Glitch City Laboratories Archives

Glitch City Laboratories closed on 1 September 2020 (announcement). This is an archived copy of a thread from Glitch City Laboratories Forums.

You can join Glitch City Research Institute to ask questions or discuss current developments.

You may also download the archive of this forum in .tar.gz, .sql.gz, or .sqlite.gz formats.

Tech Help

Vista Troubles - Page 1

Vista Troubles

Posted by: Wild MissingNo. appeared
Date: 2010-02-16 15:12:11
Gah, Vista gets worse, I can't use Linix as it doesn't seem to agree with my Vista anymore, but now yesterday my Vista got infected with a virus (found it today), and I did a System Restore back to the day before the virs happened, but now I can't use the option for my System Restore to go back five days before, and now I'm losing hard drive space, unable to undo other restores, because an "unknown error with the restore" happens, and I'm out of options. If I do a system recovery, and Fujitsu system (my original laptop's orginal system), says personal data may be lost (as in all my music, and such and I don't have a portable hard drive, and I don't have any CDs), so what can I do? I need to undo all this problem with the virus and the system restore (it happened when I accidently downloaded something, I thought it was a torrent (it seemed like one), and now it comes up as BC1.exe, but I keep getting a a fake .TMP file that keep's saying it's being used by something esle, so I've run out of options, what can I do? I don't have another system, (still paying off my laptop and now the £400 vet bill). Also IE8 has been running on its down and being shut down by the Problems and Solutions Center (twice) because it suffered an APPCRASH, and I don't even use IE8, (no doubt the same virus from my XP but no doubt under another name). I'm going to have to reinstall Avast, it's not working and my Windows Defender has been turned off and I can't bring it back online, saying it's  been turned off by a policy group.

Re: Vista Troubles

Posted by: fivex
Date: 2010-02-16 15:43:10
First thing's first
http://free.antivirus.com/hijackthis/
Run the executable version of 2.0.2
Click do a system scan and save a log file. Wait for it to finish.
It will generate a hijackthis.log file. Close hijackthis and open up the log with notepad. Paste the contents here

Re: Vista Troubles

Posted by: Wild MissingNo. appeared
Date: 2010-02-16 15:48:03
At the moment, I'm saving what I can and may have to do the system recovery. Everytime I own a Windows-based System I always get something wrong with it. My original stuff is still on my parent's computer, but a lot has changed since so I've sent most of my stuff (what I could save) to my Hotmail address, and hope this works. I've had to uninstalled avast (it's gotten turned off and refuses to turn back on, and won't even run in Safe Mode).

Edit: That was a bit quick. It says (I maybe offline for a bit, I've installed Free Edtion of Avira (it's great, I've used it before on my XP a month before it died, so it's found a false .EXE called msa.exe but it's being "used" so I'll head into Safe Mode and allow Avira to scan):

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:46:25, on 16/02/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18882)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Fujitsu OSD Utility\OSDUtility.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Google\Google EULA\GoogleEULALauncher.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\Mutou Yami\AppData\Local\Google\Update\1.2.183.13\GoogleCrashHandler.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\taskeng.exe
C:\Windows\msa.exe
C:\Windows\system32\ctfmon.exe
C:\Users\Mutou Yami\Desktop\setup_ais_eng.exe
C:\Program Files\Alwil Software\Avast5\Setup\Sfx\avast.setup
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Users\Mutou Yami\AppData\Local\Temp\Bc1.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://forums.glitchcity.info/index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (file missing)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: FrostWire Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (file missing)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [Fujitsu OSD Utility] c:\PROGRA~1\FUJITS~1\OSDUTI~1.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [FSCRecovery] c:\Program Files\Fujitsu\System Recovery\FSCRecoveryReminder.exe
O4 - HKLM\..\Run: [Google EULA Launcher] c:\Program Files\Google\Google EULA\GoogleEULALauncher.exe IE PA
O4 - HKLM\..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [fts-reg] C:\fts-reg\ftsreg.exe 20100208
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\Mutou Yami\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [TOY5KNQ8OC] C:\Users\Mutou Yami\AppData\Local\Temp\Bc1.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki… - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{0D618457-EDC9-4FE7-A52C-79767B07B4DA}: NameServer = 93.188.162.10,93.188.166.94
O17 - HKLM\System\CCS\Services\Tcpip\..\{63AE4334-CFC3-47DA-BF27-87D50DB1BDE4}: NameServer = 93.188.162.10,93.188.166.94
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 93.188.162.10,93.188.166.94
O17 - HKLM\System\CS1\Services\Tcpip\..\{0D618457-EDC9-4FE7-A52C-79767B07B4DA}: NameServer = 93.188.162.10,93.188.166.94
O17 - HKLM\System\CS4\Services\Tcpip\Parameters: NameServer = 93.188.162.10,93.188.166.94
O17 - HKLM\System\CS4\Services\Tcpip\..\{0D618457-EDC9-4FE7-A52C-79767B07B4DA}: NameServer = 93.188.162.10,93.188.166.94
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.162.10,93.188.166.94
O20 - AppInit_DLLs: AVGRSSTX.DLL C:\PROGRA~1\GOOGLE\GOOGLE~2\GOEC62~1.DLL
O23 - Service: Google Desktop Manager 5.9.911.3589 (GoogleDesktopManager-110309-193829) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Norton Internet Security - Unknown owner - C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe (file missing)
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: Fujitsu Diagnostic Testhandler (TestHandler) - Fujitsu Technology Solutions - C:\Program Files\Fujitsu\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe


End of file - 8704 bytes

Re: Vista Troubles

Posted by: fivex
Date: 2010-02-16 16:09:30
The only virus that I  can find from that list is a downloader. So it's best to remove it ASAP.
Anyways, C:/Windows/msa.exe is the main source of problems. Go into task manager and kill msa.exe
Now then open up regedit and navigate to
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Do you see anything labled NordBull in there?

Re: Vista Troubles

Posted by: Wild MissingNo. appeared
Date: 2010-02-16 16:14:14
I just found msa (from Avria's noice), and the fucker won't die so I'll try and rid of it and jump to Safe Mode to make sure nothing else is lurking.

Re: Vista Troubles

Posted by: fivex
Date: 2010-02-16 16:18:16

I just found msa (from Avria's noice), and the fucker won't die so I'll try and rid of it and jump to Safe Mode to make sure nothing else is lurking.
No, restarting will make it stat up again.
Wait, you can't kill it fom task manager or avira?  Odd. Well, open up regedit and navigate to the location I said.

Re: Vista Troubles

Posted by: Wild MissingNo. appeared
Date: 2010-02-16 16:22:20
I tried to remove it from Windows the first time and it didn't work, but it's gone now, but I can't remove ~DF7005.tmp as Windows claims it's being used by another programe. The date made was yesterday the 15th, same day as the virus. My hard drive space is still down, it's down to 28.7 GB, I had 35.6 yesterday but it's dropped down because of the failed System Restores I can't remove and no thanks to the virus.

Re: Vista Troubles

Posted by: fivex
Date: 2010-02-16 16:36:50

I tried to remove it from Windows the first time and it didn't work, but it's gone now, but I can't remove ~DF7005.tmp as Windows claims it's being used by another programe. The date made was yesterday the 15th, same day as the virus. My hard drive space is still down, it's down to 28.7 GB, I had 35.6 yesterday but it's dropped down because of the failed System Restores I can't remove and no thanks to the virus.
Turn off system restore and turn it back on. That should remove the boken system restore points.
Anyways, make a new hijack this log in safe mode.

Re: Vista Troubles

Posted by: Wild MissingNo. appeared
Date: 2010-02-16 16:42:27
Right, okay I'll do so when Avria has finished the scan. Got a scan going at the moment, so waiting for that to complete.

Re: Vista Troubles

Posted by: Chaos
Date: 2010-02-16 19:42:43
Vista is one of the [size=3]WORST[/size] Operating Systems you can use.
XP is a lot better, and there are ones that are better than that, but I stick with XP.

Re: Vista Troubles

Posted by: Wild MissingNo. appeared
Date: 2010-02-16 20:11:14
I hate any Winows system. The only one I thought that was more stable, relyable, and useful was Windows 98. Nine years I'd used Windows 98, and it ran a game called Rome Total War just fine, other than the battles (where you're in battle against your enemies on a map, that would just make the computer crash as the graphics card/video card wasn't strong enough for that), but the game ran smoothly it was a great game. I have the Hijack This Safe Mode log, just need to find it. Shit, it's gone gah! I'll have to get it again later, I'm sick of Fireox "hanging". My hardrive space has jumped back up,  (I've uninstalled Guild Wars, the game has grown boring), but the Restores ate still sitting there, so either something else is up, or it's something else.

Re: Vista Troubles

Posted by: Chaos
Date: 2010-02-16 20:27:54
Usually, if you have a Backdoor Trojan or any type of Malware, it prevents you from activating the System Restore. It shows you have them, but you can't use them.

Re: Vista Troubles

Posted by: fivex
Date: 2010-02-16 22:02:37

Usually, if you have a Backdoor Trojan or any type of Malware, it prevents you from activating the System Restore. It shows you have them, but you can't use them.
I know what he has. It's not a backdoor trojan(or not yet atleast), it's a downloader

Re: Vista Troubles

Posted by: Chaos
Date: 2010-02-16 22:43:35


Usually, if you have a Backdoor Trojan or any type of Malware, it prevents you from activating the System Restore. It shows you have them, but you can't use them.
I know what he has. It's not a backdoor trojan(or not yet atleast), it's a downloader

[glow=red,2,300][size=4]SHE[/size][/glow]

Re: Vista Troubles

Posted by: Wild MissingNo. appeared
Date: 2010-02-17 06:28:42
How many times has people, got my gender wrong. It's clear I'm a girl, and if I was a guy, I'd be loving a girl, not a boy. *Sighs* At the moment Vista has completely crashed on me twice, it did so last night, and again a few seconds ago. I got a strong feeling that this laptop is going to die exactly the same way my original shitty Vista laptop did. That died after one year of having it, where a lot of things would suffer an APPHANG (Firefox), or an APPCRASH - Windows Exporer - System Tray, and Windows Media Player. I don't have Conficker I know that for sure, since my other stuff would of been disabled/killed, but Windows Defender is offline and I am unable to bring it back online, I keep getting a stupid message saying, it's been turned off by the group policy. I don't even know what a fucking group policy even is. I've used an old, and out dated system for 9 years, even with Windows XP brand new at the time, but asll this new Windows Systems shit is just pointless, Windows 7 is Windows Vista - masked over any Vista problems, in which has been a lot of reports here in England about how Windows 7 sucks. At the moment I've got Avria scanning again, and it found no viruses in Safe Mode, which is good, and 6 detections, two from FrostWire (I barely use it), AskBar (Damn thing might of came with FrostWire when I didn't want the AskBar installed as it's a virus), and the other two I think were viruses from somewhere else on my laptop. I'll get that HijackThis Log from Safe Mode when my Vista has finished fucking about.

Hijack this log from Safe Mode:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:03:58, on 17/02/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18882)
Boot mode: Safe mode with network support

Running processes:
C:\Windows\Explorer.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://forums.glitchcity.info/index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (file missing)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: FrostWire Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (file missing)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [Fujitsu OSD Utility] c:\PROGRA~1\FUJITS~1\OSDUTI~1.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [FSCRecovery] c:\Program Files\Fujitsu\System Recovery\FSCRecoveryReminder.exe
O4 - HKLM\..\Run: [Google EULA Launcher] c:\Program Files\Google\Google EULA\GoogleEULALauncher.exe IE PA
O4 - HKLM\..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [fts-reg] C:\fts-reg\ftsreg.exe 20100208
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\Mutou Yami\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [TOY5KNQ8OC] C:\Users\Mutou Yami\AppData\Local\Temp\Bc1.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki… - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{0D618457-EDC9-4FE7-A52C-79767B07B4DA}: NameServer = 93.188.162.10,93.188.166.94
O17 - HKLM\System\CCS\Services\Tcpip\..\{63AE4334-CFC3-47DA-BF27-87D50DB1BDE4}: NameServer = 93.188.162.10,93.188.166.94
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 93.188.162.10,93.188.166.94
O17 - HKLM\System\CS1\Services\Tcpip\..\{0D618457-EDC9-4FE7-A52C-79767B07B4DA}: NameServer = 93.188.162.10,93.188.166.94
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.162.10,93.188.166.94
O20 - AppInit_DLLs: AVGRSSTX.DLL C:\PROGRA~1\GOOGLE\GOOGLE~2\GOEC62~1.DLL
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Google Desktop Manager 5.9.911.3589 (GoogleDesktopManager-110309-193829) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Norton Internet Security - Unknown owner - C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe (file missing)
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: Fujitsu Diagnostic Testhandler (TestHandler) - Fujitsu Technology Solutions - C:\Program Files\Fujitsu\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe


End of file - 7662 bytes