Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:38:19 PM, on 7/13/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Smc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\OrCAD\license_manager\lmgrd.exe
C:\OrCAD\license_manager\lmgrd.exe
C:\Program Files\Common Files\Frontstep Shared\Service\FSValidationSvc.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\oracle\ora92\bin\agntsrvc.exe
C:\oracle\ora92\Apache\Apache\apache.exe
C:\oracle\ora92\BIN\TNSLSNR.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\ppRemoteService.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\UStorSrv.exe
C:\oracle\ora92\bin\dbsnmp.exe
C:\oracle\ora92\Apache\Apache\apache.exe
C:\Program Files\Common Files\PestPatrol\PPMCActiveDetection.exe
C:\oracle\ora92\jdk\bin\java.exe
C:\oracle\ora92\jdk\bin\java.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec AntiVirus\SmcGui.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: Spybot-S&D IE Protection - {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: C:\WINDOWS\system32\gsf83iujid.dll - {b2c7b2a1-00f3-42bd-f434-00aaba2c8952} - C:\WINDOWS\system32\gsf83iujid.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl Class - {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {F60C7D81-8471-4D40-AAFE-56D318F34C2D} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NMGameX_AutoRun] C:\WINDOWS\system32\Rundll32.exe nmgamex.dll,LiveProcess /aa
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Windows System Recover!] C:\DOCUME~1\jklinck.AGL\LOCALS~1\Temp\setup.exe
O4 - HKUS\S-1-5-21-1071933661-1959593502-1845911597-2809\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-18\..\RunOnce: [] (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [] (User 'Default user')
O4 - Startup: fmnupd32.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ÐÂÀ˵ãµãͨ - {F60C7D81-8471-4D40-AAFE-56D318F34C2D} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} (CPlayFirstTriJinxControl Object) - http://l.yimg.com/jh/games/web_games...x.1.0.0.55.cab
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - file://C:\TempEI4\EI40_\msxml4.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - http://messenger.msn.com/download/Ms...Downloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = agl-lasers.com
O17 - HKLM\Software\..\Telephony: DomainName = agl-lasers.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = agl-lasers.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = agl-lasers.com
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: dcafcbadbfaa - C:\WINDOWS\system32\dcafcbadbfaa.dll (file missing)
O22 - SharedTaskScheduler: hs837hiudjgfo9s8gjio4gfd - {B2C7B2A1-00F3-42BD-F434-00AABA2C8952} - C:\WINDOWS\system32\gsf83iujid.dll (file missing)
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: Cadence License Manager - Macrovision Corporation - C:\OrCAD\license_manager\lmgrd.exe
O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: CA License Server (CA_LIC_SRVR) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: MAPICS Validation Service (FSValidationSvc) - Unknown owner - C:\Program Files\Common Files\Frontstep Shared\Service\FSValidationSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: OracleOraHome92Agent - Oracle Corporation - C:\oracle\ora92\bin\agntsrvc.exe
O23 - Service: OracleOraHome92ClientCache - Unknown owner - C:\oracle\ora92\BIN\ONRSD.EXE
O23 - Service: OracleOraHome92HTTPServer - Unknown owner - C:\oracle\ora92\Apache\Apache\apache.exe
O23 - Service: OracleOraHome92PagingServer - Unknown owner - C:\oracle\ora92/bin/pagntsrv.exe
O23 - Service: OracleOraHome92SNMPPeerEncapsulator - Unknown owner - C:\oracle\ora92\BIN\ENCSVC.EXE
O23 - Service: OracleOraHome92SNMPPeerMasterAgent - Unknown owner - C:\oracle\ora92\BIN\AGNTSVC.EXE
O23 - Service: OracleOraHome92TNSListener - Unknown owner - C:\oracle\ora92\BIN\TNSLSNR.exe
O23 - Service: PestPatrol Remote - Computer Associates International, Inc. - C:\WINDOWS\system32\ppRemoteService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Smc.exe
O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\SNAC.EXE
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: UStorage Server Service - OTi - C:\WINDOWS\system32\UStorSrv.exe
O23 - Service: Automatic Updates (wuauserv) - Unknown owner - C:\WINDOWS\

--
End of file - 11477 bytes

Welcome,

Bad news it looks like you have backdoor trojans on your PC. Do you do any credit card transactions or online banking with this PC?


Download SDFIX and save it to your Desktop.

Double click SDFix.exe and choose Install to extract it to its own folder on the Desktop. Please then reboot your computer in Safe Mode by doing the following :

• Restart your computer
• After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
• Instead of Windows loading as normal, a menu with options should appear;
• Select the first option, to run Windows in Safe Mode, then press "Enter".
• Choose your usual account.

• In Safe Mode, right click the SDFix.zip folder and choose Extract All,
• Open the extracted folder and double click RunThis.bat to start the script.
• Type Y to begin the script.
• It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
• Press any Key and it will restart the PC.
• Your system will take longer that normal to restart as the fixtool will be running and removing files.
• When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.
• Finally open the SDFix folder on your desktop and copy and paste the contents of the results file Report.txt back onto the forum with a new HijackThis log

Visit this page below to familiarize yourself to the tool below and download from one of the links provided.

A guide and tutorial on using ComboFix




If you have previously downloaded ComboFix,please delete that version now.



It is IMPORTANT that it is saved directly to your desktop

Close any open browsers.

Disconnect from the Internet.

Please do not re-connect your machine back to the Internet until Combofix has completely finished.

Disable your antivirus program and any realtime malware scanners and script blockers now


How To Disable



Double click on combofix.exe and follow the prompts.

When it's finished it will produce a log.
Post the entire contents of C:\ComboFix.txt into your next reply.

Note:
Do not mouseclick combofix's window while it's running.

That may cause the program to freeze/hang.

Do NOT post the ComboFix-quarantined-files.txt unless I ask.

Re-enable your anti-virus and re-connect back to the internet and post the combofix log.



*Note*
In case your Antivirus or any other realtime scanner is displaying an alert after you downloaded Combofix or while you use Combofix,please disable your scanner and redownload Combofix again.
Some scanners may see some combofix related components as suspicious and block or delete them while there's nothing wrong with them.

ComboFix SHOULD NOT be used unless requested by a forum helper.

I normally do not do any transactions, but I have on this computer. What should I do?

I will start with your steps now. Thank you.

The infected computer is my work computer, I started SDFIX but it wouldn't open up to a large window. It stayed a very tiny window. I pressed y and enter, and it started doing something but I don't know what. If ran for 20 minutes with the same little blue window. I left it overnight, I will hopefully know something in the morning.

SDFix: Version 1.240
Run by jklinck on Mon 07/13/2009 at 05:00 PM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

Trojan Files Found:

C:\-66768~1 - Deleted





Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2009-07-14 08:24:44
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\R oot\legacy_efd381466694fce213d0e0474823611b]
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\R oot\legacy_efd381466694fce213d0e0474823611b\0000]
"Service"="efd381466694fce213d0e0474823611b"
"Legacy"=dword:00000001
"ConfigFlags"=dword:00000000
"Class"="LegacyDriver"
"ClassGUID"="{8ECC055D-047F-11D1-A537-0000F8753ED1}"
"DeviceDesc"="efd381466694fce213d0e0474823611b "
"Capabilities"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\efd381466694fce213d0e0474823611b]
"c"="&registry_path=\REGISTRY\MACHINE\SYSTEM\Contr olSet001\Services\efd381466694fce213d0e0474823611b &download_period=846000&first_download_delay=180&v ersion=2&ip_0=586742989&port_0=7000&max_fails_0=5& ip_1=704183501&port_1=8300&max_fails_1=5&ip_2=2241 985741&port_2=9002&max_fails_2=2&ip_3=1512966353&p ort_3=11234&max_fails_3=2&ips_count=4&name=efd3814 66694fce213d0e0474823611b&path=system32\efd3814666 94fce213d0e0474823611b.sys&wmid=Dcl991&idate=2009-06-17 12:57:02:020&last_download_time=2009-7-9 3:10:53.692&first_skip=1&last_update_ip_pos=0"
"Type"=dword:00000001
"Start"=dword:00000000
"ErrorControl"=dword:00000000
"Tag"=dword:00000006
"ImagePath"=str(2):"system32\efd381466694fce213d0e 0474823611b.sys"
"DisplayName"="efd381466694fce213d0e0474823611 b"
"Group"="System Bus Extender"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\efd381466694fce213d0e0474823611b\security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00 ,14,00,00,00,30,00,00,00,02,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\ legacy_efd381466694fce213d0e0474823611b]
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\ legacy_efd381466694fce213d0e0474823611b\0000]
"Service"="efd381466694fce213d0e0474823611b"
"Legacy"=dword:00000001
"ConfigFlags"=dword:00000000
"Class"="LegacyDriver"
"ClassGUID"="{8ECC055D-047F-11D1-A537-0000F8753ED1}"
"DeviceDesc"="efd381466694fce213d0e0474823611b "
"Capabilities"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\e fd381466694fce213d0e0474823611b]
"c"="&registry_path=\REGISTRY\MACHINE\SYSTEM\Contr olSet001\Services\efd381466694fce213d0e0474823611b &download_period=846000&first_download_delay=180&v ersion=2&ip_0=586742989&port_0=7000&max_fails_0=5& ip_1=704183501&port_1=8300&max_fails_1=5&ip_2=2241 985741&port_2=9002&max_fails_2=2&ip_3=1512966353&p ort_3=11234&max_fails_3=2&ips_count=4&name=efd3814 66694fce213d0e0474823611b&path=system32\efd3814666 94fce213d0e0474823611b.sys&wmid=Dcl991&idate=2009-06-17 12:57:02:020&last_download_time=2009-7-9 3:10:53.692&first_skip=1&last_update_ip_pos=0"
"Type"=dword:00000001
"Start"=dword:00000000
"ErrorControl"=dword:00000000
"Tag"=dword:00000006
"ImagePath"=str(2):"system32\efd381466694fce213d0e 0474823611b.sys"
"DisplayName"="efd381466694fce213d0e0474823611 b"
"Group"="System Bus Extender"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\e fd381466694fce213d0e0474823611b\security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00 ,14,00,00,00,30,00,00,00,02,..

scanning hidden registry entries ...

scanning hidden files ...

C:\WINDOWS\system32\efd381466694fce213d0e047482361 1b.sys 39936 bytes executable
C:\WINDOWS\system32\netcfgx.dll:Zone.Identifier 49152 bytes executable

scan completed successfully
hidden processes: 0
hidden services: 1
hidden files: 2


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\standard profile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype. Take a deep breath "
"C:\\OrCAD\\OrCAD_16.0\\tools\\bin\\cdnshelp.exe"= "C:\\OrCAD\\OrCAD_16.0\\tools\\bin\\cdnshelp.exe:* :Enabled:cdnshelp (Release OrCAD 16.0)"
"C:\\OrCAD\\OrCAD_16.0\\tools\\bin\\cdsinfo.exe"=" C:\\OrCAD\\OrCAD_16.0\\tools\\bin\\cdsinfo.exe:*:E nabled:cdsinfo (Release OrCAD 16.0)"
"C:\\OrCAD\\OrCAD_16.0\\tools\\bin\\cdsmps.exe"="C :\\OrCAD\\OrCAD_16.0\\tools\\bin\\cdsmps.exe:*:Ena bled:cdsmps (Release OrCAD 16.0)"
"C:\\OrCAD\\OrCAD_16.0\\tools\\bin\\cdsMsgServer.e xe"="C:\\OrCAD\\OrCAD_16.0\\tools\\bin\\cdsMsgServ er.exe:*:Enabled:cdsMsgServer (Release OrCAD 16.0)"
"C:\\OrCAD\\OrCAD_16.0\\tools\\bin\\cdsNameServer. exe"="C:\\OrCAD\\OrCAD_16.0\\tools\\bin\\cdsNameSe rver.exe:*:Enabled:cdsNameServer (Release OrCAD 16.0)"
"C:\\OrCAD\\OrCAD_16.0\\tools\\bin\\cdsOaPathUtil. exe"="C:\\OrCAD\\OrCAD_16.0\\tools\\bin\\cdsOaPath Util.exe:*:Enabled:cdsOaPathUtil (Release OrCAD 16.0)"
"C:\\OrCAD\\OrCAD_16.0\\tools\\bin\\cdsRemote.exe" ="C:\\OrCAD\\OrCAD_16.0\\tools\\bin\\cdsRemote.exe :*:Enabled:cdsRemote (Release OrCAD 16.0)"
"C:\\OrCAD\\OrCAD_16.0\\tools\\bin\\cdsRemshClient .exe"="C:\\OrCAD\\OrCAD_16.0\\tools\\bin\\cdsRemsh Client.exe:*:Enabled:cdsRemshClient (Release OrCAD 16.0)"
"C:\\OrCAD\\OrCAD_16.0\\tools\\bin\\cdsRunHidden.e xe"="C:\\OrCAD\\OrCAD_16.0\\tools\\bin\\cdsRunHidd en.exe:*:Enabled:cdsRunHidden (Release OrCAD 16.0)"
"C:\\OrCAD\\OrCAD_16.0\\tools\\bin\\cdsServIpc.exe "="C:\\OrCAD\\OrCAD_16.0\\tools\\bin\\cdsServIpc.e xe:*:Enabled:cdsServIpc (Release OrCAD 16.0)"
"C:\\OrCAD\\OrCAD_16.0\\tools\\bin\\cdsUnzip.exe"= "C:\\OrCAD\\OrCAD_16.0\\tools\\bin\\cdsUnzip.exe:* :Enabled:cdsUnzip (Release OrCAD 16.0)"
"C:\\OrCAD\\OrCAD_16.0\\tools\\bin\\cdswhich.exe"= "C:\\OrCAD\\OrCAD_16.0\\tools\\bin\\cdswhich.exe:* :Enabled:cdswhich (Release OrCAD 16.0)"
"C:\\OrCAD\\OrCAD_16.0\\tools\\bin\\cdsZip.exe"="C :\\OrCAD\\OrCAD_16.0\\tools\\bin\\cdsZip.exe:*:Ena bled:cdsZip (Release OrCAD 16.0)"
"C:\\OrCAD\\OrCAD_16.0\\tools\\bin\\cds_root.exe"= "C:\\OrCAD\\OrCAD_16.0\\tools\\bin\\cds_root.exe:* :Enabled:cds_root (Release OrCAD 16.0)"
"C:\\OrCAD\\OrCAD_16.0\\tools\\bin\\clsAdminTool.e xe"="C:\\OrCAD\\OrCAD_16.0\\tools\\bin\\clsAdminTo ol.exe:*:Enabled:clsAdminTool (Release OrCAD 16.0)"
"C:\\OrCAD\\OrCAD_16.0\\tools\\bin\\clsbd.exe"="C: \\OrCAD\\OrCAD_16.0\\tools\\bin\\clsbd.exe:*:Enabl ed:clsbd (Release OrCAD 16.0)"
"C:\\OrCAD\\OrCAD_16.0\\tools\\bin\\clu.exe"="C:\\ OrCAD\\OrCAD_16.0\\tools\\bin\\clu.exe:*:Enabled:c lu (Release OrCAD 16.0)"
"C:\\OrCAD\\OrCAD_16.0\\tools\\bin\\dregprint.exe" ="C:\\OrCAD\\OrCAD_16.0\\tools\\bin\\dregprint.exe :*:Enabled:dregprint (Release OrCAD 16.0)"
"C:\\OrCAD\\OrCAD_16.0\\tools\\bin\\emsMkError.exe "="C:\\OrCAD\\OrCAD_16.0\\tools\\bin\\emsMkError.e xe:*:Enabled:emsMkError (Release OrCAD 16.0)"
"C:\\OrCAD\\OrCAD_16.0\\tools\\bin\\mpsinfo.exe"=" C:\\OrCAD\\OrCAD_16.0\\tools\\bin\\mpsinfo.exe:*:E nabled:mpsinfo (Release OrCAD 16.0)"
"C:\\OrCAD\\OrCAD_16.0\\tools\\bin\\msgHelp.exe"=" C:\\OrCAD\\OrCAD_16.0\\tools\\bin\\msgHelp.exe:*:E nabled:msgHelp (Release OrCAD 16.0)"
"C:\\OrCAD\\OrCAD_16.0\\tools\\bin\\nmp.exe"="C:\\ OrCAD\\OrCAD_16.0\\tools\\bin\\nmp.exe:*:Enabled:n mp (Release OrCAD 16.0)"
"C:\\OrCAD\\OrCAD_16.0\\tools\\bin\\nmppath.exe"=" C:\\OrCAD\\OrCAD_16.0\\tools\\bin\\nmppath.exe:*:E nabled:nmppath (Release OrCAD 16.0)"
"C:\\OrCAD\\OrCAD_16.0\\tools\\bin\\switchversion. exe"="C:\\OrCAD\\OrCAD_16.0\\tools\\bin\\switchver sion.exe:*:Enabled:switchversion (Release OrCAD 16.0)"
"C:\\OrCAD\\OrCAD_16.0\\tools\\bin\\van.exe"="C:\\ OrCAD\\OrCAD_16.0\\tools\\bin\\van.exe:*:Enabled:v an (Release OrCAD 16.0)"
"C:\\OrCAD\\OrCAD_16.0\\tools\\bin\\versionviewer. exe"="C:\\OrCAD\\OrCAD_16.0\\tools\\bin\\versionvi ewer.exe:*:Enabled:versionviewer (Release OrCAD 16.0)"
"C:\\OrCAD\\OrCAD_16.0\\tools\\capture\\capture.ex e"="C:\\OrCAD\\OrCAD_16.0\\tools\\capture\\capture .exe:*:Enabled:capture (Release OrCAD 16.0)"
"C:\\OrCAD\\OrCAD_16.0\\tools\\capture\\comp16.exe "="C:\\OrCAD\\OrCAD_16.0\\tools\\capture\\comp16.e xe:*:Enabled:comp16 (Release OrCAD 16.0)"
"C:\\OrCAD\\OrCAD_16.0\\tools\\capture\\pcadi.exe" ="C:\\OrCAD\\OrCAD_16.0\\tools\\capture\\pcadi.exe :*:Enabledcadi (Release OrCAD 16.0)"
"C:\\OrCAD\\OrCAD_16.0\\tools\\capture\\pspiceexpl orersrvr.exe"="C:\\OrCAD\\OrCAD_16.0\\tools\\captu re\\pspiceexplorersrvr.exe:*:Enabledspiceexplorersrvr (Release OrCAD 16.0)"
"C:\\OrCAD\\OrCAD_16.0\\tools\\capture\\pstswp.exe "="C:\\OrCAD\\OrCAD_16.0\\tools\\capture\\pstswp.e xe:*:Enabledstswp (Release OrCAD 16.0)"
"C:\\OrCAD\\OrCAD_16.0\\tools\\capture\\regsvr32.e xe"="C:\\OrCAD\\OrCAD_16.0\\tools\\capture\\regsvr 32.exe:*:Enabled:regsvr32 (Release OrCAD 16.0)"
"C:\\OrCAD\\OrCAD_16.0\\tools\\capture\\sch2cap.ex e"="C:\\OrCAD\\OrCAD_16.0\\tools\\capture\\sch2cap .exe:*:Enabled:sch2cap (Release OrCAD 16.0)"
"C:\\OrCAD\\OrCAD_16.0\\tools\\capture\\tutorial\\ CAPTUTOR.EXE"="C:\\OrCAD\\OrCAD_16.0\\tools\\captu re\\tutorial\\CAPTUTOR.EXE:*:Enabled:CAPTUTOR (Release OrCAD 16.0)"
"C:\\OrCAD\\OrCAD_16.0\\tools\\cdnshelp\\bin\\cdns help.exe"="C:\\OrCAD\\OrCAD_16.0\\tools\\cdnshelp\ \bin\\cdnshelp.exe:*:Enabled:cdnshelp (Release OrCAD 16.0)"
"C:\\OrCAD\\OrCAD_16.0\\tools\\cdnshelp\\bin\\topi cgen.exe"="C:\\OrCAD\\OrCAD_16.0\\tools\\cdnshelp\ \bin\\topicgen.exe:*:Enabled:topicgen (Release OrCAD 16.0)"
"C:\\OrCAD\\OrCAD_16.0\\tools\\cdnshelp\\bin\\_cdn shelp.exe"="C:\\OrCAD\\OrCAD_16.0\\tools\\cdnshelp \\bin\\_cdnshelp.exe:*:Enabled:_cdnshelp (Release OrCAD 16.0)"
"C:\\OrCAD\\OrCAD_16.0\\tools\\fet\\bin\\mkdefcfg. exe"="C:\\OrCAD\\OrCAD_16.0\\tools\\fet\\bin\\mkde fcfg.exe:*:Enabled:mkdefcfg (Release OrCAD 16.0)"
"C:\\OrCAD\\OrCAD_16.0\\tools\\fet\\bin\\versionto ol.exe"="C:\\OrCAD\\OrCAD_16.0\\tools\\fet\\bin\\v ersiontool.exe:*:Enabled:versiontool (Release OrCAD 16.0)"
"C:\\OrCAD\\OrCAD_16.0\\tools\\pspice\\pspiceexplo rersrvr.exe"="C:\\OrCAD\\OrCAD_16.0\\tools\\pspice \\pspiceexplorersrvr.exe:*:Enabledspiceexplorersrvr (Release OrCAD 16.0)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\domainpr ofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr .exe"="C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\h elpctr.exe:*:Enabled:Remote Assistance - Windows Messenger and Voice"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"
"C:\\Program Files\\Freescale\\Test Tool\\Test Tool.exe"="C:\\Program Files\\Freescale\\Test Tool\\Test Tool.exe:*:Enabled:Framework"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
"C:\\Documents and Settings\\jklinck.AGL\\Local Settings\\Temp\\OraInstall2007-06-18_07-55-46AM\\jre\\bin\\javaw.exe"="C:\\Documents and Settings\\jklinck.AGL\\Local Settings\\Temp\\OraInstall2007-06-18_07-55-46AM\\jre\\bin\\javaw.exe:*:Enabled:javaw"
"C:\\Documents and Settings\\jklinck.AGL\\Local Settings\\Temp\\OraInstall2007-06-18_09-34-25AM\\jre\\bin\\javaw.exe"="C:\\Documents and Settings\\jklinck.AGL\\Local Settings\\Temp\\OraInstall2007-06-18_09-34-25AM\\jre\\bin\\javaw.exe:*:Enabled:javaw"
"C:\\oracle\\ora92\\Apache\\Apache\\Apache.exe"="C :\\oracle\\ora92\\Apache\\Apache\\Apache.exe:*:Ena bled:Apache"
"C:\\OrCAD\\OrCAD_16.0\\tools\\bin\\cdnshelp.exe"= "C:\\OrCAD\\OrCAD_16.0\\tools\\bin\\cdnshelp.exe:* :Enabled:cdnshelp (Release OrCAD 16.0)"
"C:\\OrCAD\\OrCAD_16.0\\tools\\bin\\cdsinfo.exe"=" C:\\OrCAD\\OrCAD_16.0\\tools\\bin\\cdsinfo.exe:*:E nabled:cdsinfo (Release OrCAD 16.0)"
"C:\\OrCAD\\OrCAD_16.0\\tools\\bin\\cdsmps.exe"="C :\\OrCAD\\OrCAD_16.0\\tools\\bin\\cdsmps.exe:*:Ena bled:cdsmps (Release OrCAD 16.0)"
"C:\\OrCAD\\OrCAD_16.0\\tools\\bin\\cdsMsgServer.e xe"="C:\\OrCAD\\OrCAD_16.0\\tools\\bin\\cdsMsgServ er.exe:*:Enabled:cdsMsgServer (Release OrCAD 16.0)"
"C:\\OrCAD\\OrCAD_16.0\\tools\\bin\\cdsNameServer. exe"="C:\\OrCAD\\OrCAD_16.0\\tools\\bin\\cdsNameSe rver.exe:*:Enabled:cdsNameServer (Release OrCAD 16.0)"
"C:\\OrCAD\\OrCAD_16.0\\tools\\bin\\cdsOaPathUtil. exe"="C:\\OrCAD\\OrCAD_16.0\\tools\\bin\\cdsOaPath Util.exe:*:Enabled:cdsOaPathUtil (Release OrCAD 16.0)"
"C:\\OrCAD\\OrCAD_16.0\\tools\\bin\\cdsRemote.exe" ="C:\\OrCAD\\OrCAD_16.0\\tools\\bin\\cdsRemote.exe :*:Enabled:cdsRemote (Release OrCAD 16.0)"
"C:\\OrCAD\\OrCAD_16.0\\tools\\bin\\cdsRemshClient .exe"="C:\\OrCAD\\OrCAD_16.0\\tools\\bin\\cdsRemsh Client.exe:*:Enabled:cdsRemshClient (Release OrCAD 16.0)"
"C:\\OrCAD\\OrCAD_16.0\\tools\\bin\\cdsRunHidden.e xe"="C:\\OrCAD\\OrCAD_16.0\\tools\\bin\\cdsRunHidd en.exe:*:Enabled:cdsRunHidden (Release OrCAD 16.0)"
"C:\\OrCAD\\OrCAD_16.0\\tools\\bin\\cdsServIpc.exe "="C:\\OrCAD\\OrCAD_16.0\\tools\\bin\\cdsServIpc.e xe:*:Enabled:cdsServIpc (Release OrCAD 16.0)"
"C:\\OrCAD\\OrCAD_16.0\\tools\\bin\\cdsUnzip.exe"= "C:\\OrCAD\\OrCAD_16.0\\tools\\bin\\cdsUnzip.exe:* :Enabled:cdsUnzip (Release OrCAD 16.0)"
"C:\\OrCAD\\OrCAD_16.0\\tools\\bin\\cdswhich.exe"= "C:\\OrCAD\\OrCAD_16.0\\tools\\bin\\cdswhich.exe:* :Enabled:cdswhich (Release OrCAD 16.0)"
"C:\\OrCAD\\OrCAD_16.0\\tools\\bin\\cdsZip.exe"="C :\\OrCAD\\OrCAD_16.0\\tools\\bin\\cdsZip.exe:*:Ena bled:cdsZip (Release OrCAD 16.0)"
"C:\\OrCAD\\OrCAD_16.0\\tools\\bin\\cds_root.exe"= "C:\\OrCAD\\OrCAD_16.0\\tools\\bin\\cds_root.exe:* :Enabled:cds_root (Release OrCAD 16.0)"
"C:\\OrCAD\\OrCAD_16.0\\tools\\bin\\clsAdminTool.e xe"="C:\\OrCAD\\OrCAD_16.0\\tools\\bin\\clsAdminTo ol.exe:*:Enabled:clsAdminTool (Release OrCAD 16.0)"
"C:\\OrCAD\\OrCAD_16.0\\tools\\bin\\clsbd.exe"="C: \\OrCAD\\OrCAD_16.0\\tools\\bin\\clsbd.exe:*:Enabl ed:clsbd (Release OrCAD 16.0)"
"C:\\OrCAD\\OrCAD_16.0\\tools\\bin\\clu.exe"="C:\\ OrCAD\\OrCAD_16.0\\tools\\bin\\clu.exe:*:Enabled:c lu (Release OrCAD 16.0)"
"C:\\OrCAD\\OrCAD_16.0\\tools\\bin\\dregprint.exe" ="C:\\OrCAD\\OrCAD_16.0\\tools\\bin\\dregprint.exe :*:Enabled:dregprint (Release OrCAD 16.0)"
"C:\\OrCAD\\OrCAD_16.0\\tools\\bin\\emsMkError.exe "="C:\\OrCAD\\OrCAD_16.0\\tools\\bin\\emsMkError.e xe:*:Enabled:emsMkError (Release OrCAD 16.0)"
"C:\\OrCAD\\OrCAD_16.0\\tools\\bin\\mpsinfo.exe"=" C:\\OrCAD\\OrCAD_16.0\\tools\\bin\\mpsinfo.exe:*:E nabled:mpsinfo (Release OrCAD 16.0)"
"C:\\OrCAD\\OrCAD_16.0\\tools\\bin\\msgHelp.exe"=" C:\\OrCAD\\OrCAD_16.0\\tools\\bin\\msgHelp.exe:*:E nabled:msgHelp (Release OrCAD 16.0)"
"C:\\OrCAD\\OrCAD_16.0\\tools\\bin\\nmp.exe"="C:\\ OrCAD\\OrCAD_16.0\\tools\\bin\\nmp.exe:*:Enabled:n mp (Release OrCAD 16.0)"
"C:\\OrCAD\\OrCAD_16.0\\tools\\bin\\nmppath.exe"=" C:\\OrCAD\\OrCAD_16.0\\tools\\bin\\nmppath.exe:*:E nabled:nmppath (Release OrCAD 16.0)"
"C:\\OrCAD\\OrCAD_16.0\\tools\\bin\\switchversion. exe"="C:\\OrCAD\\OrCAD_16.0\\tools\\bin\\switchver sion.exe:*:Enabled:switchversion (Release OrCAD 16.0)"
"C:\\OrCAD\\OrCAD_16.0\\tools\\bin\\van.exe"="C:\\ OrCAD\\OrCAD_16.0\\tools\\bin\\van.exe:*:Enabled:v an (Release OrCAD 16.0)"
"C:\\OrCAD\\OrCAD_16.0\\tools\\bin\\versionviewer. exe"="C:\\OrCAD\\OrCAD_16.0\\tools\\bin\\versionvi ewer.exe:*:Enabled:versionviewer (Release OrCAD 16.0)"
"C:\\OrCAD\\OrCAD_16.0\\tools\\capture\\capture.ex e"="C:\\OrCAD\\OrCAD_16.0\\tools\\capture\\capture .exe:*:Enabled:capture (Release OrCAD 16.0)"
"C:\\OrCAD\\OrCAD_16.0\\tools\\capture\\comp16.exe "="C:\\OrCAD\\OrCAD_16.0\\tools\\capture\\comp16.e xe:*:Enabled:comp16 (Release OrCAD 16.0)"
"C:\\OrCAD\\OrCAD_16.0\\tools\\capture\\pcadi.exe" ="C:\\OrCAD\\OrCAD_16.0\\tools\\capture\\pcadi.exe :*:Enabledcadi (Release OrCAD 16.0)"
"C:\\OrCAD\\OrCAD_16.0\\tools\\capture\\pspiceexpl orersrvr.exe"="C:\\OrCAD\\OrCAD_16.0\\tools\\captu re\\pspiceexplorersrvr.exe:*:Enabledspiceexplorersrvr (Release OrCAD 16.0)"
"C:\\OrCAD\\OrCAD_16.0\\tools\\capture\\pstswp.exe "="C:\\OrCAD\\OrCAD_16.0\\tools\\capture\\pstswp.e xe:*:Enabledstswp (Release OrCAD 16.0)"
"C:\\OrCAD\\OrCAD_16.0\\tools\\capture\\regsvr32.e xe"="C:\\OrCAD\\OrCAD_16.0\\tools\\capture\\regsvr 32.exe:*:Enabled:regsvr32 (Release OrCAD 16.0)"
"C:\\OrCAD\\OrCAD_16.0\\tools\\capture\\sch2cap.ex e"="C:\\OrCAD\\OrCAD_16.0\\tools\\capture\\sch2cap .exe:*:Enabled:sch2cap (Release OrCAD 16.0)"
"C:\\OrCAD\\OrCAD_16.0\\tools\\capture\\tutorial\\ CAPTUTOR.EXE"="C:\\OrCAD\\OrCAD_16.0\\tools\\captu re\\tutorial\\CAPTUTOR.EXE:*:Enabled:CAPTUTOR (Release OrCAD 16.0)"
"C:\\OrCAD\\OrCAD_16.0\\tools\\cdnshelp\\bin\\cdns help.exe"="C:\\OrCAD\\OrCAD_16.0\\tools\\cdnshelp\ \bin\\cdnshelp.exe:*:Enabled:cdnshelp (Release OrCAD 16.0)"
"C:\\OrCAD\\OrCAD_16.0\\tools\\cdnshelp\\bin\\topi cgen.exe"="C:\\OrCAD\\OrCAD_16.0\\tools\\cdnshelp\ \bin\\topicgen.exe:*:Enabled:topicgen (Release OrCAD 16.0)"
"C:\\OrCAD\\OrCAD_16.0\\tools\\cdnshelp\\bin\\_cdn shelp.exe"="C:\\OrCAD\\OrCAD_16.0\\tools\\cdnshelp \\bin\\_cdnshelp.exe:*:Enabled:_cdnshelp (Release OrCAD 16.0)"
"C:\\OrCAD\\OrCAD_16.0\\tools\\fet\\bin\\mkdefcfg. exe"="C:\\OrCAD\\OrCAD_16.0\\tools\\fet\\bin\\mkde fcfg.exe:*:Enabled:mkdefcfg (Release OrCAD 16.0)"
"C:\\OrCAD\\OrCAD_16.0\\tools\\fet\\bin\\versionto ol.exe"="C:\\OrCAD\\OrCAD_16.0\\tools\\fet\\bin\\v ersiontool.exe:*:Enabled:versiontool (Release OrCAD 16.0)"
"C:\\OrCAD\\OrCAD_16.0\\tools\\pspice\\pspiceexplo rersrvr.exe"="C:\\OrCAD\\OrCAD_16.0\\tools\\pspice \\pspiceexplorersrvr.exe:*:Enabledspiceexplorersrvr (Release OrCAD 16.0)"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\Program Files\\Symantec AntiVirus\\Smc.exe"="C:\\Program Files\\Symantec AntiVirus\\Smc.exe:*:Enabled:SMC Service"
"C:\\Program Files\\Symantec AntiVirus\\SNAC.EXE"="C:\\Program Files\\Symantec AntiVirus\\SNAC.EXE:*:Enabled:SNAC Service"
"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"="C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe:*:Enabled:Symantec Email"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

Remaining Files :


File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Fri 9 Apr 2004 194 ..SH. --- "C:\BOOT.BAK"
Mon 26 Jan 2009 1,740,632 ..SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
Mon 26 Jan 2009 5,365,592 ..SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
Thu 5 Mar 2009 2,260,480 ..SH. --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
Thu 31 Jan 2008 468 ...H. --- "C:\WINDOWS\ER MapperMBC\7.1\ermapper_mbc.dll"
Fri 19 Sep 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Fri 2 May 2008 3,493,888 ...H. --- "C:\Documents and Settings\jklinck.AGL\Application Data\U3\temp\Launchpad Removal.exe"
Wed 18 Aug 2004 54,520 ...H. --- "C:\Documents and Settings\All Users\Application Data\Microsoft\visualstudio\7.1\vs000223.tmp"

Finished!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:38:41 AM, on 7/14/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Smc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\OrCAD\license_manager\lmgrd.exe
C:\OrCAD\license_manager\lmgrd.exe
C:\Program Files\Common Files\Frontstep Shared\Service\FSValidationSvc.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\oracle\ora92\bin\agntsrvc.exe
C:\oracle\ora92\Apache\Apache\apache.exe
C:\WINDOWS\system32\cmd.exe
C:\oracle\ora92\BIN\TNSLSNR.exe
C:\WINDOWS\system32\ppRemoteService.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\oracle\ora92\bin\dbsnmp.exe
C:\Program Files\Common Files\PestPatrol\PPMCActiveDetection.exe
C:\WINDOWS\system32\UStorSrv.exe
C:\oracle\ora92\Apache\Apache\apache.exe
C:\oracle\ora92\jdk\bin\java.exe
C:\oracle\ora92\jdk\bin\java.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec AntiVirus\SmcGui.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: Spybot-S&D IE Protection - {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: C:\WINDOWS\system32\gsf83iujid.dll - {b2c7b2a1-00f3-42bd-f434-00aaba2c8952} - C:\WINDOWS\system32\gsf83iujid.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl Class - {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {F60C7D81-8471-4D40-AAFE-56D318F34C2D} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NMGameX_AutoRun] C:\WINDOWS\system32\Rundll32.exe nmgamex.dll,LiveProcess /aa
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Windows System Recover!] C:\DOCUME~1\jklinck.AGL\LOCALS~1\Temp\setup.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [] (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [] (User 'Default user')
O4 - Startup: fmnupd32.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ÐÂÀ˵ãµãͨ - {F60C7D81-8471-4D40-AAFE-56D318F34C2D} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} (CPlayFirstTriJinxControl Object) - http://l.yimg.com/jh/games/web_games...x.1.0.0.55.cab
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - file://C:\TempEI4\EI40_\msxml4.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - http://messenger.msn.com/download/Ms...Downloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = agl-lasers.com
O17 - HKLM\Software\..\Telephony: DomainName = agl-lasers.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = agl-lasers.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = agl-lasers.com
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: dcafcbadbfaa - C:\WINDOWS\system32\dcafcbadbfaa.dll (file missing)
O22 - SharedTaskScheduler: hs837hiudjgfo9s8gjio4gfd - {B2C7B2A1-00F3-42BD-F434-00AABA2C8952} - C:\WINDOWS\system32\gsf83iujid.dll (file missing)
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: Cadence License Manager - Macrovision Corporation - C:\OrCAD\license_manager\lmgrd.exe
O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: CA License Server (CA_LIC_SRVR) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: MAPICS Validation Service (FSValidationSvc) - Unknown owner - C:\Program Files\Common Files\Frontstep Shared\Service\FSValidationSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: OracleOraHome92Agent - Oracle Corporation - C:\oracle\ora92\bin\agntsrvc.exe
O23 - Service: OracleOraHome92ClientCache - Unknown owner - C:\oracle\ora92\BIN\ONRSD.EXE
O23 - Service: OracleOraHome92HTTPServer - Unknown owner - C:\oracle\ora92\Apache\Apache\apache.exe
O23 - Service: OracleOraHome92PagingServer - Unknown owner - C:\oracle\ora92/bin/pagntsrv.exe
O23 - Service: OracleOraHome92SNMPPeerEncapsulator - Unknown owner - C:\oracle\ora92\BIN\ENCSVC.EXE
O23 - Service: OracleOraHome92SNMPPeerMasterAgent - Unknown owner - C:\oracle\ora92\BIN\AGNTSVC.EXE
O23 - Service: OracleOraHome92TNSListener - Unknown owner - C:\oracle\ora92\BIN\TNSLSNR.exe
O23 - Service: PestPatrol Remote - Computer Associates International, Inc. - C:\WINDOWS\system32\ppRemoteService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Smc.exe
O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\SNAC.EXE
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: UStorage Server Service - OTi - C:\WINDOWS\system32\UStorSrv.exe
O23 - Service: Automatic Updates (wuauserv) - Unknown owner - C:\WINDOWS\

--
End of file - 11458 bytes

I am having problems using Combofix. I cannot see the whole screen and I cannot get the window to re size. What do you suggest?

Thanks

Delete the copy you have and try again and rename it this time when you have it downloaded on your desktop to combo-fix

Right click combofix.exe and select rename then rename it and press enter.

Did you disable all your anti-vurs programs and antispyware programs according to instructions?

Malware must be playing tricks on us.

I have Symantec Endpoint Protection. The instructions for disabling it doesn't follow what I see... in other words when I right click on the icon I only get

Open Symantec Endpoint Protection
Update Policy
Enable Symantec Endpoint Protection (this is not active, so I can't click on it)

I guess I don't know how to disable it??