After reinstalling Windows XP, rebooted - AVAST 4.8 antivirus performed
a system scan which ran all night, where it stopped at 70% completed to
announce finding:
Win32:Rootkitgen
TrojanGen
Monder Al
I moved those to the virus chest and continued on (no other virus
scanner found these)
Loaded on my system is: Zonealarm, Spyware Terminator, XoftSpySE and
yesterday Adaware 8.0 home edition.
Also interesting to note, when the virus kicks in, my keyboard
letters/numbers get 'sticky' they won't print. Worry now, if my system
info ie sites/login/passwords are being captured. I'm not logging into
my bank, for this reason.
Logs sent by email:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:22:44 AM, on 26/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\dcfssvc.exe
C:\PROGRA~1\TELUSE~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Microsoft SQL Server\MSSQL$ACT7\Binn\sqlservr.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\Plaxo\2.1.0.80\InstallStub.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Hewlett-Packard\AiO\hp officejet g
series\Bin\hpoavn07.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
C:\Program Files\Spyware Terminator\SpywareTerminator.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows
Live\WLLoginProxy.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\PROGRA~1\MI1933~1\Office10\OUTLOOK.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.telus.net/set_region.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://red.clientapps.yahoo.com/customi ... /*http://w
ww.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://www.telus.net/set_region.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper -
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat
7.0\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: (no name) - {0F3FACB7-2681-4131-9E38-8169242B6B2D} -
C:\WINDOWS\system32\cbXNETKb.dll (file missing)
O2 - BHO: (no name) - {3F912E47-FCD1-46CB-AA91-AA9BDA4FEF01} -
C:\WINDOWS\system32\wvUljIxw.dll
O2 - BHO: (no name) - {56115928-FDE3-419A-9E0A-0371CCCE012A} - (no file)
O2 - BHO: (no name) - {7D3C7FA8-2270-4E6E-8758-87F33B8B3721} -
C:\WINDOWS\system32\xxyxWMFv.dll
O2 - BHO: (no name) - {8EE19CA6-B6AF-4765-AFEA-639CBBEF2768} - (no file)
O2 - BHO: Windows Live Sign-in Helper -
{9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common
Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: {d3c394f3-7799-d8eb-f454-d1f74fb0909b} -
{b9090bf4-7f1d-454f-be8d-99773f493c3d} -
C:\WINDOWS\system32\rbolsdby.dll
O2 - BHO: Act.UI.InternetExplorer.Plugins.AttachFile.CAttachFile -
{D5233FCD-D258-4903-89B8-FB1568E7413D} - mscoree.dll (file missing)
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Motive SmartBridge]
C:\PROGRA~1\TELUSE~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [APL] "C:\Program Files\ACT\ACT for Win 7\APL.exe"
O4 - HKLM\..\Run: [ISUSPM Startup]
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common
Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone
Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware
Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [BM470d0d1a] Rundll32.exe
"C:\WINDOWS\system32\mtqvhjys.dll",s
O4 - HKLM\..\Run: [443e3e86] rundll32.exe
"C:\WINDOWS\system32\nnnojgvr.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PlaxoUpdate]
C:\WINDOWS\Plaxo\2.1.0.80\InstallStub.exe -a
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program
Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE
(User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE
(User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE
(User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE
(User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program
Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HPAiODevice(hp officejet g series) - 1.lnk =
C:\Program Files\Hewlett-Packard\AiO\hp officejet g
series\Bin\hpoavn07.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions
present
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} -
C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer -
{219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows
Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Attach Web page to ACT! contact -
{6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll (file missing)
O9 - Extra 'Tools' menuitem: Attach Web page to ACT! contact... -
{6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} -
C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -
{e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network
Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger -
{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program
Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger -
{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program
Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus
scanner) -
http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) -
C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4D054067-DE3A-48F9-B19B-BCD229B9AE8D} (PrinterHelpEtcActiveX
Control) -
http://dev.imagingworld.co.kr/printerhe ... rinter.cab
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} (DeviceEnum Class) -
http://h30155.www3.hp.com/ediags/dd/ins ... csxp2k.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI
Utility Class) -
http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) -
http://cdn2.zone.msn.com/binFramework/v ... b34246.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash
Object) -
http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 -
HKLM\System\CCS\Services\Tcpip\..\{0F7A11C3-E76A-4E31-8BC2-D85744CF4B8F}
: NameServer = 75.154.132.68,75.154.132.100
O17 -
HKLM\System\CS2\Services\Tcpip\..\{0F7A11C3-E76A-4E31-8BC2-D85744CF4B8F}
: NameServer = 75.154.132.68,75.154.132.100
O17 -
HKLM\System\CS3\Services\Tcpip\..\{0F7A11C3-E76A-4E31-8BC2-D85744CF4B8F}
: NameServer = 75.154.132.68,75.154.132.100
O20 - AppInit_DLLs: dshasrgq.dll
O20 - Winlogon Notify: xxyxWMFv - C:\WINDOWS\SYSTEM32\xxyxWMFv.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft -
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software
- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program
Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program
Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program
Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Dcfssvc - Eastman Kodak Company -
C:\WINDOWS\system32\drivers\dcfssvc.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) -
Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC -
C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe
--
End of file - 9759 bytes
************************************************************************
****************
Logfile of Spyware Terminator v2.2.1.433 (db:2.006.023.000)
Scan Time: 26/06/2008 10:30:55 AM length: 4017 s
Platform: WXP (5.1.0.2600)
User: Admin
Boot Mode: Normal
Scan type: Full_Spyware_Scan
Scanned Objects: 175250 (Critical:1)
Filter: No System items, No Safe items, No Invalid items
Running Processes
aawservice.exe [Lavasoft] : C:\Program
Files\Lavasoft\Ad-Aware\aawservice.exe
aswUpdSv.exe [ALWIL Software] : C:\Program Files\Alwil
Software\Avast4\aswUpdSv.exe
ashServ.exe [ALWIL Software] : C:\Program Files\Alwil
Software\Avast4\ashServ.exe
dcfssvc.exe [Eastman Kodak Company] :
C:\WINDOWS\system32\drivers\dcfssvc.exe
MotiveSB.exe [TELUS] : C:\Program Files\TELUS
eCare\SmartBridge\MotiveSB.exe
sqlservr.exe [Microsoft Corporation] : C:\Program Files\Microsoft SQL
Server\MSSQL$ACT7\Binn\sqlservr.exe
InstallStub.exe [Plaxo] : C:\WINDOWS\Plaxo\2.1.0.80\InstallStub.exe
em_exec.exe [Logitech Inc.] : C:\Program
Files\Logitech\MouseWare\system\em_exec.exe
hpoavn07.exe [Hewlett-Packard Co.] : C:\Program
Files\Hewlett-Packard\AiO\hp officejet g series\Bin\hpoavn07.exe
ymsgr_tray.exe [Yahoo! Inc.] : C:\Program
Files\Yahoo!\Messenger\ymsgr_tray.exe
hpoevm07.exe [Hewlett-Packard Co.] : C:\Program
Files\Hewlett-Packard\AiO\Shared\Bin\hpoevm07.exe
hpOSTS07.exe [Hewlett-Packard Co.] : C:\Program
Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
vsmon.exe [Zone Labs, LLC] : C:\WINDOWS\system32\ZONELABS\vsmon.exe
Internet Settings
R - HKCU\Software\Microsoft\Internet Explorer\Main, Search Bar =
http://home.microsoft.com/search/lobby/search.asp
R - HKLM\Software\Microsoft\Internet Explorer\Main, Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157
R - HKLM\Software\Microsoft\Internet Explorer\Search, SearchAssistant =
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
R - HKLM\Software\Microsoft\Internet Explorer\Search, CustomizeSearch =
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
R - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,
ProxyOverride = 127.0.0.1;localhost
R - HKLM\System\CurrentControlSet\Services\Tcpip\Parameters, Domain =
R - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Telephony, DomainName
=
BHO
02 - BHO: - {3F912E47-FCD1-46CB-AA91-AA9BDA4FEF01} - :
C:\WINDOWS\system32\wvUljIxw.dll
02 - BHO: - {7D3C7FA8-2270-4E6E-8758-87F33B8B3721} - :
C:\WINDOWS\system32\xxyxWMFv.dll
02 - BHO: Messenger Class - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} -
[Yahoo! Inc.] : C:\Program Files\YAHOO!\MESSENGER\YAHOOMESSENGER.EXE
StartUps
04 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, PlaxoUpdate :
[Plaxo] : C:\WINDOWS\Plaxo\2.1.0.80\InstallStub.exe
04 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Yahoo! Pager :
[Yahoo! Inc.] : C:\Program Files\YAHOO!\MESSENGER\YAHOOMESSENGER.EXE
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Motive
SmartBridge : [TELUS] : C:\Program Files\TELUS
eCare\SmartBridge\MotiveSB.exe
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, APL : [Best
Software] : C:\Program Files\ACT\ACT FOR WIN 7\APL.EXE
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, 443e3e86 : :
C:\WINDOWS\system32\galhbfmf.dll
04 - HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows,
AppInit_DLLs : : C:\WINDOWS\system32\dshasrgq.dll
04 - HKLM\System\CurrentControlSet\Control\Session Manager, BootExecute
: : C:\WINDOWS\system32\lsdelete.exe
04 - Startup: %STARTUPALL%\HPAiODevice(hp officejet g series) - 1.lnk
[Hewlett-Packard Co.] : C:\Program Files\Hewlett-Packard\AiO\hp
officejet g series\Bin\hpoavn07.exe
Shell Extensions
KodakShellExtension - {acb4a560-3606-11d3-aef4-00104bd0f92d} - [Eastman
Kodak Company] : C:\Program Files\Common
Files\Kodak\IFScore\shellext.dll
YMailShellExt Class - {5464D816-CF16-4784-B9F3-75C0DB52B499} - [Yahoo!
Inc.] : C:\Program Files\Yahoo!\Common\ymmapi.dll
My Sharing Folders - {FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D} -
[Microsoft Corporation] : C:\Program Files\Windows
Live\Messenger\fsshext.8.5.1302.1018.dll
CLSID_WLMCMimeFilter - {0563DB41-F538-4B37-A92D-4659049B7766} -
[Microsoft Corporation] : C:\Program Files\Windows
Live\Mail\mailcomm.dll
- {06A2568A-CED6-4187-BB20-400B8C02BE5A} - [Microsoft Corporation] :
C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe
Windows Live Photo Gallery Import Autoplay Shim -
{00F33137-EE26-412F-8D71-F84E4C2C6625} - [Microsoft Corporation] :
C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
Windows Live Photo Gallery Viewer Shim -
{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} - [Microsoft Corporation] :
C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
Windows Live Photo Gallery Editor Shim -
{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} - [Microsoft Corporation] :
C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
Windows Live Photo Gallery Viewer Autoplay Shim -
{00F30F90-3E96-453B-AFCD-D71989ECC2C7} - [Microsoft Corporation] :
C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
ZLAVShExt Class - {D9872D13-7651-4471-9EEE-F0A00218BEBB} - [Zone Labs,
LLC] : C:\Program Files\Zone Labs\ZoneAlarm\zlavscan.dll
avast - {472083B0-C522-11CF-8763-00608CC02F24} - [ALWIL Software] :
C:\Program Files\Alwil Software\Avast4\ashShell.dll
WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} - : C:\Program
Files\WinRar\rarext.dll
Outlook File Icon Extension - {0006F045-0000-0000-C000-000000000046} -
[Microsoft Corporation] : C:\Program Files\Microsoft
Office\Office10\OLKFSTUB.DLL
Shell Extecute Hooks
- {{7D3C7FA8-2270-4E6E-8758-87F33B8B3721}} - :
C:\WINDOWS\system32\xxyxWMFv.dll
Protocol Handler
- {828030A1-22C1-4009-854F-8E305202313F} - [Microsoft Corporation] :
C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
- {828030A1-22C1-4009-854F-8E305202313F} - [Microsoft Corporation] :
C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
Windows Live Mail HTML Asynchronous Pluggable Protocol Handler -
{03C514A3-1EFB-4856-9F99-10D7BE1653C0} - [Microsoft Corporation] :
C:\Program Files\Windows Live\Mail\mailcomm.dll
Services
23 - [Lavasoft] : C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
23 - [ALWIL Software] : C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys
23 - [ALWIL Software] : C:\Program Files\Alwil
Software\Avast4\aswUpdSv.exe
23 - [ALWIL Software] : C:\Program Files\Alwil
Software\Avast4\ashServ.exe
23 - [Macrovision Europe Ltd] : C:\WINDOWS\system32\drivers\CdaD10BA.SYS
23 - [Eastman Kodak Company] : C:\WINDOWS\system32\DRIVERS\DcCam.sys
23 - [Eastman Kodak Company] : C:\WINDOWS\system32\drivers\dcfs2k.sys
23 - [Eastman Kodak Company] : C:\WINDOWS\system32\drivers\dcfssvc.exe
23 - [DeviceGuys, Inc.] : C:\WINDOWS\system32\Drivers\DgiVecp.sys
23 - [Kaspersky Lab] : C:\WINDOWS\system32\DRIVERS\klif.sys
23 - [Logitech, Inc.] : C:\WINDOWS\system32\DRIVERS\L8042pr2.Sys
23 - [Logitech, Inc.] : C:\WINDOWS\system32\DRIVERS\LMouFlt2.Sys
23 - [Agere Systems] : C:\WINDOWS\system32\DRIVERS\ltmdmnt.sys
23 - [Zone Labs, LLC] : C:\WINDOWS\system32\ZoneLabs\srescan.sys
23 - [VIA Technologies, Inc.] : C:\WINDOWS\system32\drivers\ac97via.sys
23 - [Zone Labs, LLC] : C:\WINDOWS\system32\vsdatant.sys
Winlogon Notify
HKLM\Software\Microsoft\Windows
NT\CurrentVersion\Winlogon\Notify\xxyxWMFv, DLLName : :
C:\WINDOWS\system32\xxyxWMFv.dll
Advanced Files Report
%PROGRAMFILES%\Lavasoft\Ad-Aware\aawservice.exe [Lavasoft] [Ad-Aware
Service] MD5=17067069B9A7865028C1F2E6971D0CCC SIZE=611664
%PROGRAMFILES%\Lavasoft\Ad-Aware\CEAPI.dll [Lavasoft] [CEAPI Dynamic
Link Library] MD5=4E0BC5EA2FAF42E7702F80BC69EF7EAB SIZE=804200
%PROGRAMFILES%\Lavasoft\Ad-Aware\PKArchive85u.dll [PKWARE, Inc.] [PKWARE
Archive API] MD5=46374252AFA0A37F4F7AF528F6F16B96 SIZE=907096
%PROGRAMFILES%\Alwil Software\Avast4\aswUpdSv.exe [ALWIL Software]
[avast! Antivirus] MD5=67AF5593EF8359B56DAD6F289D22494B SIZE=17272
%PROGRAMFILES%\Alwil Software\Avast4\aswCmnS.dll [ALWIL Software]
[avast! Antivirus] MD5=C20B26B1C1F9C7FF330DE50C71EA742E SIZE=192512
%PROGRAMFILES%\Alwil Software\Avast4\aswCmnOS.dll [ALWIL Software]
[avast! Antivirus] MD5=2A69D0A072A6305EBCB8FEDC31714A31 SIZE=86016
%PROGRAMFILES%\Alwil Software\Avast4\aswCmnB.dll [ALWIL Software]
[avast! Antivirus] MD5=3AA810D3408D860B9104752DF989680D SIZE=126976
%PROGRAMFILES%\Alwil Software\Avast4\ashServ.exe [ALWIL Software]
[avast! Antivirus] MD5=373BF09D372A82EA637CA9A6BC8CC8E9 SIZE=144760
%PROGRAMFILES%\Alwil Software\Avast4\aswAux.dll [ALWIL Software] [avast!
Antivirus] MD5=8E7D4DBF7B9EDEE8F77D3E7EC4C25C5F SIZE=659456
%PROGRAMFILES%\Alwil Software\Avast4\aswEngin.dll [ALWIL Software]
[avast! Antivirus] MD5=908BB9E14DB751AD895DC799AF2A5B19 SIZE=1228800
%PROGRAMFILES%\Alwil Software\Avast4\aswScan.dll [ALWIL Software]
[avast! Antivirus] MD5=1169CB343AD88073C910742BD1F7AB64 SIZE=81920
%PROGRAMFILES%\Alwil Software\Avast4\ashBase.dll [ALWIL Software]
[avast! Antivirus] MD5=6158A105DA36E4500EF002C0EEF6FC91 SIZE=225280
%PROGRAMFILES%\Alwil Software\Avast4\ashTask.dll [ALWIL Software]
[avast! Antivirus] MD5=FDF0F972ADAB3033E711323CF5CAA532 SIZE=114688
%PROGRAMFILES%\Alwil Software\Avast4\aswInteg.dll [ALWIL Software]
[avast! Antivirus] MD5=252EA98886C919A69AC7976A06CCE9C1 SIZE=22528
%PROGRAMFILES%\Alwil Software\Avast4\aswIdle.dll [ALWIL Software]
[avast! Antivirus] MD5=60497A074507B849E8ACCD63B3D74078 SIZE=10104
%PROGRAMFILES%\Alwil Software\Avast4\Aavm4h.dll [ALWIL Software] [avast!
Antivirus] MD5=EDECD8F14672A0CE1F482ABBB7062436 SIZE=221184
%PROGRAMFILES%\Alwil Software\Avast4\English\Base.dll [ALWIL Software]
[avast! Antivirus] MD5=D516859892DBB852176DF4789DE3BE4D SIZE=61440
%PROGRAMFILES%\Alwil Software\Avast4\AhResMai.dll [ALWIL Software]
[avast! Antivirus] MD5=F6DAA8972A1FE33788FA804858DAA780 SIZE=35840
%PROGRAMFILES%\Alwil Software\Avast4\ahResMes.dll [ALWIL Software]
[avast! Antivirus] MD5=A0984F76E322C2479704A9210BC36C2E SIZE=32768
%PROGRAMFILES%\Alwil Software\Avast4\AhResNS.dll [ALWIL Software]
[avast! Antivirus] MD5=505AEDC172FDFE815E3C5F5BFD27BDA7 SIZE=31744
%PROGRAMFILES%\Alwil Software\Avast4\AhResOut.dll [ALWIL Software]
[avast! Antivirus] MD5=4FD8EA106BA68A2FDC45B63612CF30FB SIZE=29696
%PROGRAMFILES%\Alwil Software\Avast4\ahResP2P.dll [ALWIL Software]
[avast! Antivirus] MD5=E921D6B3735606410FFD16CDA9E9F1AB SIZE=33280
%PROGRAMFILES%\Alwil Software\Avast4\AhResStd.dll [ALWIL Software]
[avast! Antivirus] MD5=2A150EA90C5BF491D7BA6E1B0298D53A SIZE=43008
%PROGRAMFILES%\Alwil Software\Avast4\AhResWS.dll [ALWIL Software]
[avast! Antivirus] MD5=19F4BF7E5A180CF305B6CF719FA24D61 SIZE=53248
%PROGRAMFILES%\Alwil Software\Avast4\ashSSqlt.dll [ALWIL Software]
[avast! Antivirus] MD5=FF54497E52DA613CD6EA6907239E9FA6 SIZE=233472
%PROGRAMFILES%\Alwil Software\Avast4\aswRes.dll [ALWIL Software] [avast!
Antivirus] MD5=8195C63148D31A2AEFE75E167874C6AD SIZE=147456
%COMMONFILES%\Logitech\Scrolling\LgMsgHk.dll [Logitech Inc.]
[Productivity Software Common Files]
MD5=F7FEB9FC47D2E000A4EEBDC4F0502A7B SIZE=24064
%PROGRAMFILES%\Logitech\MouseWare\System\LgWndHk.dll [Logitech Inc.]
[MouseWare] MD5=649955CFFEB01DA4F9E58BF09DBBFCA6 SIZE=6144
%PROGRAMFILES%\TELUS eCare\SmartBridge\SBHook.dll [Motive, Inc.] [TELUS
eCare] MD5=5184703A046287971A152BDA5E31CA43 SIZE=122880
%SYSDIR%\SUGW2LMK.DLL [Samsung Electronics.] [Language Monitor for
Status Monitor] MD5=2D0F4B5C0B3A74E531AB78008AAECEA3 SIZE=20622
%SYSDIR%\drivers\dcfssvc.exe [Eastman Kodak Company] [Kodak DC File
System Driver (Win32)] MD5=DD9CC789CC96358AE2033C0874EF7B36 SIZE=188987
%PROGRAMFILES%\TELUS eCare\SmartBridge\httpclient52.dll [Motive
Communications, Inc.] [Motive System]
MD5=CAF0AC94386BD20475C681A6C373764F SIZE=159744
%PROGRAMFILES%\TELUS eCare\SmartBridge\clientutil52.dll [Motive
Communications, Inc.] [Motive System]
MD5=D41BC0E2029A1D4C6D4CEB45040B5838 SIZE=282624
%PROGRAMFILES%\TELUS eCare\SmartBridge\SBRes.dll [TELUS] [TELUS eCare
SmartBridge Resources] MD5=52A2AE15F84DA445E0875BFA7E7127E4 SIZE=69632
%PROGRAMFILES%\TELUS eCare\SmartBridge\alertfilter.dll [Motive
Communications, Inc.] [Motive System]
MD5=50B4125D015686D0E2C74920787AF897 SIZE=225280
%PROGRAMFILES%\TELUS eCare\SmartBridge\libcurl.dll
MD5=D881589211360A2B06C1E11BA8E74A76 SIZE=327746
%PROGRAMFILES%\Microsoft SQL Server\MSSQL$ACT7\Binn\sqlservr.exe
[Microsoft Corporation] [Microsoft SQL Server]
MD5=1251256FEFC2B00A7BD603578241F0AD SIZE=7544916
%PROGRAMFILES%\Alwil Software\Avast4\English\Lang.dll [ALWIL Software]
[avast! Antivirus] MD5=DC8E8B57F8D5403E630B657952BD7E8F SIZE=2527232
%PROGRAMFILES%\Alwil Software\Avast4\AavmRpch.dll [ALWIL Software]
[avast! Antivirus] MD5=AD1251EA8E6A1609BA7D43079E1456E4 SIZE=20480
%PROGRAMFILES%\alwil software\avast4\ahruimai.dll [ALWIL Software]
[avast! Antivirus] MD5=8A07846EB1591AA0112D1D2AB3A711E2 SIZE=65536
%PROGRAMFILES%\Alwil Software\Avast4\ashUInt.dll [ALWIL Software]
[avast! Antivirus] MD5=3F205B1F9F7D26DFA88DD848937EA152 SIZE=315392
%PROGRAMFILES%\Alwil Software\Avast4\XT1922.dll [Codejock Software]
[XTToolkit Dynamic Link Library] MD5=92ACEE03566D4B37788084D4C497E2D8
SIZE=917504
%PROGRAMFILES%\alwil software\avast4\ahruimes.dll [ALWIL Software]
[avast! Antivirus] MD5=5F29F319033A36E3AE63544EC6C1AE63 SIZE=36864
%PROGRAMFILES%\alwil software\avast4\ahruins.dll [ALWIL Software]
[avast! Antivirus] MD5=240C25A4B13639DC6814ACF2424E2030 SIZE=36864
%PROGRAMFILES%\alwil software\avast4\ahruiout.dll [ALWIL Software]
[avast! Antivirus] MD5=591592FBF8FF82F3CED3BABA4160D325 SIZE=90112
%PROGRAMFILES%\alwil software\avast4\ahruip2p.dll [ALWIL Software]
[avast! Antivirus] MD5=77B906C716C3F5FCEE9FE225A56C7BEE SIZE=22528
%PROGRAMFILES%\alwil software\avast4\ahruistd.dll [ALWIL Software]
[avast! Antivirus] MD5=722323EDD1D3FA05067DCA8A1B5C0625 SIZE=57344
%PROGRAMFILES%\alwil software\avast4\ahruiws.dll [ALWIL Software]
[avast! Antivirus] MD5=0EA99DF481E69CF1F2669FCFB7A76C01 SIZE=49152
%PROGRAMFILES%\Logitech\MouseWare\system\em_exec.exe [Logitech Inc.]
[MouseWare] MD5=7AA42B6EE677EE292C1E74055D409750 SIZE=38912
%PROGRAMFILES%\Logitech\MouseWare\system\EVENTEX.dll [Logitech Inc.]
[MouseWare] MD5=C8D6ACE87E20BA1005AF9B439D310147 SIZE=237568
%SYSDIR%\COMNCTR.dll [Logitech Inc.] [MouseWare]
MD5=DE131CF624772AD61EBD3EA2D971CFED SIZE=104960
%PROGRAMFILES%\Logitech\MouseWare\system\ccresrce.dll [Logitech Inc.]
[MouseWare] MD5=F6433B3B32F2EF5263ADBABE152E8633 SIZE=78848
%PROGRAMFILES%\Logitech\MouseWare\system\GlbResLt.dll [Logitech Inc.]
[MouseWare] MD5=3A47808D1F89F8C8EA30E204FD8D0BEE SIZE=13312
%PROGRAMFILES%\Logitech\MouseWare\System\devices.dll [Logitech Inc.]
[MouseWare] MD5=1142BC054D0DC4183F90D24A7909EF72 SIZE=136192
%PROGRAMFILES%\Logitech\MouseWare\system\ccstmglb.dll [Logitech Inc.]
[MouseWare] MD5=736221B3EBC2E32DA3EE34BBC56A69C3 SIZE=21504
%PROGRAMFILES%\Logitech\MouseWare\system\ccustom.dll [Logitech Inc.]
[MouseWare] MD5=AFDD32943DAAE0B6F633FB31C142B170 SIZE=16384
%PROGRAMFILES%\Logitech\MouseWare\system\ccmsghk.dll [Logitech Inc.]
[MouseWare] MD5=37D28FC5E8BB9C0C00CC91CF9447C96F SIZE=42496
%PROGRAMFILES%\Hewlett-Packard\AiO\hp officejet g
series\Bin\hpoavn07.exe [Hewlett-Packard Co.] [hp officejet g series]
MD5=0C284F768815000381E76898624C2E68 SIZE=151552
%PROGRAMFILES%\Hewlett-Packard\AiO\Shared\Bin\hpodvm07.dll
[Hewlett-Packard Co.] [hp officejet g series]
MD5=A82D00DF93686BED9A9310870E03E4E1 SIZE=225280
%PROGRAMFILES%\Hewlett-Packard\AiO\Shared\Bin\hpores07.dll
[Hewlett-Packard Co.] [hp officejet g series]
MD5=693145219C974762DACDD6D6A8CF387B SIZE=8253440
%PROGRAMFILES%\Hewlett-Packard\AiO\Shared\Bin\hpocob07.dll
[Hewlett-Packard Co.] [hp officejet g series]
MD5=49D87435C0ABDD1AAC14D176959E7823 SIZE=73728
%PROGRAMFILES%\Hewlett-Packard\AiO\Shared\Bin\hpodvi07.dll
[Hewlett-Packard Co.] [hp officejet g series]
MD5=E215090C1C6CCEC8DBC1250AE6AE0969 SIZE=331776
%PROGRAMFILES%\Hewlett-Packard\AiO\Shared\Bin\hpodvb07.dll
[Hewlett-Packard] [DevBase Module] MD5=B923B96C35776C9FFFBD157E77D66E46
SIZE=204800
%PROGRAMFILES%\Hewlett-Packard\AiO\Shared\Bin\hposcn07.dll
[Hewlett-Packard Co.] [hp officejet g series]
MD5=FE859B63F0C5E93BFE456D27CA20FF79 SIZE=122880
%PROGRAMFILES%\Hewlett-Packard\AiO\Shared\Bin\ltkrn12n.dll [LEAD
Technologies, Inc.] [LEADTOOLS(r) DLL for Win32]
MD5=782B8AE034A8CF8F51FA89E986EBBFC0 SIZE=406016
%PROGRAMFILES%\Hewlett-Packard\AiO\Shared\Bin\ltfil12n.DLL [LEAD
Technologies, Inc.] [LEADTOOLS(r) DLL for Win32]
MD5=3FA4DCF0B390468C1BD58488C6B47BE3 SIZE=121344
%PROGRAMFILES%\Hewlett-Packard\AiO\Shared\Bin\hpodio07.dll
[Hewlett-Packard Co.] [hp officejet g series]
MD5=87DE98634397611925D0A709A71216C1 SIZE=450560
%PROGRAMFILES%\Hewlett-Packard\AiO\Shared\bin\hpOSCL07.dll
[Hewlett-Packard Co.] [hp officejet g series]
MD5=B09603EC5FA7990F1DBB454969F4D51C SIZE=307266
%PROGRAMFILES%\Hewlett-Packard\AiO\Shared\bin\hpoip07.dll
[Hewlett-Packard Co.] [hp officejet g series]
MD5=AB9C28DB49ECA5F6F15E75B170659ECA SIZE=258048
%SYSDIR%\hpOIDR07.dll [HP] [HP Dot4Rtl]
MD5=7E08D77F08569C3ECB0F1862A42B0BC8 SIZE=73728
%PROGRAMFILES%\Hewlett-Packard\AiO\Shared\Bin\hpopxs07.dll
MD5=A312ACF4C86959F0541713F0305FDACC SIZE=28672
%SYSDIR%\hpOIPR07.dll [HP] [HP PmlRtl]
MD5=58AC7CB94E5B316A3EF6D4C7FA7D000C SIZE=53248
%PROGRAMFILES%\Yahoo!\Messenger\ymsgr_tray.exe [Yahoo! Inc.] [Yahoo!
Messenger] MD5=DADAC0AE0B9648F18A8E0D5679D878E1 SIZE=103928
%PROGRAMFILES%\Yahoo!\Messenger\res_msgr.dll [Yahoo! Inc.] [Yahoo!
Messenger] MD5=9778C39BE7610327BA309BD7F5A475E4 SIZE=1437696
%PROGRAMFILES%\Alwil Software\Avast4\English\langmai.dll [ALWIL
Software] [avast! Antivirus] MD5=D1BEDB9868691C8621D38796BA26B796
SIZE=57344
%PROGRAMFILES%\Hewlett-Packard\AiO\Shared\Bin\hpoevm07.exe
[Hewlett-Packard Co.] [hp officejet g series]
MD5=786A9556B35CA88E867213E135BB5DEF SIZE=299008
%PROGRAMFILES%\Alwil Software\Avast4\ashWsFtr.dll [ALWIL Software]
[avast! Antivirus] MD5=7FE7B6D4E2AB7C16EFF213384C20A147 SIZE=61440
%PROGRAMFILES%\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
[Hewlett-Packard Co.] [hp officejet g series]
MD5=C596C2F76134513F5429215F06EC72D7 SIZE=294912
%SYSDIR%\hpotap07.dll [Hewlett-Packard Co.] [hp officejet g series]
MD5=8B1473833E5CBEB31C3FC5EE30F2713D SIZE=40960
%SYSDIR%\ZONELABS\vsmon.exe [Zone Labs, LLC] [TrueVector Service]
MD5=3003168A5E42D80F0ADD5C319BC78A7C SIZE=75304
%SYSDIR%\nytaapuw.dll
%PROGRAMFILES%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
%SYSDIR%\cbXNETKb.dll
deskpan.dll
%COMMONFILES%\Kodak\IFScore\shellext.dll [Eastman Kodak Company]
[SHELLEXT Dynamic Link Library] MD5=6DE871C589D01548B19B2CA442011EBA
SIZE=360501
%PROGRAMFILES%\Yahoo!\Common\ymmapi.dll [Yahoo! Inc.] [YMMAPI Module]
MD5=A0C86DB296BBE76145377D56C5975175 SIZE=190496
%PROGRAMFILES%\Windows Live\Messenger\fsshext.8.5.1302.1018.dll
[Microsoft Corporation] [Messenger] MD5=8BDE1F61DFBAAE7A2916170E8B75FE0F
SIZE=329240
%PROGRAMFILES%\Windows Live\Mail\mailcomm.dll [Microsoft Corporation]
[Messenger] MD5=6A69BEDDD514F21B8A216B85EAF330B5 SIZE=858136
%PROGRAMFILES%\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe
[Microsoft Corporation] [Windows Live Photo Gallery]
MD5=86C67242AC4ADA2C20D0748157E3ED8C SIZE=227456
%PROGRAMFILES%\Windows Live\Photo Gallery\PhotoViewerShim.dll [Microsoft
Corporation] [Windows Live Photo Gallery]
MD5=024F4D95154039B2292F4B856A52AB7D SIZE=46112
%SYSDIR%\rundll32.exe "C:\Program Files\Windows Live\Photo
Gallery\WLXPhotoViewer.dll",PhotoViewerComServer
{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C}
%SYSDIR%\rundll32.exe "C:\Program Files\Windows Live\Photo
Gallery\WLXPhotoViewer.dll",PhotoViewerComServer
{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C}
%SYSDIR%\rundll32.exe "C:\Program Files\Windows Live\Photo
Gallery\WLXPhotoViewer.dll",PhotoViewerComServer
{00F374B7-B390-4884-B372-2FC349F2172B}
%PROGRAMFILES%\Zone Labs\ZoneAlarm\zlavscan.dll [Zone Labs, LLC]
[zlavscan shell extension] MD5=386E2CFD312BE97B1AEC91C92CC95A1E
SIZE=50664
%PROGRAMFILES%\Alwil Software\Avast4\ashShell.dll [ALWIL Software]
[avast! Antivirus] MD5=ABD1D845FC1EA9BDACBFBB284AD3E974 SIZE=75128
%PROGRAMFILES%\WinRar\rarext.dll MD5=CBAA3D8FBD81C22834BE55FB7461CEC6
SIZE=121344
%PROGRAMFILES%\Microsoft Office\Office10\OLKFSTUB.DLL [Microsoft
Corporation] [Microsoft Outlook] MD5=3756445FEBC6CBC90AFC22E5E38F7294
SIZE=54688
%SYSDIR%\DRIVERS\aswFsBlk.sys [ALWIL Software] [avast! Antivirus System]
MD5=922C09ED986C31D6D4445DC937465103 SIZE=20560
%SYSDIR%\svchost.exe -k netsvcs
%SYSDIR%\drivers\CdaD10BA.SYS [Macrovision Europe Ltd] [Security Windows
NT] MD5=841CEFAB8228EE691705D059E7F21C47 SIZE=12464
%SYSDIR%\DRIVERS\DcCam.sys [Eastman Kodak Company] [Kodak Digital Camera
Driver] MD5=844A9B14E2799A2ADEC1F392E7407D72 SIZE=34938
%SYSDIR%\drivers\dcfs2k.sys [Eastman Kodak Company] [Kodak DC File
System Driver (NT)] MD5=7CEF1CD1DC5C24208F196C36EB48A411 SIZE=36885
%SYSDIR%\svchost -k DcomLaunch
%SYSDIR%\Drivers\DgiVecp.sys [DeviceGuys, Inc.] [DeviceGuys, Inc. Team
MFP for Windows NT, 9x, and 3.1] MD5=D514B430E2989F846137828C90370C16
SIZE=41984
%SYSDIR%\svchost.exe -k NetworkService
%SYSDIR%\svchost.exe -k HTTPFilter
%SYSDIR%\DRIVERS\klif.sys [Kaspersky Lab] [Kaspersky Anti-Virus]
MD5=2CF7C3DD0102A32A680EF97F3B1C861A SIZE=127768
%SYSDIR%\DRIVERS\L8042pr2.Sys [Logitech, Inc.] [Logitech MouseWare(TM)]
MD5=42DEC1FBCFA291720460705A8881A1C4 SIZE=51582
%SYSDIR%\svchost.exe -k LocalService
%SYSDIR%\DRIVERS\LMouFlt2.Sys [Logitech, Inc.] [Logitech MouseWare(TM)]
MD5=26407519FCA64EC4091FE1F815B4AFC4 SIZE=70894
%SYSDIR%\DRIVERS\ltmdmnt.sys [Agere Systems] [Agere V.92 Data+Fax Modem
Version 8.31] MD5=3070246FBA35AA2E0C2251D55F5848F8 SIZE=652689
%PROGRAMFILES%\Microsoft SQL Server\MSSQL$ACT7\Binn\sqlservr.exe -sACT7
%SYSDIR%\svchost -k rpcss
%SYSDIR%\ZoneLabs\srescan.sys [Zone Labs, LLC] [srescanner]
MD5=BDA0ECC7CBA1D3B9FD7FF2881BF9B463 SIZE=51176
%SYSDIR%\svchost.exe -k imgsvc
%SYSDIR%\drivers\ac97via.sys [VIA Technologies, Inc.] [VIA Audio WDM
Driver] MD5=819BF44085104BE6527B86A88ACF856B SIZE=84480
%SYSDIR%\vsdatant.sys [Zone Labs, LLC] [TrueVector Device Driver]
MD5=490EC3935775D740DB74C79EBBD1CBD9 SIZE=394952
%SYSDIR%\ZONELABS\vsmon.exe -service
%PROGRAMFILES%\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
[Microsoft Corporation] [Messenger] MD5=56319E6B4D190A2DEB4463A9CE4D4F74
SIZE=66072
End of Report
Remove Process:
Preparing structures
Creating System Restore Point
Remove Invalid Startup Items
Deleted Registry : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
BM470d0d1a
Closing System Restore Point
Done