infected with 2009 security how to remove ,need Mr Belahzur help
Page 1 of 2
Page 1 of 2 • 1, 2
- suzonkaSenior
-
OS : windows 10
Arch. : x64 (64-bit)
Posts : 211
Rubies : 5054
Likes : 2
Hi I have vista basic with a dell PC inspiron 531, Mr Belahzur helped with a Hijack program a year ago and told me what to fix and it worked, Now I have a new infection the 2009 security one that in the end wants you to buy their software to get rid of the infection that they give you , can Mr Belahzur help me again with the removal Thank you.
Last edited by Belahzur on 29th November 2008, 8:29 pm; edited 2 times in total (Reason for editing : added name)
- BelahzurSite Admin
-
OS : 7 Home Premium x64
Posts : 34948
Rubies : 218223
Likes : 18
Hello.
Please read this thread:
http://www.geekpolice.net/malware-removal-support-hijackthis-logs-f11/read-this-before-posting-t3821.htm
And post a Hijack This log here.

Please read this thread:
http://www.geekpolice.net/malware-removal-support-hijackthis-logs-f11/read-this-before-posting-t3821.htm
And post a Hijack This log here.
Site Admin / Security Administrator
[Prework] - Please PM me if I fail to respond within 24hrs.


- suzonkaSenior
-
OS : windows 10
Arch. : x64 (64-bit)
Posts : 211
Rubies : 5054
Likes : 2
@Belahzur wrote:Hello.![]()
Please read this thread:
http://www.geekpolice.net/malware-removal-support-hijackthis-logs-f11/read-this-before-posting-t3821.htm
And post a Hijack This log here.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:06:35 PM, on 11/27/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Optimum Online\Netsurf.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\cavrid.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Sony\SonicStage\SSAAD.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\Users\Ron\AppData\Local\Temp\xxx41.exe
C:\Program Files\Samsung\Digimax Viewer 2.1\STImgBrowser.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Users\Ron\AppData\Local\Temp\~tmpd.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Users\Ron\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TGYH7ELK\HiJackThis[1].exe
C:\Users\Ron\Desktop\HiJackThis.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser.exe
C:\Users\Ron\Desktop\Hijack(GP)This.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.509.5470\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O2 - BHO: CA Toolbar Helper - {FBF2401B-7447-4727-BE5D-C19B2075CA84} - C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\Toolbar\CallingIDIE.dll
O3 - Toolbar: CA Toolbar - {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\Toolbar\CallingIDIE.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Optimum Online] C:\Program Files\Optimum Online\Netsurf.exe -tray
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [cafw] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe -cl
O4 - HKLM\..\Run: [capfasem] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [MSFox] C:\Users\Ron\AppData\Local\Temp\xxx41.exe
O4 - Global Startup: Digimax Viewer 2.1.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O13 - Gopher Prefix:
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5368/mcfscan.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Windows\system32\AERTSrv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
O23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 11854 bytes
- BelahzurSite Admin
-
OS : 7 Home Premium x64
Posts : 34948
Rubies : 218223
Likes : 18
A year ago? Has it really been that long? Wow, time flies by.
====
This will remove anymore malware the the Temp folder.
Download ATF Cleaner
===
And last, lets have a look around.
1. Download this file - combofix.exe
2. Double click combofix.exe & select NO when asked about the recovery console.
3. When finished, it shall produce a log for you. Post that log in your next reply.
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

- Open HijackThis
- Choose "Do a system scan only"
- Check the boxes in front of these lines:
O4 - HKCU\..\Run: [MSFox] C:\Users\Ron\AppData\Local\Temp\xxx41.exe - Press "Fix Checked"
- Close Hijack This.
====
This will remove anymore malware the the Temp folder.
Download ATF Cleaner
- Double-click ATF-Cleaner.exe to run the program.
- Click Select All found at the bottom of the list.
- Click the Empty Selected button.
- Close ATF-Cleaner.exe.
===
And last, lets have a look around.
1. Download this file - combofix.exe
2. Double click combofix.exe & select NO when asked about the recovery console.
3. When finished, it shall produce a log for you. Post that log in your next reply.
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
Site Admin / Security Administrator
[Prework] - Please PM me if I fail to respond within 24hrs.


- suzonkaSenior
-
OS : windows 10
Arch. : x64 (64-bit)
Posts : 211
Rubies : 5054
Likes : 2
Hi everything worked the 2009 infection is gone, and the AFT cleaner worked, The
combofix.exe After downloading it a dialog box stated you an rename combofix.exe[2] ,I tried to find the
combofix.exe download in the search area and I keep getting the same dialog box about renaming it however I cant change it however the computer is working good, thanks again
combofix.exe After downloading it a dialog box stated you an rename combofix.exe[2] ,I tried to find the
combofix.exe download in the search area and I keep getting the same dialog box about renaming it however I cant change it however the computer is working good, thanks again
@Belahzur wrote:A year ago? Has it really been that long? Wow, time flies by.![]()
- Open HijackThis
- Choose "Do a system scan only"
- Check the boxes in front of these lines:
O4 - HKCU\..\Run: [MSFox] C:\Users\Ron\AppData\Local\Temp\xxx41.exe- Press "Fix Checked"
- Close Hijack This.
====
This will remove anymore malware the the Temp folder.
Download ATF Cleaner
- Double-click ATF-Cleaner.exe to run the program.
- Click Select All found at the bottom of the list.
- Click the Empty Selected button.
- Close ATF-Cleaner.exe.
===
And last, lets have a look around.
1. Download this file - combofix.exe
2. Double click combofix.exe & select NO when asked about the recovery console.
3. When finished, it shall produce a log for you. Post that log in your next reply.
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
- BelahzurSite Admin
-
OS : 7 Home Premium x64
Posts : 34948
Rubies : 218223
Likes : 18
Hello.
I have uploaded a renamed copy for you, this will work, or it should anyway.
http://www.sendspace.com/file/3jk91g
Download and follow my instructions.
I have uploaded a renamed copy for you, this will work, or it should anyway.
http://www.sendspace.com/file/3jk91g
Download and follow my instructions.
Site Admin / Security Administrator
[Prework] - Please PM me if I fail to respond within 24hrs.


- suzonkaSenior
-
OS : windows 10
Arch. : x64 (64-bit)
Posts : 211
Rubies : 5054
Likes : 2
@Belahzur wrote:Hello.
I have uploaded a renamed copy for you, this will work, or it should anyway.
http://www.sendspace.com/file/3jk91g
Download and follow my instructions.
I tried the above download and a dialog box pops up and says you can not rename combo fix[1] you must use a alphanumeric name ,so I click on the OK box and nothing happends, should I be clicking on run after I download it ?- or save it desk top first then open and run it? Thanks, Also what will this help my system with ,thanks for you help again . right now my system is operating the best ever .
Last edited by suzonka on 28th November 2008, 6:47 am; edited 1 time in total (Reason for editing : added words)
- BelahzurSite Admin
-
OS : 7 Home Premium x64
Posts : 34948
Rubies : 218223
Likes : 18
Download OTViewIt to your desktop.
- Close all windows and open it
- Click Run Scan and let the program run uninterrupted
- It will produce two logs for you, one will pop up called OTViewIt.txt, the other will be saved on your desktop and called Extras. Post both those logs here.
- You may need to use two posts to get it all on the forum
Site Admin / Security Administrator
[Prework] - Please PM me if I fail to respond within 24hrs.


- suzonkaSenior
-
OS : windows 10
Arch. : x64 (64-bit)
Posts : 211
Rubies : 5054
Likes : 2
@Belahzur wrote:Download OTViewIt to your desktop.
- Close all windows and open it
- Click Run Scan and let the program run uninterrupted
- It will produce two logs for you, one will pop up called OTViewIt.txt, the other will be saved on your desktop and called Extras. Post both those logs here.
- You may need to use two posts to get it all on the forum
Here is part one of the copy
OTViewIt logfile created on: 11/28/2008 3:22:38 PM - Run
OTViewIt by OldTimer - Version 1.0.20.0 Folder = C:\Users\Ron\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UA3GFX2U
Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
957.76 Mb Total Physical Memory | 431.11 Mb Available Physical Memory | 45.01% Memory free
2.13 Gb Paging File | 1.14 Gb Available in Paging File | 53.83% Paging File free
Paging file location(s): ?:\pagefile.sys;
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.78 Gb Total Space | 198.09 Gb Free Space | 88.92% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 3.92 Gb Free Space | 39.22% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: RON-PC
Current User Name: Ron
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On
File Age = 30 Days
========== Processes ==========
[2008/01/19 02:33:37 | 00,096,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wininit.exe
[2008/01/19 02:33:14 | 00,229,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lsm.exe
[2008/05/02 23:16:00 | 00,118,784 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvvsvc.exe
[2008/01/19 02:33:22 | 02,623,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLsvc.exe
[2006/11/02 04:45:37 | 00,044,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rundll32.exe
[2007/10/18 10:24:46 | 00,801,296 | ---- | M] (CA) -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
[2008/03/19 10:56:58 | 00,145,936 | ---- | M] (CA) -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
[2008/04/15 11:50:44 | 00,281,104 | ---- | M] (CA) -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
[2007/10/18 10:24:46 | 01,010,192 | ---- | M] (CA) -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
[2007/12/05 05:17:24 | 00,077,824 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTSrv.exe
[2008/11/07 14:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
[2007/09/12 19:27:24 | 00,554,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
[2008/08/29 09:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
[2008/06/02 12:06:04 | 00,144,696 | ---- | M] (Computer Associates International, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\isafe.exe
[2007/09/26 12:55:04 | 00,283,912 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
[2007/03/12 18:30:14 | 00,517,768 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
[2007/11/15 09:23:56 | 00,202,544 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
[2008/09/09 04:45:45 | 00,255,216 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\vetmsg.exe
[2008/05/27 00:18:43 | 00,439,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchIndexer.exe
[2006/08/04 19:39:20 | 00,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\XAudio.exe
[2008/01/19 02:33:08 | 00,081,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwm.exe
[2008/01/19 02:33:32 | 00,169,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskeng.exe
[2008/09/09 04:45:49 | 00,189,680 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
[2008/01/19 02:38:38 | 01,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
[2008/01/19 02:33:32 | 00,169,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskeng.exe
[2008/08/08 19:37:26 | 00,029,744 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
[2008/08/08 19:37:26 | 00,029,744 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
[2008/01/19 02:33:39 | 00,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe
[2008/09/09 04:45:43 | 00,238,832 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\cappactiveprotection.exe
[2008/09/09 04:45:43 | 00,185,584 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
[2004/08/20 13:58:24 | 00,634,880 | ---- | M] (STOIK Imaging (www.stoik.com)) -- C:\Program Files\Samsung\Digimax Viewer 2.1\STImgBrowser.exe
[2006/11/03 18:02:14 | 00,050,688 | ---- | M] (Avanquest Software ) -- C:\Program Files\Digital Line Detect\DLG.exe
[2008/01/19 02:33:32 | 00,169,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskeng.exe
[2008/10/12 23:58:47 | 00,214,256 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
[2008/10/01 17:57:00 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
[2008/01/19 02:33:32 | 00,169,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskeng.exe
[2008/01/19 02:33:32 | 00,169,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskeng.exe
[2008/08/30 16:31:33 | 00,396,288 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
[2008/11/27 15:28:28 | 00,401,720 | ---- | M] (Trend Micro Inc.) -- C:\Users\Ron\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TGYH7ELK\HiJackThis[1].exe
[2008/11/27 15:30:16 | 00,401,720 | ---- | M] (Trend Micro Inc.) -- C:\Users\Ron\Desktop\HiJackThis.exe
[2008/01/19 02:33:32 | 00,169,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskeng.exe
[2008/08/29 16:04:08 | 00,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[2008/01/19 02:33:39 | 00,202,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe
[2008/01/19 02:33:15 | 00,095,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mobsync.exe
[2007/09/12 19:27:24 | 00,623,984 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE
[2008/01/19 02:33:12 | 00,299,520 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\ieuser.exe
[2008/11/28 15:22:26 | 00,422,400 | ---- | M] (OldTimer Tools) -- C:\Users\Ron\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UA3GFX2U\OTViewIt[1].exe
- suzonkaSenior
-
OS : windows 10
Arch. : x64 (64-bit)
Posts : 211
Rubies : 5054
Likes : 2
[quote="suzonka"]
Here is part two of the copy
OTViewIt Extras logfile created on: 11/28/2008 3:22:38 PM - Run
OTViewIt by OldTimer - Version 1.0.20.0 Folder = C:\Users\Ron\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UA3GFX2U
Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
957.76 Mb Total Physical Memory | 431.11 Mb Available Physical Memory | 45.01% Memory free
2.13 Gb Paging File | 1.14 Gb Available in Paging File | 53.83% Paging File free
Paging file location(s): ?:\pagefile.sys;
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.78 Gb Total Space | 198.09 Gb Free Space | 88.92% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 3.92 Gb Free Space | 39.22% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: RON-PC
Current User Name: Ron
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On
File Age = 30 Days
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval"=1
"UacDisableNotify"=1
"InternetSettingsDisableNotify"=1
"AutoUpdateDisableNotify"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\CA Personal Firewall]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiSpyware]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride"=0
"AntiSpywareOverride"=0
"FirewallOverride"=0
"VistaSp1"=
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"DisableNotifications"=0
"EnableFirewall"=0
"DoNotAllowExceptions"=0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging]
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== (O10) Winsock2 Catalogs ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]
NameSpace_Catalog5\Catalog_Entries\000000000001 [@%SystemRoot%\system32\nlasvc.dll,-1000] -- C:\Windows\System32\nlaapi.dll (Microsoft Corporation)
NameSpace_Catalog5\Catalog_Entries\000000000002 [@%SystemRoot%\system32\napinsp.dll,-1000] -- C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
NameSpace_Catalog5\Catalog_Entries\000000000003 [@%SystemRoot%\system32\pnrpnsp.dll,-1000] -- C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
NameSpace_Catalog5\Catalog_Entries\000000000004 [@%SystemRoot%\system32\pnrpnsp.dll,-1001] -- C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
NameSpace_Catalog5\Catalog_Entries\000000000007 [Bluetooth Namespace] -- C:\Windows\System32\wshbth.dll (Microsoft Corporation)
NameSpace_Catalog5\Catalog_Entries\000000000008 [mdnsNSP] -- C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
Protocol_Catalog9\Catalog_Entries\000000000001 -- C:\Windows\System32\vetredir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000002 -- C:\Windows\System32\vetredir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000003 -- C:\Windows\System32\vetredir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000004 -- C:\Windows\System32\vetredir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000005 -- C:\Windows\System32\vetredir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000006 -- C:\Windows\System32\vetredir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000007 -- C:\Windows\System32\vetredir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000008 -- C:\Windows\System32\vetredir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000009 -- C:\Windows\System32\vetredir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000010 -- C:\Windows\System32\vetredir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000011 -- C:\Windows\System32\vetredir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000012 -- C:\Windows\System32\vetredir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000013 -- C:\Windows\System32\vetredir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000014 -- C:\Windows\System32\vetredir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000015 -- C:\Windows\System32\vetredir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000016 -- C:\Windows\System32\vetredir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000017 -- C:\Windows\System32\vetredir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000018 -- C:\Windows\System32\vetredir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000019 -- C:\Windows\System32\vetredir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000020 -- C:\Windows\System32\vetredir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000021 -- C:\Windows\System32\vetredir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000022 -- C:\Windows\System32\vetredir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000023 -- C:\Windows\System32\vetredir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000024 -- C:\Windows\System32\vetredir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000025 -- C:\Windows\System32\vetredir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000026 -- C:\Windows\System32\vetredir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000027 -- C:\Windows\System32\vetredir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000028 -- C:\Windows\System32\vetredir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000029 -- C:\Windows\System32\vetredir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000030 -- C:\Windows\System32\vetredir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000031 -- C:\Windows\System32\vetredir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000032 -- C:\Windows\System32\vetredir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000033 -- C:\Windows\System32\vetredir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000034 -- C:\Windows\System32\vetredir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000035 -- C:\Windows\System32\vetredir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000036 -- C:\Windows\System32\vetredir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000037 -- C:\Windows\System32\vetredir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000038 -- C:\Windows\System32\vetredir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000039 -- C:\Windows\System32\vetredir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000040 -- C:\Windows\System32\vetredir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000041 -- C:\Windows\System32\vetredir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000042 -- C:\Windows\System32\vetredir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000043 -- C:\Windows\System32\vetredir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000044 -- C:\Windows\System32\vetredir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000045 -- C:\Windows\System32\vetredir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000046 -- C:\Windows\System32\vetredir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000047 -- C:\Windows\System32\vetredir.dll (Computer Associates International, Inc.)
========== HKEY_LOCAL_MACHINE Protocol Defaults ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults - Default Protocols
ldap -- 4 = Restricted sites (Not a Default Protocol)
news -- 4 = Restricted sites (Not a Default Protocol)
nntp -- 4 = Restricted sites (Not a Default Protocol)
oecmd -- 4 = Restricted sites (Not a Default Protocol)
snews -- 4 = Restricted sites (Not a Default Protocol)
========== (O18) Protocol Handlers ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/06/05 04:18:46 | 00,221,184 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll (ms-itss:{0A9007C0-4076-11D3-8789-0000F8105754} (HKLM) [Microsoft Infotech Storage Protocol for IE 4.0])
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}"=Roxio Creator Tools
"{0AFD47CE-CA9C-4372-AA20-CB05D33638FA}"=CA Desktop DNA Migrator
"{0D397393-9B50-4c52-84D5-77E344289F87}"=Roxio Creator Data
"{0F756CD9-4A1E-409B-B101-601DDC4C03AA}"=QualxServ Service Agreement
"{13BA7B44-B712-4DEE-A7B8-1DD564F37AE5}"=Dell System Customization Wizard
"{18455581-E099-4BA8-BC6B-F34B2F06600C}"=Google Toolbar for Internet Explorer
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}"=Google Toolbar for Internet Explorer
"{2357B8BC-88C9-4A72-818C-050CC4EB0778}"=AOL Install
"{2604C0F9-BFD3-4BA0-9EB5-22537C648F03}"=MobileMe Control Panel
"{281ECE39-F043-492B-8337-F2E546B5604A}"=PowerDVD
"{2C6C74C2-042F-4D36-B7B0-0C538FCF01AB}"=Dell DataSafe Online
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}"=Roxio Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160000}"=Java(TM) SE Runtime Environment 6
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}"=Sonic Activation Module
"{3E25E350-949F-4DB7-8288-2A60E018B4C1}"=Games, Music, & Photos Launcher
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}"=NetWaiting
"{546C7D0B-1E12-4573-BCD0-F5B0D3C66A74}"=ArcSoft PhotoImpression 4
"{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}"=User's Guides
"{5E68BB65-4059-4FE5-AAC4-0CD1D79BBDE2}"=EarthLink Setup Files
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}"=Roxio Creator Copy
"{62230596-37E5-4618-A329-0D21F529A86F}"=Browser Address Error Redirector
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}"=Roxio Express Labeler
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}"=Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}"=Windows Media Player Firefox Plugin
"{6D52C408-B09A-4520-9B18-475B81D393F1}"=Microsoft Works
"{77DCDCE3-2DED-62F3-8154-05E745472D07}"=Acrobat.com
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}"=DellSupport
"{83FFCFC7-88C6-41c6-8752-958A45325C82}"=Roxio Creator Audio
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}"=Roxio Creator BDAV Plugin
"{89CEAE14-DD0F-448E-9554-15781EC9DB24}"=Product Documentation Launcher
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}"=Bonjour
"{9EE54C1F-FC99-44D6-916A-0CA2D45E740F}"=Digimax Viewer 2.1
"{A0EB195B-5876-48E6-879D-33D4B2102610}"=SonicStage 4.3
"{AC76BA86-7AD7-1033-7B44-A81300000003}"=Adobe Reader 8.1.3
"{AC76BA86-7AD7-5464-3428-800000000003}"=Spelling Dictionaries Support For Adobe Reader 8
"{AEAD18F3-6481-4ef4-96B5-A24D5ADAC30D}"=CA Anti-Spyware
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}"=Roxio Creator DE
"{CCD663AE-610D-4BDF-AAB0-E914B044527D}"=OpenMG Secure Module 4.7.00
"{CCFF1E13-77A2-4032-8B12-7566982A27DF}"=Internet Service Offers Launcher
"{CDB98E2F-7B2A-42C2-B718-F1F6B31586DF}"=CA Website Inspector
"{D639085F-4B6E-4105-9F37-A0DBB023E2FB}"=Roxio MyDVD DE
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}"=LiveUpdate Notice (Symantec Corporation)
"{DDDE0BE3-0CBE-4BF6-B75A-E3F69C947843}"=iTunes
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}"=Dell Support Center
"{E646DCF0-5A68-11D5-B229-002078017FBF}"=Digital Line Detect
"{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}"=Samsung PC Studio 3 USB Driver Installer
"{EC4455AB-F155-4CC1-A4C5-88F3777F9886}"=Apple Mobile Device Support
"{EFAD4066-CAF3-4B27-9669-12EED352C376}"=NVIDIANetworkDiagnostic
"{F05A5232-CE5E-4274-AB27-44EB8105898D}"=CA Pest Patrol Realtime Protection
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}"=Realtek High Definition Audio Driver
"{F63A3748-B93D-4360-9AD4-B064481A5C7B}"=Modem Diagnostic Tool
"{F958CA02-BB40-4007-894B-258729456EE4}"=QuickTime
"{FD67A9A9-B292-43B2-A4F9-59AD62626CAD}"=Digimax Reader
"Adobe Flash Player ActiveX"=Adobe Flash Player ActiveX
"Adobe Flash Player Plugin"=Adobe Flash Player Plugin
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1"=Conexant D850 PCI V.92
@Belahzur wrote:Download OTViewIt to your desktop.
- Close all windows and open it
- Click Run Scan and let the program run uninterrupted
- It will produce two logs for you, one will pop up called OTViewIt.txt, the other will be saved on your desktop and called Extras. Post both those logs here.
- You may need to use two posts to get it all on the forum
Here is part two of the copy
OTViewIt Extras logfile created on: 11/28/2008 3:22:38 PM - Run
OTViewIt by OldTimer - Version 1.0.20.0 Folder = C:\Users\Ron\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UA3GFX2U
Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
957.76 Mb Total Physical Memory | 431.11 Mb Available Physical Memory | 45.01% Memory free
2.13 Gb Paging File | 1.14 Gb Available in Paging File | 53.83% Paging File free
Paging file location(s): ?:\pagefile.sys;
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.78 Gb Total Space | 198.09 Gb Free Space | 88.92% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 3.92 Gb Free Space | 39.22% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: RON-PC
Current User Name: Ron
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On
File Age = 30 Days
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval"=1
"UacDisableNotify"=1
"InternetSettingsDisableNotify"=1
"AutoUpdateDisableNotify"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\CA Personal Firewall]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiSpyware]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride"=0
"AntiSpywareOverride"=0
"FirewallOverride"=0
"VistaSp1"=
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"DisableNotifications"=0
"EnableFirewall"=0
"DoNotAllowExceptions"=0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging]
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== (O10) Winsock2 Catalogs ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]
NameSpace_Catalog5\Catalog_Entries\000000000001 [@%SystemRoot%\system32\nlasvc.dll,-1000] -- C:\Windows\System32\nlaapi.dll (Microsoft Corporation)
NameSpace_Catalog5\Catalog_Entries\000000000002 [@%SystemRoot%\system32\napinsp.dll,-1000] -- C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
NameSpace_Catalog5\Catalog_Entries\000000000003 [@%SystemRoot%\system32\pnrpnsp.dll,-1000] -- C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
NameSpace_Catalog5\Catalog_Entries\000000000004 [@%SystemRoot%\system32\pnrpnsp.dll,-1001] -- C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
NameSpace_Catalog5\Catalog_Entries\000000000007 [Bluetooth Namespace] -- C:\Windows\System32\wshbth.dll (Microsoft Corporation)
NameSpace_Catalog5\Catalog_Entries\000000000008 [mdnsNSP] -- C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
Protocol_Catalog9\Catalog_Entries\000000000001 -- C:\Windows\System32\vetredir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000002 -- C:\Windows\System32\vetredir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000003 -- C:\Windows\System32\vetredir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000004 -- C:\Windows\System32\vetredir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000005 -- C:\Windows\System32\vetredir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000006 -- C:\Windows\System32\vetredir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000007 -- C:\Windows\System32\vetredir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000008 -- C:\Windows\System32\vetredir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000009 -- C:\Windows\System32\vetredir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000010 -- C:\Windows\System32\vetredir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000011 -- C:\Windows\System32\vetredir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000012 -- C:\Windows\System32\vetredir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000013 -- C:\Windows\System32\vetredir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000014 -- C:\Windows\System32\vetredir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000015 -- C:\Windows\System32\vetredir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000016 -- C:\Windows\System32\vetredir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000017 -- C:\Windows\System32\vetredir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000018 -- C:\Windows\System32\vetredir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000019 -- C:\Windows\System32\vetredir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000020 -- C:\Windows\System32\vetredir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000021 -- C:\Windows\System32\vetredir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000022 -- C:\Windows\System32\vetredir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000023 -- C:\Windows\System32\vetredir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000024 -- C:\Windows\System32\vetredir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000025 -- C:\Windows\System32\vetredir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000026 -- C:\Windows\System32\vetredir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000027 -- C:\Windows\System32\vetredir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000028 -- C:\Windows\System32\vetredir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000029 -- C:\Windows\System32\vetredir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000030 -- C:\Windows\System32\vetredir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000031 -- C:\Windows\System32\vetredir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000032 -- C:\Windows\System32\vetredir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000033 -- C:\Windows\System32\vetredir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000034 -- C:\Windows\System32\vetredir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000035 -- C:\Windows\System32\vetredir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000036 -- C:\Windows\System32\vetredir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000037 -- C:\Windows\System32\vetredir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000038 -- C:\Windows\System32\vetredir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000039 -- C:\Windows\System32\vetredir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000040 -- C:\Windows\System32\vetredir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000041 -- C:\Windows\System32\vetredir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000042 -- C:\Windows\System32\vetredir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000043 -- C:\Windows\System32\vetredir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000044 -- C:\Windows\System32\vetredir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000045 -- C:\Windows\System32\vetredir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000046 -- C:\Windows\System32\vetredir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000047 -- C:\Windows\System32\vetredir.dll (Computer Associates International, Inc.)
========== HKEY_LOCAL_MACHINE Protocol Defaults ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults - Default Protocols
ldap -- 4 = Restricted sites (Not a Default Protocol)
news -- 4 = Restricted sites (Not a Default Protocol)
nntp -- 4 = Restricted sites (Not a Default Protocol)
oecmd -- 4 = Restricted sites (Not a Default Protocol)
snews -- 4 = Restricted sites (Not a Default Protocol)
========== (O18) Protocol Handlers ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/06/05 04:18:46 | 00,221,184 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll (ms-itss:{0A9007C0-4076-11D3-8789-0000F8105754} (HKLM) [Microsoft Infotech Storage Protocol for IE 4.0])
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}"=Roxio Creator Tools
"{0AFD47CE-CA9C-4372-AA20-CB05D33638FA}"=CA Desktop DNA Migrator
"{0D397393-9B50-4c52-84D5-77E344289F87}"=Roxio Creator Data
"{0F756CD9-4A1E-409B-B101-601DDC4C03AA}"=QualxServ Service Agreement
"{13BA7B44-B712-4DEE-A7B8-1DD564F37AE5}"=Dell System Customization Wizard
"{18455581-E099-4BA8-BC6B-F34B2F06600C}"=Google Toolbar for Internet Explorer
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}"=Google Toolbar for Internet Explorer
"{2357B8BC-88C9-4A72-818C-050CC4EB0778}"=AOL Install
"{2604C0F9-BFD3-4BA0-9EB5-22537C648F03}"=MobileMe Control Panel
"{281ECE39-F043-492B-8337-F2E546B5604A}"=PowerDVD
"{2C6C74C2-042F-4D36-B7B0-0C538FCF01AB}"=Dell DataSafe Online
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}"=Roxio Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160000}"=Java(TM) SE Runtime Environment 6
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}"=Sonic Activation Module
"{3E25E350-949F-4DB7-8288-2A60E018B4C1}"=Games, Music, & Photos Launcher
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}"=NetWaiting
"{546C7D0B-1E12-4573-BCD0-F5B0D3C66A74}"=ArcSoft PhotoImpression 4
"{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}"=User's Guides
"{5E68BB65-4059-4FE5-AAC4-0CD1D79BBDE2}"=EarthLink Setup Files
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}"=Roxio Creator Copy
"{62230596-37E5-4618-A329-0D21F529A86F}"=Browser Address Error Redirector
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}"=Roxio Express Labeler
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}"=Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}"=Windows Media Player Firefox Plugin
"{6D52C408-B09A-4520-9B18-475B81D393F1}"=Microsoft Works
"{77DCDCE3-2DED-62F3-8154-05E745472D07}"=Acrobat.com
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}"=DellSupport
"{83FFCFC7-88C6-41c6-8752-958A45325C82}"=Roxio Creator Audio
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}"=Roxio Creator BDAV Plugin
"{89CEAE14-DD0F-448E-9554-15781EC9DB24}"=Product Documentation Launcher
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}"=Bonjour
"{9EE54C1F-FC99-44D6-916A-0CA2D45E740F}"=Digimax Viewer 2.1
"{A0EB195B-5876-48E6-879D-33D4B2102610}"=SonicStage 4.3
"{AC76BA86-7AD7-1033-7B44-A81300000003}"=Adobe Reader 8.1.3
"{AC76BA86-7AD7-5464-3428-800000000003}"=Spelling Dictionaries Support For Adobe Reader 8
"{AEAD18F3-6481-4ef4-96B5-A24D5ADAC30D}"=CA Anti-Spyware
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}"=Roxio Creator DE
"{CCD663AE-610D-4BDF-AAB0-E914B044527D}"=OpenMG Secure Module 4.7.00
"{CCFF1E13-77A2-4032-8B12-7566982A27DF}"=Internet Service Offers Launcher
"{CDB98E2F-7B2A-42C2-B718-F1F6B31586DF}"=CA Website Inspector
"{D639085F-4B6E-4105-9F37-A0DBB023E2FB}"=Roxio MyDVD DE
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}"=LiveUpdate Notice (Symantec Corporation)
"{DDDE0BE3-0CBE-4BF6-B75A-E3F69C947843}"=iTunes
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}"=Dell Support Center
"{E646DCF0-5A68-11D5-B229-002078017FBF}"=Digital Line Detect
"{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}"=Samsung PC Studio 3 USB Driver Installer
"{EC4455AB-F155-4CC1-A4C5-88F3777F9886}"=Apple Mobile Device Support
"{EFAD4066-CAF3-4B27-9669-12EED352C376}"=NVIDIANetworkDiagnostic
"{F05A5232-CE5E-4274-AB27-44EB8105898D}"=CA Pest Patrol Realtime Protection
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}"=Realtek High Definition Audio Driver
"{F63A3748-B93D-4360-9AD4-B064481A5C7B}"=Modem Diagnostic Tool
"{F958CA02-BB40-4007-894B-258729456EE4}"=QuickTime
"{FD67A9A9-B292-43B2-A4F9-59AD62626CAD}"=Digimax Reader
"Adobe Flash Player ActiveX"=Adobe Flash Player ActiveX
"Adobe Flash Player Plugin"=Adobe Flash Player Plugin
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1"=Conexant D850 PCI V.92
Page 1 of 2 • 1, 2
Similar topics
Create an account or log in to leave a reply
You need to be a member in order to leave a reply.
Page 1 of 2
Permissions in this forum:
You cannot reply to topics in this forum