Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Windows Security Alert [RESOLVED]

Started by Norgermish , Aug 23 2008 06:37 PM

  • This topic is locked This topic is locked

#16
Norgermish
Posted 25 August 2008 - 05:33 PM

Norgermish

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
OK Here is the information you requested. Thanks again for all your time on this topic. :)

1. Javara log
JavaRa 1.11 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Mon Aug 25 12:54:53 2008

Found and removed: C:\Windows\System32\jpicpl32.cpl

Found and removed: Software\JavaSoft\Java2D\1.5.0_06

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D510006

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D510006

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D510006

Found and removed: SOFTWARE\Classes\JavaPlugin.150_06

Found and removed: SOFTWARE\Classes\JavaWebStart.isInstalled.1.5.0.0

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.5.0_06

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5.0_06

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D510006

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D510006

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0150060}

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.5.0_06

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.5.0_06\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\core1.zip

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\core2.zip

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\core3.zip

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}

------------------------------------

Finished reporting.

2. SUPERatispyware log

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 08/25/2008 at 02:14 PM

Application Version : 4.15.1000

Core Rules Database Version : 3546
Trace Rules Database Version: 1535

Scan type : Complete Scan
Total Scan Time : 00:49:58

Memory items scanned : 528
Memory threats detected : 0
Registry items scanned : 7467
Registry threats detected : 0
File items scanned : 73734
File threats detected : 16

Adware.Tracking Cookie
C:\Documents and Settings\Paul Lehman\Cookies\[email protected][1].txt
C:\Documents and Settings\Paul Lehman\Cookies\[email protected][1].txt
C:\Documents and Settings\Paul Lehman\Cookies\paul_lehman@tacoda[2].txt
C:\Documents and Settings\Paul Lehman\Cookies\paul_lehman@insightexpressai[2].txt
C:\Documents and Settings\Paul Lehman\Cookies\paul_lehman@kontera[2].txt
C:\Documents and Settings\Paul Lehman\Cookies\[email protected][1].txt
C:\Documents and Settings\Paul Lehman\Cookies\paul_lehman@atdmt[2].txt
C:\Documents and Settings\Paul Lehman\Cookies\[email protected][1].txt
C:\Documents and Settings\Paul Lehman\Cookies\paul_lehman@advertising[2].txt
C:\Documents and Settings\Paul Lehman\Cookies\[email protected][2].txt
C:\Documents and Settings\Paul Lehman\Cookies\paul_lehman@doubleclick[1].txt
C:\Documents and Settings\Paul Lehman\Cookies\paul_lehman@revsci[1].txt
C:\Documents and Settings\Paul Lehman\Cookies\paul_lehman@statcounter[2].txt
C:\Documents and Settings\Paul Lehman\Cookies\paul_lehman@2o7[1].txt
C:\Documents and Settings\Paul Lehman\Cookies\paul_lehman@atwola[1].txt
C:\Documents and Settings\Paul Lehman\Cookies\paul_lehman@questionmarket[1].txt
.247realmedia.com [ C:\Documents and Settings\Sandy French.D13JKZB1.000\Application Data\Mozilla\Firefox\Profiles\mpfmotlb.default\cookies.txt ]
.atdmt.com [ C:\Documents and Settings\Sandy French.D13JKZB1.000\Application Data\Mozilla\Firefox\Profiles\mpfmotlb.default\cookies.txt ]
oasc09.247realmedia.com [ C:\Documents and Settings\Sandy French.D13JKZB1.000\Application Data\Mozilla\Firefox\Profiles\mpfmotlb.default\cookies.txt ]
.doubleclick.net [ C:\Documents and Settings\Sandy French.D13JKZB1.000\Application Data\Mozilla\Firefox\Profiles\mpfmotlb.default\cookies.txt ]
.adopt.euroclick.com [ C:\Documents and Settings\Sandy French.D13JKZB1.000\Application Data\Mozilla\Firefox\Profiles\mpfmotlb.default\cookies.txt ]
.adopt.euroclick.com [ C:\Documents and Settings\Sandy French.D13JKZB1.000\Application Data\Mozilla\Firefox\Profiles\mpfmotlb.default\cookies.txt ]
.adopt.euroclick.com [ C:\Documents and Settings\Sandy French.D13JKZB1.000\Application Data\Mozilla\Firefox\Profiles\mpfmotlb.default\cookies.txt ]
.adopt.euroclick.com [ C:\Documents and Settings\Sandy French.D13JKZB1.000\Application Data\Mozilla\Firefox\Profiles\mpfmotlb.default\cookies.txt ]
.adopt.euroclick.com [ C:\Documents and Settings\Sandy French.D13JKZB1.000\Application Data\Mozilla\Firefox\Profiles\mpfmotlb.default\cookies.txt ]
adopt.euroclick.com [ C:\Documents and Settings\Sandy French.D13JKZB1.000\Application Data\Mozilla\Firefox\Profiles\mpfmotlb.default\cookies.txt ]
.interclick.com [ C:\Documents and Settings\Sandy French.D13JKZB1.000\Application Data\Mozilla\Firefox\Profiles\mpfmotlb.default\cookies.txt ]
.interclick.com [ C:\Documents and Settings\Sandy French.D13JKZB1.000\Application Data\Mozilla\Firefox\Profiles\mpfmotlb.default\cookies.txt ]
.interclick.com [ C:\Documents and Settings\Sandy French.D13JKZB1.000\Application Data\Mozilla\Firefox\Profiles\mpfmotlb.default\cookies.txt ]
.interclick.com [ C:\Documents and Settings\Sandy French.D13JKZB1.000\Application Data\Mozilla\Firefox\Profiles\mpfmotlb.default\cookies.txt ]
.adrevolver.com [ C:\Documents and Settings\Sandy French.D13JKZB1.000\Application Data\Mozilla\Firefox\Profiles\mpfmotlb.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\Sandy French.D13JKZB1.000\Application Data\Mozilla\Firefox\Profiles\mpfmotlb.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\Sandy French.D13JKZB1.000\Application Data\Mozilla\Firefox\Profiles\mpfmotlb.default\cookies.txt ]
.adrevolver.com [ C:\Documents and Settings\Sandy French.D13JKZB1.000\Application Data\Mozilla\Firefox\Profiles\mpfmotlb.default\cookies.txt ]
.dynamic.media.adrevolver.com [ C:\Documents and Settings\Sandy French.D13JKZB1.000\Application Data\Mozilla\Firefox\Profiles\mpfmotlb.default\cookies.txt ]
.adrevolver.com [ C:\Documents and Settings\Sandy French.D13JKZB1.000\Application Data\Mozilla\Firefox\Profiles\mpfmotlb.default\cookies.txt ]
.dynamic.media.adrevolver.com [ C:\Documents and Settings\Sandy French.D13JKZB1.000\Application Data\Mozilla\Firefox\Profiles\mpfmotlb.default\cookies.txt ]
.dynamic.media.adrevolver.com [ C:\Documents and Settings\Sandy French.D13JKZB1.000\Application Data\Mozilla\Firefox\Profiles\mpfmotlb.default\cookies.txt ]
media.adrevolver.com [ C:\Documents and Settings\Sandy French.D13JKZB1.000\Application Data\Mozilla\Firefox\Profiles\mpfmotlb.default\cookies.txt ]

3. Kaspersky Log
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Monday, August 25, 2008
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Monday, August 25, 2008 15:15:15
Records in database: 1144482
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\

Scan statistics:
Files scanned: 75222
Threat name: 1
Infected objects: 1
Suspicious objects: 0
Duration of the scan: 01:24:32


File name / Threat name / Threats count
C:\Documents and Settings\Paul Lehman\My Documents\LimeWire\Incomplete\T-5745425-13 adam where are you.mp3 Infected: Trojan-Downloader.WMA.Wimad.n 1

The selected area was scanned.

4. A. I haven't seen the little Windows Security Advisor yet today.

B. When I do a google search sometimes there is a diverted page that comes up, not google results. I cannot go back to original google search page unless I click the recent pages down arrow on google search window, then find original search. This is random and seems like Google is being hijack occasionally.
C. Otherwise things are working much better

Thanks Andrew
  • 0

Advertisements

#17
andrewuk
Posted 25 August 2008 - 07:00 PM

andrewuk

    Trusted Helper

  • Malware Removal
  • 5,297 posts
the kaspersky scan picked up one infected file, which we will remove and we will remove that other infected file. i am hoping that that infected file is the source of your google redirects.


====STEP 1====
1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

File::
C:\Documents and Settings\Paul Lehman\My Documents\LimeWire\Incomplete\T-5745425-13 adam where are you.mp3

Folder::
C:\Program Files\ulidah

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"SmartCfg"=-
[-HKEY_CLASSES_ROOT\CLSID\{25FA3C78-998A-3FA4-63C7-09AA9587420F}]


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.


In your next reply could i see:
1. the combofix log
2. a new hijackthis log
3. some idea of how your machine is running now

The text from these files may exceed the maximum post length for this forum. Hence, you may need to post the information over 2 or more posts.

andrewuk
  • 0

#18
Norgermish
Posted 25 August 2008 - 10:17 PM

Norgermish

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
OK Andrew here are the logs you requested. As I have run a few different stresses on my computer everything seems to work well. I did have one pop-up from Antivir but I think that this is normal for the free version. It seems they push a little harder and actually use a pop up to inspire someone to buy the full version. Hmmmmm I will probably not keep Antivir and find another. What do you think of Nod32 or AVG?
I noticed the .mp3 file that was infected. I will speak with my daughter about dl'ing it seems that would be where it came from.
Anyway thank you again for sharing your time and efforts with someone across the workld:)
Much appreciated!
Paul



1. Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:08:21, on 8/25/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Logitech\QuickCam10\COCIManager.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=0061019
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://yahoo.sbc.com/dsl
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.509.5470\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [SkinClock] C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe
O4 - HKCU\..\Run: [Yahoo! Pager] 1
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Event Reminder.lnk = C:\Program Files\PrintMaster Gold 18\Remind.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: ImTranslator - C:\PROGRA~1\SMARTL~1\IMTRAN~1\startup.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: ImTranslator - {AE436396-55E7-4ec4-AD6D-45E88A530A4C} - C:\PROGRA~1\SMARTL~1\IMTRAN~1\startup.html (HKCU)
O9 - Extra 'Tools' menuitem: ImTranslator - {AE436396-55E7-4ec4-AD6D-45E88A530A4C} - C:\PROGRA~1\SMARTL~1\IMTRAN~1\startup.html (HKCU)
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1162680470588
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com...obat/nos/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{366A16A4-F3EC-4E8D-9C4A-90468D4D4759}: NameServer = 68.94.156.1 68.94.157.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{66543450-3357-418D-82F4-73A105ABD9E6}: NameServer = 68.94.156.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\WildTangent\Apps\Dell Game Console\GameConsoleService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 11398 bytes

2. ComboFix 08-08-24.03 - Paul Lehman 2008-08-25 20:23:22.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.599 [GMT -7:00]
Running from: C:\Documents and Settings\Paul Lehman\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Paul Lehman\Desktop\CFScript.txt
* Created a new restore point

FILE ::
C:\Documents and Settings\Paul Lehman\My Documents\LimeWire\Incomplete\T-5745425-13 adam where are you.mp3
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Paul Lehman\My Documents\LimeWire\Incomplete\T-5745425-13 adam where are you.mp3
C:\Program Files\ulidah
C:\Program Files\ulidah\SmartCfg.dll

.
((((((((((((((((((((((((( Files Created from 2008-07-26 to 2008-08-26 )))))))))))))))))))))))))))))))
.

2008-08-25 13:13 . 2008-08-25 13:13 <DIR> d-------- C:\Program Files\Sun
2008-08-25 13:13 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-08-22 18:55 . 2008-08-22 18:55 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-22 18:01 . 2008-08-22 18:01 <DIR> d-------- C:\Program Files\Avira
2008-08-22 17:45 . 2008-08-22 18:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-08-22 00:32 . 2008-08-22 00:32 <DIR> d-------- C:\Program Files\Alwil Software
2008-08-22 00:17 . 2008-08-22 16:45 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-22 00:17 . 2008-08-22 00:17 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-08-22 00:17 . 2008-08-22 00:17 <DIR> d-------- C:\Documents and Settings\Paul Lehman\Application Data\Malwarebytes
2008-08-22 00:17 . 2008-08-22 00:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-22 00:17 . 2008-08-17 15:01 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-22 00:17 . 2008-08-17 15:01 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-22 00:02 . 2008-08-22 00:02 <DIR> d-------- C:\Program Files\ERUNT
2008-08-21 20:24 . 2008-08-21 20:24 <DIR> d-------- C:\Program Files\Lavasoft
2008-08-21 20:24 . 2008-08-21 20:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-08-19 08:28 . 2008-08-19 08:28 <DIR> d-------- C:\Program Files\GSpot
2008-08-14 17:15 . 2008-08-14 17:15 <DIR> d-------- C:\Documents and Settings\Alida Lehman\Application Data\Nero
2008-08-14 17:02 . 2008-08-14 17:02 <DIR> d-------- C:\Documents and Settings\Sandy French.D13JKZB1.000\Application Data\Nero
2008-08-14 01:30 . 2008-08-14 01:31 <DIR> d-------- C:\Documents and Settings\Paul Lehman\Application Data\Folder Guard
2008-08-13 21:43 . 2008-03-03 14:25 5,702 --ah----- C:\WINDOWS\nod32restoretemdono.reg
2008-08-13 21:43 . 2008-03-03 18:21 568 --ah----- C:\WINDOWS\nod32fixtemdono.reg
2008-08-13 21:42 . 2008-08-13 21:42 <DIR> d-------- C:\Program Files\ESET
2008-08-13 21:42 . 2008-08-13 21:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ESET
2008-08-13 21:38 . 2008-08-13 21:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg8
2008-08-12 19:13 . 2008-08-12 19:13 <DIR> d-------- C:\Program Files\uTorrent
2008-08-12 18:17 . 2008-05-01 07:33 331,776 --------- C:\WINDOWS\system32\dllcache\msadce.dll
2008-08-12 18:15 . 2008-04-11 12:04 691,712 --------- C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-08-11 12:58 . 2008-08-11 12:58 <DIR> d-------- C:\Program Files\Atomic Alarm Clock
2008-08-11 09:09 . 2008-08-20 11:46 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-08-10 23:53 . 2008-08-10 23:53 <DIR> d-------- C:\Program Files\iPod
2008-08-10 23:53 . 2008-08-10 23:53 <DIR> d-------- C:\Documents and Settings\Paul Lehman\Application Data\Apple Computer
2008-08-10 23:52 . 2008-08-10 23:52 <DIR> d-------- C:\Program Files\QuickTime
2008-08-10 23:52 . 2008-08-10 23:53 <DIR> d-------- C:\Program Files\iTunes
2008-08-10 23:52 . 2008-08-10 23:52 <DIR> d-------- C:\Program Files\Bonjour
2008-08-10 23:52 . 2008-08-10 23:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-08-10 23:51 . 2008-08-10 23:51 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-08-10 23:51 . 2008-08-10 23:51 <DIR> d-------- C:\Program Files\Common Files\Apple
2008-08-10 23:51 . 2008-08-10 23:51 <DIR> d-------- C:\Program Files\Apple Software Update
2008-08-10 23:51 . 2008-08-10 23:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-08-10 23:36 . 2008-08-10 23:36 <DIR> d-------- C:\Program Files\MagicISO
2008-08-10 23:19 . 2008-08-10 23:19 <DIR> d-------- C:\Program Files\NeroInstall.bak
2008-08-10 23:17 . 2008-08-10 23:17 <DIR> d-------- C:\Documents and Settings\Paul Lehman\Application Data\Nero
2008-08-10 23:14 . 2008-08-10 23:14 <DIR> d-------- C:\Program Files\Nero
2008-08-10 23:14 . 2008-08-10 23:16 <DIR> d-------- C:\Program Files\Common Files\Nero
2008-08-10 23:14 . 2008-08-10 23:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-08-10 23:03 . 2008-08-10 23:03 <DIR> d-------- C:\Documents and Settings\Paul Lehman\Application Data\Sonic
2008-08-10 23:02 . 2008-08-10 23:02 <DIR> d-------- C:\Documents and Settings\Paul Lehman\Application Data\Leadertech
2008-08-10 08:28 . 2008-08-10 08:28 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-08-10 08:28 . 2008-08-10 08:28 1,409 --a------ C:\WINDOWS\QTFont.for
2008-08-05 15:58 . 2008-08-05 15:58 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-08-05 15:58 . 2008-08-05 15:58 <DIR> d-------- C:\WINDOWS\system32\en
2008-08-05 15:58 . 2008-08-05 15:58 <DIR> d-------- C:\WINDOWS\system32\bits
2008-08-05 15:58 . 2008-08-05 15:58 <DIR> d-------- C:\WINDOWS\l2schemas
2008-08-05 15:55 . 2008-08-05 15:55 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-08-03 09:08 . 2008-04-13 17:12 1,737,856 --------- C:\WINDOWS\system32\mtxparhd.dll
2008-08-03 09:07 . 2004-08-03 22:41 1,041,536 --------- C:\WINDOWS\system32\drivers\hsfdpsp2.sys
2008-08-03 09:06 . 2008-04-13 17:11 1,888,992 --------- C:\WINDOWS\system32\ati3duag.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-26 03:16 --------- d-----w C:\Documents and Settings\Paul Lehman\Application Data\Skype
2008-08-25 23:07 --------- d-----w C:\Documents and Settings\Paul Lehman\Application Data\skypePM
2008-08-25 20:13 --------- d-----w C:\Program Files\Java
2008-08-25 19:49 --------- d-----w C:\Documents and Settings\Paul Lehman\Application Data\Vso
2008-08-23 03:18 --------- d-----w C:\Documents and Settings\Paul Lehman\Application Data\LimeWire
2008-08-23 00:39 --------- d-----w C:\Documents and Settings\Paul Lehman\Application Data\uTorrent
2008-08-22 03:38 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-08-22 03:24 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-07-23 02:07 --------- d-----w C:\Program Files\LimeWire
2008-07-11 04:21 --------- d-----w C:\Program Files\Google
2008-07-07 20:26 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-07-07 20:26 253,952 ------w C:\WINDOWS\system32\dllcache\es.dll
2008-07-05 19:18 --------- d-----w C:\Documents and Settings\Sandy French.D13JKZB1.000\Application Data\DivX
2008-07-03 20:22 --------- d-----w C:\Program Files\AC3Filter
2008-07-03 20:17 --------- d-----w C:\Program Files\DivX
2008-06-26 02:15 --------- d-----w C:\Program Files\AVG
2008-06-26 02:11 --------- d-----w C:\Program Files\Symantec
2008-06-26 01:07 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-06-26 01:07 --------- d-----w C:\Documents and Settings\Paul Lehman\Application Data\SUPERAntiSpyware.com
2008-06-26 01:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-06-24 17:57 3,592,192 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-06-24 16:43 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-24 16:43 74,240 ------w C:\WINDOWS\system32\dllcache\mscms.dll
2008-06-24 06:34 82,432 ----a-w C:\WINDOWS\system32\IEDFix.C.exe
2008-06-23 09:20 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-06-23 09:20 625,664 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-06-23 09:20 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-06-21 05:23 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2008-06-20 17:46 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 17:46 245,248 ------w C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 17:46 147,968 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 11:51 361,600 ------w C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 11:40 138,496 ------w C:\WINDOWS\system32\dllcache\afd.sys
2008-06-20 11:08 225,856 ------w C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-06-20 02:33 47,360 ----a-w C:\Documents and Settings\Paul Lehman\Application Data\pcouffin.sys
2008-06-18 17:52 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-06-13 11:05 272,128 ------w C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-11 00:07 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-06-11 00:07 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-06-11 00:04 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-06-11 00:04 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-05-29 16:35 86,528 ----a-w C:\WINDOWS\system32\VACFix.exe
2008-03-07 18:50 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2006-11-05 02:11 88 --sh--r C:\WINDOWS\system32\04CFE8BB49.sys
2006-11-05 02:11 3,350 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( snapshot@2008-08-23_22.34.51.01 )))))))))))))))))))))))))))))))))))))))))
.
- 2005-11-10 16:27:06 49,248 ----a-w C:\WINDOWS\system32\java.exe
+ 2008-06-10 08:21:01 135,168 ----a-w C:\WINDOWS\system32\java.exe
- 2005-11-10 16:27:16 49,250 ----a-w C:\WINDOWS\system32\javaw.exe
+ 2008-06-10 08:21:04 135,168 ----a-w C:\WINDOWS\system32\javaw.exe
- 2005-11-10 18:03:54 127,078 ----a-w C:\WINDOWS\system32\javaws.exe
+ 2008-06-10 09:32:34 139,264 ----a-w C:\WINDOWS\system32\javaws.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="1" [X]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 17:12 15360]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-28 10:33 1506544]
"SkinClock"="C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe" [2008-05-20 21:57 1737216]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-07-10 21:21 39408]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2008-04-13 17:12 1695232]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 17:07 1828136]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-08-18 18:41 1832272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-06-16 06:39 7323648]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 08:44 81920]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 08:44 249856]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-05-27 10:50 413696]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 14:28 266497]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2008-02-28 09:59 570664]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 16:29 2221352]
"MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [2005-07-12 17:05 1117184]
"LVCOMSX"="C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe" [2006-06-26 11:33 243248]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" [2006-06-26 11:34 614960]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe" [2006-06-26 10:46 497200]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 10:47 289064]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2004-09-13 15:49 49152]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 12:01 67584]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 01:12 94208]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-09-08 03:20 122940]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 20:42 116040]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"SigmatelSysTrayApp"="stsystra.exe" [2006-08-15 01:00 282624 C:\WINDOWS\stsystra.exe]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 03:38:16 29696]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-10-19 16:26:24 24576]
Event Reminder.lnk - C:\Program Files\PrintMaster Gold 18\Remind.exe [2007-09-09 15:36:02 344064]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-04 19:28:24 258048]
HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-04 19:50:52 53248]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

S3 GameConsoleService;GameConsoleService;C:\Program Files\WildTangent\Apps\Dell Game Console\GameConsoleService.exe [2008-01-07 23:25]
.
Contents of the 'Scheduled Tasks' folder

2008-08-20 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-25 20:25:56
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-08-25 20:26:57
ComboFix-quarantined-files.txt 2008-08-26 03:26:54
ComboFix2.txt 2008-08-25 03:31:48
ComboFix3.txt 2008-08-24 05:36:15

Pre-Run: 126,492,860,416 bytes free
Post-Run: 126,545,428,480 bytes free

214 --- E O F --- 2008-08-13 10:03:33
  • 0

#19
andrewuk
Posted 26 August 2008 - 01:38 PM

andrewuk

    Trusted Helper

  • Malware Removal
  • 5,297 posts
Hi Norgermish

congratulations, your logs are clean and another fix is in the can :)

I did have one pop-up from Antivir but I think that this is normal for the free version. It seems they push a little harder and actually use a pop up to inspire someone to buy the full version. Hmmmmm I will probably not keep Antivir and find another. What do you think of Nod32 or AVG?

yes, i notice that on antivir also. as for Nod32 or AVG, i am neutral as to which one you chose, they are as good as each other. if it comes down to a matter of cost then i dont think you can get a free Nod32 (you can get a 30 day trial), though i am happy to be proved wrong. For AVG, their free version can be found here. however, remember to only have one antivirus program on your machine and no matter how good the antivirus program, it is no use if other users of your machine open the doors to the bad guys. download the antivirus program you chose. disconnect from the internet. uninstall antivir via the add/remove programs in the control panel. and then install the antivirus program you downloaded. and then connect again to the internet.

remember also to have a third party firewall installed. the windows firewall is not that great. if you dont have a third party firewall, then a good free firewall is comodo.

in this post we will clear away the fix tools (this is so that should you ever be re-infected, you will download updated versions and it will also remove the quarantined Malware from your computer), reset your restore points (there will be infections lurking in there) and i will leave you with some ideas on how to enhance the protection of your machine against future infection.

====STEP 1====
Follow these steps to uninstall Combofix and tools used in the removal of malware and flush your system restore points
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    Posted Image

====IDEAS TO SPEED UP YOUR MACHINE====
this page http://users.telenet...owcomputer.html gives some good ideas on how to improve the efficiency of your machine and has one or two useful links to help your further.


====AND FINALLY====
The following is a list of tools and utilities that I like to suggest to people. This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.
  • Spybot Search & Destroy - Uber powerful tool which can search and annhilate nasties that make it onto your system. Now with an Immunize section that will help prevent future infections.
  • AdAware - Another very powerful tool which searches and kills nasties that infect your system. AdAware and Spybot Search & Destroy compliment each other very well.
  • SpywareBlaster - Great prevention tool to keep nasties from installing on your system.
  • SpywareGuard - Works as a Spyware "Shield" to protect your computer from getting malware in the first place.
  • IE-SpyAd - puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.
  • ATF Cleaner - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.
  • Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
  • Google Toolbar - Free google toolbar that allows you to use the powerful Google search engine from the bar, but also blocks pop up windows.
  • Trillian or Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)
To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein


andrewuk
  • 0

#20
Norgermish
Posted 27 August 2008 - 03:34 PM

Norgermish

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Great, it is good news. I appreciate your expertise in removing all this junk from my PC. I have noticed that all IE icons are gone now. It seems that I can't use IE anymore. I tried downloading IE7 again but it produced no icons, in desktop, start menu, or start/all programs. In the latter I see Internet Explorer but it only list web publisher when I place mouse over it. Rather strange effect. I have used Firefox and more recently decided to try the new Safari also. But IE has some favorites that I use and at this point can't get to them.
Anyway, I don't know if there is anyway to resolve it. I tried a few google searches and the remedies there don't seem to work.



I want to thank you again for all your help and the complete cleansing of my machine. I have learned a lot through the process as well.
Cheers,
Paul Lehman
  • 0

#21
andrewuk
Posted 27 August 2008 - 03:55 PM

andrewuk

    Trusted Helper

  • Malware Removal
  • 5,297 posts
it looks like you are running into the SP3 and IE issue.

lets see if this simple fix will work, which i have taken from the microsoft site: http://support.microsoft.com/kb/555849

(there are more details http://www.windowsre...p-icon-missing/)

either go through the steps in those links or follow the instructions below:


The steps that I am about to suggest involve modifying the registry. Modfying the registry can be dangerous so we will make a backup of the registry first.
Modification of the registry can be EXTREMELY dangerous if you do not know exactly what you are doing so follow the steps that are listed below EXACTLY. if you cannot preform some of these steps or if you have ANY questions please ask BEFORE proceeding.

Backing Up Your Registry
  • Download ERUNT
    (ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)
  • Install ERUNT by following the prompts
    (use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)
  • Start ERUNT
    (either by double clicking on the desktop icon or choosing to start the program at the end of the setup)
  • Choose a location for the backup
    (the default location is C:\WINDOWS\ERDNT which is acceptable).
  • Make sure that at least the first two check boxes are ticked
  • Press OK
  • Press YES to create the folder.
Posted Image


Registry Modifications

Please open Notepad
  • Click Start , then Run
  • Type notepad .exe in the Run Box.
Please copy the contents of the code box below into the notepad. To do this highlight the contents of the box and right click on it.

Save it to your desktop has fixit.reg (filetype = any)

Windows Registry Editor Version 5.00
 
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]
"{871C5380-42A0-1069-A2EA-08002B30309D}"=dword:00000000

NOTICE: This file was written specifically for this user, for use on that particular machine.
Running this on another machine may cause damage to your operating sysytem

Locate fixit.reg on your Desktop and double-click on it.
You will receive a prompt similar to: "Do you wish to merge the information into the registry?".
Answer "Yes" and wait for a message to appear similar to "Merged Successfully".

Please reply back letting me know if it merged correctly.

(In case you are unsure how to create a reg file, take a look here with screenshots.)


right click on desktop and click “Refresh”.

let me know how it all goes.

andrewuk

Edited by andrewuk, 27 August 2008 - 03:57 PM.

  • 0

#22
Norgermish
Posted 29 August 2008 - 02:54 PM

Norgermish

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Hi Andrew,
Sorry about the delay in reply. I tried everything you asked and still no icon. I don't understand what happened. If you have any other suggestions I would appreciate it. I have done some googling and the few suggestions I found were similar to your previous post.
  • 0

#23
andrewuk
Posted 29 August 2008 - 05:35 PM

andrewuk

    Trusted Helper

  • Malware Removal
  • 5,297 posts
ok, lets try another regfix, if this does not work i will push you in the direction of another part of the forum which should be able to help you out:

Please open Notepad
  • Click Start , then Run
  • Type notepad .exe in the Run Box.
Please copy the contents of the code box below into the notepad. To do this highlight the contents of the box and right click on it.

Save it to your desktop has fixit.reg (filetype = any)

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoInternetIcon"=dword:00000000

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoInternetIcon"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]
"{871C5380-42A0-1069-A2EA-08002B30309D}"=dword:00000000

NOTICE: This file was written specifically for this user, for use on that particular machine.
Running this on another machine may cause damage to your operating sysytem

Locate fixit.reg on your Desktop and double-click on it.
You will receive a prompt similar to: "Do you wish to merge the information into the registry?".
Answer "Yes" and wait for a message to appear similar to "Merged Successfully".

Please reply back letting me know if it merged correctly.

(In case you are unsure how to create a reg file, take a look here with screenshots.)



right click on desktop and click “Refresh”.

let me know how it goes.
  • 0

#24
Norgermish
Posted 30 August 2008 - 10:54 PM

Norgermish

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Hi Andrew,
I copied the code to notepad and saved to desktop. Double clicked Fixit and it did as you said. Still no icon:(
I was really hoping for it too:)
Thanks again:)
  • 0

#25
andrewuk
Posted 30 August 2008 - 11:35 PM

andrewuk

    Trusted Helper

  • Malware Removal
  • 5,297 posts
ok, i am pretty sure this is not a malware issue, i am fairly certain it is a SP3 and Internet Explorer issue as no doubt you would have read in your own research on google, but before i send you to another part of the forum lets bring down a fuller picture of your machine:

Download OTViewIt to your desktop.

  • Close all windows and open it by double clicking on the icon
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up called OTViewIt.txt, the other will be saved on your desktop and called Extras. Post both those logs here.
  • You may need to use two posts to get it all on the forum

  • 0

Advertisements

#26
Norgermish
Posted 31 August 2008 - 07:02 PM

Norgermish

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
OTViewIt logfile created on: 8/31/2008 5:59:54 PM - Run 1
OTViewIt by OldTimer - Version 1.0.1.7 Folder = C:\Documents and Settings\Paul Lehman\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.17184)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.42 Mb Total Physical Memory | 467.08 Mb Available Physical Memory | 45.68% Memory free
2.40 Gb Paging File | 1.92 Gb Available in Paging File | 79.88% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.31 Gb Total Space | 120.02 Gb Free Space | 83.17% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: D13JKZB1
Current User Name: Paul Lehman
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On

===== Processes - Non-Microsoft Only =====

[06/26/2006 11:33 AM | 00,099,888 | ---- | M] (Logitech Inc.) - c:\Program Files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe
[02/20/2008 11:08 AM | 00,472,320 | ---- | M] (ESET) - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
[12/19/2006 09:30 AM | 00,081,920 | ---- | M] (Prolific Technology Inc.) - C:\WINDOWS\system32\IoctlSvc.exe
[06/26/2006 11:33 AM | 00,243,248 | ---- | M] (Logitech Inc.) - C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
[02/20/2008 11:06 AM | 01,443,072 | ---- | M] (ESET) - C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
[08/26/2008 03:43 PM | 01,576,176 | ---- | M] (SUPERAntiSpyware.com) - C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
[05/20/2008 09:57 PM | 01,737,216 | ---- | M] () - C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe
[08/18/2008 06:41 PM | 01,832,272 | RHS- | M] (Safer Networking Limited) - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
[07/02/2008 06:52 PM | 00,307,712 | ---- | M] (Mozilla Corporation) - C:\Program Files\Mozilla Firefox\firefox.exe

===== Win32 Services - Non-Microsoft Only =====

(EhttpSrv) Eset HTTP Server [On_Demand | Stopped]
[02/20/2008 11:14 AM | 00,019,200 | ---- | M] (ESET) - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe

(ekrn) Eset Service [Auto | Running]
[02/20/2008 11:08 AM | 00,472,320 | ---- | M] (ESET) - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

(GameConsoleService) GameConsoleService [On_Demand | Stopped]
[01/07/2008 11:25 PM | 00,181,784 | ---- | M] (WildTangent, Inc.) - C:\Program Files\WildTangent\Apps\Dell Game Console\GameConsoleService.exe

(LVPrcSrv) Logitech Process Monitor [Auto | Running]
[06/26/2006 11:33 AM | 00,099,888 | ---- | M] (Logitech Inc.) - c:\Program Files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe

(LVSrvLauncher) LVSrvLauncher [Auto | Stopped]
[06/26/2006 11:33 AM | 00,091,696 | ---- | M] (Logitech Inc.) - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe

(PLFlash DeviceIoControl Service) PLFlash DeviceIoControl Service [Auto | Running]
[12/19/2006 09:30 AM | 00,081,920 | ---- | M] (Prolific Technology Inc.) - C:\WINDOWS\system32\IoctlSvc.exe

(TuneUp.Defrag) TuneUp Drive Defrag Service [On_Demand | Stopped]
[08/26/2008 03:47 PM | 00,354,560 | ---- | M] (TuneUp Software GmbH) - C:\WINDOWS\system32\TuneUpDefragService.exe

===== Driver Services - Non-Microsoft Only =====

(AmdK8) AMD Processor Driver [System | Running]
[06/18/2006 07:37 PM | 00,036,864 | ---- | M] (Advanced Micro Devices) - C:\WINDOWS\system32\drivers\AmdK8.sys

(ASCTRM) ASCTRM [Auto | Running]
[10/19/2006 04:28 PM | 00,008,552 | ---- | M] (Windows ® 2000 DDK provider) - C:\WINDOWS\System32\drivers\asctrm.sys

(catchme) catchme [On_Demand | Stopped]
File not found - C:\ComboFix\catchme.sys

(DSproct) DSproct [On_Demand | Stopped]
[01/10/2006 10:07 AM | 00,004,864 | ---- | M] (GTek Technologies Ltd.) - C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys

(E100B) Intel® PRO Adapter Driver [On_Demand | Stopped]
[08/17/2001 10:12 AM | 00,117,760 | ---- | M] (Intel Corporation) - C:\WINDOWS\system32\drivers\e100b325.sys

(eamon) eamon [Auto | Running]
[02/20/2008 11:01 AM | 00,039,944 | ---- | M] (ESET) - C:\WINDOWS\system32\drivers\eamon.sys

(easdrv) easdrv [System | Running]
[02/20/2008 11:02 AM | 00,029,704 | ---- | M] (ESET) - C:\WINDOWS\system32\drivers\easdrv.sys

(epfwtdir) epfwtdir [System | Running]
[02/20/2008 11:11 AM | 00,033,800 | ---- | M] () - C:\WINDOWS\system32\drivers\epfwtdir.sys

(FilterService) UVC Filter Service [On_Demand | Stopped]
[06/22/2006 03:29 PM | 00,020,272 | R--- | M] (Logitech Inc.) - C:\WINDOWS\system32\drivers\lvuvcflt.sys

(LVcKap) Logitech AEC Driver [On_Demand | Stopped]
[06/26/2006 11:33 AM | 01,587,632 | ---- | M] (Logitech Inc.) - C:\WINDOWS\system32\drivers\Lvckap.sys

(LVMVDrv) Logitech Machine Vision Engine Loader [On_Demand | Stopped]
[06/26/2006 11:33 AM | 01,952,816 | ---- | M] (Logitech Inc.) - C:\WINDOWS\system32\drivers\LVMVdrv.sys

(lvpopflt) Logitech POP Suppression Filter [On_Demand | Stopped]
[06/22/2006 03:29 PM | 01,413,424 | R--- | M] (Logitech Inc.) - C:\WINDOWS\system32\drivers\lvpopflt.sys

(LVPr2Mon) Logitech LVPr2Mon Driver [On_Demand | Running]
[06/26/2006 11:33 AM | 00,023,472 | ---- | M] () - C:\WINDOWS\system32\drivers\LVPr2Mon.sys

(lvselsus) Logitech Selective Suspend Filter [On_Demand | Stopped]
[06/22/2006 03:29 PM | 00,055,984 | R--- | M] (Logitech Inc.) - C:\WINDOWS\system32\drivers\lvselsus.sys

(LVUSBSta) Logitech USB Monitor Filter [On_Demand | Running]
[06/22/2006 03:29 PM | 00,038,960 | R--- | M] (Logitech Inc.) - C:\WINDOWS\system32\drivers\LVUSBSta.sys

(LVUVC) Logitech QuickCam Pro 5000(UVC) [On_Demand | Stopped]
[06/22/2006 03:29 PM | 00,961,072 | R--- | M] (Logitech Inc.) - C:\WINDOWS\system32\drivers\lvuvc.sys

(mraid35x) mraid35x [Disabled | Stopped]
[08/17/2001 11:52 AM | 00,017,280 | ---- | M] (American Megatrends Inc.) - C:\WINDOWS\system32\drivers\mraid35x.sys

(MREMPR5) MREMPR5 NDIS Protocol Driver [On_Demand | Stopped]
[11/22/2004 04:36 PM | 00,019,345 | ---- | M] (Motive, Inc.) - C:\Program Files\Common Files\Motive\MREMPR5.sys

(MRENDIS5) MRENDIS5 NDIS Protocol Driver [On_Demand | Stopped]
[11/22/2004 04:36 PM | 00,018,003 | ---- | M] (Motive, Inc.) - C:\Program Files\Common Files\Motive\MRENDIS5.sys

(NAVAP) NAVAP [On_Demand | Stopped]
File not found - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\NAVAP.sys

(NAVAPEL) NAVAPEL [Auto | Stopped]
File not found - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\NAVAPEL.SYS

(NAVENG) NAVENG [On_Demand | Stopped]
File not found - C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20080625.003\NAVENG.sys

(NAVEX15) NAVEX15 [On_Demand | Stopped]
File not found - C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20080625.003\NAVEX15.sys

(pcouffin) VSO Software pcouffin [On_Demand | Running]
[06/19/2008 07:33 PM | 00,047,360 | ---- | M] (VSO Software) - C:\WINDOWS\system32\drivers\pcouffin.sys

(SASDIFSV) SASDIFSV [System | Running]
[05/28/2008 10:33 AM | 00,008,944 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) - C:\Program Files\SUPERAntiSpyware\sasdifsv.sys

(SASENUM) SASENUM [On_Demand | Running]
[05/28/2008 10:33 AM | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) - C:\Program Files\SUPERAntiSpyware\SASENUM.SYS

(SASKUTIL) SASKUTIL [System | Running]
[05/28/2008 10:33 AM | 00,055,024 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) - C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS

(Sparrow) Sparrow [Disabled | Stopped]
[08/17/2001 12:07 PM | 00,019,072 | ---- | M] (Adaptec, Inc.) - C:\WINDOWS\system32\drivers\sparrow.sys

(wanatw) WAN Miniport (ATW) [On_Demand | Stopped]
File not found - C:\WINDOWS\System32\DRIVERS\wanatw4.sys

========== Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AppleSyncNotifier" = C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [07/22/2008 08:42 PM | 00,116,040 | ---- | M] (Apple Inc.)
"DLA" = C:\WINDOWS\System32\DLA\DLACTRLW.EXE [09/08/2005 03:20 AM | 00,122,940 | ---- | M] (Sonic Solutions)
"egui" = "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice [02/20/2008 11:06 AM | 01,443,072 | ---- | M] (ESET)
"ISUSPM Startup" = "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup [06/10/2005 08:44 AM | 00,249,856 | ---- | M] (InstallShield Software Corporation)
"ISUSScheduler" = "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start [06/10/2005 08:44 AM | 00,081,920 | ---- | M] (InstallShield Software Corporation)
"iTunesHelper" = "C:\Program Files\iTunes\iTunesHelper.exe" [07/30/2008 10:47 AM | 00,289,064 | ---- | M] (Apple Inc.)
"LVCOMSX" = "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe" [06/26/2006 11:33 AM | 00,243,248 | ---- | M] (Logitech Inc.)
"NeroFilterCheck" = C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [02/28/2008 09:59 AM | 00,570,664 | ---- | M] (Nero AG)
"NvCplDaemon" = RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup [06/16/2006 06:39 AM | 07,323,648 | ---- | M] (NVIDIA Corporation)
"SunJavaUpdateSched" = "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [06/10/2008 04:27 AM | 00,144,784 | ---- | M] (Sun Microsystems, Inc.)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" = Reg Error: Value load does not exist or could not be read.
"run" = Reg Error: Value run does not exist or could not be read.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SkinClock" = C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe [05/20/2008 09:57 PM | 01,737,216 | ---- | M] ()
"SpybotSD TeaTimer" = C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [08/18/2008 06:41 PM | 01,832,272 | RHS- | M] (Safer Networking Limited)
"SUPERAntiSpyware" = C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [08/26/2008 03:43 PM | 01,576,176 | ---- | M] (SUPERAntiSpyware.com)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" = Reg Error: Value load does not exist or could not be read.
"run" = Reg Error: Value run does not exist or could not be read.

========== Startup Folders ==========

[All Users Startup Folder - C:\Documents and Settings\All Users\Start Menu\Programs\Startup]

[Paul Lehman Startup Folder - C:\Documents and Settings\Paul Lehman\Start Menu\Programs\Startup]

========== BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
HKLM CLSID: (Adobe PDF Reader Link Helper) - [12/18/2006 04:16 AM | 00,059,032 | ---- | M] (Adobe Systems Incorporated) C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
HKLM CLSID: (Spybot-S&D IE Protection) - [01/28/2008 11:43 AM | 01,554,256 | ---- | M] (Safer Networking Limited) C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
HKLM CLSID: (DriveLetterAccess) - [09/08/2005 03:20 AM | 00,110,652 | ---- | M] (Sonic Solutions) C:\WINDOWS\system32\DLA\DLASHX_W.DLL

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
HKLM CLSID: (SSVHelper Class) - [06/10/2008 04:27 AM | 00,509,328 | ---- | M] (Sun Microsystems, Inc.) C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
HKLM CLSID: (Google Toolbar Helper) - [08/14/2008 07:34 AM | 00,193,136 | ---- | M] () C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
HKLM CLSID: (Google Toolbar Notifier BHO) - [07/10/2008 09:21 PM | 00,651,760 | ---- | M] (Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\4.1.509.5470\swg.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}]
HKLM CLSID: (CBrowserHelperObject Object) - [08/30/2006 09:58 AM | 00,094,208 | ---- | M] (Dell Inc.) C:\Program Files\BAE\BAE.dll

========== Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}"
HKLM CLSID: (&Google Toolbar) - [08/14/2008 07:34 AM | 00,193,136 | ---- | M] () C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"
HKLM CLSID: (&Google Toolbar) - [08/14/2008 07:34 AM | 00,193,136 | ---- | M] () C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

========== AppInit_Dlls ==========

========== Shell Execute Hooks ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}" =
HKLM CLSID: (SABShellExecuteHook Class) - [05/13/2008 10:13 AM | 00,077,824 | ---- | M] (SuperAdBlocker.com) C:\Program Files\SUPERAntiSpyware\SASSEH.DLL

========== HKLM Security Providers ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders]
"msapsspc.dllschannel.dlldigest.dllmsnsspc.dll" - File not found

========== HKLM Winlogon Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell]
"Explorer.exe" - [04/13/2008 05:12 PM | 01,033,728 | ---- | M] (Microsoft Corporation) C:\WINDOWS\explorer.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit]
"C:\WINDOWS\system32\userinit.exe" - [04/13/2008 05:12 PM | 00,026,112 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\userinit.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost]
"logonui.exe" - [04/13/2008 05:12 PM | 00,514,560 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\logonui.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet]
"rundll32 shell32" - [04/13/2008 05:12 PM | 08,461,312 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
"Control_RunDLL "sysdm.cpl"" - [04/13/2008 05:12 PM | 00,300,544 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\sysdm.cpl

========== User's Winlogon Settings ==========

========== Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
"DllName" = C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [08/26/2008 03:43 PM | 00,352,256 | ---- | M] (SUPERAntiSpyware.com)

========== Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoCDBurning" = 0
"NoDriveAutoRun" = 67108863
"NoDriveTypeAutoRun" = 255
"NoDrives" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername" = 0
"legalnoticecaption" =
"legalnoticetext" =
"shutdownwithoutlogon" = 1
"undockwithoutlogon" = 1
"InstallVisualStyle" = C:\WINDOWS\Resources\Themes\Royale\Royale.mss File not found
"InstallTheme" = C:\WINDOWS\Resources\Themes\Royale.the File not found
"DisableRegistryTools" = 0
"HideLegacyLogonScripts" = 0
"HideLogoffScripts" = 0
"RunLogonScriptSync" = 1
"RunStartupScriptSync" = 0
"HideStartupScripts" = 0

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun" = 145
"NoDrives" = 0

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"HideLegacyLogonScripts" = 0
"HideLogoffScripts" = 0
"RunLogonScriptSync" = 1
"RunStartupScriptSync" = 0
"HideStartupScripts" = 0
"DisableRegistryTools" = 0

========== Lsa Authentication Packages ==========

========== Lsa Security Packages ==========

========== Desktop Components ==========

========== Safeboot Options ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot]
"AlternateShell" = cmd.exe

========== Disabled MsConfig Items ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state]
"system.ini" = 0
"win.ini" = 0
"bootini" = 0
"services" = 0
"startup" = 0

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[08/16/2005 02:43 AM | 00,000,000 | ---- | M] () C:\AUTOEXEC.BAT [ NTFS ]

========== MountPoints2 ==========

========== DNS Name Servers ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{311B0AA5-0DF7-41BF-91FC-809479FC1C76}]
Servers: | Description:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{66543450-3357-418D-82F4-73A105ABD9E6}]
Servers: 68.94.156.1 | Description: Broadcom 440x 10/100 Integrated Controller

========== Hosts File ==========

HOSTS File = (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost



========== Files/Folders - Created Within 30 days ==========

[08/22/2008 07:02 AM | 10,721,56672 | -HS- | C] () - C:\hiberfil.sys
[08/23/2008 10:27 PM | 00,000,209 | ---- | C] () - C:\Boot.bak
[08/23/2008 10:27 PM | 00,260,272 | ---- | C] () - C:\cmldr
[08/23/2008 10:27 PM | ---D | C] - C:\cmdcons
[08/25/2008 09:08 PM | -HSD | C] - C:\RECYCLER
[08/26/2008 10:23 PM | ---D | C] - C:\ComboFix
[08/03/2008 09:06 AM | 00,064,352 | ---- | C] () - C:\WINDOWS\System32\drivers\ativmc20.cod
[08/03/2008 09:06 AM | 00,129,045 | ---- | C] () - C:\WINDOWS\System32\drivers\cxthsfs2.cty
[08/03/2008 09:08 AM | 00,067,866 | ---- | C] () - C:\WINDOWS\System32\drivers\netwlan5.img
[5 C:\WINDOWS\System32\*.tmp files]
[08/03/2008 09:07 AM | 00,000,974 | ---- | C] () - C:\WINDOWS\System32\pid.inf
[08/05/2008 03:58 PM | ---D | C] - C:\WINDOWS\System32\bits
[08/05/2008 03:58 PM | ---D | C] - C:\WINDOWS\System32\en
[08/05/2008 03:58 PM | ---D | C] - C:\WINDOWS\System32\scripting
[08/10/2008 11:51 PM | ---D | C] - C:\WINDOWS\System32\DRVSTORE
[08/26/2008 03:46 PM | 00,028,416 | ---- | C] (TuneUp Software GmbH) - C:\WINDOWS\System32\uxtuneup.dll
[08/26/2008 03:46 PM | 00,354,560 | ---- | C] (TuneUp Software GmbH) - C:\WINDOWS\System32\TuneUpDefragService.exe
[1 C:\WINDOWS\*.tmp files]
[08/05/2008 03:49 PM | -H-D | C] - C:\WINDOWS\$NtServicePackUninstall$
[08/05/2008 03:55 PM | ---D | C] - C:\WINDOWS\ServicePackFiles
[08/05/2008 03:58 PM | ---D | C] - C:\WINDOWS\l2schemas
[08/05/2008 07:49 PM | ---D | C] - C:\WINDOWS\Prefetch
[08/10/2008 08:28 AM | 00,001,409 | ---- | C] () - C:\WINDOWS\QTFont.for
[08/10/2008 08:28 AM | 00,054,156 | -H-- | C] () - C:\WINDOWS\QTFont.qfn
[08/11/2008 09:09 AM | 00,000,069 | ---- | C] () - C:\WINDOWS\NeroDigital.ini
[08/13/2008 09:43 PM | 00,000,568 | -H-- | C] () - C:\WINDOWS\nod32fixtemdono.reg
[08/13/2008 09:43 PM | 00,005,702 | -H-- | C] () - C:\WINDOWS\nod32restoretemdono.reg
[08/22/2008 12:03 AM | ---D | C] - C:\WINDOWS\ERDNT
[08/25/2008 08:27 PM | ---D | C] - C:\WINDOWS\temp
[08/27/2008 01:03 PM | -H-D | C] - C:\WINDOWS\ie8
[08/27/2008 01:05 PM | ---D | C] - C:\WINDOWS\ie8updates
[08/10/2008 11:51 PM | 00,000,284 | ---- | C] () - C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[08/26/2008 03:46 PM | 00,000,498 | ---- | C] () - C:\WINDOWS\tasks\1-Click Maintenance.job
[08/10/2008 11:14 PM | ---D | C] - C:\Documents and Settings\All Users\Application Data\Nero
[08/10/2008 11:51 PM | ---D | C] - C:\Documents and Settings\All Users\Application Data\Apple
[08/10/2008 11:52 PM | ---D | C] - C:\Documents and Settings\All Users\Application Data\Apple Computer
[08/13/2008 09:38 PM | ---D | C] - C:\Documents and Settings\All Users\Application Data\Avg8
[08/13/2008 09:42 PM | ---D | C] - C:\Documents and Settings\All Users\Application Data\ESET
[08/22/2008 05:45 PM | ---D | C] - C:\Documents and Settings\All Users\Application Data\Avira
[08/22/2008 12:17 AM | ---D | C] - C:\Documents and Settings\All Users\Application Data\Malwarebytes
[08/26/2008 03:46 PM | ---D | C] - C:\Documents and Settings\All Users\Application Data\TuneUp Software
[08/10/2008 11:02 PM | ---D | C] - C:\Documents and Settings\Paul Lehman\Application Data\Leadertech
[08/10/2008 11:03 PM | ---D | C] - C:\Documents and Settings\Paul Lehman\Application Data\Sonic
[08/10/2008 11:17 PM | ---D | C] - C:\Documents and Settings\Paul Lehman\Application Data\Nero
[08/10/2008 11:53 PM | ---D | C] - C:\Documents and Settings\Paul Lehman\Application Data\Apple Computer
[08/11/2008 12:58 PM | 00,000,525 | ---- | C] () - C:\Documents and Settings\Paul Lehman\Application Data\alarms.ini
[08/11/2008 12:58 PM | 00,000,745 | ---- | C] () - C:\Documents and Settings\Paul Lehman\Application Data\AtomicAlarmClock.ini
[08/14/2008 01:30 AM | ---D | C] - C:\Documents and Settings\Paul Lehman\Application Data\Folder Guard
[08/22/2008 12:17 AM | ---D | C] - C:\Documents and Settings\Paul Lehman\Application Data\Malwarebytes
[08/26/2008 03:46 PM | ---D | C] - C:\Documents and Settings\Paul Lehman\Application Data\TuneUp Software
[08/10/2008 11:19 PM | ---D | C] - C:\Documents and Settings\Paul Lehman\Local Settings\Application Data\Ahead
[08/10/2008 11:50 PM | ---D | C] - C:\Documents and Settings\Paul Lehman\Local Settings\Application Data\Apple Computer
[08/10/2008 11:51 PM | ---D | C] - C:\Documents and Settings\Paul Lehman\Local Settings\Application Data\Apple
[08/20/2008 12:10 PM | ---D | C] - C:\Documents and Settings\Paul Lehman\Local Settings\Application Data\ESET
[08/14/2008 12:54 AM | ---D | C] - C:\Documents and Settings\Paul Lehman\My Documents\chat
[08/14/2008 08:16 AM | ---D | C] - C:\Documents and Settings\Paul Lehman\Desktop\craigs list
[08/22/2008 07:17 AM | ---D | C] - C:\Documents and Settings\Paul Lehman\Desktop\Spyware Virus repair tools
[08/22/2008 08:01 PM | ---D | C] - C:\Documents and Settings\Paul Lehman\Desktop\Incomplete
[08/22/2008 08:01 PM | ---D | C] - C:\Documents and Settings\Paul Lehman\Desktop\New Folder
[08/26/2008 03:46 PM | 00,000,613 | ---- | C] () - C:\Documents and Settings\Paul Lehman\Desktop\TuneUp 1-Click Maintenance.lnk
[08/26/2008 03:46 PM | 00,000,833 | ---- | C] () - C:\Documents and Settings\Paul Lehman\Desktop\TuneUp Utilities 2008.lnk
[08/27/2008 04:34 PM | 00,000,592 | ---- | C] () - C:\Documents and Settings\Paul Lehman\Desktop\ERUNT.lnk
[08/27/2008 04:34 PM | 00,000,611 | ---- | C] () - C:\Documents and Settings\Paul Lehman\Desktop\NTREGOPT.lnk
[08/27/2008 04:37 PM | 00,000,198 | ---- | C] () - C:\Documents and Settings\Paul Lehman\Desktop\fixit.reg
[08/28/2008 09:15 AM | 00,001,778 | ---- | C] () - C:\Documents and Settings\Paul Lehman\Desktop\ImTranslator for IE.lnk
[08/28/2008 09:15 AM | 00,234,062 | ---- | C] () - C:\Documents and Settings\Paul Lehman\Desktop\imtranslatorie3.exe
[08/10/2008 11:14 PM | ---D | C] - C:\Program Files\Common Files\Nero
[08/10/2008 11:51 PM | ---D | C] - C:\Program Files\Common Files\Apple
[08/22/2008 12:17 AM | ---D | C] - C:\Program Files\Common Files\Download Manager
[08/10/2008 10:57 PM | ---D | C] - C:\Program Files\WinZip
[08/10/2008 11:14 PM | ---D | C] - C:\Program Files\Nero
[08/10/2008 11:19 PM | ---D | C] - C:\Program Files\NeroInstall.bak
[08/10/2008 11:35 PM | ---D | C] - C:\Program Files\WinRAR
[08/10/2008 11:36 PM | ---D | C] - C:\Program Files\MagicISO
[08/10/2008 11:52 PM | ---D | C] - C:\Program Files\Bonjour
[08/10/2008 11:52 PM | ---D | C] - C:\Program Files\iTunes
[08/10/2008 11:52 PM | ---D | C] - C:\Program Files\QuickTime
[08/10/2008 11:53 PM | ---D | C] - C:\Program Files\iPod
[08/11/2008 12:58 PM | ---D | C] - C:\Program Files\Atomic Alarm Clock
[08/12/2008 07:13 PM | ---D | C] - C:\Program Files\uTorrent
[08/13/2008 09:42 PM | ---D | C] - C:\Program Files\ESET
[08/19/2008 08:28 AM | ---D | C] - C:\Program Files\GSpot
[08/21/2008 11:38 PM | ---D | C] - C:\Program Files\HijackThis
[08/22/2008 06:55 PM | ---D | C] - C:\Program Files\Trend Micro
[08/22/2008 12:02 AM | ---D | C] - C:\Program Files\ERUNT
[08/22/2008 12:17 AM | ---D | C] - C:\Program Files\Malwarebytes' Anti-Malware
[08/22/2008 12:32 AM | ---D | C] - C:\Program Files\Alwil Software
[08/25/2008 01:13 PM | ---D | C] - C:\Program Files\Sun
[08/26/2008 03:45 PM | ---D | C] - C:\Program Files\TuneUp Utilities 2008
[08/27/2008 01:38 PM | ---D | C] - C:\Program Files\Apple Software Update
[08/27/2008 01:38 PM | ---D | C] - C:\Program Files\Safari

========== Files - Modified Within 30 days ==========

[08/05/2008 03:52 PM | 00,250,048 | RHS- | M] () - C:\ntldr
[08/23/2008 05:38 PM | 00,000,209 | ---- | M] () - C:\Boot.bak
[08/24/2008 07:42 PM | 00,000,279 | RHS- | M] () - C:\boot.ini
[08/31/2008 09:58 AM | 10,721,56672 | -HS- | M] () - C:\hiberfil.sys
[5 C:\WINDOWS\System32\*.tmp files]
[08/06/2008 07:29 PM | 00,878,336 | ---- | M] () - C:\WINDOWS\System32\FNTCACHE.DAT
[08/22/2008 07:01 AM | 00,002,577 | ---- | M] () - C:\WINDOWS\System32\CONFIG.NT
[08/26/2008 03:47 PM | 00,354,560 | ---- | M] (TuneUp Software GmbH) - C:\WINDOWS\System32\TuneUpDefragService.exe
[08/26/2008 10:36 PM | 00,053,640 | ---- | M] () - C:\WINDOWS\System32\perfc009.dat
[08/26/2008 10:36 PM | 00,382,022 | ---- | M] () - C:\WINDOWS\System32\perfh009.dat
[08/26/2008 10:36 PM | 00,441,142 | ---- | M] () - C:\WINDOWS\System32\PerfStringBackup.INI
[08/31/2008 02:45 PM | 00,002,206 | ---- | M] () - C:\WINDOWS\System32\wpa.dbl
[08/31/2008 02:45 PM | 00,039,472 | ---- | M] () - C:\WINDOWS\System32\nvapps.xml
[1 C:\WINDOWS\*.tmp files]
[08/10/2008 08:28 AM | 00,001,409 | ---- | M] () - C:\WINDOWS\QTFont.for
[08/10/2008 08:28 AM | 00,054,156 | -H-- | M] () - C:\WINDOWS\QTFont.qfn
[08/20/2008 11:46 AM | 00,000,069 | ---- | M] () - C:\WINDOWS\NeroDigital.ini
[08/24/2008 07:42 PM | 00,000,658 | ---- | M] () - C:\WINDOWS\win.ini
[08/25/2008 08:25 PM | 00,000,227 | ---- | M] () - C:\WINDOWS\system.ini
[08/27/2008 01:05 PM | 00,001,374 | ---- | M] () - C:\WINDOWS\imsins.BAK
[08/31/2008 09:58 AM | 00,002,048 | --S- | M] () - C:\WINDOWS\bootstat.dat
[08/27/2008 01:38 PM | 00,000,284 | ---- | M] () - C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[08/31/2008 06:00 PM | 00,000,498 | ---- | M] () - C:\WINDOWS\tasks\1-Click Maintenance.job
[08/31/2008 09:59 AM | 00,000,006 | -H-- | M] () - C:\WINDOWS\tasks\SA.DAT
[08/25/2008 12:49 PM | 00,000,668 | ---- | M] () - C:\Documents and Settings\Paul Lehman\Application Data\vso_ts_preview.xml
[08/27/2008 01:00 AM | 00,000,525 | ---- | M] () - C:\Documents and Settings\Paul Lehman\Application Data\alarms.ini
[08/31/2008 02:45 PM | 00,000,745 | ---- | M] () - C:\Documents and Settings\Paul Lehman\Application Data\AtomicAlarmClock.ini
[08/11/2008 08:41 PM | 00,285,712 | ---- | M] () - C:\Documents and Settings\Paul Lehman\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[08/19/2008 08:23 AM | 00,011,264 | ---- | M] () - C:\Documents and Settings\Paul Lehman\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[08/27/2008 02:12 PM | 00,000,082 | -HS- | M] () - C:\Documents and Settings\Paul Lehman\My Documents\desktop.ini
[08/11/2008 08:03 AM | 00,001,394 | ---- | M] () - C:\Documents and Settings\Paul Lehman\Desktop\Media Center.lnk
[08/26/2008 03:46 PM | 00,000,613 | ---- | M] () - C:\Documents and Settings\Paul Lehman\Desktop\TuneUp 1-Click Maintenance.lnk
[08/26/2008 03:46 PM | 00,000,833 | ---- | M] () - C:\Documents and Settings\Paul Lehman\Desktop\TuneUp Utilities 2008.lnk
[08/27/2008 04:34 PM | 00,000,592 | ---- | M] () - C:\Documents and Settings\Paul Lehman\Desktop\ERUNT.lnk
[08/27/2008 04:34 PM | 00,000,611 | ---- | M] () - C:\Documents and Settings\Paul Lehman\Desktop\NTREGOPT.lnk
[08/27/2008 04:37 PM | 00,000,198 | ---- | M] () - C:\Documents and Settings\Paul Lehman\Desktop\fixit.reg
[08/28/2008 09:15 AM | 00,001,778 | ---- | M] () - C:\Documents and Settings\Paul Lehman\Desktop\ImTranslator for IE.lnk
[08/28/2008 09:15 AM | 00,234,062 | ---- | M] () - C:\Documents and Settings\Paul Lehman\Desktop\imtranslatorie3.exe

< End of report >

OTViewIt Extras logfile created on: 8/31/2008 5:59:54 PM - Run 1
OTViewIt by OldTimer - Version 1.0.1.7 Folder = C:\Documents and Settings\Paul Lehman\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.17184)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.42 Mb Total Physical Memory | 467.08 Mb Available Physical Memory | 45.68% Memory free
2.40 Gb Paging File | 1.92 Gb Available in Paging File | 79.88% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.31 Gb Total Space | 120.02 Gb Free Space | 83.17% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[04/13/2008 05:12 PM | 00,141,312 | ---- | M] (Microsoft Corporation)

"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
File not found

"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
File not found

"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL
File not found

"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[04/13/2008 11:53 AM | 00,558,080 | ---- | M] (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[04/13/2008 05:12 PM | 00,141,312 | ---- | M] (Microsoft Corporation)

"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
[04/13/2008 05:12 PM | 01,695,232 | ---- | M] (Microsoft Corporation)

"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[04/13/2008 11:53 AM | 00,558,080 | ---- | M] (Microsoft Corporation)

"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire
[06/18/2008 11:58 AM | 00,147,456 | ---- | M] (Lime Wire, LLC)

"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
[07/24/2007 03:17 PM | 00,229,376 | ---- | M] (Apple Inc.)

"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes
[07/30/2008 10:47 AM | 20,252,968 | ---- | M] (Apple Inc.)

"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent
[08/13/2008 09:27 PM | 00,267,056 | ---- | M] (BitTorrent, Inc.)

"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath
[02/06/2008 07:37 PM | 21,898,024 | R--- | M] (Skype Technologies S.A.)

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] - "%1" %*
.cmd [@ = cmdfile] - "%1" %*
.com [@ = ComFile] - "%1" %*
.exe [@ = exefile] - "%1" %*
.html [@ = FirefoxHTML] - [07/02/2008 06:52 PM | 00,307,712 | ---- | M] (Mozilla Corporation) - C:\Program Files\Mozilla Firefox\firefox.exe
.pif [@ = piffile] - "%1" %*
.scr [@ = scrfile] - "%1" /S

========== Winsock2 Catalogs ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]
NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] - [07/24/2007 03:17 PM | 00,147,456 | ---- | M] (Apple Inc.) C:\Program Files\Bonjour\mdnsNSP.dll

========== HKEY_LOCAL_MACHINE Protocol Defaults ==========


========== HKEY_CURRENT_USER Protocol Defaults ==========


========== Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]
msdaipp: [HKLM - No CLSID value]

skype4com:{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} [HKLM - IEProtocolHandler Class]
[02/06/2008 07:37 PM | 01,934,672 | R--- | M] (Skype Technologies) C:\Program Files\Common Files\Skype\Skype4COM.dll

========== Protocol Filters ==========

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio RecordNow Data
"{08CA9554-B5FE-4313-938F-D4A417B81175}" = QuickTime
"{0DC86BEC-5CE3-413A-BB61-C40A3D186B24}" = Scan
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Roxio DLA
"{14BEB6DF-A499-4A38-8E06-E173BCD5C087}" = ScannerCopy
"{17293791-C82E-476C-9997-9A0FF234A19B}" = HP Product Assistant
"{181821B7-82AA-44DA-9DAF-EF254CCB670A}" = Fax
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1AD5F465-8282-4DAD-B957-E09C0B783D18}" = InstantShare
"{1B680FBA-E317-4E93-AF43-3B59798A4BE0}" = Copy
"{20FBC0A0-3160-4F14-83ED-3A74BB6B8C31}" = TrayApp
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Roxio MyDVD LE
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{272EC8BA-5A08-4ea1-A189-684466A06B02}" = cp_dwShrek2Albums1
"{2E8428AD-6CD2-4031-916A-3CF9BBF2DEC9}" = Unload
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{32A3A4F4-B792-11D6-A78A-00B0D0160070}" = Java™ SE Development Kit 6 Update 7
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{342C7C88-D335-4bc2-8CF1-281857629CE2}" = HP PSC & OfficeJet 4.7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{37477865-A3F1-4772-AD43-AAFC6BCFF99F}" = MSXML 4.0 SP2 (KB927978)
"{3762DB2D-71BD-421F-9E55-C74DA7DF4D07}" = CueTour
"{3846E811-639D-4DE1-844B-30491C0A6C0C}" = Dell Support 3.2
"{391E18CE-7D3B-45E9-A8F0-34E77F14F47A}" = ProductContext
"{3DE0053C-FD9A-483E-B7C9-B06E4392206E}" = iTunes
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}" = Dell CinePlayer
"{442BE28B-782B-4DC0-B490-E70A403B1C69}" = Readme
"{461073BF-9642-4A73-B58E-157358D412AB}" = 6200
"{4667B940-BB01-428B-986E-A0CC46497BF7}" = ELIcon
"{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}" = Bonjour
"{49C88E44-1B38-4FC6-824E-2BDA3063B0E3}" = Apple Mobile Device Support
"{4B9F45E8-E3CE-40B4-9463-80A9B3481DEF}" = Banctec Service Agreement
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5888428E-699C-4E71-BF71-94EE06B497DA}" = TuneUp Utilities 2008
"{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}" = Sonic Activation Module
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.6
"{5E8D588F-307C-4250-B622-26969027319A}" = PanoStandAlone
"{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon
"{644D04A2-C682-4FD5-977D-03B804C4B9C5}" = CreativeProjects
"{646A65DD-23FC-418E-B9F0-E0500FB42CB1}" = PhotoGallery
"{64FC0C98-B035-4530-B15D-3D30610B6DF1}" = HP Software Update
"{6518675B-CC8D-4AB3-A3F6-CC02FF6548D7}" = 6200_Help
"{655CB07D-C944-40BE-B93F-55957CAC7625}" = AiO_Scan
"{68963635-14A4-48D9-B431-DF3A74D1AAE1}" = Destinations
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}" = Digital Content Portal
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{700A6597-3CE6-49C1-AA75-846B24CDA66D}" = BufferChm
"{724517BD-1DE1-4986-BFCA-C1DFD379E3BC}" = cp_dwShrek2Cards1
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{76C24F39-B161-498F-BD8B-C64789812D13}_is1" = ConvertXtoDVD 3.0.0.1
"{7A3F0566-5E05-4919-9C98-456F6B5CF831}" = Get High Speed Internet!
"{7AD25C9F-9957-4D1C-95EF-9BCD09F6D31B}" = HPSystemDiagnostics
"{7D974ACA-4EE5-412C-8E6A-A5B57B305727}" = ESET NOD32 Antivirus
"{84CDF5A8-1D57-4B69-BAB6-1F11D8923375}" = SkinsHP1
"{85CFD253-38AE-4DB1-ACB7-F0F4C791990D}" = AiOSoftware
"{85D3CC30-8859-481A-9654-FD9B74310BEF}" = Musicmatch® Jukebox
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{8AC049F7-1383-45C3-9E7D-F93CA667F9E1}" = UMVPLStandalone
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8BC3B99B-A6BE-4A0B-8535-B1B94BA4B1B1}" = DocProc
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{91CA0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Small Business Edition 2003
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{A5B9D22C-755A-4AC6-9904-875E80838BB6}" = CP_AtenaShokunin1Config
"{A683A2C0-821C-486F-858C-FA634DB5E864}" = EducateU
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio RecordNow Audio
"{AC76BA86-7AD7-1033-7B44-A71000000002}" = Adobe Reader 7.1.0
"{ADD209A3-C05A-4988-B4CD-65B6B582F911}" = PrintMaster Gold 18
"{B0DF58A2-40DF-4465-AA56-38623EC9938C}" = Documentation & Support Launcher
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio RecordNow Copy
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6884A07-0305-47AE-9969-8F26FADC17DE}" = Games, Music, & Photos Launcher
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B911B811-BA3E-46D4-90F8-6F3338359651}" = Director
"{BD3DCAB0-3FE5-44FB-90DA-EFB0A2CD1387}" = Works Synchronization
"{BE282C23-5484-47FF-B2C1-EBEA5C891033}" = Nero 8
"{BEF726DD-4037-4214-8C6A-E625C02D2870}" = Logitech Audio Echo Cancellation Component
"{C04E32E0-0416-434D-AFB9-6969D703A9EF}" = MSXML 4.0 SP2 (KB936181)
"{C252EB7B-7AE0-46DE-9BEE-DF681B885F13}" = Modem Diagnostic Tool
"{C3F81504-72F3-4262-9449-487404DA75BB}" = 6200Trb
"{C9D96682-5A4D-45FA-BA3E-DDCB2B0CB868}" = Safari
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD49361E-3FE6-457E-90A1-9C59E29B5D02}" = Java DB 10.3.1.4
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CDFCF124-115F-4976-8BF4-08C89187A146}" = WebReg
"{CE0C8CC5-E396-442B-A50E-D1D374A9E820}" = DocumentViewer
"{D2988E9B-C73F-422C-AD4B-A66EBE257120}" = MCU
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{EA516024-D84D-41F1-814F-83175A6188F2}" = Logitech Video Enumerator
"{EC42ED6A-751D-45C0-A4F9-8CD00E4690FC}" = Logitech QuickCam
"{FAF7F1D7-C0E7-47EA-8AAA-84E4F9EA3C94}" = Works Suite OS Pack
"{FB64BF25-3593-4E4E-AA85-84AEF1D1475F}" = Broadcom Management Programs
"{FC22D020-3005-4715-8DF9-F3EDE81DEB3D}" = CreativeProjectsTemplates
"12133444-BF36-4d4e-B7FB-A3424C645DE4" = GemMaster Mystic
"AC3Filter" = AC3Filter (remove only)
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player Plugin
"Atomic Alarm Clock_is1" = Atomic Alarm Clock 5.61
"ATT-AACE" = ATT-AACE
"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"Dell Game Console" = Dell Game Console
"EmeraldQFE2" = Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
"ERUNT_is1" = ERUNT 1.1j
"Eset NOD32 v3.0.642 FiX1.2 by TemDono_is1" = NOD32 v3.0.642 FiX1.2 by TemDono (31 days remaining forever up
"getPlus®_ocx" = getPlus®_ocx
"GSpot" = GSpot Codec Information Appliance
"HijackThis" = HijackThis 2.0.2
"HP Photo & Imaging" = HP Image Zone 4.7
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8 Beta 1
"ImTranslator for IE" = ImTranslator for IE
"KB835221WXP" = High Definition Audio Driver Package - KB835221
"KB900325" = Update Rollup 2 for Windows XP Media Center Edition 2005
"KB903157" = Hotfix for Windows Media Player 10 (KB903157)
"KB908246" = Windows XP Media Center Edition 2005 KB908246
"KB910393" = Update for Windows Media Player 10 (KB910393)
"KB911564" = Security Update for Windows Media Player (KB911564)
"KB913800" = Update for Windows Media Player 10 (KB913800)
"KB917734_WMP10" = Security Update for Windows Media Player 10 (KB917734)
"KB925766" = Windows XP Media Center Edition 2005 KB925766
"KB926251" = Update for Windows Media Player 10 (KB926251)
"KB928090-IE7" = Security Update for Windows Internet Explorer 7 (KB928090)
"KB929399" = Hotfix for Windows Media Format 11 SDK (KB929399)
"KB929969" = Security Update for Windows Internet Explorer 7 (KB929969)
"KB931768-IE7" = Security Update for Windows Internet Explorer 7 (KB931768)
"KB933566-IE7" = Security Update for Windows Internet Explorer 7 (KB933566)
"KB936782_WMP10" = Security Update for Windows Media Player 10 (KB936782)
"KB936782_WMP11" = Security Update for Windows Media Player 11 (KB936782)
"KB937143-IE7" = Security Update for Windows Internet Explorer 7 (KB937143)
"KB938127-IE7" = Security Update for Windows Internet Explorer 7 (KB938127)
"KB939653-IE7" = Security Update for Windows Internet Explorer 7 (KB939653)
"KB939683" = Hotfix for Windows Media Player 11 (KB939683)
"KB941569" = Security Update for Windows XP (KB941569)
"KB942615-IE7" = Security Update for Windows Internet Explorer 7 (KB942615)
"KB944533-IE7" = Security Update for Windows Internet Explorer 7 (KB944533)
"KB946648" = Security Update for Windows XP (KB946648)
"KB947864-IE7" = Hotfix for Windows Internet Explorer 7 (KB947864)
"KB950759-IE7" = Security Update for Windows Internet Explorer 7 (KB950759)
"KB950760" = Security Update for Windows XP (KB950760)
"KB950762" = Security Update for Windows XP (KB950762)
"KB950974" = Security Update for Windows XP (KB950974)
"KB951066" = Security Update for Windows XP (KB951066)
"KB951072-v2" = Update for Windows XP (KB951072-v2)
"KB951376" = Security Update for Windows XP (KB951376)
"KB951376-v2" = Security Update for Windows XP (KB951376-v2)
"KB951698" = Security Update for Windows XP (KB951698)
"KB951748" = Security Update for Windows XP (KB951748)
"KB951978" = Update for Windows XP (KB951978)
"KB952287" = Hotfix for Windows XP (KB952287)
"KB952954" = Security Update for Windows XP (KB952954)
"KB953838-IE7" = Security Update for Windows Internet Explorer 7 (KB953838)
"KB953838-IE8" = Security Update for Windows Internet Explorer 8 (KB953838)
"KB953839" = Security Update for Windows XP (KB953839)
"LimeWire" = LimeWire PRO 4.18.3
"LiveUpdate1.7" = LiveUpdate 1.7 (Symantec Corporation)
"M928366" = Microsoft .NET Framework 1.1 Hotfix (KB928366)
"Magic ISO Maker v5.4 (build 0239)" = Magic ISO Maker v5.4 (build 0239)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox (3.0.1)" = Mozilla Firefox (3.0.1)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"QcDrv" = Logitech® Camera Driver
"RealPlayer 6.0" = RealPlayer Basic
"StreetPlugin" = Learn2 Player (Uninstall Only)
"ViewpointMediaPlayer" = Viewpoint Media Player
"WebPost" = Microsoft Web Publishing Wizard 1.52
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WinZip" = WinZip
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"YInstHelper" = Yahoo! Install Manager

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========


[ Application Events ]
Error - 8/13/2008 8:20:03 PM - Computer Name = D13JKZB1 - User Name = User SID not found - Source = Application Error
Description = Faulting application firefox.exe, version 1.8.20080.4669, faulting
module xpcom_core.dll, version 1.8.20080.4669, fault address 0x00001797.

Error - 8/14/2008 3:57:25 AM - Computer Name = D13JKZB1 - User Name = User SID not found - Source = Application Error
Description = Faulting application firefox.exe, version 1.8.20080.4669, faulting
module ntdll.dll, version 5.1.2600.5512, fault address 0x000109f9.

Error - 8/14/2008 8:32:58 AM - Computer Name = D13JKZB1 - User Name = User SID not found - Source = Application Error
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module unknown, version 0.0.0.0, fault address 0x423114a2.

Error - 8/15/2008 4:54:54 PM - Computer Name = D13JKZB1 - User Name = User SID not found - Source = Application Hang
Description = Hanging application firefox.exe, version 1.8.20080.4669, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 8/24/2008 5:02:40 PM - Computer Name = D13JKZB1 - User Name = User SID not found - Source = Application Hang
Description = Hanging application iexplore.exe, version 7.0.6000.16705, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 8/24/2008 5:02:47 PM - Computer Name = D13JKZB1 - User Name = User SID not found - Source = Application Hang
Description = Hanging application iexplore.exe, version 7.0.6000.16705, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 8/24/2008 5:02:50 PM - Computer Name = D13JKZB1 - User Name = User SID not found - Source = Application Hang
Description = Fault bucket 854786114.

Error - 8/24/2008 5:02:51 PM - Computer Name = D13JKZB1 - User Name = User SID not found - Source = Application Hang
Description = Fault bucket 854786114.

Error - 8/24/2008 5:04:31 PM - Computer Name = D13JKZB1 - User Name = User SID not found - Source = Application Hang
Description = Hanging application iexplore.exe, version 7.0.6000.16705, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 8/24/2008 5:04:36 PM - Computer Name = D13JKZB1 - User Name = User SID not found - Source = Application Hang
Description = Fault bucket 854786114.


[ Internet Explorer Events ]

[ Media Center Events ]

[ Security Events ]

[ System Events ]
Error - 8/27/2008 9:11:58 PM - Computer Name = D13JKZB1 - User Name = User SID not found - Source = Service Control Manager
Description = The NAVAPEL service failed to start due to the following error: %%3

Error - 8/27/2008 9:11:59 PM - Computer Name = D13JKZB1 - User Name = User SID not found - Source = Service Control Manager
Description = The following boot-start or system-start driver(s) failed to load:
nvatabus nvraid

Error - 8/31/2008 4:42:04 AM - Computer Name = D13JKZB1 - User Name = User SID not found - Source = Service Control Manager
Description = The NAVAPEL service failed to start due to the following error: %%3

Error - 8/31/2008 4:42:05 AM - Computer Name = D13JKZB1 - User Name = User SID not found - Source = Service Control Manager
Description = The following boot-start or system-start driver(s) failed to load:
nvatabus nvraid

Error - 8/31/2008 4:42:33 AM - Computer Name = D13JKZB1 - User Name = User SID not found - Source = W32Time
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 8/31/2008 4:42:33 AM - Computer Name = D13JKZB1 - User Name = User SID not found - Source = W32Time
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 8/31/2008 4:43:00 AM - Computer Name = D13JKZB1 - User Name = User SID not found - Source = W32Time
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 8/31/2008 4:43:00 AM - Computer Name = D13JKZB1 - User Name = User SID not found - Source = W32Time
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 8/31/2008 4:59:03 PM - Computer Name = D13JKZB1 - User Name = User SID not found - Source = Service Control Manager
Description = The NAVAPEL service failed to start due to the following error: %%3

Error - 8/31/2008 4:59:04 PM - Computer Name = D13JKZB1 - User Name = User SID not found - Source = Service Control Manager
Description = The following boot-start or system-start driver(s) failed to load:
nvatabus nvraid


< End of report >
  • 0

#27
andrewuk
Posted 01 September 2008 - 09:15 AM

andrewuk

    Trusted Helper

  • Malware Removal
  • 5,297 posts
ok, lets see if this works:

1. Download IEFix, unzip it to your Desktop, and run it.
2. Click the Apply button.
3. You'll be prompted for the Operating System CD or the Service Pack Files location:
  • If you're using Windows XP, insert the Operating System CD. For OEM systems, point to the Operating System source path when prompted. If you've applied a Service Pack separately, you need to insert the Slipstreamed Operating System CD (if you have one) or point the installer to the ServicePack source path when prompted (see the image below). Mention the path as "C:\Windows\ServicePackFiles\i386" or "C:\Windows\ServicePackFiles"
  • If you don't have the Windows installation CD, and if the installation source files are not present in the hard disk, you may click Cancel when you see a dialog similar to the image below. IEFix will continue with DLL registration part.
    Posted Image
  • Restart Windows.

let me know how this goes.
  • 0

#28
Norgermish
Posted 01 September 2008 - 11:49 PM

Norgermish

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Hi Andrew,
I ran IEFix and I am now writing this reply using IE not Firefox. So it seems to have worked. Thanks you for all the help and patience throught as well.
Take care,
Paul
  • 0

#29
andrewuk
Posted 02 September 2008 - 02:53 AM

andrewuk

    Trusted Helper

  • Malware Removal
  • 5,297 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP