Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Help Reomving Trojan-GameThief.Win32.WOW.bht, Trojan-PSW.Win32.WOW.arz


  • This topic is locked This topic is locked

#1
Rob L

Rob L

    Member

  • Member
  • PipPip
  • 10 posts
About two months ago, my computer became infected with a Trojan-PSW.WoW (the name is probably wrong, but that's as much of it as I can remember). I followed the instructions on the 'Read this Before Posting a Hijack This log' and my problem seemed to be solved. I was fine until the 20th of August, when my World of Warcraft account was hacked (again). I followed all the instructions in the 'Read This' topic, I ran ATF cleaner, ERUNIT, and then Malwarebites' Anti-Malware. Malwarebites' says that there is no malicious software on my computer, but I doubt that is true, considering that my account was hacked. Any help would be greatly appreciated.

EDIT: I was reading around on other posts that had been resolved, and found a link to an online Kaspersky Virus Scan. I decided to use it, and it detected all of the malware in my topic title. The scan is still going on, but I will post the log once it finishes.

EDIT: I was previously using Norton Anti Virus (yes I know, one of the worst out there), but I uninstalled it and installed a trial version of Kaspersky Anti-Virus 2009. I scanned my computer several times and it seems to think that it has deleted all of the Trojans off my computer (in the statistics it says 24 Trojan-infected files detected), so I have replaced the previously posted Hijack This log with a fresh one. I have also replaced the Online Kaspersky Scan report with a report from a scan done on my computer by Kaspersky.

EDIT (8/24): I will be gone until the evening of the 25th, if anyone posts by then I'll get back to them by Tuesday morning.

Thanks in advance,
-Rob

Below is my Hijack This Log (Updated 8/22/08 at 7:05PM EST)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:02:41 PM, on 8/22/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Linksys Wireless AG USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless AG USB Wireless Network Monitor\WUSB54AG.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ASUS\Asus Probe\AsusProb.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Browser MOUSE\mouse32a.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Muiltmedia keyboard utility\1.3\KbdAp32A.exe
C:\Program Files\Linksys Wireless AG USB Wireless Network Monitor\InfoMyCa.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\Program Files\AIM6\aim6.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\RECYCLER\S-1-5-21-1715567821-823518204-725345543-1004\Dc124\GoogleToolbar2.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\RECYCLER\S-1-5-21-1715567821-823518204-725345543-1004\Dc124\GoogleToolbar2.dll (file missing)
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Asus Probe\AsusProb.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [FLMK08KB] C:\Program Files\Muiltmedia keyboard utility\1.3\MMKEYBD.EXE
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Browser MOUSE\mouse32a.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [MyCA] C:\Program Files\Linksys Wireless AG USB Wireless Network Monitor\InvokeSvc3.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Miro] C:\Program Files\Participatory Culture Foundation\Miro\Miro.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec....rl/LSSupCtl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1147730819391
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} - https://a248.e.akama...ol/SymDlBrg.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab47946.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload....GPlugin9USA.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - http://www.symantec....rl/SymAData.cab
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: dlbu_device - Dell - C:\WINDOWS\system32\dlbucoms.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WUSB54AG - GEMTEKS - C:\Program Files\Linksys Wireless AG USB Wireless Network Monitor\WLService.exe

--
End of file - 10682 bytes


Kaspersky Scans

Full Scan: completed 8/22/2008 6:58:05 PM (events: 10, objects: 55452, time: 00:01:31)
8/22/2008 5:52:46 PM Task started
8/22/2008 5:53:25 PM Detected: Trojan-GameThief.Win32.WOW.bht C:\WINDOWS\system32\smart.dll
8/22/2008 5:53:25 PM Untreated: Trojan-GameThief.Win32.WOW.bht C:\WINDOWS\system32\smart.dll Postponed
8/22/2008 5:53:25 PM Detected: Trojan-PSW.Win32.WOW.arz C:\WINDOWS\system32\LoveFly.dll
8/22/2008 5:53:25 PM Untreated: Trojan-PSW.Win32.WOW.arz C:\WINDOWS\system32\LoveFly.dll Postponed
8/22/2008 5:53:47 PM Detected: Trojan-GameThief.Win32.WOW.bht C:\WINDOWS\system32\smart.dll
8/22/2008 5:53:47 PM Detected: Trojan-PSW.Win32.WOW.arz C:\WINDOWS\system32\LoveFly.dll
8/22/2008 5:53:47 PM Untreated: Trojan-GameThief.Win32.WOW.bht C:\WINDOWS\system32\smart.dll Postponed
8/22/2008 5:53:47 PM Untreated: Trojan-PSW.Win32.WOW.arz C:\WINDOWS\system32\LoveFly.dll Postponed
8/22/2008 5:54:43 PM Detected: Trojan-PSW.Win32.WOW.arz C:\WINDOWS\system32\LoveFly.dll
8/22/2008 5:55:07 PM Detected: Trojan-GameThief.Win32.WOW.bht C:\WINDOWS\system32\smart.dll
8/22/2008 5:55:07 PM Cannot be backed up: Trojan-GameThief.Win32.WOW.bht C:\WINDOWS\system32\smart.dll
8/22/2008 5:55:07 PM Task completed
Full Scan: completed 8/22/2008 6:58:05 PM (events: 10, objects: 55452, time: 00:01:31)
8/22/2008 5:55:07 PM Task started
8/22/2008 5:55:07 PM Detected: Trojan-PSW.Win32.WOW.arz C:\WINDOWS\system32\LoveFly.dll
8/22/2008 5:55:07 PM Will be deleted on system restart: Trojan-PSW.Win32.WOW.arz C:\WINDOWS\system32\LoveFly.dll
8/22/2008 5:55:08 PM Deleted: Trojan-PSW.Win32.WOW.arz HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Love\Love
8/22/2008 5:55:21 PM Detected: Trojan-GameThief.Win32.WOW.bht C:\WINDOWS\system32\smart.dll
8/22/2008 5:55:21 PM Detected: Trojan-PSW.Win32.WOW.arz C:\WINDOWS\system32\LoveFly.dll
8/22/2008 5:55:21 PM Will be deleted on system restart: Trojan-GameThief.Win32.WOW.bht C:\WINDOWS\system32\smart.dll
8/22/2008 5:55:21 PM Deleted: Trojan-GameThief.Win32.WOW.bht HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Fly\Fly
8/22/2008 5:55:27 PM Task completed
Full Scan: completed 8/22/2008 6:58:05 PM (events: 10, objects: 55452, time: 00:01:31)
8/22/2008 6:04:29 PM Task started
8/22/2008 6:05:48 PM Detected: Hoax.Win32.Renos.dzx C:\System Volume Information\_restore{20C2D178-0B65-45A1-A95E-1F9F3CBB305E}\RP4\A0000171.exe/PE_Patch.UPX/UPX
8/22/2008 6:05:48 PM Untreated: Hoax.Win32.Renos.dzx C:\System Volume Information\_restore{20C2D178-0B65-45A1-A95E-1F9F3CBB305E}\RP4\A0000171.exe/PE_Patch.UPX/UPX Postponed
8/22/2008 6:06:32 PM Detected: Trojan-PSW.Win32.WOW.arz C:\System Volume Information\_restore{20C2D178-0B65-45A1-A95E-1F9F3CBB305E}\RP6\A0000694.dll
8/22/2008 6:06:32 PM Detected: Trojan-GameThief.Win32.WOW.bht C:\System Volume Information\_restore{20C2D178-0B65-45A1-A95E-1F9F3CBB305E}\RP6\A0000695.dll
8/22/2008 6:06:32 PM Untreated: Trojan-GameThief.Win32.WOW.bht C:\System Volume Information\_restore{20C2D178-0B65-45A1-A95E-1F9F3CBB305E}\RP6\A0000695.dll Postponed
8/22/2008 6:06:32 PM Untreated: Trojan-PSW.Win32.WOW.arz C:\System Volume Information\_restore{20C2D178-0B65-45A1-A95E-1F9F3CBB305E}\RP6\A0000694.dll Postponed
8/22/2008 6:11:31 PM Detected: Exploit.Java.Gimsh.a C:\Documents and Settings\Robb\Application Data\Sun\Java\Deployment\cache\6.0\25\650d0659-2d290486/vmain.class
8/22/2008 6:11:31 PM Untreated: Exploit.Java.Gimsh.a C:\Documents and Settings\Robb\Application Data\Sun\Java\Deployment\cache\6.0\25\650d0659-2d290486/vmain.class Postponed
8/22/2008 6:12:32 PM Detected: Hoax.Win32.Renos.dzx C:\Documents and Settings\Robb\Desktop\SmitfraudFix.exe/SmitfraudFix\IEDFix.exe/PE_Patch.UPX/UPX
8/22/2008 6:12:35 PM Untreated: Hoax.Win32.Renos.dzx C:\Documents and Settings\Robb\Desktop\SmitfraudFix.exe/SmitfraudFix\IEDFix.exe/PE_Patch.UPX/UPX Postponed
8/22/2008 6:12:52 PM Detected: http://www.viruslist...dvisories/25215 C:\Documents and Settings\Robb\Desktop\NSW2006\NAV\External\NORTON\APP\NAVComUI.dll
8/22/2008 6:16:49 PM Detected: http://www.viruslist...dvisories/30832 C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.dll
8/22/2008 6:21:22 PM Detected: http://www.viruslist...dvisories/31010 C:\Program Files\Java\jre1.5.0_06\bin\java.exe
8/22/2008 6:21:23 PM Detected: http://www.viruslist...dvisories/31010 C:\Program Files\Java\jre1.5.0_06\bin\javaws.exe
8/22/2008 6:21:42 PM Detected: http://www.viruslist...dvisories/31010 C:\Program Files\Java\jre1.6.0_02\bin\java.exe
8/22/2008 6:21:53 PM Detected: http://www.viruslist...dvisories/31010 C:\Program Files\Java\jre1.6.0_05\bin\java.exe
8/22/2008 6:28:17 PM Detected: http://www.viruslist...dvisories/28083 C:\Program Files\Ulead Systems\Ulead DVD MovieFactory 4.0 SE for SANYO\Ulead DMF Launcher 2.0\Flash.ocx
8/22/2008 6:39:28 PM Detected: Trojan-GameThief.Win32.WOW.bht C:\WINDOWS\system32\smart.dll.tmp
8/22/2008 6:39:28 PM Untreated: Trojan-GameThief.Win32.WOW.bht C:\WINDOWS\system32\smart.dll.tmp Postponed
8/22/2008 6:40:08 PM Detected: Trojan-GameThief.Win32.WOW.bht C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\C12701IN\f10[1].dll
8/22/2008 6:40:08 PM Untreated: Trojan-GameThief.Win32.WOW.bht C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\C12701IN\f10[1].dll Postponed
8/22/2008 6:40:08 PM Detected: Trojan-GameThief.Win32.WOW.bht C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\C12701IN\f11[1].dll
8/22/2008 6:40:08 PM Untreated: Trojan-GameThief.Win32.WOW.bht C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\C12701IN\f11[1].dll Postponed
8/22/2008 6:40:12 PM Detected: Trojan-PSW.Win32.WOW.arz C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\C1ARG9IV\lovew[1].dll
8/22/2008 6:40:12 PM Untreated: Trojan-PSW.Win32.WOW.arz C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\C1ARG9IV\lovew[1].dll Postponed
8/22/2008 6:42:19 PM Detected: http://www.viruslist...dvisories/28083 C:\WINDOWS\system32\Macromed\Flash\Flash.ocx
8/22/2008 6:42:19 PM Detected: http://www.viruslist...dvisories/28083 C:\WINDOWS\system32\Macromed\Flash\Flash8b.ocx
8/22/2008 6:42:19 PM Detected: http://www.viruslist...dvisories/28083 C:\WINDOWS\system32\Macromed\Flash\Flash8.ocx
8/22/2008 6:43:04 PM Task completed
Full Scan: completed 8/22/2008 6:58:05 PM (events: 10, objects: 55452, time: 00:01:31)
8/22/2008 6:52:57 PM Task started
8/22/2008 6:53:17 PM Task completed
Full Scan: completed 8/22/2008 6:58:05 PM (events: 10, objects: 55452, time: 00:01:31)
8/22/2008 6:53:35 PM Task started
8/22/2008 6:55:32 PM Detected: http://www.viruslist...dvisories/31010 C:\Program Files\Java\jre1.5.0_06\bin\javaws.exe
8/22/2008 6:55:32 PM Detected: http://www.viruslist...dvisories/31010 C:\Program Files\Java\jre1.5.0_06\bin\java.exe
8/22/2008 6:55:33 PM Detected: http://www.viruslist...dvisories/31010 C:\Program Files\Java\jre1.6.0_02\bin\java.exe
8/22/2008 6:55:33 PM Detected: http://www.viruslist...dvisories/31010 C:\Program Files\Java\jre1.6.0_05\bin\java.exe
8/22/2008 6:55:45 PM Detected: http://www.viruslist...dvisories/28083 C:\Program Files\Ulead Systems\Ulead DVD MovieFactory 4.0 SE for SANYO\Ulead DMF Launcher 2.0\Flash.ocx
8/22/2008 6:56:23 PM Detected: http://www.viruslist...dvisories/28083 C:\WINDOWS\system32\Macromed\Flash\Flash8.ocx
8/22/2008 6:56:23 PM Detected: http://www.viruslist...dvisories/28083 C:\WINDOWS\system32\Macromed\Flash\Flash.ocx
8/22/2008 6:56:23 PM Detected: http://www.viruslist...dvisories/28083 C:\WINDOWS\system32\Macromed\Flash\Flash8b.ocx
8/22/2008 6:56:27 PM Task completed
Full Scan: completed 8/22/2008 6:58:05 PM (events: 10, objects: 55452, time: 00:01:31)
8/22/2008 6:56:34 PM Task started
8/22/2008 6:57:24 PM Detected: http://www.viruslist...dvisories/31010 C:\Program Files\Java\jre1.5.0_06\bin\java.exe
8/22/2008 6:57:24 PM Detected: http://www.viruslist...dvisories/31010 C:\Program Files\Java\jre1.5.0_06\bin\javaws.exe
8/22/2008 6:57:24 PM Detected: http://www.viruslist...dvisories/31010 C:\Program Files\Java\jre1.6.0_02\bin\java.exe
8/22/2008 6:57:25 PM Detected: http://www.viruslist...dvisories/31010 C:\Program Files\Java\jre1.6.0_05\bin\java.exe
8/22/2008 6:57:33 PM Detected: http://www.viruslist...dvisories/28083 C:\Program Files\Ulead Systems\Ulead DVD MovieFactory 4.0 SE for SANYO\Ulead DMF Launcher 2.0\Flash.ocx
8/22/2008 6:58:02 PM Detected: http://www.viruslist...dvisories/28083 C:\WINDOWS\system32\Macromed\Flash\Flash.ocx
8/22/2008 6:58:02 PM Detected: http://www.viruslist...dvisories/28083 C:\WINDOWS\system32\Macromed\Flash\Flash8.ocx
8/22/2008 6:58:02 PM Detected: http://www.viruslist...dvisories/28083 C:\WINDOWS\system32\Macromed\Flash\Flash8b.ocx
8/22/2008 6:58:05 PM Task completed
Full Scan: completed 8/22/2008 6:58:05 PM (events: 10, objects: 55452, time: 00:01:31)
8/22/2008 6:58:38 PM Task started
8/22/2008 6:59:45 PM Detected: http://www.viruslist...dvisories/31010 C:\Program Files\Java\jre1.5.0_06\bin\java.exe
8/22/2008 6:59:45 PM Detected: http://www.viruslist...dvisories/31010 C:\Program Files\Java\jre1.5.0_06\bin\javaws.exe
8/22/2008 6:59:45 PM Detected: http://www.viruslist...dvisories/31010 C:\Program Files\Java\jre1.6.0_02\bin\java.exe
8/22/2008 6:59:48 PM Detected: http://www.viruslist...dvisories/31010 C:\Program Files\Java\jre1.6.0_05\bin\java.exe
8/22/2008 6:59:58 PM Detected: http://www.viruslist...dvisories/28083 C:\Program Files\Ulead Systems\Ulead DVD MovieFactory 4.0 SE for SANYO\Ulead DMF Launcher 2.0\Flash.ocx
8/22/2008 7:00:28 PM Detected: http://www.viruslist...dvisories/28083 C:\WINDOWS\system32\Macromed\Flash\Flash.ocx
8/22/2008 7:00:28 PM Detected: http://www.viruslist...dvisories/28083 C:\WINDOWS\system32\Macromed\Flash\Flash8.ocx
8/22/2008 7:00:28 PM Detected: http://www.viruslist...dvisories/28083 C:\WINDOWS\system32\Macromed\Flash\Flash8b.ocx
8/22/2008 7:00:32 PM Task completed

Edited by Rob L, 25 August 2008 - 06:22 PM.

  • 0

Advertisements


#2
Egwene

Egwene

    Member 2k

  • Visiting Consultant
  • 2,141 posts
Hello Rob L !

Welcome to the site! :) My name's Egwene and I'll be helping clean up your computer. :) I'm currently looking over your log. I am still in training here, so there might be a delay between my replies as they need to be checked by an expert before I can post them. I'll need a bit of time to research your log fully, so please bear with me.

Before we proceed to clean your computer from malware, let's go over some points that will help both me and you, and prevent causing damage to your computer:
  • To make sure that you receive an email when I reply to this topic, please click here and check that this topic is listed under Malware Removal - HijackThis™ Logs Go Here.
  • Please don't be afraid to ask questions! No question is considered dumb here. It's better to be safe than sorry!
  • When posting logs, please ensure Wordwrap is turned off in Notepad (to check, open Notepad click on Format | Uncheck Word Wrap)
  • Please follow the steps exactly in the same order posted. If you can't perform a certain step, or you're unsure on what to do, please stop and let me know.
  • NEVER fix anything in HijackThis or other programs on your own! This can be very dangerous and cause harm to your system. If you see a certain entry or program you're unsure about, please don't hesitate to ask!
  • Make sure you reply to this thread using the Add Reply button: Posted Image

Please read this post completely, it may make it easier for you if you copy and paste this post to a new text document or print it for reference later.
  • 0

#3
Egwene

Egwene

    Member 2k

  • Visiting Consultant
  • 2,141 posts
Hey Rob L,

Let's go with removal :)

--> Please download the OTMoveIt2 by OldTimer.
Save it to your desktop.

1) Update Java + Adobe Acrobate Reader


Please download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
  • Open JavaRa.exe again and select Search For Updates.
  • Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.

Your using an old version of Adobe Acrobat Reader, this can leave your pc open to vulnerabilities, you can update it here :
http://www.adobe.com.../readstep2.html

2) Fix some entries with HijackTHis :

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below : ( if present )

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\RECYCLER\S-1-5-21-1715567821-823518204-725345543-1004\Dc124\GoogleToolbar2.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\RECYCLER\S-1-5-21-1715567821-823518204-725345543-1004\Dc124\GoogleToolbar2.dll (file missing)

Now close all windows other than HiJackThis, then click Fix Checked.

3) Run OTMoveIT2 :
  • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    [kill explorer]
    C:\WINDOWS\system32\smart.dll.tmp
    C:\WINDOWS\system32\LoveFly.dll
    C:\WINDOWS\system32\smart.dll  
    purity
    emptytemp
    [start explorer]
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.[/list]
4) Run OtviewIT :


Download OTViewIt to your desktop.
  • Close all windows and open it
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up called OTViewIt.txt, the other will be saved on your desktop and called Extras. Post both those logs here.
  • You may need to use two posts to get it all on the forum

Regards,
Egwene.
  • 0

#4
Rob L

Rob L

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Egwene,
Thank you so much for your time, it is really appreciated.

Here are the logs you asked for:

OTMoveIt

Explorer killed successfully
File/Folder C:\WINDOWS\system32\smart.dll.tmp not found.
File/Folder C:\WINDOWS\system32\LoveFly.dll not found.
File/Folder C:\WINDOWS\system32\smart.dll not found.
< purity >
< emptytemp >
File delete failed. C:\DOCUME~1\Robb\LOCALS~1\Temp\Perflib_Perfdata_698.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\cch~8940665f4.htp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\cch~894066a22.htp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\cch~8ca5c839c.htp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\cch~8ca5c87b3.htp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\cch~8cab84eb3.htp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\cch~8cab85925.htp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\cch~8cb49fcc9.htp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\cch~8cb4a012f.htp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\cch~8d0953134.htp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\cch~8d09539b5.htp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_9b4.dat scheduled to be deleted on reboot.
Temp folders emptied.
IE temp folders emptied.
Explorer started successfully

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 08262008_181703

Files moved on Reboot...
File C:\DOCUME~1\Robb\LOCALS~1\Temp\Perflib_Perfdata_698.dat not found!
File C:\WINDOWS\temp\cch~8940665f4.htp not found!
File C:\WINDOWS\temp\cch~894066a22.htp not found!
File C:\WINDOWS\temp\cch~8ca5c839c.htp not found!
File C:\WINDOWS\temp\cch~8ca5c87b3.htp not found!
File C:\WINDOWS\temp\cch~8cab84eb3.htp not found!
File C:\WINDOWS\temp\cch~8cab85925.htp not found!
File C:\WINDOWS\temp\cch~8cb49fcc9.htp not found!
File C:\WINDOWS\temp\cch~8cb4a012f.htp not found!
File C:\WINDOWS\temp\cch~8d0953134.htp not found!
File C:\WINDOWS\temp\cch~8d09539b5.htp not found!
File C:\WINDOWS\temp\Perflib_Perfdata_9b4.dat not found!

OTViewIt

OTViewIt logfile created on: 8/26/2008 6:31:49 PM - Run 1
OTViewIt by OldTimer - Version 1.0.0.12 Folder = C:\Documents and Settings\Robb\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1023.48 Mb Total Physical Memory | 601.15 Mb Available Physical Memory | 58.74% Memory free
2.40 Gb Paging File | 2.08 Gb Available in Paging File | 86.84% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 152.66 Gb Total Space | 110.96 Gb Free Space | 72.69% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ROB
Current User Name: Robb
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user

===== Processes - Non-Microsoft Only =====

[02/06/2007 05:45 PM | 00,109,344 | ---- | M] (Logitech Inc.) - c:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
[07/22/2008 08:42 PM | 00,116,040 | ---- | M] (Apple Inc.) - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
[07/29/2008 08:20 PM | 00,206,088 | ---- | M] (Kaspersky Lab) - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
[07/24/2007 03:17 PM | 00,229,376 | ---- | M] (Apple Inc.) - C:\Program Files\Bonjour\mDNSResponder.exe
[08/26/2008 06:06 PM | 00,147,456 | ---- | M] (Sun Microsystems, Inc.) - C:\Program Files\Java\jre6\bin\jqs.exe
[03/24/2008 07:52 PM | 00,155,716 | ---- | M] (NVIDIA Corporation) - C:\WINDOWS\system32\nvsvc32.exe
[01/04/2007 05:38 PM | 00,024,652 | ---- | M] (Viewpoint Corporation) - C:\Program Files\Viewpoint\Common\ViewpointService.exe
[02/06/2004 10:56 PM | 00,041,025 | ---- | M] (GEMTEKS) - C:\Program Files\Linksys Wireless AG USB Wireless Network Monitor\WLService.exe
[09/17/2004 11:07 AM | 02,563,072 | ---- | M] (Cisco Linksys Corporation) - C:\Program Files\Linksys Wireless AG USB Wireless Network Monitor\WUSB54AG.exe
[12/06/2002 05:07 PM | 00,617,984 | ---- | M] () - C:\Program Files\ASUS\Asus Probe\AsusProb.exe
[11/15/2004 06:20 AM | 00,077,824 | ---- | M] (Realtek Semiconductor Corp.) - C:\WINDOWS\SOUNDMAN.EXE
[02/05/2005 09:36 PM | 00,360,448 | ---- | M] () - C:\Program Files\Browser MOUSE\mouse32a.exe
[02/05/2005 09:35 PM | 00,375,296 | ---- | M] () - C:\Program Files\Muiltmedia keyboard utility\1.3\KBDAP32A.EXE
[08/26/2008 06:06 PM | 00,144,792 | ---- | M] (Sun Microsystems, Inc.) - C:\Program Files\Java\jre6\bin\jusched.exe
[07/30/2008 10:47 AM | 00,289,064 | ---- | M] (Apple Inc.) - C:\Program Files\iTunes\iTunesHelper.exe
[06/14/2004 04:16 PM | 00,045,056 | ---- | M] () - C:\Program Files\Linksys Wireless AG USB Wireless Network Monitor\InfoMyCa.exe
[02/08/2007 01:12 AM | 00,488,984 | ---- | M] (Logitech Inc.) - C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
[02/08/2007 01:13 AM | 00,774,168 | ---- | M] () - C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
[07/29/2008 08:20 PM | 00,206,088 | ---- | M] (Kaspersky Lab) - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
[06/12/2008 02:38 AM | 00,034,672 | ---- | M] (Adobe Systems Incorporated) - C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
[03/25/2008 04:21 PM | 00,050,528 | ---- | M] (AOL LLC) - C:\Program Files\AIM6\aim6.exe
[05/17/2008 11:51 PM | 00,289,088 | ---- | M] (BitTorrent, Inc.) - C:\Program Files\DNA\btdna.exe
[02/06/2007 05:43 PM | 00,252,704 | ---- | M] (Logitech Inc.) - C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
[07/30/2008 10:47 AM | 00,532,264 | ---- | M] (Apple Inc.) - C:\Program Files\iPod\bin\iPodService.exe
[05/25/2007 01:16 PM | 00,042,032 | ---- | M] (AOL LLC) - C:\Program Files\AIM6\aolsoftware.exe
[02/08/2007 01:12 AM | 00,230,936 | ---- | M] (Logitech Inc.) - C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
[08/26/2008 06:31 PM | 01,299,968 | ---- | M] (OldTimer Tools) - C:\Documents and Settings\Robb\Desktop\OTViewIt.exe

===== Win32 Services - Non-Microsoft Only =====

(Apple Mobile Device) Apple Mobile Device [Auto | Running]
[07/22/2008 08:42 PM | 00,116,040 | ---- | M] (Apple Inc.) - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

(AVP) Kaspersky Anti-Virus [Auto | Running]
[07/29/2008 08:20 PM | 00,206,088 | ---- | M] (Kaspersky Lab) - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe

(Bonjour Service) Bonjour Service [Auto | Running]
[07/24/2007 03:17 PM | 00,229,376 | ---- | M] (Apple Inc.) - C:\Program Files\Bonjour\mDNSResponder.exe

(CLTNetCnService) Symantec Lic NetConnect service [Auto | Stopped]
File not found - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

(dlbu_device) dlbu_device [On_Demand | Stopped]
[10/25/2004 05:13 PM | 00,421,888 | ---- | M] (Dell) - C:\WINDOWS\system32\dlbucoms.exe

(dmadmin) Logical Disk Manager Administrative Service [On_Demand | Stopped]
[08/04/2004 08:00 AM | 00,224,768 | ---- | M] (Microsoft Corp., Veritas Software) - C:\WINDOWS\system32\dmadmin.exe

(IDriverT) InstallDriver Table Manager [On_Demand | Stopped]
[04/04/2005 12:41 AM | 00,069,632 | ---- | M] (Macrovision Corporation) - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

(iPod Service) iPod Service [On_Demand | Running]
[07/30/2008 10:47 AM | 00,532,264 | ---- | M] (Apple Inc.) - C:\Program Files\iPod\bin\iPodService.exe

(JavaQuickStarterService) Java Quick Starter [Auto | Running]
[08/26/2008 06:06 PM | 00,147,456 | ---- | M] (Sun Microsystems, Inc.) - C:\Program Files\Java\jre6\bin\jqs.exe

(LVPrcSrv) Process Monitor [Auto | Running]
[02/06/2007 05:45 PM | 00,109,344 | ---- | M] (Logitech Inc.) - c:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

(LVSrvLauncher) LVSrvLauncher [Auto | Stopped]
[02/06/2007 05:47 PM | 00,105,248 | ---- | M] (Logitech Inc.) - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe

(NVSvc) NVIDIA Display Driver Service [Auto | Running]
[03/24/2008 07:52 PM | 00,155,716 | ---- | M] (NVIDIA Corporation) - C:\WINDOWS\system32\nvsvc32.exe

(Viewpoint Manager Service) Viewpoint Manager Service [Auto | Running]
[01/04/2007 05:38 PM | 00,024,652 | ---- | M] (Viewpoint Corporation) - C:\Program Files\Viewpoint\Common\ViewpointService.exe

(WUSB54AG) WUSB54AG [Auto | Running]
[02/06/2004 10:56 PM | 00,041,025 | ---- | M] (GEMTEKS) - C:\Program Files\Linksys Wireless AG USB Wireless Network Monitor\WLService.exe

===== Driver Services - Non-Microsoft Only =====

(ALCXWDM) Service for Realtek AC97 Audio (WDM) [On_Demand | Running]
[11/17/2004 07:05 AM | 02,297,664 | ---- | M] (Realtek Semiconductor Corp.) - C:\WINDOWS\system32\drivers\ALCXWDM.SYS

(AmdK8) AMD Processor Driver [System | Running]
[03/09/2005 04:53 PM | 00,036,352 | ---- | M] (Advanced Micro Devices) - C:\WINDOWS\system32\drivers\AmdK8.sys

(ASInsHelp) ASInsHelp [Auto | Running]
[03/10/2004 03:31 PM | 00,003,328 | ---- | M] () - C:\WINDOWS\system32\drivers\AsInsHelp32.sys

(AsIO) AsIO [System | Running]
[10/14/2004 05:52 AM | 00,004,962 | R--- | M] () - C:\WINDOWS\system32\drivers\AsIO.sys

(aslm75) aslm75 [System | Running]
[04/22/1997 11:16 AM | 00,006,272 | ---- | M] () - C:\WINDOWS\system32\drivers\ASLM75.SYS

(dmboot) dmboot [Disabled | Stopped]
[08/04/2004 08:00 AM | 00,799,744 | ---- | M] (Microsoft Corp., Veritas Software) - C:\WINDOWS\system32\drivers\dmboot.sys

(dmio) dmio [Disabled | Stopped]
[08/04/2004 08:00 AM | 00,153,344 | ---- | M] (Microsoft Corp., Veritas Software) - C:\WINDOWS\system32\drivers\dmio.sys

(dmload) dmload [Disabled | Stopped]
[08/04/2004 08:00 AM | 00,005,888 | ---- | M] (Microsoft Corp., Veritas Software.) - C:\WINDOWS\system32\drivers\dmload.sys

(FilterService) UVC Filter Service [On_Demand | Running]
[02/03/2007 02:32 PM | 00,022,560 | R--- | M] (Logitech Inc.) - C:\WINDOWS\system32\drivers\lvuvcflt.sys

(GEARAspiWDM) GEARAspiWDM [On_Demand | Running]
[01/29/2008 12:01 PM | 00,016,168 | ---- | M] (GEAR Software Inc.) - C:\WINDOWS\system32\drivers\GEARAspiWDM.sys

(hamachi) Hamachi Network Interface [On_Demand | Running]
[09/24/2006 07:54 PM | 00,010,345 | ---- | M] (Applied Networking Inc.) - C:\WINDOWS\system32\drivers\hamachi.sys

(kl1) kl1 [Boot | Running]
[07/21/2008 06:34 PM | 00,121,872 | ---- | M] (Kaspersky Lab) - C:\WINDOWS\system32\drivers\kl1.sys

(klbg) Kaspersky Lab Boot Guard Driver [Boot | Running]
[01/29/2008 06:29 PM | 00,032,784 | ---- | M] (Kaspersky Lab) - C:\WINDOWS\system32\drivers\klbg.sys

(KLIF) Kaspersky Lab Driver [System | Running]
[08/22/2008 05:48 PM | 00,213,008 | ---- | M] (Kaspersky Lab) - C:\WINDOWS\system32\drivers\klif.sys

(klim5) Kaspersky Anti-Virus NDIS Filter [On_Demand | Running]
[04/30/2008 06:06 PM | 00,024,592 | ---- | M] (Kaspersky Lab) - C:\WINDOWS\system32\drivers\klim5.sys

(LVcKap) Logitech AEC Driver [On_Demand | Running]
[02/06/2007 05:42 PM | 01,691,808 | ---- | M] () - C:\WINDOWS\system32\drivers\Lvckap.sys

(LVMVDrv) Logitech Machine Vision Engine Loader [On_Demand | Running]
[02/06/2007 05:44 PM | 01,964,064 | ---- | M] (Logitech Inc.) - C:\WINDOWS\system32\drivers\LVMVdrv.sys

(lvpopflt) Logitech POP Suppression Filter [On_Demand | Running]
[02/03/2007 02:30 PM | 01,507,232 | R--- | M] (Logitech Inc.) - C:\WINDOWS\system32\drivers\lvpopflt.sys

(LVPr2Mon) Logitech LVPr2Mon Driver [On_Demand | Running]
[02/06/2007 05:45 PM | 00,025,632 | ---- | M] () - C:\WINDOWS\system32\drivers\LVPr2Mon.sys

(LVUSBSta) Logitech USB Monitor Filter [On_Demand | Running]
[02/03/2007 02:32 PM | 00,041,504 | R--- | M] (Logitech Inc.) - C:\WINDOWS\system32\drivers\LVUSBSta.sys

(LVUVC) QuickCam for Notebooks Deluxe(UVC) [On_Demand | Running]
[02/03/2007 02:32 PM | 01,939,360 | R--- | M] (Logitech Inc.) - C:\WINDOWS\system32\drivers\lvuvc.sys

(MDC8021X) AEGIS Protocol (IEEE 802.1x) v2.3.1.9 [Auto | Running]
[07/09/2006 10:46 AM | 00,015,781 | ---- | M] (Meetinghouse Data Communications) - C:\WINDOWS\system32\drivers\mdc8021x.sys

(mgau) mgau [On_Demand | Stopped]
[08/17/2001 08:50 AM | 00,320,384 | ---- | M] (Matrox Graphics Inc.) - C:\WINDOWS\system32\drivers\mgaum.sys

(motmodem) Motorola USB CDC ACM Driver [On_Demand | Stopped]
[05/04/2007 04:54 PM | 00,022,528 | ---- | M] (Motorola) - C:\WINDOWS\system32\drivers\motmodem.sys

(MTsensor) ATK0110 ACPI UTILITY [On_Demand | Running]
[08/12/2004 10:56 PM | 00,005,810 | R--- | M] () - C:\WINDOWS\system32\drivers\ASACPI.sys

(NPPTNT2) NPPTNT2 [System | Running]
[01/04/2005 02:43 PM | 00,004,682 | ---- | M] (INCA Internet Co., Ltd.) - C:\WINDOWS\system32\npptNT2.sys

(nv) nv [On_Demand | Running]
[03/24/2008 07:52 PM | 06,547,872 | ---- | M] (NVIDIA Corporation) - C:\WINDOWS\system32\drivers\nv4_mini.sys

(nvata) nvata [Boot | Running]
[05/17/2005 05:45 AM | 00,092,800 | R--- | M] (NVIDIA Corporation) - C:\WINDOWS\system32\drivers\nvata.sys

(PciCon) PciCon [On_Demand | Stopped]
File not found - D:\PciCon.sys

(PRISM_A02) Linksys Wireless A/G USB Network Adapter Service [On_Demand | Running]
[10/13/2004 03:37 AM | 00,379,456 | R--- | M] (Conexant Systems, Inc.) - C:\WINDOWS\system32\drivers\WUSB54AG.sys

(Ptilink) Direct Parallel Link Driver [On_Demand | Running]
[08/04/2004 08:00 AM | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) - C:\WINDOWS\system32\drivers\ptilink.sys

(Secdrv) Secdrv [Auto | Running]
[11/13/2007 06:25 AM | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) - C:\WINDOWS\system32\drivers\secdrv.sys

(zntport) NTPort Library Driver [Auto | Stopped]
File not found - C:\WINDOWS\system32\zntport.sys

(GTNDIS5) GTNDIS5 NDIS Protocol Driver [On_Demand | Running]
[09/25/2003 11:15 PM | 00,015,872 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) - C:\WINDOWS\system32\GTNDIS5.sys

===== Run Keys =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher" = "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [06/12/2008 02:38 AM | 00,034,672 | ---- | M] (Adobe Systems Incorporated)
"AppleSyncNotifier" = C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [07/22/2008 08:42 PM | 00,116,040 | ---- | M] (Apple Inc.)
"ASUS Probe" = C:\Program Files\ASUS\Asus Probe\AsusProb.exe [12/06/2002 05:07 PM | 00,617,984 | ---- | M] ()
"AVP" = "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [07/29/2008 08:20 PM | 00,206,088 | ---- | M] (Kaspersky Lab)
"FLMK08KB" = C:\Program Files\Muiltmedia keyboard utility\1.3\MMKEYBD.EXE [02/05/2005 09:35 PM | 00,207,360 | ---- | M] ()
"FLMOFFICE4DMOUSE" = C:\Program Files\Browser MOUSE\mouse32a.exe [02/05/2005 09:36 PM | 00,360,448 | ---- | M] ()
"IPHSend" = C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe [02/17/2006 12:59 PM | 00,124,520 | ---- | M] (America Online, Inc.)
"iTunesHelper" = "C:\Program Files\iTunes\iTunesHelper.exe" [07/30/2008 10:47 AM | 00,289,064 | ---- | M] (Apple Inc.)
"LogitechCommunicationsManager" = "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [02/08/2007 01:12 AM | 00,488,984 | ---- | M] (Logitech Inc.)
"LogitechQuickCamRibbon" = "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide [02/08/2007 01:13 AM | 00,774,168 | ---- | M] ()
"MyCA" = C:\Program Files\Linksys Wireless AG USB Wireless Network Monitor\InvokeSvc3.exe [04/19/2004 09:19 AM | 00,024,576 | ---- | M] ()
"NvCplDaemon" = RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup [03/24/2008 07:52 PM | 13,524,992 | ---- | M] (NVIDIA Corporation)
"NvMediaCenter" = RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit [03/24/2008 07:52 PM | 00,086,016 | ---- | M] (NVIDIA Corporation)
"nwiz" = nwiz.exe /install [03/24/2008 07:52 PM | 01,626,112 | ---- | M] ()
"QuickTime Task" = "C:\Program Files\QuickTime\QTTask.exe" -atboottime [05/27/2008 10:50 AM | 00,413,696 | ---- | M] (Apple Inc.)
"SoundMan" = SOUNDMAN.EXE [11/15/2004 06:20 AM | 00,077,824 | ---- | M] (Realtek Semiconductor Corp.)
"SunJavaUpdateSched" = "C:\Program Files\Java\jre6\bin\jusched.exe" [08/26/2008 06:06 PM | 00,144,792 | ---- | M] (Sun Microsystems, Inc.)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" = Reg Error: Value load does not exist or could not be read.
"run" = Reg Error: Value run does not exist or could not be read.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6" = "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp [03/25/2008 04:21 PM | 00,050,528 | ---- | M] (AOL LLC)
"BitTorrent DNA" = "C:\Program Files\DNA\btdna.exe" [05/17/2008 11:51 PM | 00,289,088 | ---- | M] (BitTorrent, Inc.)
"Miro" = C:\Program Files\Participatory Culture Foundation\Miro\Miro.exe File not found
"MsnMsgr" = "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" =
"run" = Reg Error: Value run does not exist or could not be read.

===== Startup Folders =====

[All Users Startup Folder - C:\Documents and Settings\All Users\Start Menu\Programs\Startup]

[Robb Startup Folder - C:\Documents and Settings\Robb\Start Menu\Programs\Startup]

===== BHO's =====

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
HKLM CLSID: (Adobe PDF Reader Link Helper) - [06/11/2008 10:33 PM | 00,061,816 | ---- | M] (Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
HKLM CLSID: (Adobe PDF Link Helper) - [06/11/2008 10:33 PM | 00,075,128 | ---- | M] (Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
HKLM CLSID: (IEVkbdBHO Class) - [07/29/2008 08:21 PM | 00,062,728 | ---- | M] (Kaspersky Lab) C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
HKLM CLSID: (Java™ Plug-In SSV Helper) - [08/26/2008 06:06 PM | 00,320,920 | ---- | M] (Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\ssv.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
HKLM CLSID: (Java™ Plug-In 2 SSV Helper) - [08/26/2008 06:06 PM | 00,034,816 | ---- | M] (Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jp2ssv.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
HKLM CLSID: (JQSIEStartDetectorImpl Class) - [08/26/2008 06:06 PM | 00,073,728 | ---- | M] (Sun Microsystems, Inc.) C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

===== Toolbars =====

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]

"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}"
HKLM CLSID: (Reg Error: Key does not exist or could not be opened.) - File not found Reg Error: Key does not exist or could not be opened.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}"
HKLM CLSID: (Reg Error: Key does not exist or could not be opened.) - File not found Reg Error: Key does not exist or could not be opened.

"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"
HKLM CLSID: (&Google) - File not found C:\RECYCLER\S-1-5-21-1715567821-823518204-725345543-1004\Dc124\GoogleToolbar2.dll

"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}"
HKLM CLSID: (Reg Error: Key does not exist or could not be opened.) - File not found Reg Error: Key does not exist or could not be opened.

"{C4069E3A-68F1-403E-B40E-20066696354B}"
HKLM CLSID: (Reg Error: Key does not exist or could not be opened.) - File not found Reg Error: Key does not exist or could not be opened.

"{DB87BFA2-A2E3-451E-8E5A-C89982D87CBF}"
HKLM CLSID: (Reg Error: Key does not exist or could not be opened.) - File not found Reg Error: Key does not exist or could not be opened.

"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"
HKLM CLSID: (&Yahoo! Toolbar) - File not found Reg Error: Key does not exist or could not be opened.

===== Policies =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername" = 0
"legalnoticecaption" =
"legalnoticetext" =
"shutdownwithoutlogon" = 1
"undockwithoutlogon" = 1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun" = 145
"NoDrives" = 0
"NoViewOnDrive" = 0

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]

===== Desktop Components =====

===== Shared Task Scheduler =====

===== AppInit_Dlls =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls]
"C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll" - [07/29/2008 08:22 PM | 00,079,112 | ---- | M] (Kaspersky Lab) C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\mzvkbd.dll
"C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll" - [07/29/2008 08:22 PM | 00,079,112 | ---- | M] (Kaspersky Lab) C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\mzvkbd3.dll

===== Lsa Authentication Packages =====

===== Lsa Security Packages =====

===== Authorized Applications List =====

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe [08/04/2004 08:00 AM | 00,140,800 | ---- | M] (Microsoft Corporation)
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe File not found
"C:\Program Files\MSN Messenger\msncall.exe" = C:\Program Files\MSN Messenger\msncall.exe File not found
"%windir%\Network Diagnostic\xpnetdiag.exe" = C:\WINDOWS\network diagnostic\xpnetdiag.exe [10/10/2006 08:44 AM | 00,557,568 | ---- | M] (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe [08/04/2004 08:00 AM | 00,140,800 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe [11/03/2006 03:17 AM | 00,010,800 | ---- | M] (AOL LLC)
"C:\Program Files\Common Files\AOL\1140277105\ee\aolsoftware.exe" = C:\Program Files\Common Files\AOL\1140277105\ee\aolsoftware.exe [04/20/2006 01:10 PM | 00,050,792 | ---- | M] (America Online, Inc.)
"C:\Program Files\Common Files\AOL\1140277105\ee\aim6.exe" = C:\Program Files\Common Files\AOL\1140277105\ee\aim6.exe [05/19/2006 01:44 PM | 00,050,768 | ---- | M] (America Online, Inc.)
"C:\Westwood\RA2\game.exe" = C:\Westwood\RA2\game.exe File not found
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe File not found
"C:\Program Files\MSN Messenger\msncall.exe" = C:\Program Files\MSN Messenger\msncall.exe File not found
"%windir%\Network Diagnostic\xpnetdiag.exe" = C:\WINDOWS\network diagnostic\xpnetdiag.exe [10/10/2006 08:44 AM | 00,557,568 | ---- | M] (Microsoft Corporation)
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe File not found
"C:\Program Files\DNA\btdna.exe" = C:\Program Files\DNA\btdna.exe [05/17/2008 11:51 PM | 00,289,088 | ---- | M] (BitTorrent, Inc.)
"C:\Program Files\Participatory Culture Foundation\Miro\Miro_Downloader.exe" = C:\Program Files\Participatory Culture Foundation\Miro\Miro_Downloader.exe File not found
"C:\Program Files\World of Warcraft\BackgroundDownloader.exe" = C:\Program Files\World of Warcraft\BackgroundDownloader.exe [07/16/2008 05:44 PM | 01,069,712 | ---- | M] (Blizzard Entertainment)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe File not found
"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe [03/25/2008 04:21 PM | 00,050,528 | ---- | M] (AOL LLC)
"C:\StubInstaller.exe" = C:\StubInstaller.exe File not found
"C:\WINDOWS\system32\ftp.exe" = C:\WINDOWS\system32\ftp.exe [08/04/2004 08:00 AM | 00,042,496 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe [07/24/2007 03:17 PM | 00,229,376 | ---- | M] (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe [07/30/2008 10:47 AM | 20,252,968 | ---- | M] (Apple Inc.)

===== HKLM Winlogon Settings =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell]
"Explorer.exe" - [06/13/2007 06:23 AM | 01,033,216 | ---- | M] (Microsoft Corporation) C:\WINDOWS\explorer.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit]
"C:\WINDOWS\system32\userinit.exe" - [08/04/2004 08:00 AM | 00,024,576 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\userinit.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost]
"logonui.exe" - [08/04/2004 08:00 AM | 00,514,560 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\logonui.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet]
"rundll32 shell32" - [10/25/2007 11:34 PM | 08,460,288 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
"Control_RunDLL "sysdm.cpl"" - [08/04/2004 08:00 AM | 00,298,496 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\sysdm.cpl

===== User's Winlogon Settings =====

===== Winlogon Notify Settings =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
"DllName" = C:\WINDOWS\system32\klogon.dll [07/29/2008 08:21 PM | 00,218,376 | ---- | M] (Kaspersky Lab)

===== Safeboot Options =====

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot]
"AlternateShell" = cmd.exe

===== Disabled MsConfig Items =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state]

===== DNS Name Servers =====

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{1EC92998-AF80-4847-96A9-7DB42957C33B}]
Servers: | Description: Wireless A/G USB Network Adapter

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{38009AF0-761A-4DAF-A7DD-4D8A46A92EF5}]
Servers: | Description:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{543E562E-90B9-4957-A9F9-B52B09087B94}]
Servers: | Description:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{712438DE-F504-4018-A13E-EDC94EA4DAE0}]
Servers: | Description: Wireless A/G USB Network Adapter

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{AC5EB3E2-BE7F-49F1-8E7B-E21A86EAFBB6}]
Servers: | Description: Wireless A/G USB Network Adapter

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{D828029D-C935-4554-B58B-4A047BEE6CE7}]
Servers: | Description: 1394 Net Adapter

===== CDRom AutoRun Settings =====

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

===== Autorun Files on Drives =====

AUTOEXEC.BAT []
[02/05/2005 08:41 PM | 00,000,000 | ---- | M] () C:\AUTOEXEC.BAT [ NTFS ]

===== MountPoints2 =====

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1ab52e7e-d75f-11dc-aeb7-e852d2f94ee1}\Shell]
"" = Shell01

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1ab52e7e-d75f-11dc-aeb7-e852d2f94ee1}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [10/25/2007 11:34 PM | 08,460,288 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1ab52e7e-d75f-11dc-aeb7-e852d2f94ee1}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1ab52e7e-d75f-11dc-aeb7-e852d2f94ee1}\Shell\AutoRun]
"Extended" =

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1ab52e7e-d75f-11dc-aeb7-e852d2f94ee1}\Shell\AutoRun\command]
"" = E:\Autorun.exe File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1ab52e7e-d75f-11dc-aeb7-e852d2f94ee1}\Shell\Shell00]
"" = Start Ceedo

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1ab52e7e-d75f-11dc-aeb7-e852d2f94ee1}\Shell\Shell00\Command]
"" = E:\Autorun.exe File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1ab52e7e-d75f-11dc-aeb7-e852d2f94ee1}\Shell\Shell01]
"" = Open Ceedo Action Window

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1ab52e7e-d75f-11dc-aeb7-e852d2f94ee1}\Shell\Shell01\Command]
"" = E:\Autorun.exe File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1ab52e7e-d75f-11dc-aeb7-e852d2f94ee1}\Shell\Shell02]
"" = Uninstall Ceedo

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1ab52e7e-d75f-11dc-aeb7-e852d2f94ee1}\Shell\Shell02\Command]
"" = E:\Autorun.exe File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{250561d5-d21e-11da-abd0-00121795629c}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{250561d5-d21e-11da-abd0-00121795629c}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [10/25/2007 11:34 PM | 08,460,288 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{250561d5-d21e-11da-abd0-00121795629c}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3f887863-2eff-11dc-ad7c-00121795629c}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3f887863-2eff-11dc-ad7c-00121795629c}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [10/25/2007 11:34 PM | 08,460,288 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3f887863-2eff-11dc-ad7c-00121795629c}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3fb9318f-d4d8-11db-ad48-00121795629c}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3fb9318f-d4d8-11db-ad48-00121795629c}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [10/25/2007 11:34 PM | 08,460,288 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3fb9318f-d4d8-11db-ad48-00121795629c}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a2ae3675-d6fb-11da-abd9-00121795629c}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a2ae3675-d6fb-11da-abd9-00121795629c}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [10/25/2007 11:34 PM | 08,460,288 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a2ae3675-d6fb-11da-abd9-00121795629c}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f0716041-3351-11dd-af45-00121795629c}\Shell]
"" = Open

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f0716041-3351-11dd-af45-00121795629c}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [10/25/2007 11:34 PM | 08,460,288 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f0716041-3351-11dd-af45-00121795629c}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f0716041-3351-11dd-af45-00121795629c}\Shell\AutoRun]
"Extended" =

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f0716041-3351-11dd-af45-00121795629c}\Shell\AutoRun\command]
"" = setupSNK.exe

===== Hosts File =====

HOSTS File = (909 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost



[Files/Folders - Created Within 30 days]
[08/26/2008 06:15 PM | -HSD | C] - C:\Config.Msi
[08/26/2008 06:17 PM | ---D | C] - C:\_OTMoveIt
[02/03/2007 02:30 PM | 01,507,232 | R--- | C] (Logitech Inc.) - C:\WINDOWS\System32\drivers\lvpopflt.sys
[02/03/2007 02:32 PM | 00,022,560 | R--- | C] (Logitech Inc.) - C:\WINDOWS\System32\drivers\lvuvcflt.sys
[02/03/2007 02:32 PM | 00,041,504 | R--- | C] (Logitech Inc.) - C:\WINDOWS\System32\drivers\LVUSBSta.sys
[02/03/2007 02:32 PM | 01,939,360 | R--- | C] (Logitech Inc.) - C:\WINDOWS\System32\drivers\lvuvc.sys
[07/29/2008 08:20 PM | 00,024,774 | ---- | C] () - C:\WINDOWS\System32\drivers\klopp.dat
[08/22/2008 05:48 PM | 00,087,855 | ---- | C] () - C:\WINDOWS\System32\drivers\klick.dat
[08/22/2008 05:48 PM | 00,213,008 | ---- | C] (Kaspersky Lab) - C:\WINDOWS\System32\drivers\klif.sys
[08/22/2008 05:59 PM | 00,096,976 | ---- | C] () - C:\WINDOWS\System32\drivers\klin.dat
[08/26/2008 06:17 PM | 00,015,836 | -HS- | C] () - C:\WINDOWS\System32\drivers\fidbox.idx
[08/26/2008 06:17 PM | 01,888,800 | -HS- | C] () - C:\WINDOWS\System32\drivers\fidbox.dat
[08/26/2008 06:18 PM | 00,000,000 | ---- | C] () - C:\WINDOWS\System32\drivers\lvuvc.hs
[08/26/2008 06:31 PM | 00,002,284 | -HS- | C] () - C:\WINDOWS\System32\drivers\fidbox2.idx
[08/26/2008 06:31 PM | 00,352,288 | -HS- | C] () - C:\WINDOWS\System32\drivers\fidbox2.dat
[7 C:\WINDOWS\System32\*.tmp files]
[02/03/2007 01:01 PM | 00,013,398 | R--- | C] () - C:\WINDOWS\System32\Repository.reg
[02/03/2007 02:29 PM | 00,129,824 | R--- | C] (Logitech Inc.) - C:\WINDOWS\System32\lvci1051.dll
[02/03/2007 02:29 PM | 00,264,992 | R--- | C] (Logitech Inc.) - C:\WINDOWS\System32\lvcodec2.dll
[02/03/2007 02:32 PM | 00,215,840 | R--- | C] (Logitech Inc.) - C:\WINDOWS\System32\LVUI2.dll
[02/03/2007 02:32 PM | 00,527,136 | R--- | C] (Logitech Inc.) - C:\WINDOWS\System32\LVUI2RC.dll
[02/03/2007 12:59 PM | 00,050,127 | R--- | C] () - C:\WINDOWS\System32\lvcoinst.ini
[07/29/2008 08:21 PM | 00,218,376 | ---- | C] (Kaspersky Lab) - C:\WINDOWS\System32\klogon.dll
[08/26/2008 03:52 PM | ---D | C] - C:\WINDOWS\System32\CatRoot_bak
[08/26/2008 06:06 PM | 00,139,264 | ---- | C] (Sun Microsystems, Inc.) - C:\WINDOWS\System32\java.exe
[08/26/2008 06:06 PM | 00,139,264 | ---- | C] (Sun Microsystems, Inc.) - C:\WINDOWS\System32\javaw.exe
[08/26/2008 06:06 PM | 00,143,360 | ---- | C] (Sun Microsystems, Inc.) - C:\WINDOWS\System32\javaws.exe
[08/26/2008 06:06 PM | 00,410,976 | ---- | C] (Sun Microsystems, Inc.) - C:\WINDOWS\System32\deploytk.dll
[5 C:\WINDOWS\*.tmp files]
[08/21/2008 01:39 AM | ---D | C] - C:\WINDOWS\ERDNT
[08/20/2008 11:03 PM | ---D | C] - C:\Documents and Settings\All Users\Application Data\Logishrd
[08/20/2008 11:03 PM | ---D | C] - C:\Documents and Settings\All Users\Application Data\Logitech
[08/22/2008 04:47 PM | ---D | C] - C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
[08/22/2008 05:10 PM | ---D | C] - C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[08/26/2008 06:13 PM | ---D | C] - C:\Documents and Settings\All Users\Application Data\Adobe
[08/26/2008 06:29 PM | ---D | C] - C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
[08/20/2008 05:43 PM | ---D | C] - C:\Documents and Settings\Robb\Application Data\Help
[08/20/2008 12:36 AM | ---D | C] - C:\Documents and Settings\Robb\Application Data\Viewpoint
[08/20/2008 05:43 PM | ---D | C] - C:\Documents and Settings\Robb\Local Settings\Application Data\Help
[08/06/2008 10:24 PM | 00,001,604 | ---- | C] () - C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[08/08/2008 02:54 PM | 00,002,137 | ---- | C] () - C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[08/20/2008 11:03 PM | 00,001,801 | ---- | C] () - C:\Documents and Settings\All Users\Desktop\Logitech QuickCam.lnk
[08/26/2008 06:13 PM | 00,001,729 | ---- | C] () - C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[08/26/2008 06:15 PM | 00,000,734 | ---- | C] () - C:\Documents and Settings\All Users\Desktop\Acrobat.com.lnk
[08/05/2008 12:23 AM | 00,023,382 | ---- | C] () - C:\Documents and Settings\Robb\Desktop\041808_1734.jpg
[08/06/2008 10:18 PM | 63,530,280 | ---- | C] (Apple Inc.) - C:\Documents and Settings\Robb\Desktop\iTunesSetup.exe
[08/21/2008 01:34 AM | 00,050,688 | ---- | C] (Atribune.org) - C:\Documents and Settings\Robb\Desktop\ATF_Cleaner.exe
[08/21/2008 02:03 AM | 00,001,734 | ---- | C] () - C:\Documents and Settings\Robb\Desktop\HijackThis.lnk
[08/21/2008 05:09 PM | 00,005,566 | ---- | C] () - C:\Documents and Settings\Robb\Desktop\Kaspersky Online Scan.html
[08/22/2008 04:46 PM | 33,138,928 | ---- | C] (Kaspersky Lab) - C:\Documents and Settings\Robb\Desktop\kav8.0.0.454en.exe
[08/26/2008 06:01 PM | 00,291,840 | ---- | C] (OldTimer Tools) - C:\Documents and Settings\Robb\Desktop\OTMoveIt2.exe
[08/26/2008 06:11 PM | 35,124,856 | ---- | C] ( ) - C:\Documents and Settings\Robb\Desktop\AdbeRdr90_en_US.exe
[08/26/2008 06:31 PM | 01,299,968 | ---- | C] (OldTimer Tools) - C:\Documents and Settings\Robb\Desktop\OTViewIt.exe
[08/20/2008 11:09 PM | ---D | C] - C:\Program Files\Common Files\LogiShrd
[08/26/2008 06:13 PM | ---D | C] - C:\Program Files\Common Files\Adobe
[08/26/2008 06:14 PM | ---D | C] - C:\Program Files\Common Files\Adobe AIR
[08/04/2008 02:17 PM | ---D | C] - C:\Program Files\Sun
[08/06/2008 10:24 PM | ---D | C] - C:\Program Files\Bonjour
[08/06/2008 10:42 PM | ---D | C] - C:\Program Files\MSECACHE
[08/06/2008 10:42 PM | ---D | C] - C:\Program Files\Windows Installer Clean Up
[08/07/2008 12:52 AM | ---D | C] - C:\Program Files\Apple Software Update
[08/20/2008 11:03 PM | ---D | C] - C:\Program Files\Logitech
[08/21/2008 02:03 AM | ---D | C] - C:\Program Files\Trend Micro
[08/22/2008 05:10 PM | ---D | C] - C:\Program Files\Spybot - Search & Destroy
[08/22/2008 05:48 PM | ---D | C] - C:\Program Files\Kaspersky Lab

[Files/Folders - Modified Within 30 days]
[08/22/2008 02:17 PM | ---D | M] - C:\N360_BACKUP
[08/22/2008 06:42 PM | ---D | M] - C:\temp
[08/22/2008 07:17 PM | -HSD | M] - C:\System Volume Information
[08/23/2008 11:29 AM | R--D | M] - C:\Program Files
[08/26/2008 06:17 PM | ---D | M] - C:\_OTMoveIt
[08/26/2008 06:18 PM | 10,732,70784 | -HS- | M] () - C:\hiberfil.sys
[08/26/2008 06:18 PM | -HSD | M] - C:\Config.Msi
[08/26/2008 06:28 PM | ---D | M] - C:\WINDOWS
[08/22/2008 01:49 PM | 00,260,784 | RH-- | M] () - C:\WINDOWS\System32\drivers\etc\Hosts.bak
[08/22/2008 02:41 PM | 00,000,909 | ---- | M] () - C:\WINDOWS\System32\drivers\etc\Hosts
[07/29/2008 08:20 PM | 00,024,774 | ---- | M] () - C:\WINDOWS\System32\drivers\klopp.dat
[08/22/2008 02:02 PM | ---D | M] - C:\WINDOWS\System32\drivers\etc
[08/22/2008 05:48 PM | 00,087,855 | ---- | M] () - C:\WINDOWS\System32\drivers\klick.dat
[08/22/2008 05:48 PM | 00,213,008 | ---- | M] (Kaspersky Lab) - C:\WINDOWS\System32\drivers\klif.sys
[08/22/2008 05:59 PM | 00,096,976 | ---- | M] () - C:\WINDOWS\System32\drivers\klin.dat
[08/26/2008 06:17 PM | 00,015,836 | -HS- | M] () - C:\WINDOWS\System32\drivers\fidbox.idx
[08/26/2008 06:17 PM | 01,888,800 | -HS- | M] () - C:\WINDOWS\System32\drivers\fidbox.dat
[08/26/2008 06:18 PM | 00,000,000 | ---- | M] () - C:\WINDOWS\System32\drivers\lvuvc.hs
[08/26/2008 06:31 PM | 00,002,284 | -HS- | M] () - C:\WINDOWS\System32\drivers\fidbox2.idx
[08/26/2008 06:31 PM | 00,352,288 | -HS- | M] () - C:\WINDOWS\System32\drivers\fidbox2.dat
[7 C:\WINDOWS\System32\*.tmp files]
[07/29/2008 08:21 PM | 00,218,376 | ---- | M] (Kaspersky Lab) - C:\WINDOWS\System32\klogon.dll
[08/06/2008 10:22 PM | ---D | M] - C:\WINDOWS\System32\DRVSTORE
[08/22/2008 02:41 PM | 00,004,178 | ---- | M] () - C:\WINDOWS\System32\tmp.reg
[08/22/2008 05:59 PM | ---D | M] - C:\WINDOWS\System32\drivers
[08/22/2008 07:17 PM | ---D | M] - C:\WINDOWS\System32\Restore
[08/26/2008 03:52 PM | ---D | M] - C:\WINDOWS\System32\CatRoot_bak
[08/26/2008 06:06 PM | 00,073,728 | ---- | M] (Sun Microsystems, Inc.) - C:\WINDOWS\System32\javacpl.cpl
[08/26/2008 06:06 PM | 00,139,264 | ---- | M] (Sun Microsystems, Inc.) - C:\WINDOWS\System32\java.exe
[08/26/2008 06:06 PM | 00,139,264 | ---- | M] (Sun Microsystems, Inc.) - C:\WINDOWS\System32\javaw.exe
[08/26/2008 06:06 PM | 00,143,360 | ---- | M] (Sun Microsystems, Inc.) - C:\WINDOWS\System32\javaws.exe
[08/26/2008 06:06 PM | 00,410,976 | ---- | M] (Sun Microsystems, Inc.) - C:\WINDOWS\System32\deploytk.dll
[08/26/2008 06:19 PM | ---D | M] - C:\WINDOWS\System32\CatRoot2
[08/26/2008 06:19 PM | RHSD | M] - C:\WINDOWS\System32\dllcache
[08/26/2008 06:21 PM | ---D | M] - C:\WINDOWS\System32\CatRoot
[08/26/2008 06:29 PM | 00,002,422 | ---- | M] () - C:\WINDOWS\System32\wpa.dbl
[08/26/2008 06:29 PM | 00,169,882 | ---- | M] () - C:\WINDOWS\System32\nvapps.xml
[5 C:\WINDOWS\*.tmp files]
[08/06/2008 10:43 PM | ---D | M] - C:\WINDOWS\Downloaded Installations
[08/07/2008 12:52 AM | --SD | M] - C:\WINDOWS\Tasks
[08/17/2008 04:05 PM | 00,000,624 | ---- | M] () - C:\WINDOWS\win.ini
[08/17/2008 04:07 PM | ---D | M] - C:\WINDOWS\ie7updates
[08/17/2008 04:10 PM | 00,001,374 | ---- | M] () - C:\WINDOWS\imsins.BAK
[08/17/2008 04:10 PM | -H-D | M] - C:\WINDOWS\$hf_mig$
[08/20/2008 11:03 PM | ---D | M] - C:\WINDOWS\WinSxS
[08/20/2008 11:08 PM | ---D | M] - C:\WINDOWS\twain_32
[08/21/2008 01:39 AM | ---D | M] - C:\WINDOWS\ERDNT
[08/21/2008 12:50 PM | ---D | M] - C:\WINDOWS\system
[08/26/2008 03:27 PM | ---D | M] - C:\WINDOWS\Help
[08/26/2008 03:32 PM | ---D | M] - C:\WINDOWS\Debug
[08/26/2008 03:52 PM | -H-D | M] - C:\WINDOWS\inf
[08/26/2008 06:06 PM | ---D | M] - C:\WINDOWS\Prefetch
[08/26/2008 06:15 PM | -HSD | M] - C:\WINDOWS\Installer
[08/26/2008 06:18 PM | 00,002,048 | --S- | M] () - C:\WINDOWS\bootstat.dat
[08/26/2008 06:18 PM | ---D | M] - C:\WINDOWS\system32
[08/26/2008 06:31 PM | ---D | M] - C:\WINDOWS\Temp
[08/26/2008 06:18 PM | 00,000,006 | -H-- | M] () - C:\WINDOWS\tasks\SA.DAT
[08/26/2008 09:55 AM | 00,000,284 | ---- | M] () - C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[08/20/2008 11:03 PM | ---D | M] - C:\Documents and Settings\All Users\Application Data\Logishrd
[08/20/2008 11:03 PM | ---D | M] - C:\Documents and Settings\All Users\Application Data\Logitech
[08/21/2008 02:06 AM | ---D | M] - C:\Documents and Settings\All Users\Application Data\TEMP
@Alternate Data Stream - 498 bytes -> %AllUsersProfile%\Application Data\TEMP:05EE1EEF
@Alternate Data Stream - 98 bytes -> %AllUsersProfile%\Application Data\TEMP:DFC5A2B2
[08/22/2008 04:47 PM | ---D | M] - C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
[08/22/2008 05:10 PM | ---D | M] - C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[08/23/2008 11:29 AM | ---D | M] - C:\Documents and Settings\All Users\Application Data\Ulead Systems
[08/23/2008 11:30 AM | ---D | M] - C:\Documents and Settings\All Users\Application Data\Symantec
[08/26/2008 06:13 PM | ---D | M] - C:\Documents and Settings\All Users\Application Data\Adobe
[08/26/2008 06:29 PM | ---D | M] - C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
[08/20/2008 05:43 PM | ---D | M] - C:\Documents and Settings\Robb\Application Data\Help
[08/20/2008 12:36 AM | ---D | M] - C:\Documents and Settings\Robb\Application Data\Viewpoint
[08/21/2008 02:07 AM | ---D | M] - C:\Documents and Settings\Robb\Application Data\SUPERAntiSpyware.com
[08/26/2008 06:17 PM | ---D | M] - C:\Documents and Settings\Robb\Application Data\DNA
[08/02/2008 02:25 PM | 00,076,520 | ---- | M] () - C:\Documents and Settings\Robb\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[08/07/2008 11:11 AM | ---D | M] - C:\Documents and Settings\Robb\Local Settings\Application Data\Apple Computer
[08/20/2008 05:43 PM | ---D | M] - C:\Documents and Settings\Robb\Local Settings\Application Data\Help
[08/22/2008 05:10 PM | 06,957,160 | -H-- | M] () - C:\Documents and Settings\Robb\Local Settings\Application Data\IconCache.db
[08/23/2008 12:25 AM | ---D | M] - C:\Documents and Settings\Robb\Local Settings\Application Data\Microsoft
[08/26/2008 06:13 PM | ---D | M] - C:\Documents and Settings\Robb\Local Settings\Application Data\Adobe
[08/22/2008 04:52 PM | ---D | M] - C:\Documents and Settings\All Users\Documents\Symantec
[08/20/2008 11:10 PM | R--D | M] - C:\Documents and Settings\Robb\My Documents\My Pictures
[08/20/2008 11:10 PM | R--D | M] - C:\Documents and Settings\Robb\My Documents\My Videos
[08/26/2008 03:40 PM | ---D | M] - C:\Documents and Settings\Robb\My Documents\English
[08/06/2008 10:24 PM | 00,001,604 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[08/08/2008 02:54 PM | 00,002,137 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[08/20/2008 11:03 PM | 00,001,801 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\Logitech QuickCam.lnk
[08/26/2008 06:13 PM | 00,001,729 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[08/26/2008 06:15 PM | 00,000,734 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\Acrobat.com.lnk
[08/05/2008 12:23 AM | 00,023,382 | ---- | M] () - C:\Documents and Settings\Robb\Desktop\041808_1734.jpg
[08/06/2008 10:18 PM | 63,530,280 | ---- | M] (Apple Inc.) - C:\Documents and Settings\Robb\Desktop\iTunesSetup.exe
[08/06/2008 10:32 PM | 00,002,495 | ---- | M] () - C:\Documents and Settings\Robb\Desktop\Microsoft Office Excel 2003.lnk
[08/21/2008 01:34 AM | 00,050,688 | ---- | M] (Atribune.org) - C:\Documents and Settings\Robb\Desktop\ATF_Cleaner.exe
[08/21/2008 02:03 AM | 00,001,734 | ---- | M] () - C:\Documents and Settings\Robb\Desktop\HijackThis.lnk
[08/21/2008 05:09 PM | 00,005,566 | ---- | M] () - C:\Documents and Settings\Robb\Desktop\Kaspersky Online Scan.html
[08/22/2008 02:43 PM | ---D | M] - C:\Documents and Settings\Robb\Desktop\SmitfraudFix
[08/22/2008 04:46 PM | 33,138,928 | ---- | M] (Kaspersky Lab) - C:\Documents and Settings\Robb\Desktop\kav8.0.0.454en.exe
[08/26/2008 06:01 PM | 00,291,840 | ---- | M] (OldTimer Tools) - C:\Documents and Settings\Robb\Desktop\OTMoveIt2.exe
[08/26/2008 06:11 PM | 35,124,856 | ---- | M] ( ) - C:\Documents and Settings\Robb\Desktop\AdbeRdr90_en_US.exe
[08/26/2008 06:31 PM | 01,299,968 | ---- | M] (OldTimer Tools) - C:\Documents and Settings\Robb\Desktop\OTViewIt.exe
[08/20/2008 11:09 PM | ---D | M] - C:\Program Files\Common Files\LogiShrd
[08/21/2008 02:07 AM | ---D | M] - C:\Program Files\Common Files\Wise Installation Wizard
[08/23/2008 11:29 AM | ---D | M] - C:\Program Files\Common Files\Ulead Systems
[08/23/2008 11:30 AM | ---D | M] - C:\Program Files\Common Files\Symantec Shared
[08/26/2008 06:13 PM | ---D | M] - C:\Program Files\Common Files\Adobe
[08/26/2008 06:14 PM | ---D | M] - C:\Program Files\Common Files\Adobe AIR

< End of report >

Edited by Rob L, 26 August 2008 - 04:37 PM.

  • 0

#5
Rob L

Rob L

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
And lastly,

Extras
OTViewIt Extras logfile created on: 8/26/2008 6:31:49 PM - Run 1
OTViewIt by OldTimer - Version 1.0.0.12 Folder = C:\Documents and Settings\Robb\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1023.48 Mb Total Physical Memory | 601.15 Mb Available Physical Memory | 58.74% Memory free
2.40 Gb Paging File | 2.08 Gb Available in Paging File | 86.84% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 152.66 Gb Total Space | 110.96 Gb Free Space | 72.69% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

===== File Associations =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] - File not found -
.cmd [@ = cmdfile] - File not found -
.com [@ = comfile] - File not found -
.exe [@ = exefile] - File not found -
.html [@ = FirefoxHTML] - [07/02/2008 09:52 PM | 00,307,712 | ---- | M] (Mozilla Corporation) - C:\Program Files\Mozilla Firefox\firefox.exe
.pif [@ = piffile] - File not found -
.scr [@ = scrfile] - File not found -

===== Uninstall List =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{0384D907-8F5A-48ad-9FFE-55196F6B4E1B}" = Tenomichi 3D Edit
"{08CA9554-B5FE-4313-938F-D4A417B81175}" = QuickTime
"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0
"{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}" = Security Update for CAPICOM (KB931906)
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{1A81B0A3-6136-48F5-967A-56D0B6F01E80}" = Wireless A/G USB Network Adapter
"{1ADE1AA0-7F82-4BB1-B1BD-727DE438057B}" = Cool & Quiet
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java™ 6 Update 10
"{30C2FCD0-FF7B-4FFA-8DDE-43A22E01A1E7}" = Rhapsody Player Engine
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35725FBC-A136-4A46-9F29-091759D9BB93}" = MVision
"{37477865-A3F1-4772-AD43-AAFC6BCFF99F}" = MSXML 4.0 SP2 (KB927978)
"{3DE0053C-FD9A-483E-B7C9-B06E4392206E}" = iTunes
"{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}" = Bonjour
"{49C88E44-1B38-4FC6-824E-2BDA3063B0E3}" = Apple Mobile Device Support
"{63A6E9A9-A190-46D4-9430-2DB28654AFD8}" = Norton 360
"{6580C5A3-2336-4EC5-85F1-3448C5F6208A}" = Kaspersky Anti-Virus 2009
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B976ADF-8AE8-434E-B282-A06C7F624D2F}" = Python 2.5.2
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7D2370AC-D8E6-4996-986A-19824F8A167C}" = Logitech QuickCam
"{91CA0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Small Business Edition 2003
"{9579E862-5FC7-4337-B1CC-5E37451524C5}" = Motorola Driver Installation
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
"{BEF726DD-4037-4214-8C6A-E625C02D2870}" = Logitech Audio Echo Cancellation Component
"{C04E32E0-0416-434D-AFB9-6969D703A9EF}" = MSXML 4.0 SP2 (KB936181)
"{C151CE54-E7EA-4804-854B-F515368B0798}" = Athlon 64 Processor Driver
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{EA516024-D84D-41F1-814F-83175A6188F2}" = Logitech Video Enumerator
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player Plugin
"AI - Series" = AI - Series
"AIM_6" = AIM 6
"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
"ASUS Probe V2.24.10" = ASUS Probe V2.24.10
"Browser MOUSE" = Browser MOUSE
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Fraps" = Fraps
"HijackThis" = HijackThis 2.0.2
"HyperCam 2" = HyperCam 2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallWIX_{6580C5A3-2336-4EC5-85F1-3448C5F6208A}" = Kaspersky Anti-Virus 2009
"KB873339" = Windows XP Hotfix - KB873339
"KB885250" = Windows XP Hotfix - KB885250
"KB885835" = Windows XP Hotfix - KB885835
"KB885836" = Windows XP Hotfix - KB885836
"KB886185" = Windows XP Hotfix - KB886185
"KB887472" = Windows XP Hotfix - KB887472
"KB887742" = Windows XP Hotfix - KB887742
"KB888113" = Windows XP Hotfix - KB888113
"KB888302" = Windows XP Hotfix - KB888302
"KB890046" = Security Update for Windows XP (KB890046)
"KB890859" = Windows XP Hotfix - KB890859
"KB891781" = Windows XP Hotfix - KB891781
"KB893066" = Security Update for Windows XP (KB893066)
"KB893756" = Security Update for Windows XP (KB893756)
"KB893803v2" = Windows Installer 3.1 (KB893803)
"KB894391" = Update for Windows XP (KB894391)
"KB896358" = Security Update for Windows XP (KB896358)
"KB896422" = Security Update for Windows XP (KB896422)
"KB896423" = Security Update for Windows XP (KB896423)
"KB896424" = Security Update for Windows XP (KB896424)
"KB896428" = Security Update for Windows XP (KB896428)
"KB898461" = Update for Windows XP (KB898461)
"KB899587" = Security Update for Windows XP (KB899587)
"KB899591" = Security Update for Windows XP (KB899591)
"KB900485" = Update for Windows XP (KB900485)
"KB900725" = Security Update for Windows XP (KB900725)
"KB901017" = Security Update for Windows XP (KB901017)
"KB901214" = Security Update for Windows XP (KB901214)
"KB902400" = Security Update for Windows XP (KB902400)
"KB904706" = Security Update for Windows XP (KB904706)
"KB904942" = Update for Windows XP (KB904942)
"KB905414" = Security Update for Windows XP (KB905414)
"KB905749" = Security Update for Windows XP (KB905749)
"KB905915" = Security Update for Windows XP (KB905915)
"KB908519" = Security Update for Windows XP (KB908519)
"KB908531" = Security Update for Windows XP (KB908531)
"KB910437" = Update for Windows XP (KB910437)
"KB911280" = Security Update for Windows XP (KB911280)
"KB911562" = Security Update for Windows XP (KB911562)
"KB911564" = Security Update for Windows Media Player (KB911564)
"KB911565" = Security Update for Windows Media Player 9 (KB911565)
"KB911567" = Security Update for Windows XP (KB911567)
"KB911927" = Security Update for Windows XP (KB911927)
"KB912812" = Security Update for Windows XP (KB912812)
"KB912919" = Security Update for Windows XP (KB912919)
"KB913446" = Security Update for Windows XP (KB913446)
"KB913580" = Security Update for Windows XP (KB913580)
"KB914388" = Security Update for Windows XP (KB914388)
"KB914389" = Security Update for Windows XP (KB914389)
"KB914440" = Hotfix for Windows XP (KB914440)
"KB915865" = Hotfix for Windows XP (KB915865)
"KB916281" = Security Update for Windows XP (KB916281)
"KB916595" = Update for Windows XP (KB916595)
"KB917159" = Security Update for Windows XP (KB917159)
"KB917344" = Security Update for Windows XP (KB917344)
"KB917422" = Security Update for Windows XP (KB917422)
"KB917953" = Security Update for Windows XP (KB917953)
"KB918118" = Security Update for Windows XP (KB918118)
"KB918439" = Security Update for Windows XP (KB918439)
"KB918899" = Security Update for Windows XP (KB918899)
"KB919007" = Security Update for Windows XP (KB919007)
"KB920213" = Security Update for Windows XP (KB920213)
"KB920214" = Security Update for Windows XP (KB920214)
"KB920670" = Security Update for Windows XP (KB920670)
"KB920683" = Security Update for Windows XP (KB920683)
"KB920685" = Security Update for Windows XP (KB920685)
"KB920872" = Update for Windows XP (KB920872)
"KB921398" = Security Update for Windows XP (KB921398)
"KB921503" = Security Update for Windows XP (KB921503)
"KB921883" = Security Update for Windows XP (KB921883)
"KB922582" = Update for Windows XP (KB922582)
"KB922616" = Security Update for Windows XP (KB922616)
"KB922819" = Security Update for Windows XP (KB922819)
"KB923191" = Security Update for Windows XP (KB923191)
"KB923414" = Security Update for Windows XP (KB923414)
"KB923694" = Security Update for Windows XP (KB923694)
"KB923980" = Security Update for Windows XP (KB923980)
"KB924191" = Security Update for Windows XP (KB924191)
"KB924270" = Security Update for Windows XP (KB924270)
"KB924496" = Security Update for Windows XP (KB924496)
"KB924667" = Security Update for Windows XP (KB924667)
"KB925398_WMP64" = Security Update for Windows Media Player 6.4 (KB925398)
"KB925486" = Security Update for Windows XP (KB925486)
"KB925902" = Security Update for Windows XP (KB925902)
"KB926239" = Hotfix for Windows XP (KB926239)
"KB926255" = Security Update for Windows XP (KB926255)
"KB926436" = Security Update for Windows XP (KB926436)
"KB927779" = Security Update for Windows XP (KB927779)
"KB927802" = Security Update for Windows XP (KB927802)
"KB927891" = Update for Windows XP (KB927891)
"KB928090-IE7" = Security Update for Windows Internet Explorer 7 (KB928090)
"KB928255" = Security Update for Windows XP (KB928255)
"KB928843" = Security Update for Windows XP (KB928843)
"KB929123" = Security Update for Windows XP (KB929123)
"KB929338" = Update for Windows XP (KB929338)
"KB929399" = Hotfix for Windows Media Format 11 SDK (KB929399)
"KB929969" = Security Update for Windows Internet Explorer 7 (KB929969)
"KB930178" = Security Update for Windows XP (KB930178)
"KB930916" = Update for Windows XP (KB930916)
"KB931261" = Security Update for Windows XP (KB931261)
"KB931768-IE7" = Security Update for Windows Internet Explorer 7 (KB931768)
"KB931784" = Security Update for Windows XP (KB931784)
"KB931836" = Update for Windows XP (KB931836)
"KB931906" = Security Update for CAPICOM (KB931906)
"KB932168" = Security Update for Windows XP (KB932168)
"KB932823-v3" = Update for Windows XP (KB932823-v3)
"KB933360" = Update for Windows XP (KB933360)
"KB933566-IE7" = Security Update for Windows Internet Explorer 7 (KB933566)
"KB933729" = Security Update for Windows XP (KB933729)
"KB935839" = Security Update for Windows XP (KB935839)
"KB935840" = Security Update for Windows XP (KB935840)
"KB936021" = Security Update for Windows XP (KB936021)
"KB936782_WMP11" = Security Update for Windows Media Player 11 (KB936782)
"KB937143-IE7" = Security Update for Windows Internet Explorer 7 (KB937143)
"KB938127-IE7" = Security Update for Windows Internet Explorer 7 (KB938127)
"KB938828" = Update for Windows XP (KB938828)
"KB938829" = Security Update for Windows XP (KB938829)
"KB939653-IE7" = Security Update for Windows Internet Explorer 7 (KB939653)
"KB939683" = Hotfix for Windows Media Player 11 (KB939683)
"KB941202" = Security Update for Windows XP (KB941202)
"KB941568" = Security Update for Windows XP (KB941568)
"KB941569" = Security Update for Windows XP (KB941569)
"KB941644" = Security Update for Windows XP (KB941644)
"KB941693" = Security Update for Windows XP (KB941693)
"KB942615-IE7" = Security Update for Windows Internet Explorer 7 (KB942615)
"KB942763" = Update for Windows XP (KB942763)
"KB943055" = Security Update for Windows XP (KB943055)
"KB943460" = Security Update for Windows XP (KB943460)
"KB943485" = Security Update for Windows XP (KB943485)
"KB944533-IE7" = Security Update for Windows Internet Explorer 7 (KB944533)
"KB944653" = Security Update for Windows XP (KB944653)
"KB945553" = Security Update for Windows XP (KB945553)
"KB946026" = Security Update for Windows XP (KB946026)
"KB946648" = Security Update for Windows XP (KB946648)
"KB947864-IE7" = Hotfix for Windows Internet Explorer 7 (KB947864)
"KB948590" = Security Update for Windows XP (KB948590)
"KB948881" = Security Update for Windows XP (KB948881)
"KB950749" = Security Update for Windows XP (KB950749)
"KB950759-IE7" = Security Update for Windows Internet Explorer 7 (KB950759)
"KB950760" = Security Update for Windows XP (KB950760)
"KB950762" = Security Update for Windows XP (KB950762)
"KB950974" = Security Update for Windows XP (KB950974)
"KB951066" = Security Update for Windows XP (KB951066)
"KB951072-v2" = Update for Windows XP (KB951072-v2)
"KB951376" = Security Update for Windows XP (KB951376)
"KB951376-v2" = Security Update for Windows XP (KB951376-v2)
"KB951698" = Security Update for Windows XP (KB951698)
"KB951748" = Security Update for Windows XP (KB951748)
"KB952287" = Hotfix for Windows XP (KB952287)
"KB952954" = Security Update for Windows XP (KB952954)
"KB953838-IE7" = Security Update for Windows Internet Explorer 7 (KB953838)
"KB953839" = Security Update for Windows XP (KB953839)
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.0.1)" = Mozilla Firefox (3.0.1)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Muiltmedia keyboard utility 1.3" = Muiltmedia keyboard utility 1.3
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"QcDrv" = Logitech® Camera Driver
"ShockwaveFlash" = Macromedia Flash Player 8
"SwiftKit" = SwiftKit
"SystemRequirementsLab" = System Requirements Lab
"ViewpointMediaPlayer" = Viewpoint Media Player
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WGA" = Windows Genuine Advantage Validation Tool
"WgaNotify" = Windows Genuine Advantage Notifications (KB905474)
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"WOLAPI" = Westwood Shared Internet Components
"World of Warcraft" = World of Warcraft
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

===== Uninstall List =====

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent DNA" = DNA

===== Winsock2 Catalogs =====

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]
NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] - [07/24/2007 03:17 PM | 00,147,456 | ---- | M] (Apple Inc.) C:\Program Files\Bonjour\mdnsNSP.dll

===== Protocol Defaults =====


===== Protocol Defaults =====


===== Protocol Handlers =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]
msdaipp: [HKLM - No CLSID value]

===== Protocol Filters =====

< End of report >
  • 0

#6
Egwene

Egwene

    Member 2k

  • Visiting Consultant
  • 2,141 posts
Hey Rob L,

--> Please download the OTMoveIt2 by OldTimer.
Save it to your desktop.

1) Backing up your registry :

The steps that I am about to suggest involve modifying the registry. Modfying the registry can be dangerous so we will make a backup of the registry first.
Modification of the registry can be EXTREMELY dangerous if you do not know exactly what you are doing so follow the steps that are listed below EXACTLY. if you cannot preform some of these steps or if you have ANY questions please ask BEFORE proceeding.

Backing Up Your Registry
  • Download ERUNT
    (ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)
  • Install ERUNT by following the prompts
    (use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)
  • Start ERUNT
    (either by double clicking on the desktop icon or choosing to start the program at the end of the setup)
  • Choose a location for the backup
    (the default location is C:\WINDOWS\ERDNT which is acceptable).
  • Make sure that at least the first two check boxes are ticked
  • Press OK
  • Press YES to create the folder.
Posted Image

2) Run OTMoveIT2 :
  • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    [kill explorer]
    C:\WINDOWS\System32\drivers\lvuvc.hs
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1ab52e7e-d75f-11dc-aeb7-e852d2f94ee1}
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{250561d5-d21e-11da-abd0-00121795629c}
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3f887863-2eff-11dc-ad7c-00121795629c}
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3fb9318f-d4d8-11db-ad48-00121795629c}
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a2ae3675-d6fb-11da-abd9-00121795629c}
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f0716041-3351-11dd-af45-00121795629c}
    purity
    emptytemp
    [start explorer]
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Regards,
Egwene.
  • 0

#7
Rob L

Rob L

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Heres the OTMoveIt log:

Explorer killed successfully
C:\WINDOWS\System32\drivers\lvuvc.hs moved successfully.
< HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1ab52e7e-d75f-11dc-aeb7-e852d2f94ee1} >
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1ab52e7e-d75f-11dc-aeb7-e852d2f94ee1}\\ deleted successfully.
< HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{250561d5-d21e-11da-abd0-00121795629c} >
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{250561d5-d21e-11da-abd0-00121795629c}\\ deleted successfully.
< HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3f887863-2eff-11dc-ad7c-00121795629c} >
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3f887863-2eff-11dc-ad7c-00121795629c}\\ deleted successfully.
< HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3fb9318f-d4d8-11db-ad48-00121795629c} >
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3fb9318f-d4d8-11db-ad48-00121795629c}\\ deleted successfully.
< HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a2ae3675-d6fb-11da-abd9-00121795629c} >
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a2ae3675-d6fb-11da-abd9-00121795629c}\\ deleted successfully.
< HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f0716041-3351-11dd-af45-00121795629c} >
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f0716041-3351-11dd-af45-00121795629c}\\ deleted successfully.
< purity >
< emptytemp >
File delete failed. C:\DOCUME~1\Robb\LOCALS~1\Temp\etilqs_tsdnOt25Bw0d13jwyL5r scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\cch~450fe35f.htp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\cch~450fec26.htp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_3d4.dat scheduled to be deleted on reboot.
Temp folders emptied.
IE temp folders emptied.
Explorer started successfully

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 08272008_184008

Files moved on Reboot...
File C:\DOCUME~1\Robb\LOCALS~1\Temp\etilqs_tsdnOt25Bw0d13jwyL5r not found!
File C:\WINDOWS\temp\cch~450fe35f.htp not found!
File C:\WINDOWS\temp\cch~450fec26.htp not found!
File C:\WINDOWS\temp\Perflib_Perfdata_3d4.dat not found!
  • 0

#8
Egwene

Egwene

    Member 2k

  • Visiting Consultant
  • 2,141 posts
Hey Rob L,

I would like you to run an online scan with Kasperky.

Please do an online scan with Kaspersky WebScanner

Make sure you are using Internet Explorer for this. Click on Kaspersky Online Scanner and click Accept

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

Regards,
Egwene.
  • 0

#9
Rob L

Rob L

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
I currently have a trial version of Kaspersky Antivirus 2009 installed on my computer. Should I still use the web scanner, or just use the version on my computer?

I'm going ahead and doing the online scan anyways.

Edited by Rob L, 27 August 2008 - 05:48 PM.

  • 0

#10
Rob L

Rob L

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
The web scanner downloaded and installed the program just fine, but it never finished updating the database. It got to 100%, then dropped to 50%, and the number of bytes needed to be downloaded doubled. Then my computer got the BSOD(only for a split second) and restarted. I'm trying the web scanner again now.

EDIT: Tried it again, my computer got another BSOD (only for a split second, yet again) then restarted. I'm going to disable the Kaspersky Anti-Virus and try again.

Edited by Rob L, 27 August 2008 - 06:15 PM.

  • 0

#11
Rob L

Rob L

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Well my computer got the BSOD again. This time Windows produced an error. Here it is:

Error Report Contents

C:\DOCUME~1\Robb\LOCALS~1\Temp\WERd1af.dir00\Mini082708-03.dmp
C:\DOCUME~1\Robb\LOCALS~1\Temp\WERd1af.dir00\sysdata.xml

Error Signature

BCCode : 100000d4 BCP1 : B9090938 BCP2 : 000000FF BCP3 : 00000001
BCP4 : 80541A55 OSVer : 5_1_2600 SP : 2_0 Product : 768_1

I think that the fact that I have a version of Kaspersky installed on my computer might be causing the problem.

I'm currently doing a full system scan with Kaspersky, and will post that log once it finishes. The scan is scanning System Memory, Startup Objects, System Backup Storage, all Hard Drives, all Removable Drives, and Network Drives.

Edited by Rob L, 27 August 2008 - 06:23 PM.

  • 0

#12
Rob L

Rob L

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Here is the result of the scan:


8/27/2008 8:23:44 PM Task started

8/27/2008 8:29:51 PM Detected: http://www.viruslist...dvisories/25215 C:\Documents and Settings\Robb\Desktop\NSW2006\NAV\External\NORTON\APP\NAVComUI.dll

8/27/2008 8:51:15 PM Detected: http://www.viruslist...dvisories/26027 C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\flash.ocx

8/27/2008 8:53:42 PM Detected: http://www.viruslist...dvisories/28083 C:\WINDOWS\system32\Macromed\Flash\Flash8.ocx

8/27/2008 8:53:42 PM Detected: http://www.viruslist...dvisories/28083 C:\WINDOWS\system32\Macromed\Flash\Flash.ocx

8/27/2008 8:53:42 PM Detected: http://www.viruslist...dvisories/28083 C:\WINDOWS\system32\Macromed\Flash\Flash8b.ocx

8/27/2008 8:54:05 PM Task completed
  • 0

#13
Egwene

Egwene

    Member 2k

  • Visiting Consultant
  • 2,141 posts
Hey Rob L,

It's not a malware issue :)

Congralutations, your log looks clean :)

STEP 1

Please Download OTcleanIT (OldTimer) : http://download.blee...r/OTCleanIt.exe

Open it and double-click on the "CleanUp" boutton.

STEP 2

Now lets Reset and Re-enable your System Restore to remove any infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected, but that's good news).

Turn OFF System Restore.

* On the Desktop, right-click My Computer.
* Click Properties.
* Click the System Restore tab.
* Check Turn off System Restore.
* Click Apply, and then click OK.


Restart your computer.

Turn ON System Restore.

* On the Desktop, right-click My Computer.
* Click Properties.
* Click the System Restore tab.
* UN-Check Turn off System Restore.
* Click Apply, and then click OK.

System Restore will now be active again.

STEP 3

Another essential is to keep your computer updated with the latest operating system patches and security fixes. Windows Updates are constantly being revised to combat the newest hacks and threats, Microsoft releases security updates that help your computer from becoming vunerable. It is best if you have these set to download automatically.

Automatic Updates for Windows

* Click Start.
* Select Settings and then Control Panel.
* Select Automatic Updates.
* Click Automatic (recommended)
* Choose a day and a time when you know the computer will be on and connected to the internet.
* Click Apply then OK.

STEP 4

The following is a list of tools and utilities that I like to suggest to people. This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.
  • Spybot Search & Destroy - Uber powerful tool which can search and annhilate nasties that make it onto your system. Now with an Immunize section that will help prevent future infections.
  • AdAware - Another very powerful tool which searches and kills nasties that infect your system. AdAware and Spybot Search & Destroy compliment each other very well.
  • SpywareBlaster - Great prevention tool to keep nasties from installing on your system.
  • SpywareGuard - Works as a Spyware "Shield" to protect your computer from getting malware in the first place.
  • IE-SpyAd - puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.
  • ATF Cleaner - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.
  • Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
  • Google Toolbar - Free google toolbar that allows you to use the powerful Google search engine from the bar, but also blocks pop up windows.
  • Trillian or Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)
To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein

Regards,
Egwene.
  • 0

#14
Rob L

Rob L

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Thank you so much for all your help! I downloaded some of those programs, so hopefully I will not get infected again.
  • 0

#15
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP