Sign in to follow this  
cookiie723

msziptool.dll file issue help

Recommended Posts

Hello.

 

I seem to have a problem with the msziptool.dll file that keeps popping up through my Avira AV. I ran Ad-Aware and Spybot and neither program could locate the issue, just a couple tracking cookies. Avira keeps popping up and asking me what i want to do, so I've been denying access and have been avoiding using any IE/Microsoft related programs to keep this issue from reoccuring as it's rather annoying.

 

I've read one other thread about the dll file but my situation doesnt seem to fit what the other person was going through. Any help in getting this taken care of would be greatly appreciated. This problem did not start until after windows update ran last night. I didnt want to do anything until I get advice to do so.. Thanks ~Nora

 

-------------------------------

Here is my HijackThis log..

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 9:46:34 AM, on 10/21/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\WINDOWS\system32\hkcmd.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Documents and Settings\Nora\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\WINDOWS\system32\wuauclt.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Nora\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1179849197859

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1179849190859

O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - http://www-307.ibm.com/pc/support/IbmEgath.cab

O18 - Filter hijack: text/html - {691c2234-7bb6-4d3a-95fc-8e3d915ea92b} - C:\WINDOWS\system32\msziptools.dll

O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe

 

--

End of file - 6072 bytes

Share this post


Link to post
Share on other sites

Hello

 

Please go to UploadMalware to upload a suspicious file for analysis.

  • Enter your username from this forum in the Comments Or Further Info: box
  • Copy and paste the link to this thread in the Topic Where File Was Requested: box
  • Browse for this filename: C:\WINDOWS\system32\msziptools.dll
  • In the comments, please mention that I asked you to upload this file
  • Click on Send File

Tell me when that is done

Share this post


Link to post
Share on other sites

Much appreciated Nora

 

Download OTScanIt2.exe to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt2 on your desktop.

  • Open the OTScanIt2 folder and double-click on OTScanIt.exe to start the program.
  • Under File Age at the top, change it from 30 days to 90 days
  • Under Additional Scans check the boxes beside Reg - App Paths, Reg - Desktop Components, Reg - Disabled MS Config Items, Reg - File Associations, File - Lop Check, File - Purity Scan, and Evnt - EventViewer Logs ( Last 10 Errors).
  • Under Rootkit Search change it to Yes
  • Now click the Run Scan button on the toolbar.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.

Use the Add Reply button and post the information back here in an attachment. I will review it when it comes in. The last line is < End of Report >, so make sure that is the last line in the attached report.

 

 

Make sure you attach the report in your reply. If it is too big to upload, then zip the text file and upload it that way

Share this post


Link to post
Share on other sites

Not a problem...

 

OTScanIt2 logfile created on: 10/21/2008 11:12:53 AM - Run 1

OTScanIt2 by OldTimer - Version 1.0.0.19b Folder = C:\Documents and Settings\Nora\Desktop\OTScanIt2

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.11)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

509.98 Mb Total Physical Memory | 38.91 Mb Available Physical Memory | 7.63% Memory free

1.10 Gb Paging File | 0.44 Gb Available in Paging File | 40.45% Paging File free

Paging file location(s): C:\pagefile.sys 192 800;

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 35.27 Gb Total Space | 12.23 Gb Free Space | 34.68% Space Free | Partition Type: FAT32

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: REGINA

Current User Name: Nora

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: Current user

Whitelist: On

File Age = 90 Days

 

[Processes - Safe List]

sched.exe -> %ProgramFiles%\Avira\AntiVir PersonalEdition Classic\sched.exe -> [2008/06/12 14:46:26 | 00,068,865 | ---- | M] (Avira GmbH)

avguard.exe -> %ProgramFiles%\Avira\AntiVir PersonalEdition Classic\avguard.exe -> [2008/08/19 19:28:20 | 00,149,761 | ---- | M] (Avira GmbH)

lvcomser.exe -> %CommonProgramFiles%\LogiShrd\LVCOMSER\LVComSer.exe -> [2008/07/26 08:23:42 | 00,186,904 | ---- | M] (Logitech Inc.)

lvprcsrv.exe -> %CommonProgramFiles%\LogiShrd\LVMVFM\LVPrcSrv.exe -> [2008/07/26 08:25:36 | 00,150,040 | ---- | M] (Logitech Inc.)

avgnt.exe -> %ProgramFiles%\Avira\AntiVir PersonalEdition Classic\avgnt.exe -> [2008/06/12 14:28:46 | 00,266,497 | ---- | M] (Avira GmbH)

hkcmd.exe -> %SystemRoot%\system32\hkcmd.exe -> [2005/06/21 16:44:34 | 00,126,976 | ---- | M] (Intel Corporation)

teatimer.exe -> %ProgramFiles%\Spybot - Search & Destroy\TeaTimer.exe -> [2008/07/07 09:42:06 | 02,156,368 | RHS- | M] (Safer Networking Limited)

googleupdate.exe -> %UserProfile%\Local Settings\Application Data\Google\Update\GoogleUpdate.exe -> [2008/10/12 22:22:12 | 00,133,104 | ---- | M] (Google Inc.)

msnmsgr.exe -> %ProgramFiles%\Windows Live\Messenger\msnmsgr.exe -> [2007/10/18 11:34:02 | 05,724,184 | ---- | M] (Microsoft Corporation)

lvcomser.exe -> %CommonProgramFiles%\LogiShrd\LVCOMSER\LVComSer.exe -> [2008/07/26 08:23:42 | 00,186,904 | ---- | M] (Logitech Inc.)

iexplore.exe -> %ProgramFiles%\Internet Explorer\iexplore.exe -> [2008/08/22 22:56:16 | 00,635,848 | ---- | M] (Microsoft Corporation)

yahoomessenger.exe -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe -> [2007/08/20 16:30:08 | 04,670,704 | ---- | M] (Yahoo! Inc.)

msmsgs.exe -> %ProgramFiles%\Messenger\msmsgs.exe -> [2008/04/13 17:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

firefox.exe -> %ProgramFiles%\Mozilla Firefox\firefox.exe -> [2008/09/27 21:58:06 | 00,307,712 | ---- | M] (Mozilla Corporation)

otscanit2.exe -> %UserProfile%\Desktop\OTScanIt2\OTScanIt2.exe -> [2008/10/20 20:03:46 | 00,418,816 | ---- | M] (OldTimer Tools)

 

[Win32 Services - Safe List]

(AntiVirScheduler) Avira AntiVir Personal - Free Antivirus Scheduler [Win32_Own | Auto | Running] -> %ProgramFiles%\Avira\AntiVir PersonalEdition Classic\sched.exe -> [2008/06/12 14:46:26 | 00,068,865 | ---- | M] (Avira GmbH)

(AntiVirService) Avira AntiVir Personal - Free Antivirus Guard [Win32_Own | Auto | Running] -> %ProgramFiles%\Avira\AntiVir PersonalEdition Classic\avguard.exe -> [2008/08/19 19:28:20 | 00,149,761 | ---- | M] (Avira GmbH)

(Apple Mobile Device) Apple Mobile Device [Win32_Own | Disabled | Stopped] -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> [2007/10/31 14:09:16 | 00,110,592 | ---- | M] (Apple, Inc.)

(aspnet_state) ASP.NET State Service [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -> [2007/10/24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation)

(clr_optimization_v2.0.50727_32) .NET Runtime Optimization Service v2.0.50727_X86 [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -> [2007/10/24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation)

(FontCache3.0.0.0) Windows Presentation Foundation Font Cache 3.0.0.0 [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe -> [2007/10/09 12:58:12 | 00,036,864 | ---- | M] (Microsoft Corporation)

(idsvc) Windows CardSpace [Win32_Shared | Unknown | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -> [2007/10/11 09:55:10 | 00,864,256 | ---- | M] (Microsoft Corporation)

(ioloFileInfoList) iolo FileInfoList Service [Win32_Shared | Disabled | Stopped] -> %ProgramFiles%\iolo\common\lib\ioloServiceManager.exe -> [2008/09/24 10:34:26 | 00,596,840 | ---- | M] ()

(ioloSystemService) iolo System Service [Win32_Shared | Disabled | Stopped] -> %ProgramFiles%\iolo\common\lib\ioloServiceManager.exe -> [2008/09/24 10:34:26 | 00,596,840 | ---- | M] ()

(iPod Service) iPod Service [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\iPod\bin\iPodService.exe -> [2007/11/15 13:10:54 | 00,504,104 | ---- | M] (Apple Inc.)

(LVCOMSer) LVCOMSer [Win32_Own | Auto | Running] -> %CommonProgramFiles%\LogiShrd\LVCOMSER\LVComSer.exe -> [2008/07/26 08:23:42 | 00,186,904 | ---- | M] (Logitech Inc.)

(LVPrcSrv) Process Monitor [Win32_Own | Auto | Running] -> %CommonProgramFiles%\LogiShrd\LVMVFM\LVPrcSrv.exe -> [2008/07/26 08:25:36 | 00,150,040 | ---- | M] (Logitech Inc.)

(LVSrvLauncher) LVSrvLauncher [Win32_Own | Auto | Stopped] -> %CommonProgramFiles%\LogiShrd\SrvLnch\SrvLnch.exe -> [2008/07/26 08:27:42 | 00,141,848 | ---- | M] (Logitech Inc.)

(NetTcpPortSharing) Net.Tcp Port Sharing Service [Win32_Shared | Disabled | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -> [2007/10/11 09:55:14 | 00,122,880 | ---- | M] (Microsoft Corporation)

(ProtexisLicensing) ProtexisLicensing [Win32_Own | Disabled | Stopped] -> %SystemRoot%\system32\PSIService.exe -> [2007/06/05 13:20:32 | 00,177,704 | ---- | M] ()

(vsmon) TrueVector Internet Monitor [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\system32\ZONELABS\vsmon.exe -> [2007/03/09 00:01:58 | 00,075,568 | ---- | M] (Zone Labs, LLC)

(WLSetupSvc) Windows Live Setup Service [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\Windows Live\installer\WLSetupSvc.exe -> [2007/10/25 15:27:54 | 00,266,240 | ---- | M] (Microsoft Corporation)

(WMPNetworkSvc) Windows Media Player Network Sharing Service [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\Windows Media Player\WMPNetwk.exe -> [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation)

(WSearch) Windows Search [Win32_Own | Disabled | Stopped] -> %SystemRoot%\system32\SearchIndexer.exe -> [2008/05/26 22:18:44 | 00,439,808 | ---- | M] (Microsoft Corporation)

 

[Driver Services - Safe List]

(ac97intc) Intel® 82801 Audio Driver Install Service (WDM) [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\ac97intc.sys -> [2001/08/17 12:20:04 | 00,096,256 | ---- | M] (Intel Corporation)

(aeaudio) aeaudio [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\aeaudio.sys -> [2003/10/23 11:17:10 | 00,100,384 | ---- | M] (Andrea Electronics Corporation)

(AliIde) AliIde [Kernel | Boot | Running] -> %SystemRoot%\System32\DRIVERS\aliide.sys -> [2001/08/17 13:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.)

(amdagp) AMD AGP Bus Filter Driver [Kernel | Boot | Running] -> %SystemRoot%\System32\DRIVERS\amdagp.sys -> [2008/04/13 11:36:40 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.)

(asc) asc [Kernel | Boot | Running] -> %SystemRoot%\System32\DRIVERS\asc.sys -> [2001/08/17 13:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.)

(asc3550) asc3550 [Kernel | Boot | Running] -> %SystemRoot%\System32\DRIVERS\asc3550.sys -> [2001/08/17 13:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.)

(avgio) avgio [Kernel | System | Running] -> %ProgramFiles%\Avira\AntiVir PersonalEdition Classic\avgio.sys -> [2007/02/27 15:25:02 | 00,011,840 | ---- | M] (Avira GmbH)

(avgntflt) avgntflt [File_System | On_Demand | Running] -> %ProgramFiles%\Avira\AntiVir PersonalEdition Classic\avgntflt.sys -> [2008/05/20 16:29:42 | 00,052,032 | ---- | M] (Avira GmbH)

(avipbb) avipbb [Kernel | System | Running] -> %SystemRoot%\system32\DRIVERS\avipbb.sys -> [2008/06/27 15:03:56 | 00,075,072 | ---- | M] (Avira GmbH)

(CmdIde) CmdIde [Kernel | Boot | Running] -> %SystemRoot%\System32\DRIVERS\cmdide.sys -> [2001/08/17 13:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.)

(dac2w2k) dac2w2k [Kernel | Boot | Running] -> %SystemRoot%\System32\DRIVERS\dac2w2k.sys -> [2001/08/17 13:52:16 | 00,179,584 | ---- | M] (Mylex Corporation)

(E100B) Intel® PRO Network Connection Driver [Kernel | On_Demand | Running] -> %SystemRoot%\System32\DRIVERS\e100b325.sys -> [2007/11/16 19:55:00 | 00,165,496 | ---- | M] (Intel Corporation)

(EGATHDRV) IBM Access Support [Kernel | On_Demand | Stopped] -> %SystemRoot%\Downloaded Program Files\EGATHDRV.SYS -> [2004/02/24 23:21:52 | 00,005,120 | ---- | M] (IBM Corporation)

(FilterService) UVC Filter Service [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\DRIVERS\lvuvcflt.sys -> [2008/07/26 15:26:56 | 00,023,832 | ---- | M] (Logitech Inc.)

(GEARAspiWDM) GEARAspiWDM [Kernel | On_Demand | Running] -> %SystemRoot%\System32\Drivers\GEARAspiWDM.sys -> [2006/09/19 14:44:04 | 00,015,664 | ---- | M] (GEAR Software Inc.)

(ialm) ialm [Kernel | On_Demand | Running] -> %SystemRoot%\System32\DRIVERS\ialmnt5.sys -> [2005/06/21 17:12:34 | 00,807,998 | ---- | M] (Intel Corporation)

(KLIF) KLIF [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\ZONELABS\avsys\KLIF.SYS -> [2006/11/29 22:02:26 | 00,174,864 | ---- | M] (Kaspersky Lab)

(LVMVDrv) Logitech Machine Vision Engine Loader [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\LVMVDrv.sys -> [2007/10/11 18:59:02 | 02,142,488 | ---- | M] (Logitech Inc.)

(lvpopflt) Logitech POP Suppression Filter [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\lvpopflt.sys -> [2008/07/26 15:24:50 | 00,095,384 | ---- | M] (Logitech Inc.)

(LVPr2Mon) Logitech LVPr2Mon Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\LVPr2Mon.sys -> [2008/07/26 08:25:02 | 00,025,624 | ---- | M] ()

(LVRS) Logitech RightSound Filter Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\lvrs.sys -> [2008/07/26 15:25:48 | 00,627,864 | ---- | M] (Logitech Inc.)

(LVUSBSta) Logitech USB Monitor Filter [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\LVUSBSta.sys -> [2008/07/26 15:26:22 | 00,041,752 | ---- | M] (Logitech Inc.)

(LVUVC) Logitech QuickCam Pro 5000(UVC) [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\lvuvc.sys -> [2008/07/26 15:26:44 | 04,658,584 | ---- | M] (Logitech Inc.)

(ManyCam) ManyCam Virtual Webcam, WDM Video Capture Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\ManyCam.sys -> [2008/01/14 03:06:32 | 00,021,632 | ---- | M] (ManyCam LLC.)

(mraid35x) mraid35x [Kernel | Boot | Running] -> %SystemRoot%\System32\DRIVERS\mraid35x.sys -> [2001/08/17 13:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.)

(nv) nv [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\DRIVERS\nv4_mini.sys -> [2004/08/03 22:29:54 | 01,897,408 | ---- | M] (NVIDIA Corporation)

(pelmouse) Mouse Suite Driver [Kernel | System | Running] -> %SystemRoot%\system32\DRIVERS\pelmouse.sys -> [2003/01/10 13:55:32 | 00,016,384 | ---- | M] (Primax Electronics Ltd.)

(pelps2m) PS/2 Mouse Filter Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\pelps2m.sys -> [2003/01/20 22:28:18 | 00,018,048 | ---- | M] (Primax Electronics Ltd.)

(psadd) Lenovo Parties Service Access Device Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\psadd.sys -> [2006/09/12 22:42:18 | 00,028,224 | ---- | M] (Lenovo (United States) Inc.)

(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %SystemRoot%\System32\DRIVERS\ptilink.sys -> [2002/08/29 05:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.)

(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %SystemRoot%\System32\Drivers\PxHelp20.sys -> [2007/07/25 19:53:30 | 00,043,528 | ---- | M] (Sonic Solutions)

(ql1080) ql1080 [Kernel | Boot | Running] -> %SystemRoot%\System32\DRIVERS\ql1080.sys -> [2001/08/17 13:52:20 | 00,040,320 | ---- | M] (QLogic Corporation)

(ql12160) ql12160 [Kernel | Boot | Running] -> %SystemRoot%\System32\DRIVERS\ql12160.sys -> [2001/08/17 13:52:20 | 00,045,312 | ---- | M] (QLogic Corporation)

(ql1280) ql1280 [Kernel | Boot | Running] -> %SystemRoot%\System32\DRIVERS\ql1280.sys -> [2001/08/17 13:52:18 | 00,049,024 | ---- | M] (QLogic Corporation)

(Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\DRIVERS\secdrv.sys -> [2007/11/13 02:25:54 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)

(sisagp) SIS AGP Bus Filter [Kernel | Boot | Running] -> %SystemRoot%\System32\DRIVERS\sisagp.sys -> [2008/04/13 11:36:40 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation)

(smwdm) smwdm [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\smwdm.sys -> [2003/10/27 14:09:06 | 00,578,432 | ---- | M] (Analog Devices, Inc.)

(Sparrow) Sparrow [Kernel | Boot | Running] -> %SystemRoot%\System32\DRIVERS\sparrow.sys -> [2001/08/17 14:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.)

(srescan) srescan [Kernel | Boot | Running] -> %SystemRoot%\system32\ZoneLabs\srescan.sys -> [2007/01/18 05:39:20 | 00,050,416 | ---- | M] (Zone Labs, LLC)

(ssmdrv) ssmdrv [Kernel | System | Running] -> %SystemRoot%\system32\DRIVERS\ssmdrv.sys -> [2007/03/01 10:34:22 | 00,028,352 | ---- | M] (Avira GmbH)

(StillCam) Still Serial Digital Camera Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\DRIVERS\serscan.sys -> [2001/08/17 13:53:32 | 00,006,784 | ---- | M] (Microsoft Corporation)

(symc810) symc810 [Kernel | Boot | Running] -> %SystemRoot%\System32\DRIVERS\symc810.sys -> [2001/08/17 14:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.)

(symc8xx) symc8xx [Kernel | Boot | Running] -> %SystemRoot%\System32\DRIVERS\symc8xx.sys -> [2001/08/17 14:07:36 | 00,032,640 | ---- | M] (LSI Logic)

(sym_hi) sym_hi [Kernel | Boot | Running] -> %SystemRoot%\System32\DRIVERS\sym_hi.sys -> [2001/08/17 14:07:40 | 00,028,384 | ---- | M] (LSI Logic)

(sym_u3) sym_u3 [Kernel | Boot | Running] -> %SystemRoot%\System32\DRIVERS\sym_u3.sys -> [2001/08/17 14:07:42 | 00,030,688 | ---- | M] (LSI Logic)

(ultra) ultra [Kernel | Boot | Running] -> %SystemRoot%\System32\DRIVERS\ultra.sys -> [2001/08/17 13:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.)

(usbaudio) USB Audio Driver (WDM) [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\usbaudio.sys -> [2008/04/13 11:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation)

(usbbus) LGE CDMA Composite USB Device [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\DRIVERS\lgusbbus.sys -> [2005/05/26 11:01:18 | 00,021,344 | ---- | M] (LG Electronics Inc.)

(UsbDiag) LGE CDMA USB Serial Port [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\DRIVERS\lgusbdiag.sys -> [2005/05/26 11:01:36 | 00,038,144 | ---- | M] (LG Electronics Inc.)

(USBModem) LGE CDMA USB Modem [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\DRIVERS\lgusbmodem.sys -> [2005/06/24 18:36:16 | 00,039,036 | ---- | M] (LG Electronics Inc.)

(vsdatant) vsdatant [Kernel | System | Running] -> %SystemRoot%\System32\vsdatant.sys -> [2007/03/09 00:02:10 | 00,394,192 | ---- | M] (Zone Labs, LLC)

({6080A529-897E-4629-A488-ABA0C29B635E}) Intel® Graphics Platform (SoftBIOS) Driver [Kernel | System | Stopped] -> %SystemRoot%\system32\drivers\ialmsbw.sys -> [2002/10/16 20:00:48 | 00,091,678 | ---- | M] (Intel Corporation)

({D31A0762-0CEB-444e-ACFF-B049A1F6FE91}) Intel® Graphics Chipset (KCH) Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\ialmkchw.sys -> [2002/10/16 20:01:00 | 00,071,514 | ---- | M] (Intel Corporation)

 

[Registry - Safe List]

< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->

HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://www.yahoo.com/ ->

HKEY_LOCAL_MACHINE\: Main\\"Default_Search_URL" -> http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com ->

HKEY_LOCAL_MACHINE\: Main\\"Default_Secondary_Page_URL" -> ->

HKEY_LOCAL_MACHINE\: Main\\"Extensions Off Page" -> about:NoAdd-ons ->

HKEY_LOCAL_MACHINE\: Main\\"Search Page" -> http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com ->

HKEY_LOCAL_MACHINE\: Main\\"Security Risk Page" -> about:SecurityRisk ->

HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://www.yahoo.com/ ->

HKEY_LOCAL_MACHINE\: Search\\"CustomizeSearch" -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->

HKEY_LOCAL_MACHINE\: Search\\"CustomSearch" -> http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html ->

HKEY_LOCAL_MACHINE\: Search\\"SearchAssistant" -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->

< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> ->

HKEY_CURRENT_USER\: Main\\"Search Page" -> http://go.microsoft.com/fwlink/?LinkId=54896 ->

HKEY_CURRENT_USER\: Main\\"Start Page" -> http://go.microsoft.com/fwlink/?LinkId=69157 ->

HKEY_CURRENT_USER\: "ProxyEnable" -> 0 ->

< HOSTS File > (265486 bytes and 9242 lines) -> C:\WINDOWS\System32\drivers\etc\Hosts ->

First 25 entries...

127.0.0.1 localhost

127.0.0.1 www.007guard.com

127.0.0.1 007guard.com

127.0.0.1 008i.com

127.0.0.1 www.008k.com

127.0.0.1 008k.com

127.0.0.1 www.00hq.com

127.0.0.1 00hq.com

127.0.0.1 010402.com

127.0.0.1 www.032439.com

127.0.0.1 032439.com

127.0.0.1 www.0scan.com

127.0.0.1 0scan.com

127.0.0.1 www.100888290cs.com

127.0.0.1 100888290cs.com

127.0.0.1 www.100sexlinks.com

127.0.0.1 100sexlinks.com

127.0.0.1 www.10sek.com

127.0.0.1 10sek.com

127.0.0.1 www.123topsearch.com

127.0.0.1 123topsearch.com

127.0.0.1 www.132.com

127.0.0.1 132.com

127.0.0.1 www.136136.net

127.0.0.1 136136.net

< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> [2006/10/22 23:08:42 | 00,062,080 | ---- | M] (Adobe Systems Incorporated)

{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> %SystemDrive%\PROGRA~1\SPYBOT~1\SDHelper.dll [spybot-S&D IE Protection] -> [2008/07/07 09:41:58 | 01,562,448 | ---- | M] (Safer Networking Limited)

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_07\bin\ssv.dll [sSVHelper Class] -> [2008/06/10 04:27:02 | 00,509,328 | ---- | M] (Sun Microsystems, Inc.)

{9030D464-4C02-4ABF-8ECC-5164760863C6} [HKLM] -> %CommonProgramFiles%\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [Windows Live Sign-in Helper] -> [2007/09/20 10:30:18 | 00,328,752 | ---- | M] (Microsoft Corporation)

< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->

"SITEguard" [HKLM] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found

< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->

"avgnt" -> %ProgramFiles%\Avira\AntiVir PersonalEdition Classic\avgnt.exe ["C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min] -> [2008/06/12 14:28:46 | 00,266,497 | ---- | M] (Avira GmbH)

"HotKeysCmds" -> %SystemRoot%\system32\hkcmd.exe [C:\WINDOWS\system32\hkcmd.exe] -> [2005/06/21 16:44:34 | 00,126,976 | ---- | M] (Intel Corporation)

"IgfxTray" -> %SystemRoot%\system32\igfxtray.exe [C:\WINDOWS\system32\igfxtray.exe] -> [2005/06/21 16:48:18 | 00,155,648 | ---- | M] (Intel Corporation)

"QuickTime Task" -> %ProgramFiles%\QuickTime\qttask.exe ["C:\Program Files\QuickTime\qttask.exe" -atboottime] -> [2008/09/06 15:09:14 | 00,413,696 | ---- | M] (Apple Inc.)

< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->

"Google Update" -> %UserProfile%\Local Settings\Application Data\Google\Update\GoogleUpdate.exe ["C:\Documents and Settings\Nora\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c] -> [2008/10/12 22:22:12 | 00,133,104 | ---- | M] (Google Inc.)

"MSMSGS" -> %ProgramFiles%\Messenger\msmsgs.exe ["C:\Program Files\Messenger\msmsgs.exe" /background] -> [2008/04/13 17:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

"msnmsgr" -> %ProgramFiles%\Windows Live\Messenger\msnmsgr.exe ["C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background] -> [2007/10/18 11:34:02 | 05,724,184 | ---- | M] (Microsoft Corporation)

"SpybotSD TeaTimer" -> %ProgramFiles%\Spybot - Search & Destroy\TeaTimer.exe [C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe] -> [2008/07/07 09:42:06 | 02,156,368 | RHS- | M] (Safer Networking Limited)

"Yahoo! Pager" -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe ["C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet] -> [2007/08/20 16:30:08 | 04,670,704 | ---- | M] (Yahoo! Inc.)

< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->

< Nora Startup Folder > -> C:\Documents and Settings\Nora\Start Menu\Programs\Startup ->

< Software Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer ->

< Software Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer ->

< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->

< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System

\\"dontdisplaylastusername" -> [0] -> File not found

\\"legalnoticecaption" -> [] -> File not found

\\"legalnoticetext" -> [] -> File not found

\\"shutdownwithoutlogon" -> [1] -> File not found

\\"undockwithoutlogon" -> [1] -> File not found

< CurrentVersion Policy Settings - Explorer [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer

\\"NoDriveTypeAutoRun" -> [145] -> File not found

\\"NoDrives" -> [0] -> File not found

\\"NoViewOnDrive" -> [0] -> File not found

\\"NoLogoff" -> [0] -> File not found

\\"NoWindowsUpdate" -> [0] -> File not found

\\"StartMenuLogOff" -> [0] -> File not found

< CurrentVersion Policy Settings - System [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->

< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->

{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [Menu: Sun Java Console] -> [2008/06/10 04:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)

{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> %SystemDrive%\PROGRA~1\SPYBOT~1\SDHelper.dll [Menu: Spybot - Search & Destroy Configuration] -> [2008/07/07 09:41:58 | 01,562,448 | ---- | M] (Safer Networking Limited)

{FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [button: Messenger] -> [2008/04/13 17:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

{FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Menu: Windows Messenger] -> [2008/04/13 17:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->

PluginsPageFriendlyName -> Microsoft ActiveX Gallery ->

PluginsPage -> http://activex.microsoft.com/controls/find...=%s&mime=%s ->

< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix

"" -> http://

< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4838 domain(s) found. ->

46 domain(s) and sub-domain(s) not assigned to a zone.

< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. ->

< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4837 domain(s) found. ->

45 domain(s) and sub-domain(s) not assigned to a zone.

< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. ->

< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->

{166B1BCA-3F9C-11CF-8075-444553540000} [HKLM] -> http://download.macromedia.com/pub/shockwa...director/sw.cab[shockwave ActiveX Control] ->

{6414512B-B978-451D-A0D8-FCFDF33E833C} [HKLM] -> http://www.update.microsoft.com/microsoftu...b?1179849197859[WUWebControl Class] ->

{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} [HKLM] -> http://www.update.microsoft.com/microsoftu...b?1179849190859[MUWebControl Class] ->

{74FFE28D-2378-11D5-990C-006094235084} [HKLM] -> http://www-307.ibm.com/pc/support/IbmEgath.cab[iBM Access Support] ->

{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab[Java Plug-in 1.6.0_07] ->

{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [HKLM] -> http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab[Reg Error: Key does not exist or could not be opened.] ->

{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab[Java Plug-in 1.6.0_02] ->

{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab[Java Plug-in 1.6.0_03] ->

{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab[Java Plug-in 1.6.0_07] ->

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab[Java Plug-in 1.6.0_07] ->

{D27CDB6E-AE6D-11CF-96B8-444553540000} [HKLM] -> http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab[shockwave Flash Object] ->

DirectAnimation Java Classes [HKLM] -> file://C:\WINDOWS\Java\classes\dajava.cab[Reg Error: Key does not exist or could not be opened.] ->

Microsoft XML Parser for Java [HKLM] -> file://C:\WINDOWS\Java\classes\xmldso.cab[Reg Error: Key does not exist or could not be opened.] ->

< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->

{47277A72-F6AA-4005-BF7D-794C338BCDA4} -> (Intel® PRO/100 VE Network Connection) ->

< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->

igfxcui -> %SystemRoot%\system32\igfxsrvc.dll -> [2005/06/21 16:44:12 | 00,348,160 | ---- | M] (Intel Corporation)

< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks ->

"{56F9679E-7826-4C84-81F3-532071A8BCC5}" [HKLM] -> %ProgramFiles%\Windows Desktop Search\MSNLNamespaceMgr.dll [] -> [2008/05/26 22:19:02 | 00,304,128 | ---- | M] (Microsoft Corporation)

< Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List ->

"%windir%\Network Diagnostic\xpnetdiag.exe" -> C:\WINDOWS\Network Diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> [2008/04/13 11:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)

"%windir%\system32\sessmgr.exe" -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> [2008/04/13 17:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation)

< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List ->

"%windir%\Network Diagnostic\xpnetdiag.exe" -> C:\WINDOWS\Network Diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> [2008/04/13 11:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)

"%windir%\system32\sessmgr.exe" -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> [2008/04/13 17:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation)

"C:\Program Files\AIM6\AIM6.EXE" -> C:\Program Files\AIM6\AIM6.EXE [C:\Program Files\AIM6\AIM6.EXE:*:Enabled:AIM] -> [2008/03/25 13:21:30 | 00,050,528 | ---- | M] (AOL LLC)

"C:\Program Files\Common Files\AOL\Loader\aolload.exe" -> C:\Program Files\Common Files\AOL\Loader\aolload.exe [C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader] -> [2006/11/02 23:17:28 | 00,010,800 | ---- | M] (AOL LLC)

"C:\Program Files\iTunes\iTunes.exe" -> C:\Program Files\iTunes\iTunes.exe [C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes] -> [2007/11/15 13:10:56 | 17,152,808 | ---- | M] (Apple Inc.)

"C:\Program Files\LimeWire\LimeWire.exe" -> C:\Program Files\LimeWire\LimeWire.exe [C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire] -> [2008/08/21 13:59:56 | 00,147,456 | ---- | M] (Lime Wire, LLC)

"C:\Program Files\Messenger\msmsgs.exe" -> C:\Program Files\Messenger\msmsgs.exe [C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger] -> [2008/04/13 17:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

"C:\Program Files\Mozilla Firefox\firefox.exe" -> C:\Program Files\Mozilla Firefox\firefox.exe [C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox] -> [2008/09/27 21:58:06 | 00,307,712 | ---- | M] (Mozilla Corporation)

"C:\Program Files\MSN Messenger\MSNMSGR.EXE" -> C:\Program Files\MSN Messenger\MSNMSGR.EXE [C:\Program Files\MSN Messenger\MSNMSGR.EXE:*:Enabled:Messenger] -> [2007/01/19 12:54:56 | 05,674,352 | ---- | M] (Microsoft Corporation)

"C:\Program Files\MySpace\IM\MySpaceIM.exe" -> C:\Program Files\MySpace\IM\MySpaceIM.exe [C:\Program Files\MySpace\IM\MySpaceIM.exe:*:Enabled:MySpaceIM] -> File not found

"C:\Program Files\uTorrent\uTorrent.exe" -> C:\Program Files\uTorrent\uTorrent.exe [C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:uTorrent] -> [2008/10/18 12:28:36 | 00,270,128 | ---- | M] (BitTorrent, Inc.)

"C:\Program Files\Winamp Remote\bin\Orb.exe" -> C:\Program Files\Winamp Remote\bin\Orb.exe [C:\Program Files\Winamp Remote\bin\Orb.exe:*:Enabled:Orb] -> [2007/08/01 17:02:12 | 00,073,728 | ---- | M] (Orb Networks, Inc.)

"C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe" -> C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe [C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client] -> [2007/11/06 17:02:24 | 05,824,512 | ---- | M] (Orb Networks)

"C:\Program Files\Winamp Remote\bin\OrbTray.exe" -> C:\Program Files\Winamp Remote\bin\OrbTray.exe [C:\Program Files\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray] -> [2008/01/07 12:02:54 | 00,495,616 | ---- | M] (Orb Networks)

"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" -> C:\Program Files\Windows Live\Messenger\msnmsgr.exe [C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger] -> [2007/10/18 11:34:02 | 05,724,184 | ---- | M] (Microsoft Corporation)

"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -> C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger] -> [2007/08/20 16:30:08 | 04,670,704 | ---- | M] (Yahoo! Inc.)

"C:\Program Files\Yahoo!\Messenger\YServer.exe" -> C:\Program Files\Yahoo!\Messenger\YServer.exe [C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server] -> [2007/08/20 16:30:08 | 00,091,376 | ---- | M] (Yahoo! Inc.)

< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot ->

"AlternateShell" -> cmd.exe ->

< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->

"AutoRun" -> 1 ->

"DisplayName" -> CD-ROM Driver ->

"ImagePath" -> %SystemRoot%\System32\DRIVERS\cdrom.sys [system32\DRIVERS\cdrom.sys] -> [2008/04/13 11:40:46 | 00,062,976 | ---- | M] (Microsoft Corporation)

< Drives with AutoRun files > -> ->

C:\AUTOEXEC.BAT [@ECHO OFF | IF NOT EXIST C:\TAILFILE.TXT CALL C:\IBMWORK\TAILFILE 8 | ECHO ***** Boot process in C:\AUTOEXEC.BAT ***** >>C:\IBMWORK\MODULES.LOG | TIME <C:\IBMWORK\E >>C:\IBMWORK\MODULES.LOG | CLS | SET COMSPEC=C:\COMMAND.COM | SET PATH=C:\;C:\IBMWORK;C:\IBMWORK\TOOLS | SMARTDRV.EXE C+ /U | | REM This section checks for conditions | IF EXIST C:\IBMWORK\REBOOT.TAG GOTO FIRSTADT | IF EXIST C:\IBMWORK\MFGBOOT.HDD IF NOT EXIST C:\IBMWORK\DISKYES.TAG GOTO MFGBOOT | IF EXIST C:\DEVMODE.TAG GOTO NOBOOTINI | IF EXIST C:\OUTOFBOX.TAG GOTO OUTOFBOX | IF NOT EXIST C:\REAUDIT.TAG GOTO FIRSTADT | | REM This section runs in a REAUDIT case | :OUTOFBOX | REN C:\WINDOWS\SYSTEM32\AUTOCONV.EXE *.TMP | DEL C:\IBMWORK\SEC?DUN.TAG | FMODIFY C:\IBMWORK\REAUDIT.FM | COPY C:\IBMWORK\DOWORK.ORG C:\IBMWORK\DOWORK.CMD /Y | COPY C:\IBMWORK\DOWORK2.ORG C:\IBMWORK\DOWORK2.CMD /Y | IF EXIST C:\IBMWORK\DOWORK.TAG DEL C:\IBMWORK\DOWORK.TAG | IF EXIST C:\IBMWORK\DOWORK2.TAG DEL C:\IBMWORK\DOWORK2.TAG | ECHO ***** REAUDIT.TAG FROM AUTOEXEC.BAT ***** >>C:\IBMWORK\MODULES.LOG | | :FIRSTADT | IF EXIST C:\IBMWORK\REBOOT.TAG IF EXIST C:\IBMWORK\DOWORK.TAG GOTO RBTAG | GOTO NORBTAG | | REM This section runs if a REBOOT.TAG is present | :RBTAG | REM THIS SHOULD ONLY RUN DURING AUDIT MODE | ECHO ***** REBOOT FROM AUTOEXEC.BAT ***** >>C:\IBMWORK\MODULES.LOG | REN C:\WINDOWS\SYSTEM32\AUTOCONV.EXE *.TMP | FMODIFY C:\IBMWORK\REAUDIT.FM | ECHO DOWORK2DUN > C:\IBMWORK\DOWORK2.TAG | | :NORBTAG | IF NOT EXIST C:\IBMWORK\PLFILES C:\IBMWORK\PLACTION.EXE | LABEL IBM_PRELOAD | | IF NOT EXIST C:\SYSPREP\SYSPREP.EXE MD C:\SYSPREP | XCOPY C:\IBMWORK\SYSPREP\*.* C:\SYSPREP\*.* /e /s /v /y >NUL | IF EXIST C:\IBMWORK\*.PL DEL C:\IBMWORK\*.PL | IF EXIST C:\IBMWORK\PLFILES DEL C:\IBMWORK\PLFILES | COPY C:\SYSPREP\SYSPREP.INF C:\IBMWORK\*.* /Y >NUL | | IF NOT EXIST C:\WINDOWS\EXPLORER.EXE GOTO NOBOOTINI | | REM This section only runs if XP is installed | ATTRIB -S -H -R C:\BOOT.INI | IF EXIST C:\IBMWORK\XPHOME COPY C:\IBMWORK\BOOT.HOM C:\BOOT.INI /Y >NUL | IF EXIST C:\IBMWORK\XPPRO COPY C:\IBMWORK\BOOT.PRO C:\BOOT.INI /Y >NUL | ATTRIB +S +H +R C:\BOOT.INI | DEL C:\WINDOWS\SYSTEM32\CONFIG\*.EVT | | REM This section only runs on SYSPREP base images | IF EXIST C:\IBMWORK\1STRBOOT.TAG GOTO END | XCOPY C:\I386\$OEM$\$$\*.* C:\WINDOWS\*.* /e /s /v /y >NUL | XCOPY C:\I386\$OEM$\$1\*.* C:\*.* /e /s /v /y >NUL | COPY C:\I386\$OEM$\INSTALL.INS C:\PROGRA~1\INTERN~1\SIGNUP\*.* /y >NUL | GOTO END | | :NOBOOTINI | FMODIFY C:\IBMWORK\UINSTDRV.FM | CD I386 | C:\i386\WINNT.EXE /S:C:\i386 /U:C:\i386\UNATTEND.TXT | | REM This section completes the DOS boot and reboots into XP | :END | REBOOT | PAUSE | | REM This section is for network boot MFG lines and removing the DOS boot | :MFGBOOT | IF EXIST C:\IBMWORK\REAUDIT.BAT CALL C:\IBMWORK\REAUDIT.BAT | IF EXIST C:\IBMWORK\REAUDIT.BAT CALL C:\IBMWORK\REAUDIT.BAT | IF EXIST C:\IBMWORK\REAUDIT.BAT CALL C:\IBMWORK\REAUDIT.BAT | ECHO MFGBOOT2 >>C:\IBMWORK\MFGBOOT2.HDD | IF EXIST C:\IBMWORK\MFGBOOT.BAT CALL C:\IBMWORK\MFGBOOT.BAT | DEL C:\IBMWORK\MFGBOOT.HDD | REBOOT | | ] -> %SystemDrive%\AUTOEXEC.BAT [ FAT32 ] -> [2007/04/29 05:48:42 | 00,003,011 | ---- | M] ()

< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 ->

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\Shell

\E\Shell\\"" -> [AutoRun] -> File not found

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\Shell\AutoRun

\E\Shell\AutoRun\\"" -> [Auto&Play] -> File not found

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\Shell\AutoRun\command

\E\Shell\AutoRun\command\\"" -> E:\LaunchU3.exe [E:\LaunchU3.exe -a] -> File not found

 

[Registry - Additional Scans - Safe List]

< App Paths [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\ ->

AcroRd32.exe -> %ProgramFiles%\Adobe\Reader 8.0\Reader\AcroRd32.exe [C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe] -> [2007/05/11 03:06:38 | 00,341,616 | ---- | M] (Adobe Systems Incorporated)

bckgzm.exe -> %ProgramFiles%\MSN Gaming Zone\Windows\bckgzm.exe [C:\Program Files\MSN Gaming Zone\Windows\bckgzm.exe] -> [2002/08/29 05:00:00 | 00,042,577 | ---- | M] (Microsoft Corporation)

chkrzm.exe -> %ProgramFiles%\MSN Gaming Zone\Windows\chkrzm.exe [C:\Program Files\MSN Gaming Zone\Windows\chkrzm.exe] -> [2002/08/29 05:00:00 | 00,042,575 | ---- | M] (Microsoft Corporation)

cmmgr32.exe -> %SystemRoot%\System32\cmmgr32.exe [C:\WINDOWS\System32\cmmgr32.exe] -> File not found

collage.exe -> Reg Error: Value does not exist or could not be read. [Reg Error: Value does not exist or could not be read.] -> File not found

CONF.EXE -> %ProgramFiles%\NetMeeting\conf.exe [C:\Program Files\NetMeeting\conf.exe] -> [2008/04/13 17:12:16 | 01,032,192 | ---- | M] (Microsoft Corporation)

Delay.exe -> %ProgramFiles%\iolo\System Mechanic\Delay.exe [C:\Program Files\iolo\System Mechanic\Delay.exe] -> [2008/04/17 10:45:36 | 00,096,256 | ---- | M] ()

dialer.exe -> %ProgramFiles%\Windows NT\dialer.exe [C:\Program Files\Windows NT\dialer.exe] -> [2008/04/13 17:12:18 | 00,539,136 | ---- | M] (Microsoft Corporation)

DXDIAG.EXE -> %SystemRoot%\system32\dxdiag.exe [C:\WINDOWS\system32\dxdiag.exe] -> [2008/04/13 17:12:18 | 01,298,432 | ---- | M] (Microsoft Corporation)

firefox.exe -> %ProgramFiles%\Mozilla Firefox\firefox.exe [C:\Program Files\Mozilla Firefox\firefox.exe] -> [2008/09/27 21:58:06 | 00,307,712 | ---- | M] (Mozilla Corporation)

HELPCTR.EXE -> %SystemRoot%\PCHealth\HelpCtr\Binaries\HelpCtr.exe [C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpCtr.exe] -> [2008/04/13 17:12:22 | 00,769,024 | ---- | M] (Microsoft Corporation)

HijackThis.exe -> %ProgramFiles%\Trend Micro\HijackThis\hijackthis.exe [C:\Program Files\Trend Micro\HijackThis\hijackthis.exe] -> [2008/10/21 09:15:30 | 00,396,288 | ---- | M] (Trend Micro Inc.)

hrtzzm.exe -> %ProgramFiles%\MSN Gaming Zone\Windows\hrtzzm.exe [C:\Program Files\MSN Gaming Zone\Windows\hrtzzm.exe] -> [2002/08/29 05:00:00 | 00,042,573 | ---- | M] (Microsoft Corporation)

htmlpad.exe -> %ProgramFiles%\HTMLPad 2008\htmlpad.exe [C:\Program Files\HTMLPad 2008\htmlpad.exe] -> [2008/10/02 23:16:32 | 02,169,856 | ---- | M] (Karlis Blumentals)

hypertrm.exe -> %ProgramFiles%\Windows NT\hypertrm.exe ["C:\Program Files\Windows NT\hypertrm.exe"] -> [2002/08/29 05:00:00 | 00,028,160 | ---- | M] (Hilgraeve, Inc.)

ICWCONN1.EXE -> %ProgramFiles%\Internet Explorer\Connection Wizard\ICWCONN1.EXE ["C:\Program Files\Internet Explorer\Connection Wizard\ICWCONN1.EXE"] -> [2008/04/13 17:12:22 | 00,214,528 | ---- | M] (Microsoft Corporation)

ICWCONN2.EXE -> %ProgramFiles%\Internet Explorer\Connection Wizard\ICWCONN2.EXE ["C:\Program Files\Internet Explorer\Connection Wizard\ICWCONN2.EXE"] -> [2008/04/13 17:12:22 | 00,086,016 | ---- | M] (Microsoft Corporation)

IEXPLORE.EXE -> %ProgramFiles%\Internet Explorer\IEXPLORE.EXE [C:\Program Files\Internet Explorer\IEXPLORE.EXE] -> [2008/08/22 22:56:16 | 00,635,848 | ---- | M] (Microsoft Corporation)

INETWIZ.EXE -> %ProgramFiles%\Internet Explorer\Connection Wizard\INETWIZ.EXE ["C:\Program Files\Internet Explorer\Connection Wizard\INETWIZ.EXE"] -> [2008/04/13 17:12:22 | 00,020,480 | ---- | M] (Microsoft Corporation)

install.exe -> Reg Error: Value does not exist or could not be read. [Reg Error: Value does not exist or could not be read.] -> File not found

IoloSGCtrl.exe -> %ProgramFiles%\iolo\System Mechanic\IoloSGCtrl.exe [C:\Program Files\iolo\System Mechanic\IoloSGCtrl.exe] -> [2008/09/25 11:00:48 | 00,321,888 | ---- | M] ()

ISIGNUP.EXE -> %ProgramFiles%\Internet Explorer\Connection Wizard\ISIGNUP.EXE ["C:\Program Files\Internet Explorer\Connection Wizard\ISIGNUP.EXE"] -> [2002/08/29 05:00:00 | 00,016,384 | ---- | M] (Microsoft Corporation)

iTunes.exe -> %ProgramFiles%\iTunes\iTunes.exe [C:\Program Files\iTunes\iTunes.exe] -> [2007/11/15 13:10:56 | 17,152,808 | ---- | M] (Apple Inc.)

javaws.exe -> %ProgramFiles%\Java\jre1.6.0_07\bin\javaws.exe [C:\Program Files\Java\jre1.6.0_07\bin\javaws.exe] -> [2008/06/10 02:32:34 | 00,139,264 | ---- | M] (Sun Microsystems, Inc.)

migwiz.exe -> %SystemRoot%\system32\usmt\migwiz.exe [%SystemRoot%\system32\usmt\migwiz.exe] -> [2008/04/13 17:12:26 | 00,245,248 | ---- | M] (Microsoft Corporation)

ModelFileHandler.exe -> %CommonProgramFiles%\Logishrd\LQCVFX\ModelFileHandler.exe [C:\Program Files\Common Files\Logishrd\LQCVFX\ModelFileHandler.exe] -> [2008/08/14 17:14:38 | 00,455,440 | ---- | M] (Logitech Inc.)

moviemk.exe -> %ProgramFiles%\Movie Maker\moviemk.exe [C:\Program Files\Movie Maker\moviemk.exe] -> [2004/08/04 00:56:52 | 03,555,328 | ---- | M] (Microsoft Corporation)

mplayer2.exe -> %ProgramFiles%\Windows Media Player\mplayer2.exe ["C:\Program Files\Windows Media Player\mplayer2.exe"] -> [2008/04/13 17:12:28 | 00,004,639 | ---- | M] (Microsoft Corporation)

MSCONFIG.EXE -> %SystemRoot%\PCHealth\HelpCtr\Binaries\MSConfig.exe [C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe] -> [2008/04/13 17:12:28 | 00,169,984 | ---- | M] (Microsoft Corporation)

msimn.exe -> %ProgramFiles%\Outlook Express\msimn.exe [%ProgramFiles%\Outlook Express\msimn.exe] -> [2008/04/13 17:12:28 | 00,060,416 | ---- | M] (Microsoft Corporation)

msinfo32.exe -> %CommonProgramFiles%\Microsoft Shared\MSInfo\MSInfo32.exe [C:\Program Files\Common Files\Microsoft Shared\MSInfo\MSInfo32.exe] -> [2002/08/29 05:00:00 | 00,039,936 | ---- | M] (Microsoft Corporation)

MSMSGS.EXE -> %ProgramFiles%\Messenger\msmsgs.exe [C:\Program Files\Messenger\msmsgs.exe] -> [2008/04/13 17:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

MSN6.EXE -> %ProgramFiles%\MSN\MSNCoreFiles\MSN6.exe [C:\Program Files\MSN\MSNCoreFiles\MSN6.exe] -> [2002/08/29 05:00:00 | 00,094,208 | ---- | M] (Microsoft Corporation)

MSNMSGR.EXE -> %ProgramFiles%\MSN Messenger\MsnMsgr.Exe [C:\Program Files\MSN Messenger\MsnMsgr.Exe] -> [2007/01/19 12:54:56 | 05,674,352 | ---- | M] (Microsoft Corporation)

ORUN32.EXE -> %SystemRoot%\ORUN32.EXE [C:\WINDOWS\ORUN32.EXE] -> File not found

pbrush.exe -> %SystemRoot%\system32\mspaint.exe [%SystemRoot%\system32\mspaint.exe] -> [2008/04/13 17:12:28 | 00,343,040 | ---- | M] (Microsoft Corporation)

PictureViewer.exe -> %ProgramFiles%\QuickTime\PictureViewer.exe [C:\Program Files\QuickTime\PictureViewer.exe] -> [2008/09/06 15:09:08 | 00,548,864 | ---- | M] (Apple Inc.)

pinball.exe -> %ProgramFiles%\Windows NT\Pinball\pinball.exe [C:\Program Files\Windows NT\Pinball\pinball.exe] -> [2008/04/13 17:12:32 | 00,281,088 | ---- | M] (Cinematronics)

Quickcam.exe -> %ProgramFiles%\Logitech\QuickCam\QuickCam.exe [C:\Program Files\Logitech\QuickCam\QuickCam.exe] -> [2008/08/14 17:15:46 | 02,407,184 | ---- | M] ()

QuickTimePlayer.exe -> %ProgramFiles%\QuickTime\QuickTimePlayer.exe [C:\Program Files\QuickTime\QuickTimePlayer.exe] -> [2008/09/06 15:09:38 | 07,685,424 | ---- | M] (Apple Inc.)

rvsezm.exe -> %ProgramFiles%\MSN Gaming Zone\Windows\rvsezm.exe [C:\Program Files\MSN Gaming Zone\Windows\rvsezm.exe] -> [2002/08/29 05:00:00 | 00,042,574 | ---- | M] (Microsoft Corporation)

setup.exe -> Reg Error: Value does not exist or could not be read. [Reg Error: Value does not exist or could not be read.] -> File not found

shvlzm.exe -> %ProgramFiles%\MSN Gaming Zone\Windows\shvlzm.exe [C:\Program Files\MSN Gaming Zone\Windows\shvlzm.exe] -> [2002/08/29 05:00:00 | 00,042,573 | ---- | M] (Microsoft Corporation)

SMSystemAnalyzer.exe -> %ProgramFiles%\iolo\System Mechanic\SMSystemAnalyzer.exe [C:\Program Files\iolo\System Mechanic\SMSystemAnalyzer.exe] -> [2008/09/25 11:00:32 | 00,535,904 | ---- | M] ()

SMTrayNotify.exe -> %ProgramFiles%\iolo\System Mechanic\SMTrayNotify.exe [C:\Program Files\iolo\System Mechanic\SMTrayNotify.exe] -> [2008/09/25 11:00:38 | 00,519,008 | ---- | M] ()

SysMech.exe -> %ProgramFiles%\iolo\System Mechanic\SysMech.exe [C:\Program Files\iolo\System Mechanic\SysMech.exe] -> [2008/09/25 11:00:26 | 02,981,216 | ---- | M] ()

SystemGuardAlerter.exe -> %ProgramFiles%\iolo\System Mechanic\SystemGuardAlerter.exe [C:\Program Files\iolo\System Mechanic\SystemGuardAlerter.exe] -> [2008/09/25 11:00:44 | 00,356,192 | ---- | M] ()

table30.exe -> Reg Error: Value does not exist or could not be read. [Reg Error: Value does not exist or could not be read.] -> File not found

wab.exe -> %ProgramFiles%\Outlook Express\wab.exe [%ProgramFiles%\Outlook Express\wab.exe] -> [2008/04/13 17:12:38 | 00,046,080 | ---- | M] (Microsoft Corporation)

wabmig.exe -> %ProgramFiles%\Outlook Express\wabmig.exe [%ProgramFiles%\Outlook Express\wabmig.exe] -> [2008/04/13 17:12:40 | 00,030,208 | ---- | M] (Microsoft Corporation)

WebcamSnapshot.exe -> %ProgramFiles%\Logitech\QuickCam\QuickCam.exe [C:\Program Files\Logitech\QuickCam\QuickCam.exe] -> [2008/08/14 17:15:46 | 02,407,184 | ---- | M] ()

winamp.exe -> %ProgramFiles%\Winamp\winamp.exe [C:\Program Files\Winamp\winamp.exe] -> [2008/08/03 16:04:00 | 01,345,376 | ---- | M] (Nullsoft)

winnt32.exe -> Reg Error: Value does not exist or could not be read. [Reg Error: Value does not exist or could not be read.] -> File not found

WinRAR.exe -> %ProgramFiles%\WinRAR\WinRAR.exe [C:\Program Files\WinRAR\WinRAR.exe] -> [2008/09/10 20:36:20 | 00,968,704 | ---- | M] ()

wmplayer.exe -> %ProgramFiles%\Windows Media Player\wmplayer.exe [C:\Program Files\Windows Media Player\wmplayer.exe] -> [2006/10/18 21:46:20 | 00,064,000 | ---- | M] (Microsoft Corporation)

WORDPAD.EXE -> %ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE ["%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE"] -> [2008/04/13 17:12:40 | 00,214,528 | ---- | M] (Microsoft Corporation)

WRITE.EXE -> %ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE ["%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE"] -> [2008/04/13 17:12:40 | 00,214,528 | ---- | M] (Microsoft Corporation)

XPSViewer.exe -> %SystemRoot%\system32\XPSViewer\XPSViewer.exe ["c:\WINDOWS\system32\XPSViewer\XPSViewer.exe"] -> [2007/10/09 13:03:08 | 00,308,760 | ---- | M] (Microsoft Corporation)

< Desktop Components > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\ ->

0 -> [Key] ->

0 -> FriendlyName = My Current Home Page ->

0 -> Source = About:Home ->

0 -> SubscribedURL = About:Home ->

< Disabled MSConfig Services [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services ->

"Apple Mobile Device" -> ->

"CCALib8" -> ->

"idsvc" -> ->

"ioloDMV" -> ->

"ioloFileInfoList" -> ->

"ioloSystemService" -> ->

"iPod Service" -> ->

"WLSetupSvc" -> ->

"WMPNetworkSvc" -> ->

< Disabled MSConfig Folder Items [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\ ->

C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^LimeWire On Startup.lnk -> %SystemDrive%\PROGRA~1\LimeWire\LimeWire.exe -> [2008/08/21 13:59:56 | 00,147,456 | ---- | M] (Lime Wire, LLC)

C:^Documents and Settings^All Users^Start Menu^Programs^Startup^LaunchU3.exe.lnk -> %SystemRoot%\Installer\{D8E363A7-88B7-446D-B2C0-E26CE4DC8E54}\_294823.exe -> [2008/10/11 17:16:50 | 00,022,486 | R--- | M] ()

C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk -> %SystemDrive%\PROGRA~1\WI459E~1\WINDOW~1.EXE -> [2008/05/26 22:19:14 | 00,123,904 | ---- | M] (Microsoft Corporation)

C:^Documents and Settings^Celina & Crystal^Start Menu^Programs^Startup^UberIcon.lnk -> -> File not found

C:^Documents and Settings^Nora^Start Menu^Programs^Startup^Logitech . Product Registration.lnk -> %SystemDrive%\PROGRA~1\Logitech\QuickCam\eReg.exe -> [2008/02/13 15:32:58 | 00,493,832 | ---- | M] (Leader Technologies/Logitech)

C:^Documents and Settings^Nora^Start Menu^Programs^Startup^Stardock ObjectDock.lnk -> -> File not found

C:^Documents and Settings^Nora^Start Menu^Programs^Startup^Y'z Toolbar.lnk -> -> File not found

< Disabled MSConfig Registry Items [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ ->

Adobe Reader Speed Launcher hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %ProgramFiles%\Adobe\Reader 8.0\Reader\Reader_sl.exe -> [2007/10/10 19:51:56 | 00,039,792 | ---- | M] (Adobe Systems Incorporated)

Aim6 hkey=HKCU key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> -> File not found

Corel Photo Downloader hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %CommonProgramFiles%\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe -> File not found

ctfmon.exe hkey=HKCU key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %SystemRoot%\system32\ctfmon.exe -> [2008/04/13 17:12:16 | 00,015,360 | ---- | M] (Microsoft Corporation)

Google Desktop Search hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %ProgramFiles%\Google\Google Desktop Search\GoogleDesktop.exe -> File not found

HotKeysCmds hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %SystemRoot%\System32\hkcmd.exe -> [2005/06/21 16:44:34 | 00,126,976 | ---- | M] (Intel Corporation)

ibmmessages hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %ProgramFiles%\IBM\Messages By IBM\ibmmessages.exe -> [2004/08/06 02:10:00 | 00,442,368 | ---- | M] (IBM)

IgfxTray hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %SystemRoot%\System32\igfxtray.exe -> [2005/06/21 16:48:18 | 00,155,648 | ---- | M] (Intel Corporation)

iTunesHelper hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %ProgramFiles%\iTunes\iTunesHelper.exe -> [2007/11/15 13:11:04 | 00,267,048 | ---- | M] (Apple Inc.)

LogitechCommunicationsManager hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %CommonProgramFiles%\LogiShrd\LComMgr\Communications_Helper.exe -> [2008/08/14 17:11:48 | 00,565,008 | ---- | M] ()

LogitechQuickCamRibbon hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %ProgramFiles%\Logitech\QuickCam\Quickcam.exe -> [2008/08/14 17:15:46 | 02,407,184 | ---- | M] ()

LVCOMSX hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %CommonProgramFiles%\Logitech\LComMgr\LVComSX.exe -> [2006/11/15 22:01:52 | 00,244,512 | ---- | M] (Logitech Inc.)

Mouse Suite 98 Daemon hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %SystemRoot%\system32\ICO.EXE -> [2005/04/13 14:34:28 | 00,049,152 | ---- | M] (Primax Electronics Ltd.)

MSMSGS hkey=HKCU key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %ProgramFiles%\Messenger\msmsgs.exe -> [2008/04/13 17:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

MsnMsgr hkey=HKCU key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %ProgramFiles%\Windows Live\Messenger\MsnMsgr.Exe -> [2007/10/18 11:34:02 | 05,724,184 | ---- | M] (Microsoft Corporation)

Orb hkey=HKCU key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %ProgramFiles%\Winamp Remote\bin\OrbTray.exe -> [2008/01/07 12:02:54 | 00,495,616 | ---- | M] (Orb Networks)

Picasa Media Detector hkey=HKCU key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %ProgramFiles%\Picasa2\PicasaMediaDetector.exe -> File not found

QuickTime Task hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %ProgramFiles%\QuickTime\qttask.exe -> [2008/09/06 15:09:14 | 00,413,696 | ---- | M] (Apple Inc.)

SMSystemAnalyzer hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %ProgramFiles%\iolo\System Mechanic 7\SMSystemAnalyzer.exe -> File not found

SunJavaUpdateSched hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %ProgramFiles%\Java\jre1.6.0_03\bin\jusched.exe -> [2007/09/25 01:11:36 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)

swg hkey=HKCU key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe -> File not found

TVT Scheduler Proxy hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %CommonProgramFiles%\Lenovo\Scheduler\scheduler_proxy.exe -> File not found

UnlockerAssistant hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %ProgramFiles%\Unlocker\UnlockerAssistant.exe -> File not found

WinampAgent hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %ProgramFiles%\Winamp\winampa.exe -> [2008/08/03 16:02:20 | 00,036,352 | ---- | M] ()

Yahoo! Pager hkey=HKCU key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe -> [2007/08/20 16:30:08 | 04,670,704 | ---- | M] (Yahoo! Inc.)

YSearchProtection hkey=HKCU key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %ProgramFiles%\Yahoo!\Search Protection\SearchProtection.exe -> File not found

< Disabled MSConfig State [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state ->

"bootini" -> 0 ->

"services" -> 2 ->

"startup" -> 2 ->

"system.ini" -> 0 ->

"win.ini" -> 0 ->

< File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ ->

.bat [@ = batfile] -> "%1" %* ->

.chm [@ = chm.file] -> %SystemRoot%\hh.exe -> [2008/04/13 17:12:22 | 00,010,752 | ---- | M] (Microsoft Corporation)

.cmd [@ = cmdfile] -> "%1" %* ->

.com [@ = comfile] -> "%1" %* ->

.exe [@ = exefile] -> "%1" %* ->

.hlp [@ = hlpfile] -> %SystemRoot%\System32\winhlp32.exe -> [2002/08/29 05:00:00 | 00,008,192 | ---- | M] (Microsoft Corporation)

.hta [@ = htafile] -> %SystemRoot%\system32\NOTEPAD.EXE -> [2008/04/13 17:12:30 | 00,069,120 | ---- | M] (Microsoft Corporation)

.html [@ = FirefoxHTML] -> %ProgramFiles%\Mozilla Firefox\firefox.exe -> [2008/09/27 21:58:06 | 00,307,712 | ---- | M] (Mozilla Corporation)

.inf [@ = inffile] -> %SystemRoot%\System32\NOTEPAD.EXE -> [2008/04/13 17:12:30 | 00,069,120 | ---- | M] (Microsoft Corporation)

.ini [@ = inifile] -> %SystemRoot%\System32\NOTEPAD.EXE -> [2008/04/13 17:12:30 | 00,069,120 | ---- | M] (Microsoft Corporation)

.js [@ = JSFile] -> %SystemRoot%\system32\NOTEPAD.EXE -> [2008/04/13 17:12:30 | 00,069,120 | ---- | M] (Microsoft Corporation)

.jse [@ = JSEFile] -> %SystemRoot%\system32\NOTEPAD.EXE -> [2008/04/13 17:12:30 | 00,069,120 | ---- | M] (Microsoft Corporation)

.pif [@ = piffile] -> "%1" %* ->

.reg [@ = regfile] -> %SystemRoot%\system32\NOTEPAD.EXE -> [2008/04/13 17:12:30 | 00,069,120 | ---- | M] (Microsoft Corporation)

.scr [@ = scrfile] -> %SystemRoot%\system32\NOTEPAD.EXE -> [2008/04/13 17:12:30 | 00,069,120 | ---- | M] (Microsoft Corporation)

.txt [@ = txtfile] -> %SystemRoot%\system32\NOTEPAD.EXE -> [2008/04/13 17:12:30 | 00,069,120 | ---- | M] (Microsoft Corporation)

.vbe [@ = VBEFile] -> %SystemRoot%\system32\NOTEPAD.EXE -> [2008/04/13 17:12:30 | 00,069,120 | ---- | M] (Microsoft Corporation)

.vbs [@ = VBSFile] -> %SystemRoot%\system32\NOTEPAD.EXE -> [2008/04/13 17:12:30 | 00,069,120 | ---- | M] (Microsoft Corporation)

.wsf [@ = WSFFile] -> %SystemRoot%\system32\NOTEPAD.EXE -> [2008/04/13 17:12:30 | 00,069,120 | ---- | M] (Microsoft Corporation)

.wsh [@ = WSHFile] -> %SystemRoot%\system32\NOTEPAD.EXE -> [2008/04/13 17:12:30 | 00,069,120 | ---- | M] (Microsoft Corporation)

< EventViewer Logs - Last 10 Errors > -> Event Information -> Description

Application [ Error ] 12/9/2007 10:35:59 PM Computer Name = REGINA | Source = Application Hang | ID = 1002 -> Description = Hanging application wmplayer.exe, version 11.0.5721.5145, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Application [ Error ] 12/10/2007 4:37:09 PM Computer Name = REGINA | Source = Application Hang | ID = 1002 -> Description = Hanging application iTunes.exe, version 7.5.0.20, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Application [ Error ] 12/10/2007 4:57:33 PM Computer Name = REGINA | Source = Application Hang | ID = 1002 -> Description = Hanging application iTunes.exe, version 7.5.0.20, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Application [ Error ] 12/12/2007 10:34:34 PM Computer Name = REGINA | Source = Application Error | ID = 1000 -> Description = Faulting application dllhost.exe, version 5.1.2600.2180, faulting module ntdll.dll, version 5.1.2600.2180, fault address 0x00018fea.

Application [ Error ] 12/13/2007 10:20:22 PM Computer Name = REGINA | Source = Application Hang | ID = 1002 -> Description = Hanging application iTunes.exe, version 7.5.0.20, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Application [ Error ] 12/25/2007 11:01:12 PM Computer Name = REGINA | Source = MsiInstaller | ID = 11704 -> Description = Product: V CAST Music -- Error 1704.An installation for Windows Live Messenger is currently suspended. You must undo the changes made by that installation to continue. Do you want to undo those changes?

Application [ Error ] 12/25/2007 11:06:03 PM Computer Name = REGINA | Source = Application Hang | ID = 1002 -> Description = Hanging application MySpaceIM.exe, version 1.0.745.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Application [ Error ] 12/26/2007 2:40:34 PM Computer Name = REGINA | Source = Application Hang | ID = 1002 -> Description = Hanging application iexplore.exe, version 7.0.6000.16574, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Application [ Error ] 1/3/2008 9:17:57 PM Computer Name = REGINA | Source = Application Hang | ID = 1002 -> Description = Hanging application MySpaceIM.exe, version 1.0.745.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Application [ Error ] 1/3/2008 9:18:11 PM Computer Name = REGINA | Source = Application Error | ID = 1000 -> Description = Faulting application aim6.exe, version 1.4.9.1, faulting module imappservice.dll, version 6.5.5.2, fault address 0x000176a5.

System [ Error ] 10/11/2008 8:33:04 PM Computer Name = REGINA | Source = atapi | ID = 262153 -> Description = The device, \Device\Ide\IdePort1, did not respond within the timeout period.

System [ Error ] 10/11/2008 8:33:08 PM Computer Name = REGINA | Source = atapi | ID = 262153 -> Description = The device, \Device\Ide\IdePort1, did not respond within the timeout period.

System [ Error ] 10/11/2008 8:33:08 PM Computer Name = REGINA | Source = atapi | ID = 262155 -> Description = The driver detected a controller error on \Device\Ide\IdePort1.

System [ Error ] 10/11/2008 8:33:08 PM Computer Name = REGINA | Source = PlugPlayManager | ID = 12 -> Description = The device 'SAMSUNG CD-ROM SC-148C' (IDE\CdRomSAMSUNG_CD-ROM_SC-148C__________________B103____\5&1436ace9&0&0.0.0) disappeared from the system without first being prepared for removal.

System [ Error ] 10/11/2008 8:33:13 PM Computer Name = REGINA | Source = atapi | ID = 262153 -> Description = The device, \Device\Ide\IdePort1, did not respond within the timeout period.

System [ Error ] 10/11/2008 8:33:17 PM Computer Name = REGINA | Source = atapi | ID = 262153 -> Description = The device, \Device\Ide\IdePort1, did not respond within the timeout period.

System [ Error ] 10/11/2008 8:33:21 PM Computer Name = REGINA | Source = atapi | ID = 262153 -> Description = The device, \Device\Ide\IdePort1, did not respond within the timeout period.

System [ Error ] 10/11/2008 8:33:25 PM Computer Name = REGINA | Source = atapi | ID = 262153 -> Description = The device, \Device\Ide\IdePort1, did not respond within the timeout period.

System [ Error ] 10/11/2008 8:33:29 PM Computer Name = REGINA | Source = atapi | ID = 262153 -> Description = The device, \Device\Ide\IdePort1, did not respond within the timeout period.

System [ Error ] 10/11/2008 8:34:16 PM Computer Name = REGINA | Source = DCOM | ID = 10005 -> Description = DCOM got error "%1058" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

 

[Files/Folders - Created Within 90 Days]

1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp ->

OTScanIt2 -> %UserProfile%\Desktop\OTScanIt2 -> [2008/10/21 11:11:00 | 00,000,000 | ---D | C]

OTScanIt2.exe -> %UserProfile%\Desktop\OTScanIt2.exe -> [2008/10/21 11:10:47 | 00,589,255 | ---- | C] ()

HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk -> [2008/10/21 09:15:28 | 00,001,649 | ---- | C] ()

Trend Micro -> %ProgramFiles%\Trend Micro -> [2008/10/21 09:15:27 | 00,000,000 | ---D | C]

HJTInstall.exe -> %UserProfile%\Desktop\HJTInstall.exe -> [2008/10/21 09:15:11 | 00,812,344 | ---- | C] (Trend Micro Inc.)

phpinfo.php -> %UserProfile%\Desktop\phpinfo.php -> [2008/10/20 12:13:30 | 00,001,871 | ---- | C] ()

picmgr.php -> %UserProfile%\Desktop\picmgr.php -> [2008/10/20 12:12:52 | 00,016,539 | ---- | C] ()

ftpcache -> %SystemRoot%\ftpcache -> [2008/10/20 10:37:06 | 00,000,000 | -HSD | C]

HTMLPad 2008.lnk -> %UserProfile%\Desktop\HTMLPad 2008.lnk -> [2008/10/20 10:36:39 | 00,000,558 | ---- | C] ()

HTMLPad 2008 -> %ProgramFiles%\HTMLPad 2008 -> [2008/10/20 10:36:34 | 00,000,000 | ---D | C]

Blumentals -> %AppData%\Blumentals -> [2008/10/20 10:36:34 | 00,000,000 | ---D | C]

htmlpad9.exe -> %UserProfile%\My Documents\htmlpad9.exe -> [2008/10/20 10:36:16 | 04,661,520 | ---- | C] (Karlis Blumentals )

picmgmt.inc.php -> %UserProfile%\Desktop\picmgmt.inc.php -> [2008/10/20 10:34:58 | 00,014,421 | ---- | C] ()

uTorrent -> %AppData%\uTorrent -> [2008/10/18 12:28:30 | 00,000,000 | ---D | C]

utorrent.exe -> %UserProfile%\Desktop\utorrent.exe -> [2008/10/18 12:28:24 | 00,270,128 | ---- | C] (BitTorrent, Inc.)

5jwwg7.gif -> %UserProfile%\Desktop\5jwwg7.gif -> [2008/10/16 23:20:38 | 00,053,849 | ---- | C] ()

ApplicationHistory -> %UserProfile%\Local Settings\Application Data\ApplicationHistory -> [2008/10/16 16:09:59 | 00,000,000 | ---D | C]

URTTEMP -> %SystemRoot%\System32\URTTEMP -> [2008/10/15 21:55:10 | 00,000,000 | ---D | C]

Mozilla Firefox.lnk -> %UserProfile%\Desktop\Mozilla Firefox.lnk -> [2008/10/15 06:40:52 | 00,001,529 | ---- | C] ()

srv.sys -> %SystemRoot%\System32\dllcache\srv.sys -> [2008/10/14 23:53:41 | 00,333,824 | ---- | C] (Microsoft Corporation)

win32k.sys -> %SystemRoot%\System32\dllcache\win32k.sys -> [2008/10/14 23:53:16 | 01,846,400 | ---- | C] (Microsoft Corporation)

ntoskrnl.exe -> %SystemRoot%\System32\dllcache\ntoskrnl.exe -> [2008/10/14 23:53:11 | 02,189,184 | ---- | C] (Microsoft Corporation)

ntkrnlmp.exe -> %SystemRoot%\System32\dllcache\ntkrnlmp.exe -> [2008/10/14 23:53:11 | 02,145,280 | ---- | C] (Microsoft Corporation)

ntkrpamp.exe -> %SystemRoot%\System32\dllcache\ntkrpamp.exe -> [2008/10/14 23:53:10 | 02,023,936 | ---- | C] (Microsoft Corporation)

ntkrnlpa.exe -> %SystemRoot%\System32\dllcache\ntkrnlpa.exe -> [2008/10/14 23:53:09 | 02,066,048 | ---- | C] (Microsoft Corporation)

At2.job -> %SystemRoot%\tasks\At2.job -> [2008/10/13 22:50:13 | 00,000,408 | ---- | C] ()

At1.job -> %SystemRoot%\tasks\At1.job -> [2008/10/13 22:50:07 | 00,000,408 | ---- | C] ()

Norton PC Checkup.lnk -> %AllUsersProfile%\Desktop\Norton PC Checkup.lnk -> [2008/10/13 22:49:27 | 00,000,670 | ---- | C] ()

Symantec Shared -> %CommonProgramFiles%\Symantec Shared -> [2008/10/13 22:49:26 | 00,000,000 | ---D | C]

Norton PC Checkup -> %ProgramFiles%\Norton PC Checkup -> [2008/10/13 22:49:22 | 00,000,000 | ---D | C]

msziptools.dll -> %SystemRoot%\System32\msziptools.dll -> [2008/10/13 22:06:07 | 00,007,704 | ---- | C] ()

Adobe -> %SystemRoot%\System32\Adobe -> [2008/10/13 21:35:22 | 00,000,000 | ---D | C]

ManyCam 2.3.lnk -> %UserProfile%\Desktop\ManyCam 2.3.lnk -> [2008/10/13 18:58:06 | 00,001,483 | ---- | C] ()

ManyCam 2.3 -> %ProgramFiles%\ManyCam 2.3 -> [2008/10/13 18:56:19 | 00,000,000 | ---D | C]

Downloads -> %UserProfile%\My Documents\Downloads -> [2008/10/12 22:25:20 | 00,000,000 | ---D | C]

LPInstaller.exe -> %UserProfile%\Desktop\LPInstaller.exe -> [2008/10/11 17:37:57 | 01,039,776 | ---- | C] (SanDisk Corporation)

LaunchPad -> %SystemDrive%\LaunchPad -> [2008/10/11 17:08:50 | 00,000,000 | ---D | C]

U3 -> %AppData%\U3 -> [2008/10/11 17:01:31 | 00,000,000 | ---D | C]

Dualunis.exe -> %SystemRoot%\System32\Dualunis.exe -> [2008/10/09 00:39:47 | 00,221,184 | ---- | C] ()

dsc350_winxp_driver_121201.exe -> %UserProfile%\Desktop\dsc350_winxp_driver_121201.exe -> [2008/10/09 00:37:22 | 01,492,480 | ---- | C] ()

Download_DriverDetective-6.3.1.2-TrialVersion.exe -> %UserProfile%\Desktop\Download_DriverDetective-6.3.1.2-TrialVersion.exe -> [2008/10/09 00:36:40 | 00,128,344 | ---- | C] (Digital River)

scott convo 92408b.rtf -> %UserProfile%\My Documents\scott convo 92408b.rtf -> [2008/10/06 21:44:10 | 00,044,522 | ---- | C] ()

RegisteredPackages -> %SystemRoot%\RegisteredPackages -> [2008/10/06 19:17:35 | 00,000,000 | ---D | C]

msvidctl.dll -> %SystemRoot%\System32\dllcache\msvidctl.dll -> [2008/10/06 19:16:42 | 01,230,336 | ---- | C] (Microsoft Corporation)

d3d8.dll -> %SystemRoot%\System32\dllcache\d3d8.dll -> [2008/10/06 19:16:42 | 01,179,648 | ---- | C] (Microsoft Corporation)

psisdecd.dll -> %SystemRoot%\System32\psisdecd.dll -> [2008/10/06 19:16:42 | 00,354,816 | ---- | C] ()

psisdecd.dll -> %SystemRoot%\System32\dllcache\psisdecd.dll -> [2008/10/06 19:16:42 | 00,354,816 | ---- | C] ()

ddraw.dll -> %SystemRoot%\System32\dllcache\ddraw.dll -> [2008/10/06 19:16:42 | 00,265,728 | ---- | C] (Microsoft Corporation)

nabtsfec.sys -> %SystemRoot%\System32\drivers\nabtsfec.sys -> [2008/10/06 19:16:42 | 00,083,968 | ---- | C] (Microsoft Corporation)

nabtsfec.sys -> %SystemRoot%\System32\dllcache\nabtsfec.sys -> [2008/10/06 19:16:42 | 00,083,968 | ---- | C] (Microsoft Corporation)

msdvbnp.ax -> %SystemRoot%\System32\msdvbnp.ax -> [2008/10/06 19:16:42 | 00,052,224 | ---- | C] ()

msdvbnp.ax -> %SystemRoot%\System32\dllcache\msdvbnp.ax -> [2008/10/06 19:16:42 | 00,052,224 | ---- | C] ()

msdv.sys -> %SystemRoot%\System32\drivers\msdv.sys -> [2008/10/06 19:16:42 | 00,052,096 | ---- | C] (Microsoft Corporation)

msdv.sys -> %SystemRoot%\System32\dllcache\msdv.sys -> [2008/10/06 19:16:42 | 00,052,096 | ---- | C] (Microsoft Corporation)

wstdecod.dll -> %SystemRoot%\System32\dllcache\wstdecod.dll -> [2008/10/06 19:16:42 | 00,047,104 | ---- | C] (Microsoft Corporation)

psisrndr.ax -> %SystemRoot%\System32\psisrndr.ax -> [2008/10/06 19:16:42 | 00,030,208 | ---- | C] ()

psisrndr.ax -> %SystemRoot%\System32\dllcache\psisrndr.ax -> [2008/10/06 19:16:42 | 00,030,208 | ---- | C] ()

wstcodec.sys -> %SystemRoot%\System32\drivers\wstcodec.sys -> [2008/10/06 19:16:42 | 00,018,688 | ---- | C] (Microsoft Corporation)

wstcodec.sys -> %SystemRoot%\System32\dllcache\wstcodec.sys -> [2008/10/06 19:16:42 | 00,018,688 | ---- | C] (Microsoft Corporation)

bdaplgin.ax -> %SystemRoot%\System32\dllcache\bdaplgin.ax -> [2008/10/06 19:16:42 | 00,016,896 | ---- | C] (Microsoft Corporation)

bdaplgin.ax -> %SystemRoot%\System32\bdaplgin.ax -> [2008/10/06 19:16:42 | 00,016,896 | ---- | C] (Microsoft Corporation)

ccdecode.sys -> %SystemRoot%\System32\drivers\ccdecode.sys -> [2008/10/06 19:16:42 | 00,016,384 | ---- | C] (Microsoft Corporation)

ccdecode.sys -> %SystemRoot%\System32\dllcache\ccdecode.sys -> [2008/10/06 19:16:42 | 00,016,384 | ---- | C] (Microsoft Corporation)

mpe.sys -> %SystemRoot%\System32\drivers\mpe.sys -> [2008/10/06 19:16:42 | 00,015,104 | ---- | C] (Microsoft Corporation)

mpe.sys -> %SystemRoot%\System32\dllcache\mpe.sys -> [2008/10/06 19:16:42 | 00,015,104 | ---- | C] (Microsoft Corporation)

streamip.sys -> %SystemRoot%\System32\drivers\streamip.sys -> [2008/10/06 19:16:42 | 00,014,976 | ---- | C] (Microsoft Corporation)

streamip.sys -> %SystemRoot%\System32\dllcache\streamip.sys -> [2008/10/06 19:16:42 | 00,014,976 | ---- | C] (Microsoft Corporation)

ipsink.ax -> %SystemRoot%\System32\ipsink.ax -> [2008/10/06 19:16:42 | 00,014,848 | ---- | C] (Microsoft Corporation)

ipsink.ax -> %SystemRoot%\System32\dllcache\ipsink.ax -> [2008/10/06 19:16:42 | 00,014,848 | ---- | C] (Microsoft Corporation)

bdasup.sys -> %SystemRoot%\System32\drivers\bdasup.sys -> [2008/10/06 19:16:42 | 00,011,392 | ---- | C] (Microsoft Corporation)

bdasup.sys -> %SystemRoot%\System32\dllcache\bdasup.sys -> [2008/10/06 19:16:42 | 00,011,392 | ---- | C] (Microsoft Corporation)

ndisip.sys -> %SystemRoot%\System32\drivers\ndisip.sys -> [2008/10/06 19:16:42 | 00,010,112 | ---- | C] (Microsoft Corporation)

ndisip.sys -> %SystemRoot%\System32\dllcache\ndisip.sys -> [2008/10/06 19:16:42 | 00,010,112 | ---- | C] (Microsoft Corporation)

dsound3d.dll -> %SystemRoot%\System32\dllcache\dsound3d.dll -> [2008/10/06 19:16:41 | 01,294,336 | ---- | C] (Microsoft Corporation)

dx8vb.dll -> %SystemRoot%\System32\dllcache\dx8vb.dll -> [2008/10/06 19:16:41 | 01,189,888 | ---- | C] (Microsoft Corporation)

dxdiag.exe -> %SystemRoot%\System32\dllcache\dxdiag.exe -> [2008/10/06 19:16:41 | 00,974,848 | ---- | C] (Microsoft Corporation)

d3dim700.dll -> %SystemRoot%\System32\dllcache\d3dim700.dll -> [2008/10/06 19:16:41 | 00,797,184 | ---- | C] (Microsoft Corporation)

qedwipes.dll -> %SystemRoot%\System32\dllcache\qedwipes.dll -> [2008/10/06 19:16:41 | 00,733,184 | ---- | C] ()

dx7vb.dll -> %SystemRoot%\System32\dllcache\dx7vb.dll -> [2008/10/06 19:16:41 | 00,602,624 | ---- | C] (Microsoft Corporation)

d3dramp.dll -> %SystemRoot%\System32\dllcache\d3dramp.dll -> [2008/10/06 19:16:41 | 00,590,336 | ---- | C] (Microsoft Corporation)

qedit.dll -> %SystemRoot%\System32\dllcache\qedit.dll -> [2008/10/06 19:16:41 | 00,524,800 | ---- | C] ()

d3dim.dll -> %SystemRoot%\System32\dllcache\d3dim.dll -> [2008/10/06 19:16:41 | 00,436,224 | ---- | C] (Microsoft Corporation)

diactfrm.dll -> %SystemRoot%\System32\dllcache\diactfrm.dll -> [2008/10/06 19:16:41 | 00,394,240 | ---- | C] (Microsoft Corporation)

qdvd.dll -> %SystemRoot%\System32\dllcache\qdvd.dll -> [2008/10/06 19:16:41 | 00,382,976 | ---- | C] ()

dpnet.dll -> %SystemRoot%\System32\dllcache\dpnet.dll -> [2008/10/06 19:16:41 | 00,377,856 | ---- | C] (Microsoft Corporation)

dsound.dll -> %SystemRoot%\System32\dllcache\dsound.dll -> [2008/10/06 19:16:41 | 00,363,520 | ---- | C] (Microsoft Corporation)

d3drm.dll -> %SystemRoot%\System32\dllcache\d3drm.dll -> [2008/10/06 19:16:41 | 00,350,208 | ---- | C] (Microsoft Corporation)

qdv.dll -> %SystemRoot%\System32\dllcache\qdv.dll -> [2008/10/06 19:16:41 | 00,276,480 | ---- | C] ()

qasf.dll -> %SystemRoot%\System32\dllcache\qasf.dll -> [2008/10/06 19:16:41 | 00,258,424 | ---- | C] ()

dplayx.dll -> %SystemRoot%\System32\dllcache\dplayx.dll -> [2008/10/06 19:16:41 | 00,230,400 | ---- | C] (Microsoft Corporation)

gcdef.dll -> %SystemRoot%\System32\dllcache\gcdef.dll -> [2008/10/06 19:16:41 | 00,223,232 | ---- | C] (Microsoft Corporation)

joy.cpl -> %SystemRoot%\System32\dllcache\joy.cpl -> [2008/10/06 19:16:41 | 00,208,896 | ---- | C] (Microsoft Corporation)

dpvoice.dll -> %SystemRoot%\System32\dllcache\dpvoice.dll -> [2008/10/06 19:16:41 | 00,203,264 | ---- | C] (Microsoft Corporation)

mswebdvd.dll -> %SystemRoot%\System32\dllcache\mswebdvd.dll -> [2008/10/06 19:16:41 | 00,194,560 | ---- | C] (Microsoft Corporation)

dsdmo.dll -> %SystemRoot%\System32\dllcache\dsdmo.dll -> [2008/10/06 19:16:41 | 00,186,880 | ---- | C] (Microsoft Corporation)

dmime.dll -> %SystemRoot%\System32\dllcache\dmime.dll -> [2008/10/06 19:16:41 | 00,181,248 | ---- | C] (Microsoft Corporation)

qcap.dll -> %SystemRoot%\System32\dllcache\qcap.dll -> [2008/10/06 19:16:41 | 00,177,152 | ---- | C] ()

dinput8.dll -> %SystemRoot%\System32\dllcache\dinput8.dll -> [2008/10/06 19:16:41 | 00,168,960 | ---- | C] (Microsoft Corporation)

dinput.dll -> %SystemRoot%\System32\dllcache\dinput.dll -> [2008/10/06 19:16:41 | 00,151,552 | ---- | C] (Microsoft Corporation)

mpg2splt.ax -> %SystemRoot%\System32\dllcache\mpg2splt.ax -> [2008/10/06 19:16:41 | 00,136,192 | ---- | C] ()

dpvvox.dll -> %SystemRoot%\System32\dllcache\dpvvox.dll -> [2008/10/06 19:16:41 | 00,112,128 | ---- | C] (Microsoft Corporation)

dmusic.dll -> %SystemRoot%\System32\dllcache\dmusic.dll -> [2008/10/06 19:16:41 | 00,104,448 | ---- | C] (Microsoft Corporation)

dmsynth.dll -> %SystemRoot%\System32\dllcache\dmsynth.dll -> [2008/10/06 19:16:41 | 00,100,864 | ---- | C] (Microsoft Corporation)

dmstyle.dll -> %SystemRoot%\System32\dllcache\dmstyle.dll -> [2008/10/06 19:16:41 | 00,098,816 | ---- | C] (Microsoft Corporation)

dpvsetup.exe -> %SystemRoot%\System32\dllcache\dpvsetup.exe -> [2008/10/06 19:16:41 | 00,080,896 | ---- | C] (Microsoft Corporation)

dmscript.dll -> %SystemRoot%\System32\dllcache\dmscript.dll -> [2008/10/06 19:16:41 | 00,076,800 | ---- | C] (Microsoft Corporation)

dsdmoprp.dll -> %SystemRoot%\System32\dllcache\dsdmoprp.dll -> [2008/10/06 19:16:41 | 00,068,096 | ---- | C] (Microsoft Corporation)

dpnhupnp.dll -> %SystemRoot%\System32\dllcache\dpnhupnp.dll -> [2008/10/06 19:16:41 | 00,068,096 | ---- | C] (Microsoft Corporation)

amstream.dll -> %SystemRoot%\System32\dllcache\amstream.dll -> [2008/10/06 19:16:41 | 00,064,512 | ---- | C] ()

dmcompos.dll -> %SystemRoot%\System32\dllcache\dmcompos.dll -> [2008/10/06 19:16:41 | 00,058,368 | ---- | C] (Microsoft Corporation)

dpwsockx.dll -> %SystemRoot%\System32\dllcache\dpwsockx.dll -> [2008/10/06 19:16:41 | 00,057,856 | ---- | C] (Microsoft Corporation)

devenum.dll -> %SystemRoot%\System32\dllcache\devenum.dll -> [2008/10/06 19:16:41 | 00,053,248 | ---- | C] ()

d3dxof.dll -> %SystemRoot%\System32\dllcache\d3dxof.dll -> [2008/10/06 19:16:41 | 00,047,616 | ---- | C] (Microsoft Corporation)

dxdllreg.exe -> %SystemRoot%\System32\dxdllreg.exe -> [2008/10/06 19:16:41 | 00,046,592 | ---- | C] (Microsoft Corporation)

dimap.dll -> %SystemRoot%\System32\dllcache\dimap.dll -> [2008/10/06 19:16:41 | 00,044,032 | ---- | C] (Microsoft Corporation)

d3dpmesh.dll -> %SystemRoot%\System32\dllcache\d3dpmesh.dll -> [2008/10/06 19:16:41 | 00,034,816 | ---- | C] (Microsoft Corporation)

mciqtz32.dll -> %SystemRoot%\System32\dllcache\mciqtz32.dll -> [2008/10/06 19:16:41 | 00,034,304 | ---- | C] ()

dmloader.dll -> %SystemRoot%\System32\dllcache\dmloader.dll -> [2008/10/06 19:16:41 | 00,033,280 | ---- | C] (Microsoft Corporation)

dpnhpast.dll -> %SystemRoot%\System32\dllcache\dpnhpast.dll -> [2008/10/06 19:16:41 | 00,032,768 | ---- | C] (Microsoft Corporation)

pid.dll -> %SystemRoot%\System32\dllcache\pid.dll -> [2008/10/06 19:16:41 | 00,031,744 | ---- | C] (Microsoft Corporation)

dplaysvr.exe -> %SystemRoot%\System32\dllcache\dplaysvr.exe -> [2008/10/06 19:16:41 | 00,028,160 | ---- | C] (Microsoft Corporation)

dmband.dll -> %SystemRoot%\System32\dllcache\dmband.dll -> [2008/10/06 19:16:41 | 00,027,136 | ---- | C] (Microsoft Corporation)

ddrawex.dll -> %SystemRoot%\System32\dllcache\ddrawex.dll -> [2008/10/06 19:16:41 | 00,024,064 | ---- | C] (Microsoft Corporation)

dpmodemx.dll -> %SystemRoot%\System32\dllcache\dpmodemx.dll -> [2008/10/06 19:16:41 | 00,022,016 | ---- | C] (Microsoft Corporation)

dpvacm.dll -> %SystemRoot%\System32\dllcache\dpvacm.dll -> [2008/10/06 19:16:41 | 00,019,968 | ---- | C] (Microsoft Corporation)

dswave.dll -> %SystemRoot%\System32\dllcache\dswave.dll -> [2008/10/06 19:16:41 | 00,018,432 | ---- | C] (Microsoft Corporation)

dpnsvr.exe -> %SystemRoot%\System32\dllcache\dpnsvr.exe -> [2008/10/06 19:16:41 | 00,016,896 | ---- | C] (Microsoft Corporation)

msdmo.dll -> %SystemRoot%\System32\dllcache\msdmo.dll -> [2008/10/06 19:16:41 | 00,013,312 | ---- | C] ()

ksolay.ax -> %SystemRoot%\System32\ksolay.ax -> [2008/10/06 19:16:41 | 00,012,288 | ---- | C] (Microsoft Corporation)

dxapi.sys -> %SystemRoot%\System32\dllcache\dxapi.sys -> [2008/10/06 19:16:41 | 00,010,496 | ---- | C] (Microsoft Corporation)

d3d8thk.dll -> %SystemRoot%\System32\dllcache\d3d8thk.dll -> [2008/10/06 19:16:41 | 00,008,192 | ---- | C] (Microsoft Corporation)

mstee.sys -> %SystemRoot%\System32\drivers\mstee.sys -> [2008/10/06 19:16:41 | 00,005,504 | ---- | C] (Microsoft Corporation)

mstee.sys -> %SystemRoot%\System32\dllcache\mstee.sys -> [2008/10/06 19:16:41 | 00,005,504 | ---- | C] (Microsoft Corporation)

dpnlobby.dll -> %SystemRoot%\System32\dllcache\dpnlobby.dll -> [2008/10/06 19:16:41 | 00,003,072 | ---- | C] (Microsoft Corporation)

dpnaddr.dll -> %SystemRoot%\System32\dllcache\dpnaddr.dll -> [2008/10/06 19:16:41 | 00,003,072 | ---- | C] (Microsoft Corporation)

msdownld.tmp -> %SystemRoot%\msdownld.tmp -> [2008/10/06 19:16:02 | 00,000,000 | -H-D | C]

dxwebsetup.exe -> %UserProfile%\Desktop\dxwebsetup.exe -> [2008/10/06 18:47:59 | 00,315,624 | ---- | C] (Microsoft Corporation)

FileZilla -> %AppData%\FileZilla -> [2008/10/06 01:13:31 | 00,000,000 | ---D | C]

FileZilla Client.lnk -> %AllUsersProfile%\Desktop\FileZilla Client.lnk -> [2008/10/06 01:12:26 | 00,001,578 | ---- | C] ()

FileZilla FTP Client -> %ProgramFiles%\FileZilla FTP Client -> [2008/10/06 01:11:32 | 00,000,000 | ---D | C]

FileZilla_3.1.3.1_win32-setup.exe -> %UserProfile%\Desktop\FileZilla_3.1.3.1_win32-setup.exe -> [2008/10/06 01:09:37 | 03,659,444 | ---- | C] ()

NSV -> %CommonProgramFiles%\NSV -> [2008/10/05 23:26:48 | 00,000,000 | ---D | C]

Thumbs.db -> %UserProfile%\Desktop\Thumbs.db -> [2008/10/04 16:00:57 | 00,010,752 | -HS- | C] ()

Auto-Tune_evo_VST_PC_v6.05.exe -> %UserProfile%\Desktop\Auto-Tune_evo_VST_PC_v6.05.exe -> [2008/10/04 15:50:31 | 18,159,431 | ---- | C] (Antares Audio Technologies )

Jasc Software Inc -> %ProgramFiles%\Jasc Software Inc -> [2008/10/04 14:06:18 | 00,000,000 | ---D | C]

Spybot - Search & Destroy -> %ProgramFiles%\Spybot - Search & Destroy -> [2008/09/30 12:02:16 | 00,000,000 | ---D | C]

Spybot - Search & Destroy -> %AllUsersProfile%\Application Data\Spybot - Search & Destroy -> [2008/09/30 12:02:16 | 00,000,000 | ---D | C]

care-bears-desktop-wallpaper-8.jpg -> %UserProfile%\Desktop\care-bears-desktop-wallpaper-8.jpg -> [2008/09/30 00:51:38 | 00,056,475 | ---- | C] ()

care-bears-desktop-wallpaper-wish-bear.jpg -> %UserProfile%\Desktop\care-bears-desktop-wallpaper-wish-bear.jpg -> [2008/09/30 00:50:05 | 00,037,117 | ---- | C] ()

Incinerator.dll -> %SystemRoot%\System32\Incinerator.dll -> [2008/09/29 11:26:04 | 00,922,464 | ---- | C] ()

iolobtdfg.exe -> %SystemRoot%\System32\iolobtdfg.exe -> [2008/09/29 11:26:00 | 00,028,672 | ---- | C] ()

smrgdf.exe -> %SystemRoot%\System32\smrgdf.exe -> [2008/09/29 11:26:00 | 00,008,192 | ---- | C] ()

scott convo 92608a.rtf -> %UserProfile%\My Documents\scott convo 92608a.rtf -> [2008/09/26 13:15:12 | 00,001,943 | ---- | C] ()

YIM-StatusEdit.exe -> %UserProfile%\Desktop\YIM-StatusEdit.exe -> [2008/09/26 11:52:04 | 00,086,016 | ---- | C] (WackyB)

scott convo 92408a.rtf -> %UserProfile%\My Documents\scott convo 92408a.rtf -> [2008/09/24 23:12:15 | 00,044,753 | ---- | C] ()

New Folder -> %UserProfile%\Desktop\New Folder -> [2008/09/24 20:18:40 | 00,000,000 | ---D | C]

IconCache.db -> %UserProfile%\Local Settings\Application Data\IconCache.db -> [2008/09/22 18:49:24 | 05,883,082 | -H-- | C] ()

SLIP.sys -> %SystemRoot%\System32\drivers\SLIP.sys -> [2008/09/21 21:26:01 | 00,011,136 | ---- | C] (Microsoft Corporation)

slip.sys -> %SystemRoot%\System32\dllcache\slip.sys -> [2008/09/21 21:26:01 | 00,011,136 | ---- | C] (Microsoft Corporation)

QuickTime -> %ProgramFiles%\QuickTime -> [2008/09/21 19:25:46 | 00,000,000 | ---D | C]

Thumbs.db -> %UserProfile%\My Documents\Thumbs.db -> [2008/09/19 21:46:29 | 00,005,632 | -HS- | C] ()

Apple Computer -> %UserProfile%\Local Settings\Application Data\Apple Computer -> [2008/09/18 12:05:01 | 00,000,000 | ---D | C]

Apple Computer -> %AppData%\Apple Computer -> [2008/09/18 12:05:01 | 00,000,000 | ---D | C]

Get OpenOffice.org.lnk -> %AllUsersProfile%\Desktop\Get OpenOffice.org.lnk -> [2008/09/18 12:04:28 | 00,000,851 | ---- | C] ()

Sun -> %ProgramFiles%\Sun -> [2008/09/18 12:04:27 | 00,000,000 | ---D | C]

Sun -> %AppData%\Sun -> [2008/09/18 12:01:43 | 00,000,000 | ---D | C]

regclean.exe -> %UserProfile%\Desktop\regclean.exe -> [2008/09/18 09:33:34 | 00,800,136 | ---- | C] ()

AMIP Configurator.lnk -> %UserProfile%\Desktop\AMIP Configurator.lnk -> [2008/09/16 20:54:39 | 00,000,817 | ---- | C] ()

WinRAR -> %AppData%\WinRAR -> [2008/09/16 20:39:12 | 00,000,000 | ---D | C]

WinRAR -> %ProgramFiles%\WinRAR -> [2008/09/16 20:38:42 | 00,000,000 | ---D | C]

Safari -> %ProgramFiles%\Safari -> [2008/09/15 21:08:56 | 00,000,000 | ---D | C]

AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job -> [2008/09/15 20:58:35 | 00,000,284 | ---- | C] ()

Apple Software Update -> %ProgramFiles%\Apple Software Update -> [2008/09/15 20:58:28 | 00,000,000 | ---D | C]

Apple -> %UserProfile%\Local Settings\Application Data\Apple -> [2008/09/15 20:58:18 | 00,000,000 | ---D | C]

COMCT232.OCX -> %SystemRoot%\System32\COMCT232.OCX -> [2008/09/13 10:00:11 | 00,164,144 | ---- | C] (Microsoft Corporation)

AudioVisu.dll -> %SystemRoot%\System32\AudioVisu.dll -> [2008/09/13 10:00:04 | 00,479,232 | ---- | C] (NCT Company Ltd.)

AudioRecord.dll -> %SystemRoot%\System32\AudioRecord.dll -> [2008/09/13 10:00:04 | 00,454,656 | ---- | C] (NCT Company Ltd.)

WMAFile.dll -> %SystemRoot%\System32\WMAFile.dll -> [2008/09/13 10:00:04 | 00,348,160 | ---- | C] (NCT Company Ltd.)

NCTWMAProfiles.prx -> %SystemRoot%\System32\NCTWMAProfiles.prx -> [2008/09/13 10:00:04 | 00,116,296 | ---- | C] ()

AudFile.dll -> %SystemRoot%\System32\AudFile.dll -> [2008/09/13 10:00:03 | 01,986,560 | ---- | C] (NCT Company Ltd.)

AudioInfos.dll -> %SystemRoot%\System32\AudioInfos.dll -> [2008/09/13 10:00:03 | 01,212,416 | ---- | C] (NCT Company Ltd.)

AudPlayer.dll -> %SystemRoot%\System32\AudPlayer.dll -> [2008/09/13 10:00:03 | 00,458,752 | ---- | C] (NCT Company Ltd.)

AudDisplay.dll -> %SystemRoot%\System32\AudDisplay.dll -> [2008/09/13 10:00:03 | 00,417,792 | ---- | C] (NCT Company Ltd.)

AudDesign.dll -> %SystemRoot%\System32\AudDesign.dll -> [2008/09/13 10:00:02 | 02,084,864 | ---- | C] (NCT Company Ltd.)

TABCTL32.OCX -> %SystemRoot%\System32\TABCTL32.OCX -> [2008/09/13 10:00:02 | 00,224,016 | ---- | C] (Microsoft Corporation)

VB6FR.DLL -> %SystemRoot%\System32\VB6FR.DLL -> [2008/09/13 10:00:02 | 00,119,568 | ---- | C] (Microsoft Corporation)

msinet.OCX -> %SystemRoot%\System32\msinet.OCX -> [2008/09/13 10:00:02 | 00,115,920 | ---- | C] (Microsoft Corporation)

VB6STKIT.DLL -> %SystemRoot%\System32\VB6STKIT.DLL -> [2008/09/13 10:00:02 | 00,101,888 | ---- | C] (Microsoft Corporation)

TABCTFR.DLL -> %SystemRoot%\System32\TABCTFR.DLL -> [2008/09/13 10:00:02 | 00,021,504 | ---- | C] (Microsoft Corporation)

inetfr.DLL -> %SystemRoot%\System32\inetfr.DLL -> [2008/09/13 10:00:02 | 00,015,360 | ---- | C] (Microsoft Corporation)

mscomctl.ocx -> %SystemRoot%\System32\mscomctl.ocx -> [2008/09/13 10:00:01 | 01,081,616 | ---- | C] (Microsoft Corporation)

MSCOMCT2.OCX -> %SystemRoot%\System32\MSCOMCT2.OCX -> [2008/09/13 10:00:01 | 00,662,288 | ---- | C] (Microsoft Corporation)

COMDLG32.OCX -> %SystemRoot%\System32\COMDLG32.OCX -> [2008/09/13 10:00:01 | 00,152,848 | ---- | C] (Microsoft Corporation)

MSCMCFR.DLL -> %SystemRoot%\System32\MSCMCFR.DLL -> [2008/09/13 10:00:01 | 00,141,312 | ---- | C] (Microsoft Corporation)

Mscc2fr.dll -> %SystemRoot%\System32\Mscc2fr.dll -> [2008/09/13 10:00:01 | 00,059,904 | ---- | C] (Microsoft Corporation)

CMDLGFR.DLL -> %SystemRoot%\System32\CMDLGFR.DLL -> [2008/09/13 10:00:01 | 00,032,768 | ---- | C] (Microsoft Corporation)

AOL -> %UserProfile%\Local Settings\Application Data\AOL -> [2008/09/11 07:08:51 | 00,000,000 | ---D | C]

acccore -> %AppData%\acccore -> [2008/09/09 19:13:06 | 00,000,000 | ---D | C]

AOL OCP -> %UserProfile%\Local Settings\Application Data\AOL OCP -> [2008/09/09 19:12:53 | 00,000,000 | ---D | C]

Microsoft CAPICOM 2.1.0.2 -> %ProgramFiles%\Microsoft CAPICOM 2.1.0.2 -> [2008/09/09 04:00:22 | 00,000,000 | ---D | C]

LimeWire -> %UserProfile%\My Documents\LimeWire -> [2008/09/08 23:48:56 | 00,000,000 | ---D | C]

Incomplete -> %UserProfile%\My Documents\Incomplete -> [2008/09/08 23:48:56 | 00,000,000 | ---D | C]

LimeWire -> %AppData%\LimeWire -> [2008/09/08 23:47:38 | 00,000,000 | ---D | C]

Desktopicon -> %AppData%\Desktopicon -> [2008/09/08 19:38:28 | 00,000,000 | ---D | C]

Unlocker -> %ProgramFiles%\Unlocker -> [2008/09/08 19:38:27 | 00,000,000 | ---D | C]

_vmtxp.ini -> %SystemRoot%\_vmtxp.ini -> [2008/09/07 23:14:06 | 00,000,103 | ---- | C] ()

TweakXP 2 -> %ProgramFiles%\TweakXP 2 -> [2008/09/07 23:14:00 | 00,000,000 | ---D | C]

tweakxputility.exe -> %UserProfile%\My Documents\tweakxputility.exe -> [2008/09/07 23:13:44 | 01,364,656 | ---- | C] (WinShareSoft )

Leadertech -> %AppData%\Leadertech -> [2008/09/07 22:52:02 | 00,000,000 | ---D | C]

Repository.reg -> %SystemRoot%\System32\Repository.reg -> [2008/09/07 22:38:24 | 00,025,974 | ---- | C] ()

Logishrd -> %AllUsersProfile%\Application Data\Logishrd -> [2008/09/07 22:36:41 | 00,000,000 | ---D | C]

Logitech -> %CommonProgramFiles%\Logitech -> [2008/09/07 22:21:01 | 00,000,000 | ---D | C]

Logitech -> %AllUsersProfile%\Application Data\Logitech -> [2008/09/07 22:20:57 | 00,000,000 | ---D | C]

My Videos -> %UserProfile%\My Documents\My Videos -> [2008/09/07 22:19:13 | 00,000,000 | --SD | C]

New Folder (2) -> %UserProfile%\My Documents\New Folder (2) -> [2008/09/07 22:18:05 | 00,000,000 | ---D | C]

qc1040enu.exe -> %UserProfile%\Desktop\qc1040enu.exe -> [2008/09/07 22:16:51 | 75,188,208 | ---- | C] (Logitech, Inc. )

Logitech -> %ProgramFiles%\Logitech -> [2008/09/07 22:10:52 | 00,000,000 | ---D | C]

rdg10.JPG -> %UserProfile%\Desktop\rdg10.JPG -> [2008/09/07 17:28:20 | 00,149,518 | ---- | C] ()

adsasdasd.eml -> %UserProfile%\My Documents\adsasdasd.eml -> [2008/09/04 16:55:46 | 00,014,839 | ---- | C] ()

BricoPackFoldersDelete.cmd -> %SystemRoot%\BricoPackFoldersDelete.cmd -> [2008/09/04 06:23:35 | 00,002,271 | ---- | C] ()

26AV500U_E.pdf -> %UserProfile%\My Documents\26AV500U_E.pdf -> [2008/09/03 22:02:37 | 07,668,015 | ---- | C] ()

Adobe -> %UserProfile%\Local Settings\Application Data\Adobe -> [2008/09/03 06:00:24 | 00,000,000 | ---D | C]

Adobe -> %AppData%\Adobe -> [2008/09/03 06:00:24 | 00,000,000 | ---D | C]

USBAUDIO.sys -> %SystemRoot%\System32\drivers\USBAUDIO.sys -> [2008/09/01 23:00:12 | 00,060,032 | ---- | C] (Microsoft Corporation)

usbaudio.sys -> %SystemRoot%\System32\dllcache\usbaudio.sys -> [2008/09/01 23:00:12 | 00,060,032 | ---- | C] (Microsoft Corporation)

lvuvc.hs -> %SystemRoot%\System32\drivers\lvuvc.hs -> [2008/09/01 23:00:00 | 00,000,000 | ---- | C] ()

kswdmcap.ax -> %SystemRoot%\System32\kswdmcap.ax -> [2008/09/01 22:59:52 | 00,091,136 | ---- | C] (Microsoft Corporation)

kswdmcap.ax -> %SystemRoot%\System32\dllcache\kswdmcap.ax -> [2008/09/01 22:59:52 | 00,091,136 | ---- | C] (Microsoft Corporation)

vfwwdm32.dll -> %SystemRoot%\System32\vfwwdm32.dll -> [2008/09/01 22:59:52 | 00,053,760 | ---- | C] (Microsoft Corporation)

vfwwdm32.dll -> %SystemRoot%\System32\dllcache\vfwwdm32.dll -> [2008/09/01 22:59:52 | 00,053,760 | ---- | C] (Microsoft Corporation)

ksxbar.ax -> %SystemRoot%\System32\ksxbar.ax -> [2008/09/01 22:59:52 | 00,043,008 | ---- | C] (Microsoft Corporation)

ksxbar.ax -> %SystemRoot%\System32\dllcache\ksxbar.ax -> [2008/09/01 22:59:52 | 00,043,008 | ---- | C] (Microsoft Corporation)

kstvtune.ax -> %SystemRoot%\System32\kstvtune.ax -> [2008/09/01 22:59:51 | 00,061,952 | ---- | C] (Microsoft Corporation)

kstvtune.ax -> %SystemRoot%\System32\dllcache\kstvtune.ax -> [2008/09/01 22:59:51 | 00,061,952 | ---- | C] (Microsoft Corporation)

dshowext.ax -> %SystemRoot%\System32\dshowext.ax -> [2008/09/01 22:59:50 | 00,020,992 | ---- | C] (Microsoft Corporation)

dshowext.ax -> %SystemRoot%\System32\dllcache\dshowext.ax -> [2008/09/01 22:59:50 | 00,020,992 | ---- | C] (Microsoft Corporation)

LogiShrd -> %CommonProgramFiles%\LogiShrd -> [2008/09/01 22:39:14 | 00,000,000 | ---D | C]

qc1150.exe -> %UserProfile%\Desktop\qc1150.exe -> [2008/09/01 22:32:17 | 30,401,112 | ---- | C] (Logitech, Inc.)

My Received Files -> %UserProfile%\My Documents\My Received Files -> [2008/09/01 22:20:34 | 00,000,000 | ---D | C]

New Folder -> %UserProfile%\My Documents\New Folder -> [2008/09/01 11:07:57 | 00,000,000 | ---D | C]

Crystal -> %UserProfile%\Desktop\Crystal -> [2008/09/01 11:02:02 | 00,000,000 | ---D | C]

Windows Search -> %AppData%\Windows Search -> [2008/09/01 10:42:46 | 00,000,000 | ---D | C]

hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [2008/09/01 05:21:03 | 53,482,7008 | -HS- | C] ()

PCHealth -> %UserProfile%\Local Settings\Application Data\PCHealth -> [2008/09/01 05:13:03 | 00,000,000 | ---D | C]

WLinstaller.exe -> %UserProfile%\Desktop\WLinstaller.exe -> [2008/08/31 17:56:46 | 02,400,784 | ---- | C] (Microsoft Corporation)

My Sharing Folders.lnk -> %UserProfile%\My Documents\My Sharing Folders.lnk -> [2008/08/31 17:34:18 | 00,000,811 | ---- | C] ()

spybotsd160.exe -> %UserProfile%\Desktop\spybotsd160.exe -> [2008/08/30 17:26:09 | 15,083,520 | ---- | C] (Safer Networking Limited )

Macromedia -> %AppData%\Macromedia -> [2008/08/30 17:20:21 | 00,000,000 | ---D | C]

Mozilla -> %UserProfile%\Local Settings\Application Data\Mozilla -> [2008/08/30 17:16:44 | 00,000,000 | ---D | C]

Mozilla -> %AppData%\Mozilla -> [2008/08/30 17:16:44 | 00,000,000 | ---D | C]

Microsoft Silverlight -> %ProgramFiles%\Microsoft Silverlight -> [2008/08/30 17:13:30 | 00,000,000 | ---D | C]

Silverlight.2.0.exe -> %UserProfile%\My Documents\Silverlight.2.0.exe -> [2008/08/30 17:12:44 | 04,891,216 | ---- | C] (Microsoft Corporation)

Winamp -> %AppData%\Winamp -> [2008/08/29 06:25:52 | 00,000,000 | ---D | C]

DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %UserProfile%\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2008/08/29 06:24:30 | 00,003,584 | ---- | C] ()

Regina -> %UserProfile%\Desktop\Regina -> [2008/08/29 06:19:57 | 00,000,000 | ---D | C]

Identities -> %UserProfile%\Local Settings\Application Data\Identities -> [2008/08/29 06:19:32 | 00,000,000 | ---D | C]

Windows Desktop Search -> %AppData%\Windows Desktop Search -> [2008/08/29 06:19:28 | 00,000,000 | ---D | C]

iolo -> %AppData%\iolo -> [2008/08/29 06:19:18 | 00,000,000 | ---D | C]

Identities -> %AppData%\Identities -> [2008/08/29 06:18:56 | 00,000,000 | ---D | C]

desktop.ini -> %UserProfile%\My Documents\desktop.ini -> [2008/08/29 06:18:45 | 00,000,075 | -HS- | C] ()

My Pictures -> %UserProfile%\My Documents\My Pictures -> [2008/08/29 06:18:45 | 00,000,000 | --SD | C]

My Music -> %UserProfile%\My Documents\My Music -> [2008/08/29 06:18:45 | 00,000,000 | --SD | C]

GDIPFONTCACHEV1.DAT -> %UserProfile%\Local Settings\Application Data\GDIPFONTCACHEV1.DAT -> [2008/08/29 06:18:38 | 00,015,600 | ---- | C] ()

desktop.ini -> %UserProfile%\Start Menu\Programs\Startup\desktop.ini -> [2008/08/29 06:18:32 | 00,000,084 | -HS- | C] ()

desktop.ini -> %AppData%\desktop.ini -> [2008/08/29 06:18:32 | 00,000,062 | -HS- | C] ()

Microsoft -> %AppData%\Microsoft -> [2008/08/29 06:18:32 | 00,000,000 | --SD | C]

Microsoft -> %UserProfile%\Local Settings\Application Data\Microsoft -> [2008/08/29 06:18:32 | 00,000,000 | ---D | C]

logiflt.iad -> %SystemRoot%\System32\drivers\logiflt.iad -> [2008/08/28 21:33:33 | 00,000,000 | ---- | C] ()

usbccgp.sys -> %SystemRoot%\System32\drivers\usbccgp.sys -> [2008/08/28 21:33:30 | 00,032,128 | ---- | C] (Microsoft Corporation)

usbccgp.sys -> %SystemRoot%\System32\dllcache\usbccgp.sys -> [2008/08/28 21:33:30 | 00,032,128 | ---- | C] (Microsoft Corporation)

Windows Desktop Search -> %ProgramFiles%\Windows Desktop Search -> [2008/08/28 21:32:15 | 00,000,000 | ---D | C]

GroupPolicy -> %SystemRoot%\System32\GroupPolicy -> [2008/08/28 21:32:14 | 00,000,000 | ---D | C]

offfilt.dll -> %SystemRoot%\System32\dllcache\offfilt.dll -> [2008/08/28 21:31:28 | 00,192,000 | ---- | C] (Microsoft Corporation)

nlhtml.dll -> %SystemRoot%\System32\dllcache\nlhtml.dll -> [2008/08/28 21:31:28 | 00,098,304 | ---- | C] (Microsoft Corporation)

mimefilt.dll -> %SystemRoot%\System32\dllcache\mimefilt.dll -> [2008/08/28 21:31:28 | 00,029,696 | ---- | C] (Microsoft Corporation)

sysmain.sdb -> %SystemRoot%\System32\dllcache\sysmain.sdb -> [2008/08/28 21:30:50 | 01,214,526 | ---- | C] ()

drvmain.sdb -> %SystemRoot%\System32\dllcache\drvmain.sdb -> [2008/08/28 21:30:50 | 00,009,696 | ---- | C] ()

apph_sp.sdb -> %SystemRoot%\System32\dllcache\apph_sp.sdb -> [2008/08/28 21:30:49 | 00,790,846 | ---- | C] ()

NtmsData -> %SystemRoot%\System32\NtmsData -> [2008/08/23 20:14:51 | 00,000,000 | ---D | C]

Prefetch -> %SystemRoot%\Prefetch -> [2008/08/19 20:02:20 | 00,000,000 | ---D | C]

scripting -> %SystemRoot%\System32\scripting -> [2008/08/19 19:48:57 | 00,000,000 | ---D | C]

l2schemas -> %SystemRoot%\l2schemas -> [2008/08/19 19:48:55 | 00,000,000 | ---D | C]

en -> %SystemRoot%\System32\en -> [2008/08/19 19:48:54 | 00,000,000 | ---D | C]

msxml6.dll -> %SystemRoot%\System32\dllcache\msxml6.dll -> [2008/08/19 18:58:41 | 01,306,624 | ---- | C] (Microsoft Corporation)

dot3ui.dll -> %SystemRoot%\System32\dot3ui.dll -> [2008/08/19 18:58:37 | 00,650,752 | ---- | C] (Microsoft Corporation)

rhttpaa.dll -> %SystemRoot%\System32\rhttpaa.dll -> [2008/08/19 18:58:36 | 00,290,304 | ---- | C] (Microsoft Corporation)

mmcex.dll -> %SystemRoot%\System32\mmcex.dll -> [2008/08/19 18:58:35 | 00,397,312 | ---- | C] (Microsoft Corporation)

qagentrt.dll -> %SystemRoot%\System32\qagentrt.dll -> [2008/08/19 18:58:33 | 00,291,328 | ---- | C] (Microsoft Corporation)

azroles.dll -> %SystemRoot%\System32\azroles.dll -> [2008/08/19 18:58:31 | 00,233,472 | ---- | C] (Microsoft Corporation)

napstat.exe -> %SystemRoot%\System32\napstat.exe -> [2008/08/19 18:58:29 | 00,176,640 | ---- | C] (Microsoft Corporation)

eapp3hst.dll -> %SystemRoot%\System32\eapp3hst.dll -> [2008/08/19 18:58:28 | 00,184,832 | ---- | C] (Microsoft Corporation)

microsoft.managementconsole.dll -> %SystemRoot%\System32\microsoft.managementconsole.dll -> [2008/08/19 18:58:28 | 00,184,320 | ---- | C] (Microsoft Corporation)

eapphost.dll -> %SystemRoot%\System32\eapphost.dll -> [2008/08/19 18:58:28 | 00,180,224 | ---- | C] (Microsoft Corporation)

mssha.dll -> %SystemRoot%\System32\mssha.dll -> [2008/08/19 18:58:28 | 00,155,136 | ---- | C] (Microsoft Corporation)

napmontr.dll -> %SystemRoot%\System32\napmontr.dll -> [2008/08/19 18:58:26 | 00,193,024 | ---- | C] (Microsoft Corporation)

qagent.dll -> %SystemRoot%\System32\qagent.dll -> [2008/08/19 18:58:26 | 00,150,528 | ---- | C] (Microsoft Corporation)

aaclient.dll -> %SystemRoot%\System32\aaclient.dll -> [2008/08/19 18:58:26 | 00,136,192 | ---- | C] (Microsoft Corporation)

dot3svc.dll -> %SystemRoot%\System32\dot3svc.dll -> [2008/08/19 18:58:26 | 00,132,096 | ---- | C] (Microsoft Corporation)

onex.dll -> %SystemRoot%\System32\onex.dll -> [2008/08/19 18:58:25 | 00,144,384 | ---- | C] (Microsoft Corporation)

eappcfg.dll -> %SystemRoot%\System32\eappcfg.dll -> [2008/08/19 18:58:25 | 00,126,976 | ---- | C] (Microsoft Corporation)

eappgnui.dll -> %SystemRoot%\System32\eappgnui.dll -> [2008/08/19 18:58:23 | 00,094,208 | ---- | C] (Microsoft Corporation)

mmcfxcommon.dll -> %SystemRoot%\System32\mmcfxcommon.dll -> [2008/08/19 18:58:22 | 00,106,496 | ---- | C] (Microsoft Corporation)

qutil.dll -> %SystemRoot%\System32\qutil.dll -> [2008/08/19 18:58:22 | 00,076,800 | ---- | C] (Microsoft Corporation)

wlanapi.dll -> %SystemRoot%\System32\wlanapi.dll -> [2008/08/19 18:58:21 | 00,069,120 | ---- | C] (Microsoft Corporation)

qcliprov.dll -> %SystemRoot%\System32\qcliprov.dll -> [2008/08/19 18:58:20 | 00,062,464 | ---- | C] (Microsoft Corporation)

kmsvc.dll -> %SystemRoot%\System32\kmsvc.dll -> [2008/08/19 18:58:20 | 00,061,440 | ---- | C] (Microsoft Corporation)

eapqec.dll -> %SystemRoot%\System32\eapqec.dll -> [2008/08/19 18:58:20 | 00,059,392 | ---- | C] (Microsoft Corporation)

dot3msm.dll -> %SystemRoot%\System32\dot3msm.dll -> [2008/08/19 18:58:19 | 00,056,320 | ---- | C] (Microsoft Corporation)

tspkg.dll -> %SystemRoot%\System32\tspkg.dll -> [2008/08/19 18:58:19 | 00,050,688 | ---- | C] (Microsoft Corporation)

dhcpqec.dll -> %SystemRoot%\System32\dhcpqec.dll -> [2008/08/19 18:58:19 | 00,048,640 | ---- | C] (Microsoft Corporation)

tsgqec.dll -> %SystemRoot%\System32\tsgqec.dll -> [2008/08/19 18:58:18 | 00,053,248 | ---- | C] (Microsoft Corporation)

dot3cfg.dll -> %SystemRoot%\System32\dot3cfg.dll -> [2008/08/19 18:58:17 | 00,057,856 | ---- | C] (Microsoft Corporation)

dimsroam.dll -> %SystemRoot%\System32\dimsroam.dll -> [2008/08/19 18:58:17 | 00,039,936 | ---- | C] (Microsoft Corporation)

eappprxy.dll -> %SystemRoot%\System32\eappprxy.dll -> [2008/08/19 18:58:16 | 00,040,960 | ---- | C] (Microsoft Corporation)

dot3gpclnt.dll -> %SystemRoot%\System32\dot3gpclnt.dll -> [2008/08/19 18:58:16 | 00,039,936 | ---- | C] (Microsoft Corporation)

l2gpstore.dll -> %SystemRoot%\System32\l2gpstore.dll -> [2008/08/19 18:58:16 | 00,037,376 | ---- | C] (Microsoft Corporation)

rasqec.dll -> %SystemRoot%\System32\rasqec.dll -> [2008/08/19 18:58:15 | 00,061,952 | ---- | C] (Microsoft Corporation)

msxml6r.dll -> %SystemRoot%\System32\dllcache\msxml6r.dll -> [2008/08/19 18:58:14 | 00,079,872 | ---- | C] (Microsoft Corporation)

msshavmsg.dll -> %SystemRoot%\System32\msshavmsg.dll -> [2008/08/19 18:58:14 | 00,076,800 | ---- | C] (Microsoft Corporation)

mmcperf.exe -> %SystemRoot%\System32\mmcperf.exe -> [2008/08/19 18:58:14 | 00,033,792 | ---- | C] (Microsoft Corporation)

eapsvc.dll -> %SystemRoot%\System32\eapsvc.dll -> [2008/08/19 18:58:14 | 00,033,792 | ---- | C] (Microsoft Corporation)

eapolqec.dll -> %SystemRoot%\System32\eapolqec.dll -> [2008/08/19 18:58:14 | 00,030,720 | ---- | C] (Microsoft Corporation)

napipsec.dll -> %SystemRoot%\System32\napipsec.dll -> [2008/08/19 18:58:14 | 00,030,208 | ---- | C] (Microsoft Corporation)

dot3api.dll -> %SystemRoot%\System32\dot3api.dll -> [2008/08/19 18:58:07 | 00,026,112 | ---- | C] (Microsoft Corporation)

setupn.exe -> %SystemRoot%\System32\setupn.exe -> [2008/08/19 18:58:06 | 00,032,768 | ---- | C] (Microsoft Corporation)

dimsntfy.dll -> %SystemRoot%\System32\dimsntfy.dll -> [2008/08/19 18:58:06 | 00,019,456 | ---- | C] (Microsoft Corporation)

credssp.dll -> %SystemRoot%\System32\credssp.dll -> [2008/08/19 18:58:04 | 00,012,800 | ---- | C] (Microsoft Corporation)

sffp_mmc.sys -> %SystemRoot%\System32\drivers\sffp_mmc.sys -> [2008/08/19 18:58:04 | 00,010,240 | ---- | C] (Microsoft Corporation)

dot3dlg.dll -> %SystemRoot%\System32\dot3dlg.dll -> [2008/08/19 18:57:57 | 00,009,216 | ---- | C] (Microsoft Corporation)

bitsprx4.dll -> %SystemRoot%\System32\bitsprx4.dll -> [2008/08/19 18:57:56 | 00,007,168 | ---- | C] (Microsoft Corporation)

kbdpash.dll -> %SystemRoot%\System32\kbdpash.dll -> [2008/08/19 18:57:56 | 00,006,144 | ---- | C] (Microsoft Corporation)

kbdnepr.dll -> %SystemRoot%\System32\kbdnepr.dll -> [2008/08/19 18:57:56 | 00,006,144 | ---- | C] (Microsoft Corporation)

kbdiultn.dll -> %SystemRoot%\System32\kbdiultn.dll -> [2008/08/19 18:57:56 | 00,006,144 | ---- | C] (Microsoft Corporation)

kbdbhc.dll -> %SystemRoot%\System32\kbdbhc.dll -> [2008/08/19 18:57:56 | 00,006,144 | ---- | C] (Microsoft Corporation)

Avg7 -> %AllUsersProfile%\Application Data\Avg7 -> [2008/08/19 18:19:33 | 00,000,000 | ---D | C]

avgntdd.sys -> %SystemRoot%\System32\drivers\avgntdd.sys -> [2008/08/19 15:56:46 | 00,045,376 | ---- | C] (Avira GmbH)

ssmdrv.sys -> %SystemRoot%\System32\drivers\ssmdrv.sys -> [2008/08/19 15:56:46 | 00,028,352 | ---- | C] (Avira GmbH)

avgntmgr.sys -> %SystemRoot%\System32\drivers\avgntmgr.sys -> [2008/08/19 15:56:46 | 00,022,336 | ---- | C] (Avira GmbH)

avipbb.sys -> %SystemRoot%\System32\drivers\avipbb.sys -> [2008/08/19 15:56:45 | 00,075,072 | ---- | C] (Avira GmbH)

Avira -> %ProgramFiles%\Avira -> [2008/08/19 15:56:11 | 00,000,000 | ---D | C]

Avira -> %AllUsersProfile%\Application Data\Avira -> [2008/08/19 15:56:11 | 00,000,000 | ---D | C]

smtpapi.dll -> %SystemRoot%\System32\smtpapi.dll -> [2008/08/19 15:55:43 | 00,010,752 | ---- | C] (Microsoft Corporation)

rwnh.dll -> %SystemRoot%\System32\rwnh.dll -> [2008/08/19 15:55:43 | 00,009,728 | ---- | C] (Microsoft Corporation)

pid.inf -> %SystemRoot%\System32\pid.inf -> [2008/08/19 15:55:43 | 00,000,974 | ---- | C] ()

ioloBootDefrag.cfg -> %SystemRoot%\System32\ioloBootDefrag.cfg -> [2008/08/19 15:41:51 | 00,000,406 | ---- | C] ()

iolo -> %ProgramFiles%\iolo -> [2008/08/19 15:41:29 | 00,000,000 | ---D | C]

mfc45.dll -> %SystemRoot%\System32\mfc45.dll -> [2008/08/19 15:40:49 | 00,074,703 | ---- | C] ()

iolo -> %AllUsersProfile%\Application Data\iolo -> [2008/08/19 15:37:35 | 00,000,000 | ---D | C]

bthport.sys -> %SystemRoot%\System32\dllcache\bthport.sys -> [2008/08/19 15:31:45 | 00,272,128 | ---- | C] (Microsoft Corporation)

rmcast.sys -> %SystemRoot%\System32\dllcache\rmcast.sys -> [2008/08/19 15:31:26 | 00,203,136 | ---- | C] (Microsoft Corporation)

msadce.dll -> %SystemRoot%\System32\dllcache\msadce.dll -> [2008/08/19 15:31:19 | 00,331,776 | ---- | C] (Microsoft Corporation)

inetcomm.dll -> %SystemRoot%\System32\dllcache\inetcomm.dll -> [2008/08/19 15:30:40 | 00,691,712 | ---- | C] (Microsoft Corporation)

lvcoinst.ini -> %SystemRoot%\System32\lvcoinst.ini -> [2008/07/26 14:42:52 | 00,066,482 | ---- | C] ()

LVPr2Mon.sys -> %SystemRoot%\System32\drivers\LVPr2Mon.sys -> [2008/07/26 08:25:02 | 00,025,624 | ---- | C] ()

LVFeL000.cfg -> %SystemRoot%\System32\drivers\LVFeL000.cfg -> [2008/07/26 07:44:30 | 00,227,172 | ---- | C] ()

LVFeL001.cfg -> %SystemRoot%\System32\drivers\LVFeL001.cfg -> [2008/07/26 07:44:30 | 00,146,680 | ---- | C] ()

LVFeL002.cfg -> %SystemRoot%\System32\drivers\LVFeL002.cfg -> [2008/07/26 07:44:30 | 00,085,302 | ---- | C] ()

LVFaL000.cfg -> %SystemRoot%\System32\drivers\LVFaL000.cfg -> [2008/07/26 07:44:30 | 00,069,592 | ---- | C] ()

 

[Files/Folders - Modified Within 90 Days]

1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp ->

C:\Documents and Settings\All Users\Application Data\Microsoft\HTML Help\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\HTML Help -> [2002/09/23 13:34:32 | 00,000,000 | ---D | M]

hhcolreg.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\HTML Help\hhcolreg.dat -> [2008/10/13 21:57:52 | 00,000,184 | ---- | M] ()

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader -> [2007/05/22 08:15:48 | 00,000,000 | ---D | M]

qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [2008/10/20 23:33:36 | 00,005,503 | ---- | M] ()

qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [2008/10/20 23:33:36 | 00,004,232 | ---- | M] ()

C:\Documents and Settings\Nora\Local Settings\Temp\ -> C:\Documents and Settings\Nora\Local Settings\Temp -> [2002/09/23 13:25:24 | 00,000,000 | ---D | M]

Perflib_Perfdata_73c.dat -> C:\Documents and Settings\Nora\Local Settings\Temp\Perflib_Perfdata_73c.dat -> [2008/10/20 20:06:40 | 00,016,384 | ---- | M] ()

14 C:\Documents and Settings\Nora\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Nora\Local Settings\Temp\*.tmp ->

C:\WINDOWS\Temp\logishrd\ -> C:\WINDOWS\Temp\logishrd -> [2008/10/20 18:31:28 | 00,000,000 | ---D | M]

LVPrcInj01.dll -> C:\WINDOWS\Temp\logishrd\LVPrcInj01.dll -> [2008/07/26 08:25:24 | 00,109,080 | ---- | M] (Logitech Inc.)

C:\WINDOWS\Temp\Cookies\ -> C:\WINDOWS\Temp\Cookies -> [2008/10/21 08:47:08 | 00,000,000 | -HSD | M]

index.dat -> C:\WINDOWS\Temp\Cookies\index.dat -> [2008/10/21 08:47:08 | 00,032,768 | -HS- | M] ()

C:\WINDOWS\Temp\History\History.IE5\ -> C:\WINDOWS\Temp\History\History.IE5\ -> [2008/10/21 08:47:08 | 00,000,000 | -HSD | M]

index.dat -> C:\WINDOWS\Temp\History\History.IE5\index.dat -> [2008/10/21 08:47:08 | 00,032,768 | -HS- | M] ()

C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\ -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\ -> [2008/10/21 08:47:08 | 00,000,000 | -HSD | M]

index.dat -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\index.dat -> [2008/10/21 08:47:08 | 00,049,152 | -HS- | M] ()

OTScanIt2.exe -> %UserProfile%\Desktop\OTScanIt2.exe -> [2008/10/21 11:10:42 | 00,589,255 | ---- | M] ()

HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk -> [2008/10/21 09:15:30 | 00,001,649 | ---- | M] ()

HJTInstall.exe -> %UserProfile%\Desktop\HJTInstall.exe -> [2008/10/21 09:15:08 | 00,812,344 | ---- | M] (Trend Micro Inc.)

wpa.dbl -> %SystemRoot%\System32\wpa.dbl -> [2008/10/20 18:32:28 | 00,002,278 | ---- | M] ()

SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [2008/10/20 18:31:20 | 00,000,006 | -H-- | M] ()

bootstat.dat -> %SystemRoot%\bootstat.dat -> [2008/10/20 18:31:12 | 00,002,048 | --S- | M] ()

hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [2008/10/20 18:31:04 | 53,482,7008 | -HS- | M] ()

lvuvc.hs -> %SystemRoot%\System32\drivers\lvuvc.hs -> [2008/10/20 18:28:06 | 00,000,000 | ---- | M] ()

logiflt.iad -> %SystemRoot%\System32\drivers\logiflt.iad -> [2008/10/20 18:28:04 | 00,000,000 | ---- | M] ()

phpinfo.php -> %UserProfile%\Desktop\phpinfo.php -> [2008/10/20 12:13:32 | 00,001,871 | ---- | M] ()

picmgr.php -> %UserProfile%\Desktop\picmgr.php -> [2008/10/20 12:12:54 | 00,016,539 | ---- | M] ()

HTMLPad 2008.lnk -> %UserProfile%\Desktop\HTMLPad 2008.lnk -> [2008/10/20 10:36:40 | 00,000,558 | ---- | M] ()

htmlpad9.exe -> %UserProfile%\My Documents\htmlpad9.exe -> [2008/10/20 10:36:18 | 04,661,520 | ---- | M] (Karlis Blumentals )

picmgmt.inc.php -> %UserProfile%\Desktop\picmgmt.inc.php -> [2008/10/20 10:35:00 | 00,014,421 | ---- | M] ()

At2.job -> %SystemRoot%\tasks\At2.job -> [2008/10/19 17:32:34 | 00,000,408 | ---- | M] ()

IconCache.db -> %UserProfile%\Local Settings\Application Data\IconCache.db -> [2008/10/19 09:46:12 | 05,883,082 | -H-- | M] ()

utorrent.exe -> %UserProfile%\Desktop\utorrent.exe -> [2008/10/18 12:27:38 | 00,270,128 | ---- | M] (BitTorrent, Inc.)

AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job -> [2008/10/17 16:28:04 | 00,000,284 | ---- | M] ()

5jwwg7.gif -> %UserProfile%\Desktop\5jwwg7.gif -> [2008/10/16 23:20:44 | 00,053,849 | ---- | M] ()

At1.job -> %SystemRoot%\tasks\At1.job -> [2008/10/16 19:10:28 | 00,000,408 | ---- | M] ()

PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI -> [2008/10/16 16:09:36 | 00,540,110 | ---- | M] ()

perfh009.dat -> %SystemRoot%\System32\perfh009.dat -> [2008/10/16 16:09:36 | 00,462,558 | ---- | M] ()

perfc009.dat -> %SystemRoot%\System32\perfc009.dat -> [2008/10/16 16:09:36 | 00,078,508 | ---- | M] ()

Mozilla Firefox.lnk -> %UserProfile%\Desktop\Mozilla Firefox.lnk -> [2008/10/15 06:40:54 | 00,001,529 | ---- | M] ()

FNTCACHE.DAT -> %SystemRoot%\System32\FNTCACHE.DAT -> [2008/10/15 04:08:56 | 00,106,216 | ---- | M] ()

imsins.BAK -> %SystemRoot%\imsins.BAK -> [2008/10/15 04:02:36 | 00,001,393 | ---- | M] ()

Norton PC Checkup.lnk -> %AllUsersProfile%\Desktop\Norton PC Checkup.lnk -> [2008/10/13 22:49:28 | 00,000,670 | ---- | M] ()

msziptools.dll -> %SystemRoot%\System32\msziptools.dll -> [2008/10/13 22:06:08 | 00,007,704 | ---- | M] ()

ManyCam 2.3.lnk -> %UserProfile%\Desktop\ManyCam 2.3.lnk -> [2008/10/13 18:58:08 | 00,001,483 | ---- | M] ()

win.ini -> %SystemRoot%\win.ini -> [2008/10/12 22:14:32 | 00,000,760 | ---- | M] ()

system.ini -> %SystemRoot%\system.ini -> [2008/10/12 22:14:32 | 00,000,227 | ---- | M] ()

BOOT.INI -> %SystemDrive%\BOOT.INI -> [2008/10/12 22:14:32 | 00,000,210 | -HS- | M] ()

DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %UserProfile%\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2008/10/11 17:44:04 | 00,003,584 | ---- | M] ()

LPInstaller.exe -> %UserProfile%\Desktop\LPInstaller.exe -> [2008/10/11 17:37:58 | 01,039,776 | ---- | M] (SanDisk Corporation)

dsc350_winxp_driver_121201.exe -> %UserProfile%\Desktop\dsc350_winxp_driver_121201.exe -> [2008/10/09 00:37:22 | 01,492,480 | ---- | M] ()

Download_DriverDetective-6.3.1.2-TrialVersion.exe -> %UserProfile%\Desktop\Download_DriverDetective-6.3.1.2-TrialVersion.exe -> [2008/10/09 00:36:34 | 00,128,344 | ---- | M] (Digital River)

MRT.exe -> %SystemRoot%\System32\MRT.exe -> [2008/10/07 12:19:40 | 16,721,856 | ---- | M] (Microsoft Corporation)

scott convo 92408b.rtf -> %UserProfile%\My Documents\scott convo 92408b.rtf -> [2008/10/06 22:36:20 | 00,044,522 | ---- | M] ()

dxwebsetup.exe -> %UserProfile%\Desktop\dxwebsetup.exe -> [2008/10/06 18:47:58 | 00,315,624 | ---- | M] (Microsoft Corporation)

FileZilla Client.lnk -> %AllUsersProfile%\Desktop\FileZilla Client.lnk -> [2008/10/06 01:12:28 | 00,001,578 | ---- | M] ()

FileZilla_3.1.3.1_win32-setup.exe -> %UserProfile%\Desktop\FileZilla_3.1.3.1_win32-setup.exe -> [2008/10/06 01:10:42 | 03,659,444 | ---- | M] ()

Thumbs.db -> %UserProfile%\Desktop\Thumbs.db -> [2008/10/04 16:01:00 | 00,010,752 | -HS- | M] ()

Auto-Tune_evo_VST_PC_v6.05.exe -> %UserProfile%\Desktop\Auto-Tune_evo_VST_PC_v6.05.exe -> [2008/10/04 15:52:48 | 18,159,431 | ---- | M] (Antares Audio Technologies )

ieframe.dll -> %SystemRoot%\System32\ieframe.dll -> [2008/10/03 10:41:16 | 06,066,176 | ---- | M] (Microsoft Corporation)

ieframe.dll -> %SystemRoot%\System32\dllcache\ieframe.dll -> [2008/10/03 10:41:16 | 06,066,176 | ---- | M] (Microsoft Corporation)

care-bears-desktop-wallpaper-8.jpg -> %UserProfile%\Desktop\care-bears-desktop-wallpaper-8.jpg -> [2008/09/30 12:01:04 | 00,056,475 | ---- | M] ()

care-bears-desktop-wallpaper-wish-bear.jpg -> %UserProfile%\Desktop\care-bears-desktop-wallpaper-wish-bear.jpg -> [2008/09/30 00:50:42 | 00,037,117 | ---- | M] ()

scott convo 92608a.rtf -> %UserProfile%\My Documents\scott convo 92608a.rtf -> [2008/09/26 13:15:14 | 00,001,943 | ---- | M] ()

YIM-StatusEdit.exe -> %UserProfile%\Desktop\YIM-StatusEdit.exe -> [2008/09/26 11:51:56 | 00,086,016 | ---- | M] (WackyB)

scott convo 92408a.rtf -> %UserProfile%\My Documents\scott convo 92408a.rtf -> [2008/09/25 15:38:22 | 00,044,753 | ---- | M] ()

Incinerator.dll -> %SystemRoot%\System32\Incinerator.dll -> [2008/09/25 11:00:54 | 00,922,464 | ---- | M] ()

iolobtdfg.exe -> %SystemRoot%\System32\iolobtdfg.exe -> [2008/09/24 10:32:10 | 00,028,672 | ---- | M] ()

Thumbs.db -> %UserProfile%\My Documents\Thumbs.db -> [2008/09/19 21:46:32 | 00,005,632 | -HS- | M] ()

Get OpenOffice.org.lnk -> %AllUsersProfile%\Desktop\Get OpenOffice.org.lnk -> [2008/09/18 12:04:28 | 00,000,851 | ---- | M] ()

regclean.exe -> %UserProfile%\Desktop\regclean.exe -> [2008/09/18 09:32:48 | 00,800,136 | ---- | M] ()

_vmtxp.ini -> %SystemRoot%\_vmtxp.ini -> [2008/09/18 09:26:50 | 00,000,103 | ---- | M] ()

AMIP Configurator.lnk -> %UserProfile%\Desktop\AMIP Configurator.lnk -> [2008/09/16 20:54:40 | 00,000,817 | ---- | M] ()

win32k.sys -> %SystemRoot%\System32\win32k.sys -> [2008/09/15 05:12:56 | 01,846,400 | ---- | M] (Microsoft Corporation)

win32k.sys -> %SystemRoot%\System32\dllcache\win32k.sys -> [2008/09/15 05:12:56 | 01,846,400 | ---- | M] (Microsoft Corporation)

IPH.PH -> %SystemDrive%\IPH.PH -> [2008/09/10 09:08:16 | 00,002,283 | -H-- | M] ()

smrgdf.exe -> %SystemRoot%\System32\smrgdf.exe -> [2008/09/09 16:45:58 | 00,008,192 | ---- | M] ()

srv.sys -> %SystemRoot%\System32\drivers\srv.sys -> [2008/09/08 03:41:42 | 00,333,824 | ---- | M] (Microsoft Corporation)

srv.sys -> %SystemRoot%\System32\dllcache\srv.sys -> [2008/09/08 03:41:42 | 00,333,824 | ---- | M] (Microsoft Corporation)

tweakxputility.exe -> %UserProfile%\My Documents\tweakxputility.exe -> [2008/09/07 23:13:48 | 01,364,656 | ---- | M] (WinShareSoft )

qc1040enu.exe -> %UserProfile%\Desktop\qc1040enu.exe -> [2008/09/07 22:18:30 | 75,188,208 | ---- | M] (Logitech, Inc. )

rdg10.JPG -> %UserProfile%\Desktop\rdg10.JPG -> [2008/09/07 17:28:22 | 00,149,518 | ---- | M] ()

WgaLogon.dll -> %SystemRoot%\System32\WgaLogon.dll -> [2008/09/05 23:30:42 | 00,241,704 | ---- | M] (Microsoft Corporation)

wgaLogon.dll -> %SystemRoot%\System32\dllcache\wgaLogon.dll -> [2008/09/05 23:30:42 | 00,241,704 | ---- | M] (Microsoft Corporation)

LegitCheckControl.dll -> %SystemRoot%\System32\LegitCheckControl.dll -> [2008/09/05 23:30:06 | 01,480,232 | ---- | M] (Microsoft Corporation)

WgaTray.exe -> %SystemRoot%\System32\WgaTray.exe -> [2008/09/05 23:29:58 | 00,917,032 | ---- | M] (Microsoft Corporation)

WgaTray.exe -> %SystemRoot%\System32\dllcache\WgaTray.exe -> [2008/09/05 23:29:58 | 00,917,032 | ---- | M] (Microsoft Corporation)

My Sharing Folders.lnk -> %UserProfile%\My Documents\My Sharing Folders.lnk -> [2008/09/04 17:01:14 | 00,000,811 | ---- | M] ()

adsasdasd.eml -> %UserProfile%\My Documents\adsasdasd.eml -> [2008/09/04 16:55:48 | 00,014,839 | ---- | M] ()

uxtheme.dll -> %SystemRoot%\System32\uxtheme.dll -> [2008/09/04 06:25:02 | 00,218,624 | ---- | M] (Microsoft Corporation)

BricoPackUninst.cmd -> %SystemRoot%\BricoPackUninst.cmd -> [2008/09/04 06:25:02 | 00,046,014 | ---- | M] ()

BricoPackFoldersDelete.cmd -> %SystemRoot%\BricoPackFoldersDelete.cmd -> [2008/09/04 06:25:02 | 00,002,271 | ---- | M] ()

BricoPack Wallpaper.bmp -> %SystemRoot%\BricoPack Wallpaper.bmp -> [2008/09/04 06:24:38 | 03,932,214 | ---- | M] ()

26AV500U_E.pdf -> %UserProfile%\My Documents\26AV500U_E.pdf -> [2008/09/03 22:02:42 | 07,668,015 | ---- | M] ()

qc1150.exe -> %UserProfile%\Desktop\qc1150.exe -> [2008/09/01 22:33:28 | 30,401,112 | ---- | M] (Logitech, Inc.)

WLinstaller.exe -> %UserProfile%\Desktop\WLinstaller.exe -> [2008/08/31 17:56:50 | 02,400,784 | ---- | M] (Microsoft Corporation)

spybotsd160.exe -> %UserProfile%\Desktop\spybotsd160.exe -> [2008/08/30 17:27:50 | 15,083,520 | ---- | M] (Safer Networking Limited )

Silverlight.2.0.exe -> %UserProfile%\My Documents\Silverlight.2.0.exe -> [2008/08/30 17:12:54 | 04,891,216 | ---- | M] (Microsoft Corporation)

desktop.ini -> %UserProfile%\My Documents\desktop.ini -> [2008/08/29 06:19:04 | 00,000,075 | -HS- | M] ()

GDIPFONTCACHEV1.DAT -> %UserProfile%\Local Settings\Application Data\GDIPFONTCACHEV1.DAT -> [2008/08/29 06:18:48 | 00,015,600 | ---- | M] ()

mshtml.dll -> %SystemRoot%\System32\mshtml.dll -> [2008/08/27 01:24:32 | 03,593,216 | ---- | M] (Microsoft Corporation)

mshtml.dll -> %SystemRoot%\System32\dllcache\mshtml.dll -> [2008/08/27 01:24:32 | 03,593,216 | ---- | M] (Microsoft Corporation)

urlmon.dll -> %SystemRoot%\System32\urlmon.dll -> [2008/08/26 00:24:32 | 01,159,680 | ---- | M] (Microsoft Corporation)

urlmon.dll -> %SystemRoot%\System32\dllcache\urlmon.dll -> [2008/08/26 00:24:32 | 01,159,680 | ---- | M] (Microsoft Corporation)

wininet.dll -> %SystemRoot%\System32\wininet.dll -> [2008/08/26 00:24:32 | 00,826,368 | ---- | M] (Microsoft Corporation)

wininet.dll -> %SystemRoot%\System32\dllcache\wininet.dll -> [2008/08/26 00:24:32 | 00,826,368 | ---- | M] (Microsoft Corporation)

webcheck.dll -> %SystemRoot%\System32\webcheck.dll -> [2008/08/26 00:24:32 | 00,233,472 | ---- | M] (Microsoft Corporation)

webcheck.dll -> %SystemRoot%\System32\dllcache\webcheck.dll -> [2008/08/26 00:24:32 | 00,233,472 | ---- | M] (Microsoft Corporation)

inetcpl.cpl -> %SystemRoot%\System32\inetcpl.cpl -> [2008/08/26 00:24:30 | 01,831,424 | ---- | M] (Microsoft Corporation)

inetcpl.cpl -> %SystemRoot%\System32\dllcache\inetcpl.cpl -> [2008/08/26 00:24:30 | 01,831,424 | ---- | M] (Microsoft Corporation)

mstime.dll -> %SystemRoot%\System32\mstime.dll -> [2008/08/26 00:24:30 | 00,671,232 | ---- | M] (Microsoft Corporation)

mstime.dll -> %SystemRoot%\System32\dllcache\mstime.dll -> [2008/08/26 00:24:30 | 00,671,232 | ---- | M] (Microsoft Corporation)

mshtmled.dll -> %SystemRoot%\System32\mshtmled.dll -> [2008/08/26 00:24:30 | 00,477,696 | ---- | M] (Microsoft Corporation)

mshtmled.dll -> %SystemRoot%\System32\dllcache\mshtmled.dll -> [2008/08/26 00:24:30 | 00,477,696 | ---- | M] (Microsoft Corporation)

msfeeds.dll -> %SystemRoot%\System32\msfeeds.dll -> [2008/08/26 00:24:30 | 00,459,264 | ---- | M] (Microsoft Corporation)

msfeeds.dll -> %SystemRoot%\System32\dllcache\msfeeds.dll -> [2008/08/26 00:24:30 | 00,459,264 | ---- | M] (Microsoft Corporation)

iedkcs32.dll -> %SystemRoot%\System32\iedkcs32.dll -> [2008/08/26 00:24:30 | 00,384,512 | ---- | M] (Microsoft Corporation)

iedkcs32.dll -> %SystemRoot%\System32\dllcache\iedkcs32.dll -> [2008/08/26 00:24:30 | 00,384,512 | ---- | M] (Microsoft Corporation)

iertutil.dll -> %SystemRoot%\System32\iertutil.dll -> [2008/08/26 00:24:30 | 00,267,776 | ---- | M] (Microsoft Corporation)

iertutil.dll -> %SystemRoot%\System32\dllcache\iertutil.dll -> [2008/08/26 00:24:30 | 00,267,776 | ---- | M] (Microsoft Corporation)

msrating.dll -> %SystemRoot%\System32\msrating.dll -> [2008/08/26 00:24:30 | 00,193,024 | ---- | M] (Microsoft Corporation)

msrating.dll -> %SystemRoot%\System32\dllcache\msrating.dll -> [2008/08/26 00:24:30 | 00,193,024 | ---- | M] (Microsoft Corporation)

url.dll -> %SystemRoot%\System32\url.dll -> [2008/08/26 00:24:30 | 00,105,984 | ---- | M] (Microsoft Corporation)

url.dll -> %SystemRoot%\System32\dllcache\url.dll -> [2008/08/26 00:24:30 | 00,105,984 | ---- | M] (Microsoft Corporation)

occache.dll -> %SystemRoot%\System32\occache.dll -> [2008/08/26 00:24:30 | 00,102,912 | ---- | M] (Microsoft Corporation)

occache.dll -> %SystemRoot%\System32\dllcache\occache.dll -> [2008/08/26 00:24:30 | 00,102,912 | ---- | M] (Microsoft Corporation)

msfeedsbs.dll -> %SystemRoot%\System32\msfeedsbs.dll -> [2008/08/26 00:24:30 | 00,052,224 | ---- | M] (Microsoft Corporation)

msfeedsbs.dll -> %SystemRoot%\System32\dllcache\msfeedsbs.dll -> [2008/08/26 00:24:30 | 00,052,224 | ---- | M] (Microsoft Corporation)

pngfilt.dll -> %SystemRoot%\System32\pngfilt.dll -> [2008/08/26 00:24:30 | 00,044,544 | ---- | M] (Microsoft Corporation)

pngfilt.dll -> %SystemRoot%\System32\dllcache\pngfilt.dll -> [2008/08/26 00:24:30 | 00,044,544 | ---- | M] (Microsoft Corporation)

iernonce.dll -> %SystemRoot%\System32\iernonce.dll -> [2008/08/26 00:24:30 | 00,044,544 | ---- | M] (Microsoft Corporation)

iernonce.dll -> %SystemRoot%\System32\dllcache\iernonce.dll -> [2008/08/26 00:24:30 | 00,044,544 | ---- | M] (Microsoft Corporation)

jsproxy.dll -> %SystemRoot%\System32\jsproxy.dll -> [2008/08/26 00:24:30 | 00,027,648 | ---- | M] (Microsoft Corporation)

jsproxy.dll -> %SystemRoot%\System32\dllcache\jsproxy.dll -> [2008/08/26 00:24:30 | 00,027,648 | ---- | M] (Microsoft Corporation)

ieapfltr.dll -> %SystemRoot%\System32\ieapfltr.dll -> [2008/08/26 00:24:28 | 00,383,488 | ---- | M] (Microsoft Corporation)

ieapfltr.dll -> %SystemRoot%\System32\dllcache\ieapfltr.dll -> [2008/08/26 00:24:28 | 00,383,488 | ---- | M] (Microsoft Corporation)

dxtmsft.dll -> %SystemRoot%\System32\dxtmsft.dll -> [2008/08/26 00:24:28 | 00,347,136 | ---- | M] (Microsoft Corporation)

dxtmsft.dll -> %SystemRoot%\System32\dllcache\dxtmsft.dll -> [2008/08/26 00:24:28 | 00,347,136 | ---- | M] (Microsoft Corporation)

ieaksie.dll -> %SystemRoot%\System32\ieaksie.dll -> [2008/08/26 00:24:28 | 00,230,400 | ---- | M] (Microsoft Corporation)

ieaksie.dll -> %SystemRoot%\System32\dllcache\ieaksie.dll -> [2008/08/26 00:24:28 | 00,230,400 | ---- | M] (Microsoft Corporation)

dxtrans.dll -> %SystemRoot%\System32\dxtrans.dll -> [2008/08/26 00:24:28 | 00,214,528 | ---- | M] (Microsoft Corporation)

dxtrans.dll -> %SystemRoot%\System32\dllcache\dxtrans.dll -> [2008/08/26 00:24:28 | 00,214,528 | ---- | M] (Microsoft Corporation)

ieakeng.dll -> %SystemRoot%\System32\ieakeng.dll -> [2008/08/26 00:24:28 | 00,153,088 | ---- | M] (Microsoft Corporation)

ieakeng.dll -> %SystemRoot%\System32\dllcache\ieakeng.dll -> [2008/08/26 00:24:28 | 00,153,088 | ---- | M] (Microsoft Corporation)

extmgr.dll -> %SystemRoot%\System32\extmgr.dll -> [2008/08/26 00:24:28 | 00,133,120 | ---- | M] (Microsoft Corporation)

extmgr.dll -> %SystemRoot%\System32\dllcache\extmgr.dll -> [2008/08/26 00:24:28 | 00,133,120 | ---- | M] (Microsoft Corporation)

advpack.dll -> %SystemRoot%\System32\dllcache\advpack.dll -> [2008/08/26 00:24:28 | 00,124,928 | ---- | M] (Microsoft Corporation)

advpack.dll -> %SystemRoot%\System32\advpack.dll -> [2008/08/26 00:24:28 | 00,124,928 | ---- | M] (Microsoft Corporation)

icardie.dll -> %SystemRoot%\System32\icardie.dll -> [2008/08/26 00:24:28 | 00,063,488 | ---- | M] (Microsoft Corporation)

icardie.dll -> %SystemRoot%\System32\dllcache\icardie.dll -> [2008/08/26 00:24:28 | 00,063,488 | ---- | M] (Microsoft Corporation)

ie4uinit.exe -> %SystemRoot%\System32\ie4uinit.exe -> [2008/08/25 01:38:00 | 00,070,656 | ---- | M] (Microsoft Corporation)

ie4uinit.exe -> %SystemRoot%\System32\dllcache\ie4uinit.exe -> [2008/08/25 01:38:00 | 00,070,656 | ---- | M] (Microsoft Corporation)

ieudinit.exe -> %SystemRoot%\System32\ieudinit.exe -> [2008/08/25 01:38:00 | 00,013,824 | ---- | M] (Microsoft Corporation)

ieudinit.exe -> %SystemRoot%\System32\dllcache\ieudinit.exe -> [2008/08/25 01:38:00 | 00,013,824 | ---- | M] (Microsoft Corporation)

iexplore.exe -> %SystemRoot%\System32\dllcache\iexplore.exe -> [2008/08/22 22:56:16 | 00,635,848 | ---- | M] (Microsoft Corporation)

ieakui.dll -> %SystemRoot%\System32\ieakui.dll -> [2008/08/22 22:54:52 | 00,161,792 | ---- | M] (Microsoft Corporation)

ieakui.dll -> %SystemRoot%\System32\dllcache\ieakui.dll -> [2008/08/22 22:54:52 | 00,161,792 | ---- | M] (Microsoft Corporation)

ntldr -> %SystemDrive%\ntldr -> [2008/08/19 19:41:02 | 00,250,048 | RHS- | M] ()

ioloBootDefrag.cfg -> %SystemRoot%\System32\ioloBootDefrag.cfg -> [2008/08/19 15:41:52 | 00,000,406 | ---- | M] ()

mfc45.dll -> %SystemRoot%\System32\mfc45.dll -> [2008/08/19 15:40:50 | 00,074,703 | ---- | M] ()

ntoskrnl.exe -> %SystemRoot%\System32\ntoskrnl.exe -> [2008/08/14 03:11:02 | 02,189,184 | ---- | M] (Microsoft Corporation)

ntoskrnl.exe -> %SystemRoot%\System32\dllcache\ntoskrnl.exe -> [2008/08/14 03:11:02 | 02,189,184 | ---- | M] (Microsoft Corporation)

ntkrnlmp.exe -> %SystemRoot%\System32\dllcache\ntkrnlmp.exe -> [2008/08/14 03:09:26 | 02,145,280 | ---- | M] (Microsoft Corporation)

ntkrnlpa.exe -> %SystemRoot%\System32\ntkrnlpa.exe -> [2008/08/14 02:33:16 | 02,066,048 | ---- | M] (Microsoft Corporation)

ntkrnlpa.exe -> %SystemRoot%\System32\dllcache\ntkrnlpa.exe -> [2008/08/14 02:33:16 | 02,066,048 | ---- | M] (Microsoft Corporation)

ntkrpamp.exe -> %SystemRoot%\System32\dllcache\ntkrpamp.exe -> [2008/08/14 02:33:16 | 02,023,936 | ---- | M] (Microsoft Corporation)

Repository.reg -> %SystemRoot%\System32\Repository.reg -> [2008/07/26 14:46:02 | 00,025,974 | ---- | M] ()

lvcoinst.ini -> %SystemRoot%\System32\lvcoinst.ini -> [2008/07/26 14:42:52 | 00,066,482 | ---- | M] ()

LVPr2Mon.sys -> %SystemRoot%\System32\drivers\LVPr2Mon.sys -> [2008/07/26 08:25:02 | 00,025,624 | ---- | M] ()

LVFeL000.cfg -> %SystemRoot%\System32\drivers\LVFeL000.cfg -> [2008/07/26 07:44:30 | 00,227,172 | ---- | M] ()

LVFeL001.cfg -> %SystemRoot%\System32\drivers\LVFeL001.cfg -> [2008/07/26 07:44:30 | 00,146,680 | ---- | M] ()

LVFeL002.cfg -> %SystemRoot%\System32\drivers\LVFeL002.cfg -> [2008/07/26 07:44:30 | 00,085,302 | ---- | M] ()

LVFaL000.cfg -> %SystemRoot%\System32\drivers\LVFaL000.cfg -> [2008/07/26 07:44:30 | 00,069,592 | ---- | M] ()

[File - Lop Check]

Application Data -> C:\Documents and Settings\All Users\Application Data -> [2002/09/23 13:25:24 | 00,000,000 | RH-D | M]

Adobe -> C:\Documents and Settings\All Users\Application Data\Adobe -> [2007/11/07 11:29:38 | 00,000,000 | ---D | M]

AOL -> C:\Documents and Settings\All Users\Application Data\AOL -> [2007/08/18 10:33:16 | 00,000,000 | ---D | M]

AOL Downloads -> C:\Documents and Settings\All Users\Application Data\AOL Downloads -> [2007/08/18 10:30:30 | 00,000,000 | ---D | M]

AOL OCP -> C:\Documents and Settings\All Users\Application Data\AOL OCP -> [2007/08/18 10:33:18 | 00,000,000 | ---D | M]

Apple -> C:\Documents and Settings\All Users\Application Data\Apple -> [2007/08/19 13:16:44 | 00,000,000 | ---D | M]

Apple Computer -> C:\Documents and Settings\All Users\Application Data\Apple Computer -> [2007/08/19 13:17:38 | 00,000,000 | ---D | M]

Avg7 -> C:\Documents and Settings\All Users\Application Data\Avg7 -> [2008/08/19 18:19:34 | 00,000,000 | ---D | M]

Avira -> C:\Documents and Settings\All Users\Application Data\Avira -> [2008/08/19 15:56:12 | 00,000,000 | ---D | M]

Corel -> C:\Documents and Settings\All Users\Application Data\Corel -> [2007/11/11 19:31:54 | 00,000,000 | ---D | M]

Google -> C:\Documents and Settings\All Users\Application Data\Google -> [2007/08/22 18:35:22 | 00,000,000 | ---D | M]

ibm -> C:\Documents and Settings\All Users\Application Data\ibm -> [2007/05/22 11:33:54 | 00,000,000 | ---D | M]

iolo -> C:\Documents and Settings\All Users\Application Data\iolo -> [2008/08/19 15:37:36 | 00,000,000 | ---D | M]

Logishrd -> C:\Documents and Settings\All Users\Application Data\Logishrd -> [2008/09/07 22:36:42 | 00,000,000 | ---D | M]

Logitech -> C:\Documents and Settings\All Users\Application Data\Logitech -> [2008/09/07 22:20:58 | 00,000,000 | ---D | M]

Microsoft -> C:\Documents and Settings\All Users\Application Data\Microsoft -> [2002/09/23 13:25:04 | 00,000,000 | --SD | M]

OrbNetworks -> C:\Documents and Settings\All Users\Application Data\OrbNetworks -> [2008/02/03 12:57:28 | 00,000,000 | ---D | M]

SBSI -> C:\Documents and Settings\All Users\Application Data\SBSI -> [2002/09/23 13:45:50 | 00,000,000 | ---D | M]

Spybot - Search & Destroy -> C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy -> [2008/09/30 12:02:18 | 00,000,000 | ---D | M]

STOPzilla! -> C:\Documents and Settings\All Users\Application Data\STOPzilla! -> [2008/01/31 06:06:58 | 00,000,000 | ---D | M]

TEMP -> C:\Documents and Settings\All Users\Application Data\TEMP -> [2008/01/26 21:51:44 | 00,000,000 | ---D | M]

Viewpoint -> C:\Documents and Settings\All Users\Application Data\Viewpoint -> [2007/08/18 10:32:12 | 00,000,000 | ---D | M]

WAURWROXXG -> C:\Documents and Settings\All Users\Application Data\WAURWROXXG -> [2007/11/29 20:36:12 | 00,000,000 | ---D | M]

Windows Genuine Advantage -> C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage -> [2007/05/22 08:37:48 | 00,000,000 | ---D | M]

WLInstaller -> C:\Documents and Settings\All Users\Application Data\WLInstaller -> [2007/12/02 23:24:06 | 00,000,000 | ---D | M]

Yahoo! -> C:\Documents and Settings\All Users\Application Data\Yahoo! -> [2007/08/25 18:50:34 | 00,000,000 | ---D | M]

Application Data -> C:\Documents and Settings\Nora\Application Data -> [2002/09/23 13:25:24 | 00,000,000 | -H-D | M]

acccore -> C:\Documents and Settings\Nora\Application Data\acccore -> [2008/09/09 19:13:08 | 00,000,000 | ---D | M]

Adobe -> C:\Documents and Settings\Nora\Application Data\Adobe -> [2008/09/03 06:00:26 | 00,000,000 | ---D | M]

Apple Computer -> C:\Documents and Settings\Nora\Application Data\Apple Computer -> [2008/09/18 12:05:02 | 00,000,000 | ---D | M]

Blumentals -> C:\Documents and Settings\Nora\Application Data\Blumentals -> [2008/10/20 10:36:36 | 00,000,000 | ---D | M]

Desktopicon -> C:\Documents and Settings\Nora\Application Data\Desktopicon -> [2008/09/08 19:38:30 | 00,000,000 | ---D | M]

FileZilla -> C:\Documents and Settings\Nora\Application Data\FileZilla -> [2008/10/06 01:13:32 | 00,000,000 | ---D | M]

Identities -> C:\Documents and Settings\Nora\Application Data\Identities -> [2008/08/29 06:18:58 | 00,000,000 | ---D | M]

iolo -> C:\Documents and Settings\Nora\Application Data\iolo -> [2008/08/29 06:19:20 | 00,000,000 | ---D | M]

Leadertech -> C:\Documents and Settings\Nora\Application Data\Leadertech -> [2008/09/07 22:52:04 | 00,000,000 | ---D | M]

LimeWire -> C:\Documents and Settings\Nora\Application Data\LimeWire -> [2008/09/08 23:47:40 | 00,000,000 | ---D | M]

Macromedia -> C:\Documents and Settings\Nora\Application Data\Macromedia -> [2008/08/30 17:20:22 | 00,000,000 | ---D | M]

Microsoft -> C:\Documents and Settings\Nora\Application Data\Microsoft -> [2002/09/23 13:25:04 | 00,000,000 | --SD | M]

Mozilla -> C:\Documents and Settings\Nora\Application Data\Mozilla -> [2008/08/30 17:16:46 | 00,000,000 | ---D | M]

Sun -> C:\Documents and Settings\Nora\Application Data\Sun -> [2008/09/18 12:01:44 | 00,000,000 | ---D | M]

U3 -> C:\Documents and Settings\Nora\Application Data\U3 -> [2008/10/11 17:01:32 | 00,000,000 | ---D | M]

uTorrent -> C:\Documents and Settings\Nora\Application Data\uTorrent -> [2008/10/18 12:28:32 | 00,000,000 | ---D | M]

Winamp -> C:\Documents and Settings\Nora\Application Data\Winamp -> [2008/08/29 06:25:54 | 00,000,000 | ---D | M]

Windows Desktop Search -> C:\Documents and Settings\Nora\Application Data\Windows Desktop Search -> [2008/08/29 06:19:30 | 00,000,000 | ---D | M]

Windows Search -> C:\Documents and Settings\Nora\Application Data\Windows Search -> [2008/09/01 10:42:48 | 00,000,000 | ---D | M]

WinRAR -> C:\Documents and Settings\Nora\Application Data\WinRAR -> [2008/09/16 20:39:14 | 00,000,000 | ---D | M]

C:\WINDOWS\Tasks\ -> C:\WINDOWS\Tasks -> [2002/09/23 13:31:12 | 00,000,000 | --SD | M]

desktop.ini -> C:\WINDOWS\Tasks\desktop.ini -> [2002/08/29 05:00:00 | 00,000,065 | RH-- | M] ()

SA.DAT -> C:\WINDOWS\Tasks\SA.DAT -> [2008/10/20 18:31:20 | 00,000,006 | -H-- | M] ()

AppleSoftwareUpdate.job -> C:\WINDOWS\Tasks\AppleSoftwareUpdate.job -> [2008/10/17 16:28:04 | 00,000,284 | ---- | M] ()

At1.job -> C:\WINDOWS\Tasks\At1.job -> [2008/10/16 19:10:28 | 00,000,408 | ---- | M] ()

At2.job -> C:\WINDOWS\Tasks\At2.job -> [2008/10/19 17:32:34 | 00,000,408 | ---- | M] ()

GoogleUpdateTaskUser.job -> C:\WINDOWS\Tasks\GoogleUpdateTaskUser.job -> [2008/10/21 10:28:44 | 00,001,192 | ---- | M] ()

[File - Purity Scan]

 

[CatchMe Rootkit Scan by GMER]

< Windows folder & sub-folders >

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden processes: 0

hidden services: 0

hidden files: 0

< Document and Settings folder & sub folders >

scanning hidden files ...

scan completed successfully

hidden files: 0

 

< End of report >

 

Share this post


Link to post
Share on other sites

Hello

 

Start OTScanIt2. Copy/Paste the information in the quotebox below into the panel where it says "Paste fix here" and then click the Run Fix button.

 

[Kill Explorer]

[unregister Dlls]

[Processes - Safe List]

YN -> teatimer.exe -> %ProgramFiles%\Spybot - Search & Destroy\TeaTimer.exe

[Registry - Safe List]

< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar

YN -> "SITEguard" [HKLM] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]

< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2

YN -> \E\Shell\AutoRun\command\\"" -> E:\LaunchU3.exe [E:\LaunchU3.exe -a]

[Registry - Additional Scans - Safe List]

< Disabled MSConfig Folder Items [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\

YN -> C:^Documents and Settings^Celina & Crystal^Start Menu^Programs^Startup^UberIcon.lnk ->

YN -> C:^Documents and Settings^Nora^Start Menu^Programs^Startup^Stardock ObjectDock.lnk ->

YN -> C:^Documents and Settings^Nora^Start Menu^Programs^Startup^Y'z Toolbar.lnk ->

< Disabled MSConfig Registry Items [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\

YN -> Aim6 hkey=HKCU key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->

YN -> Corel Photo Downloader hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %CommonProgramFiles%\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe

YN -> Google Desktop Search hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %ProgramFiles%\Google\Google Desktop Search\GoogleDesktop.exe

YN -> Picasa Media Detector hkey=HKCU key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %ProgramFiles%\Picasa2\PicasaMediaDetector.exe

YN -> SMSystemAnalyzer hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %ProgramFiles%\iolo\System Mechanic 7\SMSystemAnalyzer.exe

YN -> swg hkey=HKCU key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

YN -> TVT Scheduler Proxy hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %CommonProgramFiles%\Lenovo\Scheduler\scheduler_proxy.exe

YN -> UnlockerAssistant hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %ProgramFiles%\Unlocker\UnlockerAssistant.exe

YN -> YSearchProtection hkey=HKCU key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %ProgramFiles%\Yahoo!\Search Protection\SearchProtection.exe

< File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\

YY -> .reg [@ = regfile] -> %SystemRoot%\system32\NOTEPAD.EXE

[Files/Folders - Created Within 90 Days]

NY -> 1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp

NY -> At2.job -> %SystemRoot%\tasks\At2.job

NY -> At1.job -> %SystemRoot%\tasks\At1.job

[Files/Folders - Modified Within 90 Days]

NY -> 1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp

NY -> lvuvc.hs -> %SystemRoot%\System32\drivers\lvuvc.hs

NY -> logiflt.iad -> %SystemRoot%\System32\drivers\logiflt.iad

NY -> At2.job -> %SystemRoot%\tasks\At2.job

[File - Lop Check]

NY -> Viewpoint -> C:\Documents and Settings\All Users\Application Data\Viewpoint

NY -> At1.job -> C:\WINDOWS\Tasks\At1.job

NY -> At2.job -> C:\WINDOWS\Tasks\At2.job

[Empty Temp Folders]

[start Explorer]

[Reboot]

 

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here

 

I will review the information when it comes back in.

 

 

 

Also post a new HJT log

Share this post


Link to post
Share on other sites

OTScanIt Log:

 

Explorer killed successfully

[Processes - Safe List]

Process teatimer.exe killed successfully.

[Registry - Safe List]

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar\\SITEguard

 

deleted successfully.

Registry value

 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\Shell\Au

 

toRun\command\\ deleted successfully.

[Registry - Additional Scans - Safe List]

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared

 

Tools\MSConfig\startupfolder\C:^Documents and Settings^Celina & Crystal^Start

 

Menu^Programs^Startup^UberIcon.lnk\ deleted successfully.

File C:\WINDOWS\pss\UberIcon.lnk not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared

 

Tools\MSConfig\startupfolder\C:^Documents and Settings^Nora^Start

 

Menu^Programs^Startup^Stardock ObjectDock.lnk\ deleted successfully.

File C:\WINDOWS\pss\Stardock ObjectDock.lnk not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared

 

Tools\MSConfig\startupfolder\C:^Documents and Settings^Nora^Start Menu^Programs^Startup^Y'z

 

Toolbar.lnk\ deleted successfully.

File C:\WINDOWS\pss\Y'z Toolbar.lnk not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Aim6

 

hkey=HKCU key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ not found.

File not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Corel

 

Photo Downloader hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ not found.

File not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Google

 

Desktop Search hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ not found.

File not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Picasa

 

Media Detector hkey=HKCU key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ not found.

File not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared

 

Tools\MSConfig\startupreg\SMSystemAnalyzer hkey=HKLM

 

key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ not found.

File not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\swg

 

hkey=HKCU key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ not found.

File not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TVT

 

Scheduler Proxy hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ not found.

File not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared

 

Tools\MSConfig\startupreg\UnlockerAssistant hkey=HKLM

 

key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ not found.

File not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared

 

Tools\MSConfig\startupreg\YSearchProtection hkey=HKCU

 

key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ not found.

File not found.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.reg\\'' updated successfully.

C:\WINDOWS\system32\NOTEPAD.EXE moved successfully.

[Files/Folders - Created Within 90 Days]

C:\WINDOWS\msdownld.tmp folder deleted successfully.

C:\WINDOWS\tasks\At2.job moved successfully.

C:\WINDOWS\tasks\At1.job moved successfully.

[Files/Folders - Modified Within 90 Days]

C:\WINDOWS\System32\drivers\lvuvc.hs moved successfully.

C:\WINDOWS\System32\drivers\logiflt.iad moved successfully.

File C:\WINDOWS\tasks\At2.job not found!

[File - Lop Check]

C:\Documents and Settings\All Users\Application Data\Viewpoint\AxMetaStream_Win folder moved

 

successfully.

C:\Documents and Settings\All Users\Application Data\Viewpoint folder moved successfully.

File C:\WINDOWS\Tasks\At1.job not found!

File C:\WINDOWS\Tasks\At2.job not found!

[Empty Temp Folders]

File delete failed. C:\Documents and Settings\Nora\Local Settings\Temp\fla113.tmp scheduled

 

to be deleted on reboot.

File delete failed. C:\Documents and Settings\Nora\Local

 

Settings\Temp\etilqs_PXMrwy2CFPEnLBRP9hBX scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Nora\Local Settings\Temp\flaD0.tmp scheduled

 

to be deleted on reboot.

File delete failed. C:\Documents and Settings\Nora\Local Settings\Temp\~DF92AF.tmp scheduled

 

to be deleted on reboot.

File delete failed. C:\Documents and Settings\Nora\Local Settings\Temp\~DF96C1.tmp scheduled

 

to be deleted on reboot.

File delete failed. C:\Documents and Settings\Nora\Local Settings\Temp\~DFDD4B.tmp scheduled

 

to be deleted on reboot.

File delete failed. C:\Documents and Settings\Nora\Local Settings\Temp\~DFDD5F.tmp scheduled

 

to be deleted on reboot.

File delete failed. C:\Documents and Settings\Nora\Local

 

Settings\Temp\Perflib_Perfdata_73c.dat scheduled to be deleted on reboot.

User's Temp folder emptied.

User's Temporary Internet Files folder emptied.

User's Internet Explorer cache folder emptied.

Local Service Temp folder emptied.

File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet

 

Files\Content.IE5\index.dat scheduled to be deleted on reboot.

Local Service Temporary Internet Files folder emptied.

File delete failed. C:\WINDOWS\temp\logishrd\LVPrcInj01.dll scheduled to be deleted on

 

reboot.

Windows Temp folder emptied.

File delete failed. C:\Documents and Settings\Nora\Application

 

Data\Sun\Java\Deployment\cache\6.0\47\4b46a2ef-2f45d146 scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Nora\Application

 

Data\Sun\Java\Deployment\cache\6.0\22\7f082b16-423ee41d scheduled to be deleted on reboot.

Java cache emptied.

File delete failed. C:\Documents and Settings\Nora\Local Settings\Application

 

Data\Mozilla\Firefox\Profiles\vfqrjklq.default\Cache\_CACHE_MAP_ scheduled to be deleted on

 

reboot.

File delete failed. C:\Documents and Settings\Nora\Local Settings\Application

 

Data\Mozilla\Firefox\Profiles\vfqrjklq.default\Cache\_CACHE_001_ scheduled to be deleted on

 

reboot.

File delete failed. C:\Documents and Settings\Nora\Local Settings\Application

 

Data\Mozilla\Firefox\Profiles\vfqrjklq.default\Cache\_CACHE_002_ scheduled to be deleted on

 

reboot.

File delete failed. C:\Documents and Settings\Nora\Local Settings\Application

 

Data\Mozilla\Firefox\Profiles\vfqrjklq.default\Cache\_CACHE_003_ scheduled to be deleted on

 

reboot.

File delete failed. C:\Documents and Settings\Nora\Local Settings\Application

 

Data\Mozilla\Firefox\Profiles\vfqrjklq.default\urlclassifier3.sqlite scheduled to be deleted

 

on reboot.

FireFox cache emptied.

RecycleBin -> emptied.

Explorer started successfully

< End of fix log >

OTScanIt2 by OldTimer - Version 1.0.0.19b fix logfile created on 10212008_115944

 

Files moved on Reboot...

File C:\Documents and Settings\Nora\Local Settings\Temp\fla113.tmp not found!

File C:\Documents and Settings\Nora\Local Settings\Temp\etilqs_PXMrwy2CFPEnLBRP9hBX not

 

found!

File C:\Documents and Settings\Nora\Local Settings\Temp\flaD0.tmp not found!

File C:\Documents and Settings\Nora\Local Settings\Temp\~DF92AF.tmp not found!

File C:\Documents and Settings\Nora\Local Settings\Temp\~DF96C1.tmp not found!

File C:\Documents and Settings\Nora\Local Settings\Temp\~DFDD4B.tmp not found!

File C:\Documents and Settings\Nora\Local Settings\Temp\~DFDD5F.tmp not found!

File C:\Documents and Settings\Nora\Local Settings\Temp\Perflib_Perfdata_73c.dat not found!

File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet

 

Files\Content.IE5\index.dat scheduled to be moved on reboot.

File move failed. C:\WINDOWS\temp\logishrd\LVPrcInj01.dll scheduled to be moved on reboot.

C:\Documents and Settings\Nora\Application

 

Data\Sun\Java\Deployment\cache\6.0\47\4b46a2ef-2f45d146 moved successfully.

C:\Documents and Settings\Nora\Application

 

Data\Sun\Java\Deployment\cache\6.0\22\7f082b16-423ee41d moved successfully.

C:\Documents and Settings\Nora\Local Settings\Application

 

Data\Mozilla\Firefox\Profiles\vfqrjklq.default\Cache\_CACHE_MAP_ moved successfully.

C:\Documents and Settings\Nora\Local Settings\Application

 

Data\Mozilla\Firefox\Profiles\vfqrjklq.default\Cache\_CACHE_001_ moved successfully.

C:\Documents and Settings\Nora\Local Settings\Application

 

Data\Mozilla\Firefox\Profiles\vfqrjklq.default\Cache\_CACHE_002_ moved successfully.

C:\Documents and Settings\Nora\Local Settings\Application

 

Data\Mozilla\Firefox\Profiles\vfqrjklq.default\Cache\_CACHE_003_ moved successfully.

C:\Documents and Settings\Nora\Local Settings\Application

 

Data\Mozilla\Firefox\Profiles\vfqrjklq.default\urlclassifier3.sqlite moved successfully.

 

 

HJT Log:

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:04:36 PM, on 10/21/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\notepad.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\WINDOWS\system32\hkcmd.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Documents and Settings\Nora\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Nora\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1179849197859

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1179849190859

O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - http://www-307.ibm.com/pc/support/IbmEgath.cab

O18 - Filter hijack: text/html - {691c2234-7bb6-4d3a-95fc-8e3d915ea92b} - C:\WINDOWS\system32\msziptools.dll

O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe

 

--

End of file - 5949 bytes

Share this post


Link to post
Share on other sites

Hello

  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

Share this post


Link to post
Share on other sites

log.txt file:

 

Logfile of random's system information tool 1.04 (written by random/random)

Run by Nora at 2008-10-21 12:22:14

Microsoft Windows XP Professional Service Pack 3

System drive C: has 13 GB (36%) free of 36 GB

Total RAM: 510 MB (6% free)

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:22:28 PM, on 10/21/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\notepad.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\WINDOWS\system32\hkcmd.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Documents and Settings\Nora\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\Documents and Settings\Nora\Desktop\RSIT.exe

C:\Program Files\Trend Micro\HijackThis\Nora.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Nora\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1179849197859

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1179849190859

O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - http://www-307.ibm.com/pc/support/IbmEgath.cab

O18 - Filter hijack: text/html - {691c2234-7bb6-4d3a-95fc-8e3d915ea92b} - C:\WINDOWS\system32\msziptools.dll

O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe

 

--

End of file - 6015 bytes

 

======Scheduled tasks folder======

 

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

C:\WINDOWS\tasks\GoogleUpdateTaskUser.job

 

======Registry dump======

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]

Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-07-07 1562448]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"avgnt"=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-06-12 266497]

"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2005-06-21 155648]

"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2005-06-21 126976]

"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-09-06 413696]

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-07-07 2156368]

"Google Update"=C:\Documents and Settings\Nora\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-10-12 133104]

"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2007-10-18 5724184]

"Yahoo! Pager"=C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2007-08-20 4670704]

"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2007-10-10 39792]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]

[]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader]

C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe -startup []

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe /startup []

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]

C:\WINDOWS\System32\hkcmd.exe [2005-06-21 126976]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ibmmessages]

C:\Program Files\IBM\Messages By IBM\\ibmmessages.exe [2004-08-06 442368]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]

C:\WINDOWS\System32\igfxtray.exe [2005-06-21 155648]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

C:\Program Files\iTunes\iTunesHelper.exe [2007-11-15 267048]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]

C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe [2008-08-14 565008]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]

C:\Program Files\Logitech\QuickCam\Quickcam.exe [2008-08-14 2407184]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]

C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe [2006-11-15 244512]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mouse Suite 98 Daemon]

C:\WINDOWS\system32\ICO.EXE [2005-04-13 49152]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5724184]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Orb]

C:\Program Files\Winamp Remote\bin\OrbTray.exe [2008-01-07 495616]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]

C:\Program Files\Picasa2\PicasaMediaDetector.exe []

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

C:\Program Files\QuickTime\qttask.exe [2008-09-06 413696]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSystemAnalyzer]

C:\Program Files\iolo\System Mechanic 7\SMSystemAnalyzer.exe []

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe [2007-09-25 132496]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe []

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TVT Scheduler Proxy]

C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe []

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]

C:\Program Files\Unlocker\UnlockerAssistant.exe []

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]

C:\Program Files\Winamp\winampa.exe [2008-08-03 36352]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]

C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2007-08-20 4670704]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YSearchProtection]

C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe []

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^LimeWire On Startup.lnk]

C:\PROGRA~1\LimeWire\LimeWire.exe [2008-08-21 147456]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^LaunchU3.exe.lnk]

C:\WINDOWS\Installer\{D8E363A7-88B7-446D-B2C0-E26CE4DC8E54}\_294823.exe [2008-10-11 22486]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]

C:\PROGRA~1\WI459E~1\WINDOW~1.EXE [2008-05-26 123904]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Nora^Start Menu^Programs^Startup^Logitech . Product Registration.lnk]

C:\PROGRA~1\Logitech\QuickCam\eReg.exe [2008-02-13 493832]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"WLSetupSvc"=3

"WMPNetworkSvc"=3

"iPod Service"=3

"ioloDMV"=2

"idsvc"=3

"CCALib8"=2

"Apple Mobile Device"=2

"ioloSystemService"=2

"ioloFileInfoList"=2

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]

C:\WINDOWS\system32\igfxsrvc.dll [2005-06-21 348160]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2008-05-26 304128]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=145

"NoDrives"=0

"NoViewOnDrive"=0

"NoLogoff"=0

"NoWindowsUpdate"=0

"StartMenuLogOff"=0

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"

"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"

"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"

"C:\Program Files\AIM6\AIM6.EXE"="C:\Program Files\AIM6\AIM6.EXE:*:Enabled:AIM"

"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"

"C:\Program Files\MSN Messenger\MSNMSGR.EXE"="C:\Program Files\MSN Messenger\MSNMSGR.EXE:*:Enabled:Messenger"

"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"

"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:uTorrent"

"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

"C:\Program Files\MySpace\IM\MySpaceIM.exe"="C:\Program Files\MySpace\IM\MySpaceIM.exe:*:Enabled:MySpaceIM"

"C:\Program Files\Winamp Remote\bin\Orb.exe"="C:\Program Files\Winamp Remote\bin\Orb.exe:*:Enabled:Orb"

"C:\Program Files\Winamp Remote\bin\OrbTray.exe"="C:\Program Files\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray"

"C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe"="C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client"

"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

 

======File associations======

 

.js - open - NOTEPAD.EXE %1

.reg - open - NOTEPAD.EXE %1

.scr - open - NOTEPAD.EXE %1

.vbs - open - NOTEPAD.EXE %1

 

======List of files/folders created in the last 1 months======

 

2008-10-21 12:22:14 ----D---- C:\rsit

2008-10-21 11:59:44 ----D---- C:\_OTScanIt

2008-10-21 09:15:27 ----D---- C:\Program Files\Trend Micro

2008-10-20 10:37:06 ----SHD---- C:\WINDOWS\ftpcache

2008-10-20 10:36:34 ----D---- C:\Program Files\HTMLPad 2008

2008-10-20 10:36:34 ----D---- C:\Documents and Settings\Nora\Application Data\Blumentals

2008-10-18 12:28:30 ----D---- C:\Documents and Settings\Nora\Application Data\uTorrent

2008-10-15 21:55:10 ----D---- C:\WINDOWS\system32\URTTEMP

2008-10-15 04:02:38 ----HD---- C:\WINDOWS\$NtUninstallKB956391$

2008-10-15 04:02:31 ----HD---- C:\WINDOWS\$NtUninstallKB957095$

2008-10-15 04:02:02 ----HD---- C:\WINDOWS\$NtUninstallKB954211$

2008-10-15 04:01:48 ----HD---- C:\WINDOWS\$NtUninstallKB956841$

2008-10-14 18:28:06 ----A---- C:\WINDOWS\system32\DEBUG_LOG.txt

2008-10-13 22:49:26 ----D---- C:\Program Files\Common Files\Symantec Shared

2008-10-13 22:49:22 ----D---- C:\Program Files\Norton PC Checkup

2008-10-13 22:06:07 ----A---- C:\WINDOWS\system32\msziptools.dll

2008-10-13 21:35:22 ----D---- C:\WINDOWS\system32\Adobe

2008-10-13 18:56:19 ----D---- C:\Program Files\ManyCam 2.3

2008-10-11 17:08:50 ----D---- C:\LaunchPad

2008-10-11 17:01:31 ----D---- C:\Documents and Settings\Nora\Application Data\U3

2008-10-09 00:39:47 ----A---- C:\WINDOWS\system32\Dualunis.exe

2008-10-06 19:17:35 ----D---- C:\WINDOWS\RegisteredPackages

2008-10-06 19:16:42 ----A---- C:\WINDOWS\system32\psisdecd.dll

2008-10-06 19:16:41 ----A---- C:\WINDOWS\system32\dxdllreg.exe

2008-10-06 01:13:31 ----D---- C:\Documents and Settings\Nora\Application Data\FileZilla

2008-10-06 01:11:32 ----D---- C:\Program Files\FileZilla FTP Client

2008-10-05 23:26:48 ----D---- C:\Program Files\Common Files\NSV

2008-10-04 14:06:18 ----D---- C:\Program Files\Jasc Software Inc

2008-09-30 12:02:16 ----D---- C:\Program Files\Spybot - Search & Destroy

2008-09-30 12:02:16 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2008-09-29 11:26:04 ----A---- C:\WINDOWS\system32\Incinerator.dll

2008-09-29 11:26:00 ----A---- C:\WINDOWS\system32\smrgdf.exe

2008-09-29 11:26:00 ----A---- C:\WINDOWS\system32\iolobtdfg.exe

2008-09-22 18:54:27 ----A---- C:\WINDOWS\system32\igfxres.dll

 

======List of files/folders modified in the last 1 months======

 

2008-10-21 12:00:40 ----A---- C:\WINDOWS\SchedLgU.Txt

2008-10-16 16:09:36 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI

2008-10-15 04:02:36 ----A---- C:\WINDOWS\imsins.BAK

2008-10-12 22:14:32 ----ASH---- C:\BOOT.INI

2008-10-12 22:14:32 ----A---- C:\WINDOWS\win.ini

2008-10-12 22:14:32 ----A---- C:\WINDOWS\system.ini

2008-10-07 12:19:40 ----A---- C:\WINDOWS\system32\MRT.exe

2008-10-03 10:41:16 ----A---- C:\WINDOWS\system32\ieframe.dll

 

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys []

R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2008-06-27 75072]

R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 36352]

R1 pelmouse;Mouse Suite Driver; C:\WINDOWS\system32\DRIVERS\pelmouse.sys [2003-01-10 16384]

R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352]

R1 vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys [2007-03-09 394192]

R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2003-10-23 100384]

R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys []

R3 E100B;Intel® PRO Network Connection Driver; C:\WINDOWS\System32\DRIVERS\e100b325.sys [2007-11-16 165496]

R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2006-09-19 15664]

R3 ialm;ialm; C:\WINDOWS\System32\DRIVERS\ialmnt5.sys [2005-06-21 807998]

R3 LVMVDrv;Logitech Machine Vision Engine Loader; C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys [2007-10-11 2142488]

R3 lvpopflt;Logitech POP Suppression Filter; C:\WINDOWS\system32\DRIVERS\lvpopflt.sys [2008-07-26 95384]

R3 LVPr2Mon;Logitech LVPr2Mon Driver; C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys [2008-07-26 25624]

R3 LVRS;Logitech RightSound Filter Driver; C:\WINDOWS\system32\DRIVERS\lvrs.sys [2008-07-26 627864]

R3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\LVUSBSta.sys [2008-07-26 41752]

R3 LVUVC;Logitech QuickCam Pro 5000(UVC); C:\WINDOWS\system32\DRIVERS\lvuvc.sys [2008-07-26 4658584]

R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver; C:\WINDOWS\system32\DRIVERS\ManyCam.sys [2008-01-14 21632]

R3 pelps2m;PS/2 Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\pelps2m.sys [2003-01-20 18048]

R3 psadd;Lenovo Parties Service Access Device Driver; C:\WINDOWS\system32\DRIVERS\psadd.sys [2006-09-12 28224]

R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2003-10-27 578432]

R3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]

R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]

R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]

R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]

R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]

S1 {6080A529-897E-4629-A488-ABA0C29B635E};Intel® Graphics Platform (SoftBIOS) Driver; C:\WINDOWS\system32\drivers\ialmsbw.sys [2002-10-16 91678]

S3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91};Intel® Graphics Chipset (KCH) Driver; C:\WINDOWS\system32\drivers\ialmkchw.sys [2002-10-16 71514]

S3 ac97intc;Intel® 82801 Audio Driver Install Service (WDM); C:\WINDOWS\system32\drivers\ac97intc.sys [2001-08-17 96256]

S3 EGATHDRV;IBM Access Support; \??\C:\WINDOWS\Downloaded Program Files\EGATHDRV.SYS []

S3 FilterService;UVC Filter Service; C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys [2008-07-26 23832]

S3 KLIF;KLIF; \??\C:\WINDOWS\system32\ZONELABS\avsys\KLIF.SYS []

S3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]

S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]

S3 StillCam;Still Serial Digital Camera Driver; C:\WINDOWS\system32\DRIVERS\serscan.sys [2001-08-17 6784]

S3 usbbus;LGE CDMA Composite USB Device; C:\WINDOWS\system32\DRIVERS\lgusbbus.sys [2005-05-26 21344]

S3 UsbDiag;LGE CDMA USB Serial Port; C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys [2005-05-26 38144]

S3 USBModem;LGE CDMA USB Modem; C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys [2005-06-24 39036]

S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]

S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]

S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]

S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

S4 sr;System Restore Filter Driver; C:\WINDOWS\System32\DRIVERS\sr.sys [2008-04-13 73472]

 

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-06-12 68865]

R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-08-19 149761]

R2 LVCOMSer;LVCOMSer; C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe [2008-07-26 186904]

R2 LVPrcSrv;Process Monitor; C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2008-07-26 150040]

R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

S2 LVSrvLauncher;LVSrvLauncher; C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe [2008-07-26 141848]

S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]

S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]

S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]

S3 vsmon;TrueVector Internet Monitor; C:\WINDOWS\system32\ZONELABS\vsmon.exe [2007-03-09 75568]

S4 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2007-10-31 110592]

S4 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]

S4 ioloFileInfoList;iolo FileInfoList Service; C:\Program Files\iolo\common\lib\ioloServiceManager.exe [2008-09-24 596840]

S4 ioloSystemService;iolo System Service; C:\Program Files\iolo\common\lib\ioloServiceManager.exe [2008-09-24 596840]

S4 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2007-11-15 504104]

S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]

S4 ProtexisLicensing;ProtexisLicensing; C:\WINDOWS\system32\PSIService.exe [2007-06-05 177704]

S4 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]

S4 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]

S4 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]

 

-----------------EOF-----------------

 

 

 

info.txt file:

 

info.txt logfile of random's system information tool 1.04 2008-10-21 12:22:34

 

======Uninstall list======

 

-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

Access IBM Message Center-->MsiExec.exe /X{F413B3A4-EE5D-457C-BAE5-6E58D9589ED5}

Adobe Flash Player 9 ActiveX-->C:\WINDOWS\System32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock

Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe

Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe

Adobe Reader 8.1.1-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003}

Adobe Shockwave Player 11-->C:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log

AIM 6-->C:\Program Files\AIM6\uninst.exe

AMIP (remove only)-->"C:\Program Files\Winamp\Plugins\amip_uninstall.exe"

AMIPConfigurator (remove only)-->"C:\Program Files\Winamp\Plugins\un_configurator.exe"

Apple Mobile Device Support-->MsiExec.exe /I{B5C209B1-8DDB-4642-A573-375B951514CB}

Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}

Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE

Bejeweled 2 Deluxe-->"C:\Program Files\Oberon Media\Bejeweled 2 Deluxe\Uninstall.exe" "C:\Program Files\Oberon Media\Bejeweled 2 Deluxe\install.log"

Canon G.726 WMP-Decoder-->"C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\G726Decoder\G726DecUnInstall.ini"

FileZilla Client 3.1.3.1-->C:\Program Files\FileZilla FTP Client\uninstall.exe

Google Earth-->MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}

Google Gears-->MsiExec.exe /I{95774351-6087-3A3B-8CA8-70BEE49D2BD5}

HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall

Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"

Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"

Hotfix for Windows XP (KB915800-v4)-->"C:\WINDOWS\$NtUninstallKB915800-v4$\spuninst\spuninst.exe"

Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"

HTMLPad 2008 Pro v9.2-->"C:\Program Files\HTMLPad 2008\unins000.exe"

Intel® Extreme Graphics Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2562

Intel® Network Connections Drivers-->Prounstl.exe

iolo technologies' System Mechanic-->"C:\Program Files\iolo\System Mechanic\unins000.exe"

iTunes-->MsiExec.exe /I{4F5CE18C-D97D-48FF-A510-A0D90C918294}

Java 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}

Java 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}

Java 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}

LG USB Drivers-->C:\PROGRA~1\LGDRIV~1\LGUSBD~1\UNWISE.EXE C:\PROGRA~1\LGDRIV~1\LGUSBD~1\INSTALL.LOG

LimeWire 4.18.6-->"C:\Program Files\LimeWire\uninstall.exe"

Logitech Audio Echo Cancellation Component-->MsiExec.exe /X{BEF726DD-4037-4214-8C6A-E625C02D2870}

Logitech Legacy USB Camera Driver Package-->"C:\Program Files\Common Files\LogiShrd\LogiDriverStore\legacyqcam\10.40.1235\LgDrvInst.exe" -remove -instdir"C:\Program Files\Common Files\LogiShrd\LogiDriverStore\legacyqcam\" -enumdelay=2000 -enabledifx -forcedelete -usbhubsfirst -forceremove -cumulativeremove -promptuninstall -arpregkey"legacyqcam_10.40" /clone_wait /hide_progress

Logitech QuickCam Driver Package-->"C:\Program Files\Common Files\LogiShrd\LogiDriverStore\lvdrivers\11.50.1145\LgDrvInst.exe" -remove -instdir"C:\Program Files\Common Files\LogiShrd\LogiDriverStore\lvdrivers\" -enumdelay=2000 -enabledifx -forcedelete -usbhubsfirst -forceremove -cumulativeremove -promptuninstall -arpregkey"lvdrivers_11.50" /clone_wait /hide_progress

Logitech QuickCam-->MsiExec.exe /X{3AF8FCCD-F51A-4014-9002-F195E1CBC876}

Logitech Video Enumerator-->MsiExec.exe /X{EA516024-D84D-41F1-814F-83175A6188F2}

Logitech® Camera Driver-->"C:\Program Files\Common Files\Logitech\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT

ManyCam 2.3 (remove only)-->"C:\Program Files\ManyCam 2.3\uninstall.exe"

Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"

Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}

Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}

Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}

Microsoft .NET Framework 3.0 Service Pack 1-->MsiExec.exe /I{2BA00471-0328-3743-93BD-FA813353A783}

Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"

Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"

Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"

Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}

Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"

Mouse Suite-->Pmuninst.exe MouseSuite98

Mozilla Firefox (3.0.3)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe

MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}

MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}

MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}

MVision-->MsiExec.exe /I{35725FBC-A136-4A46-9F29-091759D9BB93}

MVision-->MsiExec.exe /I{5FE1E412-D114-46E8-A891-5BE087B256A5}

Netflix Movie Viewer-->MsiExec.exe /X{BCE72AED-3332-4863-9567-C5DCB9052CA2}

Norton PC Checkup-->C:\Program Files\Norton PC Checkup\uninstall.exe

OpenOffice.org Installer 1.0-->MsiExec.exe /X{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}

Paint Shop Pro 7 ESD-->MsiExec.exe /I{D6DE02C7-1F47-11D4-9515-00105AE4B89A}

QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}

Safari-->MsiExec.exe /I{C9D96682-5A4D-45FA-BA3E-DDCB2B0CB868}

Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}

Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}

Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"

Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"

Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"

Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"

Security Update for Windows Media Player 8 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP8$\spuninst\spuninst.exe"

Security Update for Windows Media Player 9 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"

Security Update for Windows Media Player 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"

Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"

Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"

Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"

Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"

Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"

Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"

Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"

Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"

Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"

Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"

Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"

Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"

Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"

Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"

Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"

TweakXP Tweaking Utility 2-->"C:\Program Files\TweakXP 2\unins000.exe"

U3Launcher-->MsiExec.exe /I{D8E363A7-88B7-446D-B2C0-E26CE4DC8E54}

Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"

Update for Windows XP (KB951618-v2)-->"C:\WINDOWS\$NtUninstallKB951618-v2$\spuninst\spuninst.exe"

Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"

Winamp Remote-->"C:\Program Files\Winamp Remote\uninstall.exe"

Winamp-->"C:\Program Files\Winamp\UninstWA.exe"

Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"

Windows Live installer-->MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}

Windows Live Sign-in Assistant-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}

Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll

Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"

Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall

Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"

Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}

Windows Search 4.0-->"C:\WINDOWS\$NtUninstallKB940157$\spuninst\spuninst.exe"

Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"

WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe

Yahoo! Messenger-->C:\PROGRA~1\YAHOO!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\YAHOO!\MESSEN~1\INSTALL.LOG

ZoneAlarm Security Suite-->C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe

 

=====HijackThis Backups=====

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

O18 - Filter hijack: text/html - {691c2234-7bb6-4d3a-95fc-8e3d915ea92b} - C:\WINDOWS\system32\msziptools.dll

O18 - Filter hijack: text/html - {691c2234-7bb6-4d3a-95fc-8e3d915ea92b} - C:\WINDOWS\system32\msziptools.dll

O18 - Filter hijack: text/html - {691c2234-7bb6-4d3a-95fc-8e3d915ea92b} - C:\WINDOWS\system32\msziptools.dll

 

======Hosts File======

 

127.0.0.1 www.007guard.com

127.0.0.1 007guard.com

127.0.0.1 008i.com

127.0.0.1 www.008k.com

127.0.0.1 008k.com

127.0.0.1 www.00hq.com

127.0.0.1 00hq.com

127.0.0.1 010402.com

127.0.0.1 www.032439.com

127.0.0.1 032439.com

 

======Security center information======

 

AV: ZoneAlarm Security Suite Antivirus (disabled) (outdated)

AV: Avira AntiVir PersonalEdition

FW: ZoneAlarm Security Suite Firewall (disabled)

 

======Environment variables======

 

"ComSpec"=%SystemRoot%\system32\cmd.exe

"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;"C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier";C:\Program Files\QuickTime\QTSystem\

"windir"=%SystemRoot%

"OS"=Windows_NT

"PROCESSOR_ARCHITECTURE"=x86

"PROCESSOR_LEVEL"=15

"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 7, GenuineIntel

"PROCESSOR_REVISION"=0207

"NUMBER_OF_PROCESSORS"=1

"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH

"TEMP"=%SystemRoot%\TEMP

"TMP"=%SystemRoot%\TEMP

"FP_NO_HOST_CHECK"=NO

"tvdumpflags"=8

"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip

"QTJAVA"=C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip

 

-----------------EOF-----------------

Share this post


Link to post
Share on other sites

Hello

 

Please download the OTMoveIt3 by OldTimer or from here.

  • Save it to your desktop.
  • Please double-click OTMoveIt3.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
     
    :Processes
    explorer.exe
    
    :Services
    
    :Reg
    
    :Files
    C:\WINDOWS\system32\msziptools.dll
    
    :Commands
    [purity]
    [emptytemp]
    [start explorer]
    [Reboot]


     

  • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
     
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt3

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

 

 

 

Please click on Start > Control Panel > Add/Remove Programs and uninstall the following programs(if present):

 

Javaâ„¢ 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}

Javaâ„¢ 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}

 

 

 

 

Please download Malwarebytes' Anti-Malware from Here or Here

 

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

 

 

 

 

Go to Kaspersky website and perform an online antivirus scan.

  1. Read through the requirements and privacy statement and click on Accept button.
  2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  3. When the downloads have finished, click on Settings.
  4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases

[*]Click on My Computer under Scan.

[*]Once the scan is complete, it will display the results. Click on View Scan Report.

[*]You will see a list of infected items there. Click on Save Report As....

[*]Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.

Share this post


Link to post
Share on other sites

========== PROCESSES ==========

Process explorer.exe killed successfully.

========== SERVICES/DRIVERS ==========

========== REGISTRY ==========

========== FILES ==========

LoadLibrary failed for C:\WINDOWS\system32\msziptools.dll

C:\WINDOWS\system32\msziptools.dll NOT unregistered.

C:\WINDOWS\system32\msziptools.dll moved successfully.

========== COMMANDS ==========

File delete failed. C:\DOCUME~1\Nora\LOCALS~1\Temp\etilqs_SfK8JdZc5my0PT4W3W4F scheduled to be deleted on reboot.

File delete failed. C:\DOCUME~1\Nora\LOCALS~1\Temp\~DFD305.tmp scheduled to be deleted on reboot.

File delete failed. C:\DOCUME~1\Nora\LOCALS~1\Temp\~DF82D4.tmp scheduled to be deleted on reboot.

File delete failed. C:\DOCUME~1\Nora\LOCALS~1\Temp\~DF8BC8.tmp scheduled to be deleted on reboot.

File delete failed. C:\DOCUME~1\Nora\LOCALS~1\Temp\~DF9FE3.tmp scheduled to be deleted on reboot.

File delete failed. C:\DOCUME~1\Nora\LOCALS~1\Temp\~DFA002.tmp scheduled to be deleted on reboot.

File delete failed. C:\DOCUME~1\Nora\LOCALS~1\Temp\flaB.tmp scheduled to be deleted on reboot.

User's Temp folder emptied.

User's Temporary Internet Files folder emptied.

User's Internet Explorer cache folder emptied.

Local Service Temp folder emptied.

File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.

Local Service Temporary Internet Files folder emptied.

File delete failed. C:\WINDOWS\temp\logishrd\LVPrcInj01.dll scheduled to be deleted on reboot.

Windows Temp folder emptied.

Java cache emptied.

File delete failed. C:\Documents and Settings\Nora\Local Settings\Application Data\Mozilla\Firefox\Profiles\vfqrjklq.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Nora\Local Settings\Application Data\Mozilla\Firefox\Profiles\vfqrjklq.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Nora\Local Settings\Application Data\Mozilla\Firefox\Profiles\vfqrjklq.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Nora\Local Settings\Application Data\Mozilla\Firefox\Profiles\vfqrjklq.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Nora\Local Settings\Application Data\Mozilla\Firefox\Profiles\vfqrjklq.default\urlclassifier3.sqlite scheduled to be deleted on reboot.

FireFox cache emptied.

Temp folders emptied.

Explorer started successfully

 

OTMoveIt3 by OldTimer - Version 1.0.5.0 log created on 10212008_123106

 

Files moved on Reboot...

File C:\DOCUME~1\Nora\LOCALS~1\Temp\etilqs_SfK8JdZc5my0PT4W3W4F not found!

C:\DOCUME~1\Nora\LOCALS~1\Temp\~DFD305.tmp moved successfully.

File C:\DOCUME~1\Nora\LOCALS~1\Temp\~DF82D4.tmp not found!

File C:\DOCUME~1\Nora\LOCALS~1\Temp\~DF8BC8.tmp not found!

File C:\DOCUME~1\Nora\LOCALS~1\Temp\~DF9FE3.tmp not found!

File C:\DOCUME~1\Nora\LOCALS~1\Temp\~DFA002.tmp not found!

File C:\DOCUME~1\Nora\LOCALS~1\Temp\flaB.tmp not found!

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat moved successfully.

File C:\WINDOWS\temp\logishrd\LVPrcInj01.dll not found!

C:\Documents and Settings\Nora\Local Settings\Application Data\Mozilla\Firefox\Profiles\vfqrjklq.default\Cache\_CACHE_MAP_ moved successfully.

C:\Documents and Settings\Nora\Local Settings\Application Data\Mozilla\Firefox\Profiles\vfqrjklq.default\Cache\_CACHE_001_ moved successfully.

C:\Documents and Settings\Nora\Local Settings\Application Data\Mozilla\Firefox\Profiles\vfqrjklq.default\Cache\_CACHE_002_ moved successfully.

C:\Documents and Settings\Nora\Local Settings\Application Data\Mozilla\Firefox\Profiles\vfqrjklq.default\Cache\_CACHE_003_ moved successfully.

C:\Documents and Settings\Nora\Local Settings\Application Data\Mozilla\Firefox\Profiles\vfqrjklq.default\urlclassifier3.sqlite moved successfully.

Edited by nora antoinette

Share this post


Link to post
Share on other sites

i still have to finish with malwarebytes scan and kapersky but i must run and do some errands.. when i return i will post those logs as well.. thanks.

Share this post


Link to post
Share on other sites

Malware Log:

 

 

Malwarebytes' Anti-Malware 1.29

Database version: 1276

Windows 5.1.2600 Service Pack 3

 

10/21/2008 12:51:45 PM

mbam-log-2008-10-21 (12-51-45).txt

 

Scan type: Quick Scan

Objects scanned: 69523

Time elapsed: 6 minute(s), 35 second(s)

 

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 1

Registry Values Infected: 0

Registry Data Items Infected: 2

Folders Infected: 0

Files Infected: 0

 

Memory Processes Infected:

(No malicious items detected)

 

Memory Modules Infected:

(No malicious items detected)

 

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

 

Registry Values Infected:

(No malicious items detected)

 

Registry Data Items Infected:

HKEY_CLASSES_ROOT\scrfile\shell\open\command\ (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: ("%1" /S) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\regfile\shell\open\command\ (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: (regedit.exe "%1") -> Quarantined and deleted successfully.

 

Folders Infected:

(No malicious items detected)

 

Files Infected:

(No malicious items detected)

 

 

Kasperkey Log:

 

--------------------------------------------------------------------------------

KASPERSKY ONLINE SCANNER 7 REPORT

Tuesday, October 21, 2008

Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)

Kaspersky Online Scanner 7 version: 7.0.25.0

Program database last update: Tuesday, October 21, 2008 15:51:52

Records in database: 1331814

--------------------------------------------------------------------------------

 

Scan settings:

Scan using the following database: extended

Scan archives: yes

Scan mail databases: yes

 

Scan area - My Computer:

A:\

C:\

D:\

 

Scan statistics:

Files scanned: 78236

Threat name: 3

Infected objects: 5

Suspicious objects: 0

Duration of the scan: 01:43:04

 

 

File name / Threat name / Threats count

C:\IBMWORK\2GXSM0A\PLSREM~1.EXE Infected: not-a-virus:RemoteAdmin.Win32.PLSRemot 1

C:\Documents and Settings\Nora\My Documents\My Music\angel natasha benningfield.mp3 Infected: Trojan-Downloader.WMA.Wimad.n 1

C:\Documents and Settings\Nora\My Documents\My Music\ggonna make you sweat.mp3 Infected: Trojan-Downloader.WMA.Wimad.n 1

C:\Documents and Settings\Nora\My Documents\My Music\lorelei carlson.mp3 Infected: Trojan-Downloader.WMA.Wimad.n 1

C:\_OTMoveIt\MovedFiles\10212008_123106\WINDOWS\system32\msziptools.dll Infected: Trojan-Downloader.Win32.DlKroha.k 1

 

The selected area was scanned.

 

 

 

Doh! Guess Avira isnt so keen on catching trojans since there are three mp3 files that are infected. Go figure. Nonetheless.. lets continue so everything can be nabbed while we're at it.

 

~nora

Share this post


Link to post
Share on other sites

Hello

 

Please download the OTMoveIt3 by OldTimer or from here.

  • Save it to your desktop.
  • Please double-click OTMoveIt3.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
     
    :Processes
    explorer.exe
    
    :Services
    
    :Reg
    
    :Files
    C:\Documents and Settings\Nora\My Documents\My Music\angel natasha benningfield.mp3 
    C:\Documents and Settings\Nora\My Documents\My Music\ggonna make you sweat.mp3
    C:\Documents and Settings\Nora\My Documents\My Music\lorelei carlson.mp3
    
    :Commands
    [purity]
    [emptytemp]
    [start explorer]
    [Reboot]


     

  • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
     
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt3

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

 

 

 

Also post a new HJT log

Share this post


Link to post
Share on other sites

Ok.. here are the HJT and MoveIt Logs:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 5:03:18 PM, on 10/21/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\notepad.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\WINDOWS\system32\hkcmd.exe

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Documents and Settings\Nora\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\Program Files\Mozilla Firefox\firefox.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Nora\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1179849197859

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1179849190859

O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - http://www-307.ibm.com/pc/support/IbmEgath.cab

O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} (Java Plug-in 1.6.0_03) -

O18 - Filter hijack: text/html - {691c2234-7bb6-4d3a-95fc-8e3d915ea92b} - C:\WINDOWS\system32\msziptools.dll

O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe

 

--

End of file - 6136 bytes

 

 

OTMoveIt Log:

 

========== PROCESSES ==========

Process explorer.exe killed successfully.

========== SERVICES/DRIVERS ==========

========== REGISTRY ==========

========== FILES ==========

C:\Documents and Settings\Nora\My Documents\My Music\angel natasha benningfield.mp3 moved successfully.

C:\Documents and Settings\Nora\My Documents\My Music\ggonna make you sweat.mp3 moved successfully.

C:\Documents and Settings\Nora\My Documents\My Music\lorelei carlson.mp3 moved successfully.

========== COMMANDS ==========

File delete failed. C:\DOCUME~1\Nora\LOCALS~1\Temp\etilqs_6fpfJOUxSLdVHezXScKh scheduled to be deleted on reboot.

User's Temp folder emptied.

User's Temporary Internet Files folder emptied.

User's Internet Explorer cache folder emptied.

Local Service Temp folder emptied.

File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.

Local Service Temporary Internet Files folder emptied.

File delete failed. C:\WINDOWS\temp\logishrd\LVPrcInj01.dll scheduled to be deleted on reboot.

Windows Temp folder emptied.

Java cache emptied.

File delete failed. C:\Documents and Settings\Nora\Local Settings\Application Data\Mozilla\Firefox\Profiles\vfqrjklq.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Nora\Local Settings\Application Data\Mozilla\Firefox\Profiles\vfqrjklq.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Nora\Local Settings\Application Data\Mozilla\Firefox\Profiles\vfqrjklq.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Nora\Local Settings\Application Data\Mozilla\Firefox\Profiles\vfqrjklq.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Nora\Local Settings\Application Data\Mozilla\Firefox\Profiles\vfqrjklq.default\XUL.mfl scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Nora\Local Settings\Application Data\Mozilla\Firefox\Profiles\vfqrjklq.default\urlclassifier3.sqlite scheduled to be deleted on reboot.

FireFox cache emptied.

Temp folders emptied.

Explorer started successfully

 

OTMoveIt3 by OldTimer - Version 1.0.5.0 log created on 10212008_165218

 

Files moved on Reboot...

File C:\DOCUME~1\Nora\LOCALS~1\Temp\etilqs_6fpfJOUxSLdVHezXScKh not found!

File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.

DllUnregisterServer procedure not found in C:\WINDOWS\temp\logishrd\LVPrcInj01.dll

C:\WINDOWS\temp\logishrd\LVPrcInj01.dll NOT unregistered.

File move failed. C:\WINDOWS\temp\logishrd\LVPrcInj01.dll scheduled to be moved on reboot.

C:\Documents and Settings\Nora\Local Settings\Application Data\Mozilla\Firefox\Profiles\vfqrjklq.default\Cache\_CACHE_MAP_ moved successfully.

C:\Documents and Settings\Nora\Local Settings\Application Data\Mozilla\Firefox\Profiles\vfqrjklq.default\Cache\_CACHE_001_ moved successfully.

C:\Documents and Settings\Nora\Local Settings\Application Data\Mozilla\Firefox\Profiles\vfqrjklq.default\Cache\_CACHE_002_ moved successfully.

C:\Documents and Settings\Nora\Local Settings\Application Data\Mozilla\Firefox\Profiles\vfqrjklq.default\Cache\_CACHE_003_ moved successfully.

C:\Documents and Settings\Nora\Local Settings\Application Data\Mozilla\Firefox\Profiles\vfqrjklq.default\XUL.mfl moved successfully.

C:\Documents and Settings\Nora\Local Settings\Application Data\Mozilla\Firefox\Profiles\vfqrjklq.default\urlclassifier3.sqlite moved successfully.

Share this post


Link to post
Share on other sites

Nearly done

 

Please download the OTMoveIt3 by OldTimer or from here.

  • Save it to your desktop.
  • Please double-click OTMoveIt3.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
     
    :Processes
    explorer.exe
    
    :Services
    
    :Reg
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\text/html]
    "CLSID"=-
    [-HKEY_CLASSES_ROOT\CLSID\{691c2234-7bb6-4d3a-95fc-8e3d915ea92b}]
    
    
    :Files
    
    :Commands
    [purity]
    [emptytemp]
    [start explorer]
    [Reboot]


     

  • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
     
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt3

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

 

 

 

Also post a new HJT log

Share this post


Link to post
Share on other sites

Are we there yet? lol just kidding... here are the logs once again.. =D

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 5:59:24 PM, on 10/21/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\notepad.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\WINDOWS\system32\hkcmd.exe

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Documents and Settings\Nora\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Nora\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1179849197859

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1179849190859

O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - http://www-307.ibm.com/pc/support/IbmEgath.cab

O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} (Java Plug-in 1.6.0_03) -

O18 - Filter hijack: text/html - {691c2234-7bb6-4d3a-95fc-8e3d915ea92b} - (no file)

O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe

 

--

End of file - 6173 bytes

 

 

 

OTMoveIt:

 

========== PROCESSES ==========

Process explorer.exe killed successfully.

========== SERVICES/DRIVERS ==========

========== REGISTRY ==========

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\text/html not found.

Registry key HKEY_CLASSES_ROOT\CLSID\{691c2234-7bb6-4d3a-95fc-8e3d915ea92b}\\ deleted successfully.

========== FILES ==========

========== COMMANDS ==========

File delete failed. C:\DOCUME~1\Nora\LOCALS~1\Temp\~DFEA38.tmp scheduled to be deleted on reboot.

File delete failed. C:\DOCUME~1\Nora\LOCALS~1\Temp\etilqs_UVOaZZnb23EsoKSo3gLj scheduled to be deleted on reboot.

User's Temp folder emptied.

User's Temporary Internet Files folder emptied.

User's Internet Explorer cache folder emptied.

Local Service Temp folder emptied.

File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.

Local Service Temporary Internet Files folder emptied.

File delete failed. C:\WINDOWS\temp\logishrd\LVPrcInj01.dll scheduled to be deleted on reboot.

Windows Temp folder emptied.

Java cache emptied.

File delete failed. C:\Documents and Settings\Nora\Local Settings\Application Data\Mozilla\Firefox\Profiles\vfqrjklq.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Nora\Local Settings\Application Data\Mozilla\Firefox\Profiles\vfqrjklq.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Nora\Local Settings\Application Data\Mozilla\Firefox\Profiles\vfqrjklq.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Nora\Local Settings\Application Data\Mozilla\Firefox\Profiles\vfqrjklq.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Nora\Local Settings\Application Data\Mozilla\Firefox\Profiles\vfqrjklq.default\XUL.mfl scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Nora\Local Settings\Application Data\Mozilla\Firefox\Profiles\vfqrjklq.default\urlclassifier3.sqlite scheduled to be deleted on reboot.

FireFox cache emptied.

Temp folders emptied.

Explorer started successfully

 

OTMoveIt3 by OldTimer - Version 1.0.5.0 log created on 10212008_173237

 

Files moved on Reboot...

C:\DOCUME~1\Nora\LOCALS~1\Temp\~DFEA38.tmp moved successfully.

File C:\DOCUME~1\Nora\LOCALS~1\Temp\etilqs_UVOaZZnb23EsoKSo3gLj not found!

File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.

DllUnregisterServer procedure not found in C:\WINDOWS\temp\logishrd\LVPrcInj01.dll

C:\WINDOWS\temp\logishrd\LVPrcInj01.dll NOT unregistered.

File move failed. C:\WINDOWS\temp\logishrd\LVPrcInj01.dll scheduled to be moved on reboot.

C:\Documents and Settings\Nora\Local Settings\Application Data\Mozilla\Firefox\Profiles\vfqrjklq.default\Cache\_CACHE_MAP_ moved successfully.

C:\Documents and Settings\Nora\Local Settings\Application Data\Mozilla\Firefox\Profiles\vfqrjklq.default\Cache\_CACHE_001_ moved successfully.

C:\Documents and Settings\Nora\Local Settings\Application Data\Mozilla\Firefox\Profiles\vfqrjklq.default\Cache\_CACHE_002_ moved successfully.

C:\Documents and Settings\Nora\Local Settings\Application Data\Mozilla\Firefox\Profiles\vfqrjklq.default\Cache\_CACHE_003_ moved successfully.

C:\Documents and Settings\Nora\Local Settings\Application Data\Mozilla\Firefox\Profiles\vfqrjklq.default\XUL.mfl moved successfully.

C:\Documents and Settings\Nora\Local Settings\Application Data\Mozilla\Firefox\Profiles\vfqrjklq.default\urlclassifier3.sqlite moved successfully.

Share this post


Link to post
Share on other sites

Hello

 

Backup Your Registry with ERUNT

  • Please use the following link and scroll down to ERUNT and download it.
    http://aumha.org/freeware/freeware.php
  • For version with the Installer:
    Use the setup program to install ERUNT on your computer
  • For the zipped version:
    Unzip all the files into a folder of your choice.

Click Erunt.exe to backup your registry to the folder of your choice.

 

Note: to restore your registry, go to the folder and start ERDNT.exe

 

 

 

Please download the OTMoveIt3 by OldTimer or from here.

  • Save it to your desktop.
  • Please double-click OTMoveIt3.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
     
    :Processes
    explorer.exe
    
    :Services
    
    :Reg
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\text/html]
    
    :Files
    
    :Commands
    [purity]
    [emptytemp]
    [start explorer]
    [Reboot]


     

  • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
     
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt3

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

 

 

 

Also post a new HJT log

Share this post


Link to post
Share on other sites

OTMoveIT:

 

 

========== PROCESSES ==========

Process explorer.exe killed successfully.

========== SERVICES/DRIVERS ==========

========== REGISTRY ==========

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\text/html\\ not found.

========== FILES ==========

========== COMMANDS ==========

File delete failed. C:\DOCUME~1\Nora\LOCALS~1\Temp\etilqs_tTFgylmW7e5a6USxFOXU scheduled to be deleted on reboot.

User's Temp folder emptied.

User's Temporary Internet Files folder emptied.

User's Internet Explorer cache folder emptied.

Local Service Temp folder emptied.

File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.

Local Service Temporary Internet Files folder emptied.

File delete failed. C:\WINDOWS\temp\logishrd\LVPrcInj01.dll scheduled to be deleted on reboot.

Windows Temp folder emptied.

Java cache emptied.

File delete failed. C:\Documents and Settings\Nora\Local Settings\Application Data\Mozilla\Firefox\Profiles\vfqrjklq.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Nora\Local Settings\Application Data\Mozilla\Firefox\Profiles\vfqrjklq.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Nora\Local Settings\Application Data\Mozilla\Firefox\Profiles\vfqrjklq.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Nora\Local Settings\Application Data\Mozilla\Firefox\Profiles\vfqrjklq.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Nora\Local Settings\Application Data\Mozilla\Firefox\Profiles\vfqrjklq.default\urlclassifier3.sqlite scheduled to be deleted on reboot.

FireFox cache emptied.

Temp folders emptied.

Explorer started successfully

 

OTMoveIt3 by OldTimer - Version 1.0.5.0 log created on 10212008_185635

 

Files moved on Reboot...

File C:\DOCUME~1\Nora\LOCALS~1\Temp\etilqs_tTFgylmW7e5a6USxFOXU not found!

File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.

DllUnregisterServer procedure not found in C:\WINDOWS\temp\logishrd\LVPrcInj01.dll

C:\WINDOWS\temp\logishrd\LVPrcInj01.dll NOT unregistered.

File move failed. C:\WINDOWS\temp\logishrd\LVPrcInj01.dll scheduled to be moved on reboot.

C:\Documents and Settings\Nora\Local Settings\Application Data\Mozilla\Firefox\Profiles\vfqrjklq.default\Cache\_CACHE_MAP_ moved successfully.

C:\Documents and Settings\Nora\Local Settings\Application Data\Mozilla\Firefox\Profiles\vfqrjklq.default\Cache\_CACHE_001_ moved successfully.

C:\Documents and Settings\Nora\Local Settings\Application Data\Mozilla\Firefox\Profiles\vfqrjklq.default\Cache\_CACHE_002_ moved successfully.

C:\Documents and Settings\Nora\Local Settings\Application Data\Mozilla\Firefox\Profiles\vfqrjklq.default\Cache\_CACHE_003_ moved successfully.

C:\Documents and Settings\Nora\Local Settings\Application Data\Mozilla\Firefox\Profiles\vfqrjklq.default\urlclassifier3.sqlite moved successfully.

 

 

 

HJT:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 6:59:27 PM, on 10/21/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

C:\WINDOWS\notepad.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\WINDOWS\system32\hkcmd.exe

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Documents and Settings\Nora\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Nora\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1179849197859

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1179849190859

O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - http://www-307.ibm.com/pc/support/IbmEgath.cab

O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} (Java Plug-in 1.6.0_03) -

O18 - Filter hijack: text/html - {691c2234-7bb6-4d3a-95fc-8e3d915ea92b} - (no file)

O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe

 

--

End of file - 6234 bytes

Share this post


Link to post
Share on other sites

Run OTSCanIt2.exe

 

Click the box called None

 

Go to Additional Scans and check these

 

Reg - Protocol Filters, Reg - Protocol Handlers[/b]

 

 

Click Run Scan and attach the log here when it is done

Share this post


Link to post
Share on other sites

If this gets double posted, my apologies. i wasnt paying attention and shut down firefox just as the browser was loading. lol

 

let me know if the attachment works or not, i'll just post it from the txt file itself again

OTScanIt102108.Txt

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this