• Announcements

    • LS.Andy

      Support for other products than adaware, ad block, web protection and Web Companion   05/05/2017

      Support for the following products is handled by the Lavasoft support team: Lavasoft Tuneup Kit Lavasoft PC Optimizer Lavasoft Driver Updater Lavasoft Registry Tuner Lavasoft Privacy Toolbox Lavasoft File Shredder Lavasoft Digital Lock

      For help with these products, contact the support team here: http://www.lavasoft.com/support/supportcenter/
       
Sign in to follow this  
Followers 0
DiscoDigs

Removing Contextual tool AdzGalore

22 posts in this topic

Hi, I have been advised to post this on here from an Ad-Aware support advisor, with the hope that somebody here can help me solve the problem.

 

I cannot rid my PC of these annoying pop ups that keep appearing randomly from Adzgalore.

 

I have updated Ad-Aware Pro and done a full scan with no results.

 

Can anybody help with this matter?

 

Thanks. Richard.

 

Here is a Hijackthis Log file.

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 21:28:06, on 30/10/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\BullGuard Software\BullGuard\BullGuardUpdate.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe

C:\WINDOWS\system32\PnkBstrB.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\Tablet.exe

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\Program Files\CyberLink\PowerCinema\PCMService.exe

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\WINDOWS\system32\BtUsrBdg.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe

C:\WINDOWS\system32\BTSetBootKey.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\BullGuard Software\BullGuard\BullGuard.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Windows Media Player\WMPNSCFG.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

C:\WINDOWS\system32\WTablet\TabUserW.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\Program Files\Extended Systems\XTNDConnect Blue Manager\XTNDConnect Blue Manager\XCBluMgr.exe

C:\PROGRA~1\EXTEND~1\XTNDCO~1\XTNDCO~1\SUSHIM~1.EXE

C:\Program Files\Extended Systems\XTNDConnect Blue Manager\btprot.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe

C:\PROGRA~1\EXTEND~1\XTNDCO~1\XTNDCO~1\BTUI_M~1.EXE

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Safari\Safari.exe

C:\Documents and Settings\Digsy\My Documents\My Received Files\HiJackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: adzgalore - {8107460b-0dee-b7c2-4cc4-1ed3cf3932b6} - C:\WINDOWS\system32\nsx37.dll

O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [{1290A33C-85F5-4164-A1BE-7DD299D4986A}] "C:\Program Files\CyberLink\PowerBackup\PBKScheduler.exe"

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [bTUSRBDG] BtUsrBdg.exe

O4 - HKLM\..\Run: [bTSETBOOTKEY] BTSetBootKey.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKCU\..\Run: [bullGuard] "C:\Program Files\BullGuard Software\BullGuard\BullGuard.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [bGNewsAgent] "C:\Program Files\BullGuard Software\BullGuard\BgNewsUI.exe"

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: hp psc 1000 series.lnk = ?

O4 - Global Startup: hpoddt01.exe.lnk = ?

O4 - Global Startup: Startup.exe

O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://www.meshcomputers.com

O16 - DPF: {02AA9E0F-B4EB-4BE9-A769-FD09543FEEC2} (UniInstaller Class) - http://webcamnow.com/fs5/voice/voice-installer.cab

O16 - DPF: {04CC2CE2-BBC4-43B6-96D6-E1C3E0BA120F} (HMVDownloader Control) - https://www.hmvdigital.com/HMV.Digital.WebS....Downloader.cab

O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1162305299875

O16 - DPF: {A417A857-7019-49DC-9A73-A0CBC965F483} (UniVoiceX Control) - http://webcamnow.com/fs5/voice/voice.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: BullGuard LiveUpdate (BGLiveSvc) - BullGuard Software - C:\Program Files\BullGuard Software\BullGuard\BullGuardUpdate.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe

O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe

O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe

 

--

End of file - 11307 bytes

Share this post


Link to post
Share on other sites

Hello

 

Disable resident protections (Antivirus...); you'll re-enable them after the scan

 

Download Lop S&D < here

 

Double-click Lop S&D.exe

Choose the language, then choose Option 1 (Search)

Wait till the end of the scan

Post the log which is created: (%SystemDrive%\lopR.txt)

 

 

 

 

Download OTScanIt2.exe to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt2 on your desktop.

  • Open the OTScanIt2 folder and double-click on OTScanIt.exe to start the program.
  • Under File Age at the top, change it from 30 days to 90 days
  • Under Additional Scans check the boxes beside Reg - Desktop Components, Reg - Disabled MS Config Items, Reg - File Associations, Reg - NetSvcs, Reg - Protocol Filters, Reg - Protocol Handlers[/b], File - Lop Check, File - Purity Scan, Files - Signature Check, and Evnt - EventViewer Logs ( Last 10 Errors).
  • Under Rootkit Search change it to Yes
  • Now click the Run Scan button on the toolbar.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.

Use the Add Reply button and post the information back here in an attachment. I will review it when it comes in. The last line is < End of Report >, so make sure that is the last line in the attached report.

 

 

Make sure you attach the report in your reply. If it is too big to upload, then zip the text file and upload it that way

Share this post


Link to post
Share on other sites
Hello

 

Disable resident protections (Antivirus...); you'll re-enable them after the scan

 

Download Lop S&D < here

 

Double-click Lop S&D.exe

Choose the language, then choose Option 1 (Search)

Wait till the end of the scan

Post the log which is created: (%SystemDrive%\lopR.txt)

Download OTScanIt2.exe to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt2 on your desktop.

  • Open the OTScanIt2 folder and double-click on OTScanIt.exe to start the program.
  • Under File Age at the top, change it from 30 days to 90 days
  • Under Additional Scans check the boxes beside Reg - Desktop Components, Reg - Disabled MS Config Items, Reg - File Associations, Reg - NetSvcs, Reg - Protocol Filters, Reg - Protocol Handlers[/b], File - Lop Check, File - Purity Scan, Files - Signature Check, and Evnt - EventViewer Logs ( Last 10 Errors).
  • Under Rootkit Search change it to Yes
  • Now click the Run Scan button on the toolbar.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.

Use the Add Reply button and post the information back here in an attachment. I will review it when it comes in. The last line is < End of Report >, so make sure that is the last line in the attached report.

Make sure you attach the report in your reply. If it is too big to upload, then zip the text file and upload it that way

 

Thanks for the reply.

Here is the log from the Lop S&D.

 

 

--------------------\\ Lop S&D 4.2.4-9 XP/Vista

 

Microsoft Windows XP Home Edition ( v5.1.2600 ) Service Pack 3

X86-based PC ( Multiprocessor Free : Intel® Core2 CPU 6600 @ 2.40GHz )

BIOS : BIOS Date: 08/23/06 11:45:44 Ver: 08.00.12

USER : Digsy ( Administrator )

BOOT : Normal boot

Antivirus : BullGuard Antivirus (Not Activated)

Firewall : ActiveArmor Firewall 1.0 (Not Activated)

C:\ (Local Disk) - NTFS - Total:293 Go (Free:235 Go)

D:\ (CD or DVD)

E:\ (CD or DVD)

F:\ (CD or DVD)

G:\ (USB)

H:\ (USB)

I:\ (USB)

J:\ (USB)

K:\ (CD or DVD)

L:\ (Local Disk) - FAT32 - Total:149 Go (Free:148 Go)

 

"C:\Lop SD" ( MAJ : 30-10-2008|21:58 )

Option : [1] ( 31/10/2008|16:21 )

 

--------------------\\ Listing folders in APPLIC~1

 

[27/10/2006|13:33] C:\DOCUME~1\ADMINI~1\APPLIC~1\BullGuard

[27/10/2006|13:48] C:\DOCUME~1\ADMINI~1\APPLIC~1\CyberLink

[25/11/2005|09:00] C:\DOCUME~1\ADMINI~1\APPLIC~1\Identities

[27/10/2006|13:32] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft

[25/11/2005|09:19] C:\DOCUME~1\ADMINI~1\APPLIC~1\Real

 

[07/10/2008|14:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

[12/03/2008|21:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe

[08/02/2007|14:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe Systems

[06/07/2007|12:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ahead

[03/07/2007|14:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple

[22/01/2007|15:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer

[31/10/2008|16:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BullGuard

[27/10/2006|16:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink

[12/06/2007|13:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google

[23/10/2008|14:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft

[17/07/2007|19:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\LightScribe

[17/03/2008|16:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft

[06/07/2007|12:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nero

[31/10/2006|13:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NVIDIA

[05/07/2007|15:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\nView_Profiles

[16/12/2006|10:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\PACE Anti-Piracy

[25/11/2005|09:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime

[25/11/2005|09:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SBSI

[29/10/2008|23:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy

[28/08/2007|13:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP

[31/10/2006|14:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage

[12/12/2006|12:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo!

 

[25/01/2007|18:23] C:\DOCUME~1\Carol\APPLIC~1\Adobe

[09/12/2006|02:24] C:\DOCUME~1\Carol\APPLIC~1\BullGuard

[27/10/2006|13:48] C:\DOCUME~1\Carol\APPLIC~1\CyberLink

[25/11/2005|09:00] C:\DOCUME~1\Carol\APPLIC~1\Identities

[09/12/2006|02:20] C:\DOCUME~1\Carol\APPLIC~1\Microsoft

[25/11/2005|09:19] C:\DOCUME~1\Carol\APPLIC~1\Real

[25/01/2007|18:24] C:\DOCUME~1\Carol\APPLIC~1\XTND_BTUIObjects

 

[27/10/2006|13:33] C:\DOCUME~1\DEFAUL~1\APPLIC~1\BullGuard

[27/10/2006|13:48] C:\DOCUME~1\DEFAUL~1\APPLIC~1\CyberLink

[25/11/2005|09:00] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities

[27/10/2006|13:32] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

[25/11/2005|09:19] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Real

 

[11/07/2007|16:09] C:\DOCUME~1\Digsy\APPLIC~1\Adobe

[05/07/2007|13:14] C:\DOCUME~1\Digsy\APPLIC~1\Ahead

[18/04/2008|15:18] C:\DOCUME~1\Digsy\APPLIC~1\Apple Computer

[04/06/2007|14:08] C:\DOCUME~1\Digsy\APPLIC~1\Blackberry Desktop

[28/10/2008|16:56] C:\DOCUME~1\Digsy\APPLIC~1\BullGuard

[19/06/2007|13:28] C:\DOCUME~1\Digsy\APPLIC~1\CoreFTP

[01/11/2006|14:27] C:\DOCUME~1\Digsy\APPLIC~1\CyberLink

[08/05/2007|12:03] C:\DOCUME~1\Digsy\APPLIC~1\Google

[24/02/2007|21:06] C:\DOCUME~1\Digsy\APPLIC~1\Help

[31/10/2006|14:30] C:\DOCUME~1\Digsy\APPLIC~1\Hewlett-Packard

[31/10/2006|18:41] C:\DOCUME~1\Digsy\APPLIC~1\Identities

[23/10/2008|12:35] C:\DOCUME~1\Digsy\APPLIC~1\LimeWire

[18/07/2007|15:13] C:\DOCUME~1\Digsy\APPLIC~1\Macromedia

[19/02/2007|14:24] C:\DOCUME~1\Digsy\APPLIC~1\MailWasherPro

[19/09/2008|14:37] C:\DOCUME~1\Digsy\APPLIC~1\Microsoft

[19/06/2007|13:52] C:\DOCUME~1\Digsy\APPLIC~1\Mozilla

[19/09/2008|17:27] C:\DOCUME~1\Digsy\APPLIC~1\MSNInstaller

[19/06/2007|13:54] C:\DOCUME~1\Digsy\APPLIC~1\Nvu

[23/11/2006|13:27] C:\DOCUME~1\Digsy\APPLIC~1\Opera

[16/12/2006|10:54] C:\DOCUME~1\Digsy\APPLIC~1\PACE Anti-Piracy

[30/11/2006|17:56] C:\DOCUME~1\Digsy\APPLIC~1\Real

[04/06/2007|14:09] C:\DOCUME~1\Digsy\APPLIC~1\Research In Motion

[22/10/2008|13:49] C:\DOCUME~1\Digsy\APPLIC~1\Samsung

[19/06/2007|13:02] C:\DOCUME~1\Digsy\APPLIC~1\SmartFTP

[12/12/2006|13:08] C:\DOCUME~1\Digsy\APPLIC~1\Sun

[23/03/2007|10:06] C:\DOCUME~1\Digsy\APPLIC~1\Template

[15/01/2007|16:26] C:\DOCUME~1\Digsy\APPLIC~1\XTND_BTUIObjects

[11/06/2008|13:42] C:\DOCUME~1\Digsy\APPLIC~1\???????sAppData

 

[11/05/2007|15:18] C:\DOCUME~1\LOCALS~1\APPLIC~1\Google

[01/11/2006|12:48] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

 

[25/11/2005|09:02] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

 

--------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks

 

[16/09/2008 14:53][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[18/04/2008 14:55][--ah-----] C:\WINDOWS\tasks\User_Feed_Synchronization-{059123A2-0BD4-42BC-97E3-F64F7F00AEAA}.job

[19/02/2007 14:30][--a------] C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1162304856.job

[16/09/2008 14:53][--ah-----] C:\WINDOWS\tasks\SA.DAT

[04/08/2004 12:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

 

--------------------\\ Listing Folders in C:\Program Files

 

[29/10/2008|21:01] C:\Program Files\A

[18/07/2007|14:49] C:\Program Files\Abexo

[27/10/2008|19:10] C:\Program Files\Adobe

[15/06/2007|11:20] C:\Program Files\Ahead

[25/11/2005|09:19] C:\Program Files\aod

[16/09/2008|14:54] C:\Program Files\Apple Software Update

[27/10/2006|13:48] C:\Program Files\AvRack

[16/09/2008|13:31] C:\Program Files\Bonjour

[27/10/2006|13:33] C:\Program Files\BullGuard Software

[11/08/2008|15:07] C:\Program Files\CCleaner

[28/10/2008|16:41] C:\Program Files\Common Files

[25/11/2005|08:58] C:\Program Files\ComPlus Applications

[25/11/2005|09:18] C:\Program Files\CyberLink

[22/10/2008|14:02] C:\Program Files\Dr.STIKA PLUS

[22/10/2007|21:00] C:\Program Files\Electronic Arts

[15/01/2007|16:21] C:\Program Files\Extended Systems

[16/12/2006|10:53] C:\Program Files\GameSpy

[12/06/2007|13:54] C:\Program Files\Google

[31/10/2006|14:28] C:\Program Files\Hewlett-Packard

[25/11/2005|09:14] C:\Program Files\HighMAT CD Writing Wizard

[23/10/2008|12:37] C:\Program Files\InstallShield Installation Information

[09/12/2006|00:35] C:\Program Files\Internet

[14/10/2008|19:27] C:\Program Files\Internet Explorer

[07/10/2008|14:41] C:\Program Files\iPod

[07/10/2008|14:41] C:\Program Files\iTunes

[24/07/2008|15:08] C:\Program Files\Java

[23/10/2008|14:41] C:\Program Files\Lavasoft

[27/10/2006|13:51] C:\Program Files\Marvell

[15/01/2008|12:59] C:\Program Files\Mesh Online

[15/08/2008|10:04] C:\Program Files\Messenger

[25/11/2005|09:15] C:\Program Files\Microsoft ActiveSync

[25/11/2005|09:00] C:\Program Files\microsoft frontpage

[25/11/2005|09:16] C:\Program Files\Microsoft Office

[25/11/2005|09:16] C:\Program Files\Microsoft Works

[25/11/2005|09:15] C:\Program Files\Microsoft.NET

[15/06/2007|11:40] C:\Program Files\MioNet

[02/08/2008|12:02] C:\Program Files\Movie Maker

[19/09/2008|17:17] C:\Program Files\MSN

[25/11/2005|08:58] C:\Program Files\MSN Gaming Zone

[09/03/2007|19:42] C:\Program Files\MSN Messenger

[31/10/2006|14:57] C:\Program Files\MSXML 4.0

[15/12/2006|12:49] C:\Program Files\Nero

[02/08/2008|12:00] C:\Program Files\NetMeeting

[27/10/2006|13:49] C:\Program Files\NVIDIA Corporation

[19/06/2007|13:52] C:\Program Files\Nvu

[25/11/2005|08:58] C:\Program Files\Online Services

[02/08/2008|12:00] C:\Program Files\Outlook Express

[31/10/2008|15:08] C:\Program Files\Panda Security

[02/01/2007|15:54] C:\Program Files\PartyGaming

[31/10/2006|19:09] C:\Program Files\PCPitstop

[18/05/2007|23:39] C:\Program Files\Philips

[16/09/2008|13:46] C:\Program Files\QuickTime

[25/11/2005|09:19] C:\Program Files\Real

[27/10/2006|13:48] C:\Program Files\Realtek AC97

[27/10/2006|13:48] C:\Program Files\Realtek Sound Manager

[25/11/2005|09:14] C:\Program Files\Recovery

[04/06/2007|14:08] C:\Program Files\Research In Motion

[29/10/2008|21:04] C:\Program Files\Roland CutChoice

[21/10/2008|17:37] C:\Program Files\Roland CutChoice 1.1 Updater 2

[21/10/2008|15:07] C:\Program Files\Roland CutChoice AI10 Updater

[05/09/2008|15:03] C:\Program Files\Safari

[31/08/2007|14:14] C:\Program Files\Samsung

[23/10/2008|12:57] C:\Program Files\SDHelper (Spybot - Search & Destroy)

[28/08/2007|14:38] C:\Program Files\Setup

[29/10/2008|23:26] C:\Program Files\Spybot - Search & Destroy

[18/05/2007|19:51] C:\Program Files\SystemRequirementsLab

[11/07/2007|15:07] C:\Program Files\Tablet

[23/10/2008|12:57] C:\Program Files\TeaTimer (Spybot - Search & Destroy)

[25/11/2006|14:55] C:\Program Files\Total Training

[20/03/2007|13:33] C:\Program Files\Ubisoft

[25/11/2005|09:02] C:\Program Files\Uninstall Information

[12/12/2006|13:09] C:\Program Files\UniVoice

[01/11/2006|13:28] C:\Program Files\Valve

[01/11/2006|12:47] C:\Program Files\Windows Media Connect

[01/11/2006|12:48] C:\Program Files\Windows Media Connect 2

[02/08/2008|12:00] C:\Program Files\Windows Media Player

[02/08/2008|12:00] C:\Program Files\Windows NT

[25/11/2005|08:59] C:\Program Files\WindowsUpdate

[25/11/2005|09:00] C:\Program Files\xerox

[06/02/2007|16:55] C:\Program Files\Yahoo!

 

--------------------\\ Listing Folders in C:\Program Files\Common Files

 

[27/10/2008|19:11] C:\Program Files\Common Files\Adobe

[08/02/2007|14:48] C:\Program Files\Common Files\Adobe Systems Shared

[06/07/2007|12:15] C:\Program Files\Common Files\Ahead

[16/09/2008|13:46] C:\Program Files\Common Files\Apple

[25/11/2005|09:15] C:\Program Files\Common Files\DESIGNER

[30/01/2007|18:21] C:\Program Files\Common Files\EasyInfo

[31/10/2006|14:24] C:\Program Files\Common Files\Hewlett-Packard

[27/10/2006|13:48] C:\Program Files\Common Files\InstallShield

[12/12/2006|13:04] C:\Program Files\Common Files\Java

[17/07/2007|19:17] C:\Program Files\Common Files\LightScribe

[15/02/2007|17:41] C:\Program Files\Common Files\Microsoft Shared

[25/11/2005|08:59] C:\Program Files\Common Files\MSSoap

[25/11/2005|08:54] C:\Program Files\Common Files\ODBC

[16/12/2006|10:54] C:\Program Files\Common Files\PACE Anti-Piracy

[30/11/2006|17:54] C:\Program Files\Common Files\Real

[04/06/2007|14:08] C:\Program Files\Common Files\Research In Motion

[25/11/2005|08:59] C:\Program Files\Common Files\Services

[25/11/2005|08:54] C:\Program Files\Common Files\SpeechEngines

[02/08/2008|11:59] C:\Program Files\Common Files\System

[28/10/2008|16:41] C:\Program Files\Common Files\Wise Installation Wizard

[30/11/2006|17:54] C:\Program Files\Common Files\xing shared

 

--------------------\\ Process

 

( 68 Processes )

 

iexplore.exe ~ [PID:3972]

 

--------------------\\ Searching with S_Lop

 

No Lop folder found !

 

--------------------\\ Searching for Lop Files - Folders

 

C:\DOCUME~1\Digsy\Cookies\[email protected][1].txt

 

--------------------\\ Searching within the Registry

 

..... OK !

 

--------------------\\ Checking the Hosts file

 

Hosts file CLEAN

 

 

--------------------\\ Searching for hidden files with Catchme

 

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-10-31 16:22:08

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden files ...

scan completed successfully

hidden processes: 0

hidden files: 0

 

--------------------\\ Searching for other infections

 

 

No other infections found !

 

[F:17][D:11]-> C:\DOCUME~1\Digsy\LOCALS~1\Temp

[F:26][D:0]-> C:\DOCUME~1\Digsy\Cookies

[F:1115][D:11]-> C:\DOCUME~1\Digsy\LOCALS~1\TEMPOR~1\content.IE5

 

1 - "C:\Lop SD\LopR_1.txt" - 31/10/2008|16:22 - Option : [1]

 

--------------------\\ Scan completed at 16:22:52

Share this post


Link to post
Share on other sites

Can I get you to post that log here, seems it got messed up when you attached it. You may need to use two posts to get it all in

Share this post


Link to post
Share on other sites

The rest.

 

 

C:\AUTOEXEC.BAT [] -> %SystemDrive%\AUTOEXEC.BAT [ NTFS ] -> [2005/11/25 09:00:41 | 00,000,000 | ---- | M] ()

< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 ->

 

[Registry - Additional Scans - Safe List]

< Disabled MSConfig Services [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services ->

"CLCapSvc" -> ->

"CLSched" -> ->

"CyberLink Media Library Service" -> ->

< Disabled MSConfig Folder Items [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\ ->

C:^Documents and Settings^All Users^Start Menu^Programs^Startup^TrayMin200.exe.lnk -> %ProgramFiles%\Philips\SPC 200NC PC Camera\TrayMin200.exe -> [2005/07/12 18:54:32 | 00,278,528 | ---- | M] ()

< Disabled MSConfig State [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state ->

"bootini" -> 2 ->

"services" -> 2 ->

"startup" -> 0 ->

"system.ini" -> 0 ->

"win.ini" -> 0 ->

< File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ ->

.bat [@ = batfile] -> "%1" %* ->

.chm [@ = chm.file] -> %SystemRoot%\hh.exe -> [2008/04/14 00:12:21 | 00,010,752 | ---- | M] (Microsoft Corporation)

.cmd [@ = cmdfile] -> "%1" %* ->

.com [@ = comfile] -> "%1" %* ->

.exe [@ = exefile] -> "%1" %* ->

.hlp [@ = hlpfile] -> %SystemRoot%\system32\winhlp32.exe -> [2004/08/04 12:00:00 | 00,008,192 | ---- | M] (Microsoft Corporation)

.hta [@ = htafile] -> %SystemRoot%\system32\mshta.exe -> [2006/10/17 12:56:10 | 00,045,568 | ---- | M] (Microsoft Corporation)

.html [@ = SafariHTML] -> %ProgramFiles%\Safari\Safari.exe -> [2008/06/17 23:16:12 | 03,463,976 | ---- | M] (Apple Inc.)

.inf [@ = inffile] -> %SystemRoot%\system32\notepad.exe -> [2008/04/14 00:12:29 | 00,069,120 | ---- | M] (Microsoft Corporation)

.ini [@ = inifile] -> %SystemRoot%\system32\notepad.exe -> [2008/04/14 00:12:29 | 00,069,120 | ---- | M] (Microsoft Corporation)

.js [@ = JSFile] -> %SystemRoot%\system32\wscript.exe -> [2008/05/08 11:24:44 | 00,155,648 | ---- | M] (Microsoft Corporation)

.jse [@ = JSEFile] -> %SystemRoot%\system32\wscript.exe -> [2008/05/08 11:24:44 | 00,155,648 | ---- | M] (Microsoft Corporation)

.pif [@ = piffile] -> "%1" %* ->

.reg [@ = regfile] -> %SystemRoot%\regedit.exe -> [2008/04/14 00:12:32 | 00,146,432 | ---- | M] (Microsoft Corporation)

.scr [@ = scrfile] -> "%1" /S ->

.txt [@ = txtfile] -> %SystemRoot%\system32\notepad.exe -> [2008/04/14 00:12:29 | 00,069,120 | ---- | M] (Microsoft Corporation)

.vbe [@ = VBEFile] -> %SystemRoot%\system32\wscript.exe -> [2008/05/08 11:24:44 | 00,155,648 | ---- | M] (Microsoft Corporation)

.vbs [@ = VBSFile] -> %SystemRoot%\system32\wscript.exe -> [2008/05/08 11:24:44 | 00,155,648 | ---- | M] (Microsoft Corporation)

.wsf [@ = WSFFile] -> %SystemRoot%\system32\wscript.exe -> [2008/05/08 11:24:44 | 00,155,648 | ---- | M] (Microsoft Corporation)

.wsh [@ = WSHFile] -> %SystemRoot%\system32\wscript.exe -> [2008/05/08 11:24:44 | 00,155,648 | ---- | M] (Microsoft Corporation)

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost > -> ->

*netsvcs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs ->

6to4 -> [] ->

AppMgmt -> C:\WINDOWS\System32\appmgmts.dll [C:\WINDOWS\System32\appmgmts.dll] -> File not found

Ias -> [] ->

Iprip -> [] ->

Irmon -> [] ->

NWCWorkstation -> [] ->

Nwsapagent -> [] ->

Wmi -> [] ->

WmdmPmSp -> [] ->

helpsvc -> C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll [C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll] -> [2008/04/14 00:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation)

*MultiFile Done* -> ->

< Protocol Filters [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\ ->

text/xml:{807553E5-5146-11D5-A672-00B0D022E945} [HKLM] -> %CommonProgramFiles%\Microsoft Shared\OFFICE11\MSOXMLMF.DLL[Reg Error: Value does not exist or could not be read.] -> [2003/07/14 22:45:12 | 00,039,488 | ---- | M] (Microsoft Corporation)

< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->

ipp: [HKLM] -> No CLSID value

ippx00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} [HKLM] -> %CommonProgramFiles%\System\Ole DB\MSDAIPP.DLL[MSDAMON.BINDER] -> [2003/07/11 02:25:22 | 00,842,816 | ---- | M] (Microsoft Corporation)

livecall:{828030A1-22C1-4009-854F-8E305202313F} [HKLM] -> %ProgramFiles%\MSN Messenger\msgrapp.8.1.0178.00.dll[Reg Error: Value does not exist or could not be read.] -> [2007/01/19 12:53:24 | 00,063,344 | ---- | M] (Microsoft Corporation)

msdaipp: [HKLM] -> No CLSID value

msdaippx00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} [HKLM] -> %CommonProgramFiles%\System\Ole DB\MSDAIPP.DLL[MSDAMON.BINDER] -> [2003/07/11 02:25:22 | 00,842,816 | ---- | M] (Microsoft Corporation)

msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} [HKLM] -> %CommonProgramFiles%\System\Ole DB\MSDAIPP.DLL[MSDAIPP.BINDER] -> [2003/07/11 02:25:22 | 00,842,816 | ---- | M] (Microsoft Corporation)

ms-itss:{0A9007C0-4076-11D3-8789-0000F8105754} [HKLM] -> %CommonProgramFiles%\Microsoft Shared\Information Retrieval\msitss.dll[Microsoft Infotech Storage Protocol for IE 4.0] -> [2001/06/20 16:26:46 | 00,221,184 | ---- | M] (Microsoft Corporation)

msnim:{828030A1-22C1-4009-854F-8E305202313F} [HKLM] -> %ProgramFiles%\MSN Messenger\msgrapp.8.1.0178.00.dll[Reg Error: Value does not exist or could not be read.] -> [2007/01/19 12:53:24 | 00,063,344 | ---- | M] (Microsoft Corporation)

mso-offdap11:{32505114-5902-49B2-880A-1F7738E5A384} [HKLM] -> %CommonProgramFiles%\Microsoft Shared\Web Components\11\OWC11.DLL[Data Page Plugable Protocal mso-offdap11 Handler] -> [2005/04/25 13:29:56 | 08,071,360 | ---- | M] (Microsoft Corporation)

 

[Files/Folders - Created Within 90 Days]

1 C:\*.tmp files -> C:\*.tmp ->

1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp ->

OTScanIt2 -> %UserProfile%\Desktop\OTScanIt2 -> [2008/10/31 16:26:39 | 00,000,000 | ---D | C]

Lop SD -> %SystemDrive%\Lop SD -> [2008/10/31 16:20:51 | 00,000,000 | ---D | C]

pavboot.sys -> %SystemRoot%\System32\drivers\pavboot.sys -> [2008/10/31 15:08:57 | 00,028,544 | ---- | C] (Panda Security, S.L.)

Panda Security -> %ProgramFiles%\Panda Security -> [2008/10/31 15:08:40 | 00,000,000 | ---D | C]

A -> %ProgramFiles%\A -> [2008/10/29 21:01:12 | 00,000,000 | ---D | C]

Ad-Watch.lnk -> %AllUsersProfile%\Desktop\Ad-Watch.lnk -> [2008/10/28 16:42:36 | 00,000,800 | ---- | C] ()

Ad-Aware.lnk -> %AllUsersProfile%\Desktop\Ad-Aware.lnk -> [2008/10/28 16:42:36 | 00,000,800 | ---- | C] ()

Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard -> [2008/10/28 16:41:59 | 00,000,000 | ---D | C]

Roland CutChoice.lnk -> %AllUsersProfile%\Desktop\Roland CutChoice.lnk -> [2008/10/27 19:15:13 | 00,001,721 | ---- | C] ()

Adobe Gamma Loader.lnk -> %AllUsersProfile%\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk -> [2008/10/27 19:11:19 | 00,001,827 | ---- | C] ()

netapi32.dll -> %SystemRoot%\System32\dllcache\netapi32.dll -> [2008/10/27 19:07:29 | 00,337,408 | ---- | C] (Microsoft Corporation)

35c5373ef000018fb2ffb65da1290022c0d280a2b192603_dl -> %UserProfile%\My Documents\35c5373ef000018fb2ffb65da1290022c0d280a2b192603_dl -> [2008/10/23 19:16:49 | 00,000,000 | ---D | C]

35c5373ef000018fb2ffb65da1290022c0d280a2b192603_dl.zip -> %UserProfile%\My Documents\35c5373ef000018fb2ffb65da1290022c0d280a2b192603_dl.zip -> [2008/10/23 19:08:58 | 56,477,5803 | ---- | C] ()

spybotsd160.exe -> %UserProfile%\Desktop\spybotsd160.exe -> [2008/10/23 13:02:33 | 14,968,808 | ---- | C] (Safer Networking Limited )

TeaTimer (Spybot - Search & Destroy) -> %ProgramFiles%\TeaTimer (Spybot - Search & Destroy) -> [2008/10/23 12:57:06 | 00,000,000 | ---D | C]

SDHelper (Spybot - Search & Destroy) -> %ProgramFiles%\SDHelper (Spybot - Search & Destroy) -> [2008/10/23 12:57:06 | 00,000,000 | ---D | C]

cont_adzgalore-remove.exe -> %SystemRoot%\System32\cont_adzgalore-remove.exe -> [2008/10/22 16:04:32 | 00,102,190 | ---- | C] ()

LimeWire -> %AppData%\LimeWire -> [2008/10/22 15:04:48 | 00,000,000 | ---D | C]

Dr.STIKA PLUS -> %ProgramFiles%\Dr.STIKA PLUS -> [2008/10/22 14:02:16 | 00,000,000 | ---D | C]

Roland CutChoice 1.1 Updater 2 -> %ProgramFiles%\Roland CutChoice 1.1 Updater 2 -> [2008/10/21 17:37:02 | 00,000,000 | ---D | C]

rdgstikp.drv -> %SystemRoot%\System32\rdgstikp.drv -> [2008/10/21 17:13:41 | 00,102,416 | R--- | C] (Roland DG Corporation)

spoolerlogs -> %SystemDrive%\spoolerlogs -> [2008/10/21 15:45:24 | 00,000,000 | ---D | C]

RD462LM1.DLL -> %SystemRoot%\System32\RD462LM1.DLL -> [2008/10/21 15:45:23 | 00,013,630 | ---- | C] (Roland DG Corporation)

ousb2hub.sys -> %SystemRoot%\System32\drivers\ousb2hub.sys -> [2008/10/21 15:23:15 | 00,043,648 | ---- | C] (OrangeWare Corporation)

ousbehci.sys -> %SystemRoot%\System32\drivers\ousbehci.sys -> [2008/10/21 15:23:15 | 00,029,696 | ---- | C] (OrangeWare Corporation)

Drivers -> %SystemRoot%\Drivers -> [2008/10/21 15:23:15 | 00,000,000 | ---D | C]

ser2pl.sys -> %SystemRoot%\System32\drivers\ser2pl.sys -> [2008/10/21 15:16:06 | 00,042,752 | ---- | C] (Prolific Technology Inc.)

VBA5.DLL -> %SystemRoot%\System32\VBA5.DLL -> [2008/10/21 15:09:08 | 01,766,160 | ---- | C] (Microsoft Corporation)

VB5.OLB -> %SystemRoot%\System32\VB5.OLB -> [2008/10/21 15:09:08 | 00,279,098 | ---- | C] ()

Roland CutChoice -> %ProgramFiles%\Roland CutChoice -> [2008/10/21 15:08:55 | 00,000,000 | ---D | C]

uninst.exe -> %SystemRoot%\uninst.exe -> [2008/10/21 15:08:18 | 00,299,520 | ---- | C] (InstallShield Corporation, Inc.)

Roland CutChoice AI10 Updater -> %ProgramFiles%\Roland CutChoice AI10 Updater -> [2008/10/21 15:07:24 | 00,000,000 | ---D | C]

RDCOMMON.DLL__ -> %SystemRoot%\System32\RDCOMMON.DLL__ -> [2008/10/21 15:06:56 | 00,013,630 | ---- | C] (Roland DG Corporation)

RDCOMMON.DLL -> %SystemRoot%\System32\RDCOMMON.DLL -> [2008/10/21 15:06:56 | 00,013,630 | ---- | C] (Roland DG Corporation)

srv.sys -> %SystemRoot%\System32\dllcache\srv.sys -> [2008/10/14 17:56:43 | 00,333,824 | ---- | C] (Microsoft Corporation)

win32k.sys -> %SystemRoot%\System32\dllcache\win32k.sys -> [2008/10/14 17:55:56 | 01,846,400 | ---- | C] (Microsoft Corporation)

ntoskrnl.exe -> %SystemRoot%\System32\dllcache\ntoskrnl.exe -> [2008/10/14 17:55:51 | 02,189,184 | ---- | C] (Microsoft Corporation)

ntkrnlmp.exe -> %SystemRoot%\System32\dllcache\ntkrnlmp.exe -> [2008/10/14 17:55:51 | 02,145,280 | ---- | C] (Microsoft Corporation)

ntkrnlpa.exe -> %SystemRoot%\System32\dllcache\ntkrnlpa.exe -> [2008/10/14 17:55:50 | 02,066,048 | ---- | C] (Microsoft Corporation)

ntkrpamp.exe -> %SystemRoot%\System32\dllcache\ntkrpamp.exe -> [2008/10/14 17:55:50 | 02,023,936 | ---- | C] (Microsoft Corporation)

nsx37.dll -> %SystemRoot%\System32\nsx37.dll -> [2008/10/07 15:05:42 | 00,364,032 | ---- | C] ()

{3276BE95_AF08_429F_A64F_CA64CB79BCF6} -> %AllUsersProfile%\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} -> [2008/10/07 14:41:15 | 00,000,000 | ---D | C]

sisters.ai -> %UserProfile%\My Documents\sisters.ai -> [2008/09/22 15:54:09 | 00,942,959 | ---- | C] ()

MSNInstaller -> %AppData%\MSNInstaller -> [2008/09/19 17:27:09 | 00,000,000 | ---D | C]

MSN Installer.lnk -> %AllUsersProfile%\Desktop\MSN Installer.lnk -> [2008/09/19 17:17:54 | 00,001,864 | ---- | C] ()

AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job -> [2008/09/16 14:53:07 | 00,000,284 | ---- | C] ()

Prefetch -> %SystemRoot%\Prefetch -> [2008/09/16 14:53:07 | 00,000,000 | ---D | C]

QuickTime -> %ProgramFiles%\QuickTime -> [2008/09/16 13:46:14 | 00,000,000 | ---D | C]

Bonjour -> %ProgramFiles%\Bonjour -> [2008/09/16 13:31:47 | 00,000,000 | ---D | C]

Safari.lnk -> %AllUsersProfile%\Desktop\Safari.lnk -> [2008/09/05 15:04:01 | 00,001,599 | ---- | C] ()

Safari -> %ProgramFiles%\Safari -> [2008/09/05 15:03:32 | 00,000,000 | ---D | C]

Team Fortress 2.lnk -> %UserProfile%\Desktop\Team Fortress 2.lnk -> [2008/08/27 17:59:04 | 00,001,669 | ---- | C] ()

msadce.dll -> %SystemRoot%\System32\dllcache\msadce.dll -> [2008/08/15 09:32:20 | 00,331,776 | ---- | C] (Microsoft Corporation)

inetcomm.dll -> %SystemRoot%\System32\dllcache\inetcomm.dll -> [2008/08/15 09:31:50 | 00,691,712 | ---- | C] (Microsoft Corporation)

Fantasy -> %UserProfile%\My Documents\Fantasy -> [2008/08/09 14:40:27 | 00,000,000 | ---D | C]

My Projects -> %UserProfile%\My Documents\My Projects -> [2008/08/09 14:32:08 | 00,000,000 | ---D | C]

 

[Files/Folders - Modified Within 90 Days]

1 C:\*.tmp files -> C:\*.tmp ->

3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp ->

1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp ->

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader -> [2006/10/31 13:52:34 | 00,000,000 | ---D | M]

qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [2008/10/27 19:07:29 | 00,004,232 | ---- | M] ()

qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [2008/10/27 19:07:29 | 00,004,646 | ---- | M] ()

C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA -> [2005/11/25 09:15:53 | 00,000,000 | ---D | M]

opa11.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa11.dat -> [2008/10/27 21:15:48 | 00,011,184 | ---- | M] ()

C:\Documents and Settings\All Users\Application Data\Microsoft\Works\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works -> [2008/08/09 14:29:48 | 00,000,000 | ---D | M]

wkcalcat.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works\wkcalcat.dat -> [2007/03/23 10:06:31 | 00,016,384 | ---- | M] ()

wklntsk1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works\wklntsk1.dat -> [2007/03/23 10:52:14 | 00,161,385 | ---- | M] ()

C:\Documents and Settings\Digsy\Local Settings\Temp\Saf3B.tmp\ -> C:\Documents and Settings\Digsy\Local Settings\Temp\Saf3B.tmp\ -> [2008/10/28 16:41:54 | 00,000,000 | ---D | M]

aaw2008.exe -> C:\Documents and Settings\Digsy\Local Settings\Temp\Saf3B.tmp\aaw2008.exe -> [2008/10/28 16:41:54 | 19,153,264 | ---- | M] ()

C:\Documents and Settings\Digsy\Local Settings\Temp\ -> C:\Documents and Settings\Digsy\Local Settings\Temp -> [2008/11/01 11:05:28 | 00,000,000 | ---D | M]

swpklkdv.dll -> C:\Documents and Settings\Digsy\Local Settings\Temp\swpklkdv.dll -> [2008/10/31 16:27:22 | 00,053,248 | ---- | M] ()

4 C:\Documents and Settings\Digsy\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Digsy\Local Settings\Temp\*.tmp ->

hpfr3420.xml -> %SystemDrive%\hpfr3420.xml -> [2008/11/01 11:06:18 | 00,000,521 | ---- | M] ()

wpa.dbl -> %SystemRoot%\System32\wpa.dbl -> [2008/11/01 11:02:13 | 00,012,706 | ---- | M] ()

tablet.dat -> %SystemRoot%\System32\tablet.dat -> [2008/11/01 11:01:42 | 00,012,914 | ---- | M] ()

bootstat.dat -> %SystemRoot%\bootstat.dat -> [2008/11/01 11:00:47 | 00,002,048 | --S- | M] ()

GDIPFONTCACHEV1.DAT -> %UserProfile%\Local Settings\Application Data\GDIPFONTCACHEV1.DAT -> [2008/10/31 16:09:29 | 00,070,248 | ---- | M] ()

hosts -> %SystemRoot%\System32\drivers\etc\hosts -> [2008/10/31 14:47:30 | 00,269,159 | R--- | M] ()

Roland CutChoice.lnk -> %AllUsersProfile%\Desktop\Roland CutChoice.lnk -> [2008/10/29 20:53:55 | 00,001,721 | ---- | M] ()

FNTCACHE.DAT -> %SystemRoot%\System32\FNTCACHE.DAT -> [2008/10/29 20:42:34 | 00,248,696 | ---- | M] ()

Ad-Watch.lnk -> %AllUsersProfile%\Desktop\Ad-Watch.lnk -> [2008/10/28 16:42:36 | 00,000,800 | ---- | M] ()

Ad-Aware.lnk -> %AllUsersProfile%\Desktop\Ad-Aware.lnk -> [2008/10/28 16:42:36 | 00,000,800 | ---- | M] ()

Mesh Online Support.lnk -> %UserProfile%\Desktop\Mesh Online Support.lnk -> [2008/10/27 22:31:42 | 00,001,643 | ---- | M] ()

Adobe Gamma Loader.lnk -> %AllUsersProfile%\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk -> [2008/10/27 19:11:19 | 00,001,827 | ---- | M] ()

PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI -> [2008/10/27 19:07:39 | 00,483,426 | ---- | M] ()

perfh009.dat -> %SystemRoot%\System32\perfh009.dat -> [2008/10/27 19:07:39 | 00,410,908 | ---- | M] ()

perfc009.dat -> %SystemRoot%\System32\perfc009.dat -> [2008/10/27 19:07:39 | 00,065,442 | ---- | M] ()

35c5373ef000018fb2ffb65da1290022c0d280a2b192603_dl.zip -> %UserProfile%\My Documents\35c5373ef000018fb2ffb65da1290022c0d280a2b192603_dl.zip -> [2008/10/23 19:10:04 | 56,477,5803 | ---- | M] ()

Spybot - Search & Destroy.lnk -> %UserProfile%\Desktop\Spybot - Search & Destroy.lnk -> [2008/10/23 13:04:03 | 00,000,940 | ---- | M] ()

spybotsd160.exe -> %UserProfile%\Desktop\spybotsd160.exe -> [2008/10/23 13:03:17 | 14,968,808 | ---- | M] (Safer Networking Limited )

DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %UserProfile%\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2008/10/22 16:19:26 | 00,014,848 | ---- | M] ()

cont_adzgalore-remove.exe -> %SystemRoot%\System32\cont_adzgalore-remove.exe -> [2008/10/22 16:04:32 | 00,102,190 | ---- | M] ()

NeroDigital.ini -> %SystemRoot%\NeroDigital.ini -> [2008/10/21 16:21:19 | 00,000,116 | ---- | M] ()

win.ini -> %SystemRoot%\win.ini -> [2008/10/21 16:09:02 | 00,000,658 | ---- | M] ()

netapi32.dll -> %SystemRoot%\System32\netapi32.dll -> [2008/10/15 16:34:24 | 00,337,408 | ---- | M] (Microsoft Corporation)

netapi32.dll -> %SystemRoot%\System32\dllcache\netapi32.dll -> [2008/10/15 16:34:24 | 00,337,408 | ---- | M] (Microsoft Corporation)

MRT.exe -> %SystemRoot%\System32\MRT.exe -> [2008/10/07 19:19:40 | 16,721,856 | ---- | M] (Microsoft Corporation)

nsx37.dll -> %SystemRoot%\System32\nsx37.dll -> [2008/10/07 15:05:42 | 00,364,032 | ---- | M] ()

ieframe.dll -> %SystemRoot%\System32\ieframe.dll -> [2008/10/03 17:41:15 | 06,066,176 | ---- | M] (Microsoft Corporation)

ieframe.dll -> %SystemRoot%\System32\dllcache\ieframe.dll -> [2008/10/03 17:41:15 | 06,066,176 | ---- | M] (Microsoft Corporation)

sisters.ai -> %UserProfile%\My Documents\sisters.ai -> [2008/09/22 16:07:23 | 00,942,959 | ---- | M] ()

MSN Installer.lnk -> %AllUsersProfile%\Desktop\MSN Installer.lnk -> [2008/09/19 17:17:54 | 00,001,864 | ---- | M] ()

SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [2008/09/16 14:53:29 | 00,000,006 | -H-- | M] ()

AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job -> [2008/09/16 14:53:07 | 00,000,284 | ---- | M] ()

win32k.sys -> %SystemRoot%\System32\win32k.sys -> [2008/09/15 12:12:56 | 01,846,400 | ---- | M] (Microsoft Corporation)

win32k.sys -> %SystemRoot%\System32\dllcache\win32k.sys -> [2008/09/15 12:12:56 | 01,846,400 | ---- | M] (Microsoft Corporation)

srv.sys -> %SystemRoot%\System32\drivers\srv.sys -> [2008/09/08 10:41:42 | 00,333,824 | ---- | M] (Microsoft Corporation)

srv.sys -> %SystemRoot%\System32\dllcache\srv.sys -> [2008/09/08 10:41:42 | 00,333,824 | ---- | M] (Microsoft Corporation)

Safari.lnk -> %AllUsersProfile%\Desktop\Safari.lnk -> [2008/09/05 15:04:01 | 00,001,599 | ---- | M] ()

Team Fortress 2.lnk -> %UserProfile%\Desktop\Team Fortress 2.lnk -> [2008/08/27 17:59:04 | 00,001,669 | ---- | M] ()

mshtml.dll -> %SystemRoot%\System32\mshtml.dll -> [2008/08/27 08:24:32 | 03,593,216 | ---- | M] (Microsoft Corporation)

mshtml.dll -> %SystemRoot%\System32\dllcache\mshtml.dll -> [2008/08/27 08:24:32 | 03,593,216 | ---- | M] (Microsoft Corporation)

urlmon.dll -> %SystemRoot%\System32\urlmon.dll -> [2008/08/26 07:24:31 | 01,159,680 | ---- | M] (Microsoft Corporation)

urlmon.dll -> %SystemRoot%\System32\dllcache\urlmon.dll -> [2008/08/26 07:24:31 | 01,159,680 | ---- | M] (Microsoft Corporation)

wininet.dll -> %SystemRoot%\System32\wininet.dll -> [2008/08/26 07:24:31 | 00,826,368 | ---- | M] (Microsoft Corporation)

wininet.dll -> %SystemRoot%\System32\dllcache\wininet.dll -> [2008/08/26 07:24:31 | 00,826,368 | ---- | M] (Microsoft Corporation)

webcheck.dll -> %SystemRoot%\System32\webcheck.dll -> [2008/08/26 07:24:31 | 00,233,472 | ---- | M] (Microsoft Corporation)

webcheck.dll -> %SystemRoot%\System32\dllcache\webcheck.dll -> [2008/08/26 07:24:31 | 00,233,472 | ---- | M] (Microsoft Corporation)

inetcpl.cpl -> %SystemRoot%\System32\inetcpl.cpl -> [2008/08/26 07:24:30 | 01,831,424 | ---- | M] (Microsoft Corporation)

inetcpl.cpl -> %SystemRoot%\System32\dllcache\inetcpl.cpl -> [2008/08/26 07:24:30 | 01,831,424 | ---- | M] (Microsoft Corporation)

mstime.dll -> %SystemRoot%\System32\mstime.dll -> [2008/08/26 07:24:30 | 00,671,232 | ---- | M] (Microsoft Corporation)

mstime.dll -> %SystemRoot%\System32\dllcache\mstime.dll -> [2008/08/26 07:24:30 | 00,671,232 | ---- | M] (Microsoft Corporation)

mshtmled.dll -> %SystemRoot%\System32\mshtmled.dll -> [2008/08/26 07:24:30 | 00,477,696 | ---- | M] (Microsoft Corporation)

mshtmled.dll -> %SystemRoot%\System32\dllcache\mshtmled.dll -> [2008/08/26 07:24:30 | 00,477,696 | ---- | M] (Microsoft Corporation)

msfeeds.dll -> %SystemRoot%\System32\msfeeds.dll -> [2008/08/26 07:24:30 | 00,459,264 | ---- | M] (Microsoft Corporation)

msfeeds.dll -> %SystemRoot%\System32\dllcache\msfeeds.dll -> [2008/08/26 07:24:30 | 00,459,264 | ---- | M] (Microsoft Corporation)

msrating.dll -> %SystemRoot%\System32\msrating.dll -> [2008/08/26 07:24:30 | 00,193,024 | ---- | M] (Microsoft Corporation)

msrating.dll -> %SystemRoot%\System32\dllcache\msrating.dll -> [2008/08/26 07:24:30 | 00,193,024 | ---- | M] (Microsoft Corporation)

url.dll -> %SystemRoot%\System32\url.dll -> [2008/08/26 07:24:30 | 00,105,984 | ---- | M] (Microsoft Corporation)

url.dll -> %SystemRoot%\System32\dllcache\url.dll -> [2008/08/26 07:24:30 | 00,105,984 | ---- | M] (Microsoft Corporation)

occache.dll -> %SystemRoot%\System32\occache.dll -> [2008/08/26 07:24:30 | 00,102,912 | ---- | M] (Microsoft Corporation)

occache.dll -> %SystemRoot%\System32\dllcache\occache.dll -> [2008/08/26 07:24:30 | 00,102,912 | ---- | M] (Microsoft Corporation)

msfeedsbs.dll -> %SystemRoot%\System32\msfeedsbs.dll -> [2008/08/26 07:24:30 | 00,052,224 | ---- | M] (Microsoft Corporation)

msfeedsbs.dll -> %SystemRoot%\System32\dllcache\msfeedsbs.dll -> [2008/08/26 07:24:30 | 00,052,224 | ---- | M] (Microsoft Corporation)

pngfilt.dll -> %SystemRoot%\System32\pngfilt.dll -> [2008/08/26 07:24:30 | 00,044,544 | ---- | M] (Microsoft Corporation)

pngfilt.dll -> %SystemRoot%\System32\dllcache\pngfilt.dll -> [2008/08/26 07:24:30 | 00,044,544 | ---- | M] (Microsoft Corporation)

jsproxy.dll -> %SystemRoot%\System32\jsproxy.dll -> [2008/08/26 07:24:30 | 00,027,648 | ---- | M] (Microsoft Corporation)

jsproxy.dll -> %SystemRoot%\System32\dllcache\jsproxy.dll -> [2008/08/26 07:24:30 | 00,027,648 | ---- | M] (Microsoft Corporation)

iedkcs32.dll -> %SystemRoot%\System32\iedkcs32.dll -> [2008/08/26 07:24:29 | 00,384,512 | ---- | M] (Microsoft Corporation)

iedkcs32.dll -> %SystemRoot%\System32\dllcache\iedkcs32.dll -> [2008/08/26 07:24:29 | 00,384,512 | ---- | M] (Microsoft Corporation)

iertutil.dll -> %SystemRoot%\System32\iertutil.dll -> [2008/08/26 07:24:29 | 00,267,776 | ---- | M] (Microsoft Corporation)

iertutil.dll -> %SystemRoot%\System32\dllcache\iertutil.dll -> [2008/08/26 07:24:29 | 00,267,776 | ---- | M] (Microsoft Corporation)

iernonce.dll -> %SystemRoot%\System32\iernonce.dll -> [2008/08/26 07:24:29 | 00,044,544 | ---- | M] (Microsoft Corporation)

iernonce.dll -> %SystemRoot%\System32\dllcache\iernonce.dll -> [2008/08/26 07:24:29 | 00,044,544 | ---- | M] (Microsoft Corporation)

ieapfltr.dll -> %SystemRoot%\System32\ieapfltr.dll -> [2008/08/26 07:24:28 | 00,383,488 | ---- | M] (Microsoft Corporation)

ieapfltr.dll -> %SystemRoot%\System32\dllcache\ieapfltr.dll -> [2008/08/26 07:24:28 | 00,383,488 | ---- | M] (Microsoft Corporation)

dxtmsft.dll -> %SystemRoot%\System32\dxtmsft.dll -> [2008/08/26 07:24:28 | 00,347,136 | ---- | M] (Microsoft Corporation)

dxtmsft.dll -> %SystemRoot%\System32\dllcache\dxtmsft.dll -> [2008/08/26 07:24:28 | 00,347,136 | ---- | M] (Microsoft Corporation)

ieaksie.dll -> %SystemRoot%\System32\ieaksie.dll -> [2008/08/26 07:24:28 | 00,230,400 | ---- | M] (Microsoft Corporation)

ieaksie.dll -> %SystemRoot%\System32\dllcache\ieaksie.dll -> [2008/08/26 07:24:28 | 00,230,400 | ---- | M] (Microsoft Corporation)

dxtrans.dll -> %SystemRoot%\System32\dxtrans.dll -> [2008/08/26 07:24:28 | 00,214,528 | ---- | M] (Microsoft Corporation)

dxtrans.dll -> %SystemRoot%\System32\dllcache\dxtrans.dll -> [2008/08/26 07:24:28 | 00,214,528 | ---- | M] (Microsoft Corporation)

ieakeng.dll -> %SystemRoot%\System32\ieakeng.dll -> [2008/08/26 07:24:28 | 00,153,088 | ---- | M] (Microsoft Corporation)

ieakeng.dll -> %SystemRoot%\System32\dllcache\ieakeng.dll -> [2008/08/26 07:24:28 | 00,153,088 | ---- | M] (Microsoft Corporation)

extmgr.dll -> %SystemRoot%\System32\extmgr.dll -> [2008/08/26 07:24:28 | 00,133,120 | ---- | M] (Microsoft Corporation)

extmgr.dll -> %SystemRoot%\System32\dllcache\extmgr.dll -> [2008/08/26 07:24:28 | 00,133,120 | ---- | M] (Microsoft Corporation)

advpack.dll -> %SystemRoot%\System32\dllcache\advpack.dll -> [2008/08/26 07:24:28 | 00,124,928 | ---- | M] (Microsoft Corporation)

advpack.dll -> %SystemRoot%\System32\advpack.dll -> [2008/08/26 07:24:28 | 00,124,928 | ---- | M] (Microsoft Corporation)

icardie.dll -> %SystemRoot%\System32\icardie.dll -> [2008/08/26 07:24:28 | 00,063,488 | ---- | M] (Microsoft Corporation)

icardie.dll -> %SystemRoot%\System32\dllcache\icardie.dll -> [2008/08/26 07:24:28 | 00,063,488 | ---- | M] (Microsoft Corporation)

ieudinit.exe -> %SystemRoot%\System32\ieudinit.exe -> [2008/08/25 08:38:00 | 00,013,824 | ---- | M] (Microsoft Corporation)

ieudinit.exe -> %SystemRoot%\System32\dllcache\ieudinit.exe -> [2008/08/25 08:38:00 | 00,013,824 | ---- | M] (Microsoft Corporation)

ie4uinit.exe -> %SystemRoot%\System32\ie4uinit.exe -> [2008/08/25 08:37:59 | 00,070,656 | ---- | M] (Microsoft Corporation)

ie4uinit.exe -> %SystemRoot%\System32\dllcache\ie4uinit.exe -> [2008/08/25 08:37:59 | 00,070,656 | ---- | M] (Microsoft Corporation)

iexplore.exe -> %SystemRoot%\System32\dllcache\iexplore.exe -> [2008/08/23 05:56:15 | 00,635,848 | ---- | M] (Microsoft Corporation)

ieakui.dll -> %SystemRoot%\System32\ieakui.dll -> [2008/08/23 05:54:51 | 00,161,792 | ---- | M] (Microsoft Corporation)

ieakui.dll -> %SystemRoot%\System32\dllcache\ieakui.dll -> [2008/08/23 05:54:51 | 00,161,792 | ---- | M] (Microsoft Corporation)

PhotoSnapViewer.INI -> %SystemRoot%\PhotoSnapViewer.INI -> [2008/08/21 18:09:29 | 00,000,151 | ---- | M] ()

ntoskrnl.exe -> %SystemRoot%\System32\dllcache\ntoskrnl.exe -> [2008/08/14 10:11:02 | 02,189,184 | ---- | M] (Microsoft Corporation)

ntoskrnl.exe -> %SystemRoot%\System32\ntoskrnl.exe -> [2008/08/14 10:09:26 | 02,145,280 | ---- | M] (Microsoft Corporation)

ntkrnlmp.exe -> %SystemRoot%\System32\dllcache\ntkrnlmp.exe -> [2008/08/14 10:09:26 | 02,145,280 | ---- | M] (Microsoft Corporation)

afd.sys -> %SystemRoot%\System32\drivers\afd.sys -> [2008/08/14 10:04:36 | 00,138,496 | ---- | M] (Microsoft Corporation)

afd.sys -> %SystemRoot%\System32\dllcache\afd.sys -> [2008/08/14 10:04:36 | 00,138,496 | ---- | M] (Microsoft Corporation)

ntkrnlpa.exe -> %SystemRoot%\System32\dllcache\ntkrnlpa.exe -> [2008/08/14 09:33:16 | 02,066,048 | ---- | M] (Microsoft Corporation)

ntkrpamp.exe -> %SystemRoot%\System32\dllcache\ntkrpamp.exe -> [2008/08/14 09:33:16 | 02,023,936 | ---- | M] (Microsoft Corporation)

ntkrnlpa.exe -> %SystemRoot%\System32\ntkrnlpa.exe -> [2008/08/14 09:33:16 | 02,023,936 | ---- | M] (Microsoft Corporation)

wklnhst.dat -> %AppData%\wklnhst.dat -> [2008/08/09 17:00:43 | 00,000,656 | ---- | M] ()

[File - Lop Check]

Application Data -> C:\Documents and Settings\All Users\Application Data -> [2008/10/07 14:41:15 | 00,000,000 | RH-D | M]

{3276BE95_AF08_429F_A64F_CA64CB79BCF6} -> C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} -> [2008/10/07 14:41:33 | 00,000,000 | ---D | M]

Ahead -> C:\Documents and Settings\All Users\Application Data\Ahead -> [2007/07/06 12:15:48 | 00,000,000 | ---D | M]

BullGuard -> C:\Documents and Settings\All Users\Application Data\BullGuard -> [2008/10/31 21:07:35 | 00,000,000 | ---D | M]

CyberLink -> C:\Documents and Settings\All Users\Application Data\CyberLink -> [2006/10/27 16:37:53 | 00,000,000 | ---D | M]

LightScribe -> C:\Documents and Settings\All Users\Application Data\LightScribe -> [2007/07/17 19:18:21 | 00,000,000 | ---D | M]

PACE Anti-Piracy -> C:\Documents and Settings\All Users\Application Data\PACE Anti-Piracy -> [2006/12/16 10:54:34 | 00,000,000 | ---D | M]

SBSI -> C:\Documents and Settings\All Users\Application Data\SBSI -> [2005/11/25 09:16:56 | 00,000,000 | ---D | M]

TEMP -> C:\Documents and Settings\All Users\Application Data\TEMP -> [2007/08/28 13:45:19 | 00,000,000 | ---D | M]

@Alternate Data Stream - 112 bytes -> %AllUsersProfile%\Application Data\TEMP:44DAF2F1

Application Data -> C:\Documents and Settings\Digsy\Application Data -> [2008/10/23 15:30:58 | 00,000,000 | -H-D | M]

Ahead -> C:\Documents and Settings\Digsy\Application Data\Ahead -> [2007/07/05 13:14:32 | 00,000,000 | ---D | M]

Blackberry Desktop -> C:\Documents and Settings\Digsy\Application Data\Blackberry Desktop -> [2007/06/04 14:08:31 | 00,000,000 | ---D | M]

BullGuard -> C:\Documents and Settings\Digsy\Application Data\BullGuard -> [2008/10/28 16:56:14 | 00,000,000 | ---D | M]

CoreFTP -> C:\Documents and Settings\Digsy\Application Data\CoreFTP -> [2007/06/19 13:28:42 | 00,000,000 | ---D | M]

CyberLink -> C:\Documents and Settings\Digsy\Application Data\CyberLink -> [2006/11/01 14:27:43 | 00,000,000 | ---D | M]

LimeWire -> C:\Documents and Settings\Digsy\Application Data\LimeWire -> [2008/10/23 12:35:41 | 00,000,000 | ---D | M]

MailWasherPro -> C:\Documents and Settings\Digsy\Application Data\MailWasherPro -> [2007/02/19 14:24:55 | 00,000,000 | ---D | M]

MSNInstaller -> C:\Documents and Settings\Digsy\Application Data\MSNInstaller -> [2008/09/19 17:27:12 | 00,000,000 | ---D | M]

Nvu -> C:\Documents and Settings\Digsy\Application Data\Nvu -> [2007/06/19 13:54:30 | 00,000,000 | ---D | M]

Opera -> C:\Documents and Settings\Digsy\Application Data\Opera -> [2006/11/23 13:27:59 | 00,000,000 | ---D | M]

PACE Anti-Piracy -> C:\Documents and Settings\Digsy\Application Data\PACE Anti-Piracy -> [2006/12/16 10:54:34 | 00,000,000 | ---D | M]

Research In Motion -> C:\Documents and Settings\Digsy\Application Data\Research In Motion -> [2007/06/04 14:09:00 | 00,000,000 | ---D | M]

Samsung -> C:\Documents and Settings\Digsy\Application Data\Samsung -> [2008/10/22 13:49:38 | 00,000,000 | ---D | M]

SmartFTP -> C:\Documents and Settings\Digsy\Application Data\SmartFTP -> [2007/06/19 13:02:23 | 00,000,000 | ---D | M]

Template -> C:\Documents and Settings\Digsy\Application Data\Template -> [2007/03/23 10:06:22 | 00,000,000 | ---D | M]

XTND_BTUIObjects -> C:\Documents and Settings\Digsy\Application Data\XTND_BTUIObjects -> [2007/01/15 16:26:05 | 00,000,000 | ---D | M]

???????sAppData -> C:\Documents and Settings\Digsy\Application Data\æ•Žæ½²ä„æ•”ç­æ…¬æ•´sAppData -> [2008/06/11 13:42:44 | 00,000,000 | ---D | M]

C:\WINDOWS\Tasks\ -> C:\WINDOWS\Tasks -> [2008/10/28 16:17:44 | 00,000,000 | --SD | M]

AppleSoftwareUpdate.job -> C:\WINDOWS\Tasks\AppleSoftwareUpdate.job -> [2008/09/16 14:53:07 | 00,000,284 | ---- | M] ()

desktop.ini -> C:\WINDOWS\Tasks\desktop.ini -> [2004/08/04 12:00:00 | 00,000,065 | RH-- | M] ()

FRU Task #Hewlett-Packard#hp psc 1200 series#1162304856.job -> C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1162304856.job -> [2007/02/19 14:30:08 | 00,000,342 | ---- | M] ()

SA.DAT -> C:\WINDOWS\Tasks\SA.DAT -> [2008/09/16 14:53:29 | 00,000,006 | -H-- | M] ()

User_Feed_Synchronization-{059123A2-0BD4-42BC-97E3-F64F7F00AEAA}.job -> C:\WINDOWS\Tasks\User_Feed_Synchronization-{059123A2-0BD4-42BC-97E3-F64F7F00AEAA}.job -> [2008/04/18 14:55:14 | 00,000,422 | -H-- | M] ()

[File - Purity Scan]

 

< End of report >

[/code]

Share this post


Link to post
Share on other sites

Hello

 

Start OTScanIt2. Copy/Paste the information in the quotebox below into the panel where it says "Paste fix here" and then click the Run Fix button.

 

[Kill Explorer]

[unregister Dlls]

[Processes - Safe List]

YN -> aawservice.exe -> %ProgramFiles%\Lavasoft\Ad-Aware\aawservice.exe

YN -> bullguardupdate.exe -> %ProgramFiles%\BullGuard Software\BullGuard\BullGuardUpdate.exe

YN -> teatimer.exe -> %ProgramFiles%\Spybot - Search & Destroy\TeaTimer.exe

[Registry - Safe List]

< Internet Explorer Settings [HKEY_CURRENT_USER\] > ->

YN -> HKEY_CURRENT_USER\: URLSearchHooks\\"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> Reg Error: Key does not exist or could not be opened. [Yahoo! Toolbar]

< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

YN -> {7E853D72-626A-48EC-A868-BA8D5E23E045} [HKLM] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]

YY -> {8107460b-0dee-b7c2-4cc4-1ed3cf3932b6} [HKLM] -> %SystemRoot%\system32\nsx37.dll [adzgalore]

< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup

YY -> ~EmptyValue -> %AllUsersProfile%\Start Menu\Programs\Startup\Startup.exe

< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\

YN -> {02AA9E0F-B4EB-4BE9-A769-FD09543FEEC2} [HKLM] -> http://webcamnow.com/fs5/voice/voice-installer.cab[uniInstaller Class]

[Files/Folders - Created Within 90 Days]

NY -> 1 C:\*.tmp files -> C:\*.tmp

NY -> 1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp

NY -> Lop SD -> %SystemDrive%\Lop SD

NY -> cont_adzgalore-remove.exe -> %SystemRoot%\System32\cont_adzgalore-remove.exe

NY -> nsx37.dll -> %SystemRoot%\System32\nsx37.dll

[Files/Folders - Modified Within 90 Days]

NY -> swpklkdv.dll -> C:\Documents and Settings\Digsy\Local Settings\Temp\swpklkdv.dll

NY -> cont_adzgalore-remove.exe -> %SystemRoot%\System32\cont_adzgalore-remove.exe

[Custom Items]

:commands

[Purity]

[Empty Temp Folders]

[start Explorer]

[Reboot]

 

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here

 

I will review the information when it comes back in.

 

 

 

Also post a new HJT log

Share this post


Link to post
Share on other sites
Hello

 

Start OTScanIt2. Copy/Paste the information in the quotebox below into the panel where it says "Paste fix here" and then click the Run Fix button.

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here

 

I will review the information when it comes back in.

Also post a new HJT log

 

Explorer killed successfully

[Processes - Safe List]

Unable to kill process aawservice.exe .

Unable to kill process bullguardupdate.exe .

Process teatimer.exe killed successfully.

[Registry - Safe List]

Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8107460b-0dee-b7c2-4cc4-1ed3cf3932b6}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8107460b-0dee-b7c2-4cc4-1ed3cf3932b6}\ deleted successfully.

LoadLibrary failed for C:\WINDOWS\system32\nsx37.dll

C:\WINDOWS\system32\nsx37.dll NOT unregistered.

File move failed. C:\WINDOWS\system32\nsx37.dll scheduled to be moved on reboot.

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Startup.exe moved successfully.

File ~EmptyValue not found.

Starting removal of ActiveX control {02AA9E0F-B4EB-4BE9-A769-FD09543FEEC2}

C:\WINDOWS\Downloaded Program Files\UniInstaller.inf moved successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02AA9E0F-B4EB-4BE9-A769-FD09543FEEC2}\ deleted successfully.

[Files/Folders - Created Within 90 Days]

C:\Lop SD folder moved successfully.

C:\WINDOWS\System32\cont_adzgalore-remove.exe moved successfully.

LoadLibrary failed for C:\WINDOWS\System32\nsx37.dll

C:\WINDOWS\System32\nsx37.dll NOT unregistered.

File move failed. C:\WINDOWS\System32\nsx37.dll scheduled to be moved on reboot.

[Files/Folders - Modified Within 90 Days]

LoadLibrary failed for C:\Documents and Settings\Digsy\Local Settings\Temp\swpklkdv.dll

C:\Documents and Settings\Digsy\Local Settings\Temp\swpklkdv.dll NOT unregistered.

File move failed. C:\Documents and Settings\Digsy\Local Settings\Temp\swpklkdv.dll scheduled to be moved on reboot.

File C:\WINDOWS\System32\cont_adzgalore-remove.exe not found!

[Custom Items]

========== COMMANDS ==========

File delete failed. C:\Documents and Settings\Digsy\Local Settings\Temp\BCG1.tmp scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Digsy\Local Settings\Temp\swpklkdv.dll scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Digsy\Local Settings\Temp\~DF571B.tmp scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Digsy\Local Settings\Temp\~DF6948.tmp scheduled to be deleted on reboot.

User's Temp folder emptied.

User's Temporary Internet Files folder emptied.

User's Internet Explorer cache folder emptied.

Local Service Temp folder emptied.

File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.

Local Service Temporary Internet Files folder emptied.

Windows Temp folder emptied.

Java cache emptied.

Temp folders emptied.

Explorer started successfully

< End of fix log >

OTScanIt2 by OldTimer - Version 1.0.0.27b fix logfile created on 11032008_154216

 

Files moved on Reboot...

C:\WINDOWS\system32\nsx37.dll moved successfully.

C:\Documents and Settings\Digsy\Local Settings\Temp\swpklkdv.dll moved successfully.

File C:\Documents and Settings\Digsy\Local Settings\Temp\BCG1.tmp not found!

File C:\Documents and Settings\Digsy\Local Settings\Temp\~DF571B.tmp not found!

File C:\Documents and Settings\Digsy\Local Settings\Temp\~DF6948.tmp not found!

File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.

Share this post


Link to post
Share on other sites

New HJT Log..

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 15:53:09, on 03/11/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\BullGuard Software\BullGuard\BullGuardUpdate.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\PnkBstrB.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\Tablet.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\Program Files\CyberLink\PowerCinema\PCMService.exe

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\WINDOWS\system32\BtUsrBdg.exe

C:\WINDOWS\system32\BTSetBootKey.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\BullGuard Software\BullGuard\BullGuard.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Windows Media Player\WMPNSCFG.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

C:\WINDOWS\system32\WTablet\TabUserW.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\SyncServer.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncUIHandler.exe

C:\Documents and Settings\Digsy\My Documents\My Received Files\HiJackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [{1290A33C-85F5-4164-A1BE-7DD299D4986A}] "C:\Program Files\CyberLink\PowerBackup\PBKScheduler.exe"

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [bTUSRBDG] BtUsrBdg.exe

O4 - HKLM\..\Run: [bTSETBOOTKEY] BTSetBootKey.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKCU\..\Run: [bullGuard] "C:\Program Files\BullGuard Software\BullGuard\BullGuard.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [bGNewsAgent] "C:\Program Files\BullGuard Software\BullGuard\BgNewsUI.exe"

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: hp psc 1000 series.lnk = ?

O4 - Global Startup: hpoddt01.exe.lnk = ?

O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://www.meshcomputers.com

O16 - DPF: {02AA9E0F-B4EB-4BE9-A769-FD09543FEEC2} -

O16 - DPF: {04CC2CE2-BBC4-43B6-96D6-E1C3E0BA120F} (HMVDownloader Control) - https://www.hmvdigital.com/HMV.Digital.WebS....Downloader.cab

O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab

O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1162305299875

O16 - DPF: {A417A857-7019-49DC-9A73-A0CBC965F483} (UniVoiceX Control) - http://webcamnow.com/fs5/voice/voice.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: BullGuard LiveUpdate (BGLiveSvc) - BullGuard Software - C:\Program Files\BullGuard Software\BullGuard\BullGuardUpdate.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe

O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe

O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe

 

--

End of file - 10904 bytes

Share this post


Link to post
Share on other sites

Hello

 

Please download Malwarebytes' Anti-Malware from Here or Here

 

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

 

 

 

 

Go to Kaspersky website and perform an online antivirus scan.

  1. Read through the requirements and privacy statement and click on Accept button.
  2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  3. When the downloads have finished, click on Settings.
  4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases

[*]Click on My Computer under Scan.

[*]Once the scan is complete, it will display the results. Click on View Scan Report.

[*]You will see a list of infected items there. Click on Save Report As....

[*]Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.

Share this post


Link to post
Share on other sites

Log from Malwarebytes...

 

Malwarebytes' Anti-Malware 1.30

Database version: 1360

Windows 5.1.2600 Service Pack 3

 

03/11/2008 17:51:12

mbam-log-2008-11-03 (17-51-12).txt

 

Scan type: Quick Scan

Objects scanned: 58350

Time elapsed: 6 minute(s), 33 second(s)

 

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 8

Registry Values Infected: 4

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 5

 

Memory Processes Infected:

(No malicious items detected)

 

Memory Modules Infected:

(No malicious items detected)

 

Registry Keys Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{f06e2abe-3a50-4079-be25-fc100d9eaa25} (Trojan.Zlob) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5dde5591-a8ab-4897-93ef-1e4e943f85a7} (Trojan.Zlob) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b64f4a7c-97c9-11da-8bde-f66bad1e3f3a} (Rogue.WinAntivirus) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6fd31ed6-7c94-4bbc-8e95-f927f4d3a949} (Adware.180Solutions) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\c:/windows/downloaded program files/uniinstallerbottom.bmp (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\c:/windows/downloaded program files/uniinstallergui.xml (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\c:/windows/downloaded program files/uniinstallerlicense.htm (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\c:/windows/downloaded program files/uniinstallertop.bmp (Trojan.Agent) -> Quarantined and deleted successfully.

 

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\Downloaded Program Files\UniInstallerBottom.bmp (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\Downloaded Program Files\UniInstallerGui.xml (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\Downloaded Program Files\UniInstallerLicense.htm (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\Downloaded Program Files\UniInstallerTop.bmp (Trojan.Agent) -> Quarantined and deleted successfully.

 

Registry Data Items Infected:

(No malicious items detected)

 

Folders Infected:

(No malicious items detected)

 

Files Infected:

C:\WINDOWS\Downloaded Program Files\UniInstallerBottom.bmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Downloaded Program Files\UniInstallerGui.xml (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Downloaded Program Files\UniInstallerLicense.htm (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Downloaded Program Files\UniInstallerTop.bmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Downloaded Program Files\UniVoice.inf (Trojan.Agent) -> Quarantined and deleted successfully.

Share this post


Link to post
Share on other sites

Results from Kaspersky scan...

 

Program database last update: Monday, November 03, 2008 17:00:38

Records in database: 1369018

--------------------------------------------------------------------------------

 

Scan settings:

Scan using the following database: extended

Scan archives: yes

Scan mail databases: yes

 

Scan area - My Computer:

C:\

D:\

E:\

F:\

G:\

H:\

I:\

J:\

K:\

 

Scan statistics:

Files scanned: 91365

Threat name: 2

Infected objects: 2

Suspicious objects: 0

Duration of the scan: 01:14:35

 

 

File name / Threat name / Threats count

C:\Documents and Settings\Digsy\Desktop\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f 1

C:\Documents and Settings\Digsy\Local Settings\Temporary Internet Files\Content.IE5\YBC9QNA1\gnida[1].swf Infected: Trojan-Downloader.SWF.Gida.a 1

 

The selected area was scanned.

Share this post


Link to post
Share on other sites

Hello

 

Please download the OTMoveIt3 by OldTimer or from here.

  • Save it to your desktop.
  • Please double-click OTMoveIt3.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
     
    :Processes
    explorer.exe
    
    :Services
    
    :Reg
    
    :Files
    C:\Documents and Settings\Digsy\Local Settings\Temporary Internet Files\Content.IE5\YBC9QNA1\gnida[1].swf
    
    :Commands
    [purity]
    [emptytemp]
    [start explorer]
    [Reboot]


     

  • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
     
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt3

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

 

 

 

  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

Share this post


Link to post
Share on other sites

Results from OTMoveIt3 scan..

 

========== PROCESSES ==========

Process explorer.exe killed successfully.

========== SERVICES/DRIVERS ==========

========== REGISTRY ==========

========== FILES ==========

File move failed. C:\Documents and Settings\Digsy\Local Settings\Temporary Internet Files\Content.IE5\YBC9QNA1\gnida[1].swf scheduled to be moved on reboot.

========== COMMANDS ==========

File delete failed. C:\DOCUME~1\Digsy\LOCALS~1\Temp\~DFFB7A.tmp scheduled to be deleted on reboot.

File delete failed. C:\DOCUME~1\Digsy\LOCALS~1\Temp\~DFFB87.tmp scheduled to be deleted on reboot.

User's Temp folder emptied.

User's Temporary Internet Files folder emptied.

User's Internet Explorer cache folder emptied.

Local Service Temp folder emptied.

File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.

Local Service Temporary Internet Files folder emptied.

Windows Temp folder emptied.

Java cache emptied.

Temp folders emptied.

Explorer started successfully

 

OTMoveIt3 by OldTimer - Version 1.0.7.0 log created on 11032008_202508

 

Files moved on Reboot...

C:\Documents and Settings\Digsy\Local Settings\Temporary Internet Files\Content.IE5\YBC9QNA1\gnida[1].swf moved successfully.

File C:\DOCUME~1\Digsy\LOCALS~1\Temp\~DFFB7A.tmp not found!

File C:\DOCUME~1\Digsy\LOCALS~1\Temp\~DFFB87.tmp not found!

File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.

Share this post


Link to post
Share on other sites

log.txt log...

 

Logfile of random's system information tool 1.04 (written by random/random)

Run by Digsy at 2008-11-03 20:32:32

Microsoft Windows XP Home Edition Service Pack 3

System drive C: has 242 GB (80%) free of 301 GB

Total RAM: 2047 MB (64% free)

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 20:32:51, on 03/11/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\BullGuard Software\BullGuard\BullGuardUpdate.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\PnkBstrB.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\Tablet.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\Program Files\CyberLink\PowerCinema\PCMService.exe

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\WINDOWS\system32\BtUsrBdg.exe

C:\WINDOWS\system32\BTSetBootKey.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\BullGuard Software\BullGuard\BullGuard.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

C:\Program Files\Windows Media Player\WMPNSCFG.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

C:\WINDOWS\system32\WTablet\TabUserW.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\SyncServer.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\Digsy\Desktop\RSIT.exe

C:\Documents and Settings\Digsy\My Documents\My Received Files\HiJackThis\Digsy.exe

 

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [{1290A33C-85F5-4164-A1BE-7DD299D4986A}] "C:\Program Files\CyberLink\PowerBackup\PBKScheduler.exe"

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [bTUSRBDG] BtUsrBdg.exe

O4 - HKLM\..\Run: [bTSETBOOTKEY] BTSetBootKey.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKCU\..\Run: [bullGuard] "C:\Program Files\BullGuard Software\BullGuard\BullGuard.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [bGNewsAgent] "C:\Program Files\BullGuard Software\BullGuard\BgNewsUI.exe"

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: hp psc 1000 series.lnk = ?

O4 - Global Startup: hpoddt01.exe.lnk = ?

O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://www.meshcomputers.com

O16 - DPF: {02AA9E0F-B4EB-4BE9-A769-FD09543FEEC2} -

O16 - DPF: {04CC2CE2-BBC4-43B6-96D6-E1C3E0BA120F} (HMVDownloader Control) - https://www.hmvdigital.com/HMV.Digital.WebS....Downloader.cab

O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab

O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1162305299875

O16 - DPF: {A417A857-7019-49DC-9A73-A0CBC965F483} (UniVoiceX Control) - http://webcamnow.com/fs5/voice/voice.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: BullGuard LiveUpdate (BGLiveSvc) - BullGuard Software - C:\Program Files\BullGuard Software\BullGuard\BullGuardUpdate.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe

O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe

O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe

 

--

End of file - 11001 bytes

 

======Scheduled tasks folder======

 

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1162304856.job

C:\WINDOWS\tasks\User_Feed_Synchronization-{059123A2-0BD4-42BC-97E3-F64F7F00AEAA}.job

 

======Registry dump======

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]

Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"nTrayFw"=C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe [2005-09-30 270336]

"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2005-08-17 90112]

"{1290A33C-85F5-4164-A1BE-7DD299D4986A}"=C:\Program Files\CyberLink\PowerBackup\PBKScheduler.exe [2004-06-08 69721]

"RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2004-11-02 32768]

"PCMService"=C:\Program Files\CyberLink\PowerCinema\PCMService.exe [2005-01-14 110744]

"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]

"BTUSRBDG"=C:\WINDOWS\system32\BtUsrBdg.exe [2003-11-05 53248]

"BTSETBOOTKEY"=C:\WINDOWS\system32\BTSetBootKey.exe [2003-04-15 36864]

"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2007-09-17 8491008]

"nwiz"=nwiz.exe /install []

"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-01 153136]

"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2007-09-17 81920]

"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]

"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-09-03 111936]

"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-10-01 289576]

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"BullGuard"=C:\Program Files\BullGuard Software\BullGuard\BullGuard.exe [2006-10-31 102400]

"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2007-06-27 152872]

"BGNewsAgent"=C:\Program Files\BullGuard Software\BullGuard\BgNewsUI.exe [2006-10-31 114688]

"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-10-18 204288]

"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-09-16 1833296]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^TrayMin200.exe.lnk]

C:\PROGRA~1\Philips\SPC200~1\TRAYMI~1.EXE [2005-07-12 278528]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"CyberLink Media Library Service"=2

"CLSched"=2

"CLCapSvc"=2

 

C:\Documents and Settings\All Users\Start Menu\Programs\Startup

Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

hp psc 1000 series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe

hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

TabUserW.exe.lnk - C:\WINDOWS\system32\WTablet\TabUserW.exe

 

C:\Documents and Settings\Digsy\Start Menu\Programs\Startup

Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=145

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Program Files\CyberLink\PowerCinema\PowerCinema.exe"="C:\Program Files\CyberLink\PowerCinema\PowerCinema.exe:*:Enabled:PowerCinema"

"C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe"="C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe:*:Enabled:Apache HTTP Server"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"

"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"

"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"

"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"

"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

 

======List of files/folders created in the last 1 months======

 

2008-11-03 20:32:32 ----D---- C:\rsit

2008-11-03 20:25:08 ----D---- C:\_OTMoveIt

2008-11-03 17:40:26 ----D---- C:\Documents and Settings\Digsy\Application Data\Malwarebytes

2008-11-03 17:40:18 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes

2008-11-03 17:40:17 ----D---- C:\Program Files\Malwarebytes' Anti-Malware

2008-11-03 15:42:16 ----D---- C:\_OTScanIt

2008-10-31 16:21:37 ----A---- C:\lopR.txt

2008-10-31 15:08:40 ----D---- C:\Program Files\Panda Security

2008-10-29 21:01:12 ----D---- C:\Program Files\A

2008-10-28 16:41:59 ----D---- C:\Program Files\Common Files\Wise Installation Wizard

2008-10-27 19:25:17 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$

2008-10-23 12:57:06 ----D---- C:\Program Files\TeaTimer (Spybot - Search & Destroy)

2008-10-23 12:57:06 ----D---- C:\Program Files\SDHelper (Spybot - Search & Destroy)

2008-10-22 15:04:48 ----D---- C:\Documents and Settings\Digsy\Application Data\LimeWire

2008-10-22 14:02:16 ----D---- C:\Program Files\Dr.STIKA PLUS

2008-10-21 17:37:02 ----D---- C:\Program Files\Roland CutChoice 1.1 Updater 2

2008-10-21 15:45:24 ----D---- C:\spoolerlogs

2008-10-21 15:45:23 ----A---- C:\WINDOWS\system32\RD462LM1.DLL

2008-10-21 15:23:15 ----D---- C:\WINDOWS\Drivers

2008-10-21 15:09:08 ----A---- C:\WINDOWS\system32\VBA5.DLL

2008-10-21 15:09:08 ----A---- C:\WINDOWS\system32\OWL250F.DLL

2008-10-21 15:08:55 ----D---- C:\Program Files\Roland CutChoice

2008-10-21 15:08:18 ----A---- C:\WINDOWS\uninst.exe

2008-10-21 15:07:24 ----D---- C:\Program Files\Roland CutChoice AI10 Updater

2008-10-21 15:06:56 ----A---- C:\WINDOWS\system32\RDCOMMON.DLL__

2008-10-21 15:06:56 ----A---- C:\WINDOWS\system32\RDCOMMON.DLL

2008-10-14 19:27:15 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$

2008-10-14 19:27:11 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$

2008-10-14 19:27:07 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$

2008-10-14 19:26:36 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$

2008-10-14 19:26:30 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$

2008-10-07 14:41:15 ----D---- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

 

======List of files/folders modified in the last 1 months======

 

2008-11-03 20:28:43 ----A---- C:\WINDOWS\ModemLog_Windigo Bluetooth DUN Modem.txt

2008-11-03 20:28:41 ----D---- C:\WINDOWS\system32\CatRoot2

2008-11-03 20:28:37 ----D---- C:\WINDOWS\Temp

2008-11-03 20:28:37 ----A---- C:\WINDOWS\ModemLog_Standard Modem.txt

2008-11-03 20:28:34 ----D---- C:\WINDOWS\system32

2008-11-03 18:56:33 ----D---- C:\Documents and Settings\All Users\Application Data\BullGuard

2008-11-03 17:51:12 ----SD---- C:\WINDOWS\Downloaded Program Files

2008-11-03 17:40:21 ----D---- C:\WINDOWS\system32\drivers

2008-11-03 17:40:17 ----RD---- C:\Program Files

2008-11-03 15:42:17 ----AD---- C:\WINDOWS

2008-10-31 15:08:40 ----HD---- C:\WINDOWS\inf

2008-10-29 23:26:57 ----D---- C:\Program Files\Spybot - Search & Destroy

2008-10-29 23:25:19 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2008-10-29 16:09:57 ----RSD---- C:\WINDOWS\Fonts

2008-10-28 16:56:14 ----D---- C:\Documents and Settings\Digsy\Application Data\BullGuard

2008-10-28 16:45:27 ----SHD---- C:\WINDOWS\Installer

2008-10-28 16:45:27 ----SHD---- C:\Config.Msi

2008-10-28 16:41:59 ----D---- C:\Program Files\Common Files

2008-10-28 16:17:44 ----SD---- C:\WINDOWS\Tasks

2008-10-28 16:10:13 ----D---- C:\WINDOWS\Debug

2008-10-27 19:25:21 ----RSHDC---- C:\WINDOWS\system32\dllcache

2008-10-27 19:23:22 ----HD---- C:\WINDOWS\$hf_mig$

2008-10-27 19:11:07 ----D---- C:\Program Files\Common Files\Adobe

2008-10-27 19:10:38 ----D---- C:\Program Files\Adobe

2008-10-27 19:07:39 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI

2008-10-23 14:47:06 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft

2008-10-23 14:41:31 ----D---- C:\Program Files\Lavasoft

2008-10-23 12:37:05 ----HD---- C:\Program Files\InstallShield Installation Information

2008-10-22 13:49:38 ----D---- C:\Documents and Settings\Digsy\Application Data\Samsung

2008-10-21 17:26:09 ----D---- C:\WINDOWS\Help

2008-10-21 16:21:19 ----A---- C:\WINDOWS\NeroDigital.ini

2008-10-21 16:10:29 ----D---- C:\WINDOWS\system32\FxsTmp

2008-10-21 16:09:02 ----A---- C:\WINDOWS\win.ini

2008-10-21 15:45:53 ----D---- C:\WINDOWS\twain_32

2008-10-15 16:34:24 ----A---- C:\WINDOWS\system32\netapi32.dll

2008-10-14 19:27:01 ----D---- C:\Program Files\Internet Explorer

2008-10-07 19:19:40 ----A---- C:\WINDOWS\system32\MRT.exe

2008-10-07 14:41:33 ----D---- C:\Program Files\iTunes

2008-10-07 14:41:17 ----D---- C:\Program Files\iPod

2008-10-07 14:33:29 ----DC---- C:\WINDOWS\system32\DRVSTORE

 

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2004-10-08 35840]

R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]

R1 NVTCP;NVIDIA TCP/IP Protocol Driver; C:\WINDOWS\System32\DRIVERS\NVTcp.sys [2005-10-27 101632]

R1 wpsdrvnt;wpsdrvnt; \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys []

R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]

R2 Par1284;Par1284; \??\C:\Program Files\Roland CutChoice\Program\Par1284.sys []

R2 wg3n;SyGate for NT, wg3n; C:\WINDOWS\SYSTEM32\Drivers\wg3n.sys [2003-09-12 11914]

R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-08-19 3644800]

R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]

R3 BTCOMM;BTCOMM; C:\WINDOWS\system32\drivers\Btcomm.sys [2004-09-28 57512]

R3 BTKRNBDG;Bluetooth COM Bridge; C:\WINDOWS\system32\DRIVERS\btkrnbdg.sys [2003-03-18 15876]

R3 FileSpy5;BullGuard File Monitor; \??\C:\Program Files\BullGuard Software\BullGuard\filespy5.sys []

R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]

R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]

R3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2003-03-09 51024]

R3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2003-03-09 16080]

R3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2003-03-09 21456]

R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]

R3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]

R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]

R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]

R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2007-09-17 6853088]

R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2005-09-30 34048]

R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2005-09-30 13056]

R3 Reconn;BullGuard Email Monitor; \??\C:\Program Files\BullGuard Software\BullGuard\reconn.sys []

R3 RimVSerPort;RIM Virtual Serial Port v2; C:\WINDOWS\system32\DRIVERS\RimSerial.sys [2006-06-30 26752]

R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-04 5888]

R3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]

R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]

R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]

R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]

R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]

R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]

R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]

R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]

R3 vad_multi;Windigo Virtual Audio Device (WDM); C:\WINDOWS\system32\drivers\vadmulti.sys [2003-11-05 19840]

R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2006-05-23 245248]

S3 Ad-Watch Connect Filter;Ad-Watch Connect Kernel Filter; \??\C:\WINDOWS\system32\drivers\NSDriver.sys []

S3 Ad-Watch Real-Time Scanner;AW Real-Time Scanner; \??\C:\WINDOWS\system32\drivers\AWRTPD.sys []

S3 Ad-Watch Registry Filter;Ad-Watch Registry Kernel Filter; \??\C:\WINDOWS\system32\drivers\AWRTRD.sys []

S3 BthEnum;Bluetooth Enumerator Service; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-13 17024]

S3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-13 101120]

S3 BTHPORT;Bluetooth Port Driver; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-13 272128]

S3 BTHUSB;Bluetooth Radio USB Driver; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-13 18944]

S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]

S3 CSRBC01;%CSRBC01.SvcDesc%; C:\WINDOWS\System32\Drivers\csrbc01.sys [2003-10-29 24523]

S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]

S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]

S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]

S3 PnkBstrK;PnkBstrK; \??\C:\WINDOWS\system32\drivers\PnkBstrK.sys []

S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-13 59136]

S3 RimUsb;BlackBerry Device; C:\WINDOWS\System32\Drivers\RimUsb.sys [2006-07-13 22528]

S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]

S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]

S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-10-01 32000]

S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]

S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]

S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

S3 ZSMC301b;Philips SPC 200NC PC Camera; C:\WINDOWS\System32\Drivers\usbVM31b.sys [2005-02-26 91527]

S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]

S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]

S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752]

S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008]

S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]

S4 fasttx2k;fasttx2k; C:\WINDOWS\system32\DRIVERS\fasttx2k.sys [2003-08-06 159744]

S4 iaStor;Intel AHCI Controller; C:\WINDOWS\system32\DRIVERS\iaStor.sys [2004-04-20 472960]

S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2008-04-13 5504]

S4 m5287;m5287; C:\WINDOWS\system32\DRIVERS\m5287.sys [2005-02-05 85888]

S4 m5289;m5289; C:\WINDOWS\system32\DRIVERS\m5289.sys [2004-12-01 51840]

S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960]

S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]

S4 viamraid;viamraid; C:\WINDOWS\system32\DRIVERS\viamraid.sys [2004-03-29 73600]

 

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-10-28 611664]

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-10-01 116040]

R2 BGLiveSvc;BullGuard LiveUpdate; C:\Program Files\BullGuard Software\BullGuard\BullGuardUpdate.exe [2006-10-31 561152]

R2 BGMainSvc;BullGuard Main Service; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]

R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]

R2 BsFileSpy;BullGuard File Monitoring Service; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]

R2 BsFirewall;BullGuard Firewall Service; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]

R2 BsMailProxy;BullGuard Email Monitoring Service; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]

R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

R2 ForceWare Intelligent Application Manager (IAM);ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe [2005-09-30 139264]

R2 ForcewareWebInterface;Forceware Web Interface; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe [2005-09-23 20543]

R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-05-15 79400]

R2 nSvcIp;ForceWare IP service; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe [2005-09-30 118843]

R2 nSvcLog;ForceWare user log service; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe [2005-09-30 61503]

R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2007-09-17 155716]

R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2007-08-31 66872]

R2 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2008-03-17 107832]

R2 TabletService;TabletService; C:\WINDOWS\system32\Tablet.exe [2005-12-05 753664]

R2 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]

R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-10-01 536872]

R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-27 279848]

R3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2003-03-09 65795]

S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 267776]

S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2007-02-08 72704]

S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]

S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]

S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]

S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-06-29 800040]

S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]

S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]

S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

S4 CLCapSvc;CyberLink Background Capture Service (CBCS); C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe [2005-01-14 172153]

S4 CLSched;CyberLink Task Scheduler (CTS); C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe [2005-01-14 110711]

S4 CyberLink Media Library Service;CyberLink Media Library Service; C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe [2005-01-14 24576]

 

-----------------EOF-----------------

Edited by DiscoDigs

Share this post


Link to post
Share on other sites

Your logs are clean

  • Make sure you have an Internet Connection.
  • Download OTCleanIt to your desktop and run it
  • A list of tool components used in the Cleanup of malware will be downloaded.
  • If your Firewall or Real Time protection attempts to block OTCleanUp to reach the Internet, please allow the application to do so.
  • Click Yes to beging the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.

 

Now we need to create a new System Restore point.

 

Click Start Menu > Run > type (or copy and paste)

 

%SystemRoot%\System32\restore\rstrui.exe

 

Press OK. Choose Create a Restore Point then click Next. Name it and click Create, when the confirmation screen shows the restore point has been created click Close.

 

Next goto Start Menu > Run > type

 

cleanmgr

 

Click OK, Disk Cleanup will open and start calculating the amount of space that can be freed, Once thats finished it will open the Disk Cleanup options screen, click the More Options tab then click Clean up on the system restore area and choose Yes at the confirmation window which will remove all the restore points except the one we just created.

 

To close Disk Cleanup and remove the Temporary Internet Files detected in the initial scan click OK then choose Yes on the confirmation window.

 

 

 

Below I have included a number of recommendations for how to protect your computer against malware infections.

 

* Keep Windows updated by regularly checking their website at :

http://windowsupdate.microsoft.com/

This will ensure your computer has always the latest security updates available installed on your computer.

 

* To reduce re-infection for malware in the future, I strongly recommend installing these free programs:

 

SpywareBlaster protects against bad ActiveX

IE-SPYAD puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all

Have a look at this tutorial for IE-Spyad here

 

* SpywareGuard offers realtime protection from spyware installation attempts. Make sure you are only running one real-time anti-spyware protection program or there will be a conflict.

 

Make Internet Explorer more secure

  • Click Start > Run
  • Type Inetcpl.cpl & click OK
  • Click on the Security tab
  • Click Reset all zones to default level
  • Make sure the Internet Zone is selected & Click Custom level
  • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
  • Next Click OK, then Apply button and then OK to exit the Internet Properties page.

 

*ATF Cleaner - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.

 

*NoScript - Addon for Firefox that stops all scripts from running on websites. Stops malicious software from invading via flash, java, javascript, and many other entry points.

 

*Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

 

* MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

 

* Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more

secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up

blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from

Here

 

* Take a good look at the following suggestions for malware prevention by reading Tony Klein’s article 'How Did I Get Infected In The First Place'

Here

 

Thank you for your patience, and performing all of the procedures requested.

Share this post


Link to post
Share on other sites

info.txt log...

 

info.txt logfile of random's system information tool 1.04 2008-11-03 20:32:53

 

======Uninstall list======

 

-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0

-->C:\Program Files\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL

-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu

-->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL

-->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL

-->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL

-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL

-->C:\WINDOWS\UNRecode.exe /UNINSTALL

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

Abexo Free Registry Cleaner-->C:\Program Files\Abexo\afrc\uninst.exe

Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}

Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}

Adobe Bridge 1.0-->MsiExec.exe /I{B74D4E10-6884-0000-0000-000000000103}

Adobe Common File Installer-->MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}

Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe

Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe

Adobe Help Center 2.1-->MsiExec.exe /I{25569723-DC5A-4467-A639-79535BF01B71}

Adobe Illustrator 10-->"C:\Program Files\InstallShield Installation Information\{412033BC-44CF-48D9-B813-4B835101F4D3}\setup.exe"

Adobe Illustrator CS2-->msiexec /I {B2F5D08C-7E79-4FCD-AAF4-57AD35FF0601}

Adobe Photoshop CS2-->msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}

Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}

Adobe Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log

Adobe SVG Viewer 3.0-->C:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Install.log

Apple Mobile Device Support-->MsiExec.exe /I{976C2B2A-CE59-4AB3-83FB-BF895E28F2E6}

Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}

Battlefield 2142-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ED50ECE9-EC54-4C05-B5ED-EE4741A9F2EC}\setup.exe" -l0x9 -removeonly

BlackBerry Desktop Software 4.2-->MsiExec.exe /i{37E1EB56-C59B-4C5C-B0B3-B5076046EF8A}

BlackBerry Desktop Software 4.2-->MsiExec.exe /I{37E1EB56-C59B-4C5C-B0B3-B5076046EF8A}

Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}

BullGuard 6.0-->C:\Program Files\BullGuard Software\BullGuard\uninst.exe

Contextual Tool Adzgalore-->C:\WINDOWS\system32\cont_adzgalore-remove.exe

Dr.STIKA PLUS-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Dr.STIKA PLUS\Uninst.isu"

EA Download Manager-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{EF7E931D-DC84-471B-8DB6-A83358095474} /l1033

Far Cry-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{D6DBDC2A-E72C-4284-B6AD-6B3B61B4DABC} /l2057

Half-Life® 2-->MsiExec.exe /I{D45EC259-4A19-4656-B588-C2C360DD18EA}

HighMAT Extension to Microsoft Windows XP CD Writing Wizard-->MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}

HijackThis 2.0.2-->"C:\Documents and Settings\Digsy\My Documents\My Received Files\HiJackThis\HijackThis.exe" /uninstall

Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"

Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"

Hotfix for Windows Media Format SDK (KB902344)-->"C:\WINDOWS\$NtUninstallKB902344$\spuninst\spuninst.exe"

Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"

Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"

HP Memories Disc-->MsiExec.exe /X{B376402D-58EA-45EA-BD50-DD924EB67A70}

HP Photo and Imaging 2.0 - All-in-One Drivers-->MsiExec.exe /X{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}

HP Photo and Imaging 2.0 - All-in-One-->MsiExec.exe /X{9867A917-5D17-40DE-83BA-BEA5293194B1}

HP Photo and Imaging 2.0 - hp psc 1200 series-->C:\Program Files\Hewlett-Packard\Digital Imaging\{7C8BB31C-E09E-4c7d-BBF1-45E33B467FE1}\Setup\hpzscr01.exe -datfile hposcr02.dat -forcereboot

hp psc 1200 series-->MsiExec.exe /X{C900EF06-2E76-49C7-8DB0-41F629B21DC5}

hp psc 1200 series-->rundll32 hpzcon07.dll,VendorJettison hp psc 1200 series

iPod for Windows 2005-03-23-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{44A537A5-859C-43A6-8285-C0668142A090} /l1033

iTunes-->MsiExec.exe /I{DDDE0BE3-0CBE-4BF6-B75A-E3F69C947843}

J2SE Runtime Environment 5.0 Update 9-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}

Java 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}

Java 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}

Java 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}

Java 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}

Java SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}

Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"

Marvell Miniport Driver-->MsiExec.exe /X{C950420B-4182-49EA-850A-A6A2ABF06C6B}

MediaShow 3.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D5A9B7C0-8751-11D8-9D75-000129760D75}\setup.exe" -uninstall

Mesh Online-->"C:\Program Files\Mesh Online\uninstall.exe"

Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"

Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}

Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}

Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}

Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"

Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"

Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"

Microsoft Office Standard Edition 2003-->MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9}

Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"

Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}

Microsoft Works-->MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}

MobileMe Control Panel-->MsiExec.exe /I{6DA9102E-199F-43A0-A36B-6EF48081A658}

MSN-->C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP

MSXML 4.0 SP2 (KB925672)-->MsiExec.exe /I{A9CF9052-F4A0-475D-A00F-A8388C62DD63}

MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}

MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}

Nero 7 Premium-->MsiExec.exe /X{CF097717-F174-4144-954A-FBC4BF301033}

neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}

NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI

NVIDIA ForceWare Network Access Manager-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{1F6423DE-7959-4178-80E0-023C7EAA5347} /l1033

Nvu 1.0-->"C:\Program Files\Nvu\unins000.exe"

Panda ActiveScan 2.0-->C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe

PartyPoker-->"C:\Program Files\PartyGaming\PartyPoker\Uninstall.exe" "C:\Program Files\PartyGaming\PartyPoker\install.log"

PhotoNow! 1.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D36DD326-7280-11D8-97C8-000129760CBE}\setup.exe" -uninstall

PL-2303 USB-to-Serial-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}\Setup.exe" -l0x9 Installed

Power2Go 4.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\setup.exe" -uninstall

PowerBackup 1.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ADD5DB49-72CF-11D8-9D75-000129760D75}\setup.exe" -uninstall

PowerCinema 4.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\Setup.exe" -uninstall

PowerDirector Express-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EDE721EC-870A-11D8-9D75-000129760D75}\setup.exe" -uninstall

PowerDVD Copy 1.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E3D04529-6EDB-11D8-A372-0050BAE317E1}\setup.exe" -uninstall

PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall

PowerProducer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\setup.exe" -uninstall

PowerStarter-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" -uninstall

QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}

RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0

Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" -l0x9 -removeonly

Roland CutChoice 1.1v1-->C:\WINDOWS\uninst.exe -f"C:\Program Files\Roland CutChoice\DeIsL5.isu"

Roland CutChoice AI10 Updater-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\A\AI 10 Cut Plugin Updater\Uninst.isu"

Safari-->MsiExec.exe /X{C9D96682-5A4D-45FA-BA3E-DDCB2B0CB868}

Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"

Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 7 (KB929969)-->"C:\WINDOWS\ie7updates\KB929969\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"

Security Update for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"

Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"

Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"

Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"

Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"

Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"

Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"

Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"

Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"

Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"

Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"

Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"

Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"

Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"

Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"

Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"

Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"

Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"

Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"

Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"

Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"

Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"

Spybot - Search & Destroy 1.4-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"

Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins001.exe"

Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}

System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe

Tablet-->C:\Program Files\Tablet\Remove.exe /u

Team Fortress 2-->"C:\Program Files\Valve\Steam\steam.exe" steam://uninstall/440

Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"

Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"

Windows Live Messenger-->MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}

Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll

Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"

Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall

Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"

Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"

XTNDConnect Blue Manager 3.1c-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A0C65E65-5CF2-4C16-8023-950BA678FE15}\Setup.exe"

 

======Hosts File======

 

127.0.0.1 www.007guard.com

127.0.0.1 007guard.com

127.0.0.1 008i.com

127.0.0.1 www.008k.com

127.0.0.1 008k.com

127.0.0.1 www.00hq.com

127.0.0.1 00hq.com

127.0.0.1 010402.com

127.0.0.1 www.032439.com

127.0.0.1 032439.com

 

======Security center information======

 

AV: BullGuard Antivirus

FW: BullGuard Firewall

FW: ActiveArmor Firewall (disabled)

 

======Environment variables======

 

"ComSpec"=%SystemRoot%\system32\cmd.exe

"FP_NO_HOST_CHECK"=NO

"NUMBER_OF_PROCESSORS"=2

"OS"=Windows_NT

"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\QuickTime\QTSystem\

"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH

"PROCESSOR_ARCHITECTURE"=x86

"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 6, GenuineIntel

"PROCESSOR_LEVEL"=6

"PROCESSOR_REVISION"=0f06

"TEMP"=%SystemRoot%\TEMP

"TMP"=%SystemRoot%\TEMP

"windir"=%SystemRoot%

"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip

"QTJAVA"=C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip

 

-----------------EOF-----------------

Share this post


Link to post
Share on other sites

Follow the steps in my previous post and do this

 

Please click on Start > Control Panel > Add/Remove Programs and uninstall the following programs(if present):

 

J2SE Runtime Environment 5.0 Update 9-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}

Javaâ„¢ 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}

Javaâ„¢ 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}

Javaâ„¢ 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}

Javaâ„¢ SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}

Share this post


Link to post
Share on other sites

Thanks for all your help..

 

Very much appreciated..

 

I will take all your suggestions onboard and try to stick to them religiously...

 

A big thankyou again.

 

Richard.

Share this post


Link to post
Share on other sites

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :D

 

If you're the topic starter, and need this topic reopened, please contact the staff member who was helping you with your issue.

 

Everyone else please begin a New Topic.

 

Thank you !

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0