[whitmangurl]

ComboFix Log


ComboFix 08-03-07.4 - Dave Whitman 2008-03-07 21:59:44.6 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.347 [GMT -5:00]
Running from: C:\Documents and Settings\Dave Whitman\Local Settings\Temporary Internet Files\Content.IE5\6G80A23V\ComboFix[1].exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Dave Whitman\Desktop\Error Cleaner.url
C:\Documents and Settings\Dave Whitman\Favorites\Error Cleaner.url
C:\Documents and Settings\Dave Whitman\Favorites\Privacy Protector.url
C:\Documents and Settings\Dave Whitman\Favorites\Spyware&Malware Protection.url
C:\Program Files\Helper
C:\WINDOWS\enlfxgw.dll
C:\WINDOWS\privacy_danger
C:\WINDOWS\privacy_danger\images\capt.gif
C:\WINDOWS\privacy_danger\images\danger.jpg
C:\WINDOWS\privacy_danger\images\down.gif
C:\WINDOWS\privacy_danger\images\spacer.gif
C:\WINDOWS\privacy_danger\index.htm
C:\WINDOWS\system32\mcrh.tmp

.
((((((((((((((((((((((((( Files Created from 2008-02-08 to 2008-03-08 )))))))))))))))))))))))))))))))
.

2008-03-07 15:15 . 2008-03-07 15:15 16,532 -r-hs---- C:\Program Files\tmp79062.exe
2008-03-07 15:15 . 2008-03-07 15:15 16,532 -r-hs---- C:\Program Files\tmp72468.exe
2008-03-07 15:11 . 2008-03-07 15:11 16,532 -r-hs---- C:\Program Files\tmp99656.exe
2008-03-07 15:11 . 2008-03-07 15:11 16,532 -r-hs---- C:\Program Files\tmp93296.exe
2008-03-07 14:49 . 2008-03-07 14:49 36,088 --a------ C:\Program Files\instaler.exe
2008-03-07 14:49 . 2008-03-07 14:49 21,656 --a------ C:\Program Files\antiviirus.exe
2008-03-07 14:49 . 2008-03-07 14:49 16,532 -r-hs---- C:\Program Files\tmp14210093.exe
2008-03-07 14:49 . 2008-03-07 14:49 16,532 -r-hs---- C:\Program Files\tmp14204968.exe
2008-03-07 14:48 . 2008-03-07 10:35 270,336 --a------ C:\WINDOWS\apdqnxp.dll
2008-03-07 14:48 . 2008-03-07 10:35 217,088 --a------ C:\WINDOWS\btrklfr.dll
2008-03-07 14:48 . 2008-03-07 10:35 81,920 --a------ C:\WINDOWS\fqspogw.exe
2008-03-04 09:03 . 2008-03-04 09:03 <DIR> d-------- C:\Documents and Settings\Dave Whitman\Application Data\Flickr
2008-03-04 08:59 . 2008-03-04 15:08 <DIR> d-------- C:\Program Files\Flickr Uploadr
2008-02-27 11:49 . 2008-02-27 11:49 <DIR> d-------- C:\Program Files\iTunes
2008-02-27 11:49 . 2008-02-27 11:49 <DIR> d-------- C:\Program Files\iPod
2008-02-27 11:48 . 2008-02-27 11:48 <DIR> d-------- C:\Program Files\Common Files\Apple
2008-02-25 08:01 . 2008-03-07 21:51 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-02-25 08:01 . 2008-02-27 11:50 1,409 --a------ C:\WINDOWS\QTFont.for
2008-02-18 10:47 . 2008-02-18 10:47 <DIR> d-------- C:\Program Files\NetProject
2008-02-12 20:03 . 2008-03-05 17:56 <DIR> d-------- C:\Program Files\UFile 2007
2008-02-12 20:03 . 2008-02-12 20:03 <DIR> d-------- C:\MSSoap
2008-02-09 13:53 . 2008-02-09 13:53 <DIR> d-------- C:\Program Files\Apple Software Update
2008-02-09 13:53 . 2008-02-09 13:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-02-09 13:51 . 2008-02-09 13:54 <DIR> d-------- C:\Program Files\QuickTime

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-08 02:57 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-03-07 23:00 --------- d-----w C:\Program Files\Norton Security Scan
2008-03-06 03:50 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-03-05 03:55 --------- d-----w C:\Program Files\Java
2008-02-23 18:44 --------- d-----w C:\Program Files\Avery Wizard 3.1
2008-02-19 16:23 --------- d-----w C:\Documents and Settings\Dave Whitman\Application Data\LimeWire
2008-02-15 14:31 --------- d-----w C:\Documents and Settings\Dave Whitman\Application Data\U3
2008-02-14 22:28 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-13 23:07 --------- d-----w C:\Program Files\Common Files\Pure Networks Shared
2008-02-13 17:40 --------- d-----w C:\Program Files\LimeWire
2008-02-09 18:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-02-01 12:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-01-28 19:38 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-28 19:36 --------- d-----w C:\Program Files\Common Files\Avery
2008-01-22 16:37 --------- d-----w C:\Program Files\Rogers
2008-01-22 01:43 --------- d-----w C:\Program Files\Symantec
2008-01-21 23:20 805 -c--a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-01-21 23:20 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
2008-01-21 23:20 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-01-21 23:20 10,740 -c--a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-01-21 22:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-01-15 14:54 10,537 -c--a-w C:\WINDOWS\system32\drivers\COH_Mon.cat
2008-01-15 10:28 706 -c--a-w C:\WINDOWS\system32\drivers\COH_Mon.inf
2008-01-12 23:32 23,904 -c--a-w C:\WINDOWS\system32\drivers\COH_Mon.sys
2007-11-18 14:58 301 -c--a-w C:\Documents and Settings\Dave Whitman\x.dat
2007-11-18 14:58 1,826 -c--a-w C:\Documents and Settings\Dave Whitman\z.dat
2007-11-02 20:19 49,160 -c--a-w C:\Documents and Settings\Dave Whitman\Application Data\GDIPFONTCACHEV1.DAT
2007-10-30 13:18 28,677 -c--a-w C:\Documents and Settings\Dave Whitman\update.exe
2007-04-09 15:03 774,144 -c--a-w C:\Program Files\RngInterstitial.dll
2007-03-22 15:49 384 -c--a-w C:\Documents and Settings\Dave Whitman\Application Data\internaldb5724.dat
2007-03-22 14:51 194 -c--a-w C:\Documents and Settings\Dave Whitman\Application Data\internaldb9169.dat
2007-03-22 14:51 18,432 -c--a-w C:\Documents and Settings\Dave Whitman\Application Data\internaldb6500.dat
2007-03-05 01:04 384 -c--a-w C:\Documents and Settings\Dave Whitman\Application Data\internaldb6334.dat
2007-03-05 00:54 194 -c--a-w C:\Documents and Settings\Dave Whitman\Application Data\internaldb8467.dat
2007-03-05 00:54 18,432 -c--a-w C:\Documents and Settings\Dave Whitman\Application Data\internaldb41.dat
2007-01-29 15:00 6,323,851 -c--a-w C:\Program Files\wordweb.exe
2005-09-24 05:49 12,288 -c--a-w C:\WINDOWS\Fonts\RandFont.dll
2004-10-01 20:00 40,960 -c--a-w C:\Program Files\Uninstall_CDS.exe
.

((((((((((((((((((((((((((((( snapshot_2007-12-04_18.30.07.28 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-10-29 22:35:13 1,287,680 -c--a-w C:\WINDOWS\$hf_mig$\KB941568\SP2QFE\quartz.dll
+ 2007-03-06 01:22:36 14,048 -c--a-w C:\WINDOWS\$hf_mig$\KB941568\spmsg.dll
+ 2007-03-06 01:22:41 213,216 -c--a-w C:\WINDOWS\$hf_mig$\KB941568\spuninst.exe
+ 2007-03-06 01:22:34 22,752 -c--a-w C:\WINDOWS\$hf_mig$\KB941568\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 -c--a-w C:\WINDOWS\$hf_mig$\KB941568\update\update.exe
+ 2007-03-06 01:23:51 371,424 -c--a-w C:\WINDOWS\$hf_mig$\KB941568\update\updspapi.dll
+ 2007-10-30 16:53:32 360,832 -c--a-w C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
+ 2007-03-06 01:22:36 14,048 -c--a-w C:\WINDOWS\$hf_mig$\KB941644\spmsg.dll
+ 2007-03-06 01:22:41 213,216 -c--a-w C:\WINDOWS\$hf_mig$\KB941644\spuninst.exe
+ 2007-03-06 01:22:34 22,752 -c--a-w C:\WINDOWS\$hf_mig$\KB941644\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 -c--a-w C:\WINDOWS\$hf_mig$\KB941644\update\update.exe
+ 2007-03-06 01:23:51 371,424 -c--a-w C:\WINDOWS\$hf_mig$\KB941644\update\updspapi.dll
+ 2007-10-11 05:57:29 1,024,000 -c--a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\browseui.dll
+ 2007-10-11 05:57:29 151,040 -c--a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\cdfview.dll
+ 2007-10-11 05:57:30 1,054,208 -c--a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\danim.dll
+ 2007-10-11 05:57:30 357,888 -c--a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\dxtmsft.dll
+ 2007-10-11 05:57:30 205,824 -c--a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\dxtrans.dll
+ 2007-10-11 05:57:30 55,808 -c--a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\extmgr.dll
+ 2007-10-10 10:48:23 18,432 -c--a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\iedw.exe
+ 2007-10-11 05:57:31 251,904 -c--a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\iepeers.dll
+ 2007-10-11 05:57:31 96,256 -c--a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\inseng.dll
+ 2007-10-11 05:57:31 16,384 -c--a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\jsproxy.dll
+ 2007-10-30 09:55:21 3,065,856 -c--a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\mshtml.dll
+ 2007-10-11 05:57:36 449,024 -c--a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\mshtmled.dll
+ 2007-10-11 05:57:36 146,432 -c--a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\msrating.dll
+ 2007-10-11 05:57:37 532,480 -c--a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\mstime.dll
+ 2007-10-11 05:57:37 39,424 -c--a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\pngfilt.dll
+ 2007-10-11 05:57:39 1,498,112 -c--a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\shdocvw.dll
+ 2007-10-11 05:57:40 474,112 -c--a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\shlwapi.dll
+ 2007-10-11 05:57:40 617,984 -c--a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\urlmon.dll
+ 2007-10-11 05:57:41 666,112 -c--a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\wininet.dll
+ 2007-10-10 10:34:35 350,720 -c--a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\xpsp3res.dll
+ 2007-03-06 01:22:36 14,048 -c--a-w C:\WINDOWS\$hf_mig$\KB942615\spmsg.dll
+ 2007-03-06 01:22:41 213,216 -c--a-w C:\WINDOWS\$hf_mig$\KB942615\spuninst.exe
+ 2007-03-06 01:22:34 22,752 -c--a-w C:\WINDOWS\$hf_mig$\KB942615\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 -c--a-w C:\WINDOWS\$hf_mig$\KB942615\update\update.exe
+ 2007-03-06 01:23:51 371,424 -c--a-w C:\WINDOWS\$hf_mig$\KB942615\update\updspapi.dll
+ 2007-11-13 11:02:46 60,416 -c--a-w C:\WINDOWS\$hf_mig$\KB942763\SP2QFE\tzchange.exe
+ 2007-03-06 01:22:36 14,048 -c--a-w C:\WINDOWS\$hf_mig$\KB942763\spmsg.dll
+ 2007-03-06 01:22:41 213,216 -c--a-w C:\WINDOWS\$hf_mig$\KB942763\spuninst.exe
+ 2007-03-06 01:22:34 22,752 -c--a-w C:\WINDOWS\$hf_mig$\KB942763\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 -c--a-w C:\WINDOWS\$hf_mig$\KB942763\update\update.exe
+ 2007-03-06 01:23:51 371,424 -c--a-w C:\WINDOWS\$hf_mig$\KB942763\update\updspapi.dll
+ 2007-11-14 07:18:03 450,560 -c--a-w C:\WINDOWS\$hf_mig$\KB942840\SP2QFE\jscript.dll
+ 2007-03-06 01:22:36 14,048 -c--a-w C:\WINDOWS\$hf_mig$\KB942840\spmsg.dll
+ 2007-03-06 01:22:41 213,216 -c--a-w C:\WINDOWS\$hf_mig$\KB942840\spuninst.exe
+ 2007-03-06 01:22:34 22,752 -c--a-w C:\WINDOWS\$hf_mig$\KB942840\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 -c--a-w C:\WINDOWS\$hf_mig$\KB942840\update\update.exe
+ 2007-03-06 01:23:51 371,424 -c--a-w C:\WINDOWS\$hf_mig$\KB942840\update\updspapi.dll
+ 2007-11-07 09:50:47 727,040 -c--a-w C:\WINDOWS\$hf_mig$\KB943485\SP2QFE\lsasrv.dll
+ 2007-03-06 01:22:36 14,048 -c--a-w C:\WINDOWS\$hf_mig$\KB943485\spmsg.dll
+ 2007-03-06 01:22:41 213,216 -c--a-w C:\WINDOWS\$hf_mig$\KB943485\spuninst.exe
+ 2007-03-06 01:22:34 22,752 -c--a-w C:\WINDOWS\$hf_mig$\KB943485\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 -c--a-w C:\WINDOWS\$hf_mig$\KB943485\update\update.exe
+ 2007-03-06 01:23:51 371,424 -c--a-w C:\WINDOWS\$hf_mig$\KB943485\update\updspapi.dll
+ 2007-11-13 08:47:45 20,480 -c--a-w C:\WINDOWS\$hf_mig$\KB944653\SP2QFE\secdrv.sys
+ 2007-03-06 01:22:36 14,048 -c--a-w C:\WINDOWS\$hf_mig$\KB944653\spmsg.dll
+ 2007-03-06 01:22:41 213,216 -c--a-w C:\WINDOWS\$hf_mig$\KB944653\spuninst.exe
+ 2007-03-06 01:22:34 22,752 -c--a-w C:\WINDOWS\$hf_mig$\KB944653\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 -c--a-w C:\WINDOWS\$hf_mig$\KB944653\update\update.exe
+ 2007-03-06 01:23:51 371,424 -c--a-w C:\WINDOWS\$hf_mig$\KB944653\update\updspapi.dll
+ 2007-03-06 01:22:33 14,048 -c--a-w C:\WINDOWS\$hf_mig$\KB946627\spmsg.dll
+ 2007-03-06 01:22:39 213,216 -c--a-w C:\WINDOWS\$hf_mig$\KB946627\spuninst.exe
+ 2007-03-06 01:22:31 22,752 -c--a-w C:\WINDOWS\$hf_mig$\KB946627\update\spcustom.dll
+ 2007-03-06 01:22:56 716,000 -c--a-w C:\WINDOWS\$hf_mig$\KB946627\update\update.exe
+ 2007-03-06 01:23:47 371,424 -c--a-w C:\WINDOWS\$hf_mig$\KB946627\update\updspapi.dll
+ 2001-08-18 12:00:00 184,320 -c----w C:\WINDOWS\$NtServicePackUninstall$\msh261.drv
+ 2001-08-18 12:00:00 286,720 -c----w C:\WINDOWS\$NtServicePackUninstall$\msh263.drv
+ 2001-08-18 03:37:04 22,016 -c----w C:\WINDOWS\$NtServicePackUninstall$\wdmaud.drv
+ 2001-08-18 12:00:00 131,584 -c----w C:\WINDOWS\$NtServicePackUninstall$\winspool.drv
+ 2005-08-30 03:54:26 1,287,168 -c----w C:\WINDOWS\$NtUninstallKB941568$\quartz.dll
+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\$NtUninstallKB941568$\spuninst\updspapi.dll
+ 2007-10-27 21:39:36 213,216 -c----w C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe
+ 2007-10-27 21:39:46 371,424 -c----w C:\WINDOWS\$NtUninstallKB941569$\spuninst\updspapi.dll
+ 2006-10-19 01:47:18 222,208 -c----w C:\WINDOWS\$NtUninstallKB941569$\wmasf.dll
+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\$NtUninstallKB941644$\spuninst\updspapi.dll
+ 2006-04-20 11:51:50 359,808 -c----w C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
+ 2007-08-22 13:12:15 1,022,976 -c----w C:\WINDOWS\$NtUninstallKB942615$\browseui.dll
+ 2007-08-22 13:12:15 151,040 -c----w C:\WINDOWS\$NtUninstallKB942615$\cdfview.dll
+ 2007-08-22 13:12:16 1,054,208 -c----w C:\WINDOWS\$NtUninstallKB942615$\danim.dll
+ 2007-08-22 13:12:16 357,888 -c----w C:\WINDOWS\$NtUninstallKB942615$\dxtmsft.dll
+ 2007-08-22 13:12:16 205,312 -c----w C:\WINDOWS\$NtUninstallKB942615$\dxtrans.dll
+ 2007-08-22 13:12:16 55,808 -c----w C:\WINDOWS\$NtUninstallKB942615$\extmgr.dll
+ 2007-08-21 10:30:45 18,432 -c----w C:\WINDOWS\$NtUninstallKB942615$\iedw.exe
+ 2007-08-22 13:12:16 251,392 -c----w C:\WINDOWS\$NtUninstallKB942615$\iepeers.dll
+ 2007-08-22 13:12:16 96,256 -c----w C:\WINDOWS\$NtUninstallKB942615$\inseng.dll
+ 2007-08-22 13:12:16 16,384 -c----w C:\WINDOWS\$NtUninstallKB942615$\jsproxy.dll
+ 2007-08-22 13:12:17 3,058,176 -c----w C:\WINDOWS\$NtUninstallKB942615$\mshtml.dll
+ 2007-08-22 13:12:17 449,024 -c----w C:\WINDOWS\$NtUninstallKB942615$\mshtmled.dll
+ 2007-08-22 13:12:17 146,432 -c----w C:\WINDOWS\$NtUninstallKB942615$\msrating.dll
+ 2007-08-22 13:12:17 532,480 -c----w C:\WINDOWS\$NtUninstallKB942615$\mstime.dll
+ 2007-08-22 13:12:17 39,424 -c----w C:\WINDOWS\$NtUninstallKB942615$\pngfilt.dll
+ 2007-08-22 13:12:18 1,494,528 -c----w C:\WINDOWS\$NtUninstallKB942615$\shdocvw.dll
+ 2007-08-22 13:12:18 474,112 -c----w C:\WINDOWS\$NtUninstallKB942615$\shlwapi.dll
+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\$NtUninstallKB942615$\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\$NtUninstallKB942615$\spuninst\updspapi.dll
+ 2007-08-22 13:12:18 615,424 -c----w C:\WINDOWS\$NtUninstallKB942615$\urlmon.dll
+ 2007-08-22 13:12:18 658,944 -c----w C:\WINDOWS\$NtUninstallKB942615$\wininet.dll
+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\$NtUninstallKB942763$\spuninst\updspapi.dll
+ 2007-07-18 12:42:22 60,416 -c----w C:\WINDOWS\$NtUninstallKB942763$\tzchange.exe
+ 2006-05-18 05:24:25 450,560 -c----w C:\WINDOWS\$NtUninstallKB942840$\jscript.dll
+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\$NtUninstallKB942840$\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\$NtUninstallKB942840$\spuninst\updspapi.dll
+ 2006-08-17 12:28:27 721,920 -c----w C:\WINDOWS\$NtUninstallKB943485$\lsasrv.dll
+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\$NtUninstallKB943485$\spuninst\updspapi.dll
+ 2001-08-18 12:00:00 27,440 -c----w C:\WINDOWS\$NtUninstallKB944653$\secdrv.sys
+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\$NtUninstallKB944653$\spuninst\updspapi.dll
+ 2007-03-06 01:22:39 213,216 -c----w C:\WINDOWS\$NtUninstallKB946627$\spuninst\spuninst.exe
+ 2007-03-06 01:23:47 371,424 -c----w C:\WINDOWS\$NtUninstallKB946627$\spuninst\updspapi.dll
- 2007-07-11 13:26:21 68,608 -c--a-w C:\WINDOWS\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2008-01-26 21:29:32 69,120 -c--a-w C:\WINDOWS\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2007-07-11 13:26:34 72,192 -c--a-w C:\WINDOWS\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2008-01-26 21:29:39 72,192 -c--a-w C:\WINDOWS\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2007-07-11 13:26:34 4,308,992 -c--a-w C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2008-01-26 21:29:12 4,444,160 -c--a-w C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
- 2007-07-11 13:26:38 482,304 -c--a-w C:\WINDOWS\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2008-01-26 21:29:42 483,840 -c--a-w C:\WINDOWS\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
- 2007-07-11 13:26:31 2,902,016 -c--a-w C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2008-01-26 21:29:22 3,036,160 -c--a-w C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
- 2007-07-11 13:26:15 258,048 -c--a-w C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2008-01-26 21:29:45 258,048 -c--a-w C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2007-07-11 13:26:15 114,176 -c--a-w C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2008-01-26 21:29:45 113,664 -c--a-w C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2007-07-11 13:26:44 260,096 -c--a-w C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2008-01-26 21:29:40 261,120 -c--a-w C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2007-07-11 13:26:23 5,156,864 -c--a-w C:\WINDOWS\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2008-01-26 21:29:19 5,431,296 -c--a-w C:\WINDOWS\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2007-07-11 13:26:19 10,752 -c--a-w C:\WINDOWS\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2008-01-26 21:29:28 10,752 -c--a-w C:\WINDOWS\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2007-07-11 13:26:14 507,904 -c--a-w C:\WINDOWS\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2008-01-26 21:29:20 507,904 -c--a-w C:\WINDOWS\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
- 2007-07-11 13:26:16 13,312 -c--a-w C:\WINDOWS\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2008-01-26 21:29:31 13,312 -c--a-w C:\WINDOWS\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2007-07-11 13:26:32 8,192 -c--a-w C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2008-01-26 21:29:35 8,192 -c--a-w C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2007-07-11 13:26:33 36,864 -c--a-w C:\WINDOWS\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2008-01-26 21:29:36 77,824 -c--a-w C:\WINDOWS\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2007-07-11 13:26:33 5,632 -c--a-w C:\WINDOWS\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2008-01-26 21:29:37 6,656 -c--a-w C:\WINDOWS\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
- 2007-07-11 13:26:17 413,696 -c--a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2008-01-26 21:29:46 348,160 -c--a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2007-07-11 13:26:17 36,864 -c--a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2008-01-26 21:29:47 36,864 -c--a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2007-07-11 13:26:18 647,168 -c--a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2008-01-26 21:29:48 655,360 -c--a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2007-07-11 13:26:18 73,728 -c--a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2008-01-26 21:29:48 77,824 -c--a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2007-07-11 13:26:17 749,568 -c--a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2008-01-26 21:29:37 749,568 -c--a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2007-07-11 13:26:46 110,592 -c--a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2008-01-26 21:29:35 110,592 -c--a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2007-07-11 13:26:46 372,736 -c--a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2008-01-26 21:29:34 372,736 -c--a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2007-07-11 13:26:12 28,672 -c--a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2008-01-26 21:29:42 28,672 -c--a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2007-07-11 13:26:46 667,648 -c--a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2008-01-26 21:29:34 671,744 -c--a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2007-07-11 13:26:47 5,632 -c--a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2008-01-26 21:29:15 5,632 -c--a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2007-07-11 13:26:14 12,800 -c--a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2008-01-26 21:29:44 12,800 -c--a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2007-07-11 13:26:13 32,768 -c--a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2008-01-26 21:29:33 32,768 -c--a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2007-07-11 13:26:13 7,168 -c--a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2008-01-26 21:29:33 7,168 -c--a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2007-07-11 13:26:41 110,592 -c--a-w C:\WINDOWS\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2008-01-26 21:29:38 110,592 -c--a-w C:\WINDOWS\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2007-07-11 13:26:21 81,920 -c--a-w C:\WINDOWS\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2008-01-26 21:29:38 81,920 -c--a-w C:\WINDOWS\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2007-07-11 13:26:42 413,696 -c--a-w C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2008-01-26 21:29:21 425,984 -c--a-w C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2007-07-11 13:26:39 716,800 -c--a-w C:\WINDOWS\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2008-01-26 21:29:23 741,376 -c--a-w C:\WINDOWS\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2007-07-11 13:26:16 888,832 -c--a-w C:\WINDOWS\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2008-01-26 21:29:24 933,888 -c--a-w C:\WINDOWS\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2007-07-11 13:26:31 5,001,216 -c--a-w C:\WINDOWS\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2008-01-26 21:29:50 5,070,848 -c--a-w C:\WINDOWS\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
- 2007-07-11 13:26:22 188,416 -c--a-w C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2008-01-26 21:29:47 188,416 -c--a-w C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2007-07-11 13:26:21 397,312 -c--a-w C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2008-01-26 21:29:29 401,408 -c--a-w C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2007-07-11 13:26:22 81,920 -c--a-w C:\WINDOWS\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2008-01-26 21:29:44 81,920 -c--a-w C:\WINDOWS\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2007-07-11 13:26:43 577,536 -c--a-w C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2008-01-26 21:29:16 630,784 -c--a-w C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2007-07-11 13:26:39 372,736 -c--a-w C:\WINDOWS\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2008-01-26 21:29:45 372,736 -c--a-w C:\WINDOWS\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2007-07-11 13:26:44 258,048 -c--a-w C:\WINDOWS\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2008-01-26 21:29:43 258,048 -c--a-w C:\WINDOWS\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2007-07-11 13:26:40 299,008 -c--a-w C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2008-01-26 21:29:41 299,008 -c--a-w C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2007-07-11 13:26:40 131,072 -c--a-w C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2008-01-26 21:29:40 131,072 -c--a-w C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2007-07-11 13:26:20 258,048 -c--a-w C:\WINDOWS\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2008-01-26 21:29:17 258,048 -c--a-w C:\WINDOWS\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2007-07-11 13:26:23 114,688 -c--a-w C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2008-01-26 21:29:17 114,688 -c--a-w C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2007-07-11 13:26:45 835,584 -c--a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2008-01-26 21:29:27 884,736 -c--a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2007-07-11 13:26:24 86,016 -c--a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2008-01-26 21:29:28 90,112 -c--a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2007-07-11 13:26:25 823,296 -c--a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2008-01-26 21:29:26 839,680 -c--a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2007-07-11 13:26:26 5,152,768 -c--a-w C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2008-01-26 21:29:30 5,013,504 -c--a-w C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2007-07-11 13:26:29 2,027,520 -c--a-w C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2008-01-26 21:29:18 2,068,480 -c--a-w C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
- 2007-07-11 13:26:42 2,940,928 -c--a-w C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2008-01-26 21:29:25 3,076,096 -c--a-w C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2008-01-26 21:36:13 27,136 -c--a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\c6772fd12a581ad3be49e3f2a80b5622\Accessibility.ni.dll
+ 2008-01-26 21:36:15 884,736 -c--a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\a1d353edc300e3aff0784202f68a657b\AspNetMMCExt.ni.dll
+ 2008-01-26 21:38:30 237,568 -c--a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\c10ec9b4de2b366236ec83237dc31281\CustomMarshalers.ni.dll
+ 2008-01-26 21:37:36 110,592 -c--a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\DemCodecClient\d1be194956671a23841fbd0ca96396ed\DemCodecClient.ni.dll
+ 2008-01-26 21:38:28 15,360 -c--a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\dfsvc\837fe02bdcf637d5bf1e5ffb935ebb80\dfsvc.ni.exe
+ 2008-01-26 21:37:35 253,952 -c--a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\ImageCodec\02d7a5b906a047bace0b3eb74dd01d40\ImageCodec.ni.dll
+ 2008-01-26 21:38:32 876,544 -c--a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\9710a3c0d11dd264c3a6b88977699e9b\Microsoft.Build.Engine.ni.dll
+ 2008-01-26 21:38:33 81,920 -c--a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\e2858a45971fb30b0c0523dbb52c1d4e\Microsoft.Build.Framework.ni.dll
+ 2008-01-26 21:38:38 1,695,744 -c--a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\63d69ffdf3c640d2d104a4b74e8115f8\Microsoft.Build.Tasks.ni.dll
+ 2008-01-26 21:38:39 167,936 -c--a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\11cb5418c06e30100616fbf205588489\Microsoft.Build.Utilities.ni.dll
+ 2008-01-26 21:37:34 2,441,216 -c--a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\b3b62fe820b416515420a6ec17b247c3\Microsoft.JScript.ni.dll
+ 2008-01-26 21:36:49 442,368 -c--a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.MapPoint.#\0dbbb8aa946e04ba7c4dd29928886149\Microsoft.MapPoint.Utility.ni.dll
+ 2008-01-26 21:37:12 1,155,072 -c--a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.MapPoint.#\1fdb2febaaaa1f906add9acade28390a\Microsoft.MapPoint.Data.ni.dll
+ 2008-01-26 21:37:18 1,785,856 -c--a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.MapPoint.#\31389ea81bd3efeba6a9e2258266469d\Microsoft.MapPoint.Graphics3D.ni.dll
+ 2008-01-26 21:36:43 3,649,536 -c--a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.MapPoint.#\3a0e9fac8463429a858bee2b1d9b1be9\Microsoft.MapPoint.Rendering3D.ni.dll
+ 2008-01-26 21:36:31 274,432 -c--a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.MapPoint.#\6540c7a8a1b6444e2743ac193a54c046\Microsoft.MapPoint.MapControl3D.ni.dll
+ 2008-01-26 21:36:48 491,520 -c--a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.MapPoint.#\cc374927c82467431d37369883e33ede\Microsoft.MapPoint.Data.CompactMapFile.ni.dll
+ 2008-01-26 21:38:27 18,432 -c--a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.MapPoint.#\d9a512b7d124fe4df9f6ce8458b3cd63\Microsoft.MapPoint.MassiveManagedWrapper.ni.dll
+ 2008-01-26 21:36:46 917,504 -c--a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.MapPoint.#\ec53f739eded7b7231d177c10af01f25\Microsoft.MapPoint.Data.VirtualEarthTileDataSource.ni.dll
+ 2008-01-26 21:37:09 409,600 -c--a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.MapPoint.#\ef8e6227115bd1cd0c81d3b348a625fc\Microsoft.MapPoint.Geometry.ni.dll
+ 2008-01-26 21:37:23 2,641,920 -c--a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.MapPoint.#\f7658282136438eaf6a05b23c92a61be\Microsoft.MapPoint.GraphicsAPI.ni.dll
+ 2008-01-26 21:38:44 1,740,800 -c--a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\923bd55258380eae77353d36a5a1b08f\Microsoft.VisualBasic.ni.dll
+ 2008-01-26 21:37:24 17,920 -c--a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualC\cd0730694ba5927a6efd32129783e1b4\Microsoft.VisualC.ni.dll
+ 2008-01-26 21:37:34 77,824 -c--a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\e674ba75a514e00b26329e212da938e0\Microsoft.Vsa.ni.dll
+ 2008-01-26 21:32:37 11,722,752 -c--a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\32e6f703c114f3a971cbe706586e3655\mscorlib.ni.dll
+ 2008-01-26 21:37:28 163,840 -c--a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\c46625ea87db53ccf6194fe17ee05c19\System.Configuration.Install.ni.dll
+ 2008-01-26 21:36:52 1,011,712 -c--a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\eee9b48577689e92db5a7b5c5de98d9b\System.Configuration.ni.dll
+ 2008-01-26 21:38:23 1,183,744 -c--a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data.OracleC#\1abdb47765d0696a2fc0a1095bac0249\System.Data.OracleClient.ni.dll
+ 2008-01-26 21:37:01 2,756,608 -c--a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\e59504af41afab5e04681af951d9b302\System.Data.SqlXml.ni.dll
+ 2008-01-26 21:33:42 7,049,216 -c--a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\5f669e819da7010c1dca347a25597c42\System.Data.ni.dll
+ 2008-01-26 21:37:08 1,798,144 -c--a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Deployment\c7dea4895e1fa33d65e448c03de48d26\System.Deployment.ni.dll
+ 2008-01-26 21:34:06 10,969,088 -c--a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Design\c1e16b40e30a05c39be8aee46311841c\System.Design.ni.dll
+ 2008-01-26 21:37:43 1,224,704 -c--a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\914668b240550f529e54bb772c6fc881\System.DirectoryServices.ni.dll
+ 2008-01-26 21:38:26 512,000 -c--a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\f11bc82c09955cb8438d3885a99c297d\System.DirectoryServices.Protocols.ni.dll
+ 2008-01-26 21:34:12 229,376 -c--a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\b974f6c17d17a533adf6e7710c5a62fa\System.Drawing.Design.ni.dll
+ 2008-01-26 21:34:10 1,667,072 -c--a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\0e83aac37b2623f1a24c70979f31dd56\System.Drawing.ni.dll
+ 2008-01-26 21:37:40 659,456 -c--a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\646131eda5f21f4e6216733d49c22c56\System.EnterpriseServices.ni.dll
+ 2008-01-26 21:37:40 294,912 -c--a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\646131eda5f21f4e6216733d49c22c56\System.EnterpriseServices.Wrapper.dll
+ 2008-01-26 21:37:27 1,064,960 -c--a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\29c7192327cf3999961560bf3a3995c6\System.Management.ni.dll
+ 2008-01-26 21:37:46 815,104 -c--a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\0898f6c1de8cb89413d206e3d6a3ce1d\System.Runtime.Remoting.ni.dll
+ 2008-01-26 21:37:04 339,968 -c--a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\1f5cf8178029f5b959a9af75cb8cfedb\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2008-01-26 21:37:03 733,184 -c--a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Security\2b5994269cc5b996231c9b21afea9a91\System.Security.ni.dll
+ 2008-01-26 21:38:27 233,472 -c--a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\193ac978af569ad9ee45110b359961b9\System.ServiceProcess.ni.dll
+ 2008-01-26 21:37:38 679,936 -c--a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\12e0aa1030badf4524f897e3f57b037a\System.Transactions.ni.dll
+ 2008-01-26 21:38:54 2,342,912 -c--a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\37d87b3cab1c66ec4430ebb2abeaa570\System.Web.Mobile.ni.dll
+ 2008-01-26 21:38:24 237,568 -c--a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\b5b81faf46fc63c20d5339b36edd02fa\System.Web.RegularExpressions.ni.dll
+ 2008-01-26 21:38:20 1,986,560 -c--a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Services\38991368499e2109ea4099a0fe29c5a3\System.Web.Services.ni.dll
+ 2008-01-26 21:38:14 12,509,184 -c--a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\67cfb70213562afe2ca9b9066764af3a\System.Web.ni.dll
+ 2008-01-26 21:34:41 13,193,216 -c--a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\3d8c79c45aa674e43f075e2e66b8caf5\System.Windows.Forms.ni.dll
+ 2008-01-26 21:34:56 5,771,264 -c--a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\c98cb65a79cfccb44ea727ebe4593ede\System.Xml.ni.dll
+ 2008-01-26 21:33:23 8,265,728 -c--a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\ba0e3a22211ba7343e0116b051f2965a\System.ni.dll
+ 2007-11-20 21:04:32 1,523,536 -c--a-w C:\WINDOWS\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe
+ 2006-06-20 20:44:04 379,704 -c--a-w C:\WINDOWS\Downloaded Program Files\MsnPUpld.dll
+ 2006-11-20 16:04:18 117,088 -c--a-w C:\WINDOWS\Downloaded Program Files\PURen-ca.dll
+ 2006-06-20 20:44:02 117,560 -c--a-w C:\WINDOWS\Downloaded Program Files\PURen-us.dll
+ 2007-09-04 20:59:42 380,144 ----a-w C:\WINDOWS\Downloaded Program Files\sabspx.dll
+ 2000-08-31 13:00:00 163,328 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\ERDNT.EXE
+ 2006-10-27 00:12:56 396,592 -c--a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6021\MOC.EXE
+ 2007-05-08 15:10:18 16,874,376 -c--a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6021\MSO.DLL
+ 2007-03-21 22:56:50 8,425,856 -c--a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6021\OARTCONV.DLL
+ 2006-10-27 19:18:34 1,658,152 -c--a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6021\OGL.DLL
+ 2007-05-10 13:04:28 846,248 -c--a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6021\OICE.EXE
+ 2007-05-10 14:11:42 1,767,256 -c--a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6021\PPCNV.DLL
+ 2007-03-21 23:00:06 72,096 -c--a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6021\PXBCOM.EXE
+ 2007-03-21 22:58:40 4,145,520 -c--a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6021\WRD12CNV.DLL
+ 2007-03-21 22:58:46 24,416 -c--a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6021\WRD12EXE.EXE
+ 2007-12-21 15:02:12 258,048 -c--a-r C:\WINDOWS\Installer\$PatchCache$\Managed\17147D731313A894EBD5E7D36ACAD0EB\11.10.0\dtw9.dll
+ 2008-02-07 20:50:30 2,764,800 -c--a-r C:\WINDOWS\Installer\$PatchCache$\Managed\17147D731313A894EBD5E7D36ACAD0EB\11.10.0\ub1x3_07.exe
+ 2008-02-06 13:13:26 249,856 -c--a-r C:\WINDOWS\Installer\$PatchCache$\Managed\17147D731313A894EBD5E7D36ACAD0EB\11.10.0\ubxflat.dll
+ 2008-02-07 18:06:24 413,696 -c--a-r C:\WINDOWS\Installer\$PatchCache$\Managed\17147D731313A894EBD5E7D36ACAD0EB\11.10.0\ufile.exe
+ 2008-02-13 01:03:42 10,134 -c--a-r C:\WINDOWS\Installer\{2C464EC1-2B0C-4490-9CAC-D4562DD8377A}\ARPPRODUCTICON.exe
+ 2008-03-05 22:56:08 65,536 -c--a-r C:\WINDOWS\Installer\{37D74171-3131-498A-BE5D-7E3DA6AC0DBE}\ARPPRODUCTICON.exe
+ 2008-03-05 22:56:09 65,536 -c--a-r C:\WINDOWS\Installer\{37D74171-3131-498A-BE5D-7E3DA6AC0DBE}\ufile.exe_Desktop_37D741713131498ABE5D7E3DA6AC0DBE.exe
+ 2008-03-05 22:56:09 65,536 -c--a-r C:\WINDOWS\Installer\{37D74171-3131-498A-BE5D-7E3DA6AC0DBE}\ufile.exe_Menu_37D741713131498ABE5D7E3DA6AC0DBE.exe
+ 2008-02-04 12:26:27 55,296 -c--a-r C:\WINDOWS\Installer\{48B82226-75E3-4E90-92CC-D30F79EA6380}\Icon6D246661.exe
+ 2008-03-07 19:49:35 23,146 --sh--r C:\WINDOWS\Installer\{70afe3c7-c683-4c96-91c4-ae253871fee1}\zip.dll
+ 2008-03-07 19:48:57 18,570 --sh--r C:\WINDOWS\Installer\{79fb7e76-d1ea-4dd3-83fe-d99d49e22217}\ChkRam.dll
+ 2008-02-27 17:25:59 102,400 -c--a-r C:\WINDOWS\Installer\{80FD852F-5AAC-4129-B931-06AAFFA43138}\iTunesIco.exe
- 2007-08-15 19:44:04 38,240 -c--a-r C:\WINDOWS\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
+ 2007-12-17 21:41:10 38,240 -c--a-r C:\WINDOWS\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
- 2007-12-01 14:07:35 167,936 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\accicons.exe
+ 2008-02-13 00:29:14 167,936 -c--a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\accicons.exe
- 2007-12-01 14:07:35 81,920 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\fpicon.exe
+ 2008-02-13 00:29:14 81,920 -c--a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\fpicon.exe
- 2007-12-01 14:07:35 34,304 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\misc.exe
+ 2008-02-13 00:29:14 34,304 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\misc.exe
- 2007-12-01 14:07:35 8,192 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\mspicons.exe
+ 2008-02-13 00:29:14 8,192 -c--a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\mspicons.exe
- 2007-12-01 14:07:35 3,584 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\opwicon.exe
+ 2008-02-13 00:29:14 3,584 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\opwicon.exe
- 2007-12-01 14:07:35 114,688 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\outicon.exe
+ 2008-02-13 00:29:14 114,688 -c--a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\outicon.exe
- 2007-12-01 14:07:35 16,384 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\PEicons.exe
+ 2008-02-13 00:29:14 16,384 -c--a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\PEicons.exe
- 2007-12-01 14:07:35 30,720 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\pptico.exe
+ 2008-02-13 00:29:14 30,720 -c--a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\pptico.exe
- 2007-12-01 14:07:35 22,528 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\unbndico.exe
+ 2008-02-13 00:29:14 22,528 -c--a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\unbndico.exe
- 2007-12-01 14:07:35 45,056 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\wordicon.exe
+ 2008-02-13 00:29:14 45,056 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\wordicon.exe
- 2007-12-01 14:07:35 90,112 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\xlicons.exe
+ 2008-02-13 00:29:13 90,112 -c--a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\xlicons.exe
+ 2008-02-14 22:28:30 295,606 -c--a-r C:\WINDOWS\Installer\{AC76BA86-7AD7-1033-7B44-A81200000003}\SC_Reader.exe
+ 2007-12-06 12:10:45 295,606 -c--a-r C:\WINDOWS\Installer\{AC76BA86-7AD7-5464-3428-800000000003}\ARPPRODUCTICON.exe
+ 2008-02-09 18:53:36 27,136 -c--a-r C:\WINDOWS\Installer\{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}\AppleSoftwareUpdateIco.exe
+ 2008-02-13 01:03:37 61,440 -c--a-r C:\WINDOWS\Installer\{BAF0296B-77EA-425B-934E-671B4DBAED6E}\ARPPRODUCTICON.exe
- 2007-11-02 19:51:45 10,134 ----a-r C:\WINDOWS\Installer\{D3C97899-3890-43DB-AA0C-D91A84FA7787}\ARPPRODUCTICON.exe
+ 2008-01-28 19:38:05 10,134 -c--a-r C:\WINDOWS\Installer\{D3C97899-3890-43DB-AA0C-D91A84FA7787}\ARPPRODUCTICON.exe
- 2005-09-23 12:28:52 72,704 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\NETFXSBS10.exe
+ 2007-10-24 06:47:38 82,944 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\NETFXSBS10.exe
- 2005-09-23 12:28:52 7,680 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\sbscmp10.dll
+ 2007-10-24 06:47:38 16,896 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\sbscmp10.dll
- 2005-09-23 12:28:56 7,680 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\sbscmp20_mscorwks.dll
+ 2007-10-24 06:47:40 16,896 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\sbscmp20_mscorwks.dll
- 2005-09-23 12:28:58 7,680 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\sbscmp20_perfcounter.dll
+ 2007-10-24 06:47:42 16,896 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\sbscmp20_perfcounter.dll
- 2005-09-23 12:28:56 7,680 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\SharedReg12.dll
+ 2007-10-24 06:47:40 16,896 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\SharedReg12.dll
- 2005-09-23 12:28:52 86,528 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscormmc.dll
+ 2007-10-24 06:47:38 97,280 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscormmc.dll
- 2005-09-23 12:28:36 18,944 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1033\alinkui.dll
+ 2007-10-24 06:47:26 28,672 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1033\alinkui.dll
- 2005-09-23 12:28:42 136,192 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1033\cscompui.dll
+ 2007-10-24 06:47:30 145,408 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1033\cscompui.dll
- 2005-09-23 12:28:44 4,608 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1033\CvtResUI.dll
+ 2007-10-24 06:47:32 13,824 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1033\CvtResUI.dll
- 2005-09-23 12:29:04 183,808 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1033\vbc7ui.dll
+ 2007-10-24 06:47:48 193,016 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1033\vbc7ui.dll
- 2005-09-23 12:28:28 208,896 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1033\Vsavb7rtUI.dll
+ 2007-10-24 06:47:20 218,112 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1033\Vsavb7rtUI.dll
- 2005-09-23 12:28:56 10,752 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Accessibility.dll
+ 2007-10-24 06:47:40 10,752 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Accessibility.dll
- 2005-09-23 12:28:58 138,240 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\AdoNetDiag.dll
+ 2007-10-24 06:47:42 147,968 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\AdoNetDiag.dll
- 2005-09-23 12:28:36 87,552 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\alink.dll
+ 2007-10-24 06:47:26 99,320 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\alink.dll
- 2007-04-13 07:21:18 58,712 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\AppLaunch.exe
+ 2007-10-24 06:47:42 59,392 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\AppLaunch.exe
- 2005-09-23 12:28:32 36,864 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_compiler.exe
+ 2007-10-24 06:47:22 36,864 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_compiler.exe
- 2007-04-13 07:20:52 10,752 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_filter.dll
+ 2007-10-24 06:47:22 22,024 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_filter.dll
- 2007-04-13 07:20:52 8,192 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll
+ 2007-10-24 06:47:22 17,928 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll
- 2007-04-13 07:20:52 23,552 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Aspnet_perf.dll
+ 2007-10-24 06:47:22 33,288 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Aspnet_perf.dll
- 2007-04-13 07:20:50 75,264 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_rc.dll
+ 2007-10-24 06:47:22 84,480 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_rc.dll
- 2005-09-23 12:28:32 13,824 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regbrowsers.exe
+ 2007-10-24 06:47:22 24,576 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regbrowsers.exe
- 2007-04-13 07:20:52 32,608 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis.exe
+ 2007-10-24 06:47:22 32,776 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis.exe
- 2005-09-23 12:28:32 106,496 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regsql.exe
+ 2007-10-24 06:47:22 106,496 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regsql.exe
- 2007-04-13 07:20:52 33,632 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
+ 2007-10-24 06:47:22 33,800 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
- 2007-04-13 07:20:52 32,600 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
+ 2007-10-24 06:47:22 33,280 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
- 2007-04-13 07:20:52 507,904 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\AspNetMMCExt.dll
+ 2007-10-24 06:47:22 507,904 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\AspNetMMCExt.dll
- 2005-09-23 12:28:56 106,496 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CasPol.exe
+ 2007-10-24 06:47:40 106,496 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CasPol.exe
- 2007-04-13 07:21:16 88,576 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CORPerfMonExt.dll
+ 2007-10-24 06:47:40 101,896 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CORPerfMonExt.dll
- 2005-09-23 12:28:42 76,984 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\csc.exe
+ 2007-10-24 06:47:30 80,376 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\csc.exe
- 2005-09-23 12:28:42 1,144,832 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\cscomp.dll
+ 2007-10-24 06:47:30 1,162,744 -c--a-w C:\WINDOWS\Microsoft.NET&a

Edited by whitmangurl, 08 March 2008 - 08:00 AM.

[Advertisements]

Hi.
Welcome to geekstogo.
Please read these instructions HERE.

Edited by sarahw, 08 March 2008 - 04:31 AM.

[sarahw]

Hi.
Welcome to geekstogo.
Please read these instructions HERE.

Edited by sarahw, 08 March 2008 - 04:31 AM.

[whitmangurl]

Done it the only thing that has helped some is combofix

[whitmangurl]

My background is now all red with YOUR PRIVACY IS IN DANGER Download privacy protection now in the middle

[sarahw]

Hi.
The instructions tell you to post logs, mainly the Hijack this log. I cannot help you with out them. The instructions do not mention combofix. You do not need to run combofix at this stage.
If you have a look at everybody elses log's you can see examples.

Edited by sarahw, 08 March 2008 - 08:14 AM.

[whitmangurl]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:53:33 AM, on 3/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Logitech\Easy Synchronization\servicestub.exe
C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe
C:\Program Files\Desktop Messenger\8876480\Program\backWeb-8876480.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Logitech\SetPoint\LBTWiz.exe
C:\WINDOWS\system32\updater\explorer.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Rogers\SelfHealing\rogersagent.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\DOCUME~1\DAVEWH~1\LOCALS~1\Temp\ir_ext_temp_2\autorun.exe
C:\PROGRA~1\Yahoo!\YOP\SSDK02.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarerefer...=...6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: enlfxgw - {A133882E-2F89-47A3-A01C-8FA1D04B8E57} - C:\WINDOWS\enlfxgw.dll (file missing)
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Easy Synchronization] C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LDM] C:\Program Files\Desktop Messenger\8876480\Program\backWeb-8876480.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Bluetooth Connection Assistant] LBTWIZ.EXE -silent
O4 - HKLM\..\Run: [Updater] C:\WINDOWS\system32\updater\explorer.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\PROGRA~1\Symantec\osCheck.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\RunOnce: [Easy Synchronization] C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe --ports
O4 - HKCU\..\Run: [Update Manager] "C:\Program Files\Rogers\Update Manager\UpdateManager.exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [Registry Helper] "C:\Program Files\Registry Helper\RegistryHelper.Exe" /boot
O4 - HKCU\..\Run: [RogersAgent] c:\Program Files\Rogers\SelfHealing\rogersagent.exe
O4 - HKCU\..\Run: [SHS] "C:\Program Files\Rogers\SelfHealing\SHS.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check(3).lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV03.EXE
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=67633
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.micr...veX/MSDcode.cab
O16 - DPF: {203C12EA-EF5A-4989-BD68-5844A877A9AF} (prjOCFTools.OCFTools) - http://ocf.rogershel...prjOCFTools.CAB
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail....es/MSNPUpld.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zon...wn.cab56986.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebo...toUploader3.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1169871149359
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.photolab....geUploader4.cab
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadbl...ivex/sabspx.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn...ro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zon...er.cab56986.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O21 - SSODL: ChkRam - {79fb7e76-d1ea-4dd3-83fe-d99d49e22217} - C:\WINDOWS\Installer\{79fb7e76-d1ea-4dd3-83fe-d99d49e22217}\ChkRam.dll
O21 - SSODL: btrklfr - {0C85A4C5-C89B-4D00-99A1-48334735217D} - C:\WINDOWS\btrklfr.dll
O21 - SSODL: apdqnxp - {18405A7D-12E8-4C1B-94FA-3EE051A3CE29} - C:\WINDOWS\apdqnxp.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\PROGRA~1\Symantec\isPwdSvc.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Logitech Easy Synchronization - Unknown owner - C:\Program Files\Logitech\Easy Synchronization\servicestub.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

--
End of file - 11757 bytes

[sarahw]

Please give me some time to look it over and I will get back to you as soon as possible.

I want you to show hidden files. There are instructions HERE to help you do this.
You should have Administrator rights to perform the fixes. Some of the instructions I give may need to be printed or saved for reference during the fix. Some of the fix will be done in Safe Mode so you will be unable to access this thread at that time.
Please dont use any of the tools without specific instructions. Some of them are dangerous (and could leave your computer in worse condition that it is when infected) if used incorrectly.
These instuctions should be read first, then followed. If you do not understand something, don't be afraid to ask, or see if I'm on chat.

[sarahw]

Hi.
1.

• Please re-open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below:
  
  O3 - Toolbar: enlfxgw - {A133882E-2F89-47A3-A01C-8FA1D04B8E57} - C:\WINDOWS\enlfxgw.dll (file missing)
  O21 - SSODL: ChkRam - {79fb7e76-d1ea-4dd3-83fe-d99d49e22217} - C:\WINDOWS\Installer\{79fb7e76-d1ea-4dd3-83fe-d99d49e22217}\ChkRam.dll
  O21 - SSODL: btrklfr - {0C85A4C5-C89B-4D00-99A1-48334735217D} - C:\WINDOWS\btrklfr.dll
  O21 - SSODL: apdqnxp - {18405A7D-12E8-4C1B-94FA-3EE051A3CE29} - C:\WINDOWS\apdqnxp.dll
  
  
• Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.

2.
Please download the OTMoveIt2 by OldTimer.

• Save it to your desktop.
• Please double-click OTMoveIt.exe to run it.
• Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):
  
  C:\WINDOWS\enlfxgw.dll
  C:\WINDOWS\Installer\{79fb7e76-d1ea-4dd3-83fe-d99d49e22217}\ChkRam.dll
  C:\WINDOWS\btrklfr.dll
  C:\WINDOWS\apdqnxp.dll
  
  
• Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" (the top box) window and choose Paste.
• Click the red Moveit! button.
• Copy everything on the Results window to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it on your next reply.
• Close OTMoveIt

*If a file or folder cannot be moved immediately, you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine, choose Yes.
**If a reboot was necessary or you needed to Exit before posting the log, you will find a copy of the log at the root of the drive where OTMoveIt is installed, usually at :
C:\_OTMoveIt\MovedFiles\********_******.log
(where "********_******" is the "date_time")

Click "Exit" to close OTMoveIt.



Post the OTMoveit2 log and a fresh Hijack This log in your next reply.

Edited by sarahw, 08 March 2008 - 09:21 AM.

[whitmangurl]

File/Folder C:\WINDOWS\enlfxgw.dll not found.
DllUnregisterServer procedure not found in C:\WINDOWS\Installer\{79fb7e76-d1ea-4dd3-83fe-d99d49e22217}\ChkRam.dll
C:\WINDOWS\Installer\{79fb7e76-d1ea-4dd3-83fe-d99d49e22217}\ChkRam.dll NOT unregistered.
File move failed. C:\WINDOWS\Installer\{79fb7e76-d1ea-4dd3-83fe-d99d49e22217}\ChkRam.dll scheduled to be moved on reboot.
DllUnregisterServer procedure not found in C:\WINDOWS\btrklfr.dll
C:\WINDOWS\btrklfr.dll NOT unregistered.
C:\WINDOWS\btrklfr.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\apdqnxp.dll
C:\WINDOWS\apdqnxp.dll NOT unregistered.
C:\WINDOWS\apdqnxp.dll moved successfully.
File/Folder not found.
File/Folder not found.

OTMoveIt2 v1.0.20 log created on 03082008_103008






Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:35:30 AM, on 3/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Logitech\SetPoint\LBTWiz.exe
C:\WINDOWS\system32\updater\explorer.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Rogers\SelfHealing\rogersagent.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\DOCUME~1\DAVEWH~1\LOCALS~1\Temp\ir_ext_temp_3\autorun.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Logitech\Easy Synchronization\servicestub.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\PROGRA~1\Yahoo!\YOP\SSDK02.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarerefer...=...6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Easy Synchronization] C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LDM] C:\Program Files\Desktop Messenger\8876480\Program\backWeb-8876480.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Bluetooth Connection Assistant] LBTWIZ.EXE -silent
O4 - HKLM\..\Run: [Updater] C:\WINDOWS\system32\updater\explorer.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\PROGRA~1\Symantec\osCheck.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\RunOnce: [Easy Synchronization] C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe --ports
O4 - HKCU\..\Run: [Update Manager] "C:\Program Files\Rogers\Update Manager\UpdateManager.exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [Registry Helper] "C:\Program Files\Registry Helper\RegistryHelper.Exe" /boot
O4 - HKCU\..\Run: [RogersAgent] c:\Program Files\Rogers\SelfHealing\rogersagent.exe
O4 - HKCU\..\Run: [SHS] "C:\Program Files\Rogers\SelfHealing\SHS.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check(3).lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV03.EXE
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=67633
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.micr...veX/MSDcode.cab
O16 - DPF: {203C12EA-EF5A-4989-BD68-5844A877A9AF} (prjOCFTools.OCFTools) - http://ocf.rogershel...prjOCFTools.CAB
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail....es/MSNPUpld.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zon...wn.cab56986.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebo...toUploader3.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1169871149359
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.photolab....geUploader4.cab
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadbl...ivex/sabspx.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn...ro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zon...er.cab56986.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\PROGRA~1\Symantec\isPwdSvc.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Logitech Easy Synchronization - Unknown owner - C:\Program Files\Logitech\Easy Synchronization\servicestub.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

--
End of file - 11399 bytes

[sarahw]

Hi,
1.
Please download Deckard's System Scanner (DSS) and save it to your Desktop.

• Close all other windows before proceeding.
• Double-click on dss.exe and follow the prompts.
• When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

2.
Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.

• The program will launch and then begin downloading the latest definition files:
• Once the files have been downloaded click on NEXT
  
• Now click on Scan Settings
• In the scan settings make that the following are selected:
  • Scan using the following Anti-Virus database:
  Extended (if available otherwise Standard)
  
  • Scan Options:
  Scan Archives
  Scan Mail Bases
• Click OK
• Now under select a target to scan:Select My Computer
• This will program will start and scan your system.
• The scan will take a while so be patient and let it run.
• Once the scan is complete it will display if your system has been infected.
  
  • Now click on the Save as Text button:
• Save the file to your desktop.
• Copy and paste that information in your next post.

Edited by sarahw, 08 March 2008 - 10:29 AM.

[whitmangurl]

Main Txt

Deckard's System Scanner v20071014.68
Run by Dave Whitman on 2007-11-29 22:57:28
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
10: 2007-11-30 03:57:34 UTC - RP10 - Deckard's System Scanner Restore Point
9: 2007-11-30 03:07:02 UTC - RP9 - Removed Microsoft Easy Assist
8: 2007-11-30 02:30:05 UTC - RP8 - Restore Operation
7: 2007-11-29 21:28:25 UTC - RP7 - Thursday, November 29 2007, 4:20pm
6: 2007-11-29 01:05:53 UTC - RP6 - Installed Microsoft Easy Assist


-- First Restore Point --
1: 2007-11-26 20:58:06 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Dave Whitman.exe) ----------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:59:06 PM, on 11/29/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Logitech\Easy Synchronization\servicestub.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe
C:\Program Files\Logitech\SetPoint\LBTWiz.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Desktop Messenger\8876480\Program\backWeb-8876480.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Rogers\SelfHealing\rogersagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\WordWeb\wweb32.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\PROGRA~1\Yahoo!\YOP\SSDK02.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Documents and Settings\Dave Whitman\Local Settings\Temporary Internet Files\Content.IE5\SHI7KLAB\VundoFix[1].exe
C:\Documents and Settings\Dave Whitman\Local Settings\Temporary Internet Files\Content.IE5\SHI7KLAB\dss[1].exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Dave Whitman.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://rogers.my.yahoo.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Easy Synchronization] C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe
O4 - HKLM\..\Run: [Logitech BT Wizard] LBTWiz.exe -silent
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\PROGRA~1\Symantec\osCheck.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LDM] C:\Program Files\Desktop Messenger\8876480\Program\backWeb-8876480.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [csr] csrrs.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [842c2e9d] rundll32.exe "C:\WINDOWS\system32\yeaafquj.dll",b
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\RunServices: [csr] csrrs.exe
O4 - HKLM\..\RunOnce: [Easy Synchronization] C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe --ports
O4 - HKCU\..\Run: [RogersAgent] c:\Program Files\Rogers\SelfHealing\rogersagent.exe
O4 - HKCU\..\Run: [SHS] "C:\Program Files\Rogers\SelfHealing\SHS.exe" /background
O4 - HKCU\..\Run: [Update Manager] "C:\Program Files\Rogers\Update Manager\UpdateManager.exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - Startup: WordWeb.lnk = C:\Program Files\WordWeb\wweb32.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: EPSON Status Monitor 3 Environment Check(3).lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV03.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=67633
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.micr...veX/MSDcode.cab
O16 - DPF: {203C12EA-EF5A-4989-BD68-5844A877A9AF} (prjOCFTools.OCFTools) - http://ocf.rogershel...prjOCFTools.CAB
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://princezz4ever...ad/MsnPUpld.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zon...wn.cab56986.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1169871149359
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn...ro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zon...er.cab56986.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\PROGRA~1\Symantec\isPwdSvc.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Logitech Easy Synchronization - Unknown owner - C:\Program Files\Logitech\Easy Synchronization\servicestub.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

--
End of file - 10819 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 SASDIFSV - c:\program files\superantispyware\sasdifsv.sys
R1 SASKUTIL - c:\program files\superantispyware\saskutil.sys
R3 Afc (PPdus ASPI Shell) - c:\windows\system32\drivers\afc.sys <Not Verified; Arcsoft, Inc.; Arcsoft® ASPI Shell>
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>
R3 vsbus (Virtual Serial Bus Enumerator) - c:\windows\system32\drivers\vsb.sys <Not Verified; ELTIMA Software; ELTIMA Virtual Serial Bus>

S3 DFUBTUSB (WIDCOMM USB Bluetooth Driver in DFU State) - c:\windows\system32\drivers\frmupgr.sys (file missing)
S3 GMSIPCI - d:\install\gmsipci.sys (file missing)
S3 NTACCESS - d:\ntaccess.sys (file missing)
S3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>
S3 SetupNTGLM7X - d:\ntglm7x.sys (file missing)
S3 vserial (ELTIMA Virtual Serial Ports Driver) - c:\windows\system32\drivers\vserial.sys <Not Verified; ELTIMA Software; ELTIMA Virtual Serial Ports>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 LBTServ (Logitech Bluetooth Service) - c:\program files\common files\logitech\bluetooth\lbtserv.exe <Not Verified; Logitech Inc.; Logitech SetPoint>
R2 Logitech Easy Synchronization - c:\program files\logitech\easy synchronization\servicestub.exe

S3 iPod Service - "c:\program files\ipod\bin\ipodservice.exe" (file missing)
S3 YPCService - c:\windows\system32\ypcser~1.exe <Not Verified; Yahoo! Inc.; YPCService Module>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2007-11-29 22:00:00 284 --ah----- C:\WINDOWS\Tasks\AF3D7CA69386EE62.job
2007-11-26 22:41:28 590 --a------ C:\WINDOWS\Tasks\Norton Security Online - Run Full System Scan - Dave Whitman.job


-- Files created between 2007-10-29 and 2007-11-29 -----------------------------

2007-11-29 22:11:15 0 d-------- C:\VundoFix Backups
2007-11-29 21:57:05 0 d-------- C:\Program Files\Trend Micro
2007-11-29 21:52:13 0 d-------- C:\WINDOWS\LastGood
2007-11-29 20:27:26 0 dr-h----- C:\Documents and Settings\Dave Whitman\Recent
2007-11-29 20:25:44 0 d-------- C:\Program Files\Registry Easy
2007-11-29 16:44:44 0 d-------- C:\Documents and Settings\Administrator.DAVE-WHITMAN\Application Data\Grisoft
2007-11-29 16:38:32 0 d-------- C:\Documents and Settings\Dave Whitman\Application Data\Grisoft
2007-11-29 09:54:22 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-11-28 20:52:07 3500 --a------ C:\WINDOWS\system32\tmp.reg
2007-11-28 19:38:13 0 d--h----- C:\Documents and Settings\Administrator.DAVE-WHITMAN\Templates
2007-11-28 19:38:13 0 dr------- C:\Documents and Settings\Administrator.DAVE-WHITMAN\Start Menu
2007-11-28 19:38:13 0 dr-h----- C:\Documents and Settings\Administrator.DAVE-WHITMAN\SendTo
2007-11-28 19:38:13 0 d--h----- C:\Documents and Settings\Administrator.DAVE-WHITMAN\Recent
2007-11-28 19:38:13 0 d--h----- C:\Documents and Settings\Administrator.DAVE-WHITMAN\PrintHood
2007-11-28 19:38:13 0 d--h----- C:\Documents and Settings\Administrator.DAVE-WHITMAN\NetHood
2007-11-28 19:38:13 0 d-------- C:\Documents and Settings\Administrator.DAVE-WHITMAN\My Documents
2007-11-28 19:38:13 0 d--h----- C:\Documents and Settings\Administrator.DAVE-WHITMAN\Local Settings
2007-11-28 19:38:13 0 d-------- C:\Documents and Settings\Administrator.DAVE-WHITMAN\Favorites
2007-11-28 19:38:13 0 d-------- C:\Documents and Settings\Administrator.DAVE-WHITMAN\Desktop
2007-11-28 19:38:13 0 d---s---- C:\Documents and Settings\Administrator.DAVE-WHITMAN\Cookies
2007-11-28 19:38:13 0 dr-h----- C:\Documents and Settings\Administrator.DAVE-WHITMAN\Application Data
2007-11-28 19:38:13 0 d---s---- C:\Documents and Settings\Administrator.DAVE-WHITMAN\Application Data\Microsoft
2007-11-28 19:38:12 524288 --ah----- C:\Documents and Settings\Administrator.DAVE-WHITMAN\NTUSER.DAT
2007-11-28 19:17:29 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-11-28 19:17:09 0 d-------- C:\Program Files\SUPERAntiSpyware
2007-11-28 19:17:09 0 d-------- C:\Documents and Settings\Dave Whitman\Application Data\SUPERAntiSpyware.com
2007-11-28 19:16:42 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-11-28 16:18:32 80165 --a------ C:\WINDOWS\system32\uhkhxkho.dll
2007-11-26 09:38:36 0 d-------- C:\Documents and Settings\Dave Whitman\Application Data\Thinstall
2007-11-22 09:31:45 0 d-------- C:\Program Files\Lavasoft
2007-11-22 04:51:20 0 d-------- C:\Documents and Settings\LocalService\Desktop
2007-11-21 20:08:33 0 d-------- C:\Documents and Settings\Dave Whitman\Application Data\Yahoo!
2007-11-21 19:43:49 0 d-------- C:\Program Files\Symantec
2007-11-21 19:43:43 0 d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2007-11-21 12:52:52 83085 --a------ C:\WINDOWS\system32\xuywtgio.dll
2007-11-15 08:01:47 120 --a------ C:\n.bat
2007-11-15 08:01:27 0 --a------ C:\x.dat
2007-11-15 08:01:23 301 --a----c- C:\Documents and Settings\Dave Whitman\x.dat
2007-11-15 08:01:11 0 --a------ C:\z.dat
2007-11-15 08:01:07 1826 --a----c- C:\Documents and Settings\Dave Whitman\z.dat
2007-11-09 07:22:02 128 --a------ C:\winlogon.exe
2007-11-04 07:17:52 786 --a------ C:\2264.bat
2007-11-02 14:50:37 0 d-------- C:\Program Files\Common Files\Avery
2007-11-02 14:50:31 0 d-------- C:\Program Files\Avery Wizard 3.1
2007-10-31 05:44:56 28677 --a----c- C:\Documents and Settings\Dave Whitman\iexplorer.exe
2007-10-29 17:50:11 0 dr------- C:\Documents and Settings\LocalService\Favorites
2007-10-29 17:50:01 0 d-------- C:\Program Files\Common Files\Viewpoint
2007-10-29 06:44:51 28677 --a----c- C:\Documents and Settings\Dave Whitman\update.exe


-- Find3M Report ---------------------------------------------------------------

2007-11-29 22:20:19 0 d-------- C:\Program Files\Common Files\Symantec Shared
2007-11-28 19:16:42 0 d-------- C:\Program Files\Common Files
2007-11-27 20:15:32 1080 --a----c- C:\WINDOWS\AUTOLNCH.REG
2007-11-24 08:07:07 0 d-------- C:\Program Files\Common Files\Real
2007-11-24 08:06:28 0 d-------- C:\Documents and Settings\Dave Whitman\Application Data\Real
2007-11-21 19:36:05 0 d-------- C:\Program Files\Yahoo!
2007-11-21 12:46:27 0 d-------- C:\Program Files\Viewpoint
2007-11-21 10:06:02 0 d-------- C:\Program Files\Fairy Godmother Tycoon
2007-11-21 10:05:01 0 d-------- C:\Program Files\bfgclient
2007-11-18 21:34:42 0 d-------- C:\Documents and Settings\Dave Whitman\Application Data\LimeWire
2007-11-18 21:27:09 0 d-------- C:\Program Files\Logitech
2007-11-18 21:26:54 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-11-02 15:19:23 49160 --a----c- C:\Documents and Settings\Dave Whitman\Application Data\GDIPFONTCACHEV1.DAT
2007-10-29 18:17:25 0 d-------- C:\Program Files\Panasonic
2007-10-29 07:48:00 0 d-------- C:\Documents and Settings\Dave Whitman\Application Data\Adobe
2007-10-28 18:24:46 147456 --a------ C:\WINDOWS\system32\vbzip10.dll <Not Verified; Info-ZIP; Info-ZIP's WiZ>
2007-10-23 18:40:34 0 d-------- C:\Documents and Settings\Dave Whitman\Application Data\Jane s Hotel
2007-10-10 19:17:29 0 d-------- C:\Documents and Settings\Dave Whitman\Application Data\ArcSoft
2007-10-10 19:14:13 0 d-------- C:\Documents and Settings\Dave Whitman\Application Data\Panasonic
2007-10-10 19:09:50 0 d-------- C:\Program Files\Common Files\ArcSoft
2007-10-10 19:08:29 0 d-------- C:\Program Files\ArcSoft
2007-10-10 19:07:05 0 d-------- C:\Documents and Settings\Dave Whitman\Application Data\InstallShield
2007-10-08 18:34:05 0 d-------- C:\Program Files\MSN Messenger
2007-10-04 22:14:03 0 d-------- C:\Program Files\Java
2007-09-30 21:20:39 0 d-------- C:\Program Files\Windows Media Connect 2


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Smapp"="C:\Program Files\Analog Devices\SoundMAX\Smtray.exe" [06/26/2002 05:36 PM]
"NvCplDaemon"="NvQTwk" []
"YOP"="C:\PROGRA~1\Yahoo!\YOP\yop.exe" [06/26/2007 01:48 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 12:11 AM]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [01/23/2007 02:44 PM C:\WINDOWS\KHALMNPR.Exe]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [01/23/2007 02:44 PM C:\WINDOWS\KHALMNPR.Exe]
"Easy Synchronization"="C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe" [10/05/2005 11:00 AM]
"Logitech BT Wizard"="LBTWiz.exe" []
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10/10/2007 06:51 PM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [01/10/2007 12:59 AM]
"osCheck"="C:\PROGRA~1\Symantec\osCheck.exe" [01/14/2007 02:11 AM]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [03/12/2007 06:30 PM]
"nwiz"="nwiz.exe" [06/06/2002 05:33 AM C:\WINDOWS\system32\nwiz.exe]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [07/09/2001 10:50 AM]
"LDM"="C:\Program Files\Desktop Messenger\8876480\Program\backWeb-8876480.exe" [01/27/2007 06:29 PM]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [09/24/2005 12:08 AM]
"csr"="csrrs.exe" []
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" []
"842c2e9d"="C:\WINDOWS\system32\yeaafquj.dll" []
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RogersAgent"="c:\Program Files\Rogers\SelfHealing\rogersagent.exe" [04/23/2007 03:51 PM]
"SHS"="C:\Program Files\Rogers\SelfHealing\SHS.exe" [04/25/2007 09:46 AM]
"Update Manager"="C:\Program Files\Rogers\Update Manager\UpdateManager.exe" [04/25/2007 09:46 AM]
"LDM"="C:\Program Files\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [01/27/2007 06:29 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 02:56 AM]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" []

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"Easy Synchronization"=C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe --ports

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"csr"=csrrs.exe

C:\Documents and Settings\Dave Whitman\Start Menu\Programs\Startup\
WordWeb.lnk - C:\Program Files\WordWeb\wweb32.exe [1/29/2007 10:00:43 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [10/10/2007 6:51:56 PM]
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [5/10/2007 11:29:22 PM]
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [11/29/2006 9:37:20 PM]
EPSON Status Monitor 3 Environment Check(3).lnk - C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV03.EXE [6/25/2001 2:08:00 AM]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [9/24/2005 12:28:44 AM]
HP Photosmart Premier Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [9/24/2005 1:39:30 AM]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [11/20/2007 8:45:05 PM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2/13/2001 1:01:04 AM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{FE24CD78-7C63-465D-8787-4EDF7FC79895}"= C:\Program Files\Logitech\Easy Synchronization\shellexecutehook.dll [10/05/2005 12:00 PM 69632]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/2006 01:55 PM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 01:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll 01/30/2007 02:15 AM 65536 c:\Program Files\Common Files\Logitech\Bluetooth\LBTWlgn.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\jkhfd.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

*Newly Created Service* - COMHOST



-- Hosts -----------------------------------------------------------------------

127.0.0.1 bin.errorprotector.com ## added by CiD
127.0.0.1 br.errorsafe.com ## added by CiD
127.0.0.1 br.winantivirus.com ## added by CiD
127.0.0.1 br.winfixer.com ## added by CiD
127.0.0.1 cdn.drivecleaner.com ## added by CiD
127.0.0.1 cdn.errorsafe.com ## added by CiD
127.0.0.1 cdn.winsoftware.com ## added by CiD
127.0.0.1 de.errorsafe.com ## added by CiD
127.0.0.1 de.winantivirus.com ## added by CiD
127.0.0.1 download.cdn.drivecleaner.com ## added by CiD

60 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2007-11-29 23:00:17 ------------



Extra Txt


Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 1.80GHz
Percentage of Memory in Use: 63%
Physical Memory (total/avail): 767.47 MiB / 281.32 MiB
Pagefile Memory (total/avail): 1878.31 MiB / 1287.49 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1929.8 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 74.52 GiB total, 61.14 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - WDC WD800JB-00JJC0 - 74.53 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 74.52 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FW: Norton Security Online v2007 (Symantec Corporation)
AV: Norton Security Online v2007 (Symantec Corporation)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Kazaa\\kazaa.exe"="C:\\Program Files\\Kazaa\\kazaa.exe:*:Enabled:Kazaa"
"C:\\Program Files\\Piolet\\Piolet.exe"="C:\\Program Files\\Piolet\\Piolet.exe:*:Enabled:Piolet"
"C:\\Program Files\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe"="C:\\Program Files\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe:*:Enabled:backWeb-8876480"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Dave Whitman\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=DAVE-WHITMAN
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Dave Whitman
LOGONSERVER=\\DAVE-WHITMAN
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\PROGRA~1\Java\JRE16~3.0_0\bin;C:\Program Files\Internet Explorer;;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;.
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 4, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0204
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\DAVEWH~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\DAVEWH~1\LOCALS~1\Temp
USERDOMAIN=DAVE-WHITMAN
USERNAME=Dave Whitman
USERPROFILE=C:\Documents and Settings\Dave Whitman
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Dave Whitman (admin)
Administrator.DAVE-WHITMAN (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program Files\Common Files\Symantec Shared\SymSetup\{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}_10_2_0_30\{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}.exe" /X
--> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Acrobat 5.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe ActiveShare 1.5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B3C7CA81-27EB-11D4-A59C-00E02C071F5C}\setup.exe" UNINSTALL
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Photoshop 6.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop 6.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 6.0\Uninst.dll"
Adobe Product/Adobe Studio Update 10/2001 --> "C:\Program Files\InstallShield Installation Information\{73006B34-9743-4A39-AC37-38EDFCEB6DCE}\setup.exe"
Adobe Reader 8.1.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81100000003}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
AppCore --> MsiExec.exe /I{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}
ArcSoft PhotoImpression 5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D433ABC3-0CD8-4BB0-B6A9-84501B4B47B7}\Setup.exe" -l0x9
ArcSoft Software Suite --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9E397B40-13F7-4CA2-9943-ADB29ACBBFDF}\setup.exe" -l0x9
AV --> MsiExec.exe /I{F4DB525F-A986-4249-B98B-42A8066251CA}
Avery Wizard 3.1 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{D3C97899-3890-43DB-AA0C-D91A84FA7787}
ccCommon --> MsiExec.exe /I{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
CDDRV_Installer --> MsiExec.exe /I{8CC990CD-87C8-475C-AC32-8A7984E2FCFA}
Compatibility Pack for the 2007 Office system --> MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter --> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
EPSON Print CD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FF477885-5EA8-40D0-ADF3-D4C1B86FAEA4}\Setup.exe" -l0x9 -SYSTEM
EPSON Printer Software --> C:\Program Files\EPSON\PrinterDriverTemp\SPR380\EPUPDATE.EXE /r
EPSON Stylus Photo R380 User's Guide --> C:\Program Files\epson\guide\spr380_e\uninstall.exe
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
HP Imaging Device Functions 6.0 --> C:\Program Files\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart Cameras 6.0 --> C:\Program Files\HP\Digital Imaging\{61CF89F5-5175-4b3b-ABB8-C89821252D50}\setup\hpzscr01.exe -datfile hpiscr01.dat
HP Photosmart Premier Software 6.0 --> C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP PrecisionScan LTX --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan LTX\Uninst.isu" -c"C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan LTX\HPUninstallIs.dll"
HP Share-to-Web --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{748F4870-8350-11D3-B0BF-080009FB4A19}\setup.exe" -uninst
HP Solution Center and Imaging Support Tools 6.0 --> C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Update --> MsiExec.exe /X{8C6027FD-53DC-446D-BB75-CACD7028A134}
J2SE Runtime Environment 5.0 Update 11 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
Java™ 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
KhalSetup --> MsiExec.exe /I{C89C8D86-4423-4A58-AA40-DD259ACE07C1}
LiveUpdate 3.2 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
LiveUpdate Notice (Symantec Corporation) --> MsiExec.exe /X{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}
Logitech Desktop Messenger --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\Setup.exe" UNINSTALL /L9
Logitech iTouch Software --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{036AA4D4-6D32-11D4-9875-00105ACE7734}\Setup.exe" -l0x9 UNINSTALL
Logitech SetPoint --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}\setup.exe" -l0x9 -removeonly
LUMIX Simple Viewer --> C:\Program Files\InstallShield Installation Information\{2CDCCE7E-55D5-40CC-AEA0-ABA54713501F}\setup.exe -runfromtemp -l0x0009 -removeonly
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 --> "C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft Office Converter Pack --> MsiExec.exe /X{6EECB283-E65F-40EF-86D3-D51BF02A8D43}
Microsoft Office XP Professional with FrontPage --> MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Mobile Phone Suite Easy Synchronization --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AC134D03-97F1-45B9-B32A-52E885AFA895}\setup.exe" -l0x9
Mobipocket Reader 6.0 --> MsiExec.exe /I{ED386A62-2BA2-4544-A723-5DFFDC283F6A}
MSRedist --> MsiExec.exe /I{B7C61755-DB48-4003-948F-3D34DB8EAF69}
MSXML4SP2 --> MsiExec.exe /I{451BB54C-8B23-4455-8BDC-14FC7D43E056}
Nero OEM --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
Norton AntiVirus --> MsiExec.exe /X{830D8CBD-C668-49e2-A969-C2C2106332E0}
Norton Internet Security --> MsiExec.exe /I{48185814-A224-447A-81DA-71BD20580E1B}
Norton Internet Security --> MsiExec.exe /I{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}
Norton Internet Security --> MsiExec.exe /I{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}
Norton Internet Security --> MsiExec.exe /I{E5EE9939-259F-4DE2-8023-5C49E16A4F43}
Norton Protection Center --> MsiExec.exe /I{9A129ABC-A53A-4209-A21E-D5DEDFB7CCA8}
NVIDIA Windows 2000/XP Display Drivers --> C:\WINDOWS\System32\msiuins.exe
Rogers Self Healing Software (remove only) --> "C:\Program Files\Rogers\SelfHealing\uninst.exe"
Rogers Yahoo! Applications --> C:\PROGRA~1\Yahoo!\Common\uninstall.exe
Scientific-Atlanta WebSTAR 2000 series Cable Modem --> UNDPX2A.EXE
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
SereneScreen Marine Aquarium 2 + Time --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\SereneScreen\Marine Aquarium 2 + Time\Uninst.isu"
SoundMAX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\Setup.exe"
SPBBC 32bit --> MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Symantec Technical Support Web Controls --> MsiExec.exe /X{9743AF47-B746-4324-B4C4-512E67D04370}
SymNet --> MsiExec.exe /I{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}
UFile 2005 --> MsiExec.exe /X{F86AAA85-32B4-4686-9B42-8D4C3766BC73}
UFile 2006 --> MsiExec.exe /X{1DC02E08-5098-42CD-81E3-4A5C877C7902}
UFile Updater 2005 --> MsiExec.exe /X{2998FC3C-E41C-41D7-8527-D51B10363120}
UFile Updater 2006 --> MsiExec.exe /X{329ABF30-0376-40AE-A8D2-231BF6AC605C}
Update Manager (remove only) --> "C:\Program Files\Rogers\Update Manager\uninst.exe"
URGE --> MsiExec.exe /I{8BBF6DFD-0AD9-43A7-9FBD-BF065E3866AF}
Virtual Earth 3D (Beta) --> MsiExec.exe /I{619B8475-0F48-41B7-A370-5147F7092989}
WIDCOMM Bluetooth Software --> MsiExec.exe /X{84814E6B-2581-46EC-926A-823BD1C670F6}
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WordWeb --> C:\Program Files\WordWeb\uninst.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type23261 / Success
Event Submitted/Written: 11/29/2007 10:02:03 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type23236 / Warning
Event Submitted/Written: 11/29/2007 09:31:57 PM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{869C3062-4745-4949-B6C9-98AF24D89030}', feature 'CalendarPlugin' failed during request for component '{ECD95215-CDCE-4AAB-AFC2-717ECCB8DA52}'

Event Record #/Type23235 / Warning
Event Submitted/Written: 11/29/2007 09:31:57 PM
Event ID/Source: 1004 / MsiInstaller
Event Description:
Detection of product '{869C3062-4745-4949-B6C9-98AF24D89030}', feature 'CalendarPlugin', component '{F7FB9315-0E31-4915-9BBD-59C29D295F12}' failed. The resource 'C:\Program Files\Common Files\HP\Memories Disc\2.0\mpv\etc\hpodmpv_md\' does not exist.

Event Record #/Type23217 / Error
Event Submitted/Written: 11/29/2007 09:27:22 PM
Event ID/Source: 11706 / MsiInstaller
Event Description:
Product: Microsoft .NET Framework 1.1 -- Error 1706.No valid source could be found for product Microsoft .NET Framework 1.1. The Windows installer cannot continue.

Event Record #/Type23215 / Error
Event Submitted/Written: 11/29/2007 09:14:51 PM
Event ID/Source: 11706 / MsiInstaller
Event Description:
Product: PhotoGallery -- Error 1706.No valid source could be found for product PhotoGallery. The Windows Installer cannot continue.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type18365 / Error
Event Submitted/Written: 11/29/2007 10:07:20 PM
Event ID/Source: 7023 / Service Control Manager
Event Description:
The Application Management service terminated with the following error:
%%126

Event Record #/Type18362 / Error
Event Submitted/Written: 11/29/2007 10:07:19 PM
Event ID/Source: 7023 / Service Control Manager
Event Description:
The Application Management service terminated with the following error:
%%126

Event Record #/Type18359 / Error
Event Submitted/Written: 11/29/2007 10:07:18 PM
Event ID/Source: 7023 / Service Control Manager
Event Description:
The Application Management service terminated with the following error:
%%126

Event Record #/Type18356 / Error
Event Submitted/Written: 11/29/2007 10:07:18 PM
Event ID/Source: 7023 / Service Control Manager
Event Description:
The Application Management service terminated with the following error:
%%126

Event Record #/Type18353 / Error
Event Submitted/Written: 11/29/2007 10:07:18 PM
Event ID/Source: 7023 / Service Control Manager
Event Description:
The Application Management service terminated with the following error:
%%126



-- End of Deckard's System Scanner: finished at 2007-11-29 23:00:17 ------------



Kaspersky Report


-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Saturday, March 08, 2008 1:15:43 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 8/03/2008
Kaspersky Anti-Virus database records: 614319
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\

Scan Statistics:
Total number of scanned objects: 67959
Number of viruses found: 0
Number of infected objects: 0
Number of suspicious objects: 0
Duration of the scan process: 01:18:51

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2008-03-08_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBConfig.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDebug.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDetect.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBNotify.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBRefr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg2.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetDev.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetLoc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetUsr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBStHash.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBValid.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPPolicy.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStart.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStop.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtErEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\26594311.TMP Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtMoEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtNvEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtScEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtTxFEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtViEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SubEng\submissions.idx Object is locked skipped
C:\Documents and Settings\Dave Whitman\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Dave Whitman\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Dave Whitman\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Dave Whitman\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Dave Whitman\Local Settings\History\History.IE5\MSHist012008030820080309\index.dat Object is locked skipped
C:\Documents and Settings\Dave Whitman\Local Settings\Temp\Perflib_Perfdata_700.dat Object is locked skipped
C:\Documents and Settings\Dave Whitman\Local Settings\Temp\~DF11AC.tmp Object is locked skipped
C:\Documents and Settings\Dave Whitman\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Dave Whitman\ntuser.dat Object is locked skipped
C:\Documents and Settings\Dave Whitman\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\NFWEVT.LOG Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDALRT.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDCON.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDDBG.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDFW.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDIDS.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDSYS.log Object is locked skipped
C:\Program Files\Desktop Messenger\8876480\Users\Dave Whitman\Data\chandir.dat Object is locked skipped
C:\Program Files\Desktop Messenger\8876480\Users\Dave Whitman\Data\chandir.idx Object is locked skipped
C:\Program Files\Desktop Messenger\8876480\Users\Dave Whitman\Data\chn.dat Object is locked skipped
C:\Program Files\Desktop Messenger\8876480\U

[sarahw]

Download ComboFix from Here, Here, or Here to your Desktop.

• Double click combofix.exe and follow the prompts.
• When finished, it shall produce a log for you. Save that log topost in your next reply.

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

1. Please open Notepad

• Click Start , then Run
• Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Registry::
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.




5. After reboot, (in case it asks to reboot), please post the first and second combofix logs and a fresh Hijack This log into a reply.

Edited by sarahw, 08 March 2008 - 08:14 PM.

[whitmangurl]

1st Log


ComboFix 08-03-08.1 - Dave Whitman 2008-03-08 22:06:24.7 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.362 [GMT -5:00]
Running from: C:\Documents and Settings\Dave Whitman\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Dave Whitman\Desktop\Error Cleaner.url
C:\Documents and Settings\Dave Whitman\Desktop\Privacy Protector.url
C:\Documents and Settings\Dave Whitman\Desktop\Spyware&Malware Protection.url
C:\Documents and Settings\Dave Whitman\Favorites\Error Cleaner.url
C:\Documents and Settings\Dave Whitman\Favorites\Privacy Protector.url
C:\Documents and Settings\Dave Whitman\Favorites\Spyware&Malware Protection.url
C:\WINDOWS\privacy_danger
C:\WINDOWS\privacy_danger\images\capt.gif
C:\WINDOWS\privacy_danger\images\danger.jpg
C:\WINDOWS\privacy_danger\images\down.gif
C:\WINDOWS\privacy_danger\images\spacer.gif
C:\WINDOWS\privacy_danger\index.htm

.
((((((((((((((((((((((((( Files Created from 2008-02-09 to 2008-03-09 )))))))))))))))))))))))))))))))
.

2008-03-08 11:42 . 2008-03-08 11:42 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-03-08 11:42 . 2008-03-08 11:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-03-08 10:30 . 2008-03-08 10:30 <DIR> d-------- C:\_OTMoveIt
2008-03-08 09:05 . 2007-05-30 07:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-03-07 15:15 . 2008-03-07 15:15 16,532 -r-hs---- C:\Program Files\tmp79062.exe
2008-03-07 15:15 . 2008-03-07 15:15 16,532 -r-hs---- C:\Program Files\tmp72468.exe
2008-03-07 15:11 . 2008-03-07 15:11 16,532 -r-hs---- C:\Program Files\tmp99656.exe
2008-03-07 15:11 . 2008-03-07 15:11 16,532 -r-hs---- C:\Program Files\tmp93296.exe
2008-03-07 14:49 . 2008-03-07 14:49 36,088 --a------ C:\Program Files\instaler.exe
2008-03-07 14:49 . 2008-03-07 14:49 21,656 --a------ C:\Program Files\antiviirus.exe
2008-03-07 14:49 . 2008-03-07 14:49 16,532 -r-hs---- C:\Program Files\tmp14210093.exe
2008-03-07 14:49 . 2008-03-07 14:49 16,532 -r-hs---- C:\Program Files\tmp14204968.exe
2008-03-07 14:48 . 2008-03-07 10:35 81,920 --a------ C:\WINDOWS\fqspogw.exe
2008-03-04 09:03 . 2008-03-04 09:03 <DIR> d-------- C:\Documents and Settings\Dave Whitman\Application Data\Flickr
2008-03-04 08:59 . 2008-03-04 15:08 <DIR> d-------- C:\Program Files\Flickr Uploadr
2008-02-27 11:49 . 2008-02-27 11:49 <DIR> d-------- C:\Program Files\iTunes
2008-02-27 11:49 . 2008-02-27 11:49 <DIR> d-------- C:\Program Files\iPod
2008-02-27 11:48 . 2008-02-27 11:48 <DIR> d-------- C:\Program Files\Common Files\Apple
2008-02-25 08:01 . 2008-03-08 22:02 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-02-25 08:01 . 2008-02-27 11:50 1,409 --a------ C:\WINDOWS\QTFont.for
2008-02-18 10:47 . 2008-02-18 10:47 <DIR> d-------- C:\Program Files\NetProject
2008-02-12 20:03 . 2008-03-05 17:56 <DIR> d-------- C:\Program Files\UFile 2007
2008-02-12 20:03 . 2008-02-12 20:03 <DIR> d-------- C:\MSSoap
2008-02-09 13:53 . 2008-02-09 13:53 <DIR> d-------- C:\Program Files\Apple Software Update
2008-02-09 13:53 . 2008-02-09 13:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-02-09 13:51 . 2008-02-09 13:54 <DIR> d-------- C:\Program Files\QuickTime

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-09 03:05 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-03-07 23:00 --------- d-----w C:\Program Files\Norton Security Scan
2008-03-06 03:50 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-03-05 03:55 --------- d-----w C:\Program Files\Java
2008-02-23 18:44 --------- d-----w C:\Program Files\Avery Wizard 3.1
2008-02-19 16:23 --------- d-----w C:\Documents and Settings\Dave Whitman\Application Data\LimeWire
2008-02-15 14:31 --------- d-----w C:\Documents and Settings\Dave Whitman\Application Data\U3
2008-02-14 22:28 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-13 23:07 --------- d-----w C:\Program Files\Common Files\Pure Networks Shared
2008-02-13 17:40 --------- d-----w C:\Program Files\LimeWire
2008-02-09 18:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-02-01 12:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-01-28 19:38 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-28 19:36 --------- d-----w C:\Program Files\Common Files\Avery
2008-01-22 16:37 --------- d-----w C:\Program Files\Rogers
2008-01-22 01:43 --------- d-----w C:\Program Files\Symantec
2008-01-21 23:20 805 -c--a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-01-21 23:20 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
2008-01-21 23:20 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-01-21 23:20 10,740 -c--a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-01-21 22:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-01-15 14:54 10,537 -c--a-w C:\WINDOWS\system32\drivers\COH_Mon.cat
2008-01-15 10:28 706 -c--a-w C:\WINDOWS\system32\drivers\COH_Mon.inf
2008-01-12 23:32 23,904 -c--a-w C:\WINDOWS\system32\drivers\COH_Mon.sys
2007-11-18 14:58 301 -c--a-w C:\Documents and Settings\Dave Whitman\x.dat
2007-11-18 14:58 1,826 -c--a-w C:\Documents and Settings\Dave Whitman\z.dat
2007-11-02 20:19 49,160 -c--a-w C:\Documents and Settings\Dave Whitman\Application Data\GDIPFONTCACHEV1.DAT
2007-10-30 13:18 28,677 -c--a-w C:\Documents and Settings\Dave Whitman\update.exe
2007-04-09 15:03 774,144 -c--a-w C:\Program Files\RngInterstitial.dll
2007-03-22 15:49 384 -c--a-w C:\Documents and Settings\Dave Whitman\Application Data\internaldb5724.dat
2007-03-22 14:51 194 -c--a-w C:\Documents and Settings\Dave Whitman\Application Data\internaldb9169.dat
2007-03-22 14:51 18,432 -c--a-w C:\Documents and Settings\Dave Whitman\Application Data\internaldb6500.dat
2007-03-05 01:04 384 -c--a-w C:\Documents and Settings\Dave Whitman\Application Data\internaldb6334.dat
2007-03-05 00:54 194 -c--a-w C:\Documents and Settings\Dave Whitman\Application Data\internaldb8467.dat
2007-03-05 00:54 18,432 -c--a-w C:\Documents and Settings\Dave Whitman\Application Data\internaldb41.dat
2007-01-29 15:00 6,323,851 -c--a-w C:\Program Files\wordweb.exe
2005-09-24 05:49 12,288 -c--a-w C:\WINDOWS\Fonts\RandFont.dll
2004-10-01 20:00 40,960 -c--a-w C:\Program Files\Uninstall_CDS.exe
.

((((((((((((((((((((((((((((( snapshot_2008-03-07_22.02.54.57 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-05-24 17:27:16 213,048 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll
+ 2007-08-29 20:47:20 94,208 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
+ 2007-08-29 20:49:54 950,272 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Update Manager"="C:\Program Files\Rogers\Update Manager\UpdateManager.exe" [2007-10-12 15:30 136504]
"LDM"="C:\Program Files\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [2007-01-27 18:29 16384]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56 15360]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [ ]
"Registry Helper"="C:\Program Files\Registry Helper\RegistryHelper.exe" [ ]
"RogersAgent"="c:\Program Files\Rogers\SelfHealing\rogersagent.exe" [2007-04-23 15:51 478968]
"SHS"="C:\Program Files\Rogers\SelfHealing\SHS.exe" [2007-10-12 15:30 5166392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Smapp"="C:\Program Files\Analog Devices\SoundMAX\Smtray.exe" [2002-06-26 17:36 90112]
"NvCplDaemon"="NvQTwk" []
"YOP"="C:\PROGRA~1\Yahoo!\YOP\yop.exe" [2007-06-26 13:48 509224]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 03:10 55824 C:\WINDOWS\KHALMNPR.Exe]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 03:10 55824 C:\WINDOWS\KHALMNPR.Exe]
"Easy Synchronization"="C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe" [2005-10-05 11:00 53248]
"nwiz"="nwiz.exe" [2002-06-06 05:33 372736 C:\WINDOWS\system32\nwiz.exe]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"LDM"="C:\Program Files\Desktop Messenger\8876480\Program\backWeb-8876480.exe" [2007-01-27 18:29 16384]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-09-24 00:08 49152]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [ ]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [ ]
"Bluetooth Connection Assistant"="LBTWIZ.exe" []
"Updater"="C:\WINDOWS\system32\updater\explorer.exe" [2007-11-24 14:08 1478612]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 00:59 115816]
"osCheck"="C:\PROGRA~1\Symantec\osCheck.exe" [2007-01-14 02:11 771704]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-02-09 13:51 385024]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 13:10 267048]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 04:25 6731312]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [2008-01-11 22:16:38 39792]
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2007-05-11 00:29:22 738968]
EPSON Status Monitor 3 Environment Check(3).lnk - C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV03.EXE [2001-06-25 02:08:00 128000]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-11-20 20:45:05 784912]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04 83360]

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= file:///C:\WINDOWS\privacy_danger\index.htm
FriendlyName= Privacy Protection

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{FE24CD78-7C63-465D-8787-4EDF7FC79895}"= C:\Program Files\Logitech\Easy Synchronization\shellexecutehook.dll [2005-10-05 12:00 69632]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll 2007-11-15 10:10 72208 c:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDP:DHCP Discovery Service

S3 SetupNTGLM7X;SetupNTGLM7X;D:\NTGLM7X.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{adffaa2e-089c-11dc-87dc-00e018b09574}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-03-05 16:32:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-03-04 02:48:04 C:\WINDOWS\Tasks\Norton Security Online - Run Full System Scan - Dave Whitman.job"
- C:\PROGRA~1\Symantec\Norton AntiVirus\Navw32.exeh/TASK:
"2008-03-08 02:36:46 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-08 22:09:14
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-03-08 22:10:17
ComboFix-quarantined-files.txt 2008-03-09 03:10:07
ComboFix2.txt 2008-03-08 03:03:23
ComboFix3.txt 2007-12-04 23:31:50
.
2008-02-13 00:29:22 --- E O F ---



2nd Log


ComboFix 08-03-08.1 - Dave Whitman 2008-03-08 22:11:44.8 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.352 [GMT -5:00]
Running from: C:\Documents and Settings\Dave Whitman\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Dave Whitman\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-02-09 to 2008-03-09 )))))))))))))))))))))))))))))))
.

2008-03-08 11:42 . 2008-03-08 11:42 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-03-08 11:42 . 2008-03-08 11:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-03-08 10:30 . 2008-03-08 10:30 <DIR> d-------- C:\_OTMoveIt
2008-03-08 09:05 . 2007-05-30 07:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-03-07 15:15 . 2008-03-07 15:15 16,532 -r-hs---- C:\Program Files\tmp79062.exe
2008-03-07 15:15 . 2008-03-07 15:15 16,532 -r-hs---- C:\Program Files\tmp72468.exe
2008-03-07 15:11 . 2008-03-07 15:11 16,532 -r-hs---- C:\Program Files\tmp99656.exe
2008-03-07 15:11 . 2008-03-07 15:11 16,532 -r-hs---- C:\Program Files\tmp93296.exe
2008-03-07 14:49 . 2008-03-07 14:49 36,088 --a------ C:\Program Files\instaler.exe
2008-03-07 14:49 . 2008-03-07 14:49 21,656 --a------ C:\Program Files\antiviirus.exe
2008-03-07 14:49 . 2008-03-07 14:49 16,532 -r-hs---- C:\Program Files\tmp14210093.exe
2008-03-07 14:49 . 2008-03-07 14:49 16,532 -r-hs---- C:\Program Files\tmp14204968.exe
2008-03-07 14:48 . 2008-03-07 10:35 81,920 --a------ C:\WINDOWS\fqspogw.exe
2008-03-04 09:03 . 2008-03-04 09:03 <DIR> d-------- C:\Documents and Settings\Dave Whitman\Application Data\Flickr
2008-03-04 08:59 . 2008-03-04 15:08 <DIR> d-------- C:\Program Files\Flickr Uploadr
2008-02-27 11:49 . 2008-02-27 11:49 <DIR> d-------- C:\Program Files\iTunes
2008-02-27 11:49 . 2008-02-27 11:49 <DIR> d-------- C:\Program Files\iPod
2008-02-27 11:48 . 2008-02-27 11:48 <DIR> d-------- C:\Program Files\Common Files\Apple
2008-02-25 08:01 . 2008-03-08 22:02 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-02-25 08:01 . 2008-02-27 11:50 1,409 --a------ C:\WINDOWS\QTFont.for
2008-02-18 10:47 . 2008-02-18 10:47 <DIR> d-------- C:\Program Files\NetProject
2008-02-12 20:03 . 2008-03-05 17:56 <DIR> d-------- C:\Program Files\UFile 2007
2008-02-12 20:03 . 2008-02-12 20:03 <DIR> d-------- C:\MSSoap
2008-02-09 13:53 . 2008-02-09 13:53 <DIR> d-------- C:\Program Files\Apple Software Update
2008-02-09 13:53 . 2008-02-09 13:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-02-09 13:51 . 2008-02-09 13:54 <DIR> d-------- C:\Program Files\QuickTime

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-09 03:05 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-03-07 23:00 --------- d-----w C:\Program Files\Norton Security Scan
2008-03-06 03:50 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-03-05 03:55 --------- d-----w C:\Program Files\Java
2008-02-23 18:44 --------- d-----w C:\Program Files\Avery Wizard 3.1
2008-02-19 16:23 --------- d-----w C:\Documents and Settings\Dave Whitman\Application Data\LimeWire
2008-02-15 14:31 --------- d-----w C:\Documents and Settings\Dave Whitman\Application Data\U3
2008-02-14 22:28 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-13 23:07 --------- d-----w C:\Program Files\Common Files\Pure Networks Shared
2008-02-13 17:40 --------- d-----w C:\Program Files\LimeWire
2008-02-09 18:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-02-01 12:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-01-28 19:38 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-28 19:36 --------- d-----w C:\Program Files\Common Files\Avery
2008-01-22 16:37 --------- d-----w C:\Program Files\Rogers
2008-01-22 01:43 --------- d-----w C:\Program Files\Symantec
2008-01-21 23:20 805 -c--a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-01-21 23:20 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
2008-01-21 23:20 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-01-21 23:20 10,740 -c--a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-01-21 22:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-01-15 14:54 10,537 -c--a-w C:\WINDOWS\system32\drivers\COH_Mon.cat
2008-01-15 10:28 706 -c--a-w C:\WINDOWS\system32\drivers\COH_Mon.inf
2008-01-12 23:32 23,904 -c--a-w C:\WINDOWS\system32\drivers\COH_Mon.sys
2007-11-18 14:58 301 -c--a-w C:\Documents and Settings\Dave Whitman\x.dat
2007-11-18 14:58 1,826 -c--a-w C:\Documents and Settings\Dave Whitman\z.dat
2007-11-02 20:19 49,160 -c--a-w C:\Documents and Settings\Dave Whitman\Application Data\GDIPFONTCACHEV1.DAT
2007-10-30 13:18 28,677 -c--a-w C:\Documents and Settings\Dave Whitman\update.exe
2007-04-09 15:03 774,144 -c--a-w C:\Program Files\RngInterstitial.dll
2007-03-22 15:49 384 -c--a-w C:\Documents and Settings\Dave Whitman\Application Data\internaldb5724.dat
2007-03-22 14:51 194 -c--a-w C:\Documents and Settings\Dave Whitman\Application Data\internaldb9169.dat
2007-03-22 14:51 18,432 -c--a-w C:\Documents and Settings\Dave Whitman\Application Data\internaldb6500.dat
2007-03-05 01:04 384 -c--a-w C:\Documents and Settings\Dave Whitman\Application Data\internaldb6334.dat
2007-03-05 00:54 194 -c--a-w C:\Documents and Settings\Dave Whitman\Application Data\internaldb8467.dat
2007-03-05 00:54 18,432 -c--a-w C:\Documents and Settings\Dave Whitman\Application Data\internaldb41.dat
2007-01-29 15:00 6,323,851 -c--a-w C:\Program Files\wordweb.exe
2005-09-24 05:49 12,288 -c--a-w C:\WINDOWS\Fonts\RandFont.dll
2004-10-01 20:00 40,960 -c--a-w C:\Program Files\Uninstall_CDS.exe
.

((((((((((((((((((((((((((((( snapshot_2008-03-07_22.02.54.57 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-05-24 17:27:16 213,048 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll
+ 2007-08-29 20:47:20 94,208 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
+ 2007-08-29 20:49:54 950,272 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Update Manager"="C:\Program Files\Rogers\Update Manager\UpdateManager.exe" [2007-10-12 15:30 136504]
"LDM"="C:\Program Files\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [2007-01-27 18:29 16384]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56 15360]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [ ]
"Registry Helper"="C:\Program Files\Registry Helper\RegistryHelper.exe" [ ]
"RogersAgent"="c:\Program Files\Rogers\SelfHealing\rogersagent.exe" [2007-04-23 15:51 478968]
"SHS"="C:\Program Files\Rogers\SelfHealing\SHS.exe" [2007-10-12 15:30 5166392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Smapp"="C:\Program Files\Analog Devices\SoundMAX\Smtray.exe" [2002-06-26 17:36 90112]
"NvCplDaemon"="NvQTwk" []
"YOP"="C:\PROGRA~1\Yahoo!\YOP\yop.exe" [2007-06-26 13:48 509224]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 03:10 55824 C:\WINDOWS\KHALMNPR.Exe]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 03:10 55824 C:\WINDOWS\KHALMNPR.Exe]
"Easy Synchronization"="C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe" [2005-10-05 11:00 53248]
"nwiz"="nwiz.exe" [2002-06-06 05:33 372736 C:\WINDOWS\system32\nwiz.exe]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"LDM"="C:\Program Files\Desktop Messenger\8876480\Program\backWeb-8876480.exe" [2007-01-27 18:29 16384]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-09-24 00:08 49152]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [ ]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [ ]
"Bluetooth Connection Assistant"="LBTWIZ.exe" []
"Updater"="C:\WINDOWS\system32\updater\explorer.exe" [2007-11-24 14:08 1478612]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 00:59 115816]
"osCheck"="C:\PROGRA~1\Symantec\osCheck.exe" [2007-01-14 02:11 771704]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-02-09 13:51 385024]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 13:10 267048]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 04:25 6731312]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [2008-01-11 22:16:38 39792]
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2007-05-11 00:29:22 738968]
EPSON Status Monitor 3 Environment Check(3).lnk - C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV03.EXE [2001-06-25 02:08:00 128000]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-11-20 20:45:05 784912]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04 83360]

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= file:///C:\WINDOWS\privacy_danger\index.htm
FriendlyName= Privacy Protection

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{FE24CD78-7C63-465D-8787-4EDF7FC79895}"= C:\Program Files\Logitech\Easy Synchronization\shellexecutehook.dll [2005-10-05 12:00 69632]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll 2007-11-15 10:10 72208 c:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDP:DHCP Discovery Service

S3 SetupNTGLM7X;SetupNTGLM7X;D:\NTGLM7X.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{adffaa2e-089c-11dc-87dc-00e018b09574}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-03-05 16:32:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-03-04 02:48:04 C:\WINDOWS\Tasks\Norton Security Online - Run Full System Scan - Dave Whitman.job"
- C:\PROGRA~1\Symantec\Norton AntiVirus\Navw32.exeh/TASK:
"2008-03-08 02:36:46 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-08 22:13:40
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.3156]
-> C:\Program Files\ArcSoft\Software Suite\PhotoImpression\share\pihook.dll
.
Completion time: 2008-03-08 22:14:39
ComboFix-quarantined-files.txt 2008-03-09 03:14:35
ComboFix2.txt 2008-03-09 03:10:18
ComboFix3.txt 2008-03-08 03:03:23
ComboFix4.txt 2007-12-04 23:31:50
.
2008-02-13 00:29:22 --- E O F ---

[sarahw]

1. Please open Notepad

• Click Start , then Run
• Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::
C:\Program Files\tmp79062.exe
C:\Program Files\tmp72468.exe
C:\Program Files\tmp99656.exe
C:\Program Files\tmp93296.exe
C:\Program Files\tmp14210093.exe
C:\Program Files\tmp14204968.exe
C:\Program Files\instaler.exe
C:\Program Files\antiviirus.exe
C:\WINDOWS\fqspogw.exe
C:\WINDOWS\QTFont.qfn
C:\WINDOWS\QTFont.for
C:\WINDOWS\Fonts\RandFont.dll
C:\Program Files\Uninstall_CDS.exe

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.




5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

• Combofix.txt
• A new HijackThis log.

[whitmangurl]

Combofix Log

ComboFix 08-03-08.1 - Dave Whitman 2008-03-09 7:53:19.9 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.311 [GMT -4:00]
Running from: C:\Documents and Settings\Dave Whitman\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Dave Whitman\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\Program Files\antiviirus.exe
C:\Program Files\instaler.exe
C:\Program Files\tmp14204968.exe
C:\Program Files\tmp14210093.exe
C:\Program Files\tmp72468.exe
C:\Program Files\tmp79062.exe
C:\Program Files\tmp93296.exe
C:\Program Files\tmp99656.exe
C:\Program Files\Uninstall_CDS.exe
C:\WINDOWS\Fonts\RandFont.dll
C:\WINDOWS\fqspogw.exe
C:\WINDOWS\QTFont.for
C:\WINDOWS\QTFont.qfn
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\antiviirus.exe
C:\Program Files\instaler.exe
C:\Program Files\tmp14204968.exe
C:\Program Files\tmp14210093.exe
C:\Program Files\tmp72468.exe
C:\Program Files\tmp79062.exe
C:\Program Files\tmp93296.exe
C:\Program Files\tmp99656.exe
C:\Program Files\Uninstall_CDS.exe
C:\WINDOWS\Fonts\RandFont.dll
C:\WINDOWS\fqspogw.exe
C:\WINDOWS\QTFont.for
C:\WINDOWS\QTFont.qfn

.
((((((((((((((((((((((((( Files Created from 2008-02-09 to 2008-03-09 )))))))))))))))))))))))))))))))
.

2008-03-08 12:42 . 2008-03-08 12:42 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-03-08 12:42 . 2008-03-08 12:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-03-08 11:30 . 2008-03-08 11:30 <DIR> d-------- C:\_OTMoveIt
2008-03-08 10:05 . 2007-05-30 08:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-03-04 10:03 . 2008-03-04 10:03 <DIR> d-------- C:\Documents and Settings\Dave Whitman\Application Data\Flickr
2008-03-04 09:59 . 2008-03-04 16:08 <DIR> d-------- C:\Program Files\Flickr Uploadr
2008-02-27 12:49 . 2008-02-27 12:49 <DIR> d-------- C:\Program Files\iTunes
2008-02-27 12:49 . 2008-02-27 12:49 <DIR> d-------- C:\Program Files\iPod
2008-02-27 12:48 . 2008-02-27 12:48 <DIR> d-------- C:\Program Files\Common Files\Apple
2008-02-18 11:47 . 2008-02-18 11:47 <DIR> d-------- C:\Program Files\NetProject
2008-02-12 21:03 . 2008-03-05 18:56 <DIR> d-------- C:\Program Files\UFile 2007
2008-02-12 21:03 . 2008-02-12 21:03 <DIR> d-------- C:\MSSoap
2008-02-09 14:53 . 2008-02-09 14:53 <DIR> d-------- C:\Program Files\Apple Software Update
2008-02-09 14:53 . 2008-02-09 14:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-02-09 14:51 . 2008-02-09 14:54 <DIR> d-------- C:\Program Files\QuickTime

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-09 03:05 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-03-07 23:00 --------- d-----w C:\Program Files\Norton Security Scan
2008-03-06 03:50 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-03-05 03:55 --------- d-----w C:\Program Files\Java
2008-02-23 18:44 --------- d-----w C:\Program Files\Avery Wizard 3.1
2008-02-19 16:23 --------- d-----w C:\Documents and Settings\Dave Whitman\Application Data\LimeWire
2008-02-15 14:31 --------- d-----w C:\Documents and Settings\Dave Whitman\Application Data\U3
2008-02-14 22:28 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-13 23:07 --------- d-----w C:\Program Files\Common Files\Pure Networks Shared
2008-02-13 17:40 --------- d-----w C:\Program Files\LimeWire
2008-02-09 18:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-02-01 12:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-01-28 19:38 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-28 19:36 --------- d-----w C:\Program Files\Common Files\Avery
2008-01-22 16:37 --------- d-----w C:\Program Files\Rogers
2008-01-22 01:43 --------- d-----w C:\Program Files\Symantec
2008-01-21 23:20 805 -c--a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-01-21 23:20 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
2008-01-21 23:20 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-01-21 23:20 10,740 -c--a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-01-21 22:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-01-15 14:54 10,537 -c--a-w C:\WINDOWS\system32\drivers\COH_Mon.cat
2008-01-15 10:28 706 -c--a-w C:\WINDOWS\system32\drivers\COH_Mon.inf
2008-01-12 23:32 23,904 -c--a-w C:\WINDOWS\system32\drivers\COH_Mon.sys
2007-11-18 14:58 301 -c--a-w C:\Documents and Settings\Dave Whitman\x.dat
2007-11-18 14:58 1,826 -c--a-w C:\Documents and Settings\Dave Whitman\z.dat
2007-11-02 20:19 49,160 -c--a-w C:\Documents and Settings\Dave Whitman\Application Data\GDIPFONTCACHEV1.DAT
2007-10-30 13:18 28,677 -c--a-w C:\Documents and Settings\Dave Whitman\update.exe
2007-04-09 15:03 774,144 -c--a-w C:\Program Files\RngInterstitial.dll
2007-03-22 15:49 384 -c--a-w C:\Documents and Settings\Dave Whitman\Application Data\internaldb5724.dat
2007-03-22 14:51 194 -c--a-w C:\Documents and Settings\Dave Whitman\Application Data\internaldb9169.dat
2007-03-22 14:51 18,432 -c--a-w C:\Documents and Settings\Dave Whitman\Application Data\internaldb6500.dat
2007-03-05 01:04 384 -c--a-w C:\Documents and Settings\Dave Whitman\Application Data\internaldb6334.dat
2007-03-05 00:54 194 -c--a-w C:\Documents and Settings\Dave Whitman\Application Data\internaldb8467.dat
2007-03-05 00:54 18,432 -c--a-w C:\Documents and Settings\Dave Whitman\Application Data\internaldb41.dat
2007-01-29 15:00 6,323,851 -c--a-w C:\Program Files\wordweb.exe
.

((((((((((((((((((((((((((((( snapshot_2008-03-07_22.02.54.57 )))))))))))))))))))))))))))))))))))))))))
.
- 2000-08-31 13:00:00 163,328 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\ERDNT.EXE
+ 2000-08-31 12:00:00 163,328 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\ERDNT.EXE
+ 2005-05-24 17:27:16 213,048 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll
+ 2007-08-29 20:47:20 94,208 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
+ 2007-08-29 20:49:54 950,272 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
- 2008-01-26 21:29:59 64,052 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-03-09 11:50:25 64,052 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-01-26 21:29:59 407,296 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-03-09 11:50:25 407,296 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2000-08-31 13:00:00 161,792 -c--a-w C:\WINDOWS\system32\swreg.exe
+ 2000-08-31 12:00:00 161,792 -c--a-w C:\WINDOWS\system32\swreg.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Update Manager"="C:\Program Files\Rogers\Update Manager\UpdateManager.exe" [2007-10-12 16:30 136504]
"LDM"="C:\Program Files\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [2007-01-27 19:29 16384]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56 15360]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [ ]
"Registry Helper"="C:\Program Files\Registry Helper\RegistryHelper.exe" [ ]
"RogersAgent"="c:\Program Files\Rogers\SelfHealing\rogersagent.exe" [2007-04-23 16:51 478968]
"SHS"="C:\Program Files\Rogers\SelfHealing\SHS.exe" [2007-10-12 16:30 5166392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Smapp"="C:\Program Files\Analog Devices\SoundMAX\Smtray.exe" [2002-06-26 18:36 90112]
"NvCplDaemon"="NvQTwk" []
"YOP"="C:\PROGRA~1\Yahoo!\YOP\yop.exe" [2007-06-26 14:48 509224]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 04:10 55824 C:\WINDOWS\KHALMNPR.Exe]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 04:10 55824 C:\WINDOWS\KHALMNPR.Exe]
"Easy Synchronization"="C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe" [2005-10-05 12:00 53248]
"nwiz"="nwiz.exe" [2002-06-06 06:33 372736 C:\WINDOWS\system32\nwiz.exe]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"LDM"="C:\Program Files\Desktop Messenger\8876480\Program\backWeb-8876480.exe" [2007-01-27 19:29 16384]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-09-24 01:08 49152]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [ ]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [ ]
"Bluetooth Connection Assistant"="LBTWIZ.exe" []
"Updater"="C:\WINDOWS\system32\updater\explorer.exe" [2007-11-24 15:08 1478612]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 01:59 115816]
"osCheck"="C:\PROGRA~1\Symantec\osCheck.exe" [2007-01-14 03:11 771704]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-02-09 14:51 385024]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 14:10 267048]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 05:25 6731312]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [2008-01-11 23:16:38 39792]
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2007-05-11 01:29:22 738968]
EPSON Status Monitor 3 Environment Check(3).lnk - C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV03.EXE [2001-06-25 03:08:00 128000]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-11-20 21:45:05 784912]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 02:01:04 83360]

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= file:///C:\WINDOWS\privacy_danger\index.htm
FriendlyName= Privacy Protection

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{FE24CD78-7C63-465D-8787-4EDF7FC79895}"= C:\Program Files\Logitech\Easy Synchronization\shellexecutehook.dll [2005-10-05 13:00 69632]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 14:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 14:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll 2007-11-15 11:10 72208 c:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDP:DHCP Discovery Service

S3 SetupNTGLM7X;SetupNTGLM7X;D:\NTGLM7X.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{adffaa2e-089c-11dc-87dc-00e018b09574}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-03-05 16:32:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-03-04 02:48:04 C:\WINDOWS\Tasks\Norton Security Online - Run Full System Scan - Dave Whitman.job"
- C:\PROGRA~1\Symantec\Norton AntiVirus\Navw32.exeh/TASK:
"2008-03-08 02:36:46 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-09 07:56:14
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-03-09 7:57:14
ComboFix-quarantined-files.txt 2008-03-09 11:57:04
ComboFix2.txt 2008-03-09 03:14:40
ComboFix3.txt 2008-03-09 03:10:18
ComboFix4.txt 2008-03-08 03:03:23
ComboFix5.txt 2007-12-04 23:31:50
.
2008-02-13 00:29:22 --- E O F ---


HijackThis Log


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:07:54 AM, on 3/9/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Logitech\Easy Synchronization\servicestub.exe
C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe
C:\Program Files\Desktop Messenger\8876480\Program\backWeb-8876480.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Logitech\SetPoint\LBTWiz.exe
C:\WINDOWS\system32\updater\explorer.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Rogers\SelfHealing\rogersagent.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\DOCUME~1\DAVEWH~1\LOCALS~1\Temp\ir_ext_temp_0\autorun.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\PROGRA~1\Yahoo!\YOP\SSDK02.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarerefer...=...6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Easy Synchronization] C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LDM] C:\Program Files\Desktop Messenger\8876480\Program\backWeb-8876480.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Bluetooth Connection Assistant] LBTWIZ.EXE -silent
O4 - HKLM\..\Run: [Updater] C:\WINDOWS\system32\updater\explorer.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\PROGRA~1\Symantec\osCheck.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\RunOnce: [Easy Synchronization] C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe --ports
O4 - HKCU\..\Run: [Update Manager] "C:\Program Files\Rogers\Update Manager\UpdateManager.exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [Registry Helper] "C:\Program Files\Registry Helper\RegistryHelper.Exe" /boot
O4 - HKCU\..\Run: [RogersAgent] c:\Program Files\Rogers\SelfHealing\rogersagent.exe
O4 - HKCU\..\Run: [SHS] "C:\Program Files\Rogers\SelfHealing\SHS.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check(3).lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV03.EXE
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=67633
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.micr...veX/MSDcode.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {203C12EA-EF5A-4989-BD68-5844A877A9AF} (prjOCFTools.OCFTools) - http://ocf.rogershel...prjOCFTools.CAB
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail....es/MSNPUpld.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zon...wn.cab56986.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebo...toUploader3.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1169871149359
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.photolab....geUploader4.cab
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadbl...ivex/sabspx.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn...ro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zon...er.cab56986.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\PROGRA~1\Symantec\isPwdSvc.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Logitech Easy Synchronization - Unknown owner - C:\Program Files\Logitech\Easy Synchronization\servicestub.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

--
End of file - 11379 bytes