan.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\WINDOWS\system32\TSSchBkpService.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\Program Files\Maxtor\Maxtor Quick Start\maxbackservice.exe
C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe
C:\Program Files\Maxtor\Maxtor Quick Start\msssort.exe
C:\Program Files\NavNT\vptray.exe
C:\Program Files\SamsungODD\Magic Speed\MagicSL.exe
C:\Program Files\SAMSUNG\FW LiveUpdate\FWManager.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\palmOne\AlarmApp.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\SiteDevelopers.Com\Dynamic DNS Client .NET Edition - Desktop\ClientGUI.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\palmOne\HOTSYNC.EXE
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBWebConnector\QBWebConnector.exe
C:\Program Files\ZyXEL\AG-225H\AG-225Hv2.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\QBMsgMgr.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint\Apoint.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] "rundll32.exe" bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraAssistant] "C:\Program Files\Logitech\Video\CameraAssistant.exe"
O4 - HKLM\..\Run: [LogitechVideo[inspector]] "C:\Program Files\Logitech\Video\InstallHelper.exe" /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] "C:\WINDOWS\system32\ElkCtrl.exe" /automation
O4 - HKLM\..\Run: [MaxBackSchedule] "C:\Program Files\Maxtor\Maxtor Quick Start\maxbackservice.exe"
O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"
O4 - HKLM\..\Run: [mssSort] "C:\Program Files\Maxtor\Maxtor Quick Start\msssort.exe"
O4 - HKLM\..\Run: [vptray] "C:\Program Files\NavNT\vptray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MagicSpeed] "C:\Program Files\SamsungODD\Magic Speed\MagicSL.exe" /autorun
O4 - HKLM\..\Run: [Name of App] C:\Program Files\SAMSUNG\FW LiveUpdate\FWManager.exe r
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [cogad] "C:\Documents and Settings\Chris\Application Data\cogad\cogad.exe" 61A847B5BBF728133B923E466188719AB689201522886B092CBD44BD8689220221DD3257
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Alarm Manager.LNK = C:\Program Files\palmOne\AlarmApp.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Dynamic DNS Client.lnk = ?
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\palmOne\HOTSYNC.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: QuickBooks Web Connector.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBWebConnector\QBWebConnector.exe
O4 - Global Startup: ZyXEL AG-225H Utility.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://downloadcente...trolLite_EN.cab
O16 - DPF: {240EEE8D-91DB-4D74-A87E-671026601333} (EOLUP.Version) - http://www.rightnetw...eb/eolupcli.cab
O16 - DPF: {2D360201-FFF5-11D1-8D03-00A0C959BC0A} (DHTML Edit Control Safe for Scripting for IE5) - http://unakrt-wm.unlb.org/DHTMLED.cab
O16 - DPF: {315B0BFB-2BD4-481B-80A3-A9B80727C61B} (WebIQ Engine Application Object) - http://webiq005.webi...6-6D5536C585C9}
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1120072921953
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - http://www.rightnetw...rdp20050324.cab
O16 - DPF: {843EE768-3A97-455C-9076-741BA3AD7B62} (QuickBooks Online Edition Utilities Class v10) - https://accounting.q...156/qboax10.cab
O16 - DPF: {8CE3BAE6-AB66-40B6-9019-41E5282FF1E2} - https://accounting.q....255/qboax8.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} (Java Plug-in 1.4.2_03) -
O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} (Java Plug-in 1.5.0_04) -
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} (Java Plug-in 1.5.0_06) -
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} (Java Plug-in 1.5.0_09) -
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} (Java Plug-in 1.5.0_10) -
O18 - Protocol: intu-help-qb1 - {9B0F96C7-2E4B-433E-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: NICSer_AG225H - Unknown owner - C:\Program Files\ZyXEL\AG-225H\NICServ.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: TimeslipsBackup (TSScheduleBackup) - Unknown owner - C:\WINDOWS\system32\TSSchBkpService.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 15599 bytes
  • 0

#14
Thunderbird1988
Posted 21 January 2009 - 01:37 PM

Thunderbird1988

    Member 2k

  • Member
  • PipPipPipPipPip
  • 2,416 posts
Hello Kritayot,

  • Please double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    :Processes

explorer.exe

:Reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cogad"=-

:Files

C:\Documents and Settings\Chris\Application Data\cogad

:Commands
[Start Explorer]
  • Return to OTMoveIt3, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt3
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Thunderbird1988
  • 0

#15
Kritayot
Posted 21 January 2009 - 01:40 PM

Kritayot

    Member

  • Topic Starter
  • Member
  • PipPip
  • 61 posts
========== PROCESSES ==========
Process explorer.exe killed successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\cogad not found.
========== FILES ==========
C:\Documents and Settings\Chris\Application Data\cogad moved successfully.
========== COMMANDS ==========
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 01212009_143941
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP