Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Hijacklog - PC infected & non recoverable

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Hijacklog - PC infected & non recoverable

Unread postby mountainbikerboarder » January 28th, 2009, 3:36 am

As requested I am starting this problem again - cannot fix/clean PC.

Logfile of HijackThis v1.99.1
Scan saved at 07:29:21, on 28/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\2454B0AB\16.0.0.125\InstStub.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
c:\progra~1\common~1\instal~1\update~1\isuspm.exe
c:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MediaFace Integration] C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [NIS] "C:\Program Files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\2454B0AB\16.0.0.125\InstStub.exe" /RELAUNCH /RUNONCE /MEDIA "E:\SETUP.EXE"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O20 - AppInit_DLLs: karna.dat
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton Internet Security - Unknown owner - C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe" /s "Norton Internet Security" /m "C:\Program Files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll" /prefetch:1 (file missing)

thanks.
mountainbikerboarder
Regular Member
 
Posts: 36
Joined: December 14th, 2005, 1:47 pm
Location: London
Advertisement
Register to Remove

Re: Hijacklog - PC infected & non recoverable

Unread postby askey127 » February 1st, 2009, 4:47 pm

Hi mountainbikerboarder,
Sorry for the delay in answering your request.
We have had more logs than we could handle in a timely manner.
If you still need help and are not receiving it elsewhere, please proceed as follows:
-----------------------------------------------------------
Disable SpywareGuard
- Right Click the running icon of Spywareguard to open the program.
- Then go to Menu, File, Exit.
- Confirm the program is closed.
(Reverse this process after your malware removal is complete).
- Reboot your machine for the changes to take effect before running HJT.
-----------------------------------------------------------
Remove Programs Using Control Panel(XP)
From Start, Settings, Control Panel or Start, Control Panel, click Add/Remove Programs.
Highlight each Entry, as follows, one by one, if it exists, and choose Remove :
ewido anti-spyware 4.0
Take extra care in answering questions posed by any Uninstaller. Some questions may be worded to deceive you into Keeping the program.
-----------------------------------------------------------
Remove log items with HighjackThis. Start HijackThis.
Click Do System Scan Only. When the Scan is complete, Check the following entry:
O20 - AppInit_DLLs: karna.dat
Make sure Every other window except HJT is closed (No other tabs showing in the bottom tray), and Click Fix Checked
Click the "X" in the upper right corner of the HiJackThis window to close it.
-----------------------------------------------------------
REBOOT Your Machine
-----------------------------------------------
Run the RSIT Scanner
Please download the Scanner http://images.malwareremoval.com/random/RSIT.exe and save it to your desktop. The icon will be named RSIT.exe
Doubleclick the RSIT icon.
When the scan is complete, two text files will open
log.txt <- this one will be maximized
info.txt <- this one will be minimized
( Default location for both files is C:\rsit\ )
Copy/Paste the contents of both log.txt and info.txt into your next post please. Use two posts if you prefer.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Hijacklog - PC infected & non recoverable

Unread postby mountainbikerboarder » February 7th, 2009, 5:27 am

Hi,
I followed your instructions but got an error message (in a pop up window) when I ran the Fix Selected Item so it may not have worked but here are the 2 files:
INFO:
info.txt logfile of random's system information tool 1.05 2009-02-07 09:18:31

======Uninstall list======

-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Photoshop 7.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop 7.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 7.0\Uninst.dll"
Adobe Reader 7.0.9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
Agere Systems PCI Soft Modem-->agrsmdel
ArcSoft Camera Suite 1.3-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AD13BFB0-FDD2-4AFA-A8AF-9F4A950D56B7}\setup.exe" -l0x9
ATI Control Panel-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
CA Yahoo! Anti-Spy (remove only)-->"C:\Program Files\CA Yahoo! Anti-Spy\uninstall.exe"
Canon Camera Support Core Library-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{26BDE7D8-93F0-4A07-AD47-1707DB417941} /l1033
Canon Camera Window for ZoomBrowser EX-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{B34BE30D-A759-4EC2-B58F-19FE2DEBF651}
Canon Internet Library for ZoomBrowser EX-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{2F81FBFC-9A37-431F-9050-14B55485DF5A}
Canon MovieEdit Task for ZoomBrowser EX-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{DE286975-ACF1-45B8-9EF7-34E162B2C817}
Canon PhotoRecord-->MsiExec.exe /X{0878E100-C0BB-41E8-B4C6-C486B61FDA7B}
Canon RAW Image Task for ZoomBrowser EX-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{68E7E8BD-2233-49BE-81D6-1A1FAF1B5196}
Canon RemoteCapture Task for ZoomBrowser EX-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{CF2C1A86-5A98-4862-A3AE-9992E3A6427D}
Canon Utilities PhotoStitch 3.1-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{EF4C7EB0-D71B-43A3-9552-8053DE4B0401}
Canon Utilities ZoomBrowser EX-->MsiExec.exe /X{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}
Combat Mission-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BD1DC860-2B0A-11D4-BD2E-00500480A380}\Setup.exe"
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
Easy Internet Sign-up-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{8105684D-8CA6-440D-8F58-7E5FD67A499D} /l1033
Enhanced Multimedia Keyboard Solution-->C:\HP\KBD\Install.exe /u
Gary Grigsby's World at War A World Divided-->"C:\WINDOWS\Gary Grigsby's World at War A World Divided\uninstall.exe" "/U:C:\Matrix Games\Gary Grigsby's World at War A World Divided\Uninstall\uninstall.xml"
Gary Grigsby's World At War-->"C:\WINDOWS\Gary Grigsby's World At War\uninstall.exe" "/U:C:\Matrix Games\Gary Grigsby's World At War\Uninstall\uninstall.xml"
General 4.5b-->C:\PROGRA~1\General\UNWISE.EXE C:\PROGRA~1\General\INSTALL.LOG
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 1.99.1-->C:\Program Files\HijackThis\HijackThis.exe /uninstall
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HP Update-->MsiExec.exe /X{FE57DE70-95DE-4B64-9266-84DA811053DB}
InterVideo WinDVD Player-->"C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
iTunes-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{523E6F2A-2D59-4D91-90E8-6C49931C9F50}
J2SE Runtime Environment 5.0 Update 10-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
J2SE Runtime Environment 5.0 Update 8-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150080}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Kaspersky Online Scanner-->C:\WINDOWS\system32\KASPER~1\KASPER~1\kavuninstall.exe
Macromedia Flash Player 8-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\swflash.inf,DefaultUninstall,5
MediaFACE 4.01 Image Library-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{82AF77BC-423D-42DA-BE5B-FFCA04752181} /l1033
MediaFACE 4.01-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{41979C2F-34B8-4F92-8111-B13C5864682D} /l1033
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office XP Media Content-->MsiExec.exe /I{90300409-6000-11D3-8CFE-0050048383C9}
Microsoft Office XP Professional with FrontPage-->MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft PhotoDraw 2000 V2-->MsiExec.exe /I{3C5EA394-1033-11D2-A2CB-00C04F72F31D}
Microsoft Project 2000-->MsiExec.exe /I{2DFE1608-BDCA-11D1-B7AE-00C04FB92F3D}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works-->MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
OpenOffice.org Installer 1.0-->MsiExec.exe /X{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}
Panda ActiveScan-->C:\WINDOWS\system32\ASUninst.exe Panda ActiveScan
PC-Doctor 5 for Windows-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{AB61A692-5543-4C48-979B-8CEA1C52FE9C} /l1033
Picasa 2-->"C:\Program Files\Picasa2\Uninstall.exe"
PS2-->C:\WINDOWS\system32\ps2.exe uninstall
Python 2.2 pywin32 extensions (build 203)-->"C:\Python22\Removepywin32.exe" -u "C:\Python22\pywin32-wininst.log"
Python 2.2.3-->C:\Python22\UNWISE.EXE C:\Python22\INSTALL.LOG
QuickTime-->C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Rome - Total War-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E97F7E8-ABDE-4E0D-B0AD-B6B4BAD89E24}\setup.exe" -l0x9 -removeonly
Rome Total War - patch 1.3-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A5D65411-8E73-4C85-AD80-9FE8B7391CF9}\Setup.exe" -l0x9
SAGEM F@st 800-840-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4AE3A0CB-87B0-4F51-BECD-3D1F8DFDD62F}\setup.exe" -l0x9
Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB929969)-->"C:\WINDOWS\ie7updates\KB929969\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Shogun - Total War - Warlord Edition-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Total War\Shogun - Total War - Warlord Edition\Uninst.isu"
Sonic Express Labeler-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Sonic MyDVD Plus-->MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
Sonic RecordNow Audio-->MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Sonic RecordNow Copy-->MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Sonic RecordNow Data-->MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Sonic Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
SpeedTouch USB Software-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D41FAAA9-8048-4906-86B2-9AADEA1FA0B7}\Setup.exe" /l0009 -Control_Panel
SpywareBlaster 4.1-->"C:\Program Files\SpywareBlaster\unins000.exe"
SpywareGuard v2.2-->"C:\Program Files\SpywareGuard\unins000.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB953356)-->"C:\WINDOWS\$NtUninstallKB953356$\spuninst\spuninst.exe"
Windows Genuine Advantage v1.3.0254.0-->MsiExec.exe /I{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
Yahoo! Install Manager-->C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Search Protection-->C:\PROGRA~1\Yahoo!\SEARCH~1\UNINST~1.EXE
Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE

=====HijackThis Backups=====

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE

======Hosts File======

127.0.0.1 localhost
127.0.0.1 localhost
127.0.0.1 http://www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 http://www.008k.com
127.0.0.1 008k.com
127.0.0.1 http://www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com

======Security center information======

AV: Norton Internet Security
FW: Norton Internet Security

System event log

Computer Name: JEREMYHALL
Event Code: 7036
Message: The IMAPI CD-Burning COM Service service entered the stopped state.

Record Number: 53084
Source Name: Service Control Manager
Time Written: 20081015150507.000000+060
Event Type: information
User:

Computer Name: JEREMYHALL
Event Code: 7036
Message: The SSDP Discovery Service service entered the running state.

Record Number: 53083
Source Name: Service Control Manager
Time Written: 20081015150506.000000+060
Event Type: information
User:

Computer Name: JEREMYHALL
Event Code: 7035
Message: The SSDP Discovery Service service was successfully sent a start control.

Record Number: 53082
Source Name: Service Control Manager
Time Written: 20081015150505.000000+060
Event Type: information
User: NT AUTHORITY\SYSTEM

Computer Name: JEREMYHALL
Event Code: 7036
Message: The IMAPI CD-Burning COM Service service entered the running state.

Record Number: 53081
Source Name: Service Control Manager
Time Written: 20081015150501.000000+060
Event Type: information
User:

Computer Name: JEREMYHALL
Event Code: 7035
Message: The IMAPI CD-Burning COM Service service was successfully sent a start control.

Record Number: 53080
Source Name: Service Control Manager
Time Written: 20081015150501.000000+060
Event Type: information
User: NT AUTHORITY\SYSTEM

Application event log

Computer Name: JEREMYHALL
Event Code: 1001
Message: Detection of product '{B1B869EB-BDDD-44EE-8858-3753741CDC37}', feature 'DefaultFeature' failed during request for component '{D2D7B4BF-6CCA-11D5-8B3F-00105A9846E9}'

Record Number: 10754
Source Name: MsiInstaller
Time Written: 20080227152842.000000+000
Event Type: warning
User: NT AUTHORITY\NETWORK SERVICE

Computer Name: JEREMYHALL
Event Code: 1004
Message: Detection of product '{B1B869EB-BDDD-44EE-8858-3753741CDC37}', feature 'DefaultFeature', component '{5CC2D105-DDDD-4EC4-8B74-750194E57B99}' failed. The resource 'HKEY_CURRENT_USER\Software\InstallShield\UpdateService\' does not exist.

Record Number: 10753
Source Name: MsiInstaller
Time Written: 20080227152842.000000+000
Event Type: warning
User: NT AUTHORITY\NETWORK SERVICE

Computer Name: JEREMYHALL
Event Code: 1001
Message: Detection of product '{B1B869EB-BDDD-44EE-8858-3753741CDC37}', feature 'DefaultFeature' failed during request for component '{D2D7B4BF-6CCA-11D5-8B3F-00105A9846E9}'

Record Number: 10752
Source Name: MsiInstaller
Time Written: 20080227152828.000000+000
Event Type: warning
User: JEREMYHALL\Compaq_Owner

Computer Name: JEREMYHALL
Event Code: 1004
Message: Detection of product '{B1B869EB-BDDD-44EE-8858-3753741CDC37}', feature 'DefaultFeature', component '{5CC2D105-DDDD-4EC4-8B74-750194E57B99}' failed. The resource 'HKEY_CURRENT_USER\Software\InstallShield\UpdateService\' does not exist.

Record Number: 10751
Source Name: MsiInstaller
Time Written: 20080227152828.000000+000
Event Type: warning
User: JEREMYHALL\Compaq_Owner

Computer Name: JEREMYHALL
Event Code: 1001
Message: Detection of product '{B1B869EB-BDDD-44EE-8858-3753741CDC37}', feature 'DefaultFeature' failed during request for component '{D2D7B4BF-6CCA-11D5-8B3F-00105A9846E9}'

Record Number: 10750
Source Name: MsiInstaller
Time Written: 20080227152828.000000+000
Event Type: warning
User: JEREMYHALL\Compaq_Owner

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;c:\Python22;C:\Program Files\ATI Technologies\ATI Control Panel;
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 47 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=2f02
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"SonicCentral"=c:\Program Files\Common Files\Sonic Shared\Sonic Central\

-----------------EOF-----------------

LOG:
Logfile of random's system information tool 1.05 (written by random/random)
Run by Compaq_Owner at 2009-02-07 09:18:23
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 116 GB (79%) free of 145 GB
Total RAM: 446 MB (28% free)

HijackThis download failed

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2008-07-28 882416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
SingleInstance Class - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll [2008-07-28 160496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2008-07-28 882416]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2007-01-19 2403392]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"=c:\windows\system\hpsysdrv.exe [1998-05-07 52736]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2005-06-08 344064]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot []
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2005-05-05 278528]
"Recguard"=C:\WINDOWS\SMINST\RECGUARD.EXE [2004-04-14 233472]
"PCDrProfiler"= []
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2005-01-02 98304]
"MediaFace Integration"=C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe [2004-07-01 53248]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"KBD"=C:\HP\KBD\KBD.EXE [2005-02-02 61440]
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2004-08-09 221184]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2004-08-09 81920]
"SpeedTouch USB Diagnostics"=C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe [2007-06-11 901120]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
"HP Software Update"=C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
"YSearchProtection"=C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe [2008-07-11 223984]
"NIS"=C:\Program Files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\2454B0AB\16.0.0.125\InstStub.exe /RELAUNCH /RUNONCE /MEDIA E:\SETUP.EXE []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-11-12 68856]
"YSearchProtection"=C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe [2008-07-11 223984]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe

C:\Documents and Settings\Compaq_Owner\Start Menu\Programs\Startup
SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2005-06-08 46080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{81559C35-8464-49F7-BB0E-07A383BEF910}"=C:\Program Files\SpywareGuard\spywareguard.dll [2003-08-02 126976]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Guard]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0
"NoDispAppearancePage"=0
"NoColorChoice"=0
"NoSizeChoice"=0
"NoDispScrSavPage"=0
"NoDispCPL"=0
"NoVisualStyleChoice"=0
"NoDispSettingsPage"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableTaskMgr"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoActiveDesktop"=0
"NoThemesTab"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\AOL 9.0\waol.exe"="C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL"
"C:\Program Files\Grisoft\AVG Free\avginet.exe"="C:\Program Files\Grisoft\AVG Free\avginet.exe:*:Enabled:avginet.exe"
"C:\Program Files\Grisoft\AVG Free\avgcc.exe"="C:\Program Files\Grisoft\AVG Free\avgcc.exe:*:Enabled:avgcc.exe"
"C:\Program Files\Grisoft\AVG Free\avgamsvr.exe"="C:\Program Files\Grisoft\AVG Free\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\WINDOWS\Explorer.EXE"="C:\WINDOWS\Explorer.EXE:*:Enabled:enable"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%ProgramFiles%\iTunes\iTunes.exe"="%ProgramFiles%\iTunes\iTunes.exe:*:enabled:iTunes"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]
shell\AutoRun\command - J:\LaunchU3.exe -a


======List of files/folders created in the last 1 months======

2009-02-07 09:18:24 ----D---- C:\Program Files\trend micro
2009-02-07 09:18:23 ----D---- C:\rsit

======List of files/folders modified in the last 1 months======

2009-02-07 09:18:24 ----AD---- C:\Program Files
2009-02-07 09:11:09 ----A---- C:\WINDOWS\sdfixwcs.dll
2009-02-07 09:11:07 ----D---- C:\WINDOWS\temp
2009-02-07 09:08:33 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-02-07 09:01:17 ----D---- C:\Program Files\HijackThis
2009-02-07 08:54:58 ----SHD---- C:\System Volume Information
2009-02-07 08:54:58 ----D---- C:\Program Files\ewido anti-spyware 4.0
2009-02-07 08:53:26 ----D---- C:\WINDOWS\system32\drivers
2009-02-07 08:53:26 ----D---- C:\Documents and Settings\All Users\Application Data\Norton
2009-01-29 09:45:38 ----D---- C:\WINDOWS\Prefetch
2009-01-28 22:45:45 ----D---- C:\WINDOWS

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 36352]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2005-06-30 1094848]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-04-20 2317696]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-06-08 1235968]
R3 GEARAspiWDM;GEAR CDRom Filter; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2005-03-07 14408]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2002-10-01 9856]
R3 Ps2;PS2; C:\WINDOWS\system32\DRIVERS\PS2.sys [2005-12-12 19072]
R3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys [2005-03-04 74496]
R3 SymIMMP;SymIMMP; C:\WINDOWS\system32\DRIVERS\SymIM.sys [2008-12-11 35888]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
S2 ADILOADER;General Purpose USB Driver (adildr.sys); C:\WINDOWS\System32\Drivers\adildr.sys [2003-07-17 46167]
S3 adiusbaw;USB ADSL WAN Adapter; C:\WINDOWS\system32\DRIVERS\adiusbaw.sys [2003-03-27 127145]
S3 alcan5wn;SpeedTouch USB ADSL PPP Networking Driver (NDISWAN); C:\WINDOWS\system32\DRIVERS\alcan5wn.sys [2003-12-08 53600]
S3 alcaudsl;SpeedTouch ADSL Modem ATM Transport; C:\WINDOWS\system32\DRIVERS\alcaudsl.sys [2003-12-08 70688]
S3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-04 12160]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
S3 SymEvent;SymEvent; \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS []
S3 SymIM;Symantec Network Security Intermediate Filter Service; C:\WINDOWS\system32\DRIVERS\SymIM.sys [2008-12-11 35888]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys []
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-06-08 376832]
R3 iPodService;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2005-05-05 327680]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 267776]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-05-05 138168]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2001-02-23 270336]

-----------------EOF-----------------

Hope to hear back soon. Thanks.
mountainbikerboarder
Regular Member
 
Posts: 36
Joined: December 14th, 2005, 1:47 pm
Location: London

Re: Hijacklog - PC infected & non recoverable

Unread postby askey127 » February 7th, 2009, 1:43 pm

mountainbikerboarder,
------------------------------------------------------
You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

Please download SmitFraudFix.exe by S!Ri from here: http://siri.urz.free.fr/Fix/SmitfraudFix.exe and save it to the desktop.
If your infections will not allow you to access the tool, you will need to download the file to a clean computer, and use a flash drive or CD to copy it over to your desktop on this machine.
----------------------------------------------------
Next, please reboot your computer in Safe Mode by doing the following:
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, a menu with options should appear;
  • Select the first option, to run Windows in Safe Mode, then press "Enter".
  • Choose your usual account.
----------------------------------------------------
Once in Safe Mode, double-click on SmitfraudFix.exe
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.
A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.

The report can also be found at the root of the system drive, usually at C:\rapport.txt
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Hijacklog - PC infected & non recoverable

Unread postby mountainbikerboarder » February 8th, 2009, 5:49 am

Hi,
Thanks for your reply. I copied SmitfraudFix.exe to the desktop and booted in safe mode but when I double clicked on it I got an error message - the standard popup for failed apps 'SmitfraudFix.exe has encountered a problem and needs to close...'
Is there anything else around this ?
Thanks.
mountainbikerboarder
Regular Member
 
Posts: 36
Joined: December 14th, 2005, 1:47 pm
Location: London

Re: Hijacklog - PC infected & non recoverable

Unread postby askey127 » February 8th, 2009, 7:18 am

mountainbikerboarder,
We need to find out which tools we can download and run here.
Let's try this one next:
----------------------------------------------------------------------------------
Run MalwareBytes' Anti-Malware
Please download the Installer and save to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to both Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • If necessary, start Malwarebytes Anti-Malware again.
  • Once the program has loaded, select Perform Quick Scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location, and post the contents in your reply.
  • The log can also be found here if you need it : Start, All Programs, Malwarebytes' Anti-Malware, Logs
    The logs are named by date stamp
-----------------------------------------------------------
Please do this search whether the Malwarebytes tool runs or not.
Please download the Registry Search Tool from here (scroll down-there are also other tools on the page):
http://www.billsway.com/vbspage/
Unzip it to a convenient location such as your Desktop.
Make sure that your Antivirus / OS allows the use of the .vbs scripts. If prompted, make sure to allow the script.
Double click regsearch.vbs
Copy / Paste the following line into the Search Box:

karna.dat

then hit Ok
It may take a while to run.
It will tell you when it's done and offer to have you look at the file.
Say Yes, and when it opens copy/paste the content in your reply.

So, in the best case, we are looking for a Malwarebytes log and the results of the Registry Search.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Hijacklog - PC infected & non recoverable

Unread postby mountainbikerboarder » February 9th, 2009, 7:40 am

Hi,
Thanks for that. When I ran the MalwareBytes' Anti-Malware nothing at all happened - tried a few times but no response. When I ran the Registry Search Tool it failed while running with 'Application Error - Terminate by clicking this box', but then some time later I got a box with 'Search completed in 82 seconds. No instances of karna.dat found.'
Thanks.
mountainbikerboarder
Regular Member
 
Posts: 36
Joined: December 14th, 2005, 1:47 pm
Location: London

Re: Hijacklog - PC infected & non recoverable

Unread postby askey127 » February 9th, 2009, 8:00 am

mountainbikerboarder,
It's likely you have a rootkit type infection. This can be difficult or impossible to remove, depending on exactly what it is.
We will see.
-----------------------------------------------------------
Download ComboFix from here: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
or here:
http://subs.geekstogo.com/ComboFix.exe
and Save to your Desktop. If you can't download it, you will need to do so from a clean machine, copy it to a flash or CD, and drag and drop it to your desktop.
RENAME IT JEREMY.EXE OR SOMETHING.
**Note: In the event you already have Combofix, please delete it from your desktop and download this new version . It is important that it is saved directly to your desktop**
  • Close any open browsers and make sure you are disconnected from the net. Unplug the cable if need be before running combofix.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix(jeremy).
    Usually if you right click the Anti-Virus icon in the system tray, you can choose to disable or exit the program.
  • WARNING: IF you have not already done so Combofix(jeremy) will disconnect your machine from the Internet when it starts
  • Please do not re-connect your machine back to the Internet until Combofix(jeremy) has completely finished.
Double click on combofix.exe(jeremy.exe) & follow the prompts.
When finished, it will produce a report for you.
Please post the contents of that report, located here: "C:\ComboFix.txt", along with a new HijackThis log for further review

Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze. Give it atleast 20-30 minutes to finish if needed.
If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.
askey
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Hijacklog - PC infected & non recoverable

Unread postby mountainbikerboarder » February 9th, 2009, 4:40 pm

Hi,
Got all that done OK (but had to run the ComboFix twice as it locked up:
ComboFix 09-02-08.02 - Compaq_Owner 2009-02-09 20:19:27.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.446.123 [GMT 0:00]
Running from: c:\documents and settings\Compaq_Owner\Desktop\jeremy.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\c_575167.nls
c:\windows\system32\Drivers\TDSSpaxt.sys
c:\windows\system32\TDSScfub.dll
c:\windows\system32\TDSSnrsr.dll
c:\windows\system32\TDSSosvd.dat
c:\windows\system32\TDSSriqp.dll
c:\windows\system32\TDSStkdv.log
.
---- Previous Run -------
.
c:\documents and settings\LocalService\Application Data\twain_32
c:\documents and settings\LocalService\Application Data\twain_32\user.ds
c:\program files\Microsoft Common
c:\program files\Microsoft Common\svchost.exe
c:\windows\IE4 Error Log.txt
c:\windows\msacm32.drv
c:\windows\sdfixwcs.dll
c:\windows\system32\c_575167.nls
c:\windows\system32\TDSSoeqh.dll
c:\windows\system32\twain_32
c:\windows\system32\twain_32\local.ds
c:\windows\system32\twain_32\user.ds
c:\windows\system32\twext.exe
c:\windows\wuasirvy.dll
D:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_TDSSSERV.SYS
-------\Legacy_TDSSSERV.SYS
-------\Service_TDSSserv.sys


((((((((((((((((((((((((( Files Created from 2009-01-09 to 2009-02-09 )))))))))))))))))))))))))))))))
.

2009-02-07 09:18 . 2009-02-07 09:18 <DIR> d-------- C:\rsit
2009-02-07 09:18 . 2009-02-07 09:18 <DIR> d-------- c:\program files\trend micro

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-09 20:11 --------- d-----w c:\program files\SpywareBlaster
2009-02-09 20:11 --------- d-----w c:\program files\Common Files\Symantec Shared
2009-02-09 20:11 --------- d-----w c:\documents and settings\All Users\Application Data\Norton
2009-02-09 19:13 --------- d-----w c:\documents and settings\All Users\Application Data\NortonInstaller
2009-02-07 08:54 --------- d-----w c:\program files\ewido anti-spyware 4.0
2008-12-16 10:20 --------- d-----w c:\documents and settings\Compaq_Owner\Application Data\U3
2008-12-11 19:59 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2008-12-11 19:47 --------- d-----w c:\documents and settings\All Users\Application Data\avg8
2008-12-09 17:28 --------- d-----w c:\program files\CA Yahoo! Anti-Spy
2008-12-09 17:26 --------- d-----w c:\program files\Common Files\Scanner
2008-12-09 17:24 --------- d-----w c:\program files\Yahoo!
2008-12-09 17:24 --------- d-----w c:\documents and settings\Compaq_Owner\Application Data\yahoo!
2008-12-09 17:24 --------- d-----w c:\documents and settings\All Users\Application Data\Yahoo! Companion
2008-12-09 17:24 --------- d-----w c:\documents and settings\All Users\Application Data\yahoo!
2008-09-16 12:22 66,040 ----a-w c:\documents and settings\Compaq_Owner\Application Data\GDIPFONTCACHEV1.DAT
2005-10-20 17:35 22 --sha-w c:\windows\SMINST\HPCD.sys
2008-09-16 10:08 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008091620080917\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-11-12 68856]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-07-11 223984]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-06-08 344064]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2005-05-05 278528]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2004-04-14 233472]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-01-02 98304]
"MediaFace Integration"="c:\program files\Fellowes\MediaFACE 4.0\SetHook.exe" [2004-07-01 53248]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-08-09 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-08-09 81920]
"SpeedTouch USB Diagnostics"="c:\program files\Thomson\SpeedTouch USB\Dragdiag.exe" [2007-06-11 901120]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-07-11 223984]

c:\documents and settings\Guest\Start Menu\Programs\Startup\
SpywareGuard.lnk - c:\program files\SpywareGuard\sgmain.exe [2003-08-29 360448]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-10-19 113664]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]
DSLMON.lnk - c:\program files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2005-10-20 962663]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux2"= c_575167.nls
"wave1"= c_575167.nls
"mixer2"= c_575167.nls
"midi1"= c_575167.nls
"aux1"= c_575167.nls
"wave2"= c_575167.nls
"mixer1"= c_575167.nls
"midi2"= c_575167.nls
"17575198"= 44334439364144322d374531342d343838312d414241362d383539453830324435324639
"17575187"= bc1975f40904848a22b97a7dd73dfc4b4e45739f58ee8437fe8a210633cce32ff6a248417095b19e6910b287e77358262ac4d1225a52013a03948d5da58cb9e981914718a67ec83a5580df76b6588c3b0c4c57a6e7d9ecc96b7843cd021f66ed1cf6095c3f12ce1c4aa809c18617e9ab566e5bf788e0c6c9dfdbd1666b06a405db7d5ec3c1f4899fd0e952c2b6fa3bfc2f197e8b25903861c6f526fd33e7ddeae684bec28879ffdacdd497b38b813ac2881dab08a2cb608cf6a295060dacdf21340e0c685bb4d36e7e4fe22dd17098ab59b6e9658e81bfd367c4a16edf21b55c0eedd7eb42403b857375f52bec4cb31cac3ae65a555c4c1c240a9bdbc47d0bd157508ca259c669be48da68831bf8c52efc227bfa7cb5260a6c26c51af6b3f233d81225393e1153097917cf94ee1b0dd971980797b2bc83bf189479fa674b862e361ab6cd4946d81b328e7e8c1a18e9a5e41c50388cb7fce684bb1aa96b701aedd7ea7a063eca9d5baf234c74d39bf403fcfcb60681d3a93ff3cfece262f82e252828458c3c25d07cf2507f07cf1ab46858828925e3b252af9833ccad0a275ca2
"17575217"= b092cb132d697d8fb619d8dc1b6c471d959d6222d7785275ee3002e5d9c4cb04c51ed64a8590b0d76fa0c5c86f369be1dfe81baf0b5313f984cc8dabe1a499ecce39ab613d06d22c586b3f22ac909149cfa65c7f60d622be9fe56f8d1652848b037c3282b396b3bc6ae36e23f55d5f577d77119c2426b042dcc306a7bba24bf31ebd79ea3c2c6f090d5057313c4ea079430f472756c921bb9c2759f6b3c7551fda05d326c4590ecdeb35935f8ba65a8cd8b64720a15d3ad091368434b67e6f366bd73ed5a17ea69f88f3d16497b42dff6e407f1b5e21ce7e7c0bdcd1a8215a4cc0fcd1a3c394a91abb2bd37f0cd63e9e840cc4ae5bfb5ebb473c8c05c4cb01c15300a42f352a69a3ac5685732da4c6965a10f8417ffcd8deece1c84870413bb6eeab027e8da37be7ae95a63c0e6d3df4766885f1e1f55abb2c8197677eed115f6d792e2d0006ad21745cd7dfd10aa8f660bcee8298ea686a4f4ef1319d075c7e3eb01c23e9d36e79468897da3deb0dc67a1f457a4613e76d6fba9c415d7b2ca62101aeaa0b3b62969410cde884bd3b01ee9a8a559234caf72cb6516e5c23fe3e4efd05bb24bfc1a59ae834b92166a8f948cd943cd0fea2361bb764b49ef0e99f72f6178f1c355b4000f4089146d383467421890e2f65755e96432545d83a76ec5c51969c5e8f2d57aca48a3a1d1020a032fad6dcf94ae58b4e865453f9aa80bc029020d578397da9bd200e149f4524c8e2fe671c72f9f1cd6e116583e86ef3c22e709741d0602f08665ac88c1d96107d04cef2284683a3c6d1d767c52914b12e6f662e0603340b4c1627578ad14475d5de42f3e9a96d92247a9ac60738be163f661fe2cb8f35a0f5aa1c0b30e014c52e680c46219fe7f78b80ed0c10863457209fcb5d70f40ff4648f0bc9d7167169b640e2513220428571ebd97ec9ba7ceaa6739f6a2c1a1d71932dd10fc6aa74dc90043636572ab5c518c0709060e175fb62cc07b8d2540181fca84f5dc3b4c39d8bb341656d68cdfd65cfd4c7689573ff1f7868263a3f816ea3f62e4443479c3f81b55d2b841defba77c11c3304d288f090cbdfed34c0a467dcbfbe77419343aaab55d2bb4fd9557e122dd1729b5ee031fc32311550531ab78b1ee3397a9260c26fec5f4d2e925fbdb9525eead7178ca405319e2d64a5c07cd5fe02e905b7e4cae37aed0be3bf54fc39f60d662dcf745dbad53bd11c89c704c455df48649d6fa07317dc1cb39219946b48b19614988ddae1312495f89ebc82e83e181bc7dbb67278d171252d7f1a19667390b626362c8388c3141e8411faf4c7d6d21facbd0490b62c8f7e341c6d985e19f55993ecc08692bdb2fe58ffe1ef4ab51eab4a6913efb2027025da5d6acec65e6e2712a39a9e83266d2ba3370219096ce806811799899e615dfa831a6e2e2f35feb86f002f5d4271ad00c773d626b7c64566f95a3be68a09cde0344eb23b18c2082ad15f99d99ab8b63bdf0318306df0b60a70962b4f7576c960bed087b9c39a0c4ec257d8af4a616de61e6c254d6e013bbd612d5b5b960f83a0f1d51f176beb13bb06e821879a3b68b4133e53282ee4ad35c9979f6fbb3d3a7d839dfa02d96cc4a50d42863cb3a53b3bb455565809c885ee2220f84d6979c1f61afcb7cce8bc707ea132135a318be5544e2ec4d0b58855a39191d21960938172ac5aae633db28dcff1846522cc8b07c17a5069c87c74a41e268116e1991a24c2e6dd08f2541ba26a3df3e611d2d0269f3fc729aa035d8e6538f66b86e2d1842e3a75c7b1f841d51dcfec016b76795c9876e98a902c01917dfc7202344ba23e9e8fb3d9579c0259dcc022a8776b1dd5fb6206350d2a1dbf79da132de7bb387d9d8eff9bc76009c7d3a965cd4786d834527a4793e158ef4dac969baa3424dd87195a88b97753114834be10a33aefdcb54e4f7f5489fcf6fc506fff88aa5b4ebefb124d939992f0a4916bf60ec6e5b1d949ce3c86c1dcc66d5e8bc9e238863e280a7bdd9fb5577f0002e09c3d6f15844f585e9294e93d105c827db4ba632b864755ff570fbf0d33489d23798c966a18ec639a16cd133167778ab4ed61b8f9fa91e9e6722f753ee409f00da8def2c9f95ee9dfb20e8d301d521b224b2317dcc4be6f6c3d6ccc375619c3129fbc73d80f618cb96d64a54b569b5529b53c537454008154f1f877590d00248a30aac79dbddc6ebe2ef1c524829d341faaad38f715317d4b0186480fdc3aee799a0be67b851920fc80afeb187e178c64d60332493a269bf09d25c9a45a33220662bc5e0a33a4dea0abe4e327a8c5240f2c647c0c587d4ab197a0581b7888fe5aaaf4146f7cc5140a038e334178579455949aa72f0210b2e5f13da73e172713912effc6e236371381e4b32dc680635c1aa18f83a28525e3183c0ce6f41746a25bfff10bcc97ab260b96e760eb9a8fe88e63d0db79c84233bcddbcab903ba7cd27e63bb9594aff22486eb4352dfbc102cc43ee5d2ccf5c57e80f65a49a14db2e5d47a4a79741eafef488105491dff0a4b4620c0f60c73bb738789318797482b92f07f132f4360c7a7d38a77b4ea3de5b6219b50130a7e9b7d8db9981a21268dc4691a0a5c27035cb6423097124c28e0c13112d4348681821b258a4b0b7f014ad3ff82732a478e99ef31fe2b58dadcebf7f4bb1003de1e554d31e6f8f67b7eee68c09b238a43f4666c55fc8df761f4e6f4c2890bc1c69cd6c649a74b763e49f6bb51e31ad99ec39651a507802c9664d5a1bdbf8b18e7183eb5be387aee70d3eebd04ca065d03fe8b35e62340b928e6f371ee4ad004d9eecd7175b37399dceaa3351b15a3cf16c49f99751fffed09cb5f160e72b24c5cc567341acc3da04bec4459201dd4c8d57a60abb133c1a47b074076c1ab4e81a170754c0d12594b728ef834031fd9e8acd229b767cab90a7a5c76b75311e4c0e77155b649c7680a0fc76ee2aa229a334a357b57c3f04775be90fbe16592fce5c96249a14cbb4f63b4dc003b28abb5691339e77965413f96b13b309d73a6995acaa574f4bcec74bd8a0b9a6cf5688ee5510e2a6144ed9f7cf2eaf2988247942f13c7cd53b6c538c0d5c6d6f9b43667844f91445f15eb18bb6310e7e00e1cae42cf237c46653e43f4c3754c8aafac20d3b3dff09e8378898736d4ccd06b0b96a50681795904561f076b5346b1b416612a62098ba49676fc1ca04a9f92f20e5491bc8bfdab83fd02a8dbaab4bee88f481e782cde1d4d9cdb40af394ad37fdb3a1c6269ad6f46d5cf8dd87694aacf4f29b07c1ea0313543b118c3daf8c426dbc85c24818af08c89c75c5bbd68f97c1376484cf7c144fc3731d9dd1c1d160495dfe42ad467f06fc10a89289778b593109ec70a0543e855cecc5e7d3053b018b73586894974feb66641593b5517bfac43df31a829ca902d571263c9c04648483cf370db5e93d7c06f09592ae4ac1a82f675d6203cc77c84d914662f50c9fcb0911cac730bf93dbc235caaaf3e00ee56450f2ceda7a1ed8b3154f9f25be1aedb3750165c05785d9d613fe22270ec8a86862b5727eb2e462cc05743d92d0ce649e626d4030604a8e17e69fa7eb5cbd22d6ea879d95dfdb3efa4e9bf5547057514b08cddf75b77f5448f6aa1c1934e86cb1c5673df0301e3ef4ae12f244d436c6c2bdf8f7d06ce53cfcde9fbef1bec9596a337899b66d862aab683e7cdb585b2689c0275fb844f22e0971e2197ac27949367a59feef13ba285bdf073328b9c3ea01feae94ee73c28412e4b56971095cb7406b2becfd5a965307c8f74c13eddea1d2ed0f54816a26b6390289da3493cb68a299e69b93939f18d4bc1af561b63ee4e83267e9c0d9ff547c0031e6a3e8379e7060748a109f325825e0419629e77a10a3f92cddb1588ac65d4000e5285e968f705787ce383993fb9287228776e4b385b25317810162ff463af71a68f1c2355b7a66692666a035ef3921a61444df236a324330d1621f6c5cbbe3b16adb51583935dc1a5e8113cadb0ea0c4bdc9fa506f35d387b0aca02a8ad1d17a5d78fb9ac3b8ae00824eb88387d66cbbd9465e0fa35aa3e6bcfbf49b85c772d8c87b6048027026156413bc88d32dfc7794452fefb016a5712dfb66efe62bffb0474814771ddccea09e483cac57b11868a3b04d14888953ea5dd6c5de8e08e105b128c4a5909f963d27558a7c446f4ca064ebccd317946cf90fec1af90a9a081503530f3fe95f731ecfb3384c0c29a4b9369aec05c4644f6323c9765711488b0abed834d5ee9e91478afb28b782c2b8c1c8c7a67af58e462cb75bd74371d65c95e4bec6126694e2daecb318f081372ddb18e419f0d2769c7d35516b21c15515d49dd3fbd1e45174bd3bf8bb237dc83c74b9e42e9e8e71a4ca957dfdd52dee6b1fa19bb2dbd8a86228a08dcc657834af7d08d25f2d552a3db16e51bf341ae44346eef47f9a393fa8a5461051eea814d703ee92b82f99b0acf635ca70051244ff66a53eb046fe77121883779e3eb10a4da9867b8ca158fa1a1d3692053171e770c0dfe5a7c43130cd8553a4dc203a5e202a1a78a25ce5aba99c5928ee9fde8c703b134eb76aa1d7e76242733291df30afd1357d7fcdf824804af3ef4dd98eaccc40405499a31b0d7e45410b6f95feac2aa1282909f2fd8a5dd886474153f7b72780e6eb179a453d0b8b5d1032be888cec7c343f5c6be681c251b20481359ea521cbb670ca6183493e6aafe1835c03a1e515413f575c98b32823274184e4f12c785312d17cb8be0bd7ce002f29cdfdc6bcd2beb49d653bb4af56125b75d0b0adb4599b67df09dfc3175d6c3d818e0635cc499dbcd0b7d1618d75c251934c9cff9795beb434c1632edf1ea62bb52926f635fcefda2356ae27de97ccfe7db602af98b32067e8b65df5085dc5df701f5391bf8fa7117eecf441a1b48bf477a44cf4e8d0a5165df806d5dac95b850e6ade15c259fbc9da1345315842767ab787f0b868f35753a24c27bc181d5cd1480e01ccb57d33b3369ac674a29b95180998c01286b7fccb55f623fabac00d09d43915852b79472301344779a443fe46b07fa1b8bdc3a608704f564e00f1f609ac08763615033f88d335bda5a57c5ed76f5fa4f7b2539703997314369352a89ad88fefcb37fdce309cfde1460f0ffd2361c54537590144b9747621f67f0199561ad8d054a6ba32cd947525b9ea08cc04beeea7f9b2004c6cea31fd6b58c469e6483ca3cfb7874017f8bbaa92fa74e214a307ac8177f14746ce045cb0716388e988ac940e24afa0dae8cc0f8cac3e5a948a86ea1d6266e49ee8ee28be5056f9c93ab726635196474054f8ac8df5ba00f83b8db5423ab797314af355cfcf26fa41200af115897ffc89c933204b45d331bb701086bf3f60216861bff43298bd1be9992f8794f822fc04c4c4e3f14f0a6b47add52d9e7993da7af69fa8dd5a8f88d252b8b4e79d51001819de5144eb4e4573add7dd26567c1cb9bb1032d97f129085a652df4858cf102a3f15fe9f8f6242cd83112ae7464a5aab5d3331c36377f17db7e6d93cee151e68e21e7db75b90a2e1685eee956f986644d65671ebd6edf13f1792341d3d3af2692bdf54d9c225d5cf420eafe2ac3af7fb8d8ff43af7e40e0d749f5e161c04ff55b484a23b2a55de088056b2df88b37cfc9f416fc6b8588c509d4ca2aa7ab29cd2b0b24b5673d128161372ff3d6c865cda41c5c897ea8b544801d9b6c1ee5dc3ba5e0be36265ea829130ac8eef875ac6ffbd5d85f77d578e4f0a641dbbb13b9b80121e8e8fa0339ac54331d613b8ca7e56ac4a8d95146f4389cc16d12da552c0c84213e6710204cc7958eefd7a4b8c73caa768b014c6c4b4c40c8c287a2c7ae263696651d386764d9d28b0cb037b10b37eab79f7d14b2d455cbbaac49163ebd95a34d03e523fd097bb7bcd1ed59670929f5edfa126938909a5daf230bfdb3cbcd8e332deacc508ac3bc39d73f1d541f790961d7101a298d72a7cdf2e8fe8e4ae300a42d6f4dd395c410ff9a2ad1e08b11a1fa73a7c3f9c55aead64765701d2b986b6d70f95020c781ac891eb8ec299b1d9b5f146e0659cdbc479827e46667af1f5aa45b0a1101b8bbe1dcaf0f465b88617174d452da367ee67383a1ed94e50eca8f51ab48799e133176ac69647027158795b280d7dc76bcb837231b14e95b65eebf4e69a489c258eac9fd866f86a0c0efb79d9706ce0ceeff7fb81cc30da89fd2494d699005ddbaca3bb72ffac6722b9e6a8f0a1179647a26a9a8386c41032ce765c0f33f7e18e8ed20acaaea7bc9338017aaed9fc060f8570e9eb7ef2457cbc622c0623bbea6c99440383d0a21bc4ddbecdb8f54795c1b1ae89f69ab5cff98444f47289072aab76215446f3a95c4c532f1d54675f8366cdb08702fd2ab7f5a156b008c1c134fbdaa8f2f96e61a9155b7bff895b4b02d113ef87a3c5ddd6a6dac33d97381ae6f20a107909d37ea149769762f56d8595b9a6cfa1626a577b6f7e6fe58f7441737b5d2a6a58df71350cc17e7ddcbf521be663858b549ace9486e9e659888228a13f87f7ab13c4c0db73596e5e73fd719a1d56f0d7ef4468f97043c4df82cd8343762e8426abacc1d7a4a55ca71b9af1dae6d655b89e00e6f52ea59c1e2e9d95658ede067712eb321ff19a795c1335b555d33f33e7d8b6076f4cd0c618245c8ee888b0095781ea0717d3ba880bcbe0c75a450fa12dcf56ea26c81db98d7aab1d97abcb7f67b069fecd7909ab0bbc71dc282cf51cc2b3361ba0f188985b7dc777fcde333d0e5a3fbe6a69dfd2a80a02ce45a52e87d6259014325af5b3be1da31873ea92b60e9de4c02103df84c11b0745dbba2f532296d91c92e2ea0dad16a11380017914b59c220a422a4b8723b49f67909146bcb40fb1ba4b261378beb9248b99f996990d6958b9a4621d4647cd560e3a7421ccd6c6dde7fa834f8f005de7e36a80b79d131214a9104483b9026686c096a2097d2029672b28fe9be6902fea9c7d598166fe2e1b04a3c4d37533008fc37304620fba7e5d74ca14321f27b45751d6c38dcd6cc88a91ac58c8da78d576df57da1c889e27dcb55c98915013da86516f8c82353739b05d761c479269616020358d6a6299d70afdb222923aa917019dad44f4b2f3b3b10ad41fac79fc842ca74a1188111f1e2cd3df7c2a8b154f677940838cd05a54f3fa67c37baa534fede73a64ecb0e5aed534dd4455d99a03bdfdf97b5987af64d371199b270608722b53ef2d8fbf9a7fccd25f478f235df1d33a3542bbfb324024cf8a1e5d24fa7d590e9bbe5e8796df44b13f60dcdbd71328eee0d7dfedcb38cf941aaca33e11446841700b617f4713fad1287b5a9af5e6aa1c708b335ab322a3f4695f6129bb35c9399968fca5adf2ca63e3f474ec36c26d3b2f62f103a5601098627a82b0966037ef0becda69d0ffdd3721e8e2c05968caf2e4a2616c43247d481a526113b82357de38debca106c18f866d9471080f7564ab242bd690e3853192ca7cdcf802269dbad3e227444b56a0f872c1b68fa49f1feddf14f2108a84a10e6b008cedee224d9ee6b3b156d9f53985f53c8d845e09aaa075aea527e0989f3d2e90f2040fa7ace53ab44959aac9f77936dfc4e293656ecaf1840655972f920bab3721a03bf356d888a828fe88415818451004985cfa941b8fd3ab2c8940b8d1b76c5f9a9b4a0decf36ec3872e0814f234cbd73cb5cf58028acf6e519652ecbe1551c54c2794c03c29ceb8fa4c1b19346ca1ae4dcbf546ae7461598018dacec6aed51538cd367837d7c09abc9e8aa5aec3fea7c17f3547b12ad25bb44c04a9e4780400ad177220404ec78bedf62d96b50abe8af9b3fba93315520586f5dff22df24c54915393ff05c84a6a9e5baec726c8dc9fc345f2692765ba3845abdf1207504cfffd096516b61545930beeb57af7a5c81791f8dbfe1c7931d3a4ff04d5b13f709bd7e7add6c07b93137468f90193459d71baa8a97ef17d8a07a193206deda0064141ff1e4889cb671682f22fb69a2ed454371fbc0971e9e4411c23d2703abeaeae7506423c6db584330bb94ee2b09f8cc285409e3791ef8c65f581ae38cd72b6fa515c3a418b1a48d48daa17d6f4eb3b822d13f4c8772fc9a86b24600eecf395cbe1451810ad8aefdd13ecfccae32b6f7201eb9523fcd65e1f077f398e7a86263af84d2fae5d400bea8ca8fc78c8351b098ad60a934902babd8a549280f9a5eda1893020134b9fe1985264e9100544e6edd46dea81b266d77b34cc29104461ba581063ddbad8b3726106927125359248b1add9086526696e2ef2b2c374d1c833f01c760b5e91ec1c79286f0f6987999eacbdfc3549cb3858f042ae5674b9a041c2f2c4f7fe62b8ec8d69134346dbfb0830723b078360d1561017446603e36071b29886e5cf3f003cad18cfa558481ff47567000dccc3f2960640883ef96d1dab8f6a5c4fd6d90fd02cea84a6a5900ccda639bbd531c45a17e68df804ede416382e043bac440509863b8448d8c4dea193a2dc390a490bcf4b130fb982a5b997eddc2ce227d5565a1912c86d850f43900979868422873670c91701aef0899ddc3d6d2e8002751951162d2d98cd7985c97198e12522eb52d7d03f0a637f4e47022d0a06386e11df3a18357336b6e5dc9ccf0c445119bf586486d5d5fc6cdc4a7271ccf87a75094f2c92c3dbf937d9659eff9af0f794aae962bd69b0430e7d3e870715aa765891ee91bce419195fd882f85d1753887bdb7950537fbbffcb0f8012ec2c56ebc3ee424878ea57bb2f5e16fbc24d00b88892def178771dffb36ac6182dd0515732811d0a5c645cb2b6389500a3c3913b2e65399a8f979884912bfb9f7ecf85c7780879ce53fe558cc031f933cb5189b4166ba4f20c283954810716e32deb5e081f097d6954535a7a826e304035fb350a498952cda6a94d0476134e1196026d71f8e0889e5c246a0a761c305f1f67b920c300feb1388b0c8edbfba23231fef4e1b48febac4e76a47eba135e1f89083e08d73c590fe59e5d7fdfa6e6baac177c9c568f52e2d7b3cc9736d9a418a884bc7f5f39d6a8f181e23abf05e8a2f43f4be5e06166f5a3020ebc72fc03547b0cecf2d0450e570261fc39f9c89a3f7285a6c95a2bbb975249dbce315d5fabcf66d75a2dbb68210a467e4355f1953b39eaa4e611659ee7f6677bf79478c0b3e6a53523aee186b846a214ec0f3e991302803ffb496dad02082c51f1587533406872c0d027dbc2f0b693cbc103ddc4887974077e2591d4356221c6487547f2d7ff24af922ec10163d3c495216393f257f7847fda0a51651e9aeb5936fe686174aaeb091634b06366b52ef8ac833c2c9664ef6a0bbae14d91aaac81a62463bdc744a0346572dbc148d66040c7ae572ae53c684e38164275aee93682c31345e090438a15da8247302799f44e10d32b693c53a96981cb7d7fcc70a2c325fca12a26ac15e7fe9b0901cb2293f1de5b4b18f0816c0344565909ee2b5f1f01d9d7411349d5da00a56500f4c26e5489f9f0057d6e2e5b654400948cfd42235d3dd147b4d1da76fb207d63dd6dbfc7b93a52ad439b3b35b01006274be5f982174f909e164302e1eafb3010b042793c6ce2b404ef0495d0b07290ceb082a97b1de15c2f2d5a8bde5fe25e4fd5a02e83b1d50b5990a83a724ae601f67e5c2a9408116bcf63d3e0caca709a067e6ef11931e03a3ab8741da0aa4599a38865ab353adee9c752a50c3babf46fca03eaaef3bec10726d0546fa3cd578ab824542206cbdb688efe537aa2d8a5ff19e74f0285451c0fc8cc4dacf718735244f61405c4d3f175d79282c3dd21441d3e11e4e70cddc85974fd11c4c798972714c1eaef516d6b86c338d38d9ebf36b994afa386467cd303f7f42d79a097f035372553c66e13a06a4128ee1a075d6ddac7c7bff90b3bd55bca3cfaadc06e36aa6052df3166b3129e39f22e87e4c6b0f85c861342885f58b0c871d71c752ece64c3801510493bf8b8ae83e85813e1fdcef0a15d80e380dd0bb3298472f6f40497ffa330881e3fedacfde55dc24af41cf38724c04f0d805374e2f158e737fbc68926778f19ee62e248e01348243505cdb5d210479fc0705fff24992c291bbc72aab30150a683e601ce5e1a0f26ed2941d3634b392975c67b2029763b79079022e2b5e723a35a0931e2f1262baa038311801896ba0168fdd0393435d6d49a2ea66db9627f3f9d2420db0ac549242b542308918b3e787d3ca966a30334fd552ce84caa57ed20e1d3258bfd0d418728824062e48b53a189af46f58ad644a05196d5bbd227d74a974f25f3f11efb148f57343fdad55aee22f53950b8ae5a39b5b2c31b53804ff19af5b3732e36008b3fd9c86477f7a0c713c6ca62fd9758ed846a073b84f55b80341a46de2ea21c7c562e2ea75308bb7c440b86788f1fad9a7e1d63bd4e8a088e797736d8daca188f83c5d9dbeca9036defd63f79f88c93b0518a4072b618b84c2bc6eb9b15fdf2590490b138abf093873dcd9e0c654bc7e5b0f778bcefc3164a2d6346683993b676b923899c0860788a35e5a657299063cff04f754d6edbb13c03a13290f0a18ea906cca22e4efe95685ed9dbfb32ece47fcdbb0aac9dd2ab216ae9aa5a1dc18abe71b6a7e3685dca792b0766aa04b466d6add69b9b9744ac2ad0d95d1964c86c99071328fa9df98f6b1699c3ad363c129ea23fb636fd220ac17b01d94566b2c8a979dfe9a6a0d208c5ec66d4698cf9069a5894ae06c547e48e959b6e8a383dc011feae4ad79f55896b1c51238aaafd3bbf816eb696dba506c86ef8f00d749f4c1772f9145e7f3b4671a7f6d3c8c2b2e252f13b8f512feff8c85ff0b423630cdb8d54c18d3a461fa1159e707045282bf5bacf48eb24cf82e1f0126e7a1f21c6ee63612955f28eb1c9cae5ddd3792ecbfcb983c231c32c4c54004a1388a508ff803ed3b62ba4f0d3f4a74b3edc4da1bf181576e2ad74594ba185b874591b9219c661b1e6766c023e1a8accbc0ccb938989fe62c55f7ef23e56be17949bc55758dd2c8577a936e174d51e90f6b0349af151e651134cab302796661718633b076b40824c2fd5d73eb7846df08941e2ef4713f046dba350576972178d1123c9b848e736be3205c286b84838827b35874e4d1c8836a67111379aa1e7f9de84ec76eb31d1142885a522945c5dc03969399d3a5ad7d7b93aceb9b77eeb42f3d1abfc6553efa872ff51f85ed2a6ede26ca9668e6f678ba443f65c8261e6082791189664fa4b188ae00ec9014798c83caa882ae601df90157f70c63551fdb5cc69f14c2ee99cb7fe9f4ef186ea84113208e7158d4ff2bff6635f7a50004947ebfe78bf743ebe44f8b00f833e313570542b4952f78676d6c8655e6e3218eee96d403acaadfacfe9ad574a521901093a4c8626861a84e0d84017b934335db74ce34741e6fc515642ffb95fe7e55214a71f4815b48e5e08877cb96e10f6fbe4f66361ad9884af37904b20c11540c4e208cd3d90463179b73190f6141842c5f112af737d11602be2f03525711c2eed219963fd4a8e817f340af81ed3fefa353c77ebcc21cd14bda397c8ed580e8948ef5e20bf21f979f3bd3cf4194125421704d652fe32a3cb0d672de297ef3732c60197a209bbc240aee697ca3aee280c1a764a937d76a7116b59dddac7693e2c70d2a4d72e1a7b68c6db31f78b8ca82213bd1a006e95d18e2395acf496ddcb272375b394e3b645808d96b3b11f8efa5940d8b43bfe8f6c547cc78c79c9d5421e257529a3b48116197a498da2f0636caae0c9807ff28d694cafa2f5919d181186f648ae982d2a94b87379e942156de70cc1687398921ad98fb90c63246e688913c09025771b5ec1ddcf7b984c833f83da9cb1cf5b03e9bf196b0e6eef86d84cd5be6e7da44581bec218a7e3a64f469c3288580d6817dc6b9dada5b50803045e52d4f65fa385d370d64006a5b65d80c27d36c8e889d270759ea27b09018e87193583449ba41207b217cf702bdcd1866aa2aac3bb25cfec2cff66ebd98764076c96f1dfd180acd4f563c2c4da26ee5d56dbcbd3f69ba24eb9e8a8887945c091029f0d75d511d848a270ad3403ee2d20df54a61ac84c99a71c6dbe648bf545124f685b08322761b5bd99e146bc8640c991d1d9e97800168959f47b7d4569556bf14eb42725130b61509f64fd221c35cd41dc4a7f405be809fec430d38988d56afb642df963b6bc647568f769f2d1c40e9865dce75037c59695a7caef2f745e5519c25dbee1ada2a6988a0655175ef5ff2ad186ff58fc915fcc56574ad13efeeed01bfc64dc4d4794e4453a078351815c6276dc371394fe6137f4b9a7d79fc62779b9ecf8f0335c35eda3fca713be487ac488f3789b4106fe976a9a49017bfd64811383ae388fd90133aaee9c3120f0e87027ae006e03d2b452e26fbce69ae2cc382a58c9297885ebd6a5a894865c10d3c62b295a3038a1ebac4a6014317abaa4dace066632e53dba17409e973018b761347cb2c933fea2e132c6d2fe7351c9ac23506c260a2909476aab8379ba858c7ede66ba0917937cdaa714f446ca0ff8394aadb7429a7353cc1739e7bec14e8c22ffeea5f7ae3906d628a9fe1576450e18850b58344eb1d7bd24455bd368ae7e15be45950f971d6414b6ebb042712bebbb81a201991ef8c4482569248e7b5781f4d08fd46e0c767cee64d6d92b918912fec268378ea1b55714f9a62193c51d7045d003e3985ad6ed9fc4ceaa60b6ea603fc1cb021a9337cd03157e0e51edbedeb1ecae42ee339e9230362c8f6ed882391ddaf5a2ec3629accbd3ba1fded27dc993816cc764a50180f88b249159a85745fc39040914599775fb2841f682571e72d08163831d670c864efbc1a4395d77134a82dd35ac01fd97315ff0e073ea8deb303bf073723bd8b02c75d17d5a603e4c85699a901d32d3d2e80d87a7883d4f4147559ba4ac24867a03eb8f4a745fbf08c2838364f1444e2d4edb76f689ac77d72d2d7bac3f71deabd3d82aa08319f5d328b83eb4c29c9aa1cb5f03a8946886863c9da58c58eb59066ea79c9f160328f29a14e5f36cc3bcb2caad13bce1d5b1132450b28045bbe0fcde291e433fb22a224978cc5aff97ed1436fd9d3804b10107bc38ae4e63306f1076ee3580ae43988f018cbdfefe7c2c1bba040f7a2aad4afe4c504f1f5a736934af94643faecc2de8bcefd544861c0fce34578e44eafe02a82f8aff2b32216e9d0c5a68df928597a9a5ec2d848aa013f73d276012b8996d21a509f807b4bbf80d2ac5ac543eddf2e91b230e8f45befe723499fe1f0836879e9e6e2a5113c887122e59bd69ce55bcbcb8b836b75c27924cca7f6d8b4faf6eae4ea2cadb0be55ebd60a89bc35cfdc9420e72e935fe93185f54b0ec47fb16c78f632bbbe231c4b3cbc57ae31b7dea8192041bd9ea8115362ea95dd9b325cb50ddda5c469fcabe298e794b50dece4e3bc6b6983c5ee9c2206c71f35f663cd78e6afc9f822fabc6f5bd752e95e0c62603773a33e8b29b69209fb2ce7adac9bcf312058fa8c800b3b4fe72081a5b3a093b368779db065d556b04855e89ddd7b41a2d1c90d2511a8380aaf92bf90c57a5ba218d1cc58a1c16f0c2eb4858485205f5e6fa996739b0ee3ceb7b2e21fda3a001387d97091b699dc59e5f8dcaf591e60405fb856956ff7a5911adcd02235627b920e58891a816ea07d3cf345a0ee1db9366b6747af6adcdab5cceba8f73700a5a1cefc0f8dfcf5562a85f82901e08d49eb614f818476fd3b17285dfaa3bb7e76697928a686da50751708928568a2e96bf53eb00c7e5d652115f67c33f6db59b4d4e3e05ebbce123739f3911fc6bf1c4515df5d2065ca2674cfba69186f3d7dbc4267afd4b0a189ef9f3585212083c25461a0f978633ac43950c85799886ed85ee57b0562feef5c1675cb731ee42254545fdac12dc7bbf916ad712d6edcc0c061cdaafb599c2f62a96b430124dc555b2acb6422a55d6ec57dd5e9d62b994c8a9bc454f169ddf6d8fd98edd8e6b5ec1554f8c2ab9538fded1c64704c8d513ba6ffd25c9eee47b4a28d3931a245c95871b2a46ff47684875ec4a80e3d78c82d14b7867adf2f969b96b8df8ad87ee58870cd851313df7eb268c61489b6f567efbc540bc1006a7171f8ef58b165c4929b27efe58d9efabb8c3a1432ea15a92487a55909420e9a10bdcbbab44cfd7e10bb8f07217d67e604c776faa7e6a41ee9bb04b204958e5ed3ef806e3e216489e963a282006655bffbb60bb3a86f25d8e41eda7e6cd709373dc008c398d78dbd2b661d38db9529a899825dc754b21ee4e846a678bd998824c1a6499ee3215b85fc50eeb6994716e11883bba04da09a6a80d13aa984b8a02ecd625f2ce2e01526d42d2900551e3ed011410c2c1b28a67648a978934bb1a6501e5f83a28ae59dbc2f0a3c73b007c227277a4c222f0560da5770a5fc7a840ae6231cf6f988b949ba02c7689790e5496490b867b914b9ed51f486888ceb70617658e1790be2ffb5e322fae56afed42e390a01ebd3ac7ee5635bc186096b4f86291e945f94f777c1193b1d6adc8e43850c73a9e936b62e009427fb293dca75d117a102915df3f32f729791b2403f88d713773d34e0aa1b48f01e89c540d8139d1bcba15aa64dde21afbadf5c310a1b081ac73c3d5e5299f47de23cc801b31a5a420ad47a78beffb40ab23e91881b2316d3f42efa2d38dae09636dc4df6744d6e9de5fc19ad86c3fc02827d8274f80aff92506b8f38c2ceeb20d4e5ed70455d3111c50e6eea814bd57faa440fcfd2c4f1c4be31bde8a3dae1ccd9d9ae0966dfca2dd6522cf73784d40025a84f519b5a6c23a100b71f719ba49c0f9465c6507428c4b9cec5c950ecde08e5e024ddb2bade31f38796f63f8b800cffd1edf7d14b1338d299bbb9e3ce9cb6fecf31b6df5c95d1479ff6afb5a0ce0a722bc08db39617eac609fcf67c61b5b6954c86f6b59f6e0d99cd77e53b1c243fd798c37b1ee1560ff07910ca0fd4c47f0a7842b6f1b426d4492728c824777a0195652829046bd498bcab2d57fc3e3941a93f742d88c33f988da7907c1814250ebd4f682f779416b0413c9f4ea9b26e3f7a7cacea6f1df250a1547a27ed6a5ad25096b8ceb61c04085a49db7c0946bd07b23983b90df258b072cba6099769ec3a3d3f9767a86fa28b2315696459ab39f10753885f2fa8a359290367ed52aa4bebb51dd58b56b1971c14f49532591ff47fc0922076f5877db3ed51367ad51bc2488f8047b951b3252fbd475af0f01cd541eba97f7fb8479d245b797735984d07bb5bcb41471b37cd698a8668ea192ca52b0f570bda03e3b52b04860f289fe98114b4fab842a55fb3eee1c41e0b57642fc93dda351ebb9f249ccbb1a684437782cd65c414b0b7063004abd7a48c25eb2f4b0c952adc906fd7d54cb32846c26c19307ccfee97ac14bfcead3a5ec66e2f6a1e2e2ddaac57ae9e4f9f42f4bc25d3ad292aa9d1f75b17618c737e2917b25aacbedca9122b28385c7e85df77bb2dec6ba469ae7145686b21e3e50a4c438d8b57ac3d9b98824870f2381b83c1b9e29470bb8629af451ec5381aabd442ed7ebac69c5d0d6f603fbb94ca6c981cfc4feadc0e63f82d57e86d3b55188e3a41be898c0d7348da6dd4ea4749fb949ec3e63f6ca52c0ab045c8763c7b3698e89b6922403aab242a069fd3acc41150b49a223095e166fcf9509516cc550b9a32e579dd58f467e52306f868ddbfe1998eb38ded06d050d289cd8009aebb65c94849aa55f52d35bfd3016af6c1577d4ab8a1c38ed9068ef0521d74f55c6d434e050a9de4a3f88925f3775111c8cba1f2321e04dd3b971496411fcf4307d25af6020ac0ce5af87e4789b22c8b2f965f279186aa69421d6718bbab95c5fbb1636e6f90a944f8870fc1aa5fbf504c964d20a34252fb54b5dab7f3674aa359f561ac59a8a74a391bd6300ef2246f366ea67633ca2a8bb25261a3e40a50733eb12aa24681d202ec64520bda8f2c30a346ce9dfe3f38cc893a3b5b310e74d8e0fdbc1040f126f4d288c7f0b9880822b1398809e3dcf8d75be6a7a394eb179ad4db3d27f2a1576557b718abad0fe33e7d50b7c34b1accd866c7fbe312f2c652900dcd3261ebb243ef92542f4f4ef4a2b3f48622322a5ae05f301014153a150383c5866468974eba6398fa7a38b3853d9afa0216eecc522dc9dfd533f97e70c05d168f6491ef5a8f77bea8221ce7c436f57c8f5c65291cca41a8a8aba3defa424fc5eaa85cc4e1a805cd45f5d36a08a9f8a5197624dd2ec7a97cf325cffe04301e8fe2c8c1d2fab6e7f438d0bbd103a095123753321c8b3e0220bb891a2015a30d3e3ad92f051bcbab415c6df1a81da071899ced4dc4ab5ad7ace57d47953cc0f395845f3cde8afd4438decfa741c78fa87cb250be6a4a537d44445a67ea858f592728c554d446a0c907ab40e025a4b527ebc8bae15e999e49f13fffb4ceb00fa5076f89a9f05109886764e27bb868514434a5cbae37f91ac7d7758876b0e309300da6bfe8f6e17fde0f76b1fb632aa4d673f70c90fd6aa0db7f66a7ba78a324ab008c9f1351494ada25644521752f885196f2aa87cb5c4e73bdde6390310d78e7cb91cf1572f5282229799313802fd4c8fb1d3667f53098d0a2b7420fbdf175085d27898116ced75193f74a80fd1cba11d5e2a506bdc7a8a0478e90826dabc6cd2137c989ff894fb2edc6b8d9b0cd370bc790a0656e55243d209a8b1
"17575197"= 8f76b6d390f9e05f8db4308f96b7e35fc9dab17804e10ac3447d8a1572ec40d3fb2b2d1efac7be45b1f89c6a6442f855641299b6b7f3d2951a3fe9e83ed9948779927d20124899ef7623a3c7882f10cc3dc48324107307ae757da76b57ae4c4c76b162092a22aa46c1a444df6ad435560a764510aecfa4bbd1f9be6feffe99c7524cb8f63d341226abc802285a84d0c6145b438ca85c85808d5223b53fedba4c67ad38e47b3f0a1487f381b5c297418bc578f06990db637e6eb75fe29fa8b2d01b309cf013d2f8d6932f5b5cc2d8fc8cb32eef2201d625689d0ab697d43e3a09d6f3af737d53536d9dc06a6427c9f42cd315e9adcd7f4c88e75456f528026c1c414af066801e8afd2bc7e2cdc5e4d53ff470e8b8b01800a4dc3879197c52ded2a2f10785c7f75789e1af8b463c31f3349c9323cba5f612065cdfcb205bc891c14624e6938ae5ee8c7fbd3de7177cb35c8f5e3335af3fbf18b925aadff0172e49219f41ba69f311ece45be5e9b5733d05b9ca5b6aa913201fca37dcc7004961644f3a91cacdf004a538b211f9a286aa224b93edc82dfdd3c9165209ef0de4c780c9aa573698557b6e3629ca655de4cc9082ccf86a7704c26fb20751e629789c023f82d279346ff771a05157ba8bb851bdb67c66cc07e6b4bb2e69e122179eb2ef4f23ffff718f91f2eb418cc9c9b0210cd45b294d7732bb7302faec9309a5c5bb5f2df8b580caa90300c7800171f69d530356e48389c0751ad74fd3ac4556914db1f8f2165591b07c772fcc7a1406fd1053749ee7becb9e5b68851a5fe8ec1dcafda83f8c8ec7e87d36aea883d876e0bf2af7ceaf5144f1ba5c4c528ef28bb37fa2c6915292c1a890c9c22b4d6d2d076135fbaafeb99d62d1f3a3a155e47e47f98e2e7e7a206832ce558ab9aadb3c29547710b46a4b8f58c60381ef2a6bcfe91d4419b02fe1e6e4afa9d6743821364b5b7773c5f3f9ed7d1ea0bb04eda201c302a63b9c8958f62d6d818bf38f6cc7aeea5af6e51db55a00bd3802e30900e5f7f8ecd8965aff8d7dd29e7314d06ccfd154df7654868877b007e6eb4cdf2f3183aba3210be8505726b87f637fcd2077e5fa11b65fd6619c632712e29de9021bef07bcdc63b636b04e5c0ee5abf4671b01bb2c25552f91e54a16ae5e2fc18da1b0af24f1884b5aeab441ca5a56672ddc8e1c7faadcdfe68aed172897b0130bcef0b729f0904dd8247385e099c1a4a4909d36c08f192590456321a574ce997a6209733cc34ac7df4474b3cf2512754f8e1606f5f38c7a21a27d4374c09e90bac70f9a0f8984a5016e0ff3bae39d69d300796055e00518028b3e67fc84d7b747cc239c111ec832669bb2d8815225ea7151840d55db4c30120df3bad03e4e3b3fdc1b27ed74fed8e6b4e6ae3c7a107dbd303b1b72190f549c4a8f64bc98620e99e2a2c00a24a9ae70829421231c2b8e0350cc56e96689c305521ac28778834f17d73b5d9c7de6a9041f493581fda77d4e78cf16e6f6cf4fbff66ce518c9d90a2ecdcecd45b93f1a5ded36e7a89c47504414c9d5027060656ab2ef30c789971cbc87f30d44eec9f2958cd2bea36fcf18b9f1fb751f4b1af58e96e78d6b45fd552543a2b3751cd74dbc57d1b7d9484535cdd0860b15f7759780dff9c82548b8db8e306583e323373b5fd4f6f86e317468d2a77793e8765ccb09e9d55ebea8cd3a2bfc747dd5d93398cf23c3981185b8233dac273ead842069a595002e3009f6c59f05297c6bdb6d67a71e1bc2a152a9db0a942abe57206b742678b74c8d10f6954943a202ce224294716fb69dbf3aeafbb8d21d1b156b0c6588de1eb8ac02c83d3aea6a837dada1a6e0402b17426c7781ec6c6aa48eac8910cf06b389f852e001d6b9549d5f3b7f41297271eb3c7d02b23e18297a04cc7f0d3b94930fa4c7e2d00ad9e57fe13c484e4de640dda9ae9ae79cdf2c2630091673b7d4e4b704916aaa658f2e8c1f28e98423e9783d8f31b4951c412c9306176d3f6122f9de3b15b36ce7b7d7bbffac977a74a416fafce87c899b03958e7582101b172cad6d0a5288eb077c3aed2516a3e49d231ebeeacc06433e768bd379bcba98500702ffe08f3104e69df811341647b52dfa8afcd805da537bec15d6a98f59b5ac87d52b666609a8abd8f8eb1ff2c1c85734f2cedcb44b4e00e01705f90ee96296bbb2008350b207489b74d6c6fd818f45eb4251b77efc19a31efd19f0b9f053bdb360d635c77e1c2b293cbba8709b6e3342906b1cd192e90f8df33c4736573658b0850cae87825b3b1c54893769cc8b33414277c713f5f6b16e572635b47eaad3c51f548b062263fade21806d34d784b6915be89b2206c6ec351f40da2cc28df1c1b55f038075a7d58b9c5959e02e0fb0871e9b260ee22cfe6fa3b4b814146ab3d8593fd7c8341d7671b8d188aaa277d020882ef55e3e8227929150d633e0bb3c190d2b956541d6be34033e1ed982c2018e91f4f917e31785253eab13213b024a2287d81dff65b77996d04cabc2e5d67d8c40752861b9155e5b8561cf25371977159e2d7ca5e81148c48cd83dc85678acb607186f51f93d6ff8adbb4561135a43b820da35c8de1b045c62eb329ebcb8df6cc3f8d3eb4d457dcebba3cb0722db1caaa5620a4c134b63ca863c63470a3cc02dea8f1d98380fbcd2cbd92f0aecaa2ad52c1bcb47e000adfe3d70cdc955715fd5c0906110b04bb91cd418b332dc270c95702d77cc5ca80bfb942a16cb53fffd10229ae7aab8a10bc7aa012b0908d8d88937ca92b22823e54be1dc02707b558dd8536df21b969738ffe5fb218e6ffd910f4624671c16b99a14e9d547351ffe3b43a18e611b52d1f7722df7fb976e4fd7406159e48516d39eea34f425b25bd36d263b7c2626907cdbf1c3ae9d74f223427e614a7a077fbb55ff00d836f0edc480f55747170d02ead53f98f84b43476ce68eb17c4a88a0df88277ad16f7901475fddd958c2e91ef1e9e32bb424c107934d0b1be3d77b74befc3f698c75b7c6dbc088dfd91d56eefec743ba261ec5f5ebd443d351cf103e48ff0b49fac38dd39adec63b646eb5cf539db6c30853ebe5f61a3b776eb51552649fe8b549ede63e0b6b7b7afbbe816fe637a4a0d677cc246cadd99183e8ac933a800469bf78ab9e79660ae9a5bc47a0bae7b76b1a69e9cbd118706dbf5a5332aa7ffa6ae1270fd6cc5f49d72340ede234de95c5e8bd8dfa962f5efc2011e45a1b9ee6bf44ec43851aea8225c22d1d12bb71198bf9517760be9b5bdba8fb130ba4ce7cbe0fde45d8a046714504e519105878459ce198ce2c387c5aa3060115fc46bd1dd7fc0b9f3ad60409f78399503dfb4d1bb583c44db80c807d5a94ba22cf9053e9e7279d2f15ce26241bddd30d163e1d68073cd18806addf99b9a85179785d2dc23d9b0b0cf5fa9c5a7e666a401a901d3fd868e62bb8d39d7ad5c47ec977a783ca5269c1597f7d4782f6c6c5d1086575dbc3a57f7fbccbf48b42218cced1ff1f6e683846145e4a22fb94dd71ed5c3048ce66342cde441ba1e504b82658cd5e91af9b6eceb988d8d7ed5f42cdd23712634a26c2556c4552401db195111dd2da3f82053d101ef7b78cec70a10f1272d89ebe02c890d7acf66ed7bff890cbafbe1a03fe8d527c1d8b7e6287437f40d3d2da5d074d11e65969ed2b4131e42e5f86f2ee7b8ad1506bd71240c96cbbbf1dd309fa23ab901cbd5a4a853531c061436e67632e4b22e5bebd6324a0c3c1837418b17d57db5410f211762de657258a51f8f3b89b6bc863df61d66acf5dcbf47f0c43de1df98aa44b8481afdce4f85d122ea279acda86cd4ee8570005e660f7cdba9cda213b866b49a4b5b9cbda5f240f542f013546601a8f08c1a2952f0415e75984140998c18b50535cbe8c8b65744d76e1e62ed12a7b0d08c94adb0ccdae545cd8d28e0befbc4bde89caeff008166e48efebcacbba48bb02fee56d979e5a7424652289acb7a691c5b4000b5969e7a32dbfbb718d08d5ca78b4dcceed9efa0840239c4df0f26c9a74563855845543a4cd228b185f09dd682dda83530b6e0550cccdb9c99838d16e7cf70e9c4d42716addc467266c56ca0bd2e16cdcb647a53f9909bfae24be6dafa0b7b38cc93fed954006c543c6d9a50aa3074f5a271f2e96a21d91aeac134ad73286ff08426809835711ae68df511c81b4768d75d748812cf5a2752642c85991dd81db306bcc79597f20e5f0a74235916edd4dcc45f89d40d86f8175fa007ea8810bc746b401d1018a72ce5f514188ff

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-TkBellExe - c:\program files\Common Files\Real\Update_OB\realsched.exe
HKLM-Run-PCDrProfiler - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://uk.yahoo.com/
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Google Search - c:\program files\google\GoogleToolbar2.dll/cmsearch.html
IE: &Translate English Word - c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
IE: Backward Links - c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar2.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\google\GoogleToolbar2.dll/cmtrans.html
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-09 20:26:44
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\windows\system32\c_575167.nls 125952 bytes executable

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(532)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-02-09 20:30:35 - machine was rebooted [Compaq_Owner]
ComboFix-quarantined-files.txt 2009-02-09 20:30:31

Pre-Run: 121,340,895,232 bytes free
Post-Run: 121,252,433,920 bytes free

164 --- E O F --- 2008-11-13 12:06:00

Hijack log:
Logfile of HijackThis v1.99.1
Scan saved at 20:35:38, on 09/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MediaFace Integration] C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

thanks.
mountainbikerboarder
Regular Member
 
Posts: 36
Joined: December 14th, 2005, 1:47 pm
Location: London

Re: Hijacklog - PC infected & non recoverable

Unread postby askey127 » February 9th, 2009, 5:36 pm

mountainbikerboarder,
That's better. Sure enough rootkit.

If you have any flash drives, check for the presence of a file named autorun.inf in the root directory of each one.
If you find such a file, erase it now.
Then create an empty FOLDER in the root directory of each of your flash drives, and name it autorun.inf
----------------------------------------------------------------------------------
Be aware that any other PC that autostarted on one of your flash drives may also be infected with this rootkit.
----------------------------------------------------------------------------------
Run MalwareBytes' Anti-Malware
Please download the Installer and save to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to both Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • If necessary, start Malwarebytes Anti-Malware again.
  • Once the program has loaded, select Perform Quick Scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location, and post the contents in your reply.
  • The log can also be found here if you need it : Start, All Programs, Malwarebytes' Anti-Malware, Logs
    The logs are named by date stamp

Let me know how it goes.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Hijacklog - PC infected & non recoverable

Unread postby mountainbikerboarder » February 10th, 2009, 7:52 am

Hi,
I loaded and ran mbam-setup.exe but it hung at the point of getting updates via the internet. But as you mentioned about my 2nd PC getting infected via flashdrives, I ran mbam-setup.exe on the 2nd PC and here is the log for info:
Malwarebytes' Anti-Malware 1.33
Database version: 1743
Windows 5.1.2600 Service Pack 3

10/02/2009 11:47:10
mbam-log-2009-02-10 (11-47-10).txt

Scan type: Quick Scan
Objects scanned: 56565
Time elapsed: 18 minute(s), 14 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 10
Registry Values Infected: 4
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{3c2d2a1e-031f-4397-9614-87c932a848e0} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx.1 (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2d2bee6e-3c9a-4d58-b9ec-458edb28d0f6} (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Information Center (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MultiMedia Software (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\multimediaControls.chl (Trojan.Zlob) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\Program Files\Common Files\Real\WeatherBug\MiniBugTransporter.dll (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.securewebinfo.com (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.safetyincludes.com (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.securemanaging.com (Trojan.Zlob) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Program Files\Common Files\Real\WeatherBug\MiniBugTransporter.dll (Adware.Minibug) -> Quarantined and deleted successfully.

I assume the primary PC still needs some work ?
Thanks.
mountainbikerboarder
Regular Member
 
Posts: 36
Joined: December 14th, 2005, 1:47 pm
Location: London

Re: Hijacklog - PC infected & non recoverable

Unread postby askey127 » February 10th, 2009, 11:02 am

If Malwarebytes hangs during updates on your 1st PC, just run the requested scan without updating and post the resulting log.
We do have some additional work to perform after I see the resulting log.

Also download Flash_Disinfector to your second PC from here.
http://download.bleepingcomputer.com/sUBs/Flash_Disinfector.exe
If your AntiVirus complains, allow it.
Double click to run it on your second PC after plugging in all flash drives you own.
Your second PC just had some minor infections, and a case of Vundo, which has been cleaned up by the Malwarebytes tool.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Hijacklog - PC infected & non recoverable

Unread postby mountainbikerboarder » February 10th, 2009, 4:14 pm

Hi,
Have cleaned all flashdrives and run the scan on primary PC (without update):
Malwarebytes' Anti-Malware 1.33
Database version: 1654
Windows 5.1.2600 Service Pack 3

10/02/2009 19:46:26
mbam-log-2009-02-10 (19-46-26).txt

Scan type: Quick Scan
Objects scanned: 56526
Time elapsed: 2 minute(s), 50 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\TDSSfpmp.dll (Rootkit.Agent) -> Quarantined and deleted successfully.

Thanks.
mountainbikerboarder
Regular Member
 
Posts: 36
Joined: December 14th, 2005, 1:47 pm
Location: London

Re: Hijacklog - PC infected & non recoverable

Unread postby askey127 » February 10th, 2009, 5:16 pm

mountainbikerboarder,
I think you are getting there, if not all clean.

Would you please run the scan from RSIT on your desktop once more?
This time RSIT will not produce the file called info.txt, only the one called log.txt
I would like to see the log.txt file contents, and a fresh HiJackThis log.
..and tell me how it's running.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Hijacklog - PC infected & non recoverable

Unread postby mountainbikerboarder » February 11th, 2009, 3:29 am

Hi,
Here are logs. PC is OK to use but not connected back to Internet yet as not installed Anti-Virus yet:
Logfile of random's system information tool 1.05 (written by random/random)
Run by Compaq_Owner at 2009-02-11 07:23:40
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 121 GB (83%) free of 145 GB
Total RAM: 446 MB (40% free)

HijackThis download failed

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2008-07-28 882416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
SingleInstance Class - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll [2008-07-28 160496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2008-07-28 882416]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2007-01-19 2403392]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"=c:\windows\system\hpsysdrv.exe [1998-05-07 52736]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2005-06-08 344064]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2005-05-05 278528]
"Recguard"=C:\WINDOWS\SMINST\RECGUARD.EXE [2004-04-14 233472]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2005-01-02 98304]
"MediaFace Integration"=C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe [2004-07-01 53248]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"KBD"=C:\HP\KBD\KBD.EXE [2005-02-02 61440]
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2004-08-09 221184]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2004-08-09 81920]
"SpeedTouch USB Diagnostics"=C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe [2007-06-11 901120]
"HP Software Update"=C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
"YSearchProtection"=C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe [2008-07-11 223984]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2009-01-14 399504]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-11-12 68856]
"YSearchProtection"=C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe [2008-07-11 223984]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2005-06-08 46080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{81559C35-8464-49F7-BB0E-07A383BEF910}"=C:\Program Files\SpywareGuard\spywareguard.dll [2003-08-02 126976]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Guard]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%ProgramFiles%\iTunes\iTunes.exe"="%ProgramFiles%\iTunes\iTunes.exe:*:enabled:iTunes"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{77b223a0-c2aa-11dd-b1f6-0018f661998a}]
shell\AutoRun\command - J:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ff236088-02d7-11dc-babc-000e509eeb63}]
shell\AutoRun\command - J:\LaunchU3.exe


======List of files/folders created in the last 1 months======

2009-02-10 10:54:26 ----D---- C:\WINDOWS\LastGood
2009-02-10 10:50:26 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\Malwarebytes
2009-02-10 10:50:21 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-02-10 10:50:20 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-02-10 09:25:38 ----SHD---- C:\RECYCLER
2009-02-09 20:30:44 ----D---- C:\WINDOWS\temp
2009-02-09 20:30:38 ----A---- C:\ComboFix.txt
2009-02-09 18:53:55 ----A---- C:\WINDOWS\zip.exe
2009-02-09 18:53:55 ----A---- C:\WINDOWS\VFIND.exe
2009-02-09 18:53:55 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-02-09 18:53:55 ----A---- C:\WINDOWS\SWSC.exe
2009-02-09 18:53:55 ----A---- C:\WINDOWS\SWREG.exe
2009-02-09 18:53:55 ----A---- C:\WINDOWS\sed.exe
2009-02-09 18:53:55 ----A---- C:\WINDOWS\NIRCMD.exe
2009-02-09 18:53:55 ----A---- C:\WINDOWS\grep.exe
2009-02-09 18:53:55 ----A---- C:\WINDOWS\fdsv.exe
2009-02-09 18:53:45 ----D---- C:\WINDOWS\ERDNT
2009-02-09 18:53:45 ----D---- C:\Qoobox
2009-02-07 09:18:24 ----D---- C:\Program Files\trend micro
2009-02-07 09:18:23 ----D---- C:\rsit

======List of files/folders modified in the last 1 months======

2009-02-11 07:23:45 ----D---- C:\WINDOWS\Prefetch
2009-02-10 19:46:26 ----D---- C:\WINDOWS\system32
2009-02-10 10:54:35 ----D---- C:\WINDOWS\system32\dllcache
2009-02-10 10:54:31 ----HD---- C:\WINDOWS\inf
2009-02-10 10:54:31 ----D---- C:\WINDOWS\Help
2009-02-10 10:54:26 ----D---- C:\WINDOWS
2009-02-10 10:50:24 ----D---- C:\WINDOWS\system32\drivers
2009-02-10 10:50:20 ----AD---- C:\Program Files
2009-02-10 10:48:12 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\U3
2009-02-09 20:35:51 ----D---- C:\Program Files\HijackThis
2009-02-09 20:29:18 ----D---- C:\WINDOWS\system32\CatRoot2
2009-02-09 20:26:54 ----A---- C:\WINDOWS\system.ini
2009-02-09 20:22:47 ----D---- C:\WINDOWS\system32\config
2009-02-09 20:21:29 ----D---- C:\WINDOWS\AppPatch
2009-02-09 20:21:29 ----D---- C:\Program Files\Common Files
2009-02-09 20:19:15 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-02-09 20:13:34 ----SHD---- C:\System Volume Information
2009-02-09 20:11:58 ----D---- C:\Documents and Settings\All Users\Application Data\Norton
2009-02-09 20:11:39 ----D---- C:\Program Files\Common Files\Symantec Shared
2009-02-09 20:11:05 ----D---- C:\Program Files\SpywareBlaster
2009-02-09 19:13:09 ----D---- C:\Documents and Settings\All Users\Application Data\NortonInstaller
2009-02-09 09:24:06 ----A---- C:\WINDOWS\ntbtlog.txt
2009-02-07 08:54:58 ----D---- C:\Program Files\ewido anti-spyware 4.0

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 36352]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2005-06-30 1094848]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-04-20 2317696]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-06-08 1235968]
R3 GEARAspiWDM;GEAR CDRom Filter; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2005-03-07 14408]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2002-10-01 9856]
R3 Ps2;PS2; C:\WINDOWS\system32\DRIVERS\PS2.sys [2005-12-12 19072]
R3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys [2005-03-04 74496]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
S2 ADILOADER;General Purpose USB Driver (adildr.sys); C:\WINDOWS\System32\Drivers\adildr.sys [2003-07-17 46167]
S3 adiusbaw;USB ADSL WAN Adapter; C:\WINDOWS\system32\DRIVERS\adiusbaw.sys [2003-03-27 127145]
S3 alcan5wn;SpeedTouch USB ADSL PPP Networking Driver (NDISWAN); C:\WINDOWS\system32\DRIVERS\alcan5wn.sys [2003-12-08 53600]
S3 alcaudsl;SpeedTouch ADSL Modem ATM Transport; C:\WINDOWS\system32\DRIVERS\alcaudsl.sys [2003-12-08 70688]
S3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-04 12160]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys []
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-06-08 376832]
R3 iPodService;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2005-05-05 327680]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 267776]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-05-05 138168]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2001-02-23 270336]

-----------------EOF-----------------

Logfile of HijackThis v1.99.1
Scan saved at 07:24:38, on 11/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
c:\progra~1\common~1\instal~1\update~1\isuspm.exe
c:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MediaFace Integration] C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

Thanks.
mountainbikerboarder
Regular Member
 
Posts: 36
Joined: December 14th, 2005, 1:47 pm
Location: London
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 327 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware