Windows Security Alert [RESOLVED] |
Need a geek? Geeks to Go offers free, quality tech support -- in terms anyone can understand. Volunteers are waiting to help, friendly, technology experts who have knowledge to share, and enjoy helping others. Feel free to browse the site as a guest. However, you must log in to reply to existing topics, or to start a new topic of your own. Other benefits of joining include richer forum features, and removal of all advertising. Learn more in our Welcome Guide Infected? Malware and Spyware Cleaning Guide. What are you waiting for? Click here to join for free today!
 Aug 23 2008, 06:37 PM
Post
#1
|
|
|
Member  Posts: 18 OS: XP Media  |
Hi and thank you for looking at this topic, I have had some serious virus and malware problems on my computer. Using the link on this site....http://www.geekstogo.com/forum/Must-Read-Before-Posting-Hijackthis-Log-t2852.html....I have been able to resolve most of the issues. But, still I am getting the pop up that is called Windows Security Alert. It gives the option to "enable protection" but since that is the only option I am sure it is another ploy to suck me into more problems. So far I have taken all the steps in the above link. 1 ATF Cleaner 2 System Restore 3 Erunt 4 Dl'd and scanned w/ Anti-Malware 5 Avira Anti-vir 6 reboot Still I am getting pop ups of "Windows Security Alert" |
 |
 
|
 |
Replies
(15 - 28)
|
Aug 25 2008, 05:33 PM
Post
#16
|
|
|
Member Posts: 18 OS: XP Media |
OK Here is the information you requested. Thanks again for all your time on this topic.
 1. Javara log JavaRa 1.11 Removal Log. Report follows after line. ------------------------------------ The JavaRa removal process was started on Mon Aug 25 12:54:53 2008 Found and removed: C:\Windows\System32\jpicpl32.cpl Found and removed: Software\JavaSoft\Java2D\1.5.0_06 Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D510006 Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D510006 Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D510006 Found and removed: SOFTWARE\Classes\JavaPlugin.150_06 Found and removed: SOFTWARE\Classes\JavaWebStart.isInstalled.1.5.0.0 Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.5.0_06 Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5 Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5.0_06 Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D510006 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D510006 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0150060} Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.5.0_06 Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA} Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\ Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.5.0_06\ Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\core1.zip Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\core2.zip Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\core3.zip Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01 Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB} ------------------------------------ Finished reporting. 2. SUPERatispyware log SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 08/25/2008 at 02:14 PM Application Version : 4.15.1000 Core Rules Database Version : 3546 Trace Rules Database Version: 1535 Scan type : Complete Scan Total Scan Time : 00:49:58 Memory items scanned : 528 Memory threats detected : 0 Registry items scanned : 7467 Registry threats detected : 0 File items scanned : 73734 File threats detected : 16 Adware.Tracking Cookie C:\Documents and Settings\Paul Lehman\Cookies\paul_lehman@at.atwola[1].txt C:\Documents and Settings\Paul Lehman\Cookies\paul_lehman@redirect.clickshield[1].txt C:\Documents and Settings\Paul Lehman\Cookies\paul_lehman@tacoda[2].txt C:\Documents and Settings\Paul Lehman\Cookies\paul_lehman@insightexpressai[2].txt C:\Documents and Settings\Paul Lehman\Cookies\paul_lehman@kontera[2].txt C:\Documents and Settings\Paul Lehman\Cookies\paul_lehman@ads.ozonemedia.co[1].txt C:\Documents and Settings\Paul Lehman\Cookies\paul_lehman@atdmt[2].txt C:\Documents and Settings\Paul Lehman\Cookies\paul_lehman@ar.atwola[1].txt C:\Documents and Settings\Paul Lehman\Cookies\paul_lehman@advertising[2].txt C:\Documents and Settings\Paul Lehman\Cookies\paul_lehman@ad.yieldmanager[2].txt C:\Documents and Settings\Paul Lehman\Cookies\paul_lehman@doubleclick[1].txt C:\Documents and Settings\Paul Lehman\Cookies\paul_lehman@revsci[1].txt C:\Documents and Settings\Paul Lehman\Cookies\paul_lehman@statcounter[2].txt C:\Documents and Settings\Paul Lehman\Cookies\paul_lehman@2o7[1].txt C:\Documents and Settings\Paul Lehman\Cookies\paul_lehman@atwola[1].txt C:\Documents and Settings\Paul Lehman\Cookies\paul_lehman@questionmarket[1].txt .247realmedia.com [ C:\Documents and Settings\Sandy French.D13JKZB1.000\Application Data\Mozilla\Firefox\Profiles\mpfmotlb.default\cookies.txt ] .atdmt.com [ C:\Documents and Settings\Sandy French.D13JKZB1.000\Application Data\Mozilla\Firefox\Profiles\mpfmotlb.default\cookies.txt ] oasc09.247realmedia.com [ C:\Documents and Settings\Sandy French.D13JKZB1.000\Application Data\Mozilla\Firefox\Profiles\mpfmotlb.default\cookies.txt ] .doubleclick.net [ C:\Documents and Settings\Sandy French.D13JKZB1.000\Application Data\Mozilla\Firefox\Profiles\mpfmotlb.default\cookies.txt ] .adopt.euroclick.com [ C:\Documents and Settings\Sandy French.D13JKZB1.000\Application Data\Mozilla\Firefox\Profiles\mpfmotlb.default\cookies.txt ] .adopt.euroclick.com [ C:\Documents and Settings\Sandy French.D13JKZB1.000\Application Data\Mozilla\Firefox\Profiles\mpfmotlb.default\cookies.txt ] .adopt.euroclick.com [ C:\Documents and Settings\Sandy French.D13JKZB1.000\Application Data\Mozilla\Firefox\Profiles\mpfmotlb.default\cookies.txt ] .adopt.euroclick.com [ C:\Documents and Settings\Sandy French.D13JKZB1.000\Application Data\Mozilla\Firefox\Profiles\mpfmotlb.default\cookies.txt ] .adopt.euroclick.com [ C:\Documents and Settings\Sandy French.D13JKZB1.000\Application Data\Mozilla\Firefox\Profiles\mpfmotlb.default\cookies.txt ] adopt.euroclick.com [ C:\Documents and Settings\Sandy French.D13JKZB1.000\Application Data\Mozilla\Firefox\Profiles\mpfmotlb.default\cookies.txt ] .interclick.com [ C:\Documents and Settings\Sandy French.D13JKZB1.000\Application Data\Mozilla\Firefox\Profiles\mpfmotlb.default\cookies.txt ] .interclick.com [ C:\Documents and Settings\Sandy French.D13JKZB1.000\Application Data\Mozilla\Firefox\Profiles\mpfmotlb.default\cookies.txt ] .interclick.com [ C:\Documents and Settings\Sandy French.D13JKZB1.000\Application Data\Mozilla\Firefox\Profiles\mpfmotlb.default\cookies.txt ] .interclick.com [ C:\Documents and Settings\Sandy French.D13JKZB1.000\Application Data\Mozilla\Firefox\Profiles\mpfmotlb.default\cookies.txt ] .adrevolver.com [ C:\Documents and Settings\Sandy French.D13JKZB1.000\Application Data\Mozilla\Firefox\Profiles\mpfmotlb.default\cookies.txt ] ad.yieldmanager.com [ C:\Documents and Settings\Sandy French.D13JKZB1.000\Application Data\Mozilla\Firefox\Profiles\mpfmotlb.default\cookies.txt ] ad.yieldmanager.com [ C:\Documents and Settings\Sandy French.D13JKZB1.000\Application Data\Mozilla\Firefox\Profiles\mpfmotlb.default\cookies.txt ] .adrevolver.com [ C:\Documents and Settings\Sandy French.D13JKZB1.000\Application Data\Mozilla\Firefox\Profiles\mpfmotlb.default\cookies.txt ] .dynamic.media.adrevolver.com [ C:\Documents and Settings\Sandy French.D13JKZB1.000\Application Data\Mozilla\Firefox\Profiles\mpfmotlb.default\cookies.txt ] .adrevolver.com [ C:\Documents and Settings\Sandy French.D13JKZB1.000\Application Data\Mozilla\Firefox\Profiles\mpfmotlb.default\cookies.txt ] .dynamic.media.adrevolver.com [ C:\Documents and Settings\Sandy French.D13JKZB1.000\Application Data\Mozilla\Firefox\Profiles\mpfmotlb.default\cookies.txt ] .dynamic.media.adrevolver.com [ C:\Documents and Settings\Sandy French.D13JKZB1.000\Application Data\Mozilla\Firefox\Profiles\mpfmotlb.default\cookies.txt ] media.adrevolver.com [ C:\Documents and Settings\Sandy French.D13JKZB1.000\Application Data\Mozilla\Firefox\Profiles\mpfmotlb.default\cookies.txt ] 3. Kaspersky Log -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7 REPORT Monday, August 25, 2008 Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600) Kaspersky Online Scanner 7 version: 7.0.25.0 Program database last update: Monday, August 25, 2008 15:15:15 Records in database: 1144482 -------------------------------------------------------------------------------- Scan settings: Scan using the following database: extended Scan archives: yes Scan mail databases: yes Scan area - My Computer: C:\ D:\ Scan statistics: Files scanned: 75222 Threat name: 1 Infected objects: 1 Suspicious objects: 0 Duration of the scan: 01:24:32 File name / Threat name / Threats count C:\Documents and Settings\Paul Lehman\My Documents\LimeWire\Incomplete\T-5745425-13 adam where are you.mp3 Infected: Trojan-Downloader.WMA.Wimad.n 1 The selected area was scanned. 4. A. I haven't seen the little Windows Security Advisor yet today. B. When I do a google search sometimes there is a diverted page that comes up, not google results. I cannot go back to original google search page unless I click the recent pages down arrow on google search window, then find original search. This is random and seems like Google is being hijack occasionally. C. Otherwise things are working much better Thanks Andrew |
|
|
|
|
Aug 25 2008, 07:00 PM
Post
#17
|
|
 Trusted Helper  Posts: 4,971 From: London, UK OS: XP |
the kaspersky scan picked up one infected file, which we will remove and we will remove that other infected file. i am hoping that that infected file is the source of your google redirects.
====STEP 1==== 1. Close any open browsers. 2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. 3. Open notepad and copy/paste the text in the quotebox below into it: CODE File:: C:\Documents and Settings\Paul Lehman\My Documents\LimeWire\Incomplete\T-5745425-13 adam where are you.mp3 Folder:: C:\Program Files\ulidah Registry:: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] "SmartCfg"=- [-HKEY_CLASSES_ROOT\CLSID\{25FA3C78-998A-3FA4-63C7-09AA9587420F}] Save this as CFScript.txt, in the same location as ComboFix.exe  Refering to the picture above, drag CFScript into ComboFix.exe When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply. In your next reply could i see: 1. the combofix log 2. a new hijackthis log 3. some idea of how your machine is running now The text from these files may exceed the maximum post length for this forum. Hence, you may need to post the information over 2 or more posts. andrewuk |
|
|
|
|
Aug 25 2008, 10:17 PM
Post
#18
|
|
|
Member Posts: 18 OS: XP Media |
OK Andrew here are the logs you requested. As I have run a few different stresses on my computer everything seems to work well. I did have one pop-up from Antivir but I think that this is normal for the free version. It seems they push a little harder and actually use a pop up to inspire someone to buy the full version. Hmmmmm I will probably not keep Antivir and find another. What do you think of Nod32 or AVG?
I noticed the .mp3 file that was infected. I will speak with my daughter about dl'ing it seems that would be where it came from. Anyway thank you again for sharing your time and efforts with someone across the workld:) Much appreciated! Paul 1. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:08:21, on 8/25/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\spoolsv.exe c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\IoctlSvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\stsystra.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe C:\Program Files\Logitech\QuickCam10\QuickCam10.exe C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\WINDOWS\ehome\ehtray.exe C:\Program Files\Dell\Media Experience\DMXLauncher.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\WINDOWS\eHome\ehmsas.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Logitech\QuickCam10\COCIManager.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\WINDOWS\explorer.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=0061019 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://yahoo.sbc.com/dsl O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.509.5470\swg.dll O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe" O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [SkinClock] C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe O4 - HKCU\..\Run: [Yahoo! Pager] 1 O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Digital Line Detect.lnk = ? O4 - Global Startup: Event Reminder.lnk = C:\Program Files\PrintMaster Gold 18\Remind.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: ImTranslator - C:\PROGRA~1\SMARTL~1\IMTRAN~1\startup.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: ImTranslator - {AE436396-55E7-4ec4-AD6D-45E88A530A4C} - C:\PROGRA~1\SMARTL~1\IMTRAN~1\startup.html (HKCU) O9 - Extra 'Tools' menuitem: ImTranslator - {AE436396-55E7-4ec4-AD6D-45E88A530A4C} - C:\PROGRA~1\SMARTL~1\IMTRAN~1\startup.html (HKCU) O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1162680470588 O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{366A16A4-F3EC-4E8D-9C4A-90468D4D4759}: NameServer = 68.94.156.1 68.94.157.1 O17 - HKLM\System\CCS\Services\Tcpip\..\{66543450-3357-418D-82F4-73A105ABD9E6}: NameServer = 68.94.156.1 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\WildTangent\Apps\Dell Game Console\GameConsoleService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe -- End of file - 11398 bytes 2. ComboFix 08-08-24.03 - Paul Lehman 2008-08-25 20:23:22.4 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.599 [GMT -7:00] Running from: C:\Documents and Settings\Paul Lehman\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\Paul Lehman\Desktop\CFScript.txt * Created a new restore point FILE :: C:\Documents and Settings\Paul Lehman\My Documents\LimeWire\Incomplete\T-5745425-13 adam where are you.mp3 . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Paul Lehman\My Documents\LimeWire\Incomplete\T-5745425-13 adam where are you.mp3 C:\Program Files\ulidah C:\Program Files\ulidah\SmartCfg.dll . ((((((((((((((((((((((((( Files Created from 2008-07-26 to 2008-08-26 ))))))))))))))))))))))))))))))) . 2008-08-25 13:13 . 2008-08-25 13:13 <DIR> d-------- C:\Program Files\Sun 2008-08-25 13:13 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl 2008-08-22 18:55 . 2008-08-22 18:55 <DIR> d-------- C:\Program Files\Trend Micro 2008-08-22 18:01 . 2008-08-22 18:01 <DIR> d-------- C:\Program Files\Avira 2008-08-22 17:45 . 2008-08-22 18:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira 2008-08-22 00:32 . 2008-08-22 00:32 <DIR> d-------- C:\Program Files\Alwil Software 2008-08-22 00:17 . 2008-08-22 16:45 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-08-22 00:17 . 2008-08-22 00:17 <DIR> d-------- C:\Program Files\Common Files\Download Manager 2008-08-22 00:17 . 2008-08-22 00:17 <DIR> d-------- C:\Documents and Settings\Paul Lehman\Application Data\Malwarebytes 2008-08-22 00:17 . 2008-08-22 00:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-08-22 00:17 . 2008-08-17 15:01 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-08-22 00:17 . 2008-08-17 15:01 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-08-22 00:02 . 2008-08-22 00:02 <DIR> d-------- C:\Program Files\ERUNT 2008-08-21 20:24 . 2008-08-21 20:24 <DIR> d-------- C:\Program Files\Lavasoft 2008-08-21 20:24 . 2008-08-21 20:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-08-19 08:28 . 2008-08-19 08:28 <DIR> d-------- C:\Program Files\GSpot 2008-08-14 17:15 . 2008-08-14 17:15 <DIR> d-------- C:\Documents and Settings\Alida Lehman\Application Data\Nero 2008-08-14 17:02 . 2008-08-14 17:02 <DIR> d-------- C:\Documents and Settings\Sandy French.D13JKZB1.000\Application Data\Nero 2008-08-14 01:30 . 2008-08-14 01:31 <DIR> d-------- C:\Documents and Settings\Paul Lehman\Application Data\Folder Guard 2008-08-13 21:43 . 2008-03-03 14:25 5,702 --ah----- C:\WINDOWS\nod32restoretemdono.reg 2008-08-13 21:43 . 2008-03-03 18:21 568 --ah----- C:\WINDOWS\nod32fixtemdono.reg 2008-08-13 21:42 . 2008-08-13 21:42 <DIR> d-------- C:\Program Files\ESET 2008-08-13 21:42 . 2008-08-13 21:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ESET 2008-08-13 21:38 . 2008-08-13 21:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg8 2008-08-12 19:13 . 2008-08-12 19:13 <DIR> d-------- C:\Program Files\uTorrent 2008-08-12 18:17 . 2008-05-01 07:33 331,776 --------- C:\WINDOWS\system32\dllcache\msadce.dll 2008-08-12 18:15 . 2008-04-11 12:04 691,712 --------- C:\WINDOWS\system32\dllcache\inetcomm.dll 2008-08-11 12:58 . 2008-08-11 12:58 <DIR> d-------- C:\Program Files\Atomic Alarm Clock 2008-08-11 09:09 . 2008-08-20 11:46 69 --a------ C:\WINDOWS\NeroDigital.ini 2008-08-10 23:53 . 2008-08-10 23:53 <DIR> d-------- C:\Program Files\iPod 2008-08-10 23:53 . 2008-08-10 23:53 <DIR> d-------- C:\Documents and Settings\Paul Lehman\Application Data\Apple Computer 2008-08-10 23:52 . 2008-08-10 23:52 <DIR> d-------- C:\Program Files\QuickTime 2008-08-10 23:52 . 2008-08-10 23:53 <DIR> d-------- C:\Program Files\iTunes 2008-08-10 23:52 . 2008-08-10 23:52 <DIR> d-------- C:\Program Files\Bonjour 2008-08-10 23:52 . 2008-08-10 23:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer 2008-08-10 23:51 . 2008-08-10 23:51 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE 2008-08-10 23:51 . 2008-08-10 23:51 <DIR> d-------- C:\Program Files\Common Files\Apple 2008-08-10 23:51 . 2008-08-10 23:51 <DIR> d-------- C:\Program Files\Apple Software Update 2008-08-10 23:51 . 2008-08-10 23:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple 2008-08-10 23:36 . 2008-08-10 23:36 <DIR> d-------- C:\Program Files\MagicISO 2008-08-10 23:19 . 2008-08-10 23:19 <DIR> d-------- C:\Program Files\NeroInstall.bak 2008-08-10 23:17 . 2008-08-10 23:17 <DIR> d-------- C:\Documents and Settings\Paul Lehman\Application Data\Nero 2008-08-10 23:14 . 2008-08-10 23:14 <DIR> d-------- C:\Program Files\Nero 2008-08-10 23:14 . 2008-08-10 23:16 <DIR> d-------- C:\Program Files\Common Files\Nero 2008-08-10 23:14 . 2008-08-10 23:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nero 2008-08-10 23:03 . 2008-08-10 23:03 <DIR> d-------- C:\Documents and Settings\Paul Lehman\Application Data\Sonic 2008-08-10 23:02 . 2008-08-10 23:02 <DIR> d-------- C:\Documents and Settings\Paul Lehman\Application Data\Leadertech 2008-08-10 08:28 . 2008-08-10 08:28 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-08-10 08:28 . 2008-08-10 08:28 1,409 --a------ C:\WINDOWS\QTFont.for 2008-08-05 15:58 . 2008-08-05 15:58 <DIR> d-------- C:\WINDOWS\system32\scripting 2008-08-05 15:58 . 2008-08-05 15:58 <DIR> d-------- C:\WINDOWS\system32\en 2008-08-05 15:58 . 2008-08-05 15:58 <DIR> d-------- C:\WINDOWS\system32\bits 2008-08-05 15:58 . 2008-08-05 15:58 <DIR> d-------- C:\WINDOWS\l2schemas 2008-08-05 15:55 . 2008-08-05 15:55 <DIR> d-------- C:\WINDOWS\ServicePackFiles 2008-08-03 09:08 . 2008-04-13 17:12 1,737,856 --------- C:\WINDOWS\system32\mtxparhd.dll 2008-08-03 09:07 . 2004-08-03 22:41 1,041,536 --------- C:\WINDOWS\system32\drivers\hsfdpsp2.sys 2008-08-03 09:06 . 2008-04-13 17:11 1,888,992 --------- C:\WINDOWS\system32\ati3duag.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-08-26 03:16 --------- d-----w C:\Documents and Settings\Paul Lehman\Application Data\Skype 2008-08-25 23:07 --------- d-----w C:\Documents and Settings\Paul Lehman\Application Data\skypePM 2008-08-25 20:13 --------- d-----w C:\Program Files\Java 2008-08-25 19:49 --------- d-----w C:\Documents and Settings\Paul Lehman\Application Data\Vso 2008-08-23 03:18 --------- d-----w C:\Documents and Settings\Paul Lehman\Application Data\LimeWire 2008-08-23 00:39 --------- d-----w C:\Documents and Settings\Paul Lehman\Application Data\uTorrent 2008-08-22 03:38 --------- d-----w C:\Program Files\Spybot - Search & Destroy 2008-08-22 03:24 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-07-23 02:07 --------- d-----w C:\Program Files\LimeWire 2008-07-11 04:21 --------- d-----w C:\Program Files\Google 2008-07-07 20:26 253,952 ----a-w C:\WINDOWS\system32\es.dll 2008-07-07 20:26 253,952 ------w C:\WINDOWS\system32\dllcache\es.dll 2008-07-05 19:18 --------- d-----w C:\Documents and Settings\Sandy French.D13JKZB1.000\Application Data\DivX 2008-07-03 20:22 --------- d-----w C:\Program Files\AC3Filter 2008-07-03 20:17 --------- d-----w C:\Program Files\DivX 2008-06-26 02:15 --------- d-----w C:\Program Files\AVG 2008-06-26 02:11 --------- d-----w C:\Program Files\Symantec 2008-06-26 01:07 --------- d-----w C:\Program Files\SUPERAntiSpyware 2008-06-26 01:07 --------- d-----w C:\Documents and Settings\Paul Lehman\Application Data\SUPERAntiSpyware.com 2008-06-26 01:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com 2008-06-24 17:57 3,592,192 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll 2008-06-24 16:43 74,240 ----a-w C:\WINDOWS\system32\mscms.dll 2008-06-24 16:43 74,240 ------w C:\WINDOWS\system32\dllcache\mscms.dll 2008-06-24 06:34 82,432 ----a-w C:\WINDOWS\system32\IEDFix.C.exe 2008-06-23 09:20 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe 2008-06-23 09:20 625,664 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe 2008-06-23 09:20 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe 2008-06-21 05:23 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll 2008-06-20 17:46 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll 2008-06-20 17:46 245,248 ------w C:\WINDOWS\system32\dllcache\mswsock.dll 2008-06-20 17:46 147,968 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll 2008-06-20 11:51 361,600 ------w C:\WINDOWS\system32\dllcache\tcpip.sys 2008-06-20 11:40 138,496 ------w C:\WINDOWS\system32\dllcache\afd.sys 2008-06-20 11:08 225,856 ------w C:\WINDOWS\system32\dllcache\tcpip6.sys 2008-06-20 02:33 47,360 ----a-w C:\Documents and Settings\Paul Lehman\Application Data\pcouffin.sys 2008-06-18 17:52 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe 2008-06-13 11:05 272,128 ------w C:\WINDOWS\system32\dllcache\bthport.sys 2008-06-11 00:07 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe 2008-06-11 00:07 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll 2008-06-11 00:04 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll 2008-06-11 00:04 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll 2008-05-29 16:35 86,528 ----a-w C:\WINDOWS\system32\VACFix.exe 2008-03-07 18:50 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat 2006-11-05 02:11 88 --sh--r C:\WINDOWS\system32\04CFE8BB49.sys 2006-11-05 02:11 3,350 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys . ((((((((((((((((((((((((((((( snapshot@2008-08-23_22.34.51.01 ))))))))))))))))))))))))))))))))))))))))) . - 2005-11-10 16:27:06 49,248 ----a-w C:\WINDOWS\system32\java.exe + 2008-06-10 08:21:01 135,168 ----a-w C:\WINDOWS\system32\java.exe - 2005-11-10 16:27:16 49,250 ----a-w C:\WINDOWS\system32\javaw.exe + 2008-06-10 08:21:04 135,168 ----a-w C:\WINDOWS\system32\javaw.exe - 2005-11-10 18:03:54 127,078 ----a-w C:\WINDOWS\system32\javaws.exe + 2008-06-10 09:32:34 139,264 ----a-w C:\WINDOWS\system32\javaws.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Yahoo! Pager"="1" [X] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 17:12 15360] "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-28 10:33 1506544] "SkinClock"="C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe" [2008-05-20 21:57 1737216] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-07-10 21:21 39408] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2008-04-13 17:12 1695232] "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 17:07 1828136] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-08-18 18:41 1832272] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-06-16 06:39 7323648] "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 08:44 81920] "ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 08:44 249856] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-05-27 10:50 413696] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 14:28 266497] "NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2008-02-28 09:59 570664] "NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 16:29 2221352] "MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [2005-07-12 17:05 1117184] "LVCOMSX"="C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe" [2006-06-26 11:33 243248] "LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" [2006-06-26 11:34 614960] "LogitechCommunicationsManager"="C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe" [2006-06-26 10:46 497200] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 10:47 289064] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2004-09-13 15:49 49152] "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 12:01 67584] "DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 01:12 94208] "DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-09-08 03:20 122940] "AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 20:42 116040] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784] "SigmatelSysTrayApp"="stsystra.exe" [2006-08-15 01:00 282624 C:\WINDOWS\stsystra.exe] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 03:38:16 29696] Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-10-19 16:26:24 24576] Event Reminder.lnk - C:\Program Files\PrintMaster Gold 18\Remind.exe [2007-09-09 15:36:02 344064] HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-04 19:28:24 258048] HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-04 19:50:52 53248] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\LimeWire\\LimeWire.exe"= "C:\\Program Files\\Bonjour\\mDNSResponder.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= "C:\\Program Files\\uTorrent\\uTorrent.exe"= "C:\\Program Files\\Skype\\Phone\\Skype.exe"= S3 GameConsoleService;GameConsoleService;C:\Program Files\WildTangent\Apps\Dell Game Console\GameConsoleService.exe [2008-01-07 23:25] . Contents of the 'Scheduled Tasks' folder 2008-08-20 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57] . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-25 20:25:56 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-08-25 20:26:57 ComboFix-quarantined-files.txt 2008-08-26 03:26:54 ComboFix2.txt 2008-08-25 03:31:48 ComboFix3.txt 2008-08-24 05:36:15 Pre-Run: 126,492,860,416 bytes free Post-Run: 126,545,428,480 bytes free 214 --- E O F --- 2008-08-13 10:03:33 |
|
|
|
|
Aug 26 2008, 01:38 PM
Post
#19
|
|
|
Trusted Helper Posts: 4,971 From: London, UK OS: XP |
Hi Norgermish
congratulations, your logs are clean and another fix is in the can  QUOTE I did have one pop-up from Antivir but I think that this is normal for the free version. It seems they push a little harder and actually use a pop up to inspire someone to buy the full version. Hmmmmm I will probably not keep Antivir and find another. What do you think of Nod32 or AVG? yes, i notice that on antivir also. as for Nod32 or AVG, i am neutral as to which one you chose, they are as good as each other. if it comes down to a matter of cost then i dont think you can get a free Nod32 (you can get a 30 day trial), though i am happy to be proved wrong. For AVG, their free version can be found here. however, remember to only have one antivirus program on your machine and no matter how good the antivirus program, it is no use if other users of your machine open the doors to the bad guys. download the antivirus program you chose. disconnect from the internet. uninstall antivir via the add/remove programs in the control panel. and then install the antivirus program you downloaded. and then connect again to the internet.remember also to have a third party firewall installed. the windows firewall is not that great. if you dont have a third party firewall, then a good free firewall is comodo. in this post we will clear away the fix tools (this is so that should you ever be re-infected, you will download updated versions and it will also remove the quarantined Malware from your computer), reset your restore points (there will be infections lurking in there) and i will leave you with some ideas on how to enhance the protection of your machine against future infection. ====STEP 1==== Follow these steps to uninstall Combofix and tools used in the removal of malware and flush your system restore points
====IDEAS TO SPEED UP YOUR MACHINE==== this page http://users.telenet.be/bluepatchy/miekiem...owcomputer.html gives some good ideas on how to improve the efficiency of your machine and has one or two useful links to help your further. ====AND FINALLY==== The following is a list of tools and utilities that I like to suggest to people. This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.
To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein andrewuk |
|
|
|
|
Aug 27 2008, 03:34 PM
Post
#20
|
|
|
Member Posts: 18 OS: XP Media |
Great, it is good news. I appreciate your expertise in removing all this junk from my PC. I have noticed that all IE icons are gone now. It seems that I can't use IE anymore. I tried downloading IE7 again but it produced no icons, in desktop, start menu, or start/all programs. In the latter I see Internet Explorer but it only list web publisher when I place mouse over it. Rather strange effect. I have used Firefox and more recently decided to try the new Safari also. But IE has some favorites that I use and at this point can't get to them.
Anyway, I don't know if there is anyway to resolve it. I tried a few google searches and the remedies there don't seem to work. I want to thank you again for all your help and the complete cleansing of my machine. I have learned a lot through the process as well. Cheers, Paul Lehman |
|
|
|
|
Aug 27 2008, 03:55 PM
Post
#21
|
|
|
Trusted Helper Posts: 4,971 From: London, UK OS: XP |
it looks like you are running into the SP3 and IE issue.
lets see if this simple fix will work, which i have taken from the microsoft site: http://support.microsoft.com/kb/555849 (there are more details http://www.windowsreference.com/windows-xp...p-icon-missing/) either go through the steps in those links or follow the instructions below: The steps that I am about to suggest involve modifying the registry. Modfying the registry can be dangerous so we will make a backup of the registry first. Modification of the registry can be EXTREMELY dangerous if you do not know exactly what you are doing so follow the steps that are listed below EXACTLY. if you cannot preform some of these steps or if you have ANY questions please ask BEFORE proceeding. Backing Up Your Registry
 Registry Modifications Please open Notepad
Please copy the contents of the code box below into the notepad. To do this highlight the contents of the box and right click on it. Save it to your desktop has fixit.reg (filetype = any) CODE Windows Registry Editor Version 5.00 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel] "{871C5380-42A0-1069-A2EA-08002B30309D}"=dword:00000000 NOTICE: This file was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating sysytem Locate fixit.reg on your Desktop and double-click on it. You will receive a prompt similar to: "Do you wish to merge the information into the registry?". Answer "Yes" and wait for a message to appear similar to "Merged Successfully". Please reply back letting me know if it merged correctly. (In case you are unsure how to create a reg file, take a look here with screenshots.) right click on desktop and click “Refresh”. let me know how it all goes. andrewuk This post has been edited by andrewuk: Aug 27 2008, 03:57 PM |
|
|
|
|
Aug 29 2008, 02:54 PM
Post
#22
|
|
|
Member Posts: 18 OS: XP Media |
Hi Andrew,
Sorry about the delay in reply. I tried everything you asked and still no icon. I don't understand what happened. If you have any other suggestions I would appreciate it. I have done some googling and the few suggestions I found were similar to your previous post. |
|
|
|
|
Aug 29 2008, 05:35 PM
Post
#23
|
|
|
Trusted Helper Posts: 4,971 From: London, UK OS: XP |
ok, lets try another regfix, if this does not work i will push you in the direction of another part of the forum which should be able to help you out:
Please open Notepad
Please copy the contents of the code box below into the notepad. To do this highlight the contents of the box and right click on it. Save it to your desktop has fixit.reg (filetype = any) CODE Windows Registry Editor Version 5.00 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoInternetIcon"=dword:00000000 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoInternetIcon"=dword:00000000 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel] "{871C5380-42A0-1069-A2EA-08002B30309D}"=dword:00000000 NOTICE: This file was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating sysytem Locate fixit.reg on your Desktop and double-click on it. You will receive a prompt similar to: "Do you wish to merge the information into the registry?". Answer "Yes" and wait for a message to appear similar to "Merged Successfully". Please reply back letting me know if it merged correctly. (In case you are unsure how to create a reg file, take a look here with screenshots.) right click on desktop and click “Refresh”. let me know how it goes. |
|
|
|
|
Aug 30 2008, 10:54 PM
Post
#24
|
|
|
Member Posts: 18 OS: XP Media |
Hi Andrew,
I copied the code to notepad and saved to desktop. Double clicked Fixit and it did as you said. Still no icon:( I was really hoping for it too:) Thanks again:) |
|
|
|
|
Aug 30 2008, 11:35 PM
Post
#25
|
|
|
Trusted Helper Posts: 4,971 From: London, UK OS: XP |
ok, i am pretty sure this is not a malware issue, i am fairly certain it is a SP3 and Internet Explorer issue as no doubt you would have read in your own research on google, but before i send you to another part of the forum lets bring down a fuller picture of your machine:
Download OTViewIt to your desktop.
|
|
|
|
|
Aug 31 2008, 07:02 PM
Post
#26
|
|
|
Member Posts: 18 OS: XP Media |
OTViewIt logfile created on: 8/31/2008 5:59:54 PM - Run 1
OTViewIt by OldTimer - Version 1.0.1.7 Folder = C:\Documents and Settings\Paul Lehman\Desktop Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.17184) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1022.42 Mb Total Physical Memory | 467.08 Mb Available Physical Memory | 45.68% Memory free 2.40 Gb Paging File | 1.92 Gb Available in Paging File | 79.88% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 144.31 Gb Total Space | 120.02 Gb Free Space | 83.17% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: D13JKZB1 Current User Name: Paul Lehman Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Whitelist: On ===== Processes - Non-Microsoft Only ===== [06/26/2006 11:33 AM | 00,099,888 | ---- | M] (Logitech Inc.) - c:\Program Files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe [02/20/2008 11:08 AM | 00,472,320 | ---- | M] (ESET) - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [12/19/2006 09:30 AM | 00,081,920 | ---- | M] (Prolific Technology Inc.) - C:\WINDOWS\system32\IoctlSvc.exe [06/26/2006 11:33 AM | 00,243,248 | ---- | M] (Logitech Inc.) - C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe [02/20/2008 11:06 AM | 01,443,072 | ---- | M] (ESET) - C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [08/26/2008 03:43 PM | 01,576,176 | ---- | M] (SUPERAntiSpyware.com) - C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE [05/20/2008 09:57 PM | 01,737,216 | ---- | M] () - C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe [08/18/2008 06:41 PM | 01,832,272 | RHS- | M] (Safer Networking Limited) - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [07/02/2008 06:52 PM | 00,307,712 | ---- | M] (Mozilla Corporation) - C:\Program Files\Mozilla Firefox\firefox.exe ===== Win32 Services - Non-Microsoft Only ===== (EhttpSrv) Eset HTTP Server [On_Demand | Stopped] [02/20/2008 11:14 AM | 00,019,200 | ---- | M] (ESET) - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe (ekrn) Eset Service [Auto | Running] [02/20/2008 11:08 AM | 00,472,320 | ---- | M] (ESET) - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (GameConsoleService) GameConsoleService [On_Demand | Stopped] [01/07/2008 11:25 PM | 00,181,784 | ---- | M] (WildTangent, Inc.) - C:\Program Files\WildTangent\Apps\Dell Game Console\GameConsoleService.exe (LVPrcSrv) Logitech Process Monitor [Auto | Running] [06/26/2006 11:33 AM | 00,099,888 | ---- | M] (Logitech Inc.) - c:\Program Files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe (LVSrvLauncher) LVSrvLauncher [Auto | Stopped] [06/26/2006 11:33 AM | 00,091,696 | ---- | M] (Logitech Inc.) - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe (PLFlash DeviceIoControl Service) PLFlash DeviceIoControl Service [Auto | Running] [12/19/2006 09:30 AM | 00,081,920 | ---- | M] (Prolific Technology Inc.) - C:\WINDOWS\system32\IoctlSvc.exe (TuneUp.Defrag) TuneUp Drive Defrag Service [On_Demand | Stopped] [08/26/2008 03:47 PM | 00,354,560 | ---- | M] (TuneUp Software GmbH) - C:\WINDOWS\system32\TuneUpDefragService.exe ===== Driver Services - Non-Microsoft Only ===== (AmdK8) AMD Processor Driver [System | Running] [06/18/2006 07:37 PM | 00,036,864 | ---- | M] (Advanced Micro Devices) - C:\WINDOWS\system32\drivers\AmdK8.sys (ASCTRM) ASCTRM [Auto | Running] [10/19/2006 04:28 PM | 00,008,552 | ---- | M] (Windows ® 2000 DDK provider) - C:\WINDOWS\System32\drivers\asctrm.sys (catchme) catchme [On_Demand | Stopped] File not found - C:\ComboFix\catchme.sys (DSproct) DSproct [On_Demand | Stopped] [01/10/2006 10:07 AM | 00,004,864 | ---- | M] (GTek Technologies Ltd.) - C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys (E100B) Intel® PRO Adapter Driver [On_Demand | Stopped] [08/17/2001 10:12 AM | 00,117,760 | ---- | M] (Intel Corporation) - C:\WINDOWS\system32\drivers\e100b325.sys (eamon) eamon [Auto | Running] [02/20/2008 11:01 AM | 00,039,944 | ---- | M] (ESET) - C:\WINDOWS\system32\drivers\eamon.sys (easdrv) easdrv [System | Running] [02/20/2008 11:02 AM | 00,029,704 | ---- | M] (ESET) - C:\WINDOWS\system32\drivers\easdrv.sys (epfwtdir) epfwtdir [System | Running] [02/20/2008 11:11 AM | 00,033,800 | ---- | M] () - C:\WINDOWS\system32\drivers\epfwtdir.sys (FilterService) UVC Filter Service [On_Demand | Stopped] [06/22/2006 03:29 PM | 00,020,272 | R--- | M] (Logitech Inc.) - C:\WINDOWS\system32\drivers\lvuvcflt.sys (LVcKap) Logitech AEC Driver [On_Demand | Stopped] [06/26/2006 11:33 AM | 01,587,632 | ---- | M] (Logitech Inc.) - C:\WINDOWS\system32\drivers\Lvckap.sys (LVMVDrv) Logitech Machine Vision Engine Loader [On_Demand | Stopped] [06/26/2006 11:33 AM | 01,952,816 | ---- | M] (Logitech Inc.) - C:\WINDOWS\system32\drivers\LVMVdrv.sys (lvpopflt) Logitech POP Suppression Filter [On_Demand | Stopped] [06/22/2006 03:29 PM | 01,413,424 | R--- | M] (Logitech Inc.) - C:\WINDOWS\system32\drivers\lvpopflt.sys (LVPr2Mon) Logitech LVPr2Mon Driver [On_Demand | Running] [06/26/2006 11:33 AM | 00,023,472 | ---- | M] () - C:\WINDOWS\system32\drivers\LVPr2Mon.sys (lvselsus) Logitech Selective Suspend Filter [On_Demand | Stopped] [06/22/2006 03:29 PM | 00,055,984 | R--- | M] (Logitech Inc.) - C:\WINDOWS\system32\drivers\lvselsus.sys (LVUSBSta) Logitech USB Monitor Filter [On_Demand | Running] [06/22/2006 03:29 PM | 00,038,960 | R--- | M] (Logitech Inc.) - C:\WINDOWS\system32\drivers\LVUSBSta.sys (LVUVC) Logitech QuickCam Pro 5000(UVC) [On_Demand | Stopped] [06/22/2006 03:29 PM | 00,961,072 | R--- | M] (Logitech Inc.) - C:\WINDOWS\system32\drivers\lvuvc.sys (mraid35x) mraid35x [Disabled | Stopped] [08/17/2001 11:52 AM | 00,017,280 | ---- | M] (American Megatrends Inc.) - C:\WINDOWS\system32\drivers\mraid35x.sys (MREMPR5) MREMPR5 NDIS Protocol Driver [On_Demand | Stopped] [11/22/2004 04:36 PM | 00,019,345 | ---- | M] (Motive, Inc.) - C:\Program Files\Common Files\Motive\MREMPR5.sys (MRENDIS5) MRENDIS5 NDIS Protocol Driver [On_Demand | Stopped] [11/22/2004 04:36 PM | 00,018,003 | ---- | M] (Motive, Inc.) - C:\Program Files\Common Files\Motive\MRENDIS5.sys (NAVAP) NAVAP [On_Demand | Stopped] File not found - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\NAVAP.sys (NAVAPEL) NAVAPEL [Auto | Stopped] File not found - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\NAVAPEL.SYS (NAVENG) NAVENG [On_Demand | Stopped] File not found - C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20080625.003\NAVENG.sys (NAVEX15) NAVEX15 [On_Demand | Stopped] File not found - C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20080625.003\NAVEX15.sys (pcouffin) VSO Software pcouffin [On_Demand | Running] [06/19/2008 07:33 PM | 00,047,360 | ---- | M] (VSO Software) - C:\WINDOWS\system32\drivers\pcouffin.sys (SASDIFSV) SASDIFSV [System | Running] [05/28/2008 10:33 AM | 00,008,944 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) - C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SASENUM) SASENUM [On_Demand | Running] [05/28/2008 10:33 AM | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) - C:\Program Files\SUPERAntiSpyware\SASENUM.SYS (SASKUTIL) SASKUTIL [System | Running] [05/28/2008 10:33 AM | 00,055,024 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) - C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (Sparrow) Sparrow [Disabled | Stopped] [08/17/2001 12:07 PM | 00,019,072 | ---- | M] (Adaptec, Inc.) - C:\WINDOWS\system32\drivers\sparrow.sys (wanatw) WAN Miniport (ATW) [On_Demand | Stopped] File not found - C:\WINDOWS\System32\DRIVERS\wanatw4.sys ========== Run Keys ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AppleSyncNotifier" = C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [07/22/2008 08:42 PM | 00,116,040 | ---- | M] (Apple Inc.) "DLA" = C:\WINDOWS\System32\DLA\DLACTRLW.EXE [09/08/2005 03:20 AM | 00,122,940 | ---- | M] (Sonic Solutions) "egui" = "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice [02/20/2008 11:06 AM | 01,443,072 | ---- | M] (ESET) "ISUSPM Startup" = "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup [06/10/2005 08:44 AM | 00,249,856 | ---- | M] (InstallShield Software Corporation) "ISUSScheduler" = "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start [06/10/2005 08:44 AM | 00,081,920 | ---- | M] (InstallShield Software Corporation) "iTunesHelper" = "C:\Program Files\iTunes\iTunesHelper.exe" [07/30/2008 10:47 AM | 00,289,064 | ---- | M] (Apple Inc.) "LVCOMSX" = "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe" [06/26/2006 11:33 AM | 00,243,248 | ---- | M] (Logitech Inc.) "NeroFilterCheck" = C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [02/28/2008 09:59 AM | 00,570,664 | ---- | M] (Nero AG) "NvCplDaemon" = RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup [06/16/2006 06:39 AM | 07,323,648 | ---- | M] (NVIDIA Corporation) "SunJavaUpdateSched" = "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [06/10/2008 04:27 AM | 00,144,784 | ---- | M] (Sun Microsystems, Inc.) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "load" = Reg Error: Value load does not exist or could not be read. "run" = Reg Error: Value run does not exist or could not be read. [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SkinClock" = C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe [05/20/2008 09:57 PM | 01,737,216 | ---- | M] () "SpybotSD TeaTimer" = C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [08/18/2008 06:41 PM | 01,832,272 | RHS- | M] (Safer Networking Limited) "SUPERAntiSpyware" = C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [08/26/2008 03:43 PM | 01,576,176 | ---- | M] (SUPERAntiSpyware.com) [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "load" = Reg Error: Value load does not exist or could not be read. "run" = Reg Error: Value run does not exist or could not be read. ========== Startup Folders ========== [All Users Startup Folder - C:\Documents and Settings\All Users\Start Menu\Programs\Startup] [Paul Lehman Startup Folder - C:\Documents and Settings\Paul Lehman\Start Menu\Programs\Startup] ========== BHO's ========== [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] HKLM CLSID: (Adobe PDF Reader Link Helper) - [12/18/2006 04:16 AM | 00,059,032 | ---- | M] (Adobe Systems Incorporated) C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}] HKLM CLSID: (Spybot-S&D IE Protection) - [01/28/2008 11:43 AM | 01,554,256 | ---- | M] (Safer Networking Limited) C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}] HKLM CLSID: (DriveLetterAccess) - [09/08/2005 03:20 AM | 00,110,652 | ---- | M] (Sonic Solutions) C:\WINDOWS\system32\DLA\DLASHX_W.DLL [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] HKLM CLSID: (SSVHelper Class) - [06/10/2008 04:27 AM | 00,509,328 | ---- | M] (Sun Microsystems, Inc.) C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}] HKLM CLSID: (Google Toolbar Helper) - [08/14/2008 07:34 AM | 00,193,136 | ---- | M] () C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}] HKLM CLSID: (Google Toolbar Notifier BHO) - [07/10/2008 09:21 PM | 00,651,760 | ---- | M] (Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\4.1.509.5470\swg.dll [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}] HKLM CLSID: (CBrowserHelperObject Object) - [08/30/2006 09:58 AM | 00,094,208 | ---- | M] (Dell Inc.) C:\Program Files\BAE\BAE.dll ========== Toolbars ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar] "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" HKLM CLSID: (&Google Toolbar) - [08/14/2008 07:34 AM | 00,193,136 | ---- | M] () C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{2318C2B1-4965-11D4-9B18-009027A5CD4F}" HKLM CLSID: (&Google Toolbar) - [08/14/2008 07:34 AM | 00,193,136 | ---- | M] () C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ========== AppInit_Dlls ========== ========== Shell Execute Hooks ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}" = HKLM CLSID: (SABShellExecuteHook Class) - [05/13/2008 10:13 AM | 00,077,824 | ---- | M] (SuperAdBlocker.com) C:\Program Files\SUPERAntiSpyware\SASSEH.DLL ========== HKLM Security Providers ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders] "msapsspc.dllschannel.dlldigest.dllmsnsspc.dll" - File not found ========== HKLM Winlogon Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell] "Explorer.exe" - [04/13/2008 05:12 PM | 01,033,728 | ---- | M] (Microsoft Corporation) C:\WINDOWS\explorer.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit] "C:\WINDOWS\system32\userinit.exe" - [04/13/2008 05:12 PM | 00,026,112 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\userinit.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost] "logonui.exe" - [04/13/2008 05:12 PM | 00,514,560 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\logonui.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet] "rundll32 shell32" - [04/13/2008 05:12 PM | 08,461,312 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll "Control_RunDLL "sysdm.cpl"" - [04/13/2008 05:12 PM | 00,300,544 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\sysdm.cpl ========== User's Winlogon Settings ========== ========== Winlogon Notify Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon] "DllName" = C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [08/26/2008 03:43 PM | 00,352,256 | ---- | M] (SUPERAntiSpyware.com) ========== Policies ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer] "NoCDBurning" = 0 "NoDriveAutoRun" = 67108863 "NoDriveTypeAutoRun" = 255 "NoDrives" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System] "dontdisplaylastusername" = 0 "legalnoticecaption" = "legalnoticetext" = "shutdownwithoutlogon" = 1 "undockwithoutlogon" = 1 "InstallVisualStyle" = C:\WINDOWS\Resources\Themes\Royale\Royale.mss File not found "InstallTheme" = C:\WINDOWS\Resources\Themes\Royale.the File not found "DisableRegistryTools" = 0 "HideLegacyLogonScripts" = 0 "HideLogoffScripts" = 0 "RunLogonScriptSync" = 1 "RunStartupScriptSync" = 0 "HideStartupScripts" = 0 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer] "NoDriveTypeAutoRun" = 145 "NoDrives" = 0 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System] "HideLegacyLogonScripts" = 0 "HideLogoffScripts" = 0 "RunLogonScriptSync" = 1 "RunStartupScriptSync" = 0 "HideStartupScripts" = 0 "DisableRegistryTools" = 0 ========== Lsa Authentication Packages ========== ========== Lsa Security Packages ========== ========== Desktop Components ========== ========== Safeboot Options ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot] "AlternateShell" = cmd.exe ========== Disabled MsConfig Items ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state] "system.ini" = 0 "win.ini" = 0 "bootini" = 0 "services" = 0 "startup" = 0 ========== CDRom AutoRun Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] "AutoRun" = 1 ========== Autorun Files on Drives ========== AUTOEXEC.BAT [] [08/16/2005 02:43 AM | 00,000,000 | ---- | M] () C:\AUTOEXEC.BAT [ NTFS ] ========== MountPoints2 ========== ========== DNS Name Servers ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{311B0AA5-0DF7-41BF-91FC-809479FC1C76}] Servers: | Description: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{66543450-3357-418D-82F4-73A105ABD9E6}] Servers: 68.94.156.1 | Description: Broadcom 440x 10/100 Integrated Controller ========== Hosts File ========== HOSTS File = (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts First 25 entries... 127.0.0.1 localhost ========== Files/Folders - Created Within 30 days ========== [08/22/2008 07:02 AM | 10,721,56672 | -HS- | C] () - C:\hiberfil.sys [08/23/2008 10:27 PM | 00,000,209 | ---- | C] () - C:\Boot.bak [08/23/2008 10:27 PM | 00,260,272 | ---- | C] () - C:\cmldr [08/23/2008 10:27 PM | ---D | C] - C:\cmdcons [08/25/2008 09:08 PM | -HSD | C] - C:\RECYCLER [08/26/2008 10:23 PM | ---D | C] - C:\ComboFix [08/03/2008 09:06 AM | 00,064,352 | ---- | C] () - C:\WINDOWS\System32\drivers\ativmc20.cod [08/03/2008 09:06 AM | 00,129,045 | ---- | C] () - C:\WINDOWS\System32\drivers\cxthsfs2.cty [08/03/2008 09:08 AM | 00,067,866 | ---- | C] () - C:\WINDOWS\System32\drivers\netwlan5.img [5 C:\WINDOWS\System32\*.tmp files] [08/03/2008 09:07 AM | 00,000,974 | ---- | C] () - C:\WINDOWS\System32\pid.inf [08/05/2008 03:58 PM | ---D | C] - C:\WINDOWS\System32\bits [08/05/2008 03:58 PM | ---D | C] - C:\WINDOWS\System32\en [08/05/2008 03:58 PM | ---D | C] - C:\WINDOWS\System32\scripting [08/10/2008 11:51 PM | ---D | C] - C:\WINDOWS\System32\DRVSTORE [08/26/2008 03:46 PM | 00,028,416 | ---- | C] (TuneUp Software GmbH) - C:\WINDOWS\System32\uxtuneup.dll [08/26/2008 03:46 PM | 00,354,560 | ---- | C] (TuneUp Software GmbH) - C:\WINDOWS\System32\TuneUpDefragService.exe [1 C:\WINDOWS\*.tmp files] [08/05/2008 03:49 PM | -H-D | C] - C:\WINDOWS\$NtServicePackUninstall$ [08/05/2008 03:55 PM | ---D | C] - C:\WINDOWS\ServicePackFiles [08/05/2008 03:58 PM | ---D | C] - C:\WINDOWS\l2schemas [08/05/2008 07:49 PM | ---D | C] - C:\WINDOWS\Prefetch [08/10/2008 08:28 AM | 00,001,409 | ---- | C] () - C:\WINDOWS\QTFont.for [08/10/2008 08:28 AM | 00,054,156 | -H-- | C] () - C:\WINDOWS\QTFont.qfn [08/11/2008 09:09 AM | 00,000,069 | ---- | C] () - C:\WINDOWS\NeroDigital.ini [08/13/2008 09:43 PM | 00,000,568 | -H-- | C] () - C:\WINDOWS\nod32fixtemdono.reg [08/13/2008 09:43 PM | 00,005,702 | -H-- | C] () - C:\WINDOWS\nod32restoretemdono.reg [08/22/2008 12:03 AM | ---D | C] - C:\WINDOWS\ERDNT [08/25/2008 08:27 PM | ---D | C] - C:\WINDOWS\temp [08/27/2008 01:03 PM | -H-D | C] - C:\WINDOWS\ie8 [08/27/2008 01:05 PM | ---D | C] - C:\WINDOWS\ie8updates [08/10/2008 11:51 PM | 00,000,284 | ---- | C] () - C:\WINDOWS\tasks\AppleSoftwareUpdate.job [08/26/2008 03:46 PM | 00,000,498 | ---- | C] () - C:\WINDOWS\tasks\1-Click Maintenance.job [08/10/2008 11:14 PM | ---D | C] - C:\Documents and Settings\All Users\Application Data\Nero [08/10/2008 11:51 PM | ---D | C] - C:\Documents and Settings\All Users\Application Data\Apple [08/10/2008 11:52 PM | ---D | C] - C:\Documents and Settings\All Users\Application Data\Apple Computer [08/13/2008 09:38 PM | ---D | C] - C:\Documents and Settings\All Users\Application Data\Avg8 [08/13/2008 09:42 PM | ---D | C] - C:\Documents and Settings\All Users\Application Data\ESET [08/22/2008 05:45 PM | ---D | C] - C:\Documents and Settings\All Users\Application Data\Avira [08/22/2008 12:17 AM | ---D | C] - C:\Documents and Settings\All Users\Application Data\Malwarebytes [08/26/2008 03:46 PM | ---D | C] - C:\Documents and Settings\All Users\Application Data\TuneUp Software [08/10/2008 11:02 PM | ---D | C] - C:\Documents and Settings\Paul Lehman\Application Data\Leadertech [08/10/2008 11:03 PM | ---D | C] - C:\Documents and Settings\Paul Lehman\Application Data\Sonic [08/10/2008 11:17 PM | ---D | C] - C:\Documents and Settings\Paul Lehman\Application Data\Nero [08/10/2008 11:53 PM | ---D | C] - C:\Documents and Settings\Paul Lehman\Application Data\Apple Computer [08/11/2008 12:58 PM | 00,000,525 | ---- | C] () - C:\Documents and Settings\Paul Lehman\Application Data\alarms.ini [08/11/2008 12:58 PM | 00,000,745 | ---- | C] () - C:\Documents and Settings\Paul Lehman\Application Data\AtomicAlarmClock.ini [08/14/2008 01:30 AM | ---D | C] - C:\Documents and Settings\Paul Lehman\Application Data\Folder Guard [08/22/2008 12:17 AM | ---D | C] - C:\Documents and Settings\Paul Lehman\Application Data\Malwarebytes [08/26/2008 03:46 PM | ---D | C] - C:\Documents and Settings\Paul Lehman\Application Data\TuneUp Software [08/10/2008 11:19 PM | ---D | C] - C:\Documents and Settings\Paul Lehman\Local Settings\Application Data\Ahead [08/10/2008 11:50 PM | ---D | C] - C:\Documents and Settings\Paul Lehman\Local Settings\Application Data\Apple Computer [08/10/2008 11:51 PM | ---D | C] - C:\Documents and Settings\Paul Lehman\Local Settings\Application Data\Apple [08/20/2008 12:10 PM | ---D | C] - C:\Documents and Settings\Paul Lehman\Local Settings\Application Data\ESET [08/14/2008 12:54 AM | ---D | C] - C:\Documents and Settings\Paul Lehman\My Documents\chat [08/14/2008 08:16 AM | ---D | C] - C:\Documents and Settings\Paul Lehman\Desktop\craigs list [08/22/2008 07:17 AM | ---D | C] - C:\Documents and Settings\Paul Lehman\Desktop\Spyware Virus repair tools [08/22/2008 08:01 PM | ---D | C] - C:\Documents and Settings\Paul Lehman\Desktop\Incomplete [08/22/2008 08:01 PM | ---D | C] - C:\Documents and Settings\Paul Lehman\Desktop\New Folder [08/26/2008 03:46 PM | 00,000,613 | ---- | C] () - C:\Documents and Settings\Paul Lehman\Desktop\TuneUp 1-Click Maintenance.lnk [08/26/2008 03:46 PM | 00,000,833 | ---- | C] () - C:\Documents and Settings\Paul Lehman\Desktop\TuneUp Utilities 2008.lnk [08/27/2008 04:34 PM | 00,000,592 | ---- | C] () - C:\Documents and Settings\Paul Lehman\Desktop\ERUNT.lnk [08/27/2008 04:34 PM | 00,000,611 | ---- | C] () - C:\Documents and Settings\Paul Lehman\Desktop\NTREGOPT.lnk [08/27/2008 04:37 PM | 00,000,198 | ---- | C] () - C:\Documents and Settings\Paul Lehman\Desktop\fixit.reg [08/28/2008 09:15 AM | 00,001,778 | ---- | C] () - C:\Documents and Settings\Paul Lehman\Desktop\ImTranslator for IE.lnk [08/28/2008 09:15 AM | 00,234,062 | ---- | C] () - C:\Documents and Settings\Paul Lehman\Desktop\imtranslatorie3.exe [08/10/2008 11:14 PM | ---D | C] - C:\Program Files\Common Files\Nero [08/10/2008 11:51 PM | ---D | C] - C:\Program Files\Common Files\Apple [08/22/2008 12:17 AM | ---D | C] - C:\Program Files\Common Files\Download Manager [08/10/2008 10:57 PM | ---D | C] - C:\Program Files\WinZip [08/10/2008 11:14 PM | ---D | C] - C:\Program Files\Nero [08/10/2008 11:19 PM | ---D | C] - C:\Program Files\NeroInstall.bak [08/10/2008 11:35 PM | ---D | C] - C:\Program Files\WinRAR [08/10/2008 11:36 PM | ---D | C] - C:\Program Files\MagicISO [08/10/2008 11:52 PM | ---D | C] - C:\Program Files\Bonjour [08/10/2008 11:52 PM | ---D | C] - C:\Program Files\iTunes [08/10/2008 11:52 PM | ---D | C] - C:\Program Files\QuickTime [08/10/2008 11:53 PM | ---D | C] - C:\Program Files\iPod [08/11/2008 12:58 PM | ---D | C] - C:\Program Files\Atomic Alarm Clock [08/12/2008 07:13 PM | ---D | C] - C:\Program Files\uTorrent [08/13/2008 09:42 PM | ---D | C] - C:\Program Files\ESET [08/19/2008 08:28 AM | ---D | C] - C:\Program Files\GSpot [08/21/2008 11:38 PM | ---D | C] - C:\Program Files\HijackThis [08/22/2008 06:55 PM | ---D | C] - C:\Program Files\Trend Micro [08/22/2008 12:02 AM | ---D | C] - C:\Program Files\ERUNT [08/22/2008 12:17 AM | ---D | C] - C:\Program Files\Malwarebytes' Anti-Malware [08/22/2008 12:32 AM | ---D | C] - C:\Program Files\Alwil Software [08/25/2008 01:13 PM | ---D | C] - C:\Program Files\Sun [08/26/2008 03:45 PM | ---D | C] - C:\Program Files\TuneUp Utilities 2008 [08/27/2008 01:38 PM | ---D | C] - C:\Program Files\Apple Software Update [08/27/2008 01:38 PM | ---D | C] - C:\Program Files\Safari ========== Files - Modified Within 30 days ========== [08/05/2008 03:52 PM | 00,250,048 | RHS- | M] () - C:\ntldr [08/23/2008 05:38 PM | 00,000,209 | ---- | M] () - C:\Boot.bak [08/24/2008 07:42 PM | 00,000,279 | RHS- | M] () - C:\boot.ini [08/31/2008 09:58 AM | 10,721,56672 | -HS- | M] () - C:\hiberfil.sys [5 C:\WINDOWS\System32\*.tmp files] [08/06/2008 07:29 PM | 00,878,336 | ---- | M] () - C:\WINDOWS\System32\FNTCACHE.DAT [08/22/2008 07:01 AM | 00,002,577 | ---- | M] () - C:\WINDOWS\System32\CONFIG.NT [08/26/2008 03:47 PM | 00,354,560 | ---- | M] (TuneUp Software GmbH) - C:\WINDOWS\System32\TuneUpDefragService.exe [08/26/2008 10:36 PM | 00,053,640 | ---- | M] () - C:\WINDOWS\System32\perfc009.dat [08/26/2008 10:36 PM | 00,382,022 | ---- | M] () - C:\WINDOWS\System32\perfh009.dat [08/26/2008 10:36 PM | 00,441,142 | ---- | M] () - C:\WINDOWS\System32\PerfStringBackup.INI [08/31/2008 02:45 PM | 00,002,206 | ---- | M] () - C:\WINDOWS\System32\wpa.dbl [08/31/2008 02:45 PM | 00,039,472 | ---- | M] () - C:\WINDOWS\System32\nvapps.xml [1 C:\WINDOWS\*.tmp files] [08/10/2008 08:28 AM | 00,001,409 | ---- | M] () - C:\WINDOWS\QTFont.for [08/10/2008 08:28 AM | 00,054,156 | -H-- | M] () - C:\WINDOWS\QTFont.qfn [08/20/2008 11:46 AM | 00,000,069 | ---- | M] () - C:\WINDOWS\NeroDigital.ini [08/24/2008 07:42 PM | 00,000,658 | ---- | M] () - C:\WINDOWS\win.ini [08/25/2008 08:25 PM | 00,000,227 | ---- | M] () - C:\WINDOWS\system.ini [08/27/2008 01:05 PM | 00,001,374 | ---- | M] () - C:\WINDOWS\imsins.BAK [08/31/2008 09:58 AM | 00,002,048 | --S- | M] () - C:\WINDOWS\bootstat.dat [08/27/2008 01:38 PM | 00,000,284 | ---- | M] () - C:\WINDOWS\tasks\AppleSoftwareUpdate.job [08/31/2008 06:00 PM | 00,000,498 | ---- | M] () - C:\WINDOWS\tasks\1-Click Maintenance.job [08/31/2008 09:59 AM | 00,000,006 | -H-- | M] () - C:\WINDOWS\tasks\SA.DAT [08/25/2008 12:49 PM | 00,000,668 | ---- | M] () - C:\Documents and Settings\Paul Lehman\Application Data\vso_ts_preview.xml [08/27/2008 01:00 AM | 00,000,525 | ---- | M] () - C:\Documents and Settings\Paul Lehman\Application Data\alarms.ini [08/31/2008 02:45 PM | 00,000,745 | ---- | M] () - C:\Documents and Settings\Paul Lehman\Application Data\AtomicAlarmClock.ini [08/11/2008 08:41 PM | 00,285,712 | ---- | M] () - C:\Documents and Settings\Paul Lehman\Local Settings\Application Data\GDIPFONTCACHEV1.DAT [08/19/2008 08:23 AM | 00,011,264 | ---- | M] () - C:\Documents and Settings\Paul Lehman\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [08/27/2008 02:12 PM | 00,000,082 | -HS- | M] () - C:\Documents and Settings\Paul Lehman\My Documents\desktop.ini [08/11/2008 08:03 AM | 00,001,394 | ---- | M] () - C:\Documents and Settings\Paul Lehman\Desktop\Media Center.lnk [08/26/2008 03:46 PM | 00,000,613 | ---- | M] () - C:\Documents and Settings\Paul Lehman\Desktop\TuneUp 1-Click Maintenance.lnk [08/26/2008 03:46 PM | 00,000,833 | ---- | M] () - C:\Documents and Settings\Paul Lehman\Desktop\TuneUp Utilities 2008.lnk [08/27/2008 04:34 PM | 00,000,592 | ---- | M] () - C:\Documents and Settings\Paul Lehman\Desktop\ERUNT.lnk [08/27/2008 04:34 PM | 00,000,611 | ---- | M] () - C:\Documents and Settings\Paul Lehman\Desktop\NTREGOPT.lnk [08/27/2008 04:37 PM | 00,000,198 | ---- | M] () - C:\Documents and Settings\Paul Lehman\Desktop\fixit.reg [08/28/2008 09:15 AM | 00,001,778 | ---- | M] () - C:\Documents and Settings\Paul Lehman\Desktop\ImTranslator for IE.lnk [08/28/2008 09:15 AM | 00,234,062 | ---- | M] () - C:\Documents and Settings\Paul Lehman\Desktop\imtranslatorie3.exe < End of report > OTViewIt Extras logfile created on: 8/31/2008 5:59:54 PM - Run 1 OTViewIt by OldTimer - Version 1.0.1.7 Folder = C:\Documents and Settings\Paul Lehman\Desktop Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.17184) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1022.42 Mb Total Physical Memory | 467.08 Mb Available Physical Memory | 45.68% Memory free 2.40 Gb Paging File | 1.92 Gb Available in Paging File | 79.88% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 144.31 Gb Total Space | 120.02 Gb Free Space | 83.17% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 1 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 [04/13/2008 05:12 PM | 00,141,312 | ---- | M] (Microsoft Corporation) "C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL File not found "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL File not found "C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL File not found "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 [04/13/2008 11:53 AM | 00,558,080 | ---- | M] (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 [04/13/2008 05:12 PM | 00,141,312 | ---- | M] (Microsoft Corporation) "C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger [04/13/2008 05:12 PM | 01,695,232 | ---- | M] (Microsoft Corporation) "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 [04/13/2008 11:53 AM | 00,558,080 | ---- | M] (Microsoft Corporation) "C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire [06/18/2008 11:58 AM | 00,147,456 | ---- | M] (Lime Wire, LLC) "C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour [07/24/2007 03:17 PM | 00,229,376 | ---- | M] (Apple Inc.) "C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes [07/30/2008 10:47 AM | 20,252,968 | ---- | M] (Apple Inc.) "C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent [08/13/2008 09:27 PM | 00,267,056 | ---- | M] (BitTorrent, Inc.) "C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath [02/06/2008 07:37 PM | 21,898,024 | R--- | M] (Skype Technologies S.A.) ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .bat [@ = batfile] - "%1" %* .cmd [@ = cmdfile] - "%1" %* .com [@ = ComFile] - "%1" %* .exe [@ = exefile] - "%1" %* .html [@ = FirefoxHTML] - [07/02/2008 06:52 PM | 00,307,712 | ---- | M] (Mozilla Corporation) - C:\Program Files\Mozilla Firefox\firefox.exe .pif [@ = piffile] - "%1" %* .scr [@ = scrfile] - "%1" /S ========== Winsock2 Catalogs ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\] NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] - [07/24/2007 03:17 PM | 00,147,456 | ---- | M] (Apple Inc.) C:\Program Files\Bonjour\mdnsNSP.dll ========== HKEY_LOCAL_MACHINE Protocol Defaults ========== ========== HKEY_CURRENT_USER Protocol Defaults ========== ========== Protocol Handlers ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] ipp: [HKLM - No CLSID value] msdaipp: [HKLM - No CLSID value] skype4com:{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} [HKLM - IEProtocolHandler Class] [02/06/2008 07:37 PM | 01,934,672 | R--- | M] (Skype Technologies) C:\Program Files\Common Files\Skype\Skype4COM.dll ========== Protocol Filters ========== ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio RecordNow Data "{08CA9554-B5FE-4313-938F-D4A417B81175}" = QuickTime "{0DC86BEC-5CE3-413A-BB61-C40A3D186B24}" = Scan "{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE "{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Roxio DLA "{14BEB6DF-A499-4A38-8E06-E173BCD5C087}" = ScannerCopy "{17293791-C82E-476C-9997-9A0FF234A19B}" = HP Product Assistant "{181821B7-82AA-44DA-9DAF-EF254CCB670A}" = Fax "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{1AD5F465-8282-4DAD-B957-E09C0B783D18}" = InstantShare "{1B680FBA-E317-4E93-AF43-3B59798A4BE0}" = Copy "{20FBC0A0-3160-4F14-83ED-3A74BB6B8C31}" = TrayApp "{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Roxio MyDVD LE "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{272EC8BA-5A08-4ea1-A189-684466A06B02}" = cp_dwShrek2Albums1 "{2E8428AD-6CD2-4031-916A-3CF9BBF2DEC9}" = Unload "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7 "{32A3A4F4-B792-11D6-A78A-00B0D0160070}" = Java™ SE Development Kit 6 Update 7 "{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10 "{342C7C88-D335-4bc2-8CF1-281857629CE2}" = HP PSC & OfficeJet 4.7 "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{37477865-A3F1-4772-AD43-AAFC6BCFF99F}" = MSXML 4.0 SP2 (KB927978) "{3762DB2D-71BD-421F-9E55-C74DA7DF4D07}" = CueTour "{3846E811-639D-4DE1-844B-30491C0A6C0C}" = Dell Support 3.2 "{391E18CE-7D3B-45E9-A8F0-34E77F14F47A}" = ProductContext "{3DE0053C-FD9A-483E-B7C9-B06E4392206E}" = iTunes "{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant "{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting "{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}" = Dell CinePlayer "{442BE28B-782B-4DC0-B490-E70A403B1C69}" = Readme "{461073BF-9642-4A73-B58E-157358D412AB}" = 6200 "{4667B940-BB01-428B-986E-A0CC46497BF7}" = ELIcon "{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}" = Bonjour "{49C88E44-1B38-4FC6-824E-2BDA3063B0E3}" = Apple Mobile Device Support "{4B9F45E8-E3CE-40B4-9463-80A9B3481DEF}" = Banctec Service Agreement "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{5888428E-699C-4E71-BF71-94EE06B497DA}" = TuneUp Utilities 2008 "{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}" = Sonic Activation Module "{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.6 "{5E8D588F-307C-4250-B622-26969027319A}" = PanoStandAlone "{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon "{644D04A2-C682-4FD5-977D-03B804C4B9C5}" = CreativeProjects "{646A65DD-23FC-418E-B9F0-E0500FB42CB1}" = PhotoGallery "{64FC0C98-B035-4530-B15D-3D30610B6DF1}" = HP Software Update "{6518675B-CC8D-4AB3-A3F6-CC02FF6548D7}" = 6200_Help "{655CB07D-C944-40BE-B93F-55957CAC7625}" = AiO_Scan "{68963635-14A4-48D9-B431-DF3A74D1AAE1}" = Destinations "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}" = Digital Content Portal "{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer "{700A6597-3CE6-49C1-AA75-846B24CDA66D}" = BufferChm "{724517BD-1DE1-4986-BFCA-C1DFD379E3BC}" = cp_dwShrek2Cards1 "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore "{76C24F39-B161-498F-BD8B-C64789812D13}_is1" = ConvertXtoDVD 3.0.0.1 "{7A3F0566-5E05-4919-9C98-456F6B5CF831}" = Get High Speed Internet! "{7AD25C9F-9957-4D1C-95EF-9BCD09F6D31B}" = HPSystemDiagnostics "{7D974ACA-4EE5-412C-8E6A-A5B57B305727}" = ESET NOD32 Antivirus "{84CDF5A8-1D57-4B69-BAB6-1F11D8923375}" = SkinsHP1 "{85CFD253-38AE-4DB1-ACB7-F0F4C791990D}" = AiOSoftware "{85D3CC30-8859-481A-9654-FD9B74310BEF}" = Musicmatch® Jukebox "{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder "{8AC049F7-1383-45C3-9E7D-F93CA667F9E1}" = UMVPLStandalone "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player "{8BC3B99B-A6BE-4A0B-8535-B1B94BA4B1B1}" = DocProc "{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003 "{91CA0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Small Business Edition 2003 "{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders "{A5B9D22C-755A-4AC6-9904-875E80838BB6}" = CP_AtenaShokunin1Config "{A683A2C0-821C-486F-858C-FA634DB5E864}" = EducateU "{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio RecordNow Audio "{AC76BA86-7AD7-1033-7B44-A71000000002}" = Adobe Reader 7.1.0 "{ADD209A3-C05A-4988-B4CD-65B6B582F911}" = PrintMaster Gold 18 "{B0DF58A2-40DF-4465-AA56-38623EC9938C}" = Documentation & Support Launcher "{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio RecordNow Copy "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{B6884A07-0305-47AE-9969-8F26FADC17DE}" = Games, Music, & Photos Launcher "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player "{B911B811-BA3E-46D4-90F8-6F3338359651}" = Director "{BD3DCAB0-3FE5-44FB-90DA-EFB0A2CD1387}" = Works Synchronization "{BE282C23-5484-47FF-B2C1-EBEA5C891033}" = Nero 8 "{BEF726DD-4037-4214-8C6A-E625C02D2870}" = Logitech Audio Echo Cancellation Component "{C04E32E0-0416-434D-AFB9-6969D703A9EF}" = MSXML 4.0 SP2 (KB936181) "{C252EB7B-7AE0-46DE-9BEE-DF681B885F13}" = Modem Diagnostic Tool "{C3F81504-72F3-4262-9449-487404DA75BB}" = 6200Trb "{C9D96682-5A4D-45FA-BA3E-DDCB2B0CB868}" = Safari "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CD49361E-3FE6-457E-90A1-9C59E29B5D02}" = Java DB 10.3.1.4 "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition "{CDFCF124-115F-4976-8BF4-08C89187A146}" = WebReg "{CE0C8CC5-E396-442B-A50E-D1D374A9E820}" = DocumentViewer "{D2988E9B-C73F-422C-AD4B-A66EBE257120}" = MCU "{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware "{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect "{EA516024-D84D-41F1-814F-83175A6188F2}" = Logitech Video Enumerator "{EC42ED6A-751D-45C0-A4F9-8CD00E4690FC}" = Logitech QuickCam "{FAF7F1D7-C0E7-47EA-8AAA-84E4F9EA3C94}" = Works Suite OS Pack "{FB64BF25-3593-4E4E-AA85-84AEF1D1475F}" = Broadcom Management Programs "{FC22D020-3005-4715-8DF9-F3EDE81DEB3D}" = CreativeProjectsTemplates "12133444-BF36-4d4e-B7FB-A3424C645DE4" = GemMaster Mystic "AC3Filter" = AC3Filter (remove only) "Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player Plugin "Atomic Alarm Clock_is1" = Atomic Alarm Clock 5.61 "ATT-AACE" = ATT-AACE "B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto "CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem "Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver "Dell Game Console" = Dell Game Console "EmeraldQFE2" = Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information] "ERUNT_is1" = ERUNT 1.1j "Eset NOD32 v3.0.642 FiX1.2 by TemDono_is1" = NOD32 v3.0.642 FiX1.2 by TemDono (31 days remaining forever up "getPlus®_ocx" = getPlus®_ocx "GSpot" = GSpot Codec Information Appliance "HijackThis" = HijackThis 2.0.2 "HP Photo & Imaging" = HP Image Zone 4.7 "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs "ie7" = Windows Internet Explorer 7 "ie8" = Windows Internet Explorer 8 Beta 1 "ImTranslator for IE" = ImTranslator for IE "KB835221WXP" = High Definition Audio Driver Package - KB835221 "KB900325" = Update Rollup 2 for Windows XP Media Center Edition 2005 "KB903157" = Hotfix for Windows Media Player 10 (KB903157) "KB908246" = Windows XP Media Center Edition 2005 KB908246 "KB910393" = Update for Windows Media Player 10 (KB910393) "KB911564" = Security Update for Windows Media Player (KB911564) "KB913800" = Update for Windows Media Player 10 (KB913800) "KB917734_WMP10" = Security Update for Windows Media Player 10 (KB917734) "KB925766" = Windows XP Media Center Edition 2005 KB925766 "KB926251" = Update for Windows Media Player 10 (KB926251) "KB928090-IE7" = Security Update for Windows Internet Explorer 7 (KB928090) "KB929399" = Hotfix for Windows Media Format 11 SDK (KB929399) "KB929969" = Security Update for Windows Internet Explorer 7 (KB929969) "KB931768-IE7" = Security Update for Windows Internet Explorer 7 (KB931768) "KB933566-IE7" = Security Update for Windows Internet Explorer 7 (KB933566) "KB936782_WMP10" = Security Update for Windows Media Player 10 (KB936782) "KB936782_WMP11" = Security Update for Windows Media Player 11 (KB936782) "KB937143-IE7" = Security Update for Windows Internet Explorer 7 (KB937143) "KB938127-IE7" = Security Update for Windows Internet Explorer 7 (KB938127) "KB939653-IE7" = Security Update for Windows Internet Explorer 7 (KB939653) "KB939683" = Hotfix for Windows Media Player 11 (KB939683) "KB941569" = Security Update for Windows XP (KB941569) "KB942615-IE7" = Security Update for Windows Internet Explorer 7 (KB942615) "KB944533-IE7" = Security Update for Windows Internet Explorer 7 (KB944533) "KB946648" = Security Update for Windows XP (KB946648) "KB947864-IE7" = Hotfix for Windows Internet Explorer 7 (KB947864) "KB950759-IE7" = Security Update for Windows Internet Explorer 7 (KB950759) "KB950760" = Security Update for Windows XP (KB950760) "KB950762" = Security Update for Windows XP (KB950762) "KB950974" = Security Update for Windows XP (KB950974) "KB951066" = Security Update for Windows XP (KB951066) "KB951072-v2" = Update for Windows XP (KB951072-v2) "KB951376" = Security Update for Windows XP (KB951376) "KB951376-v2" = Security Update for Windows XP (KB951376-v2) "KB951698" = Security Update for Windows XP (KB951698) "KB951748" = Security Update for Windows XP (KB951748) "KB951978" = Update for Windows XP (KB951978) "KB952287" = Hotfix for Windows XP (KB952287) "KB952954" = Security Update for Windows XP (KB952954) "KB953838-IE7" = Security Update for Windows Internet Explorer 7 (KB953838) "KB953838-IE8" = Security Update for Windows Internet Explorer 8 (KB953838) "KB953839" = Security Update for Windows XP (KB953839) "LimeWire" = LimeWire PRO 4.18.3 "LiveUpdate1.7" = LiveUpdate 1.7 (Symantec Corporation) "M928366" = Microsoft .NET Framework 1.1 Hotfix (KB928366) "Magic ISO Maker v5.4 (build 0239)" = Magic ISO Maker v5.4 (build 0239) "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Mozilla Firefox (3.0.1)" = Mozilla Firefox (3.0.1) "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs "NVIDIA Drivers" = NVIDIA Drivers "QcDrv" = Logitech® Camera Driver "RealPlayer 6.0" = RealPlayer Basic "StreetPlugin" = Learn2 Player (Uninstall Only) "ViewpointMediaPlayer" = Viewpoint Media Player "WebPost" = Microsoft Web Publishing Wizard 1.52 "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "Windows XP Service Pack" = Windows XP Service Pack 3 "WinRAR archiver" = WinRAR archiver "WinZip" = WinZip "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 "YInstHelper" = Yahoo! Install Manager ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "uTorrent" = µTorrent ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 8/13/2008 8:20:03 PM - Computer Name = D13JKZB1 - User Name = User SID not found - Source = Application Error Description = Faulting application firefox.exe, version 1.8.20080.4669, faulting module xpcom_core.dll, version 1.8.20080.4669, fault address 0x00001797. Error - 8/14/2008 3:57:25 AM - Computer Name = D13JKZB1 - User Name = User SID not found - Source = Application Error Description = Faulting application firefox.exe, version 1.8.20080.4669, faulting module ntdll.dll, version 5.1.2600.5512, fault address 0x000109f9. Error - 8/14/2008 8:32:58 AM - Computer Name = D13JKZB1 - User Name = User SID not found - Source = Application Error Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting module unknown, version 0.0.0.0, fault address 0x423114a2. Error - 8/15/2008 4:54:54 PM - Computer Name = D13JKZB1 - User Name = User SID not found - Source = Application Hang Description = Hanging application firefox.exe, version 1.8.20080.4669, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 8/24/2008 5:02:40 PM - Computer Name = D13JKZB1 - User Name = User SID not found - Source = Application Hang Description = Hanging application iexplore.exe, version 7.0.6000.16705, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 8/24/2008 5:02:47 PM - Computer Name = D13JKZB1 - User Name = User SID not found - Source = Application Hang Description = Hanging application iexplore.exe, version 7.0.6000.16705, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 8/24/2008 5:02:50 PM - Computer Name = D13JKZB1 - User Name = User SID not found - Source = Application Hang Description = Fault bucket 854786114. Error - 8/24/2008 5:02:51 PM - Computer Name = D13JKZB1 - User Name = User SID not found - Source = Application Hang Description = Fault bucket 854786114. Error - 8/24/2008 5:04:31 PM - Computer Name = D13JKZB1 - User Name = User SID not found - Source = Application Hang Description = Hanging application iexplore.exe, version 7.0.6000.16705, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 8/24/2008 5:04:36 PM - Computer Name = D13JKZB1 - User Name = User SID not found - Source = Application Hang Description = Fault bucket 854786114. [ Internet Explorer Events ] [ Media Center Events ] [ Security Events ] [ System Events ] Error - 8/27/2008 9:11:58 PM - Computer Name = D13JKZB1 - User Name = User SID not found - Source = Service Control Manager Description = The NAVAPEL service failed to start due to the following error: %%3 Error - 8/27/2008 9:11:59 PM - Computer Name = D13JKZB1 - User Name = User SID not found - Source = Service Control Manager Description = The following boot-start or system-start driver(s) failed to load: nvatabus nvraid Error - 8/31/2008 4:42:04 AM - Computer Name = D13JKZB1 - User Name = User SID not found - Source = Service Control Manager Description = The NAVAPEL service failed to start due to the following error: %%3 Error - 8/31/2008 4:42:05 AM - Computer Name = D13JKZB1 - User Name = User SID not found - Source = Service Control Manager Description = The following boot-start or system-start driver(s) failed to load: nvatabus nvraid Error - 8/31/2008 4:42:33 AM - Computer Name = D13JKZB1 - User Name = User SID not found - Source = W32Time Description = Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751) Error - 8/31/2008 4:42:33 AM - Computer Name = D13JKZB1 - User Name = User SID not found - Source = W32Time Description = The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 14 minutes. NtpClient has no source of accurate time. Error - 8/31/2008 4:43:00 AM - Computer Name = D13JKZB1 - User Name = User SID not found - Source = W32Time Description = Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751) Error - 8/31/2008 4:43:00 AM - Computer Name = D13JKZB1 - User Name = User SID not found - Source = W32Time Description = The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 14 minutes. NtpClient has no source of accurate time. Error - 8/31/2008 4:59:03 PM - Computer Name = D13JKZB1 - User Name = User SID not found - Source = Service Control Manager Description = The NAVAPEL service failed to start due to the following error: %%3 Error - 8/31/2008 4:59:04 PM - Computer Name = D13JKZB1 - User Name = User SID not found - Source = Service Control Manager Description = The following boot-start or system-start driver(s) failed to load: nvatabus nvraid < End of report > |
|
|
|
|
Sep 1 2008, 09:15 AM
Post
#27
|
|
|
Trusted Helper Posts: 4,971 From: London, UK OS: XP |
ok, lets see if this works:
1. Download IEFix, unzip it to your Desktop, and run it. 2. Click the Apply button. 3. You'll be prompted for the Operating System CD or the Service Pack Files location:
let me know how this goes. |
|
|
|
|
Sep 1 2008, 11:49 PM
Post
#28
|
|
|
Member Posts: 18 OS: XP Media |
Hi Andrew,
I ran IEFix and I am now writing this reply using IE not Firefox. So it seems to have worked. Thanks you for all the help and patience throught as well. Take care, Paul |
|
|
|
|
Sep 2 2008, 02:53 AM
Post
#29
|
|
|
Trusted Helper Posts: 4,971 From: London, UK OS: XP |
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.
If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread. Everyone else please begin a New Topic. |
|
|
|
 |
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:
Similar Topics
| Topic Title | Replies / Views | Topic Information | |||||
|---|---|---|---|---|---|---|---|
 |
 |
9 / 2,044 | 8th February 2008 - 10:10 AM iksuinje started - last by Essexboy |
||||
 |
32 / 2,728 | 25th February 2008 - 02:53 AM DDD223 started - last by kahdah |
|||||
|
 |
9 / 380 | 12th September 2008 - 11:38 AM wfc1117 started - last by IndiGenus |
||||
|
18 / 2,414 | 7th October 2008 - 12:39 AM ts32780 started - last by andrewuk |
|||||
|
Time is now: 11th March 2010 - 06:48 PM |
Advertisements do not imply our endorsement of that product or service. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks mentioned on this page are the property of their respective owners.
© Geeks to Go, Inc. | All Rights Reserved | Privacy Policy | Advertising