Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Adaware Hi-Jack

Started by dumonm , Feb 15 2009 10:11 PM

  • Please log in to reply

#31
dumonm
Posted 22 February 2009 - 08:31 AM

dumonm

    Member

  • Topic Starter
  • Member
  • PipPip
  • 74 posts
OTListIt logfile created on: 22/02/2009 9:27:40 AM - Run 4
OTListIt2 by OldTimer - Version 2.0.1.0 Folder = C:\Documents and Settings\User\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18372)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 47.61 Gb Free Space | 63.88% Space Free | Partition Type: NTFS
Drive D: | 132.04 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
Drive F: | 232.88 Gb Total Space | 176.52 Gb Free Space | 75.80% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: USER-659406419A
Current User Name: User
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\Program Files\D-Link\D-Link DWA-552 Xtreme N Desktop Adapter\acs.exe (Atheros)
PRC - C:\windows\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
PRC - C:\Program Files\McAfee\Common Framework\UdaterUI.exe (McAfee, Inc.)
PRC - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
PRC - C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\windows\Mixer.exe (C-Media Electronic Inc. (www.cmedia.com.tw))
PRC - C:\Program Files\Lexmark 3400 Series\lxcymon.exe ()
PRC - C:\Program Files\Lexmark 3400 Series\ezprint.exe (Lexmark International Inc.)
PRC - C:\WINDOWS\V0230Mon.exe (Creative Technology Ltd.)
PRC - C:\Program Files\Windows Live\Family Safety\fsui.exe (Microsoft Corporation)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
PRC - C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe (Microsoft Corporation)
PRC - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
PRC - C:\Program Files\McAfee\Common Framework\McTray.exe (McAfee, Inc.)
PRC - C:\Program Files\D-Link\D-Link DWA-552 Xtreme N Desktop Adapter\wirelesscm.exe ( )
PRC - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe (InterVideo Inc.)
PRC - C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
PRC - C:\WINDOWS\system32\lxcycoms.exe ( )
PRC - C:\Program Files\McAfee\Common Framework\FrameworkService.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\Common Framework\naPrdMgr.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
PRC - C:\Program Files\CyberLink\Shared Files\RichVideo.exe ()
PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corp.)
PRC - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
PRC - C:\WINDOWS\system32\wbem\wmiprvse.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation)
PRC - C:\Program Files\Mozilla Firefox 3.1 Beta 1\firefox.exe (Mozilla Corporation)
PRC - C:\Documents and Settings\User\Desktop\OTListIt2.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (ACS [Auto | Running]) -- C:\Program Files\D-Link\D-Link DWA-552 Xtreme N Desktop Adapter\acs.exe (Atheros)
SRV - (Adobe LM Service [On_Demand | Stopped]) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe (Adobe Systems)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (Capture Device Service [Auto | Running]) -- C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe (InterVideo Inc.)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (fsssvc [Auto | Running]) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
SRV - (helpsvc [Auto | Running]) -- C:\windows\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (idsvc [Unknown | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (LightScribeService [Auto | Running]) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
SRV - (lxcy_device [Auto | Running]) -- C:\WINDOWS\system32\lxcycoms.exe ( )
SRV - (McAfeeFramework [Unknown | Running]) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe (McAfee, Inc.)
SRV - (McShield [Unknown | Running]) -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe (McAfee, Inc.)
SRV - (McTaskManager [Unknown | Running]) -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe (McAfee, Inc.)
SRV - (MDM [Auto | Running]) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
SRV - (Microsoft Office Groove Audit Service [On_Demand | Stopped]) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (odserv [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (Pml Driver HPZ12 [On_Demand | Stopped]) -- C:\WINDOWS\system32\HPZipm12.exe (HP)
SRV - (RichVideo [Auto | Running]) -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe ()
SRV - (SeaPort [Auto | Running]) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corp.)
SRV - (UleadBurningHelper [Auto | Running]) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (AnyDVD [On_Demand | Running]) -- C:\windows\System32\Drivers\AnyDVD.sys (SlySoft, Inc.)
DRV - (AR5416 [On_Demand | Running]) -- C:\windows\system32\DRIVERS\ar5416.sys (D-Link)
DRV - (b57w2k [On_Demand | Stopped]) -- C:\windows\system32\DRIVERS\b57xp32.sys (Broadcom Corporation)
DRV - (cercsr6 [Boot | Stopped]) -- C:\windows\System32\drivers\cercsr6.sys (Adaptec, Inc.)
DRV - (cmpci [On_Demand | Running]) -- C:\windows\system32\drivers\cmaudio.sys (C-Media Inc)
DRV - (ElbyCDIO [System | Running]) -- C:\windows\System32\Drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV - (fssfltr [Auto | Running]) -- C:\windows\system32\DRIVERS\fssfltr_tdi.sys (Microsoft Corporation)
DRV - (gameenum [On_Demand | Running]) -- C:\windows\system32\DRIVERS\gameenum.sys (Microsoft Corporation)
DRV - (HPZid412 [On_Demand | Stopped]) -- C:\windows\system32\DRIVERS\HPZid412.sys (HP)
DRV - (HPZipr12 [On_Demand | Stopped]) -- C:\windows\system32\DRIVERS\HPZipr12.sys (HP)
DRV - (HPZius12 [On_Demand | Stopped]) -- C:\windows\system32\DRIVERS\HPZius12.sys (HP)
DRV - (ialm [On_Demand | Running]) -- C:\windows\system32\DRIVERS\ialmnt5.sys (Intel Corporation)
DRV - (mfeapfk [On_Demand | Running]) -- C:\windows\system32\drivers\mfeapfk.sys (McAfee, Inc.)
DRV - (mfeavfk [On_Demand | Running]) -- C:\windows\system32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfebopk [On_Demand | Running]) -- C:\windows\system32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (mfehidk [On_Demand | Running]) -- C:\windows\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mferkdk [System | Running]) -- C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys (McAfee, Inc.)
DRV - (mfetdik [System | Running]) -- C:\windows\system32\drivers\mfetdik.sys (McAfee, Inc.)
DRV - (NCHSSVAD [On_Demand | Stopped]) -- C:\windows\system32\drivers\nchssvad.sys (NCH Swift Sound)
DRV - (OVT511Plus [On_Demand | Stopped]) -- C:\windows\System32\Drivers\omcamvid.sys (OmniVision Technologies, Inc.)
DRV - (pcouffin [On_Demand | Stopped]) -- C:\windows\System32\Drivers\pcouffin.sys (VSO Software)
DRV - (Ptilink [On_Demand | Running]) -- C:\windows\system32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (rtl8139 [On_Demand | Stopped]) -- C:\windows\system32\DRIVERS\RTL8139.SYS (Realtek Semiconductor Corporation)
DRV - (SASDIFSV [System | Running]) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASENUM [On_Demand | Running]) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS (SuperAdBlocker, Inc.)
DRV - (SASKUTIL [System | Running]) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (scrcap [On_Demand | Running]) -- C:\windows\system32\DRIVERS\scrcap.sys (ZD Soft)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\windows\system32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (tmcomm [Auto | Running]) -- C:\windows\system32\drivers\tmcomm.sys (Trend Micro Inc.)
DRV - (USBIO [On_Demand | Stopped]) -- C:\windows\System32\Drivers\usbio.sys (Thesycon GmbH, Germany)
DRV - (V0230Vfx [On_Demand | Running]) -- C:\windows\system32\DRIVERS\V0230Vfx.sys (EyePower Games Pte. Ltd.)
DRV - (V0230VID [On_Demand | Running]) -- C:\windows\system32\DRIVERS\V0230VID.sys (Creative Technology Ltd.)
DRV - (WSIMD [On_Demand | Running]) -- C:\windows\system32\DRIVERS\wsimd.sys (Atheros Communications, Inc.)

========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = Reg Error: Invalid data type.
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = Reg Error: Invalid data type.
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://sympatico.msn.ca/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = Reg Error: Invalid data type.
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = Reg Error: Invalid data type.
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = Reg Error: Invalid data type.
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://beta.sympatico.msn.ca/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,AutoSearch = http://ie.search.msn...autosearch.aspx
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

O1 HOSTS File: (296761 bytes) - C:\windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 163ns.com
O1 - Hosts: 127.0.0.1 www.163ns.com
O1 - Hosts: 127.0.0.1 171203.com
O1 - Hosts: 127.0.0.1 17-plus.com
O1 - Hosts: 127.0.0.1 1800searchonline.com
O1 - Hosts: 127.0.0.1 www.1800searchonline.com
O1 - Hosts: 127.0.0.1 180searchassistant.com
O1 - Hosts: 10170 more lines...
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (Click-to-Call BHO) - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll (Microsoft Corporation)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll (McAfee, Inc.)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\windows\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\windows\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\windows\system32\SHELL32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Reg Error: Key error. File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [C-Media Mixer] Mixer.exe /startup (C-Media Electronic Inc. (www.cmedia.com.tw))
O4 - HKLM..\Run: [EzPrint] "C:\Program Files\Lexmark 3400 Series\ezprint.exe" (Lexmark International Inc.)
O4 - HKLM..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s ()
O4 - HKLM..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun (Microsoft Corporation)
O4 - HKLM..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" (Microsoft Corporation)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe (HP)
O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" ()
O4 - HKLM..\Run: [LXCYCATS] rundll32 C:\windows\System32\spool\DRIVERS\W32X86\3\LXCYtime.dll,_RunDLLEntry@16 (Lexmark International Inc.)
O4 - HKLM..\Run: [lxcymon.exe] "C:\Program Files\Lexmark 3400 Series\lxcymon.exe" ()
O4 - HKLM..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey (McAfee, Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\windows\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" (Cyberlink Corp.)
O4 - HKLM..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE (McAfee, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot (RealNetworks, Inc.)
O4 - HKLM..\Run: [V0230Mon.exe] C:\WINDOWS\V0230Mon.exe (Creative Technology Ltd.)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" File not found
O4 - HKCU..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet (Yahoo! Inc.)
O4 - HKCU..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (Microsoft Corporation)
O4 - HKCU..\Run: [RegGenie v2.0] "C:\Program Files\RegGenie\RegGenieOnReboot.exe" ()
O4 - HKCU..\Run: [RegGenie v2.0 - Trial Expired] "C:\Program Files\RegGenie\RegGenieOnRebootExpired.exe" ()
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Wireless Connection Manager.lnk = C:\Program Files\D-Link\D-Link DWA-552 Xtreme N Desktop Adapter\wirelesscm.exe ( )
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Expression\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [Tcpip] - C:\windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [NTDS] - C:\windows\System32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [Network Location Awareness (NLA) Namespace] - C:\windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\windows\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\windows\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\windows\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\windows\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\windows\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\windows\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\windows\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\windows\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\windows\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\windows\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\windows\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\windows\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\windows\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\windows\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\windows\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\windows\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\windows\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\windows\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\windows\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\windows\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\windows\system32\mswsock.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1192847801343 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.micros...ntent/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\windows\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\windows\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\windows\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\windows\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\windows\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\windows\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\intu-qt2007 {026BF40D-BA05-467b-9F1F-AD0D7A3F5F11} - Reg Error: Key error. File not found
O18 - Protocol\Handler\ipp Reg Error: Value error. - Reg Error: Key error. File not found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\windows\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\windows\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\windows\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\windows\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\windows\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp Reg Error: Value error. - Reg Error: Key error. File not found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\windows\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\windows\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\windows\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/octet-stream - C:\windows\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/x-complus - C:\windows\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/x-msdownload - C:\windows\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - Class Install Handler - C:\windows\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - deflate - C:\windows\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - gzip - C:\windows\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - lzdhtml - C:\windows\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/webviewhtml - C:\windows\system32\SHELL32.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\Explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - File not found
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\windows\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\windows\system32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\windows\system32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\windows\system32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\windows\system32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\windows\system32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\windows\system32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\windows\system32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\windows\system32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\windows\system32\WlNotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\windows\system32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\windows\system32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\windows\system32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\windows\system32\SHELL32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\windows\system32\SHELL32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\windows\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\windows\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\windows\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\windows\system32\browseui.dll (Microsoft Corporation)
O27 - HKLM IFEO\Your Image File Name Here without a path: Debugger - C:\windows\System32\ntsd.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\windows\system32\shell32.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\windows\system32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - ( schannel.dll) - C:\windows\system32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - ( digest.dll) - C:\windows\system32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - ( msnsspc.dll) - C:\windows\system32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (C:\WINDOWS\system32\vtsqn.dll) - C:\WINDOWS\system32\vtsqn.dll File not found
O30 - LSA: Security Packages - (kerberos) - C:\windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\windows\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - Autorun File - D:\AUTORUN.INF () - [ CDFS ]
O33 - MountPoints2\{0118e1ee-7f2c-11dc-8936-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{0118e1ee-7f2c-11dc-8936-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{0118e1ee-7f2c-11dc-8936-806d6172696f}\Shell\AutoRun\command - "" = D:\Setup.exe -- [2006/10/26 12:23:54 | 00,138,560 | R--- | M] (Microsoft Corporation)

========== Files/Folders - Created Within 30 Days ==========

[1 C:\windows\System32\*.tmp files]
[7 C:\windows\*.tmp files]
[2009/02/22 09:26:54 | 00,494,080 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTListIt2.exe
[2009/02/22 09:10:58 | 00,000,000 | ---D | C] -- C:\Inetpub
[2009/02/21 20:29:44 | 00,001,917 | ---- | C] () -- C:\windows\imsins.BAK
[2009/02/21 20:09:48 | 00,000,000 | -HSD | C] -- C:\windows\CSC
[2009/02/21 19:47:29 | 00,012,935 | ---- | C] () -- C:\Documents and Settings\User\Desktop\rundll32.zip
[2009/02/21 13:30:07 | 00,000,000 | -H-D | C] -- C:\windows\System32\GroupPolicy
[2009/02/21 11:14:37 | 00,003,461 | ---- | C] () -- C:\Documents and Settings\User\My Documents\DrWeb.csv
[2009/02/20 22:55:33 | 12,602,824 | ---- | C] (Doctor Web, Ltd.) -- C:\Documents and Settings\User\Desktop\drweb-cureit.exe
[2009/02/20 21:16:35 | 00,005,323 | ---- | C] () -- C:\Documents and Settings\User\My Documents\Kaspersky.html
[2009/02/20 15:51:08 | 00,000,000 | ---D | C] -- C:\windows\setup.pss
[2009/02/20 15:27:20 | 00,013,971 | ---- | C] () -- C:\Documents and Settings\User\My Documents\arm Leg movements.docx
[2009/02/20 15:27:05 | 00,011,192 | ---- | C] () -- C:\Documents and Settings\User\My Documents\Arm Movements.docx
[2009/02/20 06:27:41 | 01,234,120 | ---- | C] () -- C:\Documents and Settings\User\Desktop\wrar380.exe
[2009/02/19 18:48:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\User\Desktop\FixPolicies
[2009/02/19 18:47:29 | 00,185,065 | ---- | C] () -- C:\Documents and Settings\User\Desktop\FixPolicies.exe
[2009/02/19 18:33:16 | 00,071,168 | ---- | C] () -- C:\Jan152009Minutes.doc
[2009/02/19 18:33:07 | 00,024,576 | ---- | C] () -- C:\APMHAAGENDA.doc
[2009/02/19 18:29:02 | 00,001,819 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Xilisoft Video Converter Platinum.lnk
[2009/02/19 14:26:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\User\Local Settings\Application Data\WinZip
[2009/02/19 14:26:06 | 00,001,732 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\WinZip.lnk
[2009/02/18 22:59:45 | 00,000,351 | ---- | C] () -- C:\windows\xccwinsys.ini
[2009/02/18 22:59:45 | 00,000,000 | ---D | C] -- C:\windows\System32\inf
[2009/02/18 22:49:15 | 00,001,512 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Recuva.lnk
[2009/02/18 22:49:14 | 00,000,000 | ---D | C] -- C:\Program Files\Recuva
[2009/02/18 22:27:24 | 00,000,000 | ---D | C] -- C:\FixPolicies
[2009/02/18 16:49:33 | 00,002,327 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Nero StartSmart.lnk
[2009/02/18 16:41:21 | 00,014,640 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\spmsg.dll
[2009/02/18 16:40:08 | 00,221,184 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wmpns.dll
[2009/02/18 08:32:20 | 00,000,000 | ---D | C] -- C:\32788R22FWJFW
[2009/02/17 21:54:19 | 00,000,436 | ---- | C] () -- C:\windows\tasks\RegCure Program Check.job
[2009/02/17 21:54:18 | 00,000,370 | ---- | C] () -- C:\windows\tasks\RegCure.job
[2009/02/17 21:54:10 | 00,000,441 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\RegCure.lnk
[2009/02/17 21:54:10 | 00,000,000 | ---D | C] -- C:\Program Files\RegCure
[2009/02/15 23:04:18 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\User\Desktop\HijackThis.lnk
[2009/02/15 23:04:18 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/02/15 16:29:52 | 00,000,000 | ---D | C] -- C:\windows\vbSkinner
[2009/02/15 16:25:07 | 00,000,000 | ---D | C] -- C:\Program Files\PFConfig
[2009/02/12 16:28:14 | 00,000,933 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Spybot - Search & Destroy.lnk
[2009/02/12 00:45:38 | 00,421,888 | ---- | C] (Gabest) -- C:\windows\System32\RealMediaSplitter.ax
[2009/02/12 00:45:38 | 00,278,528 | ---- | C] (Real Networks, Inc) -- C:\windows\System32\pncrt.dll
[2009/02/10 20:13:30 | 03,265,517 | ---- | C] () -- C:\Documents and Settings\User\My Documents\Non-renewable resources.pptx
[2009/02/10 16:51:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
[2009/02/06 19:03:18 | 00,307,576 | ---- | C] (Microsoft Corporation) -- C:\windows\WLXPGSS.SCR
[2009/02/06 18:52:40 | 00,049,504 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\sirenacm.dll
[2009/01/29 21:23:07 | 00,000,000 | -H-D | C] -- C:\windows\ie8
[2009/01/29 21:20:50 | 00,079,360 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\iecompat.dll

========== Files - Modified Within 30 Days ==========

[1 C:\windows\System32\*.tmp files]
[7 C:\windows\*.tmp files]
[2009/02/22 09:27:03 | 00,494,080 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTListIt2.exe
[2009/02/22 09:17:21 | 00,012,598 | ---- | M] () -- C:\windows\System32\wpa.dbl
[2009/02/22 09:16:31 | 00,000,436 | ---- | M] () -- C:\windows\tasks\RegCure Program Check.job
[2009/02/22 09:16:22 | 00,000,006 | -H-- | M] () -- C:\windows\tasks\SA.DAT
[2009/02/22 09:16:20 | 00,002,048 | --S- | M] () -- C:\windows\bootstat.dat
[2009/02/22 07:36:49 | 00,000,370 | ---- | M] () -- C:\windows\tasks\RegCure.job
[2009/02/21 20:31:21 | 00,001,917 | ---- | M] () -- C:\windows\imsins.BAK
[2009/02/21 19:48:04 | 00,012,935 | ---- | M] () -- C:\Documents and Settings\User\Desktop\rundll32.zip
[2009/02/21 14:28:16 | 00,444,690 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2009/02/21 14:28:16 | 00,072,456 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2009/02/21 14:28:15 | 00,506,500 | ---- | M] () -- C:\windows\System32\PerfStringBackup.INI
[2009/02/21 13:18:39 | 00,000,229 | ---- | M] () -- C:\windows\NeroDigital.ini
[2009/02/21 11:29:07 | 00,067,072 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/02/21 11:14:37 | 00,003,461 | ---- | M] () -- C:\Documents and Settings\User\My Documents\DrWeb.csv
[2009/02/20 22:56:12 | 12,602,824 | ---- | M] (Doctor Web, Ltd.) -- C:\Documents and Settings\User\Desktop\drweb-cureit.exe
[2009/02/20 21:16:35 | 00,005,323 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Kaspersky.html
[2009/02/20 15:27:20 | 00,013,971 | ---- | M] () -- C:\Documents and Settings\User\My Documents\arm Leg movements.docx
[2009/02/20 15:27:06 | 00,011,192 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Arm Movements.docx
[2009/02/20 06:27:52 | 01,234,120 | ---- | M] () -- C:\Documents and Settings\User\Desktop\wrar380.exe
[2009/02/19 18:47:29 | 00,185,065 | ---- | M] () -- C:\Documents and Settings\User\Desktop\FixPolicies.exe
[2009/02/19 18:33:16 | 00,071,168 | ---- | M] () -- C:\Jan152009Minutes.doc
[2009/02/19 18:33:07 | 00,024,576 | ---- | M] () -- C:\APMHAAGENDA.doc
[2009/02/19 18:29:02 | 00,001,819 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Xilisoft Video Converter Platinum.lnk
[2009/02/19 17:42:39 | 00,000,068 | ---- | M] () -- C:\windows\Easy Video to DVD.INI
[2009/02/19 17:42:36 | 00,000,795 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Easy MPEG AVI DIVX WMV RM to DVD.lnk
[2009/02/19 14:26:06 | 00,001,732 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\WinZip.lnk
[2009/02/19 04:53:22 | 00,538,624 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\spider.exe
[2009/02/19 04:53:22 | 00,056,832 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\sol.exe
[2009/02/19 04:53:21 | 00,119,808 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\winmine.exe
[2009/02/19 04:53:19 | 00,138,752 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\sndvol32.exe
[2009/02/19 04:50:23 | 00,131,584 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\sndrec32.exe
[2009/02/19 04:38:34 | 00,143,887 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\mshearts.exe
[2009/02/19 04:38:34 | 00,055,296 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\freecell.exe
[2009/02/19 04:35:48 | 00,155,648 | ---- | M] (Ahead Software Gmbh) -- C:\windows\System32\NeroCheck.exe
[2009/02/19 04:35:30 | 00,139,264 | ---- | M] (C-Media Electronics Inc.) -- C:\windows\cmuninst.exe
[2009/02/19 04:35:12 | 00,266,240 | R--- | M] (C-Media Corporation) -- C:\windows\CmiPCIUninstall.exe
[2009/02/19 04:35:11 | 00,024,576 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\userinit.exe
[2009/02/18 23:22:46 | 00,053,760 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\narrator.exe
[2009/02/18 23:22:45 | 00,072,704 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\magnify.exe
[2009/02/18 23:22:38 | 00,004,096 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\actmovie.exe
[2009/02/18 23:21:55 | 00,146,432 | ---- | M] (Microsoft Corporation) -- C:\windows\regedit.exe
[2009/02/18 23:11:33 | 00,150,016 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\imapi.exe
[2009/02/18 22:59:49 | 00,000,351 | ---- | M] () -- C:\windows\xccwinsys.ini
[2009/02/18 22:49:15 | 00,001,512 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Recuva.lnk
[2009/02/18 22:37:33 | 00,296,761 | R--- | M] () -- C:\windows\System32\drivers\etc\hosts
[2009/02/18 22:25:59 | 00,000,686 | ---- | M] () -- C:\windows\RegGenie.ini
[2009/02/18 19:54:30 | 00,001,528 | ---- | M] () -- C:\Documents and Settings\User\Desktop\ImgBurn.lnk
[2009/02/18 16:49:33 | 00,002,327 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Nero StartSmart.lnk
[2009/02/18 16:40:34 | 00,023,392 | ---- | M] () -- C:\windows\System32\nscompat.tlb
[2009/02/18 16:40:34 | 00,016,832 | ---- | M] () -- C:\windows\System32\amcompat.tlb
[2009/02/17 21:54:10 | 00,000,441 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\RegCure.lnk
[2009/02/17 21:24:54 | 00,000,075 | -HS- | M] () -- C:\Documents and Settings\User\My Documents\desktop.ini
[2009/02/17 20:52:37 | 00,000,700 | ---- | M] () -- C:\Documents and Settings\User\Desktop\RegGenie.lnk
[2009/02/17 19:31:22 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/02/15 23:04:18 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\User\Desktop\HijackThis.lnk
[2009/02/15 20:07:59 | 00,293,989 | ---- | M] () -- C:\windows\System32\drivers\etc\hosts.20090218-223732.backup
[2009/02/12 16:30:19 | 00,296,761 | R--- | M] () -- C:\windows\System32\drivers\etc\hosts.bak
[2009/02/12 16:28:14 | 00,000,933 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Spybot - Search & Destroy.lnk
[2009/02/12 00:45:38 | 00,421,888 | ---- | M] (Gabest) -- C:\windows\System32\RealMediaSplitter.ax
[2009/02/12 00:45:38 | 00,278,528 | ---- | M] (Real Networks, Inc) -- C:\windows\System32\pncrt.dll
[2009/02/11 20:56:18 | 21,244,872 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\MRT.exe
[2009/02/11 10:19:42 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys
[2009/02/11 10:19:34 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2009/02/10 20:14:15 | 03,265,517 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Non-renewable resources.pptx
[2009/02/06 19:03:18 | 00,307,576 | ---- | M] (Microsoft Corporation) -- C:\windows\WLXPGSS.SCR
[2009/02/06 18:52:40 | 00,049,504 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\sirenacm.dll
[2009/02/01 23:52:22 | 00,296,704 | R--- | M] () -- C:\windows\System32\drivers\etc\hosts.20090212-163019.backup
[2009/01/31 17:11:33 | 00,000,662 | ---- | M] () -- C:\windows\win.ini
[2009/01/31 17:11:33 | 00,000,274 | ---- | M] () -- C:\windows\system.ini
[2009/01/29 21:26:31 | 03,223,474 | -H-- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\IconCache.db
[2009/01/28 17:07:58 | 00,159,744 | ---- | M] () -- C:\windows\RegGenieOnUninstall.exe
[2009/01/27 06:07:24 | 00,000,844 | ---- | M] () -- C:\windows\wininit.ini
[2009/01/26 22:37:16 | 00,296,430 | R--- | M] () -- C:\windows\System32\drivers\etc\hosts.20090201-235222.backup

========== LOP Check ==========

[2009/02/10 16:51:08 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2008/12/08 19:09:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2008/12/19 19:15:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ahead
[2008/11/08 16:35:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2008/11/10 20:04:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVS4YOU
[2009/01/02 12:11:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CyberLink
[2008/12/21 08:43:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2007/10/19 21:51:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2009/02/19 15:00:53 | 00,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2009/02/11 07:02:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help
[2007/12/27 15:34:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\muvee Technologies
[2008/01/01 19:43:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\n7-89-o9-3r-4t-r9
[2008/04/12 07:35:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Software
[2008/04/12 08:23:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2007/12/08 19:42:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NeptunesAdve
[2007/03/15 11:23:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Office Genuin
  • 0

Advertisements

#32
kahdah
Posted 22 February 2009 - 08:33 AM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Unfortunately you will need to get a Windows xp disk to repair the damage.
Do you know someone that you could borrow an Xp Professional disk from?

If not then you may need to take it to a shop to get it re-installed or you can order recovery disks from the computer manufacturer and do it yourself.
  • 0

#33
dumonm
Posted 22 February 2009 - 08:48 AM

dumonm

    Member

  • Topic Starter
  • Member
  • PipPip
  • 74 posts
I have borrowed one, but my system will not boot from the cd or dvd drive , when it starts its sez 'invalid boot .ini ' then goes to boot from 'c/windows'

Edited by dumonm, 22 February 2009 - 09:29 AM.

  • 0

#34
kahdah
Posted 23 February 2009 - 06:21 AM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Try this instead.

Boot into Windows normally then go to Start > Run then copy\paste this in the run box sfc /scannow and hit ok.
It will more than likely ask for the cd then put it in and keep hitting retry.

After that reboot and see if things are better.
  • 0

#35
dumonm
Posted 23 February 2009 - 06:21 AM

dumonm

    Member

  • Topic Starter
  • Member
  • PipPip
  • 74 posts
is there a command prompt that I can type that will make it boot from the cd?
  • 0

#36
kahdah
Posted 23 February 2009 - 06:30 AM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
No you won't need it to boot from the cd to do this.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP