Welcome Guest ( Log In | Join )

Discover the best free computer help!
Learn more about Geeks to Go by taking the tour. Want to ask a question, reply to a topic, or remove all advertising? It's easy, fast and free. Join today!
Spyware, virus, trojan, fake security or privacy alerts? Please start with our malware cleaning guide.
     
2 Pages V   1 2 >  
 Closed TopicStart new topic
Win32/adware.Virtumonde please help me hjt log [RESOLVED], Please help me get rid of this virus! It's destroying my life
ChristineBin
post Sep 8 2008, 10:33 PM
Post #1


Member
**
Posts: 22
OS: windows xp
Here is the hjt log for my computer. I ran fixied. this is my file after running it. Thank you so much for your time. I really appreciate your help. I beleive my computer is infected with win32/adware.virtumonde. My computer is running slow and everytime I type in a web address I am redirected to a different site.


hijackthis
Logfile of Trend Micro HijackThis v2.0.2
scan saved at 11:27:45 PM, on 9/8/2008
platform: Windows XP SP2 (winNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWs\system32\smss.exe
C:\WINDOWs\system32\winlogon.exe
C:\WINDOWs\system32\services.exe
C:\WINDOWs\system32\lsass.exe
C:\WINDOWs\system32\svchost.exe
c:\program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWs\system32\spoolsv.exe
c:\program Files\Common Files\Logishrd\LVMvFM\Lvprcsrv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
c:\program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\common Files\Real\update_OB\realsched.exe
c:\program Files\EPsoN\Creativity Suite\Event Manager\EEventManager.exe
c:\Program Files\HP\HP software update\HPwuschd2.exe
c:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\common Files\Logishrd\LComMgr\Communications_Helper.exe
c:\program Files\Logitech\Quickcam\Quickcam.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
c:\Program Files\Messenger\msmsgs.exe
c:\Program Files\common Files\Apple\Mobile Device
support\bin\AppleMobileDeviceservice.exe
C:\program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:ÄPROGRA~lÄKEYBOA~lÄkeyexp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\program Files\citrix\GOToMyPC\g2svc.exe
c:\program Files\Microsoft office\office\1033\OLFSNT40.EXE
C:\WINDOWs\system32\svchost.exe
c:\program Files\IncrediMail\bin\IMApp.exe
c:\program Files\HP\Digital Imaging\bin\hpqimzone.exe
c:\program Files\common Files\Logishrd\LVCOMSER\LVComser.exe
c:\program Files\citrix\GOToMyPc\g2comm.exe
c:\Program Files\citrix\GOToMypc\g2pre.exe
c:\program Files\citrix\GOToMyPc\g2tray.exe
C:\WINDOWs\system32\svchost.exe
c:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe
C:\WINDOWs\system32\svchost.exe
C:\WINDOWs\system32\svchost.exe
c:\program Files\Microsoft windows OneCare Live\Firewall\msfwsvc.exe
c:\program Files\Microsoft Windows Onecare Live\winss.exe
c:\program Files\ipod\bin\ipodservice.exe
c:\Program Files\Common Files\Logishrd\LVCOMSER\Lvcomser.exe
c:\program Files\common FilesÄLo~ishrdÄLQCvFXÄCOCIManager.exe
c:\Program Files\HP\Digital Imaglng\bin\hpqsTE08.exe
C:\WINDOWS\System32\svchost.exe
c:\program Files\Microsoft Windows OneCare Live\winsSUI.exe
c:\Program Files\IncrediMail\bin\ImNotfy.exe
C:\Documents and settings\User\Desktop\fixiedef.exe
C:\WINDows\explorer.exe
c:\Program Files\Mozilla Firefox\firefox.exe
c:\Program Files\Internet Explorer\Iexplore.exe
c:\program Files\Trend Micro\HijackThis\HijackThis.exe
RO - HKCU\software\Microsoft\Internet Explorer\Main,Start Page =
http://www.abebooks.com/
R1 - HKCU\software\Microsoft\windows\currentversion\Internet settings,proxyoverride
= * .local
02 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316c61} - c:\Program
Files\HP\smart web printing\hpswp_printenhancer.dll
02 - BHO: HP print clips - {053F9267-DC04-4294-A72C-58F732D338CO} - c:\program
Files\HP\smart web printing\hpswp_framework.dll
02 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BEOB3} C:\
program Files\common Files\Adobe\Acrobat\Activex\AcroIEHelper.dll
02 - BHO: Watch for Browser Events - {42A7CE31-CEE7-4CCE-A060-A44A7E52E062} C:Ä
PROGRA~lÄKEYBOA~lÄkie.dll
02 - BHO: ssvHelper class - {761497BB-D6FO-462C-B6EB-D4DAF1D92D43} - c:\program
Files\Java\jre1.6.0_02\bin\ssv.dll
02 - BHO: Browser protection - {FB9FFB4B-9680-4256-8178-5ECDB2c19B23} C:Ä
PROGRA~lÄSPYNOM~lÄSNMIEG~l.DLL (file missing)
03 - Toolbar: TextAloud - {F053C368-5458-45B2-9B4D-D8914BDDDBFF} C:Ä
PROGRA~lÄTEXTAL~lÄTAForIE.dll
04 - HKLM\ .. \Run: [High Definition Audio Property Page shortcut] HDAShCut.exe
04 - HKLM\ .. \Run: [SkyTel] skyTel.EXE
04 - HKLM\ .. \Run: [SoundMan] SOUNDMAN.EXE
04 - HKLM\ .. \Run: [Alcwzrd] ALCWZRD.EXE
04 - HKLM\ .. \Run: [Alcmtr] ALCMTR.EXE
04 - HKLM\ .. \Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
04 - HKLM\ .. \Run: [igfxhkcmd] C:\WINDOWs\system32\hkcmd.exe
04 - HKLM\ .. \Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
04 - HKLM\ .. \Run: [AAWTray] c:ÄPro~ram Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
04 - HKLM\ .. \Run: [HPDJ Taskbar utllity]
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
04 - HKLM\ .. \Run: [sunJavaupdatesched] Ole: \program
Fi 1es\Java\j reI. 6. 0_02\bi n\jusched. exe"
04 - HKLM\ .. \Run: [TkBellExe] "e:\program Files\common
Files\Real\update_OB\realsched.exe" -osboot
04 - HKLM\ .. \Run: [GOToMyPC] "e:\program Files\Citrix\GOToMyPC\g2svc.exe" -logon
04 - HKLM\ .. \Run: [EEventManager] c:\program Files\EPsoN\creativity Suite\Event
Manager\EEventManager.exe
04 - HKLM\ .. \Run: lHP software update] c:\program Files\HP\HP Software
update\HPwuschd2.exe
04 - HKLM\ .. \Run: [QuickTime Task] "e:\program Files\QuickTime\QTTask.exe"
-atboottime
04 - HKLM\ .. \Run: [iTunesHelper] "e:\program Files\iTunes\iTunesHelper.exe"
04 - HKLM\ .. \Run: [LogitechcommunicationsManager] "C:\Program Files\Common
Files\Logishrd\LcomMgr\Communications_Helper.exe"
04 - HKLM\ .. \Run: [LogitechQuickcamRibbonJ "c:\Program
Files\Logitech\QuickCam\Quickcam.exe" Ihide
04 - HKLM\ .. \Run: [Adobe Reader speed Launcher] "e:\program Files\Adobe\Reader
8.0\Reader\Reader_sl.exe"
04 - HKLM\ .. \Run: [lphcnoojOegfe] C:\WINDOWs\system32\lphcnoojOegfe.exe
04 - HKLM\ .. \Run: [SNM] c:ÄPro~ram Files\spyNoMore\SNM.exe Istartup
04 - HKLM\ .. \Run: [OneCareUI] 'c:\Program Files\Microsoft windows OneCare
Live\winssnotify.exe"
04 - HKCU\ .. \Run: [IncrediMail] c:\program Files\IncrediMail\bin\IncMail.exe Ic
04 - HKCU\ .. \Run: [MSMSGS] "c:\Program Files\Messenger\msmsgs.exe" Ibackground
04 - HKUS\S-1-5-18\ .. \RunOnce: [WUAppSetup] c:\program Files\common
Files\logishrd\wUApp32.exe -v Ox046d -p Ox08d7 -f video -m logitech -d 10.5.0.1091
(user 'SYSTEM')
04 - HKUS\.DEFAULT\ .. \Runonce: [WUAppSetup] c:\program Files\common
Files\logishrd\wuApp32.exe -v Ox046d -p Ox08d7 -f video -m logitech -d 10.5.0.1091
(user 'Default user')
04 - Global Startup: HP Digital Imaging Monitor.lnk = c:\program Files\HP\Digital
Imaging\bin\hpqtra08.exe
04 - Global startup: HP Image Zone Fast Start.lnk = c:\program Files\HP\Digital
Imaging\bin\hpqthb08.exe
04 - Global Startup: Keyboard Express 3.lnk = ?
04 - Global startup: Microsoft office.lnk = c:\program Files\Microsoft
office\office\OSA9.EXE
04 - Global startup: symantec Fax Starter Edition port.lnk = c:\program
Files\Microsoft office\office\1033\OLFSNT40.EXE
09 - Extra button: HP clipbook - {58ECB495-38FO-49cb-A538-10282ABF65E7} - c:\program
Files\HP\smart web printing\hpswp_extensions.dll
09 - Extra button: HP Smart Select - {700259D7-1666-479a-93Bl-3250410481E8} c:\
Program Files\HP\Smart web printing\hpswp_extensions.dll
09 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-OOC04F795683} - c:\program
Files\Messenger\msmsgs.exe
09 - Extra 'Tools' menuitem: windows Messenger {
FB5F1910-F110-11d2-BB9E-OOC04F795683} - c:\program Files\Messenger\msmsgs.exe
016 - DPF: CabBuilder http://
kiw.imgag.com/imgag/kiw/toolbar/download/Installercontrol.cab
016 - DPF: {5ED80217-570B-4DA9-BF44-BE107COEC166} (windows Live safety Center Base
Module) http://
cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5036.cab
018 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} C:Ä
PROGRA~1ÄCOMMON~1ÄskypeÄSKYPE4~1.DLL
023 - service: Apple Mobile Device - Apple, Inc. - c:\program Files\common
Files\Apple\Mobile Device support\bin\AppleMobileDeviceservice.exe
023 - service: Bonjour service - Apple Inc. - c:\program
Files\Bonjour\mDNSResponder.exe
023 - service: GOToMyPC - Citrix online, a division of Citrix systems, Inc. c:\
Program Files\citrix\GOToMyPC\g2svc.exe
023 - Service: iPod service - Apple Inc. - c:\program Files\ipod\bin\ipodservice.exe
023 - Service: LVCOMSer - Logitech Inc. - c:\program Files\Common
Files\Logishrd\LvcoMSER\Lvcomser.exe
023 - service: process Monitor (LvprcSrv) - Logitech Inc. - c:\program Files\common
Files\Logishrd\LvMvFM\Lvprcsrv.exe
023 - service: LVSrvLauncher - Logitech Inc. - c:\program Files\Common
Files\Logishrd\srvLnch\srvLnch.exe
End of file - 8279 bytes
Go to the top of the page
 
+Quote Post
fenzodahl512
post Sep 9 2008, 03:44 AM
Post #2


Trusted Helper
Group Icon
Posts: 5,221
OS: Windows XP
Hello, my name is fenzodahl512 and welcome to Geekstogo.. Please do the following...


Please open Notepad >> Go to Format tab >> Untick Word Wrap


Then do below..


Please download RSIT by random/random and save it to your Desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt and info.txt in your next reply.
Go to the top of the page
 
+Quote Post
ChristineBin
post Sep 9 2008, 09:10 AM
Post #3


Member
**
Posts: 22
OS: windows xp
Thank you so much for helping me. Here is the log you requested



Logfile of random's system information tool (written by random/random)
Run by User at 2008-09-09 11:05:16
Microsoft Windows XP Professional Service Pack 2
System drive C: has 92 GB (80%) free of 114 GB
Total RAM: 503 MB (24% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:05:19 AM, on 9/9/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\KEYBOA~1\keyexp.exe
C:\Program Files\Citrix\GoToMyPC\g2svc.exe
C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Citrix\GoToMyPC\g2comm.exe
C:\Program Files\IncrediMail\bin\IMApp.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Citrix\GoToMyPC\g2pre.exe
C:\Program Files\Citrix\GoToMyPC\g2tray.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\User\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\User.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.abebooks.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Watch for Browser Events - {42A7CE31-CEE7-4CCE-A060-A44A7E52E062} - C:\PROGRA~1\KEYBOA~1\kie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Browser protection - {FB9FFB4B-9680-4256-8178-5ECDB2C19B23} - C:\PROGRA~1\SPYNOM~1\SNMIEG~1.DLL (file missing)
O3 - Toolbar: TextAloud - {F053C368-5458-45B2-9B4D-D8914BDDDBFF} - C:\PROGRA~1\TEXTAL~1\TAForIE.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [GoToMyPC] "C:\Program Files\Citrix\GoToMyPC\g2svc.exe" -logon
O4 - HKLM\..\Run: [EEventManager] C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [lphcnooj0egfe] C:\WINDOWS\system32\lphcnooj0egfe.exe
O4 - HKLM\..\Run: [SNM] C:\Program Files\SpyNoMore\SNM.exe /startup
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\RunOnce: [WUAppSetup] C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x08d7 -f video -m logitech -d 10.5.0.1091 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [WUAppSetup] C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x08d7 -f video -m logitech -d 10.5.0.1091 (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Keyboard Express 3.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/dow...llerControl.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase5036.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: GoToMyPC - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToMyPC\g2svc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe

--
End of file - 8172 bytes

Scheduled tasks folder

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

Registry dump

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
HP Print Enhancer - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll [2007-03-02 1298024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{053F9267-DC04-4294-A72C-58F732D338C0}]
HP Print Clips - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll [2007-03-02 177768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{42A7CE31-CEE7-4CCE-A060-A44A7E52E062}]
Watch for Browser Events - C:\PROGRA~1\KEYBOA~1\kie.dll [2004-02-23 452608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll [2007-07-12 501136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FB9FFB4B-9680-4256-8178-5ECDB2C19B23}]
Browser protection - C:\PROGRA~1\SPYNOM~1\SNMIEG~1.DLL []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{F053C368-5458-45B2-9B4D-D8914BDDDBFF} - TextAloud - C:\PROGRA~1\TEXTAL~1\TAForIE.dll [2007-08-25 658432]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"=C:\WINDOWS\system32\HDAShCut.exe [2005-01-07 61952]
"SkyTel"=C:\WINDOWS\SkyTel.EXE [2006-05-16 2879488]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2006-07-21 86016]
"AlcWzrd"=C:\WINDOWS\ALCWZRD.EXE [2006-05-04 2808832]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2006-02-07 94208]
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2006-02-07 77824]
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2006-02-07 118784]
"AAWTray"=C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe []
"HPDJ Taskbar Utility"=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe [2002-03-18 188416]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe [2007-07-12 132496]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2007-11-15 185896]
"GoToMyPC"=C:\Program Files\Citrix\GoToMyPC\g2svc.exe [2007-06-20 258856]
"EEventManager"=C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe [2006-10-12 102400]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-03-11 49152]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-03-28 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-03-30 267048]
"LogitechCommunicationsManager"=C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe [2007-10-25 563984]
"LogitechQuickCamRibbon"=C:\Program Files\Logitech\QuickCam\Quickcam.exe [2007-10-25 2178832]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"lphcnooj0egfe"=C:\WINDOWS\system32\lphcnooj0egfe.exe []
"SNM"=C:\Program Files\SpyNoMore\SNM.exe /startup []
"OneCareUI"=C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe [2008-08-08 67112]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"IncrediMail"=C:\Program Files\IncrediMail\bin\IncMail.exe [2008-07-24 243072]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-10-13 1694208]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
Keyboard Express 3.lnk - C:\PROGRA~1\KEYBOA~1\keyexp.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE
Symantec Fax Starter Edition Port.lnk - C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\GoToMyPC]
C:\Program Files\Citrix\GoToMyPC\G2WinLogon.dll [2007-06-20 10536]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2006-02-07 139264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\OneCareMP]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\OneCareMP]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\WTAB4PYR\incredimail_install[1].exe"="C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\WTAB4PYR\incredimail_install[1].exe:*:Enabled:IncrediMail Installer"
"C:\Program Files\IncrediMail\bin\ImApp.exe"="C:\Program Files\IncrediMail\bin\ImApp.exe:*:Enabled:IncrediMail"
"C:\Program Files\IncrediMail\bin\IncMail.exe"="C:\Program Files\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail"
"C:\Program Files\IncrediMail\bin\ImpCnt.exe"="C:\Program Files\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\ACSPMonitor\ASMonitor.exe"="C:\Program Files\ACSPMonitor\ASMonitor.exe:*:Enabled:System"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Magentic\bin\MgImp.exe"="C:\Program Files\Magentic\bin\MgImp.exe:*:Enabled:Magentic"
"C:\Program Files\Magentic\bin\Magentic.exe"="C:\Program Files\Magentic\bin\Magentic.exe:*:Enabled:Magentic"
"C:\Program Files\Magentic\bin\MgApp.exe"="C:\Program Files\Magentic\bin\MgApp.exe:*:Enabled:Magentic"
"C:\Documents and Settings\User\Desktop\magentic_install.exe"="C:\Documents and Settings\User\Desktop\magentic_install.exe:*:Enabled:IncrediMail Installer"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\WINDOWS\system32\a.exe"="C:\WINDOWS\system32\a.exe:*:Enabled:a"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

List of files/folders created in the last three months

2008-09-09 11:05:16 ----D---- C:\rsit
2008-09-08 23:27:30 ----D---- C:\Program Files\Trend Micro
2008-09-08 23:05:48 ----A---- C:\WINDOWS\system32\windows_update.exe
2008-09-08 10:39:05 ----D---- C:\WINDOWS\pss
2008-09-06 11:42:46 ----D---- C:\WINDOWS\system32\bits
2008-09-06 11:42:37 ----HDC---- C:\WINDOWS\$NtUninstallKB923845$
2008-09-06 11:42:33 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2008-09-06 11:42:20 ----HDC---- C:\WINDOWS\$NtUninstallKB914882$
2008-09-06 11:35:18 ----D---- C:\Program Files\Microsoft Windows OneCare Live
2008-09-06 11:29:04 ----D---- C:\Program Files\Windows Live Safety Center
2008-09-06 10:55:39 ----SHD---- C:\WINDOWS\CSC
2008-09-06 10:55:33 ----A---- C:\WINDOWS\ntbtlog.txt
2008-09-05 22:39:09 ----D---- C:\Program Files\Common Files\Download Manager
2008-08-14 18:39:44 ----D---- C:\Program Files\TextAloud
2008-08-13 23:17:33 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-08-13 23:17:28 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-08-13 23:17:22 ----HDC---- C:\WINDOWS\$NtUninstallKB953839$
2008-08-13 23:17:17 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-08-13 23:17:12 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
2008-08-13 23:17:06 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-08-13 23:17:00 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-08-13 23:16:45 ----HDC---- C:\WINDOWS\$NtUninstallKB953838$
2008-07-23 10:10:27 ----D---- C:\Documents and Settings\All Users\Application Data\WEBREG
2008-07-23 10:05:30 ----D---- C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
2008-07-23 10:05:16 ----RA---- C:\WINDOWS\system32\hpzids01.dll
2008-07-23 10:05:14 ----A---- C:\WINDOWS\system32\hpzll5ha.dll
2008-07-23 10:04:32 ----RA---- C:\WINDOWS\system32\hppldcoi.dll
2008-07-23 10:04:32 ----RA---- C:\WINDOWS\system32\hpowiax3.dll
2008-07-23 10:04:32 ----RA---- C:\WINDOWS\system32\hpovst10.dll
2008-07-23 10:04:32 ----RA---- C:\WINDOWS\system32\hpotscl3.dll
2008-07-23 10:04:32 ----RA---- C:\WINDOWS\system32\difxapi.dll
2008-07-23 10:02:10 ----D---- C:\Documents and Settings\All Users\Application Data\HPSSUPPLY
2008-07-23 10:02:02 ----D---- C:\Documents and Settings\User\Application Data\HPAppData
2008-07-23 10:00:22 ----D---- C:\Documents and Settings\All Users\Application Data\HP Product Assistant
2008-07-23 10:00:21 ----D---- C:\Documents and Settings\All Users\Application Data\HP
2008-07-09 08:26:13 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-06-19 18:22:52 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-06-11 13:14:44 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-06-11 13:14:38 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-06-11 13:14:25 ----HDC---- C:\WINDOWS\$NtUninstallKB950759$
2008-06-11 13:14:18 ----HDC---- C:\WINDOWS\$NtUninstallKB950760$
2008-06-11 13:14:12 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$

List of drivers

R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-04 36096]
R1 MSFWHLPR;MSFWHLPR; C:\WINDOWS\system32\DRIVERS\msfwhlpr.sys [2007-11-27 116416]
R2 MSFWDrv;MSFWDrv; C:\WINDOWS\system32\DRIVERS\msfwdrv.sys [2007-11-27 91328]
R3 Afc;PPdus ASPI Shell; C:\WINDOWS\system32\drivers\Afc.sys [2005-02-23 11776]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-01-29 16168]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2007-03-08 49920]
R3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2007-03-08 16496]
R3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2007-03-08 21568]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2006-02-07 1399615]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-03-01 4484608]
R3 LVPr2Mon;Logitech LVPr2Mon Driver; C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys [2007-10-11 25624]
R3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\LVUSBSta.sys [2007-10-11 41752]
R3 MpFilter;Microsoft Malware Protection Driver; C:\WINDOWS\system32\DRIVERS\MpFilter.sys [2008-05-15 53168]
R3 qic157;qic157; C:\WINDOWS\system32\DRIVERS\qic157.sys [2004-08-03 6016]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-04 20480]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2006-01-04 243712]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-04 14848]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\HdAudio.sys [2005-01-07 145920]
S3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2004-08-04 9600]
S3 LVcKap;Logitech AEC Driver; C:\WINDOWS\system32\DRIVERS\LVcKap.sys [2007-10-19 2109976]
S3 LVMVDrv;Logitech Machine Vision Engine Loader; C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys [2007-10-11 2142488]
S3 MagEpNt;MagEpNt; C:\WINDOWS\system32\drivers\MagEpNt.sys [1997-06-12 26304]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 pepifilter;Volume Adapter; C:\WINDOWS\system32\DRIVERS\lv302af.sys [2007-10-11 13848]
S3 PID_PEPI;Logitech QuickCam IM(PID_PEPI); C:\WINDOWS\system32\DRIVERS\LV302V32.SYS [2007-10-11 1279000]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-02-18 30464]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-03 59264]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

List of services

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-02-18 110592]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2007-07-24 229376]
R2 GoToMyPC;GoToMyPC; C:\Program Files\Citrix\GoToMyPC\g2svc.exe [2007-06-20 258856]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
R2 LVCOMSer;LVCOMSer; C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe [2007-10-19 186904]
R2 LVPrcSrv;Process Monitor; C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2007-10-19 141848]
R2 msfwsvc;OneCare Firewall; C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe [2007-11-27 755264]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]
R2 OcHealthMon;Windows Live OneCare Health Monitor; C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe [2008-08-08 28200]
R2 OneCareMP;OneCare AntiSpyware and AntiVirus; C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe [2008-07-09 18704]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]
R2 winss;Windows Live OneCare; C:\Program Files\Microsoft Windows OneCare Live\winss.exe [2008-08-08 1126952]
R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-03-30 504104]
S2 LVSrvLauncher;LVSrvLauncher; C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe [2007-10-19 141848]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]

-----------------EOF-----------------
Go to the top of the page
 
+Quote Post
fenzodahl512
post Sep 9 2008, 10:37 AM
Post #4


Trusted Helper
Group Icon
Posts: 5,221
OS: Windows XP
Please uninstall SpyNoMore from your computer..


Please download the OTMoveIt2 by OldTimer <<mirror>>.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Let the Unregister Dll's and Ocx's remain ticked and Zip Files After Moves remain unticked..
  • Copy the codebox contents and paste it to the "Paste List of Files/Folders to Move" window (under the light Yellow bar)

    CODE
    [kill explorer]
    C:\WINDOWS\system32\lphcnooj0egfe.exe
    C:\Program Files\SpyNoMore
    C:\WINDOWS\system32\a.exe
    C:\WINDOWS\system32\windows_update.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FB9FFB4B-9680-4256-8178-5ECDB2C19B23}
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\lphcnooj0egfe
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SNM
    HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\\WINDOWS\\system32\\a.exe
    EmptyTemp
    purity
    [start explorer]

  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.




NEXT


Please download Malwarebytes' Anti-Malware from HERE or HERE

Note: If you already have Malwarebytes' Anti-Malware, just run and update it.. Then do a "Perform Full Scan"

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.




Post me these logs in your next reply.. Post each log in separate post..

1. OTMoveIt2
2. Malwarebytes'
3. A fresh RSIT log.txt (after Malwarebytes' step)
4. Tell me about your computer behaviour..
Go to the top of the page
 
+Quote Post
ChristineBin
post Sep 9 2008, 04:57 PM
Post #5


Member
**
Posts: 22
OS: windows xp

Thank you very much. I believe I removed spy no more when I downloaded set up one care. I couldn't find it in my Add or remove programs. Here is the OTMoveIt2.exe log

Unable to kill explorer.exe
File/Folder C:\WINDOWS\system32\lphcnooj0egfe.exe not found.
File/Folder C:\Program Files\SpyNoMore not found.
File/Folder C:\WINDOWS\system32\a.exe not found.
C:\WINDOWS\system32\windows_update.exe moved successfully.
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FB9FFB4B-9680-4256-8178-5ECDB2C19B23} >
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FB9FFB4B-9680-4256-8178-5ECDB2C19B23}\\ deleted successfully.
< HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\lphcnooj0egfe >
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\lphcnooj0egfe not found.
< HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SNM >
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SNM not found.
< HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\\WINDOWS\\system32\\a.exe >
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\\WINDOWS\\system32\\a.exe not found.
< EmptyTemp >
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_46c.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_9e0.dat scheduled to be deleted on reboot.
Temp folders emptied.
IE temp folders emptied.
< purity >
Explorer started successfully

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 09092008_175926

Files moved on Reboot...
File C:\WINDOWS\temp\Perflib_Perfdata_46c.dat not found!
File C:\WINDOWS\temp\Perflib_Perfdata_9e0.dat not found!
Go to the top of the page
 
+Quote Post
ChristineBin
post Sep 9 2008, 04:59 PM
Post #6


Member
**
Posts: 22
OS: windows xp
Here is the Maleware bytes log

Malwarebytes' Anti-Malware 1.27
Database version: 1133
Windows 5.1.2600 Service Pack 2

9/9/2008 6:36:21 PM
mbam-log-2008-09-09 (18-36-21).txt

Scan type: Full Scan (A:\|C:\|D:\|)
Objects scanned: 90111
Time elapsed: 20 minute(s), 48 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 13

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\Control Panel\Desktop\scrnsave.exe (Hijack.Wallpaper) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\tdssadw.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\tdssl.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\tdssserf.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\tdssmain.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\tdssinit.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\tdsslog.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\tdssservers.dat (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\drivers\tdssserv.sys (Trojan.Agent) -> Delete on reboot.
C:\Documents and Settings\User\Local Settings\Temp\.tt15.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Local Settings\Temp\.tt3.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Local Settings\Temp\.tt5.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Local Settings\Temp\.tt6.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Local Settings\Temp\.tt7.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
Go to the top of the page
 
+Quote Post
ChristineBin
post Sep 9 2008, 05:01 PM
Post #7


Member
**
Posts: 22
OS: windows xp
Here is my new RSIT log , after Malwarebytes

Logfile of random's system information tool (written by random/random)
Run by User at 2008-09-09 18:53:51
Microsoft Windows XP Professional Service Pack 2
System drive C: has 92 GB (80%) free of 114 GB
Total RAM: 503 MB (32% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:53:58 PM, on 9/9/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\KEYBOA~1\keyexp.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Citrix\GoToMyPC\g2svc.exe
C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\IncrediMail\bin\IMApp.exe
C:\Program Files\Citrix\GoToMyPC\g2comm.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Citrix\GoToMyPC\g2pre.exe
C:\Program Files\Citrix\GoToMyPC\g2tray.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\User\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\User.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.abebooks.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Watch for Browser Events - {42A7CE31-CEE7-4CCE-A060-A44A7E52E062} - C:\PROGRA~1\KEYBOA~1\kie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O3 - Toolbar: TextAloud - {F053C368-5458-45B2-9B4D-D8914BDDDBFF} - C:\PROGRA~1\TEXTAL~1\TAForIE.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [GoToMyPC] "C:\Program Files\Citrix\GoToMyPC\g2svc.exe" -logon
O4 - HKLM\..\Run: [EEventManager] C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\RunOnce: [WUAppSetup] C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x08d7 -f video -m logitech -d 10.5.0.1091 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [WUAppSetup] C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x08d7 -f video -m logitech -d 10.5.0.1091 (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Keyboard Express 3.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/dow...llerControl.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase5036.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: GoToMyPC - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToMyPC\g2svc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe

--
End of file - 7734 bytes

Scheduled tasks folder

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

Registry dump

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
HP Print Enhancer - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll [2007-03-02 1298024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{053F9267-DC04-4294-A72C-58F732D338C0}]
HP Print Clips - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll [2007-03-02 177768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{42A7CE31-CEE7-4CCE-A060-A44A7E52E062}]
Watch for Browser Events - C:\PROGRA~1\KEYBOA~1\kie.dll [2004-02-23 452608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll [2007-07-12 501136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{F053C368-5458-45B2-9B4D-D8914BDDDBFF} - TextAloud - C:\PROGRA~1\TEXTAL~1\TAForIE.dll [2007-08-25 658432]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"=C:\WINDOWS\system32\HDAShCut.exe [2005-01-07 61952]
"SkyTel"=C:\WINDOWS\SkyTel.EXE [2006-05-16 2879488]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2006-07-21 86016]
"AlcWzrd"=C:\WINDOWS\ALCWZRD.EXE [2006-05-04 2808832]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2006-02-07 94208]
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2006-02-07 77824]
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2006-02-07 118784]
"HPDJ Taskbar Utility"=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe [2002-03-18 188416]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe [2007-07-12 132496]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2007-11-15 185896]
"GoToMyPC"=C:\Program Files\Citrix\GoToMyPC\g2svc.exe [2007-06-20 258856]
"EEventManager"=C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe [2006-10-12 102400]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-03-11 49152]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-03-28 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-03-30 267048]
"LogitechCommunicationsManager"=C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe [2007-10-25 563984]
"LogitechQuickCamRibbon"=C:\Program Files\Logitech\QuickCam\Quickcam.exe [2007-10-25 2178832]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"OneCareUI"=C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe [2008-08-08 67112]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"IncrediMail"=C:\Program Files\IncrediMail\bin\IncMail.exe [2008-07-24 243072]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-10-13 1694208]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
HP Digital