Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Please HELP HELP!!! Trojon-Desktop

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

HijackThis StartupList Report

Unread postby ivychai » September 1st, 2008, 5:15 am

StartupList report, 9/1/2008, 4:41:06 PM
StartupList version: 1.52.2
Started from : C:\Program Files\Trend Micro\HijackThis\HijackThis.EXE
Detected: Windows XP SP3 (WinNT 5.01.2600)
Detected: Internet Explorer v7.00 (7.00.6000.16705)
* Using default options
* Including empty and uninteresting sections
* Showing rarely important sections
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\iolo\common\lib\ioloServiceManager.exe
C:\Program Files\PDF Complete\pdfsvc.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\Documents and Settings\Ivychai\Start Menu\Programs\Startup]
*No files*

Shell folders AltStartup:
*Folder not found*

User shell folders Startup:
*Folder not found*

User shell folders AltStartup:
*Folder not found*

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
*No files*

Shell folders Common AltStartup:
*Folder not found*

User shell folders Common Startup:
*Folder not found*

User shell folders Alternate Common Startup:
*Folder not found*

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

[HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
*Registry value not found*

[HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

File association entry for .EXE:
HKEY_CLASSES_ROOT\exefile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .COM:
HKEY_CLASSES_ROOT\comfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .BAT:
HKEY_CLASSES_ROOT\batfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .PIF:
HKEY_CLASSES_ROOT\piffile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .SCR:
HKEY_CLASSES_ROOT\scrfile\shell\open\command

(Default) = "%1" /S

--------------------------------------------------

File association entry for .HTA:
HKEY_CLASSES_ROOT\htafile\shell\open\command

(Default) = C:\WINDOWS\system32\mshta.exe "%1" %*

--------------------------------------------------

File association entry for .TXT:
HKEY_CLASSES_ROOT\txtfile\shell\open\command

(Default) = %SystemRoot%\system32\NOTEPAD.EXE %1

--------------------------------------------------

Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)

[<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}] *
StubPath = C:\WINDOWS\system32\ieudinit.exe

[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP

[>{26923b43-4d38-484f-9b9e-de460746276c}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE

[>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] *
StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

[>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] *
StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

[>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *
StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

[{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

[{5945c046-1e7d-11d1-bc44-00c04fd912be}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser

[{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub

[{7790769C-0471-11d2-AF11-00C04FA35D02}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

[{89820200-ECBD-11cf-8B85-00AA005B4340}] *
StubPath = regsvr32.exe /s /n /i:U shell32.dll

[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = C:\WINDOWS\system32\ie4uinit.exe -BaseSettings

[{89B4C1CD-B018-4511-B0A1-5476DBF70820}] *
StubPath = C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install

--------------------------------------------------

Enumerating ICQ Agent Autostart apps:
HKCU\Software\Mirabilis\ICQ\Agent\Apps

*Registry key not found*

--------------------------------------------------

Load/Run keys from C:\WINDOWS\WIN.INI:

load=*INI section not found*
run=*INI section not found*

Load/Run keys from Registry:

HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\Windows: load=
HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\system32\logon.scr
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry key not found*

--------------------------------------------------

Checking for EXPLORER.EXE instances:

C:\WINDOWS\Explorer.exe: PRESENT!

C:\Explorer.exe: not present
C:\WINDOWS\Explorer\Explorer.exe: not present
C:\WINDOWS\System\Explorer.exe: not present
C:\WINDOWS\System32\Explorer.exe: not present
C:\WINDOWS\Command\Explorer.exe: not present
C:\WINDOWS\Fonts\Explorer.exe: not present

--------------------------------------------------

Checking for superhidden extensions:

.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden

--------------------------------------------------

Verifying REGEDIT.EXE integrity:

- Regedit.exe found in C:\WINDOWS
- .reg open command is normal (regedit.exe %1)
- Company name OK: 'Microsoft Corporation'
- Original filename OK: 'REGEDIT.EXE'
- File description: 'Registry Editor'

Registry check passed

--------------------------------------------------

Enumerating Browser Helper Objects:

*No BHO's found*

--------------------------------------------------

Enumerating Task Scheduler jobs:

Check Updates for Windows Live Toolbar.job
MP Scheduled Scan.job

--------------------------------------------------

Enumerating Download Program Files:

[Java Plug-in 1.6.0_05]
InProcServer32 = C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
CODEBASE = http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab

[Java Plug-in 1.6.0_01]
InProcServer32 = C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
CODEBASE = http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab

[Java Plug-in 1.6.0_03]
InProcServer32 = C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
CODEBASE = http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab

[Java Plug-in 1.6.0_05]
InProcServer32 = C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
CODEBASE = http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab

[Java Plug-in 1.6.0_05]
InProcServer32 = C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll
CODEBASE = http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\system32\Macromed\Flash\Flash9e.ocx
CODEBASE = http://fpdownload.macromedia.com/get/sh ... wflash.cab

--------------------------------------------------

Enumerating Winsock LSP files:

NameSpace #1: C:\WINDOWS\System32\mswsock.dll
NameSpace #2: C:\WINDOWS\System32\winrnr.dll
NameSpace #3: C:\WINDOWS\System32\mswsock.dll
Protocol #1: C:\WINDOWS\system32\mswsock.dll
Protocol #2: C:\WINDOWS\system32\mswsock.dll
Protocol #3: C:\WINDOWS\system32\mswsock.dll
Protocol #4: C:\WINDOWS\system32\rsvpsp.dll
Protocol #5: C:\WINDOWS\system32\rsvpsp.dll
Protocol #6: C:\WINDOWS\system32\mswsock.dll
Protocol #7: C:\WINDOWS\system32\mswsock.dll
Protocol #8: C:\WINDOWS\system32\mswsock.dll
Protocol #9: C:\WINDOWS\system32\mswsock.dll
Protocol #10: C:\WINDOWS\system32\mswsock.dll
Protocol #11: C:\WINDOWS\system32\mswsock.dll
Protocol #12: C:\WINDOWS\system32\mswsock.dll
Protocol #13: C:\WINDOWS\system32\mswsock.dll
Protocol #14: C:\WINDOWS\system32\mswsock.dll
Protocol #15: C:\WINDOWS\system32\mswsock.dll

--------------------------------------------------

Enumerating Windows NT/2000/XP services

Intel(r) 82801 Audio Driver Install Service (WDM): system32\drivers\ac97intc.sys (manual start)
Microsoft ACPI Driver: system32\DRIVERS\ACPI.sys (system)
adpu160m: \SystemRoot\system32\DRIVERS\adpu160m.sys (disabled)
adpu320: \SystemRoot\system32\DRIVERS\adpu320.sys (disabled)
Microsoft Kernel Acoustic Echo Canceller: system32\drivers\aec.sys (manual start)
AFD: \SystemRoot\System32\drivers\afd.sys (system)
aic78u2: \SystemRoot\system32\DRIVERS\aic78u2.sys (disabled)
aic78xx: \SystemRoot\system32\DRIVERS\aic78xx.sys (disabled)
Alerter: %SystemRoot%\system32\svchost.exe -k LocalService (disabled)
Application Layer Gateway Service: %SystemRoot%\System32\alg.exe (manual start)
Application Management: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
ASP.NET State Service: %SystemRoot%\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (manual start)
RAS Asynchronous Media Driver: system32\DRIVERS\asyncmac.sys (manual start)
Standard IDE/ESDI Hard Disk Controller: system32\DRIVERS\atapi.sys (system)
ATM ARP Client Protocol: system32\DRIVERS\atmarpc.sys (manual start)
Windows Audio: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Audio Stub Driver: system32\DRIVERS\audstub.sys (manual start)
awecho: system32\drivers\awechomd.sys (system)
pcAnywhere Host Service: C:\Program Files\Symantec\pcAnywhere\awhost32.exe (manual start)
awlegacy: \SystemRoot\System32\Drivers\awlegacy.sys (system)
AW_HOST: system32\drivers\aw_host5.sys (disabled)
Background Intelligent Transfer Service: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
Computer Browser: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Symantec Event Manager: "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe" (autostart)
Symantec Password Validation: "C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe" (manual start)
Symantec Settings Manager: "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe" (autostart)
CD-ROM Driver: system32\DRIVERS\cdrom.sys (system)
Indexing Service: %SystemRoot%\system32\cisvc.exe (manual start)
ClipBook: %SystemRoot%\system32\clipsrv.exe (disabled)
COM+ System Application: C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start)
Cryptographic Services: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
DCOM Server Process Launcher: %SystemRoot%\system32\svchost -k DcomLaunch (autostart)
Symantec AntiVirus Definition Watcher: "C:\Program Files\Symantec AntiVirus\DefWatch.exe" (autostart)
DHCP Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Disk Driver: system32\DRIVERS\disk.sys (system)
Logical Disk Manager Administrative Service: %SystemRoot%\System32\dmadmin.exe /com (manual start)
dmboot: System32\drivers\dmboot.sys (disabled)
Logical Disk Manager Driver: System32\drivers\dmio.sys (system)
dmload: System32\drivers\dmload.sys (system)
Logical Disk Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Microsoft Kernel DLS Syntheiszer: system32\drivers\DMusic.sys (manual start)
DNS Client: %SystemRoot%\system32\svchost.exe -k NetworkService (autostart)
Wired AutoConfig: %SystemRoot%\System32\svchost.exe -k dot3svc (manual start)
dpti2o: \SystemRoot\system32\DRIVERS\dpti2o.sys (disabled)
Microsoft Kernel DRM Audio Descrambler: system32\drivers\drmkaud.sys (manual start)
Intel(R) PRO Adapter Driver: system32\DRIVERS\e100b325.sys (manual start)
Extensible Authentication Protocol Service: %SystemRoot%\System32\svchost.exe -k eapsvcs (manual start)
Symantec Eraser Control driver: \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (system)
Error Reporting Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Event Log: %SystemRoot%\system32\services.exe (autostart)
COM+ Event System: C:\WINDOWS\system32\svchost.exe -k netsvcs (manual start)
Fast User Switching Compatibility: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Floppy Disk Controller Driver: system32\DRIVERS\fdc.sys (manual start)
Floppy Disk Driver: system32\DRIVERS\flpydisk.sys (manual start)
FltMgr: system32\drivers\fltmgr.sys (system)
Volume Manager Driver: system32\DRIVERS\ftdisk.sys (system)
GoogleDesktopManager: "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" (disabled)
Generic Packet Classifier: system32\DRIVERS\msgpc.sys (manual start)
Google Updater Service: "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe" (manual start)
Microsoft UAA Bus Driver for High Definition Audio: system32\DRIVERS\HDAudBus.sys (manual start)
Help and Support: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Human Interface Device Access: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
Microsoft HID Class Driver: system32\DRIVERS\hidusb.sys (manual start)
Health Key and Certificate Management Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
HTTP: System32\Drivers\HTTP.sys (manual start)
HTTP SSL: %SystemRoot%\System32\svchost.exe -k HTTPFilter (manual start)
i8042 Keyboard and PS/2 Mouse Port Driver: system32\DRIVERS\i8042prt.sys (system)
i81x: system32\DRIVERS\i81xnt5.sys (manual start)
iAimFP0: system32\DRIVERS\wADV01nt.sys (manual start)
iAimFP1: system32\DRIVERS\wADV02NT.sys (manual start)
iAimFP2: system32\DRIVERS\wADV05NT.sys (manual start)
iAimFP3: system32\DRIVERS\wSiINTxx.sys (manual start)
iAimFP4: system32\DRIVERS\wVchNTxx.sys (manual start)
iAimFP5: system32\DRIVERS\wADV07nt.sys (manual start)
iAimFP6: system32\DRIVERS\wADV08nt.sys (manual start)
iAimFP7: system32\DRIVERS\wADV09nt.sys (manual start)
iAimTV0: system32\DRIVERS\wATV01nt.sys (manual start)
iAimTV1: system32\DRIVERS\wATV02NT.sys (manual start)
iAimTV3: system32\DRIVERS\wATV04nt.sys (manual start)
iAimTV4: system32\DRIVERS\wCh7xxNT.sys (manual start)
iAimTV5: system32\DRIVERS\wATV10nt.sys (manual start)
iAimTV6: system32\DRIVERS\wATV06nt.sys (manual start)
ialm: system32\DRIVERS\igxpmp32.sys (manual start)
CD-Burning Filter Driver: system32\DRIVERS\imapi.sys (system)
IMAPI CD-Burning COM Service: C:\WINDOWS\system32\imapi.exe (manual start)
Service for Realtek HD Audio (WDM): system32\drivers\RtkHDAud.sys (manual start)
IntelIde: \SystemRoot\system32\DRIVERS\intelide.sys (disabled)
Intel Processor Driver: system32\DRIVERS\intelppm.sys (system)
iolo FileInfoList Service: C:\Program Files\iolo\common\lib\ioloServiceManager.exe (autostart)
iolo System Service: C:\Program Files\iolo\common\lib\ioloServiceManager.exe (autostart)
IPv6 Windows Firewall Driver: system32\drivers\ip6fw.sys (manual start)
IP Traffic Filter Driver: system32\DRIVERS\ipfltdrv.sys (manual start)
IP in IP Tunnel Driver: system32\DRIVERS\ipinip.sys (manual start)
IP Network Address Translator: system32\DRIVERS\ipnat.sys (manual start)
IPSEC driver: system32\DRIVERS\ipsec.sys (system)
IR Enumerator Service: system32\DRIVERS\irenum.sys (manual start)
PnP ISA/EISA Bus Driver: system32\DRIVERS\isapnp.sys (system)
Keyboard Class Driver: system32\DRIVERS\kbdclass.sys (system)
Microsoft Kernel Wave Audio Mixer: system32\drivers\kmixer.sys (manual start)
Server: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Workstation: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
TCP/IP NetBIOS Helper: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
Messenger: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled)
NetMeeting Remote Desktop Sharing: C:\WINDOWS\system32\mnmsrvc.exe (manual start)
Unimodem Streaming Filter Device: system32\drivers\MODEMCSA.sys (manual start)
Mouse Class Driver: system32\DRIVERS\mouclass.sys (system)
Mouse HID Driver: system32\DRIVERS\mouhid.sys (manual start)
WebDav Client Redirector: system32\DRIVERS\mrxdav.sys (manual start)
MRXSMB: system32\DRIVERS\mrxsmb.sys (system)
Distributed Transaction Coordinator: C:\WINDOWS\system32\msdtc.exe (manual start)
Windows Installer: C:\WINDOWS\system32\msiexec.exe /V (manual start)
Microsoft Streaming Service Proxy: system32\drivers\MSKSSRV.sys (manual start)
Microsoft Streaming Clock Proxy: system32\drivers\MSPCLOCK.sys (manual start)
Microsoft Streaming Quality Manager Proxy: system32\drivers\MSPQM.sys (manual start)
Microsoft System Management BIOS Driver: system32\DRIVERS\mssmbios.sys (manual start)
Mtlmnt5: system32\DRIVERS\Mtlmnt5.sys (manual start)
Mtlstrm: system32\DRIVERS\Mtlstrm.sys (manual start)
Network Access Protection Agent: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
NAVENG: \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20080827.038\naveng.sys (manual start)
NAVEX15: \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20080827.038\navex15.sys (manual start)
Remote Access NDIS TAPI Driver: system32\DRIVERS\ndistapi.sys (manual start)
NDIS Usermode I/O Protocol: system32\DRIVERS\ndisuio.sys (manual start)
Remote Access NDIS WAN Driver: system32\DRIVERS\ndiswan.sys (manual start)
NetBIOS Interface: system32\DRIVERS\netbios.sys (system)
NetBios over Tcpip: system32\DRIVERS\netbt.sys (system)
Network DDE: %SystemRoot%\system32\netdde.exe (disabled)
Network DDE DSDM: %SystemRoot%\system32\netdde.exe (disabled)
Net Logon: %SystemRoot%\system32\lsass.exe (manual start)
Network Connections: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Network Location Awareness (NLA): %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
NT LM Security Support Provider: %SystemRoot%\system32\lsass.exe (manual start)
Removable Storage: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
NtMtlFax: system32\DRIVERS\NtMtlFax.sys (manual start)
IPX Traffic Filter Driver: system32\DRIVERS\nwlnkflt.sys (manual start)
IPX Traffic Forwarder Driver: system32\DRIVERS\nwlnkfwd.sys (manual start)
Intel PentiumIII Processor Driver: system32\DRIVERS\p3.sys (system)
Parallel port driver: system32\DRIVERS\parport.sys (manual start)
PC Angel: C:\WINDOWS\SMINST\PCAngel.exe (autostart)
PCI Bus Driver: system32\DRIVERS\pci.sys (system)
PCIIde: system32\DRIVERS\pciide.sys (system)
PDF Document Manager: C:\Program Files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService (autostart)
Plug and Play: %SystemRoot%\system32\services.exe (autostart)
IPSEC Services: %SystemRoot%\system32\lsass.exe (autostart)
WAN Miniport (PPTP): system32\DRIVERS\raspptp.sys (manual start)
Protected Storage: %SystemRoot%\system32\lsass.exe (autostart)
QoS Packet Scheduler: system32\DRIVERS\psched.sys (manual start)
Direct Parallel Link Driver: system32\DRIVERS\ptilink.sys (manual start)
Remote Access Auto Connection Driver: system32\DRIVERS\rasacd.sys (system)
Remote Access Auto Connection Manager: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
WAN Miniport (L2TP): system32\DRIVERS\rasl2tp.sys (manual start)
Remote Access Connection Manager: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
Remote Access PPPOE Driver: system32\DRIVERS\raspppoe.sys (manual start)
Direct Parallel: system32\DRIVERS\raspti.sys (manual start)
Rdbss: system32\DRIVERS\rdbss.sys (system)
RDPCDD: System32\DRIVERS\RDPCDD.sys (system)
Terminal Server Device Redirector Driver: system32\DRIVERS\rdpdr.sys (manual start)
Remote Desktop Help Session Manager: C:\WINDOWS\system32\sessmgr.exe (manual start)
RecAgent: system32\DRIVERS\RecAgent.sys (system)
Digital CD Audio Playback Filter Driver: system32\DRIVERS\redbook.sys (system)
Routing and Remote Access: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled)
Remote Registry: %SystemRoot%\system32\svchost.exe -k LocalService (disabled)
Remote Procedure Call (RPC) Locator: %SystemRoot%\system32\locator.exe (manual start)
Remote Procedure Call (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart)
QoS RSVP: %SystemRoot%\system32\rsvp.exe (manual start)
Realtek 10/100/1000 NIC Family all in one NDIS XP Driver: system32\DRIVERS\Rtnicxp.sys (manual start)
Security Accounts Manager: %SystemRoot%\system32\lsass.exe (autostart)
SAVRoam: "C:\Program Files\Symantec AntiVirus\SavRoam.exe" (autostart)
SAVRT: \??\C:\Program Files\Symantec AntiVirus\savrt.sys (system)
SAVRTPEL: \??\C:\Program Files\Symantec AntiVirus\Savrtpel.sys (system)
Smart Card: %SystemRoot%\System32\SCardSvr.exe (manual start)
Task Scheduler: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Secdrv: system32\DRIVERS\secdrv.sys (manual start)
Secondary Logon: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
System Event Notification: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Serenum Filter Driver: system32\DRIVERS\serenum.sys (manual start)
Serial port driver: system32\DRIVERS\serial.sys (system)
Windows Firewall/Internet Connection Sharing (ICS): %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Shell Hardware Detection: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
USB Soft Modem Driver: system32\DRIVERS\slnt7554.sys (manual start)
SlNtHal: system32\DRIVERS\Slnthal.sys (manual start)
SmartLinkService: slserv.exe (autostart)
SlWdmSup: system32\DRIVERS\SlWdmSup.sys (manual start)
Symantec Network Drivers Service: "C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe" (manual start)
SPBBCDrv: \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (manual start)
Symantec SPBBCSvc: "C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe" (manual start)
Microsoft Kernel Audio Splitter: system32\drivers\splitter.sys (manual start)
Print Spooler: %SystemRoot%\system32\spoolsv.exe (autostart)
System Restore Filter Driver: system32\DRIVERS\sr.sys (system)
System Restore Service: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Srv: system32\DRIVERS\srv.sys (manual start)
SSDP Discovery Service: %SystemRoot%\system32\svchost.exe -k LocalService (manual start)
Windows Image Acquisition (WIA): %SystemRoot%\system32\svchost.exe -k imgsvc (manual start)
Software Bus Driver: system32\DRIVERS\swenum.sys (manual start)
Microsoft Kernel GS Wavetable Synthesizer: system32\drivers\swmidi.sys (manual start)
MS Software Shadow Copy Provider: C:\WINDOWS\system32\dllhost.exe /Processid:{E5098927-E5AD-46FE-8F8E-8A03F1E2CA7E} (manual start)
Symantec AntiVirus: "C:\Program Files\Symantec AntiVirus\Rtvscan.exe" (disabled)
symc810: \SystemRoot\system32\DRIVERS\symc810.sys (disabled)
symc8xx: \SystemRoot\system32\DRIVERS\symc8xx.sys (disabled)
SymEvent: \??\C:\Program Files\Symantec\SYMEVENT.SYS (manual start)
Symmpi: \SystemRoot\system32\DRIVERS\symmpi.sys (disabled)
SYMREDRV: \SystemRoot\System32\Drivers\SYMREDRV.SYS (manual start)
SYMTDI: \SystemRoot\System32\Drivers\SYMTDI.SYS (system)
sym_hi: \SystemRoot\system32\DRIVERS\sym_hi.sys (disabled)
sym_u3: \SystemRoot\system32\DRIVERS\sym_u3.sys (disabled)
Microsoft Kernel System Audio Device: system32\drivers\sysaudio.sys (manual start)
Performance Logs and Alerts: %SystemRoot%\system32\smlogsvc.exe (manual start)
Telephony: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
TCP/IP Protocol Driver: system32\DRIVERS\tcpip.sys (system)
Terminal Device Driver: system32\DRIVERS\termdd.sys (system)
Terminal Services: %SystemRoot%\System32\svchost -k DComLaunch (manual start)
Themes: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Telnet: C:\WINDOWS\system32\tlntsvr.exe (disabled)
tmcomm: \??\C:\WINDOWS\system32\drivers\tmcomm.sys (autostart)
Distributed Link Tracking Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Universal Plug and Play Device Host: %SystemRoot%\system32\svchost.exe -k LocalService (manual start)
Uninterruptible Power Supply: %SystemRoot%\System32\ups.exe (manual start)
Microsoft USB 2.0 Enhanced Host Controller Miniport Driver: system32\DRIVERS\usbehci.sys (manual start)
USB2 Enabled Hub: system32\DRIVERS\usbhub.sys (manual start)
USB Mass Storage Driver: system32\DRIVERS\USBSTOR.SYS (manual start)
Microsoft USB Universal Host Controller Miniport Driver: system32\DRIVERS\usbuhci.sys (manual start)
Messenger Sharing Folders USN Journal Reader service: "C:\Program Files\MSN Messenger\usnsvc.exe" (manual start)
VGA Display Controller.: \SystemRoot\System32\drivers\vga.sys (system)
ViaIde: \SystemRoot\system32\DRIVERS\viaide.sys (disabled)
XSS Virtual Disk Driver: \??\c:\windows\sminst\VirtDisk.sys (manual start)
Volume Shadow Copy: %SystemRoot%\System32\vssvc.exe (manual start)
Windows Time: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Remote Access IP ARP Driver: system32\DRIVERS\wanarp.sys (manual start)
Microsoft WINMM WDM Audio Compatibility Driver: system32\drivers\wdmaud.sys (manual start)
WebClient: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
Windows Defender: "C:\Program Files\Windows Defender\MsMpEng.exe" (autostart)
Windows Management Instrumentation: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Portable Media Serial Number Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Windows Management Instrumentation Driver Extensions: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
WMI Performance Adapter: C:\WINDOWS\system32\wbem\wmiapsrv.exe (manual start)
Windows Media Player Network Sharing Service: "C:\Program Files\Windows Media Player\WMPNetwk.exe" (manual start)
Windows Socket 2.0 Non-IFS Service Provider Support Environment: \SystemRoot\System32\drivers\ws2ifsl.sys (disabled)
Security Center: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Automatic Updates: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Windows Driver Foundation - User-mode Driver Framework Platform Driver: system32\DRIVERS\WudfPf.sys (manual start)
Windows Driver Foundation - User-mode Driver Framework Reflector: system32\DRIVERS\wudfrd.sys (manual start)
Windows Driver Foundation - User-mode Driver Framework: %SystemRoot%\system32\svchost.exe -k WudfServiceGroup (manual start)
Wireless Zero Configuration: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Network Provisioning Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)


--------------------------------------------------

Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*

Windows NT checkdisk command:
BootExecute = autocheck autochk *

Windows NT 'Wininit.ini':
PendingFileRenameOperations: *Registry value not found*

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\system32\webcheck.dll
SysTray: C:\WINDOWS\system32\stobject.dll
WPDShServiceObj: C:\WINDOWS\system32\WPDShServiceObj.dll

--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*No values found*

--------------------------------------------------

End of report, 35,414 bytes
Report generated in 0.093 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only

The above is my scan report, anyone can help to me. My desktop screen turn into blue and my start menu and task bar is missing. The rest of my programs albe to work out and I event can go into internet.
ivychai
Active Member
 
Posts: 6
Joined: September 1st, 2008, 5:08 am
Advertisement
Register to Remove

Please HELP HELP!!! Trojon-Desktop

Unread postby ivychai » September 3rd, 2008, 3:10 am

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:07:44, on 9/3/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sg.yahoo.com/?p=us
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - (no file)
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll
O2 - BHO: E-Zsoft VideoDownloaderToolBar - {4322A444-92F8-4C3E-BD4C-013BA51E2871} - C:\Program Files\VersalSoft\InternetDownload\VDTB.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: (no name) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - (no file)
O3 - Toolbar: E-Zsoft VideoDownloaderToolBar - {4322A444-92F8-4C3E-BD4C-013BA51E2871} - C:\Program Files\VersalSoft\InternetDownload\VDTB.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [Scheduler] C:\WINDOWS\SMINST\Scheduler.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [InternetDownload_upgrade] "C:\Program Files\VersalSoft\InternetDownload\InternetDownload.exe" /upgrade
O4 - HKLM\..\Run: [PDF Complete] "C:\Program Files\PDF Complete\pdfsty.exe"
O4 - HKLM\..\Run: [SetRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Reminder] C:\WINDOWS\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\RunOnce: [A_Logoff] c:\windows\system32\wscript.exe c:\windows\logoffper.vbs //b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Quicknote] C:\Program Files\Quicknote\quicknote.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray
O4 - HKCU\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs"
O4 - HKCU\..\RunOnce: [TSClientAXDisabler] cmd.exe /C "%systemroot%\Installer\TSClientMsiTrans\tscdsbl.bat"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Microsoft Office Shortcut Bar.lnk = C:\Program Files\Microsoft Office\Office\MSOFFICE.EXE
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Printer Monitor.lnk = C:\Program Files\Fuji Xerox\CentreWare\EasyOperator\Cwtray.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/v ... .2.4.3.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9ED7CD96-67C5-430D-A457-BC5B341B909B}: NameServer = 210.192.2.34,165.21.83.88
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: Windows Installer (MSIServer) - Unknown owner - C:\WINNT\system32\msiexec.exe (file missing)
O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 7892 bytes

My PC got the Trojon.Desktop virus :( and I have do the Scan. The above is the scan analysis. Anyone Can help me, I have try to fix in couples days yet cant solve. I still cant get back my start button and taskbar menu. Pls help me!!!
ivychai
Active Member
 
Posts: 6
Joined: September 1st, 2008, 5:08 am

Re: Please HELP HELP!!! Trojon-Desktop

Unread postby Shaba » September 5th, 2008, 4:37 am

Hi ivychai

To access the Uninstall Manager you would do the following:

1. Start HijackThis
2. Click on the Config button
3. Click on the Misc Tools button
4. Click on the Open Uninstall Manager button.

You will now be presented with a screen similar to the one below:

Image

5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here on your next reply.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: Please HELP HELP!!! Trojon-Desktop

Unread postby ivychai » September 7th, 2008, 11:41 pm

Hi! The following is my report for your info, thanks. Hope My PC ablt ot cover back and no need re-format everythings.

Able2Extract v5.0
Adobe Flash Player ActiveX
Adobe Reader 7.0.9
BitComet 1.02
CCS Enterprise Client
doPDF 5.3 printer
Fuji Xerox CentreWare EasyOperator
Fuji Xerox DocuWorks V4.0.2 [ENG]
Fuji Xerox Network Scanner Utility2
Glary Registry Repair 2.9
Google Desktop
Google Toolbar for Internet Explorer
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB952287)
HP Backup and Recovery Manager
HP Help and Support
Intel(R) Graphics Media Accelerator Driver
InterVideo WinDVD
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) SE Runtime Environment 6 Update 1
LiveReg (Symantec Corporation)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 97, Professional Edition
Microsoft User-Mode Driver Framework Feature Pack 1.0
MSXML 4.0 SP2 (KB936181)
NJStar Communicator
OneCare Advisor (Windows Live Toolbar)
PDF Complete
Popup Blocker (Windows Live Toolbar)
PPStream
Quicknote 5.4
REALTEK GbE & FE Ethernet PCI NIC Driver
Realtek High Definition Audio Driver
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Skype 3.0
Skype Plugin Manager
Smart Menus (Windows Live Toolbar)
Symantec AntiVirus
Symantec pcAnywhere
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Versal FileDownload ActiveX Control Trial Version
Windows Defender
Windows Live Favorites for Windows Live Toolbar
Windows Live Messenger
Windows Live Outlook Toolbar (Windows Live Toolbar)
Windows Live Sign-in Assistant
Windows Live Toolbar
Windows Live Toolbar
Windows Live Toolbar Extension (Windows Live Toolbar)
Windows Live Toolbar Feed Detector (Windows Live Toolbar)
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Service Pack 3
WinZip Self-Extractor
ivychai
Active Member
 
Posts: 6
Joined: September 1st, 2008, 5:08 am

Re: Please HELP HELP!!! Trojon-Desktop

Unread postby Shaba » September 8th, 2008, 3:33 am

IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

BitComet 1.02

I'd like you to read the MRU policy for P2P Programs.

Please go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).

Please run a new HJT scan when finished and post the log back here along with a fresh uninstall list.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: Please HELP HELP!!! Trojon-Desktop

Unread postby ivychai » September 11th, 2008, 6:12 am

I have remove the programe and the following is my log file for your info:-
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:11:01, on 9/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sg.yahoo.com/?p=us
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - (no file)
O2 - BHO: E-Zsoft VideoDownloaderToolBar - {4322A444-92F8-4C3E-BD4C-013BA51E2871} - C:\Program Files\VersalSoft\InternetDownload\VDTB.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: (no name) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - (no file)
O3 - Toolbar: E-Zsoft VideoDownloaderToolBar - {4322A444-92F8-4C3E-BD4C-013BA51E2871} - C:\Program Files\VersalSoft\InternetDownload\VDTB.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [Scheduler] C:\WINDOWS\SMINST\Scheduler.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [InternetDownload_upgrade] "C:\Program Files\VersalSoft\InternetDownload\InternetDownload.exe" /upgrade
O4 - HKLM\..\Run: [PDF Complete] "C:\Program Files\PDF Complete\pdfsty.exe"
O4 - HKLM\..\Run: [SetRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Reminder] C:\WINDOWS\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\RunOnce: [A_Logoff] c:\windows\system32\wscript.exe c:\windows\logoffper.vbs //b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Quicknote] C:\Program Files\Quicknote\quicknote.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray
O4 - HKCU\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs"
O4 - HKCU\..\RunOnce: [TSClientAXDisabler] cmd.exe /C "%systemroot%\Installer\TSClientMsiTrans\tscdsbl.bat"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Microsoft Office Shortcut Bar.lnk = C:\Program Files\Microsoft Office\Office\MSOFFICE.EXE
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Printer Monitor.lnk = C:\Program Files\Fuji Xerox\CentreWare\EasyOperator\Cwtray.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Fac ... oader5.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/v ... .2.4.3.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9ED7CD96-67C5-430D-A457-BC5B341B909B}: NameServer = 210.192.2.34,165.21.83.88
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: Windows Installer (MSIServer) - Unknown owner - C:\WINNT\system32\msiexec.exe (file missing)
O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 7740 bytes
ivychai
Active Member
 
Posts: 6
Joined: September 1st, 2008, 5:08 am

Re: Please HELP HELP!!! Trojon-Desktop

Unread postby Shaba » September 11th, 2008, 6:36 am

HijackThis log cuts off; it has no Running processes section.

So please post a fresh HijackThis log and fresh uninstall list.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: Please HELP HELP!!! Trojon-Desktop

Unread postby ivychai » September 12th, 2008, 10:23 pm

The Scan Logfile

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:13:42, on 9/13/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sg.yahoo.com/?p=us
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - (no file)
O2 - BHO: E-Zsoft VideoDownloaderToolBar - {4322A444-92F8-4C3E-BD4C-013BA51E2871} - C:\Program Files\VersalSoft\InternetDownload\VDTB.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: (no name) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - (no file)
O3 - Toolbar: E-Zsoft VideoDownloaderToolBar - {4322A444-92F8-4C3E-BD4C-013BA51E2871} - C:\Program Files\VersalSoft\InternetDownload\VDTB.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [Scheduler] C:\WINDOWS\SMINST\Scheduler.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [InternetDownload_upgrade] "C:\Program Files\VersalSoft\InternetDownload\InternetDownload.exe" /upgrade
O4 - HKLM\..\Run: [PDF Complete] "C:\Program Files\PDF Complete\pdfsty.exe"
O4 - HKLM\..\Run: [SetRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Reminder] C:\WINDOWS\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\RunOnce: [A_Logoff] c:\windows\system32\wscript.exe c:\windows\logoffper.vbs //b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Quicknote] C:\Program Files\Quicknote\quicknote.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray
O4 - HKCU\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs"
O4 - HKCU\..\RunOnce: [TSClientAXDisabler] cmd.exe /C "%systemroot%\Installer\TSClientMsiTrans\tscdsbl.bat"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Microsoft Office Shortcut Bar.lnk = C:\Program Files\Microsoft Office\Office\MSOFFICE.EXE
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Printer Monitor.lnk = C:\Program Files\Fuji Xerox\CentreWare\EasyOperator\Cwtray.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Fac ... oader5.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/v ... .2.4.3.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9ED7CD96-67C5-430D-A457-BC5B341B909B}: NameServer = 210.192.2.34,165.21.83.88
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: Windows Installer (MSIServer) - Unknown owner - C:\WINNT\system32\msiexec.exe (file missing)
O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 7740 bytes

The Startup List
AskBar BHO - (no file) - {201f27d4-3704-41d6-89c1-aa35e39143ed}
E-Zsoft VideoDownloaderToolBar - C:\Program Files\VersalSoft\InternetDownload\VDTB.dll - {4322A444-92F8-4C3E-BD4C-013BA51E2871}
SSVHelper Class - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
(no name) - (no file) - {7E853D72-626A-48EC-A868-BA8D5E23E045}
(no name) - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll - {9030D464-4C02-4ABF-8ECC-5164760863C6}
(no name) - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D}
Windows Live Toolbar Helper - C:\Program Files\Windows Live Toolbar\msntb.dll - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}

--------------------------------------------------

Enumerating Task Scheduler jobs:

Check Updates for Windows Live Toolbar.job
MP Scheduled Scan.job

--------------------------------------------------

Enumerating Download Program Files:

[Facebook Photo Uploader 5]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\ImageUploader5.ocx
CODEBASE = http://upload.facebook.com/controls/Fac ... oader5.cab

[DLM Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\DOWNLO~1.OCX
CODEBASE = http://dlm.tools.akamai.com/dlmanager/v ... .2.4.3.cab

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\system32\Macromed\Flash\Flash9e.ocx
CODEBASE = http://fpdownload.macromedia.com/get/sh ... wflash.cab

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\system32\webcheck.dll
SysTray: C:\WINDOWS\system32\stobject.dll
WPDShServiceObj: C:\WINDOWS\system32\WPDShServiceObj.dll

--------------------------------------------------
End of report, 9,166 bytes
Report generated in 0.063 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only

The Uninstall_List
Able2Extract v5.0
Adobe Flash Player ActiveX
Adobe Reader 7.0.9
CCS Enterprise Client
doPDF 5.3 printer
Fuji Xerox CentreWare EasyOperator
Fuji Xerox DocuWorks V4.0.2 [ENG]
Fuji Xerox Network Scanner Utility2
Glary Registry Repair 2.9
Google Desktop
Google Toolbar for Internet Explorer
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB952287)
HP Backup and Recovery Manager
HP Help and Support
Intel(R) Graphics Media Accelerator Driver
InterVideo WinDVD
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) SE Runtime Environment 6 Update 1
LiveReg (Symantec Corporation)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 97, Professional Edition
Microsoft User-Mode Driver Framework Feature Pack 1.0
MSXML 4.0 SP2 (KB936181)
NJStar Communicator
OneCare Advisor (Windows Live Toolbar)
PDF Complete
Popup Blocker (Windows Live Toolbar)
PPStream
Quicknote 5.4
REALTEK GbE & FE Ethernet PCI NIC Driver
Realtek High Definition Audio Driver
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Skype 3.0
Skype Plugin Manager
Smart Menus (Windows Live Toolbar)
Symantec AntiVirus
Symantec pcAnywhere
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Versal FileDownload ActiveX Control Trial Version
Windows Defender
Windows Live Favorites for Windows Live Toolbar
Windows Live Messenger
Windows Live Outlook Toolbar (Windows Live Toolbar)
Windows Live Sign-in Assistant
Windows Live Toolbar
Windows Live Toolbar
Windows Live Toolbar Extension (Windows Live Toolbar)
Windows Live Toolbar Feed Detector (Windows Live Toolbar)
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Service Pack 3
WinZip Self-Extractor
ivychai
Active Member
 
Posts: 6
Joined: September 1st, 2008, 5:08 am

Re: Please HELP HELP!!! Trojon-Desktop

Unread postby Shaba » September 13th, 2008, 4:51 am

There is still no running processes.

Let's try this:

  1. Please download OTViewIt by OldTimer and save it to your Desktop.
  2. Close all applications and windows.
  3. Double-click on the OTViewIt.exeto start OTViewIt.
  4. Place a checkmark in the blue-colored "Scan All Users" checkbox.
  5. Click the blue Run Scan button.
  6. OTViewIt will now start its scan.
  7. When the scan is complete, two text files will be created, OTViewIt.Txt <- this one will be opened in Notepad and Extras.txt, on Desktop.
  8. Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of OTViewIt.Txt and the Extras.txt to your post.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: Please HELP HELP!!! Trojon-Desktop

Unread postby ivychai » September 16th, 2008, 12:16 am

OTViewIt.Txt

OTViewIt logfile created on: 9/16/2008 12:14:04 PM - Run 1
OTViewIt by OldTimer - Version 1.0.4.0 Folder = C:\Program Files
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.42 Mb Total Physical Memory | 546.44 Mb Available Physical Memory | 53.87% Memory free
1.63 Gb Paging File | 1.30 Gb Available in Paging File | 79.55% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 66.51 Gb Total Space | 50.73 Gb Free Space | 76.28% Space Free | Partition Type: NTFS
Drive D: | 8.01 Gb Total Space | 1.96 Gb Free Space | 24.49% Space Free | Partition Type: NTFS
Drive E: | 1.39 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 9.77 Gb Total Space | 8.89 Gb Free Space | 91.03% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded
Drive J: | 35.46 Gb Total Space | 2.54 Gb Free Space | 7.17% Space Free | Partition Type: NTFS

Computer Name: AD02
Current User Name: Ivychai
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On

========== Processes - Non-Microsoft Only ==========

[04/08/2005 15:54:52 | 00,161,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
[04/08/2005 15:52:32 | 00,185,968 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
[04/17/2005 12:30:32 | 00,019,648 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe
[06/19/2008 16:59:12 | 00,592,232 | ---- | M] () -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe
[07/15/2006 00:43:26 | 00,534,040 | ---- | M] (PDF Complete Inc) -- C:\Program Files\PDF Complete\pdfsvc.exe
[04/17/2005 12:30:42 | 00,124,608 | ---- | M] (symantec) -- C:\Program Files\Symantec AntiVirus\SavRoam.exe
[04/17/2005 12:30:40 | 01,706,176 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe
[09/16/2008 12:13:50 | 00,423,424 | ---- | M] (OldTimer Tools) -- C:\Program Files\OTViewIt.exe

========== (O23) Win32 Services - Non-Microsoft Only ==========

[11/01/2004 11:50:00 | 00,106,496 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\pcAnywhere\awhost32.exe -- (awhost32 [On_Demand | Stopped])
[04/08/2005 15:52:32 | 00,185,968 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr [Auto | Running])
[04/08/2005 15:54:50 | 00,083,568 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe -- (ccPwdSvc [On_Demand | Stopped])
[04/08/2005 15:54:52 | 00,161,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr [Auto | Running])
[04/17/2005 12:30:32 | 00,019,648 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch [Auto | Running])
[06/19/2008 16:59:12 | 00,592,232 | ---- | M] () -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe -- (ioloFileInfoList [Auto | Running])
[06/19/2008 16:59:12 | 00,592,232 | ---- | M] () -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe -- (ioloSystemService [Auto | Running])
File not found -- C:\WINNT\system32\msiexec.exe -- (MSIServer [On_Demand | Stopped])
[06/14/2006 08:39:58 | 00,364,544 | ---- | M] (SoftThinks) -- C:\WINDOWS\SMINST\PCAngel.exe -- (PCA [Auto | Stopped])
[07/15/2006 00:43:26 | 00,534,040 | ---- | M] (PDF Complete Inc) -- C:\Program Files\PDF Complete\pdfsvc.exe -- (pdfcDispatcher [Auto | Running])
[04/17/2005 12:30:42 | 00,124,608 | ---- | M] (symantec) -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam [Auto | Running])
[04/05/2005 11:17:22 | 00,206,552 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc [On_Demand | Stopped])
[03/30/2005 21:48:22 | 00,992,864 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc [On_Demand | Stopped])
[04/17/2005 12:30:40 | 01,706,176 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus [Auto | Running])

========== Driver Services - Non-Microsoft Only ==========

[05/09/2002 01:44:42 | 00,105,472 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\system32\drivers\adpu320.sys -- (adpu320 [Disabled | Stopped])
[03/05/2004 12:52:22 | 00,008,368 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\awechomd.sys -- (awecho [System | Running])
[11/17/2003 18:06:48 | 00,011,165 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\AWLEGACY.sys -- (awlegacy [System | Running])
[10/23/2003 09:32:20 | 00,016,984 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\AW_HOST5.sys -- (AW_HOST [Disabled | Stopped])
[09/02/2008 15:05:49 | 00,371,248 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl [System | Running])
[04/21/2003 12:00:32 | 00,013,898 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\GERNUWA.sys -- (Gernuwa [Boot | Running])
[08/20/2008 20:14:48 | 00,089,104 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20080910.003\NAVENG.SYS -- (NAVENG [On_Demand | Running])
[08/20/2008 20:14:49 | 00,873,552 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20080910.003\NAVEX15.SYS -- (NAVEX15 [On_Demand | Running])
[02/27/2006 00:46:20 | 00,081,408 | ---- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp [On_Demand | Running])
[02/04/2005 20:14:30 | 00,324,232 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\savrt.sys -- (SAVRT [System | Running])
[02/04/2005 20:14:32 | 00,053,896 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL [System | Running])
[03/30/2005 21:48:20 | 00,372,832 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv [On_Demand | Stopped])
[04/01/2005 20:36:04 | 00,123,200 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent [On_Demand | Running])
[04/05/2005 11:17:00 | 00,017,976 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symredrv.sys -- (SYMREDRV [On_Demand | Stopped])
[04/05/2005 11:17:02 | 00,267,192 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symtdi.sys -- (SYMTDI [System | Running])
[05/06/2006 08:34:02 | 00,057,344 | ---- | M] (XSS) -- c:\WINDOWS\SMINST\virtdisk.sys -- (VirtDisk [On_Demand | Stopped])


========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL" = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
"Default_Search_URL" = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
"Default_Secondary_Page_URL" =
"Extensions Off Page" = about:NoAdd-ons
"Local Page" = C:\windows\system32\blank.htm
"Search Page" = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
"Security Risk Page" = about:SecurityRisk
"Start Page" = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch" = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"Default_Search_URL" = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
"SearchAssistant" = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Search_URL" = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
"Local Page" = C:\WINDOWS\system32\blank.htm
"Page_Transitions" =
"Search Page" = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
"Start Page" = http://sg.yahoo.com/?p=us

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]
"" = http://home.microsoft.com/access/autosearch.asp?p=%s
" " = +
"#" = %23
"&" = %26
"?" = %3F
"+" = %2B
"=" = %3D

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]
"Search Page" = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
"Start Page" = http://www.hp.com

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]
"Search Page" = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
"Start Page" = http://www.hp.com

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]
"Start Page" = http://www.hp.com

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]
"Start Page" = http://www.hp.com

[HKEY_USERS\S-1-5-21-2641314650-930919617-3193332438-1007\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Search_URL" = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
"Local Page" = C:\WINDOWS\system32\blank.htm
"Page_Transitions" =
"Search Page" = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
"Start Page" = http://sg.yahoo.com/?p=us

[HKEY_USERS\S-1-5-21-2641314650-930919617-3193332438-1007\Software\Microsoft\Internet Explorer\SearchURL]
"" = http://home.microsoft.com/access/autosearch.asp?p=%s
" " = +
"#" = %23
"&" = %26
"?" = %3F
"+" = %2B
"=" = %3D

[HKEY_USERS\S-1-5-21-2641314650-930919617-3193332438-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

========== (O1) Hosts File ==========

HOSTS File = (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
{201f27d4-3704-41d6-89c1-aa35e39143ed} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
{4322A444-92F8-4C3E-BD4C-013BA51E2871} (HKLM) -- C:\Program Files\VersalSoft\InternetDownload\VDTB.dll ()
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
{7E853D72-626A-48EC-A868-BA8D5E23E045} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (HKLM) -- C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll (Google Inc.)

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{4322A444-92F8-4C3E-BD4C-013BA51E2871}" (HKLM) -- C:\Program Files\VersalSoft\InternetDownload\VDTB.dll ()

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
"{238D3403-0761-4B4D-851C-050A3A0AC40A}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
"{724D43A0-0D85-11D4-9908-00400523E39A}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-2641314650-930919617-3193332438-1007\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
"{238D3403-0761-4B4D-851C-050A3A0AC40A}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
"{724D43A0-0D85-11D4-9908-00400523E39A}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Alcmtr" = ALCMTR.EXE (Realtek Semiconductor Corp.)
"ccApp" = "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" (Symantec Corporation)
"Google Desktop Search" = "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup (Google)
"HotKeysCmds" = C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
"IgfxTray" = C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
"InternetDownload_upgrade" = "C:\Program Files\VersalSoft\InternetDownload\InternetDownload.exe" /upgrade File not found
"MSPY2002" = C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC ()
"PDF Complete" = "C:\Program Files\PDF Complete\pdfsty.exe" (PDF Complete Inc)
"Persistence" = C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
"QuickTime Task" = "C:\Program Files\QuickTime\qttask.exe" -atboottime File not found
"Recguard" = C:\WINDOWS\Sminst\Recguard.exe ()
"Reminder" = C:\WINDOWS\Creator\Remind_XP.exe ()
"RTHDCPL" = RTHDCPL.EXE (Realtek Semiconductor Corp.)
"Scheduler" = C:\WINDOWS\SMINST\Scheduler.exe ()
"SetRefresh" = C:\Program Files\Compaq\SetRefresh\SetRefresh.exe (Hewlett-Packard Company)
"SkyTel" = SkyTel.EXE (Realtek Semiconductor Corp.)
"SunJavaUpdateSched" = "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" (Sun Microsystems, Inc.)
"vptray" = C:\PROGRA~1\SYMANT~1\VPTray.exe (Symantec Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitComet" = "C:\Program Files\BitComet\BitComet.exe" /tray File not found
"Quicknote" = C:\Program Files\Quicknote\quicknote.exe (JC&MB)
"swg" = C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
"updateMgr" = "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 (Adobe Systems Incorporated)

[HKEY_USERS\S-1-5-21-2641314650-930919617-3193332438-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitComet" = "C:\Program Files\BitComet\BitComet.exe" /tray File not found
"Quicknote" = C:\Program Files\Quicknote\quicknote.exe (JC&MB)
"swg" = C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
"updateMgr" = "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 (Adobe Systems Incorporated)

========== (O4) Startup Folders ==========

[09/23/2005 22:05:26 | 00,029,696 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
[08/01/1997 00:00:00 | 00,111,376 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
[08/01/1997 00:00:00 | 00,051,984 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
[09/14/2005 18:35:42 | 00,069,632 | ---- | M] (Fuji Xerox Co., Ltd.) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Printer Monitor.lnk = C:\Program Files\Fuji Xerox\CentreWare\EasyOperator\Cwtray.exe

========== (O6 & O7) Internet Explorer Policies ==========
[HKEY_CURRENT_USER\Software\policies\microsoft\internet explorer\Restrictions] - present
[HKEY_LOCAL_MACHINE\Software\policies\microsoft\internet explorer\Restrictions] - present

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoControlPanel" = 0


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun" = 145
"NoToolbarsOnTaskbar" = 0
"NoSetTaskbar" = 0
"NoSaveSettings" = 0
"NoActiveDesktop" = 0
"ClassicShell" = 0
"NoBandCustomize" = 0
"NoMovingBands" = 0
"NoCloseDragDropBands" = 0
"NoActiveDesktopChanges" = [binary data]
"NoControlPanel" = 0
"NoChangeStartMenu" = 0
"NoStartMenuSubFolders" = 0
"NoStartMenuMFUprogramsList" = 0
"NoStartMenuMorePrograms" = 0
"NoThemesTab" = 0
"NoFolderOptions" = 0
"NoPropertiesMyComputer" = 0
"NoPropertiesMyDocuments" = 0


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"DisableRegistryTools" = 0
"NoDispCPL" = 0
"NoDispBackgroundPage" = 0
"NoDispScrSavPage" = 0
"NoDispAppearancePage" = 0
"NoColorChoice" = 0
"NoSizeChoice" = 0
"NoVisualStyleChoice" = 0
"NoDispSettingsPage" = 0

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun" = 145

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun" = 145

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun" = 145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun" = 145

[HKEY_USERS\S-1-5-21-2641314650-930919617-3193332438-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun" = 145
"NoToolbarsOnTaskbar" = 0
"NoSetTaskbar" = 0
"NoSaveSettings" = 0
"NoActiveDesktop" = 0
"ClassicShell" = 0
"NoBandCustomize" = 0
"NoMovingBands" = 0
"NoCloseDragDropBands" = 0
"NoActiveDesktopChanges" = [binary data]
"NoControlPanel" = 0
"NoChangeStartMenu" = 0
"NoStartMenuSubFolders" = 0
"NoStartMenuMFUprogramsList" = 0
"NoStartMenuMorePrograms" = 0
"NoThemesTab" = 0
"NoFolderOptions" = 0
"NoPropertiesMyComputer" = 0
"NoPropertiesMyDocuments" = 0


[HKEY_USERS\S-1-5-21-2641314650-930919617-3193332438-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"DisableRegistryTools" = 0
"NoDispCPL" = 0
"NoDispBackgroundPage" = 0
"NoDispScrSavPage" = 0
"NoDispAppearancePage" = 0
"NoColorChoice" = 0
"NoSizeChoice" = 0
"NoVisualStyleChoice" = 0
"NoDispSettingsPage" = 0

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
"" = http://

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{0CCA191D-13A6-4E29-B746-314DEE697D83}: http://upload.facebook.com/controls/Fac ... oader5.cab -- Facebook Photo Uploader 5
{4871A87A-BFDD-4106-8153-FFDE2BAC2967}: http://dlm.tools.akamai.com/dlmanager/v ... .2.4.3.cab -- DLM Control
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab -- Java Plug-in 1.6.0_05
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab -- Java Plug-in 1.6.0_01
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab -- Java Plug-in 1.6.0_03
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab -- Java Plug-in 1.6.0_05
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab -- Java Plug-in 1.6.0_05
{D27CDB6E-AE6D-11CF-96B8-444553540000}: http://fpdownload.macromedia.com/get/sh ... wflash.cab -- Shockwave Flash Object

========== (O17) DNS Name Servers ==========

{9ED7CD96-67C5-430D-A457-BC5B341B909B} (Servers: 210.192.2.34,165.21.83.88 | Description: Realtek RTL8169/8110 Family Gigabit Ethernet NIC)

========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
igfxcui: "DllName" = igfxdev.dll -- C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
NavLogon: "DllName" = C:\WINDOWS\system32\NavLogon.dll -- C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
PCANotify: "DllName" = PCANotify.dll -- C:\WINDOWS\system32\PCANotify.dll (Symantec Corporation)
WgaLogon: "DllName" = Reg Error: Value DLLName does not exist or could not be read. -- File not found

========== IFEO "Debugger" Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\]
explorer.exe:"Debugger" = C:\Program Files\Microsoft Common\svchost.exe File not found

========== Safeboot Options ==========

"AlternateShell" = cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

Autorun.inf [[AUTORUN] | ShellExecute=Info.exe protect.ed 480 480 | ]
[05/01/2004 09:01:00 | 00,000,053 | -HS- | M] () -- D:\Autorun.inf -- [ NTFS ]

========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{370f0bb6-8b61-11dc-83d5-0019bb442c67}\Shell]
"" = AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{370f0bb6-8b61-11dc-83d5-0019bb442c67}\Shell\AutoRun]
"" = Auto&Play


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{370f0bb6-8b61-11dc-83d5-0019bb442c67}\Shell\AutoRun\command]
"" = F:\SmartAp.exe -- File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3795247d-9fa7-11db-82f1-806d6172696f}\Shell]
"" = AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3795247d-9fa7-11db-82f1-806d6172696f}\Shell\AutoRun]
"" = Auto&Play


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3795247d-9fa7-11db-82f1-806d6172696f}\Shell\AutoRun\command]
"" = C:\WINDOWS\system32\shell32.dll -- [04/14/2008 08:12:05 | 08,461,312 | ---- | M] (Microsoft Corporation)


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9e16e078-0e4c-11dc-8360-0019bb442c67}\Shell\AutoRun\command]
"" = F:\t.com -- File not found


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9e16e078-0e4c-11dc-8360-0019bb442c67}\Shell\explore\Command]
"" = F:\t.com -- File not found


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9e16e078-0e4c-11dc-8360-0019bb442c67}\Shell\open\Command]
"" = F:\t.com -- File not found


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c86677e6-4ca2-11dc-83a1-0019bb442c67}\Shell\Auto\command]
"" = Ghost.pif

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c86677e6-4ca2-11dc-83a1-0019bb442c67}\Shell\AutoRun]
"" = Auto&Play


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c86677e6-4ca2-11dc-83a1-0019bb442c67}\Shell\AutoRun\command]
"" = C:\WINDOWS\system32\shell32.dll -- [04/14/2008 08:12:05 | 08,461,312 | ---- | M] (Microsoft Corporation)



========== Files/Folders - Created Within 30 days ==========

[10 C:\WINDOWS\System32\*.tmp files]
[2 C:\WINDOWS\*.tmp files]
[08/18/2008 11:53:56 | 03,483,776 | ---- | C] (VersalSoft) -- C:\Program Files\Active X Control.EXE
[08/18/2008 11:57:00 | 00,000,739 | ---- | C] () -- C:\Documents and Settings\Ivychai\Desktop\Explorer.lnk
[08/25/2008 16:59:48 | 00,000,655 | ---- | C] () -- C:\Documents and Settings\Ivychai\Desktop\Shortcut to projccs.lnk
[08/25/2008 17:05:48 | 00,000,710 | ---- | C] () -- C:\Documents and Settings\Ivychai\Desktop\Shortcut to msnmsgr.lnk
[08/25/2008 17:12:35 | 00,000,654 | ---- | C] () -- C:\Documents and Settings\Ivychai\Desktop\Microsoft Excel.lnk
[08/25/2008 17:12:39 | 00,000,666 | ---- | C] () -- C:\Documents and Settings\Ivychai\Desktop\Microsoft Word.lnk
[08/25/2008 17:13:05 | 00,000,712 | ---- | C] () -- C:\Documents and Settings\Ivychai\Desktop\Shortcut to msimn.lnk
[08/26/2008 15:30:07 | 01,895,887 | ---- | C] (GlarySoft.com ) -- C:\Program Files\rrsetup.exe
[08/26/2008 15:31:17 | 00,000,700 | ---- | C] () -- C:\Documents and Settings\Ivychai\Desktop\Glary Registry Repair.lnk
[08/26/2008 17:02:58 | 00,491,120 | ---- | C] () -- C:\Program Files\sm_dm.exe
[08/26/2008 17:10:39 | 00,074,703 | ---- | C] () -- C:\WINDOWS\System32\mfc45.dll
[08/26/2008 17:14:16 | 00,029,696 | ---- | C] () -- C:\WINDOWS\System32\iolobtdfg.exe
[08/26/2008 17:14:18 | 00,008,704 | ---- | C] () -- C:\WINDOWS\System32\smrgdf.exe
[08/26/2008 17:15:06 | 00,918,368 | ---- | C] () -- C:\WINDOWS\System32\Incinerator.dll
[08/26/2008 17:16:13 | 00,000,406 | ---- | C] () -- C:\WINDOWS\System32\ioloBootDefrag.cfg
[08/28/2008 10:45:49 | 00,003,334 | ---- | C] () -- C:\WINDOWS\System32\tmp.reg
[08/28/2008 12:28:01 | 03,478,904 | ---- | C] () -- C:\Program Files\lusetup.exe
[08/28/2008 18:26:16 | 00,000,032 | ---- | C] () -- C:\WINDOWS\System32\ldsk.sys
[08/29/2008 11:10:00 | 00,064,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod
[08/29/2008 11:10:07 | 00,129,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\cxthsfs2.cty
[08/29/2008 11:10:26 | 00,000,974 | ---- | C] () -- C:\WINDOWS\System32\pid.inf
[08/29/2008 11:11:06 | 00,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img
[08/29/2008 15:20:55 | 00,000,045 | -HS- | C] () -- C:\Documents and Settings\Ivychai\Desktop\Desktop.ini
[08/29/2008 17:13:48 | 10,637,68064 | -HS- | C] () -- C:\hiberfil.sys
[08/29/2008 18:27:49 | 03,327,000 | ---- | C] () -- C:\Program Files\WindowsXP-KB942288-v3-x86.exe
[08/29/2008 20:43:54 | 00,000,011 | ---- | C] () -- C:\AuResult.ini
[09/01/2008 09:42:39 | 00,000,783 | ---- | C] () -- C:\Documents and Settings\Ivychai\Desktop\Shortcut to Windows Classic.lnk
[09/01/2008 09:57:25 | 00,004,312 | ---- | C] () -- C:\Program Files\nodesktop.reg
[09/01/2008 10:16:15 | 05,154,304 | ---- | C] () -- C:\Program Files\WindowsDefender.msi
[09/01/2008 10:19:23 | 00,000,330 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[09/01/2008 10:20:31 | 00,001,736 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Windows Live Messenger.lnk
[09/01/2008 12:10:20 | 00,000,638 | ---- | C] () -- C:\Documents and Settings\Ivychai\Desktop\Shortcut to cleanmgr.lnk
[09/01/2008 12:43:19 | 00,000,745 | ---- | C] () -- C:\Documents and Settings\Ivychai\Desktop\Shortcut to dwdesk.lnk
[09/01/2008 16:25:16 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Program Files\HJTInstall.exe
[09/01/2008 16:25:25 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Ivychai\Desktop\HijackThis.lnk
[09/01/2008 16:53:15 | 00,001,757 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
[09/01/2008 16:53:17 | 00,000,761 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office Shortcut Bar.lnk
[09/01/2008 16:53:19 | 00,000,736 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Office Startup.lnk
[09/01/2008 16:53:19 | 00,000,761 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Find Fast.lnk
[09/01/2008 16:53:20 | 00,000,958 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Printer Monitor.lnk
[09/01/2008 17:49:19 | 00,003,601 | ---- | C] () -- C:\Program Files\wininstaller.reg
[09/01/2008 19:42:42 | 00,002,521 | ---- | C] () -- C:\Program Files\xp_taskbar_desktop_fixall.vbs
[09/01/2008 19:48:09 | 00,003,574 | ---- | C] () -- C:\Program Files\restoretaskbar.reg
[09/01/2008 20:17:05 | 00,000,157 | ---- | C] () -- C:\Program Files\restoreregistry.reg
[09/01/2008 20:17:48 | 00,000,656 | ---- | C] () -- C:\Program Files\displayrestore.reg
[09/01/2008 20:18:17 | 00,000,326 | ---- | C] () -- C:\Program Files\showcontrolpanel.reg
[09/01/2008 20:18:39 | 00,000,589 | ---- | C] () -- C:\Program Files\showdesktopicons.reg
[09/01/2008 20:19:02 | 00,000,273 | ---- | C] () -- C:\Program Files\controlpanelrestrictionrestore.reg
[09/01/2008 20:19:28 | 00,001,403 | ---- | C] () -- C:\Program Files\mycomputer.vbs
[09/01/2008 20:20:15 | 00,000,180 | ---- | C] () -- C:\Program Files\doublepane.reg
[09/01/2008 20:20:38 | 00,000,441 | ---- | C] () -- C:\Program Files\startmenuenable.reg
[09/01/2008 20:23:23 | 00,040,094 | ---- | C] () -- C:\Program Files\StartupTracker3.zip
[09/02/2008 09:24:22 | 00,009,066 | ---- | C] () -- C:\Program Files\wininstallerwindows.reg
[09/02/2008 09:36:11 | 00,001,330 | ---- | C] () -- C:\Program Files\desktoptab.reg
[09/02/2008 09:36:21 | 00,000,269 | ---- | C] () -- C:\Program Files\folderoptions.reg
[09/02/2008 09:38:44 | 00,000,414 | ---- | C] () -- C:\Program Files\comdocproperties.reg
[09/02/2008 09:40:14 | 00,000,556 | ---- | C] () -- C:\Program Files\noclosedragdropbands.reg
[09/02/2008 09:40:33 | 00,001,751 | ---- | C] () -- C:\Program Files\RestoreSearch2.REG
[09/02/2008 09:40:47 | 00,000,570 | ---- | C] () -- C:\Program Files\userinit.reg
[09/02/2008 09:41:03 | 00,002,322 | ---- | C] () -- C:\Program Files\find.reg
[09/02/2008 09:42:37 | 00,000,408 | ---- | C] () -- C:\Program Files\admincontrolpanel.reg
[09/02/2008 09:43:54 | 00,020,766 | ---- | C] () -- C:\Program Files\viewfolderrestore.reg
[09/02/2008 09:44:21 | 00,000,390 | ---- | C] () -- C:\Program Files\controlrightclick.reg
[09/02/2008 09:44:56 | 00,003,504 | ---- | C] () -- C:\Program Files\foldershell.reg
[09/02/2008 09:45:27 | 00,009,830 | ---- | C] () -- C:\Program Files\exefix.reg
[09/02/2008 10:07:33 | 00,000,408 | ---- | C] () -- C:\Documents and Settings\Ivychai\Desktop\Shortcut to IVY.lnk
[09/10/2008 10:00:25 | 00,000,755 | ---- | C] () -- C:\Documents and Settings\Ivychai\Desktop\Microsoft PowerPoint.lnk
[09/11/2008 14:15:33 | 00,000,694 | ---- | C] () -- C:\Documents and Settings\Ivychai\Desktop\Shortcut to quicknote.lnk
[09/13/2008 16:24:53 | 00,000,740 | ---- | C] () -- C:\Documents and Settings\Ivychai\Desktop\Shortcut to NJCOM.lnk
[09/16/2008 12:13:36 | 00,423,424 | ---- | C] (OldTimer Tools) -- C:\Program Files\OTViewIt.exe

========== Files - Modified Within 30 days ==========

[11 C:\WINDOWS\System32\drivers\*.tmp files]
[10 C:\WINDOWS\System32\*.tmp files]
[2 C:\WINDOWS\*.tmp files]
[08/18/2008 12:29:04 | 00,000,739 | ---- | M] () -- C:\Documents and Settings\Ivychai\Desktop\Explorer.lnk
[08/19/2008 09:35:39 | 00,004,906 | -H-- | M] () -- C:\ffastun.ffa
[08/19/2008 09:35:39 | 00,131,072 | -H-- | M] () -- C:\ffastun.ffo
[08/19/2008 09:35:39 | 00,229,376 | -H-- | M] () -- C:\ffastun.ffl
[08/19/2008 09:35:39 | 00,876,544 | -H-- | M] () -- C:\ffastun0.ffx
[08/19/2008 09:37:13 | 01,576,546 | -H-- | M] () -- C:\Documents and Settings\Ivychai\Local Settings\Application Data\IconCache.db
[08/25/2008 16:59:48 | 00,000,655 | ---- | M] () -- C:\Documents and Settings\Ivychai\Desktop\Shortcut to projccs.lnk
[08/25/2008 17:05:48 | 00,000,710 | ---- | M] () -- C:\Documents and Settings\Ivychai\Desktop\Shortcut to msnmsgr.lnk
[08/25/2008 17:12:35 | 00,000,654 | ---- | M] () -- C:\Documents and Settings\Ivychai\Desktop\Microsoft Excel.lnk
[08/25/2008 17:12:39 | 00,000,666 | ---- | M] () -- C:\Documents and Settings\Ivychai\Desktop\Microsoft Word.lnk
[08/25/2008 17:13:05 | 00,000,712 | ---- | M] () -- C:\Documents and Settings\Ivychai\Desktop\Shortcut to msimn.lnk
[08/26/2008 15:31:17 | 00,000,700 | ---- | M] () -- C:\Documents and Settings\Ivychai\Desktop\Glary Registry Repair.lnk
[08/26/2008 17:10:39 | 00,074,703 | ---- | M] () -- C:\WINDOWS\System32\mfc45.dll
[08/26/2008 17:16:13 | 00,000,406 | ---- | M] () -- C:\WINDOWS\System32\ioloBootDefrag.cfg
[08/28/2008 10:45:40 | 00,000,734 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[08/28/2008 10:45:49 | 00,003,334 | ---- | M] () -- C:\WINDOWS\System32\tmp.reg
[08/28/2008 18:26:16 | 00,000,032 | ---- | M] () -- C:\WINDOWS\System32\ldsk.sys
[08/29/2008 11:23:10 | 00,250,048 | RHS- | M] () -- C:\ntldr
[08/29/2008 15:14:38 | 00,131,688 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[08/29/2008 15:20:55 | 00,000,045 | -HS- | M] () -- C:\Documents and Settings\Ivychai\Desktop\Desktop.ini
[08/29/2008 15:49:56 | 00,000,084 | -HS- | M] () -- C:\Documents and Settings\Ivychai\Start Menu\Programs\Startup\desktop.ini
[08/29/2008 20:43:54 | 00,000,011 | ---- | M] () -- C:\AuResult.ini
[08/29/2008 21:53:20 | 00,000,078 | -HS- | M] () -- C:\Documents and Settings\Ivychai\My Documents\desktop.ini
[09/01/2008 09:42:39 | 00,000,783 | ---- | M] () -- C:\Documents and Settings\Ivychai\Desktop\Shortcut to Windows Classic.lnk
[09/01/2008 10:17:22 | 00,032,184 | ---- | M] () -- C:\Documents and Settings\Ivychai\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[09/01/2008 10:20:31 | 00,001,736 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Windows Live Messenger.lnk
[09/01/2008 12:10:20 | 00,000,638 | ---- | M] () -- C:\Documents and Settings\Ivychai\Desktop\Shortcut to cleanmgr.lnk
[09/01/2008 12:19:30 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[09/01/2008 12:19:30 | 00,000,251 | -HS- | M] () -- C:\boot.ini
[09/01/2008 12:43:19 | 00,000,745 | ---- | M] () -- C:\Documents and Settings\Ivychai\Desktop\Shortcut to dwdesk.lnk
[09/01/2008 16:25:25 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Ivychai\Desktop\HijackThis.lnk
[09/02/2008 10:07:25 | 00,000,364 | ---- | M] () -- C:\Documents and Settings\Ivychai\Desktop\Shortcut to FINANCE.lnk
[09/02/2008 10:07:33 | 00,000,408 | ---- | M] () -- C:\Documents and Settings\Ivychai\Desktop\Shortcut to IVY.lnk
[09/03/2008 12:19:21 | 00,052,968 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[09/03/2008 12:19:21 | 00,380,680 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[09/03/2008 12:19:21 | 00,438,892 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[09/10/2008 10:00:25 | 00,000,755 | ---- | M] () -- C:\Documents and Settings\Ivychai\Desktop\Microsoft PowerPoint.lnk
[09/10/2008 10:01:09 | 00,006,144 | ---- | M] () -- C:\WINDOWS\ArtGalry.cag
[09/10/2008 10:05:50 | 00,008,192 | ---- | M] () -- C:\WINDOWS\Ivychai.pcb
[09/11/2008 09:22:35 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[09/11/2008 14:15:33 | 00,000,694 | ---- | M] () -- C:\Documents and Settings\Ivychai\Desktop\Shortcut to quicknote.lnk
[09/13/2008 16:24:53 | 00,000,740 | ---- | M] () -- C:\Documents and Settings\Ivychai\Desktop\Shortcut to NJCOM.lnk
[09/13/2008 16:24:59 | 00,000,382 | ---- | M] () -- C:\WINDOWS\NJCOM.INI
[09/15/2008 09:23:12 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[09/16/2008 09:18:13 | 10,637,68064 | -HS- | M] () -- C:\hiberfil.sys
[09/16/2008 09:18:18 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[09/16/2008 09:18:22 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[09/16/2008 09:22:13 | 00,001,039 | ---- | M] () -- C:\WINDOWS\win.ini
[09/16/2008 09:26:05 | 00,009,426 | ---- | M] () -- C:\WINDOWS\CEMSTAFF.VUE
[09/16/2008 09:26:06 | 36,643,840 | ---- | M] () -- C:\WINDOWS\outlook.pst
[09/16/2008 10:00:10 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[09/16/2008 10:12:03 | 00,000,576 | ---- | M] () -- C:\Documents and Settings\Ivychai\My Documents\My Sharing Folders.lnk
[09/16/2008 12:06:00 | 00,000,256 | ---- | M] () -- C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
[09/16/2008 12:12:53 | 00,007,475 | ---- | M] () -- C:\WINDOWS\Ivychai8.xlb

< End of report >

Extras.Tex
OTViewIt Extras logfile created on: 9/16/2008 12:14:04 PM - Run 1
OTViewIt by OldTimer - Version 1.0.4.0 Folder = C:\Program Files
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.42 Mb Total Physical Memory | 546.44 Mb Available Physical Memory | 53.87% Memory free
1.63 Gb Paging File | 1.30 Gb Available in Paging File | 79.55% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 66.51 Gb Total Space | 50.73 Gb Free Space | 76.28% Space Free | Partition Type: NTFS
Drive D: | 8.01 Gb Total Space | 1.96 Gb Free Space | 24.49% Space Free | Partition Type: NTFS
Drive E: | 1.39 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 9.77 Gb Total Space | 8.89 Gb Free Space | 91.03% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded
Drive J: | 35.46 Gb Total Space | 2.54 Gb Free Space | 7.17% Space Free | Partition Type: NTFS


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[04/14/2008 08:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[04/14/2008 02:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[01/19/2007 12:54:56 | 05,674,352 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1
[01/04/2007 16:10:02 | 00,297,752 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[04/14/2008 08:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[04/25/2006 02:42:06 | 00,888,832 | ---- | M] () -- C:\WINDOWS\SMINST\Scheduler.exe:*:Enabled:Scheduler
[07/13/2005 10:37:16 | 00,118,784 | ---- | M] (Fuji Xerox Co., Ltd.) -- C:\WINDOWS\system32\fxsslm12.exe:*:Enabled:Salutation Daemon
[04/14/2008 02:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[04/14/2008 08:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
[01/04/2007 14:32:26 | 01,068,032 | ---- | M] (PPStream.com) -- C:\Program Files\PPStream\PPStream.exe:*:Enabled:PPStream
[11/01/2004 11:50:00 | 00,106,496 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\pcAnywhere\awhost32.exe:*:Enabled:pcAnywhere Host
File not found -- C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client
[02/09/2007 16:00:48 | 25,388,584 | ---- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype
File not found -- C:\WINDOWS\LMI7E.tmp\lmi_rescue.exe:*:Enabled:LogMeIn Rescue
[01/19/2007 12:54:56 | 05,674,352 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1
[01/04/2007 16:10:02 | 00,297,752 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]
msdaipp: [HKLM - No CLSID value]
[01/12/2007 12:50:48 | 01,828,440 | R--- | M] (Skype Technologies) C:\Program Files\Common Files\Skype\Skype4COM.dll (skype4com:{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} (HKLM) [IEProtocolHandler Class])

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}" = Security Update for CAPICOM (KB931906)
"{115E8183-866A-11D3-97DF-0000F8D8F2E9}" = Symantec pcAnywhere
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{32A9EFD3-D72C-4E01-9C3B-301774ED7201}" = Fuji Xerox CentreWare EasyOperator
"{341201D4-4F61-4ADB-987E-9CCE4D83A58D}" = Windows Live Toolbar Extension (Windows Live Toolbar)
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35E1A8C8-6646-4101-B0AA-42D1EB2AB3AE}" = Windows Live Outlook Toolbar (Windows Live Toolbar)
"{3D5E5C0A-5B36-4F98-99A7-287F7DBDCE03}" = Skype Plugin Manager
"{3F9F7336-6DF8-476F-ABF6-C70A17FAF619}" = HP Backup and Recovery Manager
"{49672EC2-171B-47B4-8CE7-50D7806360D7}" = Windows Live Sign-in Assistant
"{53B2CFE9-A508-4457-B2CA-5D253536BFB7}" = OneCare Advisor (Windows Live Toolbar)
"{571700F0-DB9D-4B3A-B03D-35A14BB5939F}" = Windows Live Messenger
"{5A633ED0-E5D7-4D65-AB8D-53ED43510284}" = Symantec AntiVirus
"{66A7A386-6F35-41A7-A731-101F0C0153C8}" = Popup Blocker (Windows Live Toolbar)
"{68108E66-D13A-4EE8-A6F4-40E4B90C2A26}" = Windows Live Toolbar Feed Detector (Windows Live Toolbar)
"{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}" = Windows Live Favorites for Windows Live Toolbar
"{7CB84B74-5069-444C-BB22-06B7893E4236}" = Fuji Xerox Network Scanner Utility2
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support
"{A9722D7B-E3C9-474F-BEDF-F984E93ED97F}" = CCS Enterprise Client
"{AC76BA86-7AD7-1033-7B44-A70900000002}" = Adobe Reader 7.0.9
"{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}" = REALTEK GbE & FE Ethernet PCI NIC Driver
"{C04E32E0-0416-434D-AFB9-6969D703A9EF}" = MSXML 4.0 SP2 (KB936181)
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D5A145FC-D00C-4F1A-9119-EB4D9D659750}" = Windows Live Toolbar
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer
"{F084395C-40FB-4DB3-981C-B51E74E1E83D}" = Smart Menus (Windows Live Toolbar)
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Able2Extract v5.0" = Able2Extract v5.0
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"DocuWorksDeinstKey" = Fuji Xerox DocuWorks V4.0.2 [ENG]
"doPDF 5 printer_is1" = doPDF 5.3 printer
"Glary Registry Repair_is1" = Glary Registry Repair 2.9
"Google Desktop" = Google Desktop
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"JC&MB Quicknote_is1" = Quicknote 5.4
"KB888111WXPSP2" = High Definition Audio Driver Package - KB888111
"KB892130" = Windows Genuine Advantage Validation Tool (KB892130)
"KB911564" = Security Update for Windows Media Player (KB911564)
"KB917734_WMP9" = Security Update for Windows Media Player 9 (KB917734)
"KB928090-IE7" = Security Update for Windows Internet Explorer 7 (KB928090)
"KB929399" = Hotfix for Windows Media Format 11 SDK (KB929399)
"KB929969" = Security Update for Windows Internet Explorer 7 (KB929969)
"KB931768-IE7" = Security Update for Windows Internet Explorer 7 (KB931768)
"KB933566-IE7" = Security Update for Windows Internet Explorer 7 (KB933566)
"KB936782_WMP11" = Security Update for Windows Media Player 11 (KB936782)
"KB937143-IE7" = Security Update for Windows Internet Explorer 7 (KB937143)
"KB938127-IE7" = Security Update for Windows Internet Explorer 7 (KB938127)
"KB939653-IE7" = Security Update for Windows Internet Explorer 7 (KB939653)
"KB939683" = Hotfix for Windows Media Player 11 (KB939683)
"KB942615-IE7" = Security Update for Windows Internet Explorer 7 (KB942615)
"KB944533-IE7" = Security Update for Windows Internet Explorer 7 (KB944533)
"KB947864-IE7" = Hotfix for Windows Internet Explorer 7 (KB947864)
"KB950759-IE7" = Security Update for Windows Internet Explorer 7 (KB950759)
"KB953838-IE7" = Security Update for Windows Internet Explorer 7 (KB953838)
"KB954154_WM11" = Security Update for Windows Media Player 11 (KB954154)
"LiveReg" = LiveReg (Symantec Corporation)
"M928366" = Microsoft .NET Framework 1.1 Hotfix (KB928366)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NJStar Communicator" = NJStar Communicator
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Office8.0" = Microsoft Office 97, Professional Edition
"PDF Complete" = PDF Complete
"PPStream_is1" = PPStream
"Skype_is1" = Skype 3.0
"UFileDownloadD" = Versal FileDownload ActiveX Control Trial Version
"Windows Live Toolbar" = Windows Live Toolbar
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinZip Self-Extractor" = WinZip Self-Extractor
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/26/2008 3:11:33 AM | Computer Name = AD02 | Source = Symantec AntiVirus | ID = 16711685
Description = Threat Found!Threat: Infostealer in File: C:\Documents and Settings\All
Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\APTemp\APQ295.tmp
by: Auto-Protect scan. Action: Clean failed : Quarantine failed : Delete succeeded
: Access denied. Action Description: The file was deleted successfully.

Error - 8/26/2008 3:11:33 AM | Computer Name = AD02 | Source = Symantec AntiVirus | ID = 16711685
Description = Threat Found!Threat: Infostealer in File: C:\Documents and Settings\All
Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\APTemp\APQ296.tmp
by: Auto-Protect scan. Action: Clean failed : Quarantine failed : Delete succeeded
: Access denied. Action Description: The file was deleted successfully.

Error - 8/26/2008 3:11:33 AM | Computer Name = AD02 | Source = Symantec AntiVirus | ID = 16711685
Description = Threat Found!Threat: Infostealer in File: C:\Documents and Settings\All
Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\APTemp\APQ297.tmp
by: Auto-Protect scan. Action: Clean failed : Quarantine failed : Delete succeeded
: Access denied. Action Description: The file was deleted successfully.

Error - 8/26/2008 3:11:33 AM | Computer Name = AD02 | Source = Symantec AntiVirus | ID = 16711685
Description = Threat Found!Threat: Infostealer in File: C:\Documents and Settings\All
Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\APTemp\APQ298.tmp
by: Auto-Protect scan. Action: Clean failed : Quarantine failed : Delete succeeded
: Access denied. Action Description: The file was deleted successfully.

Error - 8/26/2008 3:11:34 AM | Computer Name = AD02 | Source = Symantec AntiVirus | ID = 16711685
Description = Threat Found!Threat: Infostealer in File: C:\Documents and Settings\All
Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\APTemp\APQ299.tmp
by: Auto-Protect scan. Action: Clean failed : Quarantine failed : Delete succeeded
: Access denied. Action Description: The file was deleted successfully.

Error - 8/26/2008 3:11:34 AM | Computer Name = AD02 | Source = Symantec AntiVirus | ID = 16711685
Description = Threat Found!Threat: Infostealer in File: C:\Documents and Settings\All
Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\APTemp\APQ29A.tmp
by: Auto-Protect scan. Action: Clean failed : Quarantine failed : Delete succeeded
: Access denied. Action Description: The file was deleted successfully.

Error - 8/26/2008 3:11:35 AM | Computer Name = AD02 | Source = Symantec AntiVirus | ID = 16711685
Description = Threat Found!Threat: Infostealer in File: C:\Documents and Settings\All
Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\APTemp\APQ29B.tmp
by: Auto-Protect scan. Action: Clean failed : Quarantine failed : Delete succeeded
: Access denied. Action Description: The file was deleted successfully.

Error - 8/26/2008 3:11:35 AM | Computer Name = AD02 | Source = Symantec AntiVirus | ID = 16711685
Description = Threat Found!Threat: Infostealer in File: C:\Documents and Settings\All
Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\APTemp\APQ29C.tmp
by: Auto-Protect scan. Action: Clean failed : Quarantine failed : Delete succeeded
: Access denied. Action Description: The file was deleted successfully.

Error - 9/7/2008 9:49:23 PM | Computer Name = AD02 | Source = Application Hang | ID = 1002
Description = Hanging application projccs.exe, version 0.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 9/12/2008 1:56:21 AM | Computer Name = AD02 | Source = Application Error | ID = 1000
Description = Faulting application winword.exe, version 8.0.0.4412, faulting module
winword.exe, version 8.0.0.4412, fault address 0x000804a6.

[ System Events ]
Error - 9/11/2008 1:09:26 AM | Computer Name = AD02 | Source = DCOM | ID = 10010
Description = The server {601AC3DC-786A-4EB0-BF40-EE3521E70BFB} did not register
with DCOM within the required timeout.

Error - 9/11/2008 3:17:50 AM | Computer Name = AD02 | Source = DCOM | ID = 10010
Description = The server {601AC3DC-786A-4EB0-BF40-EE3521E70BFB} did not register
with DCOM within the required timeout.

Error - 9/11/2008 3:18:29 AM | Computer Name = AD02 | Source = DCOM | ID = 10010
Description = The server {601AC3DC-786A-4EB0-BF40-EE3521E70BFB} did not register
with DCOM within the required timeout.

Error - 9/11/2008 3:19:04 AM | Computer Name = AD02 | Source = DCOM | ID = 10010
Description = The server {601AC3DC-786A-4EB0-BF40-EE3521E70BFB} did not register
with DCOM within the required timeout.

Error - 9/11/2008 6:47:09 AM | Computer Name = AD02 | Source = DCOM | ID = 10010
Description = The server {601AC3DC-786A-4EB0-BF40-EE3521E70BFB} did not register
with DCOM within the required timeout.

Error - 9/12/2008 4:51:47 AM | Computer Name = AD02 | Source = DCOM | ID = 10010
Description = The server {601AC3DC-786A-4EB0-BF40-EE3521E70BFB} did not register
with DCOM within the required timeout.

Error - 9/12/2008 5:05:04 AM | Computer Name = AD02 | Source = DCOM | ID = 10010
Description = The server {601AC3DC-786A-4EB0-BF40-EE3521E70BFB} did not register
with DCOM within the required timeout.

Error - 9/12/2008 5:25:41 AM | Computer Name = AD02 | Source = DCOM | ID = 10010
Description = The server {601AC3DC-786A-4EB0-BF40-EE3521E70BFB} did not register
with DCOM within the required timeout.

Error - 9/12/2008 6:17:43 AM | Computer Name = AD02 | Source = DCOM | ID = 10010
Description = The server {601AC3DC-786A-4EB0-BF40-EE3521E70BFB} did not register
with DCOM within the required timeout.

Error - 9/15/2008 5:55:33 AM | Computer Name = AD02 | Source = DCOM | ID = 10010
Description = The server {601AC3DC-786A-4EB0-BF40-EE3521E70BFB} did not register
with DCOM within the required timeout.


< End of report >
ivychai
Active Member
 
Posts: 6
Joined: September 1st, 2008, 5:08 am

Re: Please HELP HELP!!! Trojon-Desktop

Unread postby Shaba » September 16th, 2008, 8:47 am

Please make sure that all programs are closed when installing Java.

  1. Click here to visit Java's website.
  2. Scroll down to Java Runtime Environment (JRE) 6 Update 7. Click on Download.
  3. Select Windows from the drop-down list for Platform.
  4. Select Multi-language from the drop-down list for Language.
  5. Check (tick) I agree to the Java SE Runtime Environment 6 License Agreement box and click on Continue.
  6. Click on jre-6u7-windows-i586-p.exe link to download it and save this to a convenient location.
  7. Double click on jre-6u7-windows-i586-p.exe to install Java.
  8. After the Java installation has finished, please go to Kaspersky website and perform an online antivirus scan.
  9. Read through the requirements and privacy statement and click on Accept button.
  10. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  11. When the downloads have finished, click on Settings.
  12. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
  13. Click on My Computer under Scan.
  14. Once the scan is complete, it will display the results. Click on View Scan Report.
  15. You will see a list of infected items there. Click on Save Report As....
  16. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  17. Please post this log in your next reply along with a fresh HijackThis log.

If you need a tutorial, see here
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: Please HELP HELP!!! Trojon-Desktop

Unread postby Shaba » September 21st, 2008, 5:21 am

Due to Lack of Response this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 37 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware