-
Linabbs's blog- ZA采用升級安裝或者導入舊版ZA的配置文件到新版導致程序列表假死的Bug。
- 裝了ZA,如何使你的開機速度快點
- 如何設置查看局域網內被設入internet區機器的共享資源
- ZA也可以做到低資源占用!
- 關于za for vista(在VISTA下用ZA的人過來看看)
- CheckPoint Integrity Desktop v6.5.063.207 KeyGen
- 戰術攻防之近距離搏擊篇(ARP)攻擊
- 還在使用老版ZA的朋友們注意:ZoneAlarm防火墻產品有多個本地權限提升存在漏洞
- Knowledge Base / KB Extended (KE) 內容列表及說明
- 關于《利用ZA專家規則,允許/禁止端口》的一點補充和說明
Jan
20
Hello. Recently many pop ups and ect have been appearing. My windows live One care(Which has expired so is relatively useless) found a certain trojan that the name escapes me, but when trying to delete failed. The internet was redirected multiple times and Internet pages opened without my consent. Certain things have been asking permission to run, and I’m guessing were malicious.
I tried to update Spybot but the ITPIP update failed so I didn’t try
-On another note, I didn’t delete all the stuff it found because I’m scared it’s integrated into certain programs I don’t want to delete. Can they do that and are my fears right? I came to the professions because of this. I hope you can help and thank you.
P.S This is a friend of the family of this computer. I’m going to get better protection after this is over, and make them delete Limewire. Another question I have is, if I’m infected and download protection (Firewalls, removers, etc.) can they get infected right away? Should I get them when the computer is clean only? Or if I can.
Here is the Log.txt from the scanner thing I had to scan with from your one thing people have to scan with. The hijackthis download failed.. Idk why.
Logfile of random’s system information tool 1.05 (written by random/random)
Run by Owner at 2009-01-05 21:10:43
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 109 GB (73%) free of 149 GB
Total RAM: 446 MB (15% free)
HijackThis download failed
======Scheduled tasks folder======
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\B2CD064C97EAB664.job
C:\WINDOWS\tasks\EasyShare Registration RunOnce Task.job
C:\WINDOWS\tasks\ISP signup reminder 2.job
C:\WINDOWS\tasks\lepkjcgx.job
C:\WINDOWS\tasks\Symantec NetDetect.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{00A6FAF1-072E-44cf-8957-5838F569A31D}]
MyWebSearch Search Assistant BHO - C:\Program Files\MyWebSearch\SrchAstt\4.bin\MWSSRCAS.DLL [2008-12-28 61440]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll [2007-12-18 817936]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
HP Print Enhancer - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2007-11-06 322880]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{07B18EA1-A523-4961-B6BB-170DE4475CCA}]
mwsBar BHO - C:\Program Files\MyWebSearch\bar\4.bin\MWSBAR.DLL [2008-12-28 417887]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{5A263CF7-56A6-4D68-A8CF-345BE45BC911}]
Yahoo! IE Suggest - C:\Program Files\Yahoo!\Search\YSearchSuggest.dll [2007-02-23 140840]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll [2007-12-14 509328]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{7E3659A6-4BC5-4d93-B3FD-8B5ACC2FEDED}]
PPCScamBHO Class - C:\Program Files\PeoplePC\Toolbar\ScamGrd.dll [2006-01-19 176128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{A8FB8EB3-183B-4598-924D-86F0E5E37085}]
PeoplePal Toolbar - C:\Program Files\PeoplePC\Toolbar\PPCToolbar.dll [2006-01-24 220672]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{F9FA76AE-5A55-41D1-974C-5F66920794F4}]
C:\WINDOWS\system32\tuvSMcBQ.dll [2009-01-05 289280]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]
HP Smart BHO Class - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2007-11-06 542016]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{A8FB8EB3-183B-4598-924D-86F0E5E37085} - PeoplePal Toolbar - C:\Program Files\PeoplePC\Toolbar\PPCToolbar.dll [2006-01-24 220672]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! �u��C - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll [2007-12-18 817936]
{07B18EA9-A523-4961-B6BB-170DE4475CCA} - My Web Search - C:\Program Files\MyWebSearch\bar\4.bin\MWSBAR.DLL [2008-12-28 417887]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-10-14 49152]
"hpqSRMon"=C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [2007-08-22 80896]
"MyWebSearch Plugin"=rundll32 C:\PROGRA~1\MYWEBS~1\bar\4.bin\M3PLUGIN.DLL []
"My Web Search Bar Search Scope Monitor"=C:\PROGRA~1\MYWEBS~1\bar\4.bin\m3SrchMn.exe [2008-12-28 24688]
"MyWebSearch Email Plugin"=C:\PROGRA~1\MYWEBS~1\bar\4.bin\mwsoemon.exe [2008-12-28 32838]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-01-31 385024]
"prunnet"=C:\WINDOWS\system32\prunnet.exe [2009-01-05 114688]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2007-10-18 5724184]
"Aim6"=C:\Program Files\AIM6\aim6.exe [2008-08-06 50472]
"MyWebSearch Email Plugin"=C:\PROGRA~1\MYWEBS~1\bar\4.bin\mwsoemon.exe [2008-12-28 32838]
"prunnet"=C:\WINDOWS\system32\prunnet.exe [2009-01-05 114688]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\1A:Stardock TrayMonitor]
C:\Program Files\Common Files\Stardock\TrayServer.exe [2003-02-14 81920]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
C:\Program Files\AIM6\aim6.exe [2008-08-06 50472]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Fast Start]
C:\Program Files\America Online 9.0\AOL.EXE [2005-07-25 50776]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Spyware Protection]
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Bart Station]
C:\Program Files\PeoplePC\ISP6300\BIN\PPCOLink.exe -STATION []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BookmarkCentral]
C:\PROGRA~1\BMCENT~1\BMLauncher.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
C:\Program Files\Common Files\Symantec Shared\ccApp.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadAccelerator]
C:\Program Files\DAP\DAP.EXE /STARTUP []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ezthemes_WhenUSaveNow_Installer]
C:\Program Files\Ezthemes_WhenUSaveNow_Installer\Ezthemes_WhenUSaveNow_Installer.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Flaw idol time locks]
C:\Documents and Settings\All Users\Application Data\MULTI GLUE FLAW IDOL\AimFrag.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Free Download Manager]
C:\Program Files\Free Download Manager\fdm.exe -autorun []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe /startup []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
C:\Program Files\Common Files\AOL\1216603751\ee\AOLSoftware.exe [2006-03-10 48280]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan]
C:\Program Files\Internet Download Manager\IDMan.exe /onboot []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2008-02-19 267048]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-09-23 36864]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe [2007-02-08 488984]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe [2007-02-08 774168]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe [2007-02-06 252704]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
C:\PROGRA~1\McAfee.com\Agent\McAgent.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3]
C:\Program Files\MessengerPlus! 3\MsgPlus.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnappau]
C:\Program Files\MSN Apps\Updater\01.02.0002.1001\en-us\msnappau.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2007-10-18 5724184]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NetPumper]
C:\Program Files\NetPumper\NetPumperIEProxy.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\New.net Startup]
rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OneCareUI]
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe [2008-11-05 64880]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OneTouch Monitor]
C:\PROGRA~1\VISION~1\ONETOU~2.EXE []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pollface]
C:\DOCUME~1\Owner\APPLIC~1\WEBMAI~1\Data Eggs.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PPWebCap]
C:\PROGRA~1\ScanSoft\PAPERP~1\PPWebCap.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pure Networks Port Magic]
C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe -Run []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickCare2.2]
C:\Program Files\Qwest\QuickCare\bin\sprtcmd.exe [2007-05-04 198184]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2008-01-31 385024]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
C:\WINDOWS\SMINST\RECGUARD.EXE [2002-09-13 212992]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
C:\WINDOWS\Creator\Remind_XP.exe [2005-03-15 966656]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2004-11-02 32768]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe [2008-09-23 21755688]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
C:\WINDOWS\SOUNDMAN.EXE [2003-12-09 67584]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spanish]
C:\Program Files\Learn To Speak French Demo V2.8\Study Conversation.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedOptimizer]
C:\PROGRA~1\SPEEDO~1\SPO.EXE -s []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe [2007-12-14 144784]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunKistEM]
C:\Program Files\Digital Media Reader\shwiconem.exe [2004-11-15 135168]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]
C:\PROGRA~1\SYMNET~1\SNDMon.exe [2006-02-14 100056]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\URLLSTCK.exe]
C:\Program Files\Norton Internet Security\UrlLstCk.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
C:\WINDOWS\system32\VTTimer.exe [2005-03-08 53248]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTrayp]
C:\WINDOWS\system32\VTtrayp.exe [2005-03-11 147456]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebAccelerator]
C:\Program Files\Web Accelerator\webxl.exe [2005-08-26 98304]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WhenUSave]
C:\Program Files\Save\Save.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe -quiet []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YSearchProtection]
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\_AntiSpyware]
C:\Program Files\McAfee\McAfee AntiSpyware\MssCli.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE [1999-11-04 113664]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE [2004-12-14 29696]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk]
C:\Program Files\BigFix\BigFix.exe /atstartup []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
C:\PROGRA~1\Logitech\DESKTO~1\8876480\Program\LDMConf.exe [2007-09-23 196608]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Check for OneTouch Updates.lnk]
C:\Program Files\Visioneer OneTouch\WiseUpdt.exe /C []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
C:\PROGRA~1\LimeWire\LimeWire.exe [2008-02-08 147456]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^MagicDisc.lnk]
C:\PROGRA~1\MAGICD~1\MAGICD~1.EXE [2008-02-18 546816]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^OpenOffice.org 2.4.lnk]
C:\PROGRA~1\OPENOF~1.4\program\QUICKS~1.EXE [2008-01-21 393216]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Xfire.lnk]
C:\Program Files\Xfire\Xfire.exe []
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\opnnnnKc]
C:\WINDOWS\system32\opnnnnKc.dll [2009-01-05 50176]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceOb jectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell ExecuteHooks]
"{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}"=C:\WINDOWS\system32\opnnnnKc.dll [2009-01-05 50176]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
C:\WINDOWS\system32\tuvSMcBQ
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\OneCar eMP]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\OneCar eMP]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Syste m]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explor er]
"NoDriveTypeAutoRun"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameter s\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@x psp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Application Loader"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe"="C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe:*:Enabled:AOLTsMon"
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe"="C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe:*:Enabled:AOLTopSpeed"
"C:\Program Files\Common Files\AOL\1122639952\EE\AOLServiceHost.exe"="C:\Program Files\Common Files\AOL\1122639952\EE\AOLServiceHost.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\System Information\sinf.exe"="C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe"="C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe"="C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe"="C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe:*:Enabled:AOL"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Total War\Medieval - Total War\Medieval_TW.exe"="C:\Program Files\Total War\Medieval - Total War\Medieval_TW.exe:*:Enabled:Medieval_TW"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\EA GAMES\The Battle for Middle-earth ™\game.dat"="C:\Program Files\EA GAMES\The Battle for Middle-earth ™\game.dat:*:Enabled:The Battle for Middle-earth ™"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\Documents and Settings\Owner\My Documents\Downloads\Programs\utorrent.exe"="C:\Documents and Settings\Owner\My Documents\Downloads\Programs\utorrent.exe:*:Enabled:�Torrent"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\Common Files\AOL\1216603751\EE\AOLServiceHost.exe"="C:\Program Files\Common Files\AOL\1216603751\EE\AOLServiceHost.exe:*:Enabled:AOL"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe"="C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare"
"C:\Program Files\America Online 9.0b\waol.exe"="C:\Program Files\America Online 9.0b\waol.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\1216603751\EE\aolsoftware.exe"="C:\Program Files\Common Files\AOL\1216603751\EE\aolsoftware.exe:*:Enabled:AOL Services"
"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameter s\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@x psp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountp oints2\D]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountp oints2\{36db705f-3c72-11d8-a150-806d6172696f}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountp oints2\{4021e6df-0a2a-11da-b762-806d6172696f}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountp oints2\{78c58664-836b-11dc-86fb-0040caaaf5ca}]
shell\AutoRun\command - J:\LaunchU3.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountp oints2\{9e8d2dcc-a465-11dd-8814-0040caaaf5ca}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Toy.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountp oints2\{dcd886df-1ef9-11da-9a49-806d6172696f}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountp oints2\{deff3a65-0821-11da-8b7d-806d6172696f}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480
======List of files/folders created in the last 3 months======
2009-01-05 21:10:50 —-D—- C:\Program Files\trend micro
2009-01-05 21:10:43 —-D—- C:\rsit
2009-01-05 19:28:32 —-D—- C:\Program Files\TeaTimer (Spybot - Search & Destroy)
2009-01-05 19:28:30 —-D—- C:\Program Files\SDHelper (Spybot - Search & Destroy)
2009-01-05 19:28:30 —-D—- C:\Program Files\Misc. Support Library (Spybot - Search & Destroy)
2009-01-05 19:28:28 —-D—- C:\Program Files\File Scanner Library (Spybot - Search & Destroy)
2009-01-05 19:24:45 —-A—- C:\WINDOWS\system32\jkkJyWmj.dll
2009-01-05 19:23:25 —-A—- C:\WINDOWS\system32\2b0a511f-.txt
2009-01-05 19:21:38 —-ASH—- C:\WINDOWS\system32\QBcMSvut.ini2
2009-01-05 19:21:36 —-ASH—- C:\WINDOWS\system32\QBcMSvut.ini
2009-01-05 19:21:28 —-A—- C:\WINDOWS\system32\tuvSMcBQ.dll
2009-01-05 19:16:25 —-A—- C:\WINDOWS\system32\efcyxuRj.dll
2009-01-05 19:16:07 —-A—- C:\WINDOWS\system32\opnnnnKc.dll
2009-01-05 19:15:43 —-A—- C:\WINDOWS\system32\prunnet.exe
2008-12-18 13:50:35 —-D—- C:\Program Files\SHARP
2008-12-11 03:11:41 —-HDC—- C:\WINDOWS\$NtUninstallKB955839$
2008-12-11 03:02:48 —-HDC—- C:\WINDOWS\$NtUninstallKB952069_WM9$
2008-12-11 03:02:16 —-HDC—- C:\WINDOWS\$NtUninstallKB954600$
2008-12-11 03:01:45 —-HDC—- C:\WINDOWS\$NtUninstallKB956802$
2008-12-07 20:37:58 —-D—- C:\Documents and Settings\All Users\Application Data\WEBREG
2008-12-07 20:32:58 —-D—- C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
2008-12-07 20:31:59 —-RA—- C:\WINDOWS\system32\hpzids01.dll
2008-12-07 20:31:48 —-A—- C:\WINDOWS\system32\hpzll5mu.dll
2008-12-07 20:31:16 —-RA—- C:\WINDOWS\system32\difxapi.dll
2008-12-07 20:31:15 —-RA—- C:\WINDOWS\system32\hppldcoi.dll
2008-12-07 20:31:14 —-RA—- C:\WINDOWS\system32\hpovst15.dll
2008-12-07 20:31:14 —-RA—- C:\WINDOWS\system32\hpotscl6.dll
2008-12-07 20:31:13 —-RA—- C:\WINDOWS\system32\hpowiax7.dll
2008-12-07 20:29:38 —-D—- C:\Documents and Settings\Owner\Application Data\HP
2008-11-28 22:19:39 —-A—- C:\WINDOWS\system32\xinput1_1.dll
2008-11-28 22:19:36 —-A—- C:\WINDOWS\system32\xactengine2_1.dll
2008-11-28 22:18:43 —-A—- C:\WINDOWS\system32\d3dx9_30.dll
2008-11-28 22:18:41 —-A—- C:\WINDOWS\system32\xactengine2_0.dll
2008-11-28 22:18:41 —-A—- C:\WINDOWS\system32\x3daudio1_0.dll
2008-11-28 22:18:38 —-A—- C:\WINDOWS\system32\d3dx9_29.dll
2008-11-28 22:17:58 —-A—- C:\WINDOWS\system32\d3dx9_28.dll
2008-11-28 22:17:56 —-A—- C:\WINDOWS\system32\xinput9_1_0.dll
2008-11-28 22:17:53 —-A—- C:\WINDOWS\system32\d3dx9_27.dll
2008-11-28 22:17:51 —-A—- C:\WINDOWS\system32\d3dx9_26.dll
2008-11-28 22:17:48 —-A—- C:\WINDOWS\system32\d3dx9_25.dll
2008-11-28 22:17:39 —-A—- C:\WINDOWS\system32\d3dx9_24.dll
2008-11-28 21:11:00 —-D—- C:\Program Files\SEGA
2008-11-28 13:34:13 —-D—- C:\Documents and Settings\Owner\Application Data\HPAppData
2008-11-28 08:05:04 —-D—- C:\Documents and Settings\All Users\Application Data\HP Product Assistant
2008-11-28 08:05:04 —-D—- C:\Documents and Settings\All Users\Application Data\HP
2008-11-28 08:04:18 —-D—- C:\Program Files\Hewlett-Packard
2008-11-28 08:04:03 —-D—- C:\Program Files\Common Files\Hewlett-Packard
2008-11-28 08:03:22 —-D—- C:\Program Files\Common Files\HP
2008-11-28 08:00:40 —-D—- C:\Program Files\HP
2008-11-20 22:27:03 —-D—- C:\Program Files\CueCard
2008-11-16 23:08:54 —-D—- C:\Documents and Settings\Owner\Application Data\skypePM
2008-11-16 23:07:29 —-D—- C:\Documents and Settings\Owner\Application Data\Skype
2008-11-16 23:06:39 —-D—- C:\Program Files\Skype
2008-11-16 23:06:38 —-D—- C:\Program Files\Common Files\Skype
2008-11-16 23:05:35 —-D—- C:\Documents and Settings\All Users\Application Data\Skype
2008-11-12 03:04:01 —-HDC—- C:\WINDOWS\$NtUninstallKB957097$
2008-11-12 03:03:36 —-HDC—- C:\WINDOWS\$NtUninstallKB954459$
2008-11-12 03:03:10 —-HDC—- C:\WINDOWS\$NtUninstallKB955069$
2008-11-08 21:19:24 —-D—- C:\Program Files\SystemRequirementsLab
2008-11-08 21:18:44 —-D—- C:\Documents and Settings\Owner\Application Data\SystemRequirementsLab
2008-11-06 20:46:09 —-D—- C:\Documents and Settings\Owner\Application Data\Viewpoint
2008-10-23 14:39:17 —-HDC—- C:\WINDOWS\$NtUninstallKB958644$
2008-10-18 12:57:04 —-A—- C:\WINDOWS\system32\lfpsd13n.dll
2008-10-16 02:09:58 —-HDC—- C:\WINDOWS\$NtUninstallKB956803$
2008-10-16 02:09:27 —-HDC—- C:\WINDOWS\$NtUninstallKB956391$
2008-10-16 02:09:04 —-HDC—- C:\WINDOWS\$NtUninstallKB957095$
2008-10-16 02:05:27 —-HDC—- C:\WINDOWS\$NtUninstallKB954211$
2008-10-16 02:04:31 —-HDC—- C:\WINDOWS\$NtUninstallKB956841$
2008-10-11 11:08:01 —-HD—- C:\WINDOWS\PIF
2008-10-08 21:25:25 —-A—- C:\WINDOWS\system32\ltclr13n.dll
2008-10-08 21:25:25 —-A—- C:\WINDOWS\system32\lftif13n.dll
2008-10-08 21:25:25 —-A—- C:\WINDOWS\system32\lffax13n.dll
======List of files/folders modified in the last 3 months======
2009-01-05 21:10:50 —-AD—- C:\Program Files
2009-01-05 21:10:46 —-D—- C:\WINDOWS\Prefetch
2009-01-05 21:05:12 —-D—- C:\Program Files\Mozilla Firefox
2009-01-05 20:12:36 —-D—- C:\WINDOWS\Temp
2009-01-05 19:55:00 —-A—- C:\WINDOWS\SchedLgU.Txt
2009-01-05 19:35:39 —-D—- C:\Program Files\Spybot - Search & Destroy
2009-01-05 19:32:50 —-D—- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-05 19:31:33 —-D—- C:\WINDOWS
2009-01-05 19:24:45 —-D—- C:\WINDOWS\system32
2009-01-05 19:16:27 —-SD—- C:\WINDOWS\Tasks
2009-01-04 21:02:30 —-D—- C:\Documents and Settings\Owner\Application Data\OpenOffice.org2
2009-01-04 16:06:39 —-D—- C:\WINDOWS\system32\CatRoot2
2009-01-03 18:29:07 —-D—- C:\Program Files\Microsoft Windows OneCare Live
2009-01-02 19:02:08 —-HD—- C:\WINDOWS\inf
2008-12-28 17:10:13 —-D—- C:\Program Files\MyWebSearch
2008-12-28 17:09:49 —-D—- C:\Program Files\Internet Explorer
2008-12-18 13:50:53 —-SHD—- C:\WINDOWS\Installer
2008-12-18 13:50:50 —-HD—- C:\Config.Msi
2008-12-18 03:03:03 —-RSHDC—- C:\WINDOWS\system32\dllcache
2008-12-18 03:02:48 —-D—- C:\WINDOWS\ie7updates
2008-12-18 03:01:09 —-HD—- C:\WINDOWS\$hf_mig$
2008-12-13 14:57:02 —-D—- C:\Program Files\Tibia
2008-12-12 22:40:02 —-A—- C:\WINDOWS\system32\mshtml.dll
2008-12-11 03:11:58 —-A—- C:\WINDOWS\imsins.BAK
2008-12-11 02:36:12 —-D—- C:\WINDOWS\system32\CatRoot
2008-12-09 15:24:37 —-A—- C:\WINDOWS\system32\MRT.exe
2008-12-07 20:33:45 —-A—- C:\WINDOWS\win.ini
2008-12-07 20:33:13 —-D—- C:\WINDOWS\system32\drivers
2008-12-07 20:31:29 —-D—- C:\WINDOWS\twain_32
2008-11-28 22:25:52 —-HD—- C:\Program Files\InstallShield Installation Information
2008-11-28 22:19:43 —-D—- C:\WINDOWS\system32\DirectX
2008-11-28 22:19:36 —-RSD—- C:\WINDOWS\assembly
2008-11-28 22:18:06 —-D—- C:\WINDOWS\Microsoft.NET
2008-11-28 21:07:33 —-A—- C:\WINDOWS\system32\CmdLineExt.dll
2008-11-28 08:07:08 —-D—- C:\WINDOWS\WinSxS
2008-11-28 08:04:03 —-D—- C:\Program Files\Common Files
2008-11-28 08:01:59 —-DC—- C:\WINDOWS\system32\DRVSTORE
2008-11-25 21:55:30 —-RASH—- C:\boot.ini
2008-11-25 21:55:30 —-A—- C:\WINDOWS\system.ini
2008-11-25 21:55:28 —-D—- C:\WINDOWS\pss
2008-11-23 20:57:27 —-D—- C:\WINDOWS\Help
2008-11-06 16:03:02 —-A—- C:\WINDOWS\system32\PerfStringBackup.INI
2008-10-23 04:36:14 —-A—- C:\WINDOWS\system32\gdi32.dll
2008-10-23 02:06:59 —-N—- C:\WINDOWS\system32\tzchange.exe
2008-10-22 19:14:45 —-D—- C:\Program Files\Microsoft Silverlight
2008-10-16 14:13:40 —-A—- C:\WINDOWS\system32\wuweb.dll
2008-10-16 14:13:40 —-A—- C:\WINDOWS\system32\wuaueng.dll
2008-10-16 14:12:22 —-A—- C:\WINDOWS\system32\wucltui.dll
2008-10-16 14:12:20 —-A—- C:\WINDOWS\system32\wuapi.dll
2008-10-16 14:09:44 —-A—- C:\WINDOWS\system32\wups2.dll
2008-10-16 14:09:44 —-A—- C:\WINDOWS\system32\wuauclt.exe
2008-10-16 14:09:44 —-A—- C:\WINDOWS\system32\cdm.dll
2008-10-16 14:09:40 —-A—- C:\WINDOWS\system32\wucltui.dll.mui
2008-10-16 14:08:58 —-A—- C:\WINDOWS\system32\wups.dll
2008-10-16 14:07:44 —-A—- C:\WINDOWS\system32\wuapi.dll.mui
2008-10-16 14:07:14 —-A—- C:\WINDOWS\system32\wuaueng.dll.mui
2008-10-16 14:06:48 —-A—- C:\WINDOWS\system32\muweb.dll
2008-10-16 14:06:48 —-A—- C:\WINDOWS\system32\mucltui.dll.mui
2008-10-16 14:06:48 —-A—- C:\WINDOWS\system32\mucltui.dll
2008-10-16 12:38:40 —-A—- C:\WINDOWS\system32\wininet.dll
2008-10-16 12:38:39 —-A—- C:\WINDOWS\system32\webcheck.dll
2008-10-16 12:38:39 —-A—- C:\WINDOWS\system32\urlmon.dll
2008-10-16 12:38:39 —-A—- C:\WINDOWS\system32\url.dll
2008-10-16 12:38:39 —-A—- C:\WINDOWS\system32\pngfilt.dll
2008-10-16 12:38:39 —-A—- C:\WINDOWS\system32\occache.dll
2008-10-16 12:38:39 —-A—- C:\WINDOWS\system32\mstime.dll
2008-10-16 12:38:38 —-A—- C:\WINDOWS\system32\msrating.dll
2008-10-16 12:38:38 —-A—- C:\WINDOWS\system32\mshtmled.dll
2008-10-16 12:38:37 —-A—- C:\WINDOWS\system32\msfeedsbs.dll
2008-10-16 12:38:37 —-A—- C:\WINDOWS\system32\msfeeds.dll
2008-10-16 12:38:37 —-A—- C:\WINDOWS\system32\jsproxy.dll
2008-10-16 12:38:37 —-A—- C:\WINDOWS\system32\iertutil.dll
2008-10-16 12:38:37 —-A—- C:\WINDOWS\system32\iernonce.dll
2008-10-16 12:38:37 —-A—- C:\WINDOWS\system32\ieframe.dll
2008-10-16 12:38:35 —-A—- C:\WINDOWS\system32\iedkcs32.dll
2008-10-16 12:38:35 —-A—- C:\WINDOWS\system32\ieapfltr.dll
2008-10-16 12:38:35 —-A—- C:\WINDOWS\system32\ieaksie.dll
2008-10-16 12:38:35 —-A—- C:\WINDOWS\system32\ieakeng.dll
2008-10-16 12:38:35 —-A—- C:\WINDOWS\system32\icardie.dll
2008-10-16 12:38:35 —-A—- C:\WINDOWS\system32\extmgr.dll
2008-10-16 12:38:34 —-A—- C:\WINDOWS\system32\dxtrans.dll
2008-10-16 12:38:34 —-A—- C:\WINDOWS\system32\dxtmsft.dll
2008-10-16 12:38:34 —-A—- C:\WINDOWS\system32\advpack.dll
2008-10-16 05:11:09 —-A—- C:\WINDOWS\system32\ieudinit.exe
2008-10-16 05:11:09 —-A—- C:\WINDOWS\system32\ie4uinit.exe
2008-10-15 08:34:24 —-A—- C:\WINDOWS\system32\netapi32.dll
2008-10-14 23:04:53 —-A—- C:\WINDOWS\system32\ieakui.dll
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 FsVga;FsVga; C:\WINDOWS\system32\DRIVERS\fsvga.sys [2004-08-04 12160]
R1 MSFWHLPR;MSFWHLPR; C:\WINDOWS\system32\DRIVERS\msfwhlpr.sys [2007-11-27 116416]
R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2005-04-05 267192]
R1 Tcpip6;Microsoft IPv6 Protocol Driver; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2008-06-20 225856]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]
R2 ASCTRM;ASCTRM; C:\WINDOWS\system32\drivers\ASCTRM.sys [2008-07-20 8552]
R2 irda;IrDA Protocol; C:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-13 88192]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-08-03 11868]
R2 MSFWDrv;MSFWDrv; C:\WINDOWS\system32\DRIVERS\msfwdrv.sys [2007-11-27 91328]
R2 NwlnkIpx;NWLink IPX/SPX/NetBIOS Compatible Transport Protocol; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2008-04-13 88320]
R2 NwlnkNb;NWLink NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2004-08-04 63232]
R2 NwlnkSpx;NWLink SPX/SPXII Protocol; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2004-08-04 55936]
R3 Afc;PPdus ASPI Shell; C:\WINDOWS\system32\drivers\Afc.sys [2005-02-23 11776]
R3 ALCXSENS;Service for WDM 3D Audio Driver; C:\WINDOWS\system32\drivers\ALCXSENS.SYS [2003-12-09 400384]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2003-12-09 626977]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2006-09-19 15664]
R3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2007-10-30 49920]
R3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2007-10-30 16496]
R3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2007-10-30 21568]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2004-06-17 1041536]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys [2004-06-17 220032]
R3 irsir;Microsoft Serial Infrared Driver; C:\WINDOWS\system32\DRIVERS\irsir.sys [2001-08-17 18688]
R3 LVcKap;Logitech AEC Driver; C:\WINDOWS\system32\DRIVERS\LVcKap.sys [2007-02-06 1691808]
R3 LVMVDrv;Logitech Machine Vision Engine Loader; C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys [2007-02-06 1964064]
R3 LVPr2Mon;Logitech LVPr2Mon Driver; C:\WINDOWS\system32\drivers\LVPr2Mon.sys [2007-02-06 25632]
R3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\LVUSBSta.sys [2007-02-03 41504]
R3 mcdbus;Driver for MagicISO SCSI Host Controller; C:\WINDOWS\system32\DRIVERS\mcdbus.sys [2008-02-18 96256]
R3 MpFilter;Microsoft Malware Protection Driver; C:\WINDOWS\system32\DRIVERS\MpFilter.sys [2008-05-15 53168]
R3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
R3 pepifilter;Volume Adapter; C:\WINDOWS\system32\DRIVERS\lv302af.sys [2007-02-03 14240]
R3 PID_PEPI;Logitech QuickCam IM(PID_PEPI); C:\WINDOWS\system32\DRIVERS\LV302V32.SYS [2007-02-03 938272]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
R3 StillCam;Still Serial Digital Camera Driver; C:\WINDOWS\system32\DRIVERS\serscan.sys [2001-08-17 6784]
R3 SunkFilt;Alcor Micro Corp Reader; \??\C:\WINDOWS\System32\Drivers\sunkfilt.sys []
R3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []
R3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-13 12288]
R3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 viagfx;viagfx; C:\WINDOWS\system32\DRIVERS\vtmini.sys [2005-04-06 173696]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2004-06-17 685056]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
S1 P3;Intel PentiumIII Processor Driver; C:\WINDOWS\system32\DRIVERS\p3.sys [2008-04-13 42752]
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 DCamUSBSTK017;STK017 Camera; C:\WINDOWS\system32\DRIVERS\STK017W2.sys [2003-11-17 99476]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 mxnic;Macronix MX987xx Family Fast Ethernet NT Driver; C:\WINDOWS\system32\DRIVERS\mxnic.sys [2001-08-17 19968]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 nm;Network Monitor Driver; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-13 40320]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 PID_08A0;Logitech QuickCam IM(PID_08A0); C:\WINDOWS\system32\DRIVERS\LV302AV.SYS [2006-06-22 720176]
S3 pmxscan;Visioneer USB Kernel; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 RTL8023;Realtek RTL8139/810x/8169/8110 all in one NDIS NT Driver; C:\WINDOWS\system32\DRIVERS\Rtlnic51.sys [2004-08-13 65280]
S3 SiS7018;Service for AC’97 Sample Driver (WDM); C:\WINDOWS\system32\drivers\ac97sis.sys [2001-08-17 297728]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 SYMDNS;SYMDNS; C:\WINDOWS\System32\Drivers\SYMDNS.SYS [2005-04-05 11512]
S3 SYMFW;SYMFW; C:\WINDOWS\System32\Drivers\SYMFW.SYS [2005-04-05 173208]
S3 SYMIDS;SYMIDS; C:\WINDOWS\System32\Drivers\SYMIDS.SYS [2005-04-05 36984]
S3 SYMNDIS;SYMNDIS; C:\WINDOWS\System32\Drivers\SYMNDIS.SYS [2005-04-05 47192]
S3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2005-04-05 17976]
S3 USB_RNDIS;USB Remote NDIS Network Device Driver; C:\WINDOWS\system32\DRIVERS\usb8023.sys [2008-04-13 12800]
S3 VIAudio;VIA AC’97 Audio Controller (WDM); C:\WINDOWS\system32\drivers\ac97via.sys [2004-08-03 84480]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [2003-01-10 33588]
S3 wdm_opl3sax;YAMAHA OPL3-SAx Audio Driver (WDM); C:\WINDOWS\system32\drivers\opl3sax.sys [2001-08-17 54528]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 6to4;IPv6 Helper Service; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R2 AOL TopSpeedMonitor;AOL TopSpeed Monitor; C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe [2004-10-15 100016]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2007-07-24 229376]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R2 Irmon;Infrared Monitor; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R2 LVPrcSrv;Logitech Process Monitor; c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe [2007-02-06 109344]
R2 msfwsvc;OneCare Firewall; C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe [2007-11-27 755264]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
R2 OcHealthMon;Windows Live OneCare Health Monitor; C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe [2008-11-05 25968]
R2 OneCareMP;OneCare AntiSpyware and AntiVirus; C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe [2008-07-09 18704]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
R2 PrismXL;PrismXL; C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS [2005-07-29 172032]
R2 sprtlisten;SupportSoft Listener Service; C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe [2008-01-08 1213728]
R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R2 winss;Windows Live OneCare; C:\Program Files\Microsoft Windows OneCare Live\winss.exe [2008-11-05 1132912]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-02-19 504104]
R3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S2 LVSrvLauncher;LVSrvLauncher; C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe [2007-02-06 105248]
S2 MyWebSearchService;My Web Search Service; C:\PROGRA~1\MYWEBS~1\bar\4.bin\mwssvc.exe [2008-12-28 28762]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 MSCSPTISRV;MSCSPTISRV; C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe [2005-01-26 53337]
S3 PACSPTISVR;PACSPTISVR; C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [2005-01-26 53337]
S3 SerialKeys;SerialKeys; C:\WINDOWS\system32\skeys.exe [2008-04-13 26112]
S3 SNDSrvc;Symantec Network Drivers Service; C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe [2005-04-05 206552]
S3 SPTISRV;Sony SPTI Service; C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe [2005-01-26 69718]
S3 SupportSoft RemoteAssist;SupportSoft RemoteAssist; C:\Program Files\Common Files\SupportSoft\bin\ssrc.exe [2008-01-08 394608]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
—————–EOF—————–
Last edited by drakonic; 2 Weeks Ago at 06:34.
info.txt logfile of random’s system information tool 1.05 2009-01-05 21:11:18
======Uninstall list======
–>C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
–>RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88E5FCB8-5F25-11D5-B16F-0800460222F0}\setup.exe" -l0×9 UNINSTALL
–>RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D76298C2-E532-4A11-BCFF-76F3F19DA84D}\setup.exe" UNINSTALL
–>rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
32 Bit HP CIO Components Installer–>MsiExec.exe /I{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}
Actiontec Gateway–>RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9692FD03-6662-4E62-B08C-30DFF51651E1}\setup.exe" -l0×9
Adobe Flash Player ActiveX–>C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin–>C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Photoshop 7.0–>C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop 7.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 7.0\Uninst.dll"
Adobe Reader 7.0–>MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
Adobe Shockwave Player 11–>C:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Advertisement Service–>C:\WINDOWS\system32\prunnet.exe Uninstall
AIM 6–>C:\Program Files\AIM6\uninst.exe
AOL You’ve Got Pictures Screensaver–>C:\Program Files\Common Files\AOL\Screensaver\uninst_ygpss.exe
Apple Software Update–>MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
AviDecode–>RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45BA6F47-ED29-4ACB-8F40-BBAD4D644EE5}\Setup.exe"
Bonjour–>MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
Comcast High-Speed Internet Install Wizard–>C:\Program Files\support.com\uninstall\chsi_uninstaller.exe
CueCard (remove only)–>"C:\Program Files\CueCard\uninst.exe"
Digital Media Reader–>C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{81EED1A1-AE78-4B11-BE47-C6AE9F5E87F1}
DivX Content Uploader–>C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Player–>C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player–>C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DivX–>C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
Give4Free Plugin–>C:\Program Files\Give4Free Plugin\uninstall.exe
GTOneCare–>MsiExec.exe /X{8B21B9EF-6DBF-4F63-8CC7-9F6A56D1EE8E}
Hotfix for Windows Internet Explorer 7 (KB947864)–>"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)–>"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)–>"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)–>"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HP Customer Participation Program 10.0–>C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Deskjet F2200 All-In-One Driver Software 10.0 Rel .3–>C:\Program Files\HP\Digital Imaging\{D77D43B5-ED55-426b-B67B-E21F804F6102}\setup\hpzscr01.exe -datfile hposcr27.dat -onestop
HP Imaging Device Functions 10.0–>C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart Essential 2.5–>C:\Program Files\HP\Digital Imaging\PhotoSmartEssential\hpzscr01.exe -datfile hpqbud13.dat
HP Smart Web Printing–>C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpzscr01.exe -datfile hpqbud15.dat
HP Solution Center 10.0–>C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Update–>MsiExec.exe /X{11B83AD3-7A46-4C2E-A568-9505981D4C6F}
Icewind Dale II–>RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{588C135F-0B15-4A02-8F2D-04697BE2904E}\setup.exe" -l0×9
iTunes–>MsiExec.exe /I{80FD852F-5AAC-4129-B931-06AAFFA43138}
J2SE Runtime Environment 5.0 Update 2–>MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150020}
Java 2 Runtime Environment, SE v1.4.2_12–>MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142120}
Java(TM) 6 Update 4–>MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160040}
LimeWire 4.16.6–>"C:\Program Files\LimeWire\uninstall.exe"
LiveUpdate 2.5 (Symantec Corporation)–>C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Logitech Audio Echo Cancellation Component–>MsiExec.exe /X{BEF726DD-4037-4214-8C6A-E625C02D2870}
Logitech Desktop Messenger–>RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,Launc hSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\Setup.exe" -l0×9 UNINSTALL
Logitech QuickCam–>MsiExec.exe /X{7D2370AC-D8E6-4996-986A-19824F8A167C}
Logitech Video Enumerator–>MsiExec.exe /X{EA516024-D84D-41F1-814F-83175A6188F2}
Logitech� Camera Driver–>"C:\Program Files\Common Files\LogiShrd\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT
MagicDisc 2.6.93–>C:\PROGRA~1\MAGICD~1\UNWISE.EXE C:\PROGRA~1\MAGICD~1\INSTALL.LOG
MangaBrowser for SHONEN JUMP 40th–>MsiExec.exe /I{DE54F85C-DB65-4691-B15D-1EF9149F0FD6}
Merzmorize Screen Saver–>C:\WINDOWS\Merzmorize.scr /u
Microsoft .NET Framework 1.1 Hotfix (KB928366)–>"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninst all.msp"
Microsoft .NET Framework 1.1–>msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1–>MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1–>MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft Compression Client Pack 1.0 for Windows XP–>"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs–>"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.ex e"
Microsoft National Language Support Downlevel APIs–>"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst. exe"
Microsoft Protection Service–>MsiExec.exe /I{85CFDC2D-710E-49D5-B799-F3743CA506BA}
Microsoft Silverlight–>MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]–>MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft User-Mode Driver Framework Feature Pack 1.0–>"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C 2005 Redistributable–>MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual J# .NET Redistributable Package 1.1–>MsiExec.exe /X{1A655D51-1423-48A3-B748-8F5A0BE294C8}
Microsoft Windows Journal Viewer–>MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA8}
Microsoft Windows Live OneCare Resources v2.5.2900.20–>MsiExec.exe /I{5660022E-F3F2-4126-8CC5-9726C47150EB}
Microsoft Windows OneCare Live AntiSpyware and AntiVirus–>MsiExec.exe /I{E26B83D1-C0BB-41BC-8F44-31D5354DD6AF}
Microsoft Windows OneCare Live v2.5.2900.20 Idcrl Install–>MsiExec.exe /I{3851147E-5A91-4469-BA4D-13FFFCC8A920}
Microsoft Windows OneCare Live v2.5.2900.20–>MsiExec.exe /I{D07A8E7E-D324-4945-BA8C-E532AD008FF3}
Microsoft Works–>MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}
Mozilla Firefox (3.0.5)–>C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB927978)–>MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)–>MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)–>MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML4 Parser–>MsiExec.exe /I{01501EBA-EC35-4F9F-8889-3BE346E5DA13}
MVision–>MsiExec.exe /I{35725FBC-A136-4A46-9F29-091759D9BB93}
My Web Search (My Fun Cards)–>rundll32 C:\PROGRA~1\MYWEBS~1\bar\4.bin\mwsbar.dll,O
ObjectBar–>C:\PROGRA~1\OBJECT~1\OBJECT~1\UNWISE.EXE C:\PROGRA~1\OBJECT~1\OBJECT~1\INSTALL.LOG
OpenMG Limited Patch 4.1-05-13-31-01–>C:\Program Files\Common Files\Sony Shared\OpenMG\HotFixes\HotFix4.1-05-13-31-01\HotFixSetup\setup.exe /u
OpenMG Secure Module 4.1.00–>C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{2F151B50-B434-4838-B51D-70442EBA093E} UNINSTALL
OpenOffice.org 2.4–>MsiExec.exe /I{2CD2C0DB-81C3-416B-9FA6-589B9235359B}
PowerDVD–>RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
Project64 1.6–>MsiExec.exe /X{9559F7CA-5E34-4237-A2D9-D856464AD727}
PX Engine–>MsiExec.exe /I{6513E869-647F-40FD-A55D-CFC92579B9BA}
QuickConnect–>C:\Program Files\InstallShield Installation Information\{4998FF95-709A-430A-B104-92A009ABB848}\setup.exe -runfromtemp -l0×0009 -removeonly
QuickTime–>MsiExec.exe /I{BFD96B89-B769-4CD6-B11E-E79FFD46F067}
Qwest QuickAssist Desktop Tools–>MsiExec.exe /I{A63E18AC-B504-4045-AFE6-A279BBABB988}
Qwest QuickCare 2.2–>"C:\Program Files\Qwest\QuickCare\unins000.exe"
RealPlayer Basic–>C:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0
Realtek AC’97 Audio–>RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
REALTEK Gigabit and Fast Ethernet NIC Driver–>RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{94FB906A-CF42-4128-A509-D353026A607E}\Setup.exe" -l0×9 REMOVE
Rhapsody Player Engine–>MsiExec.exe /I{8A62A068-3FD6-495A-9F66-26FE94F32EC9}
Security Update for CAPICOM (KB931906)–>MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)–>MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Windows Internet Explorer 7 (KB928090)–>"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB931768)–>"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB933566)–>"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB937143)–>"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)–>"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)–>"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)–>"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)–>"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)–>"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)–>"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)–>"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)–>"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)–>"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)–>"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB911565)–>"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)–>"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)–>"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)–>"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)–>"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)–>"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)–>"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)–>"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)–>"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)–>"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)–>"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)–>"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)–>"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)–>"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)–>"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)–>"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)–>"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)–>"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)–>"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)–>"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)–>"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)–>"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)–>"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)–>"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)–>"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)–>"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)–>"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)–>"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Shop for HP Supplies–>C:\Program Files\HP\Digital Imaging\HPSSupply\hpzscr01.exe -datfile hpqbud16.dat
Skype� 3.8–>MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
SoftV92 Data Fax Modem with SmartCP–>C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200014F1\HXFSETUP.EX E -U -IURSLST5K.inf
Spybot - Search & Destroy 1.4–>"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
System Requirements Lab–>C:\Program Files\SystemRequirementsLab\Uninstall.exe
TBS WMP Plug-in–>C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{13515135-48BB-4184-8C1F-2FAE0138E200}
Tibia–>"C:\Program Files\Tibia\unins000.exe"
UMVPLStandalone–>MsiExec.exe /X{8AC049F7-1383-45C3-9E7D-F93CA667F9E1}
Update for Windows XP (KB951072-v2)–>"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)–>"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB953356)–>"C:\WINDOWS\$NtUninstallKB953356$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)–>"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
VIA/S3G Display Driver–>C:\PROGRA~1\VIA\UChromeP\s3minset.exe /u C:\PROGRA~1\VIA\UChromeP\UChromeP.uns
Viewpoint Media Player–>C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Windows Backup Utility–>MsiExec.exe /I{76EFFC7C-17A6-479D-9E47-8E658C1695AE}
Windows Imaging Component–>"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live installer–>MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger–>MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live OneCare–>"C:\Program Files\Microsoft Windows OneCare Live\OCSetup.exe" /u
Windows Live Sign-in Assistant–>MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Live Writer–>MsiExec.exe /X{9176251A-4CC1-4DDB-B343-B487195EB397}
Windows Media Format 11 runtime–>"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime–>"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Support Tools–>MsiExec.exe /I{8398B542-3CC4-44D9-83DF-696CCE70124B}
Windows XP Service Pack 3–>"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver–>C:\Program Files\WinRAR\uninstall.exe
WLTB Custom Buttons–>MsiExec.exe /I{C6522325-92ED-4312-A45A-04E45896C130}
Yahoo! �u��C–>C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
======Security center information======
AV: Windows Live OneCare (outdated)
FW: Windows Live OneCare Firewall
System event log
Computer Name: YOUR-7C60552B9E
Event Code: 4201
Message: The system detected that network adapter \DEVICE\TCPIP_{2B3D47F0-4BF1-4166-A786-74AF3F16CE76} was connected to the network,
and has initiated normal operation over the network adapter.
Record Number: 5483
Source Name: Tcpip
Time Written: 20081016184617.000000-420
Event Type: information
User:
Computer Name: YOUR-7C60552B9E
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 0040CAAAF5CA. The following
error occurred:
The operation was canceled by the user.
.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.
Record Number: 5482
Source Name: Dhcp
Time Written: 20081016184602.000000-420
Event Type: warning
User:
Computer Name: YOUR-7C60552B9E
Event Code: 4202
Message: The system detected that network adapter \DEVICE\TCPIP_{2B3D47F0-4BF1-4166-A786-74AF3F16CE76} was disconnected from the network,
and the adapter’s network configuration has been released. If the network
adapter was not disconnected, this may indicate that it has malfunctioned.
Please contact your vendor for updated drivers.
Record Number: 5481
Source Name: Tcpip
Time Written: 20081016184602.000000-420
Event Type: information
User:
Computer Name: YOUR-7C60552B9E
Event Code: 4201
Message: The system detected that network adapter \DEVICE\TCPIP_{2B3D47F0-4BF1-4166-A786-74AF3F16CE76} was connected to the network,
and has initiated normal operation over the network adapter.
Record Number: 5480
Source Name: Tcpip
Time Written: 20081016184552.000000-420
Event Type: information
User:
Computer Name: YOUR-7C60552B9E
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 0040CAAAF5CA. The following
error occurred:
The operation was canceled by the user.
.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.
Record Number: 5479
Source Name: Dhcp
Time Written: 20081016184532.000000-420
Event Type: warning
User:
Application event log
Computer Name: YOUR-7C60552B9E
Event Code: 700
Message: msnmsgr (2936) Online defragmentation is beginning a full pass on database ‘\\.\C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\immafirinmahlazer@hotmail.com\SharingMetadata\Work ing\database_5020_29A8_2029_95CE\dfsr.db’.
Record Number: 23841
Source Name: ESENT
Time Written: 20081109020002.000000-480
Event Type: information
User:
Computer Name: YOUR-7C60552B9E
Event Code: 4103
Message: Master merge has completed on c:\system volume information\catalog.wci.
Record Number: 23840
Source Name: Ci
Time Written: 20081109010844.000000-480
Event Type: information
User:
Computer Name: YOUR-7C60552B9E
Event Code: 701
Message: msnmsgr (2936) Online defragmentation has completed a full pass on database ‘\\.\C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\immafirinmahlazer@hotmail.com\SharingMetadata\Work ing\database_5020_29A8_2029_95CE\dfsr.db’.
Record Number: 23839
Source Name: ESENT
Time Written: 20081109010002.000000-480
Event Type: information
User:
Computer Name: YOUR-7C60552B9E
Event Code: 700
Message: msnmsgr (2936) Online defragmentation is beginning a full pass on database ‘\\.\C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\immafirinmahlazer@hotmail.com\SharingMetadata\Work ing\database_5020_29A8_2029_95CE\dfsr.db’.
Record Number: 23838
Source Name: ESENT
Time Written: 20081109010002.000000-480
Event Type: information
User:
Computer Name: YOUR-7C60552B9E
Event Code: 701
Message: msnmsgr (2936) Online defragmentation has completed a full pass on database ‘\\.\C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\immafirinmahlazer@hotmail.com\SharingMetadata\Work ing\database_5020_29A8_2029_95CE\dfsr.db’.
Record Number: 23837
Source Name: ESENT
Time Written: 20081109000001.000000-480
Event Type: information
User:
======Environment variables======
"CLASSPATH"=.;C:\Program Files\Java\jre1.5.0_02\lib\ext\QTJava.zip
"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"NUMBER_OF_PROCESSORS"=1
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Pro gram Files\Support Tools\;C:\Program Files\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 44 Stepping 2, AuthenticAMD
"PROCESSOR_LEVEL"=15
"PROCESSOR_REVISION"=2c02
"QTJAVA"=C:\Program Files\Java\jre1.5.0_02\lib\ext\QTJava.zip
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"windir"=%SystemRoot%
—————–EOF—————–
Please visit the following webpage for instructions for downloading and running ComboFix
How to use ComboFix
Download ComboFix by sUBs from here, saving the file to your desktop.
Disable realtime protection applications as they sometimes interfere with the tool. Check this link for your applicable programs.
Close all open programs and windows
Double click ComboFix.exe and follow the prompts.
It may reboot your computer and resume running when you logon. Wait for it to complete. When finished, it will open a log for you. Post that log in your next reply.
Note: Do not mouseclick combofix’s window while its running. That may cause it to stall
**NOTE - I recommend you allow the Recovery Console to be downloaded and installed if or when prompted.
This stuff…
I’m Drakonic’s friend and he is speaking of my computer. Here is the log,
Logfile of random’s system information tool 1.05 (written by random/random)
Run by Owner at 2009-01-05 21:10:43
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 109 GB (73%) free of 149 GB
Total RAM: 446 MB (15% free)
HijackThis download failed
======Scheduled tasks folder======
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\B2CD064C97EAB664.job
C:\WINDOWS\tasks\EasyShare Registration RunOnce Task.job
C:\WINDOWS\tasks\ISP signup reminder 2.job
C:\WINDOWS\tasks\lepkjcgx.job
C:\WINDOWS\tasks\Symantec NetDetect.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{00A6FAF1-072E-44cf-8957-5838F569A31D}]
MyWebSearch Search Assistant BHO - C:\Program Files\MyWebSearch\SrchAstt\4.bin\MWSSRCAS.DLL [2008-12-28 61440]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll [2007-12-18 817936]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
HP Print Enhancer - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2007-11-06 322880]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{07B18EA1-A523-4961-B6BB-170DE4475CCA}]
mwsBar BHO - C:\Program Files\MyWebSearch\bar\4.bin\MWSBAR.DLL [2008-12-28 417887]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{5A263CF7-56A6-4D68-A8CF-345BE45BC911}]
Yahoo! IE Suggest - C:\Program Files\Yahoo!\Search\YSearchSuggest.dll [2007-02-23 140840]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll [2007-12-14 509328]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{7E3659A6-4BC5-4d93-B3FD-8B5ACC2FEDED}]
PPCScamBHO Class - C:\Program Files\PeoplePC\Toolbar\ScamGrd.dll [2006-01-19 176128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{A8FB8EB3-183B-4598-924D-86F0E5E37085}]
PeoplePal Toolbar - C:\Program Files\PeoplePC\Toolbar\PPCToolbar.dll [2006-01-24 220672]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{F9FA76AE-5A55-41D1-974C-5F66920794F4}]
C:\WINDOWS\system32\tuvSMcBQ.dll [2009-01-05 289280]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]
HP Smart BHO Class - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2007-11-06 542016]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{A8FB8EB3-183B-4598-924D-86F0E5E37085} - PeoplePal Toolbar - C:\Program Files\PeoplePC\Toolbar\PPCToolbar.dll [2006-01-24 220672]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! �u��C - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll [2007-12-18 817936]
{07B18EA9-A523-4961-B6BB-170DE4475CCA} - My Web Search - C:\Program Files\MyWebSearch\bar\4.bin\MWSBAR.DLL [2008-12-28 417887]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-10-14 49152]
"hpqSRMon"=C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [2007-08-22 80896]
"MyWebSearch Plugin"=rundll32 C:\PROGRA~1\MYWEBS~1\bar\4.bin\M3PLUGIN.DLL []
"My Web Search Bar Search Scope Monitor"=C:\PROGRA~1\MYWEBS~1\bar\4.bin\m3SrchMn.exe [2008-12-28 24688]
"MyWebSearch Email Plugin"=C:\PROGRA~1\MYWEBS~1\bar\4.bin\mwsoemon.exe [2008-12-28 32838]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-01-31 385024]
"prunnet"=C:\WINDOWS\system32\prunnet.exe [2009-01-05 114688]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2007-10-18 5724184]
"Aim6"=C:\Program Files\AIM6\aim6.exe [2008-08-06 50472]
"MyWebSearch Email Plugin"=C:\PROGRA~1\MYWEBS~1\bar\4.bin\mwsoemon.exe [2008-12-28 32838]
"prunnet"=C:\WINDOWS\system32\prunnet.exe [2009-01-05 114688]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\1A:Stardock TrayMonitor]
C:\Program Files\Common Files\Stardock\TrayServer.exe [2003-02-14 81920]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
C:\Program Files\AIM6\aim6.exe [2008-08-06 50472]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Fast Start]
C:\Program Files\America Online 9.0\AOL.EXE [2005-07-25 50776]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Spyware Protection]
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Bart Station]
C:\Program Files\PeoplePC\ISP6300\BIN\PPCOLink.exe -STATION []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BookmarkCentral]
C:\PROGRA~1\BMCENT~1\BMLauncher.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
C:\Program Files\Common Files\Symantec Shared\ccApp.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadAccelerator]
C:\Program Files\DAP\DAP.EXE /STARTUP []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ezthemes_WhenUSaveNow_Installer]
C:\Program Files\Ezthemes_WhenUSaveNow_Installer\Ezthemes_WhenUSaveNow_Installer.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Flaw idol time locks]
C:\Documents and Settings\All Users\Application Data\MULTI GLUE FLAW IDOL\AimFrag.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Free Download Manager]
C:\Program Files\Free Download Manager\fdm.exe -autorun []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe /startup []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
C:\Program Files\Common Files\AOL\1216603751\ee\AOLSoftware.exe [2006-03-10 48280]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan]
C:\Program Files\Internet Download Manager\IDMan.exe /onboot []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2008-02-19 267048]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-09-23 36864]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe [2007-02-08 488984]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe [2007-02-08 774168]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe [2007-02-06 252704]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
C:\PROGRA~1\McAfee.com\Agent\McAgent.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3]
C:\Program Files\MessengerPlus! 3\MsgPlus.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnappau]
C:\Program Files\MSN Apps\Updater\01.02.0002.1001\en-us\msnappau.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2007-10-18 5724184]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NetPumper]
C:\Program Files\NetPumper\NetPumperIEProxy.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\New.net Startup]
rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OneCareUI]
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe [2008-11-05 64880]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OneTouch Monitor]
C:\PROGRA~1\VISION~1\ONETOU~2.EXE []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pollface]
C:\DOCUME~1\Owner\APPLIC~1\WEBMAI~1\Data Eggs.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PPWebCap]
C:\PROGRA~1\ScanSoft\PAPERP~1\PPWebCap.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pure Networks Port Magic]
C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe -Run []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickCare2.2]
C:\Program Files\Qwest\QuickCare\bin\sprtcmd.exe [2007-05-04 198184]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2008-01-31 385024]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
C:\WINDOWS\SMINST\RECGUARD.EXE [2002-09-13 212992]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
C:\WINDOWS\Creator\Remind_XP.exe [2005-03-15 966656]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2004-11-02 32768]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe [2008-09-23 21755688]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
C:\WINDOWS\SOUNDMAN.EXE [2003-12-09 67584]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spanish]
C:\Program Files\Learn To Speak French Demo V2.8\Study Conversation.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedOptimizer]
C:\PROGRA~1\SPEEDO~1\SPO.EXE -s []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe [2007-12-14 144784]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunKistEM]
C:\Program Files\Digital Media Reader\shwiconem.exe [2004-11-15 135168]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]
C:\PROGRA~1\SYMNET~1\SNDMon.exe [2006-02-14 100056]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\URLLSTCK.exe]
C:\Program Files\Norton Internet Security\UrlLstCk.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
C:\WINDOWS\system32\VTTimer.exe [2005-03-08 53248]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTrayp]
C:\WINDOWS\system32\VTtrayp.exe [2005-03-11 147456]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebAccelerator]
C:\Program Files\Web Accelerator\webxl.exe [2005-08-26 98304]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WhenUSave]
C:\Program Files\Save\Save.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe -quiet []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YSearchProtection]
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\_AntiSpyware]
C:\Program Files\McAfee\McAfee AntiSpyware\MssCli.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE [1999-11-04 113664]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE [2004-12-14 29696]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk]
C:\Program Files\BigFix\BigFix.exe /atstartup []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
C:\PROGRA~1\Logitech\DESKTO~1\8876480\Program\LDMConf.exe [2007-09-23 196608]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Check for OneTouch Updates.lnk]
C:\Program Files\Visioneer OneTouch\WiseUpdt.exe /C []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
C:\PROGRA~1\LimeWire\LimeWire.exe [2008-02-08 147456]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^MagicDisc.lnk]
C:\PROGRA~1\MAGICD~1\MAGICD~1.EXE [2008-02-18 546816]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^OpenOffice.org 2.4.lnk]
C:\PROGRA~1\OPENOF~1.4\program\QUICKS~1.EXE [2008-01-21 393216]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Xfire.lnk]
C:\Program Files\Xfire\Xfire.exe []
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\opnnnnKc]
C:\WINDOWS\system32\opnnnnKc.dll [2009-01-05 50176]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceOb jectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell ExecuteHooks]
"{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}"=C:\WINDOWS\system32\opnnnnKc.dll [2009-01-05 50176]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
C:\WINDOWS\system32\tuvSMcBQ
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\OneCar eMP]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\OneCar eMP]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Syste m]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explor er]
"NoDriveTypeAutoRun"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameter s\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@x psp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Application Loader"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe"="C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe:*:Enabled:AOLTsMon"
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe"="C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe:*:Enabled:AOLTopSpeed"
"C:\Program Files\Common Files\AOL\1122639952\EE\AOLServiceHost.exe"="C:\Program Files\Common Files\AOL\1122639952\EE\AOLServiceHost.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\System Information\sinf.exe"="C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe"="C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe"="C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe"="C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe:*:Enabled:AOL"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Total War\Medieval - Total War\Medieval_TW.exe"="C:\Program Files\Total War\Medieval - Total War\Medieval_TW.exe:*:Enabled:Medieval_TW"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\EA GAMES\The Battle for Middle-earth ™\game.dat"="C:\Program Files\EA GAMES\The Battle for Middle-earth ™\game.dat:*:Enabled:The Battle for Middle-earth ™"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\Documents and Settings\Owner\My Documents\Downloads\Programs\utorrent.exe"="C:\Documents and Settings\Owner\My Documents\Downloads\Programs\utorrent.exe:*:Enabled:�Torrent"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\Common Files\AOL\1216603751\EE\AOLServiceHost.exe"="C:\Program Files\Common Files\AOL\1216603751\EE\AOLServiceHost.exe:*:Enabled:AOL"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe"="C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare"
"C:\Program Files\America Online 9.0b\waol.exe"="C:\Program Files\America Online 9.0b\waol.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\1216603751\EE\aolsoftware.exe"="C:\Program Files\Common Files\AOL\1216603751\EE\aolsoftware.exe:*:Enabled:AOL Services"
"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameter s\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@x psp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountp oints2\D]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountp oints2\{36db705f-3c72-11d8-a150-806d6172696f}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountp oints2\{4021e6df-0a2a-11da-b762-806d6172696f}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountp oints2\{78c58664-836b-11dc-86fb-0040caaaf5ca}]
shell\AutoRun\command - J:\LaunchU3.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountp oints2\{9e8d2dcc-a465-11dd-8814-0040caaaf5ca}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Toy.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountp oints2\{dcd886df-1ef9-11da-9a49-806d6172696f}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountp oints2\{deff3a65-0821-11da-8b7d-806d6172696f}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480
======List of files/folders created in the last 3 months======
2009-01-05 21:10:50 —-D—- C:\Program Files\trend micro
2009-01-05 21:10:43 —-D—- C:\rsit
2009-01-05 19:28:32 —-D—- C:\Program Files\TeaTimer (Spybot - Search & Destroy)
2009-01-05 19:28:30 —-D—- C:\Program Files\SDHelper (Spybot - Search & Destroy)
2009-01-05 19:28:30 —-D—- C:\Program Files\Misc. Support Library (Spybot - Search & Destroy)
2009-01-05 19:28:28 —-D—- C:\Program Files\File Scanner Library (Spybot - Search & Destroy)
2009-01-05 19:24:45 —-A—- C:\WINDOWS\system32\jkkJyWmj.dll
2009-01-05 19:23:25 —-A—- C:\WINDOWS\system32\2b0a511f-.txt
2009-01-05 19:21:38 —-ASH—- C:\WINDOWS\system32\QBcMSvut.ini2
2009-01-05 19:21:36 —-ASH—- C:\WINDOWS\system32\QBcMSvut.ini
2009-01-05 19:21:28 —-A—- C:\WINDOWS\system32\tuvSMcBQ.dll
2009-01-05 19:16:25 —-A—- C:\WINDOWS\system32\efcyxuRj.dll
2009-01-05 19:16:07 —-A—- C:\WINDOWS\system32\opnnnnKc.dll
2009-01-05 19:15:43 —-A—- C:\WINDOWS\system32\prunnet.exe
2008-12-18 13:50:35 —-D—- C:\Program Files\SHARP
2008-12-11 03:11:41 —-HDC—- C:\WINDOWS\$NtUninstallKB955839$
2008-12-11 03:02:48 —-HDC—- C:\WINDOWS\$NtUninstallKB952069_WM9$
2008-12-11 03:02:16 —-HDC—- C:\WINDOWS\$NtUninstallKB954600$
2008-12-11 03:01:45 —-HDC—- C:\WINDOWS\$NtUninstallKB956802$
2008-12-07 20:37:58 —-D—- C:\Documents and Settings\All Users\Application Data\WEBREG
2008-12-07 20:32:58 —-D—- C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
2008-12-07 20:31:59 —-RA—- C:\WINDOWS\system32\hpzids01.dll
2008-12-07 20:31:48 —-A—- C:\WINDOWS\system32\hpzll5mu.dll
2008-12-07 20:31:16 —-RA—- C:\WINDOWS\system32\difxapi.dll
2008-12-07 20:31:15 —-RA—- C:\WINDOWS\system32\hppldcoi.dll
2008-12-07 20:31:14 —-RA—- C:\WINDOWS\system32\hpovst15.dll
2008-12-07 20:31:14 —-RA—- C:\WINDOWS\system32\hpotscl6.dll
2008-12-07 20:31:13 —-RA—- C:\WINDOWS\system32\hpowiax7.dll
2008-12-07 20:29:38 —-D—- C:\Documents and Settings\Owner\Application Data\HP
2008-11-28 22:19:39 —-A—- C:\WINDOWS\system32\xinput1_1.dll
2008-11-28 22:19:36 —-A—- C:\WINDOWS\system32\xactengine2_1.dll
2008-11-28 22:18:43 —-A—- C:\WINDOWS\system32\d3dx9_30.dll
2008-11-28 22:18:41 —-A—- C:\WINDOWS\system32\xactengine2_0.dll
2008-11-28 22:18:41 —-A—- C:\WINDOWS\system32\x3daudio1_0.dll
2008-11-28 22:18:38 —-A—- C:\WINDOWS\system32\d3dx9_29.dll
2008-11-28 22:17:58 —-A—- C:\WINDOWS\system32\d3dx9_28.dll
2008-11-28 22:17:56 —-A—- C:\WINDOWS\system32\xinput9_1_0.dll
2008-11-28 22:17:53 —-A—- C:\WINDOWS\system32\d3dx9_27.dll
2008-11-28 22:17:51 —-A—- C:\WINDOWS\system32\d3dx9_26.dll
2008-11-28 22:17:48 —-A—- C:\WINDOWS\system32\d3dx9_25.dll
2008-11-28 22:17:39 —-A—- C:\WINDOWS\system32\d3dx9_24.dll
2008-11-28 21:11:00 —-D—- C:\Program Files\SEGA
2008-11-28 13:34:13 —-D—- C:\Documents and Settings\Owner\Application Data\HPAppData
2008-11-28 08:05:04 —-D—- C:\Documents and Settings\All Users\Application Data\HP Product Assistant
2008-11-28 08:05:04 —-D—- C:\Documents and Settings\All Users\Application Data\HP
2008-11-28 08:04:18 —-D—- C:\Program Files\Hewlett-Packard
2008-11-28 08:04:03 —-D—- C:\Program Files\Common Files\Hewlett-Packard
2008-11-28 08:03:22 —-D—- C:\Program Files\Common Files\HP
2008-11-28 08:00:40 —-D—- C:\Program Files\HP
2008-11-20 22:27:03 —-D—- C:\Program Files\CueCard
2008-11-16 23:08:54 —-D—- C:\Documents and Settings\Owner\Application Data\skypePM
2008-11-16 23:07:29 —-D—- C:\Documents and Settings\Owner\Application Data\Skype
2008-11-16 23:06:39 —-D—- C:\Program Files\Skype
2008-11-16 23:06:38 —-D—- C:\Program Files\Common Files\Skype
2008-11-16 23:05:35 —-D—- C:\Documents and Settings\All Users\Application Data\Skype
2008-11-12 03:04:01 —-HDC—- C:\WINDOWS\$NtUninstallKB957097$
2008-11-12 03:03:36 —-HDC—- C:\WINDOWS\$NtUninstallKB954459$
2008-11-12 03:03:10 —-HDC—- C:\WINDOWS\$NtUninstallKB955069$
2008-11-08 21:19:24 —-D—- C:\Program Files\SystemRequirementsLab
2008-11-08 21:18:44 —-D—- C:\Documents and Settings\Owner\Application Data\SystemRequirementsLab
2008-11-06 20:46:09 —-D—- C:\Documents and Settings\Owner\Application Data\Viewpoint
2008-10-23 14:39:17 —-HDC—- C:\WINDOWS\$NtUninstallKB958644$
2008-10-18 12:57:04 —-A—- C:\WINDOWS\system32\lfpsd13n.dll
2008-10-16 02:09:58 —-HDC—- C:\WINDOWS\$NtUninstallKB956803$
2008-10-16 02:09:27 —-HDC—- C:\WINDOWS\$NtUninstallKB956391$
2008-10-16 02:09:04 —-HDC—- C:\WINDOWS\$NtUninstallKB957095$
2008-10-16 02:05:27 —-HDC—- C:\WINDOWS\$NtUninstallKB954211$
2008-10-16 02:04:31 —-HDC—- C:\WINDOWS\$NtUninstallKB956841$
2008-10-11 11:08:01 —-HD—- C:\WINDOWS\PIF
2008-10-08 21:25:25 —-A—- C:\WINDOWS\system32\ltclr13n.dll
2008-10-08 21:25:25 —-A—- C:\WINDOWS\system32\lftif13n.dll
2008-10-08 21:25:25 —-A—- C:\WINDOWS\system32\lffax13n.dll
======List of files/folders modified in the last 3 months======
2009-01-05 21:10:50 —-AD—- C:\Program Files
2009-01-05 21:10:46 —-D—- C:\WINDOWS\Prefetch
2009-01-05 21:05:12 —-D—- C:\Program Files\Mozilla Firefox
2009-01-05 20:12:36 —-D—- C:\WINDOWS\Temp
2009-01-05 19:55:00 —-A—- C:\WINDOWS\SchedLgU.Txt
2009-01-05 19:35:39 —-D—- C:\Program Files\Spybot - Search & Destroy
2009-01-05 19:32:50 —-D—- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-05 19:31:33 —-D—- C:\WINDOWS
2009-01-05 19:24:45 —-D—- C:\WINDOWS\system32
2009-01-05 19:16:27 —-SD—- C:\WINDOWS\Tasks
2009-01-04 21:02:30 —-D—- C:\Documents and Settings\Owner\Application Data\OpenOffice.org2
2009-01-04 16:06:39 —-D—- C:\WINDOWS\system32\CatRoot2
2009-01-03 18:29:07 —-D—- C:\Program Files\Microsoft Windows OneCare Live
2009-01-02 19:02:08 —-HD—- C:\WINDOWS\inf
2008-12-28 17:10:13 —-D—- C:\Program Files\MyWebSearch
2008-12-28 17:09:49 —-D—- C:\Program Files\Internet Explorer
2008-12-18 13:50:53 —-SHD—- C:\WINDOWS\Installer
2008-12-18 13:50:50 —-HD—- C:\Config.Msi
2008-12-18 03:03:03 —-RSHDC—- C:\WINDOWS\system32\dllcache
2008-12-18 03:02:48 —-D—- C:\WINDOWS\ie7updates
2008-12-18 03:01:09 —-HD—- C:\WINDOWS\$hf_mig$
2008-12-13 14:57:02 —-D—- C:\Program Files\Tibia
2008-12-12 22:40:02 —-A—- C:\WINDOWS\system32\mshtml.dll
2008-12-11 03:11:58 —-A—- C:\WINDOWS\imsins.BAK
2008-12-11 02:36:12 —-D—- C:\WINDOWS\system32\CatRoot
2008-12-09 15:24:37 —-A—- C:\WINDOWS\system32\MRT.exe
2008-12-07 20:33:45 —-A—- C:\WINDOWS\win.ini
2008-12-07 20:33:13 —-D—- C:\WINDOWS\system32\drivers
2008-12-07 20:31:29 —-D—- C:\WINDOWS\twain_32
2008-11-28 22:25:52 —-HD—- C:\Program Files\InstallShield Installation Information
2008-11-28 22:19:43 —-D—- C:\WINDOWS\system32\DirectX
2008-11-28 22:19:36 —-RSD—- C:\WINDOWS\assembly
2008-11-28 22:18:06 —-D—- C:\WINDOWS\Microsoft.NET
2008-11-28 21:07:33 —-A—- C:\WINDOWS\system32\CmdLineExt.dll
2008-11-28 08:07:08 —-D—- C:\WINDOWS\WinSxS
2008-11-28 08:04:03 —-D—- C:\Program Files\Common Files
2008-11-28 08:01:59 —-DC—- C:\WINDOWS\system32\DRVSTORE
2008-11-25 21:55:30 —-RASH—- C:\boot.ini
2008-11-25 21:55:30 —-A—- C:\WINDOWS\system.ini
2008-11-25 21:55:28 —-D—- C:\WINDOWS\pss
2008-11-23 20:57:27 —-D—- C:\WINDOWS\Help
2008-11-06 16:03:02 —-A—- C:\WINDOWS\system32\PerfStringBackup.INI
2008-10-23 04:36:14 —-A—- C:\WINDOWS\system32\gdi32.dll
2008-10-23 02:06:59 —-N—- C:\WINDOWS\system32\tzchange.exe
2008-10-22 19:14:45 —-D—- C:\Program Files\Microsoft Silverlight
2008-10-16 14:13:40 —-A—- C:\WINDOWS\system32\wuweb.dll
2008-10-16 14:13:40 —-A—- C:\WINDOWS\system32\wuaueng.dll
2008-10-16 14:12:22 —-A—- C:\WINDOWS\system32\wucltui.dll
2008-10-16 14:12:20 —-A—- C:\WINDOWS\system32\wuapi.dll
2008-10-16 14:09:44 —-A—- C:\WINDOWS\system32\wups2.dll
2008-10-16 14:09:44 —-A—- C:\WINDOWS\system32\wuauclt.exe
2008-10-16 14:09:44 —-A—- C:\WINDOWS\system32\cdm.dll
2008-10-16 14:09:40 —-A—- C:\WINDOWS\system32\wucltui.dll.mui
2008-10-16 14:08:58 —-A—- C:\WINDOWS\system32\wups.dll
2008-10-16 14:07:44 —-A—- C:\WINDOWS\system32\wuapi.dll.mui
2008-10-16 14:07:14 —-A—- C:\WINDOWS\system32\wuaueng.dll.mui
2008-10-16 14:06:48 —-A—- C:\WINDOWS\system32\muweb.dll
2008-10-16 14:06:48 —-A—- C:\WINDOWS\system32\mucltui.dll.mui
2008-10-16 14:06:48 —-A—- C:\WINDOWS\system32\mucltui.dll
2008-10-16 12:38:40 —-A—- C:\WINDOWS\system32\wininet.dll
2008-10-16 12:38:39 —-A—- C:\WINDOWS\system32\webcheck.dll
2008-10-16 12:38:39 —-A—- C:\WINDOWS\system32\urlmon.dll
2008-10-16 12:38:39 —-A—- C:\WINDOWS\system32\url.dll
2008-10-16 12:38:39 —-A—- C:\WINDOWS\system32\pngfilt.dll
2008-10-16 12:38:39 —-A—- C:\WINDOWS\system32\occache.dll
2008-10-16 12:38:39 —-A—- C:\WINDOWS\system32\mstime.dll
2008-10-16 12:38:38 —-A—- C:\WINDOWS\system32\msrating.dll
2008-10-16 12:38:38 —-A—- C:\WINDOWS\system32\mshtmled.dll
2008-10-16 12:38:37 —-A—- C:\WINDOWS\system32\msfeedsbs.dll
2008-10-16 12:38:37 —-A—- C:\WINDOWS\system32\msfeeds.dll
2008-10-16 12:38:37 —-A—- C:\WINDOWS\system32\jsproxy.dll
2008-10-16 12:38:37 —-A—- C:\WINDOWS\system32\iertutil.dll
2008-10-16 12:38:37 —-A—- C:\WINDOWS\system32\iernonce.dll
2008-10-16 12:38:37 —-A—- C:\WINDOWS\system32\ieframe.dll
2008-10-16 12:38:35 —-A—- C:\WINDOWS\system32\iedkcs32.dll
2008-10-16 12:38:35 —-A—- C:\WINDOWS\system32\ieapfltr.dll
2008-10-16 12:38:35 —-A—- C:\WINDOWS\system32\ieaksie.dll
2008-10-16 12:38:35 —-A—- C:\WINDOWS\system32\ieakeng.dll
2008-10-16 12:38:35 —-A—- C:\WINDOWS\system32\icardie.dll
2008-10-16 12:38:35 —-A—- C:\WINDOWS\system32\extmgr.dll
2008-10-16 12:38:34 —-A—- C:\WINDOWS\system32\dxtrans.dll
2008-10-16 12:38:34 —-A—- C:\WINDOWS\system32\dxtmsft.dll
2008-10-16 12:38:34 —-A—- C:\WINDOWS\system32\advpack.dll
2008-10-16 05:11:09 —-A—- C:\WINDOWS\system32\ieudinit.exe
2008-10-16 05:11:09 —-A—- C:\WINDOWS\system32\ie4uinit.exe
2008-10-15 08:34:24 —-A—- C:\WINDOWS\system32\netapi32.dll
2008-10-14 23:04:53 —-A—- C:\WINDOWS\system32\ieakui.dll
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 FsVga;FsVga; C:\WINDOWS\system32\DRIVERS\fsvga.sys [2004-08-04 12160]
R1 MSFWHLPR;MSFWHLPR; C:\WINDOWS\system32\DRIVERS\msfwhlpr.sys [2007-11-27 116416]
R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2005-04-05 267192]
R1 Tcpip6;Microsoft IPv6 Protocol Driver; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2008-06-20 225856]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]
R2 ASCTRM;ASCTRM; C:\WINDOWS\system32\drivers\ASCTRM.sys [2008-07-20 8552]
R2 irda;IrDA Protocol; C:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-13 88192]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-08-03 11868]
R2 MSFWDrv;MSFWDrv; C:\WINDOWS\system32\DRIVERS\msfwdrv.sys [2007-11-27 91328]
R2 NwlnkIpx;NWLink IPX/SPX/NetBIOS Compatible Transport Protocol; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2008-04-13 88320]
R2 NwlnkNb;NWLink NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2004-08-04 63232]
R2 NwlnkSpx;NWLink SPX/SPXII Protocol; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2004-08-04 55936]
R3 Afc;PPdus ASPI Shell; C:\WINDOWS\system32\drivers\Afc.sys [2005-02-23 11776]
R3 ALCXSENS;Service for WDM 3D Audio Driver; C:\WINDOWS\system32\drivers\ALCXSENS.SYS [2003-12-09 400384]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2003-12-09 626977]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2006-09-19 15664]
R3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2007-10-30 49920]
R3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2007-10-30 16496]
R3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2007-10-30 21568]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2004-06-17 1041536]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys [2004-06-17 220032]
R3 irsir;Microsoft Serial Infrared Driver; C:\WINDOWS\system32\DRIVERS\irsir.sys [2001-08-17 18688]
R3 LVcKap;Logitech AEC Driver; C:\WINDOWS\system32\DRIVERS\LVcKap.sys [2007-02-06 1691808]
R3 LVMVDrv;Logitech Machine Vision Engine Loader; C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys [2007-02-06 1964064]
R3 LVPr2Mon;Logitech LVPr2Mon Driver; C:\WINDOWS\system32\drivers\LVPr2Mon.sys [2007-02-06 25632]
R3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\LVUSBSta.sys [2007-02-03 41504]
R3 mcdbus;Driver for MagicISO SCSI Host Controller; C:\WINDOWS\system32\DRIVERS\mcdbus.sys [2008-02-18 96256]
R3 MpFilter;Microsoft Malware Protection Driver; C:\WINDOWS\system32\DRIVERS\MpFilter.sys [2008-05-15 53168]
R3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
R3 pepifilter;Volume Adapter; C:\WINDOWS\system32\DRIVERS\lv302af.sys [2007-02-03 14240]
R3 PID_PEPI;Logitech QuickCam IM(PID_PEPI); C:\WINDOWS\system32\DRIVERS\LV302V32.SYS [2007-02-03 938272]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
R3 StillCam;Still Serial Digital Camera Driver; C:\WINDOWS\system32\DRIVERS\serscan.sys [2001-08-17 6784]
R3 SunkFilt;Alcor Micro Corp Reader; \??\C:\WINDOWS\System32\Drivers\sunkfilt.sys []
R3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []
R3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-13 12288]
R3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 viagfx;viagfx; C:\WINDOWS\system32\DRIVERS\vtmini.sys [2005-04-06 173696]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2004-06-17 685056]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
S1 P3;Intel PentiumIII Processor Driver; C:\WINDOWS\system32\DRIVERS\p3.sys [2008-04-13 42752]
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 DCamUSBSTK017;STK017 Camera; C:\WINDOWS\system32\DRIVERS\STK017W2.sys [2003-11-17 99476]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 mxnic;Macronix MX987xx Family Fast Ethernet NT Driver; C:\WINDOWS\system32\DRIVERS\mxnic.sys [2001-08-17 19968]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 nm;Network Monitor Driver; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-13 40320]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 PID_08A0;Logitech QuickCam IM(PID_08A0); C:\WINDOWS\system32\DRIVERS\LV302AV.SYS [2006-06-22 720176]
S3 pmxscan;Visioneer USB Kernel; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 RTL8023;Realtek RTL8139/810x/8169/8110 all in one NDIS NT Driver; C:\WINDOWS\system32\DRIVERS\Rtlnic51.sys [2004-08-13 65280]
S3 SiS7018;Service for AC’97 Sample Driver (WDM); C:\WINDOWS\system32\drivers\ac97sis.sys [2001-08-17 297728]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 SYMDNS;SYMDNS; C:\WINDOWS\System32\Drivers\SYMDNS.SYS [2005-04-05 11512]
S3 SYMFW;SYMFW; C:\WINDOWS\System32\Drivers\SYMFW.SYS [2005-04-05 173208]
S3 SYMIDS;SYMIDS; C:\WINDOWS\System32\Drivers\SYMIDS.SYS [2005-04-05 36984]
S3 SYMNDIS;SYMNDIS; C:\WINDOWS\System32\Drivers\SYMNDIS.SYS [2005-04-05 47192]
S3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2005-04-05 17976]
S3 USB_RNDIS;USB Remote NDIS Network Device Driver; C:\WINDOWS\system32\DRIVERS\usb8023.sys [2008-04-13 12800]
S3 VIAudio;VIA AC’97 Audio Controller (WDM); C:\WINDOWS\system32\drivers\ac97via.sys [2004-08-03 84480]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [2003-01-10 33588]
S3 wdm_opl3sax;YAMAHA OPL3-SAx Audio Driver (WDM); C:\WINDOWS\system32\drivers\opl3sax.sys [2001-08-17 54528]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 6to4;IPv6 Helper Service; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R2 AOL TopSpeedMonitor;AOL TopSpeed Monitor; C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe [2004-10-15 100016]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2007-07-24 229376]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R2 Irmon;Infrared Monitor; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R2 LVPrcSrv;Logitech Process Monitor; c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe [2007-02-06 109344]
R2 msfwsvc;OneCare Firewall; C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe [2007-11-27 755264]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
R2 OcHealthMon;Windows Live OneCare Health Monitor; C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe [2008-11-05 25968]
R2 OneCareMP;OneCare AntiSpyware and AntiVirus; C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe [2008-07-09 18704]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
R2 PrismXL;PrismXL; C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS [2005-07-29 172032]
R2 sprtlisten;SupportSoft Listener Service; C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe [2008-01-08 1213728]
R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R2 winss;Windows Live OneCare; C:\Program Files\Microsoft Windows OneCare Live\winss.exe [2008-11-05 1132912]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-02-19 504104]
R3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S2 LVSrvLauncher;LVSrvLauncher; C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe [2007-02-06 105248]
S2 MyWebSearchService;My Web Search Service; C:\PROGRA~1\MYWEBS~1\bar\4.bin\mwssvc.exe [2008-12-28 28762]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 MSCSPTISRV;MSCSPTISRV; C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe [2005-01-26 53337]
S3 PACSPTISVR;PACSPTISVR; C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [2005-01-26 53337]
S3 SerialKeys;SerialKeys; C:\WINDOWS\system32\skeys.exe [2008-04-13 26112]
S3 SNDSrvc;Symantec Network Drivers Service; C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe [2005-04-05 206552]
S3 SPTISRV;Sony SPTI Service; C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe [2005-01-26 69718]
S3 SupportSoft RemoteAssist;SupportSoft RemoteAssist; C:\Program Files\Common Files\SupportSoft\bin\ssrc.exe [2008-01-08 394608]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
—————–EOF—————–
I consent. That is the friend. The Justinmd guy own’s the computer I spoke of.
Welcome to linabbs justinmd 
Thanks for the log. Please complete the instructions given in post #3 above.
I wasn’t able to directly copy the log to a reply because my internet stopped working. I got it running and I accidentally ran it again. I found the logs and I’m putting them on here. I didn’t know if I was supposed to put the quarantined files so I’m going to put the first.
2004-08-26 08:12:09 A——- 37,888 C:\Qoobox\Quarantine\C\WINDOWS\system32\_000008_.tmp.dll.vir
2007-06-19 18:38:59 A——- 3,687 C:\Qoobox\Quarantine\C\Documents and Settings\Owner\Application Data\FunWebProducts\Data\Owner\avatar.dat.vir
2008-12-07 20:31:13 A——- 729,088 C:\Qoobox\Quarantine\C\WINDOWS\system32\hpowiax7.dll.vir
2008-12-28 17:09:25 A——- 20,164 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\4.bin\F3BKGERR.JPG.vir
2008-12-28 17:09:25 A——- 139,264 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\4.bin\F3CJPEG.DLL.vir
2008-12-28 17:09:26 A——- 86,096 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\4.bin\F3DTACTL.DLL.vir
2008-12-28 17:09:26 A——- 278,599 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\4.bin\F3HISTSW.DLL.vir
2008-12-28 17:09:27 A——- 147,528 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\4.bin\F3HTMLMU.DLL.vir
2008-12-28 17:09:28 A——- 77,894 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\4.bin\F3HTTPCT.DLL.vir
2008-12-28 17:09:29 A——- 28,672 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\4.bin\F3IMSTUB.DLL.vir
2008-12-28 17:09:29 A——- 127,057 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\4.bin\F3POPSWT.DLL.vir
2008-12-28 17:09:30 A——- 28,672 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\4.bin\F3PSSAVR.SCR.vir
2008-12-28 17:09:30 A——- 131,072 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\4.bin\F3REPROX.DLL.vir
2008-12-28 17:09:31 A——- 24,576 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\4.bin\F3RESTUB.DLL.vir
2008-12-28 17:09:31 A——- 86,089 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\4.bin\F3SCHMON.EXE.vir
2008-12-28 17:09:32 A——- 305 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\4.bin\F3WALLPP.DAT.vir
2008-12-28 17:09:32 A——- 5,446 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\4.bin\F3SPACER.WMV.vir
2008-12-28 17:09:32 A——- 20,480 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\4.bin\F3WPHOOK.DLL.vir
2008-12-28 17:09:32 A——- 299,008 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\4.bin\F3SCRCTR.DLL.vir
2008-12-28 17:09:33 A——- 140 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\4.bin\M3FFXTBR.MANIFEST.vir
2008-12-28 17:09:33 A——- 3,343 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\4.bin\FWPBUDDY.PNG.vir
2008-12-28 17:09:33 A——- 4,814 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\4.bin\M3FFXTBR.JAR.vir
2008-12-28 17:09:33 A——- 16,384 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\4.bin\M3IMPIPE.EXE.vir
2008-12-28 17:09:33 A——- 16,501 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\4.bin\M3MEDINT.EXE.vir
2008-12-28 17:09:33 A——- 16,502 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\4.bin\M3HIGHIN.EXE.vir
2008-12-28 17:09:33 A——- 28,672 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\4.bin\M3IDLE.DLL.vir
2008-12-28 17:09:33 A——- 86,078 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\4.bin\M3HTML.DLL.vir
2008-12-28 17:09:34 A——- 140 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\4.bin\M3NTSTBR.MANIFEST.vir
2008-12-28 17:09:34 A——- 6,462 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\4.bin\M3NTSTBR.JAR.vir
2008-12-28 17:09:34 A——- 69,717 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\4.bin\M3OUTLCN.DLL.vir
2008-12-28 17:09:34 A——- 155,738 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\4.bin\M3MSG.DLL.vir
2008-12-28 17:09:35 A——- 24,576 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\4.bin\M3SKPLAY.EXE.vir
2008-12-28 17:09:35 A——- 24,686 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\4.bin\M3SLSRCH.EXE.vir
2008-12-28 17:09:35 A——- 53,352 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\4.bin\M3PLUGIN.DLL.vir
2008-12-28 17:09:35 A——- 131,141 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\4.bin\M3SKIN.DLL.vir
2008-12-28 17:09:36 A——- 24,688 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\4.bin\M3SRCHMN.EXE.vir
2008-12-28 17:09:36 A——- 417,887 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\4.bin\MWSBAR.DLL.vir
2008-12-28 17:09:38 A——- 32,838 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\4.bin\MWSOEMON.EXE.vir
2008-12-28 17:09:38 A——- 45,123 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\4.bin\MWSOESTB.DLL.vir
2008-12-28 17:09:38 A——- 385,107 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\4.bin\MWSOEPLG.DLL.vir
2008-12-28 17:09:39 A——- 24,684 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\4.bin\NPMYWEBS.DLL.vir
2008-12-28 17:09:39 A——- 28,762 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\4.bin\MWSSVC.EXE.vir
2008-12-28 17:09:45 A——- 28,672 C:\Qoobox\Quarantine\C\WINDOWS\system32\f3PSSavr.scr.vir
2008-12-28 17:09:49 A——- 28,672 C:\Qoobox\Quarantine\C\Program Files\Internet Explorer\msimg32.dll.vir
2008-12-28 17:09:52 A——- 40,516 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\Message\COMMON.F3S.vir
2008-12-28 17:09:52 A——- 89,655 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\Avatar\COMMON.F3S.vir
2008-12-28 17:09:53 A——- 301,118 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\Notifier\COMMON.F3S.vir
2008-12-28 17:09:54 A——- 71,675 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\Notifier\DOG.F3S.vir
2008-12-28 17:09:55 A——- 106,998 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\Notifier\FISH.F3S.vir
2008-12-28 17:09:55 A——- 129,559 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\Notifier\KUNGFU.F3S.vir
2008-12-28 17:09:56 A——- 272,367 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\Notifier\LIFEGARD.F3S.vir
2008-12-28 17:09:57 A——- 43,287 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\Notifier\MAILBOX.F3S.vir
2008-12-28 17:09:57 A——- 122,747 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\Notifier\MAID.F3S.vir
2008-12-28 17:09:57 A——- 155,471 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\Notifier\OPERA.F3S.vir
2008-12-28 17:09:58 A——- 149,817 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\Notifier\ROBOT.F3S.vir
2008-12-28 17:09:59 A——- 243,509 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\Notifier\SEDUCT.F3S.vir
2008-12-28 17:10:00 A——- 56,438 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S.vir
2008-12-28 17:10:00 A——- 66,726 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\Game\CHESS.F3S.vir
2008-12-28 17:10:00 A——- 113,081 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\Notifier\SURFER.F3S.vir
2008-12-28 17:10:01 A——- 7,406 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\icons\CM.ICO.vir
2008-12-28 17:10:01 A——- 7,406 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\icons\MFC.ICO.vir
2008-12-28 17:10:01 A——- 7,406 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\icons\SMILEY.ICO.vir
2008-12-28 17:10:01 A——- 7,406 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\icons\WB.ICO.vir
2008-12-28 17:10:01 A——- 10,134 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\icons\PSS.ICO.vir
2008-12-28 17:10:01 A——- 56,688 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\Game\REVERSI.F3S.vir
2008-12-28 17:10:02 A——- 16 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\Settings\s_pid.dat.vir
2008-12-28 17:10:02 A——- 12,782 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\icons\ZWINKY.ICO.vir
2008-12-28 17:10:08 A——- 64 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\Message\COMMON\tp_grad.gif.vir
2008-12-28 17:10:08 A——- 145 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\Message\COMMON\mid_dots.gif.vir
2008-12-28 17:10:08 A——- 724 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\Message\COMMON\stop.gif.vir
2008-12-28 17:10:08 A——- 1,517 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\Message\COMMON\warn.gif.vir
2008-12-28 17:10:08 A——- 1,922 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\Message\COMMON\ask_logo.gif.vir
2008-12-28 17:10:08 A——- 2,044 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\Message\COMMON\center.htm.vir
2008-12-28 17:10:08 A——- 2,353 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\Message\COMMON\autoup.gif.vir
2008-12-28 17:10:08 A——- 2,570 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\Message\COMMON\systray.htm.vir
2008-12-28 17:10:08 A——- 3,036 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\Message\COMMON\shocked.gif.vir
2008-12-28 17:10:08 A——- 3,630 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\Message\COMMON\autoup.htm.vir
2008-12-28 17:10:08 A——- 3,753 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\Message\COMMON\mws_logo.gif.vir
2008-12-28 17:10:08 A——- 4,345 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\Message\COMMON\systrayp.htm.vir
2008-12-28 17:10:08 A——- 6,205 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\Message\COMMON\protect.htm.vir
2008-12-28 17:10:08 A——- 7,792 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\Message\COMMON\index.htm.vir
2008-12-28 17:10:14 A——- 61,440 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\SrchAstt\4.bin\MWSSRCAS.DLL.vir
2008-12-28 17:15:24 A——- 983 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\Cache\files.ini.vir
2008-12-28 17:15:25 A——- 107 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\Cache\04CCC52F.vir
2008-12-28 17:15:25 A——- 81,878 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\Settings\prevcfg2.htm.vir
2008-12-28 17:15:26 A——- 107 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\Cache\04CCCCB1.vir
2008-12-28 17:15:27 A——- 1,928 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\Cache\04CCD099.bin.vir
2008-12-28 17:15:28 A——- 25,157 C:\Qoobox\Quarantine\C\Program Files\FunWebProducts\Shared\Cache\MyFunCardsIMBtn.html.vir
2008-12-28 17:15:28 A——- 501,103 C:\Qoobox\Quarantine\C\Program Files\FunWebProducts\Shared\Cache\WebfettiBtn.html.vir
2008-12-28 17:15:29 A——- 1,024 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\History\search3.vir
2008-12-28 17:15:29 A——- 597,891 C:\Qoobox\Quarantine\C\Program Files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html.vir
2008-12-28 17:15:30 A——- 2,552 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\Cache\04CCD656.bin.vir
2008-12-28 17:15:31 A——- 944 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\Cache\04CCDEC2.bin.vir
2008-12-28 17:15:32 A——- 138,930 C:\Qoobox\Quarantine\C\Program Files\FunWebProducts\Shared\Cache\CursorManiaBtn.html.vir
2008-12-28 17:15:33 A——- 116 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\Cache\04CCE867.vir
2008-12-28 17:15:33 A——- 244 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\Cache\04CCE440.bin.vir
2008-12-28 17:15:34 A——- 1,940 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\Cache\04CCECBC.bin.vir
2008-12-28 17:15:35 A——- 1,668 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\Cache\04CCF16F.bin.vir
2008-12-28 17:15:35 A——- 1,724 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\Cache\04CCEFAA.bin.vir
2008-12-28 17:15:36 A——- 1,284 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\Cache\04CCF315.bin.vir
2009-01-05 19:15:43 A——- 114,688 C:\Qoobox\Quarantine\C\WINDOWS\system32\prunnet.exe.vir
2009-01-05 19:16:07 A——- 50,176 C:\Qoobox\Quarantine\C\WINDOWS\system32\opnnnnKc.dll.vir
2009-01-05 19:21:28 A——- 289,280 C:\Qoobox\Quarantine\C\WINDOWS\system32\tuvSMcBQ.dll.vir
2009-01-05 19:21:36 A——- 714,487 C:\Qoobox\Quarantine\C\WINDOWS\system32\QBcMSvut.ini.vir
2009-01-05 19:21:38 A——- 768,420 C:\Qoobox\Quarantine\C\WINDOWS\system32\QBcMSvut.ini2.vir
2009-01-05 19:24:45 A——- 50,176 C:\Qoobox\Quarantine\C\WINDOWS\system32\jkkJyWmj.dll.vir
2009-01-06 19:27:50 A——- 86,528 C:\Qoobox\Quarantine\C\WINDOWS\system32\lyttuekc.dll.vir
2009-01-06 19:28:00 A——- 1,320,830 C:\Qoobox\Quarantine\C\WINDOWS\system32\ckeuttyl.ini.vir
2009-01-06 19:33:39 A——- 137,728 C:\Qoobox\Quarantine\C\WINDOWS\system32\ymttcdsb.dll.vir
2009-01-06 19:33:41 A——- 137,728 C:\Qoobox\Quarantine\C\WINDOWS\system32\lnjajo.dll.vir
2009-01-06 20:14:52 A——- 137,728 C:\Qoobox\Quarantine\C\WINDOWS\system32\suknlgsv.dll.vir
2009-01-06 20:14:54 A——- 137,728 C:\Qoobox\Quarantine\C\WINDOWS\system32\ccyulu.dll.vir
2009-01-06 20:19:33 A——- 86,528 C:\Qoobox\Quarantine\C\WINDOWS\system32\lynbjynu.dll.vir
2009-01-06 20:19:35 A——- 1,320,830 C:\Qoobox\Quarantine\C\WINDOWS\system32\unyjbnyl.ini.vir
2009-01-07 16:13:27 A——- 278 C:\Qoobox\Quarantine\catchme.log
2009-01-07 16:47:53 A——- 10,490 C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2009-01-07 16:50:14 A——- 1,164 C:\Qoobox\Quarantine\Registry_backups\Legacy_MYWEBSEARCHSERVICE.reg.dat
2009-01-07 16:50:15 A——- 2,728 C:\Qoobox\Quarantine\Registry_backups\Service_MyWebSearchService.reg.dat
2009-01-08 11:00:47 A——- 374 C:\Qoobox\Quarantine\Registry_backups\BHO-{F9FA76AE-5A55-41D1-974C-5F66920794F4}.reg.dat
2009-01-08 11:00:47 A——- 416 C:\Qoobox\Quarantine\Registry_backups\BHO-{39614067-70ac-4592-bd45-f8a89ba58b7a}.reg.dat
2009-01-08 11:00:51 A——- 166 C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-MyWebSearch Plugin.reg.dat
2009-01-08 11:01:02 A——- 610 C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-AOLDialer.reg.dat
2009-01-08 11:01:02 A——- 668 C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-AOL Spyware Protection.reg.dat
2009-01-08 11:01:03 A——- 592 C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-MCAgentExe.reg.dat
2009-01-08 11:01:03 A——- 596 C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-AVG7_CC.reg.dat
2009-01-08 11:01:03 A——- 596 C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-BookmarkCentral.reg.dat
2009-01-08 11:01:03 A——- 598 C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-MCUpdateExe.reg.dat
2009-01-08 11:01:03 A——- 602 C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-DownloadAccelerator.reg.dat
2009-01-08 11:01:03 A——- 616 C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-ccApp.reg.dat
2009-01-08 11:01:03 A——- 616 C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-IDMan.reg.dat
2009-01-08 11:01:03 A——- 616 C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-MessengerPlus3.reg.dat
2009-01-08 11:01:03 A——- 634 C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-Free Download Manager.reg.dat
2009-01-08 11:01:03 A——- 638 C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-Bart Station.reg.dat
2009-01-08 11:01:03 A——- 698 C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-Google Desktop Search.reg.dat
2009-01-08 11:01:03 A——- 704 C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-Flaw idol time locks.reg.dat
2009-01-08 11:01:03 A——- 768 C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-Ezthemes_WhenUSaveNow_Installer.reg.dat
2009-01-08 11:01:04 A——- 570 C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-WhenUSave.reg.dat
2009-01-08 11:01:04 A——- 574 C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-SpeedOptimizer.reg.dat
2009-01-08 11:01:04 A——- 590 C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-OneTouch Monitor.reg.dat
2009-01-08 11:01:04 A——- 594 C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-PPWebCap.reg.dat
2009-01-08 11:01:04 A——- 612 C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-pollface.reg.dat
2009-01-08 11:01:04 A——- 624 C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-URLLSTCK.reg.dat
2009-01-08 11:01:04 A——- 628 C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-NetPumper.reg.dat
2009-01-08 11:01:04 A——- 640 C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-Pure Networks Port Magic.reg.dat
2009-01-08 11:01:04 A——- 658 C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-msnappau.reg.dat
2009-01-08 11:01:04 A——- 658 C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-TkBellExe.reg.dat
2009-01-08 11:01:04 A——- 668 C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-Spanish.reg.dat
2009-01-08 11:01:04 A——- 698 C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-swg.reg.dat
2009-01-08 11:01:05 A——- 620 C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-_AntiSpyware.reg.dat
2009-01-08 11:01:05 A——- 656 C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-Yahoo! Pager.reg.dat
2009-01-08 11:01:05 A——- 668 C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-YSearchProtection.reg.dat
Here’s the log I guess…
ComboFix 09-01-10.01 - Owner 2009-01-10 13:09:16.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.446.125 [GMT -8:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
AV: Windows Live OneCare *On-access scanning disabled* (Outdated)
FW: Windows Live OneCare Firewall *disabled*
.
and the second part.
ComboFix 09-01-07.01 - Owner 2009-01-07 16:38:27.1 - NTFSx86
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: Windows Live OneCare *On-access scanning disabled* (Outdated)
FW: Windows Live OneCare Firewall *disabled*
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Owner\Application Data\FunWebProducts
c:\documents and settings\Owner\Application Data\FunWebProducts\Data\Owner\avatar.dat
c:\program files\FunWebProducts
c:\program files\FunWebProducts\Shared\Cache\CursorManiaBtn.html
c:\program files\FunWebProducts\Shared\Cache\MyFunCardsIMBtn.html
c:\program files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html
c:\program files\FunWebProducts\Shared\Cache\WebfettiBtn.html
c:\program files\Internet Explorer\msimg32.dll
c:\program files\MyWebSearch
c:\program files\MyWebSearch\bar\4.bin\F3BKGERR.JPG
c:\program files\MyWebSearch\bar\4.bin\F3CJPEG.DLL
c:\program files\MyWebSearch\bar\4.bin\F3DTACTL.DLL
c:\program files\MyWebSearch\bar\4.bin\F3HISTSW.DLL
c:\program files\MyWebSearch\bar\4.bin\F3HTMLMU.DLL
c:\program files\MyWebSearch\bar\4.bin\F3HTTPCT.DLL
c:\program files\MyWebSearch\bar\4.bin\F3IMSTUB.DLL
c:\program files\MyWebSearch\bar\4.bin\F3POPSWT.DLL
c:\program files\MyWebSearch\bar\4.bin\F3PSSAVR.SCR
c:\program files\MyWebSearch\bar\4.bin\F3REPROX.DLL
c:\program files\MyWebSearch\bar\4.bin\F3RESTUB.DLL
c:\program files\MyWebSearch\bar\4.bin\F3SCHMON.EXE
c:\program files\MyWebSearch\bar\4.bin\F3SCRCTR.DLL
c:\program files\MyWebSearch\bar\4.bin\F3SPACER.WMV
c:\program files\MyWebSearch\bar\4.bin\F3WALLPP.DAT
c:\program files\MyWebSearch\bar\4.bin\F3WPHOOK.DLL
c:\program files\MyWebSearch\bar\4.bin\FWPBUDDY.PNG
c:\program files\MyWebSearch\bar\4.bin\M3FFXTBR.JAR
c:\program files\MyWebSearch\bar\4.bin\M3FFXTBR.MANIFEST
c:\program files\MyWebSearch\bar\4.bin\M3HIGHIN.EXE
c:\program files\MyWebSearch\bar\4.bin\M3HTML.DLL
c:\program files\MyWebSearch\bar\4.bin\M3IDLE.DLL
c:\program files\MyWebSearch\bar\4.bin\M3IMPIPE.EXE
c:\program files\MyWebSearch\bar\4.bin\M3MEDINT.EXE
c:\program files\MyWebSearch\bar\4.bin\M3MSG.DLL
c:\program files\MyWebSearch\bar\4.bin\M3NTSTBR.JAR
c:\program files\MyWebSearch\bar\4.bin\M3NTSTBR.MANIFEST
c:\program files\MyWebSearch\bar\4.bin\M3OUTLCN.DLL
c:\program files\MyWebSearch\bar\4.bin\M3PLUGIN.DLL
c:\program files\MyWebSearch\bar\4.bin\M3SKIN.DLL
c:\program files\MyWebSearch\bar\4.bin\M3SKPLAY.EXE
c:\program files\MyWebSearch\bar\4.bin\M3SLSRCH.EXE
c:\program files\MyWebSearch\bar\4.bin\M3SRCHMN.EXE
c:\program files\MyWebSearch\bar\4.bin\MWSBAR.DLL
c:\program files\MyWebSearch\bar\4.bin\MWSOEMON.EXE
c:\program files\MyWebSearch\bar\4.bin\MWSOEPLG.DLL
c:\program files\MyWebSearch\bar\4.bin\MWSOESTB.DLL
c:\program files\MyWebSearch\bar\4.bin\MWSSVC.EXE
c:\program files\MyWebSearch\bar\4.bin\NPMYWEBS.DLL
c:\program files\MyWebSearch\bar\Avatar\COMMON.F3S
c:\program files\MyWebSearch\bar\Cache\04CCC52F
c:\program files\MyWebSearch\bar\Cache\04CCCCB1
c:\program files\MyWebSearch\bar\Cache\04CCD099.bin
c:\program files\MyWebSearch\bar\Cache\04CCD656.bin
c:\program files\MyWebSearch\bar\Cache\04CCDEC2.bin
c:\program files\MyWebSearch\bar\Cache\04CCE440.bin
c:\program files\MyWebSearch\bar\Cache\04CCE867
c:\program files\MyWebSearch\bar\Cache\04CCECBC.bin
c:\program files\MyWebSearch\bar\Cache\04CCEFAA.bin
c:\program files\MyWebSearch\bar\Cache\04CCF16F.bin
c:\program files\MyWebSearch\bar\Cache\04CCF315.bin
c:\program files\MyWebSearch\bar\Cache\files.ini
c:\program files\MyWebSearch\bar\Game\CHECKERS.F3S
c:\program files\MyWebSearch\bar\Game\CHESS.F3S
c:\program files\MyWebSearch\bar\Game\REVERSI.F3S
c:\program files\MyWebSearch\bar\History\search3
c:\program files\MyWebSearch\bar\icons\CM.ICO
c:\program files\MyWebSearch\bar\icons\MFC.ICO
c:\program files\MyWebSearch\bar\icons\PSS.ICO
c:\program files\MyWebSearch\bar\icons\SMILEY.ICO
c:\program files\MyWebSearch\bar\icons\WB.ICO
c:\program files\MyWebSearch\bar\icons\ZWINKY.ICO
c:\program files\MyWebSearch\bar\Message\COMMON.F3S
c:\program files\MyWebSearch\bar\Message\COMMON\ask_logo.gif
c:\program files\MyWebSearch\bar\Message\COMMON\autoup.gif
c:\program files\MyWebSearch\bar\Message\COMMON\autoup.htm
c:\program files\MyWebSearch\bar\Message\COMMON\center.htm
c:\program files\MyWebSearch\bar\Message\COMMON\index.htm
c:\program files\MyWebSearch\bar\Message\COMMON\mid_dots.gif
c:\program files\MyWebSearch\bar\Message\COMMON\mws_logo.gif
c:\program files\MyWebSearch\bar\Message\COMMON\protect.htm
c:\program files\MyWebSearch\bar\Message\COMMON\shocked.gif
c:\program files\MyWebSearch\bar\Message\COMMON\stop.gif
c:\program files\MyWebSearch\bar\Message\COMMON\systray.htm
c:\program files\MyWebSearch\bar\Message\COMMON\systrayp.htm
c:\program files\MyWebSearch\bar\Message\COMMON\tp_grad.gif
c:\program files\MyWebSearch\bar\Message\COMMON\warn.gif
c:\program files\MyWebSearch\bar\Notifier\COMMON.F3S
c:\program files\MyWebSearch\bar\Notifier\DOG.F3S
c:\program files\MyWebSearch\bar\Notifier\FISH.F3S
c:\program files\MyWebSearch\bar\Notifier\KUNGFU.F3S
c:\program files\MyWebSearch\bar\Notifier\LIFEGARD.F3S
c:\program files\MyWebSearch\bar\Notifier\MAID.F3S
c:\program files\MyWebSearch\bar\Notifier\MAILBOX.F3S
c:\program files\MyWebSearch\bar\Notifier\OPERA.F3S
c:\program files\MyWebSearch\bar\Notifier\ROBOT.F3S
c:\program files\MyWebSearch\bar\Notifier\SEDUCT.F3S
c:\program files\MyWebSearch\bar\Notifier\SURFER.F3S
c:\program files\MyWebSearch\bar\Settings\prevcfg2.htm
c:\program files\MyWebSearch\bar\Settings\s_pid.dat
c:\program files\MyWebSearch\SrchAstt\4.bin\MWSSRCAS.DLL
c:\windows\system32\_000008_.tmp.dll
c:\windows\system32\ccyulu.dll
c:\windows\system32\ckeuttyl.ini
c:\windows\system32\f3PSSavr.scr
c:\windows\system32\hpowiax7.dll
c:\windows\system32\jkkJyWmj.dll
c:\windows\system32\lnjajo.dll
c:\windows\system32\lynbjynu.dll
c:\windows\system32\lyttuekc.dll
c:\windows\system32\opnnnnKc.dll
c:\windows\system32\prunnet.exe
c:\windows\system32\QBcMSvut.ini
c:\windows\system32\QBcMSvut.ini2
c:\windows\system32\suknlgsv.dll
c:\windows\system32\tuvSMcBQ.dll
c:\windows\system32\unyjbnyl.ini
c:\windows\system32\ymttcdsb.dll
D:\Autorun.inf
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
——-\Legacy_MYWEBSEARCHSERVICE
——-\Service_MyWebSearchService
((((((((((((((((((((((((( Files Created from 2008-12-08 to 2009-01-08 )))))))))))))))))))))))))))))))
.
2009-01-05 21:10 . 2009-01-05 21:11 <DIR> d——– C:\rsit
2009-01-05 21:10 . 2009-01-05 21:10 <DIR> d——– c:\program files\trend micro
2009-01-05 19:28 . 2009-01-05 19:28 <DIR> d——– c:\program files\TeaTimer (Spybot - Search & Destroy)
2009-01-05 19:28 . 2009-01-05 19:28 <DIR> d——– c:\program files\SDHelper (Spybot - Search & Destroy)
2009-01-05 19:28 . 2009-01-05 19:28 <DIR> d——– c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2009-01-05 19:28 . 2009-01-05 19:28 <DIR> d——– c:\program files\File Scanner Library (Spybot - Search & Destroy)
2009-01-05 19:16 . 2009-01-05 19:16 72,192 –a—— c:\windows\system32\efcyxuRj.dll
2009-01-04 09:47 . 2009-01-04 09:49 <DIR> d——– c:\documents and settings\Guest\Application Data\HPAppData
2008-12-18 13:50 . 2008-12-18 13:50 <DIR> d——– c:\program files\SHARP
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-08 01:08 ——— d—–w c:\program files\Spybot - Search & Destroy
2009-01-06 15:13 ——— d—–w c:\program files\Microsoft Windows OneCare Live
2009-01-06 09:23 ——— d—–w c:\documents and settings\Owner\Application Data\HPAppData
2009-01-06 06:28 11,364 —-a-w c:\documents and settings\Owner\Application Data\wklnhst.dat
2009-01-06 03:32 ——— d—–w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-05 05:02 ——— d—–w c:\documents and settings\Owner\Application Data\OpenOffice.org2
2008-12-13 22:57 ——— d—–w c:\program files\Tibia
2008-12-08 04:44 ——— d—–w c:\documents and settings\Owner\Application Data\HP
2008-12-08 04:44 ——— d—–w c:\documents and settings\All Users\Application Data\HP
2008-12-08 04:37 ——— d—–w c:\documents and settings\All Users\Application Data\WEBREG
2008-12-08 04:32 ——— d—–w c:\documents and settings\All Users\Application Data\Hewlett-Packard
2008-12-02 03:52 ——— d—–w c:\documents and settings\Owner\Application Data\Skype
2008-12-02 03:45 ——— d—–w c:\documents and settings\Owner\Application Data\skypePM
2008-11-29 06:25 ——— d–h–w c:\program files\InstallShield Installation Information
2008-11-29 05:11 ——— d—–w c:\program files\SEGA
2008-11-28 16:05 ——— d—–w c:\program files\HP
2008-11-28 16:05 ——— d—–w c:\documents and settings\All Users\Application Data\HP Product Assistant
2008-11-28 16:04 ——— d—–w c:\program files\Hewlett-Packard
2008-11-28 16:04 ——— d—–w c:\program files\Common Files\Hewlett-Packard
2008-11-28 16:03 ——— d—–w c:\program files\Common Files\HP
2008-11-21 06:27 ——— d—–w c:\program files\CueCard
2008-11-17 07:06 ——— d—–w c:\program files\Skype
2008-11-17 07:06 ——— d—–w c:\program files\Common Files\Skype
2008-11-17 07:06 ——— d—–w c:\documents and settings\All Users\Application Data\Skype
2008-11-09 05:20 ——— d—–w c:\program files\SystemRequirementsLab
2008-11-09 05:19 ——— d—–w c:\documents and settings\Owner\Application Data\SystemRequirementsLab
2008-09-04 04:19 32,768 –sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008090320080904\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"Aim6"="c:\program files\AIM6\aim6.exe" [2008-08-06 50472]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-01-31 385024]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=ccyulu.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.SP54"= SP5X_32.DLL
"VIDC.SP55"= SP5X_32.DLL
"VIDC.SP56"= SP5X_32.DLL
"VIDC.SP57"= SP5X_32.DLL
"VIDC.SP58"= SP5X_32.DLL
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\OneCar eMP]
@="Service"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\BigFix.lnk
backup=c:\windows\pss\BigFix.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Check for OneTouch Updates.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\Check for OneTouch Updates.lnk
backup=c:\windows\pss\Check for OneTouch Updates.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^MagicDisc.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\MagicDisc.lnk
backup=c:\windows\pss\MagicDisc.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^OpenOffice.org 2.4.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\OpenOffice.org 2.4.lnk
backup=c:\windows\pss\OpenOffice.org 2.4.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Xfire.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\Xfire.lnk
backup=c:\windows\pss\Xfire.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\1A:Stardock TrayMonitor]
–a—— 2003-02-14 02:57 81920 c:\program files\Common Files\Stardock\TrayServer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
–a—— 2008-08-06 07:21 50472 c:\program files\AIM6\aim6.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Fast Start]
–a—— 2005-07-25 21:30 50776 c:\program files\America Online 9.0\aol.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
–a—— 2008-04-13 16:12 15360 c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
–a—— 2006-03-10 14:22 48280 c:\program files\Common Files\AOL\1216603751\EE\aolsoftware.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
–a—— 2008-02-19 12:10 267048 c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
–a—— 2007-09-23 19:51 36864 c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
–a—— 2007-02-08 01:12 488984 c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
–a—— 2007-02-08 01:13 774168 c:\program files\Logitech\QuickCam10\QuickCam10.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
–a—— 2007-02-06 17:43 252704 c:\program files\Common Files\Logitech\LComMgr\LVComSX.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
—hs—- 2008-04-13 16:12 1695232 c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
–a—— 2007-10-18 11:34 5724184 c:\program files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OneCareUI]
–a—— 2008-11-05 13:18 64880 c:\program files\Microsoft Windows OneCare Live\winssnotify.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickCare2.2]
–a—— 2007-05-04 06:21 198184 c:\program files\Qwest\QuickCare\bin\sprtcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
–a—— 2008-01-31 23:13 385024 c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
–a—— 2002-09-13 22:42 212992 c:\windows\SMINST\Recguard.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
–a—— 2005-03-15 09:04 966656 c:\windows\creator\remind_xp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
–a—— 2004-11-02 20:24 32768 c:\program files\CyberLink\PowerDVD\PDVDServ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra—— 2008-09-23 14:17 21755688 c:\program files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
–a—— 2007-12-14 02:42 144784 c:\program files\Java\jre1.6.0_04\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunKistEM]
–a—— 2004-11-15 14:04 135168 c:\program files\Digital Media Reader\shwiconEM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]
–a—— 2006-02-14 18:00 100056 c:\progra~1\SYMNET~1\SNDMon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebAccelerator]
–a—— 2005-08-26 19:16 98304 c:\program files\Web Accelerator\webxl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
–a—— 2003-12-09 11:17 67584 c:\windows\SOUNDMAN.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
–a—— 2005-03-08 02:33 53248 c:\windows\system32\VTTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTrayp]
–a—— 2005-03-11 16:33 147456 c:\windows\system32\VTTrayp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0×0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\AOL\\1216603751\\EE\\AOLServiceHost.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\AOL\\1216603751\\EE\\aolsoftware.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Glob allyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R4 OcHealthMon;Windows Live OneCare Health Monitor;c:\program files\Microsoft Windows OneCare Live\OcHealthMon.exe [2008-11-05 25968]
R4 sprtlisten;SupportSoft Listener Service;c:\program files\Common Files\supportsoft\bin\sprtlisten.exe [2008-01-08 1213728]
R4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2008-08-31 24652]
S3 DCamUSBSTK017;STK017 Camera;c:\windows\system32\drivers\STK017W2.sys [2003-11-17 99476]
S3 pmxscan;Visioneer USB Kernel;c:\windows\system32\drivers\usbscan.sys [2006-03-23 15104]
S3 wdm_opl3sax;YAMAHA OPL3-SAx Audio Driver (WDM);c:\windows\system32\drivers\opl3sax.sys [2006-11-03 54528]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountp oints2\D]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountp oints2\{36db705f-3c72-11d8-a150-806d6172696f}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountp oints2\{4021e6df-0a2a-11da-b762-806d6172696f}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountp oints2\{78c58664-836b-11dc-86fb-0040caaaf5ca}]
\Shell\AutoRun\command - J:\LaunchU3.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountp oints2\{9e8d2dcc-a465-11dd-8814-0040caaaf5ca}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Toy.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountp oints2\{dcd886df-1ef9-11da-9a49-806d6172696f}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountp oints2\{deff3a65-0821-11da-8b7d-806d6172696f}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480
.
Contents of the ‘Scheduled Tasks’ folder
2009-01-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:57]
2009-01-08 c:\windows\Tasks\B2CD064C97EAB664.job
- c:\docume~1\owner\applic~1\webmai~1\Hopegridsend.exe []
2009-01-08 c:\windows\Tasks\EasyShare Registration RunOnce Task.job
- c:\windows\system32\rundll32.exe [2008-04-13 16:12]
2005-12-25 c:\windows\Tasks\ISP signup reminder 2.job
- c:\windows\system32\OOBE\oobebaln.exe [2008-04-13 16:12]
2009-01-08 c:\windows\Tasks\lepkjcgx.job
- c:\windows\system32\rundll32.exe [2008-04-13 16:12]
2009-01-08 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2004-07-19 16:26]
.
- - - - ORPHANS REMOVED - - - -
BHO-{39614067-70ac-4592-bd45-f8a89ba58b7a} - c:\windows\system32\ccyulu.dll
BHO-{F9FA76AE-5A55-41D1-974C-5F66920794F4} - c:\windows\system32\tuvSMcBQ.dll
HKLM-Run-MyWebSearch Plugin - c:\progra~1\MYWEBS~1\bar\4.bin\M3PLUGIN.DLL
MSConfigStartUp-AOL Spyware Protection - c:\progra~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
MSConfigStartUp-AOLDialer - c:\program files\Common Files\AOL\ACS\AOLDial.exe
MSConfigStartUp-AVG7_CC - c:\progra~1\Grisoft\AVGFRE~1\avgcc.exe
MSConfigStartUp-Bart Station - c:\program files\PeoplePC\ISP6300\BIN\PPCOLink.exe
MSConfigStartUp-BookmarkCentral - c:\progra~1\BMCENT~1\BMLauncher.exe
MSConfigStartUp-ccApp - c:\program files\Common Files\Symantec Shared\ccApp.exe
MSConfigStartUp-DownloadAccelerator - c:\program files\DAP\DAP.EXE
MSConfigStartUp-Ezthemes_WhenUSaveNow_Installer - c:\program files\Ezthemes_WhenUSaveNow_Installer\Ezthemes_WhenUSaveNow_Installer.exe
MSConfigStartUp-Flaw idol time locks - c:\documents and settings\All Users\Application Data\MULTI GLUE FLAW IDOL\AimFrag.exe
MSConfigStartUp-Free Download Manager - c:\program files\Free Download Manager\fdm.exe
MSConfigStartUp-Google Desktop Search - c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
MSConfigStartUp-IDMan - c:\program files\Internet Download Manager\IDMan.exe
MSConfigStartUp-MCAgentExe - c:\progra~1\McAfee.com\Agent\McAgent.exe
MSConfigStartUp-MCUpdateExe - c:\progra~1\McAfee.com\Agent\McUpdate.exe
MSConfigStartUp-MessengerPlus3 - c:\program files\MessengerPlus! 3\MsgPlus.exe
MSConfigStartUp-msnappau - c:\program files\MSN Apps\Updater\01.02.0002.1001\en-us\msnappau.exe
MSConfigStartUp-NetPumper - c:\program files\NetPumper\NetPumperIEProxy.exe
MSConfigStartUp-New - c:\progra~1\NEWDOT~1\NEWDOT~1.DLL
MSConfigStartUp-OneTouch Monitor - c:\progra~1\VISION~1\ONETOU~2.EXE
MSConfigStartUp-pollface - c:\docume~1\Owner\APPLIC~1\WEBMAI~1\Data Eggs.exe
MSConfigStartUp-PPWebCap - c:\progra~1\ScanSoft\PAPERP~1\PPWebCap.exe
MSConfigStartUp-Pure Networks Port Magic - c:\progra~1\PURENE~1\PORTMA~1\PortAOL.exe
MSConfigStartUp-Spanish - c:\program files\Learn To Speak French Demo V2.8\Study Conversation.exe
MSConfigStartUp-SpeedOptimizer - c:\progra~1\SPEEDO~1\SPO.EXE
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
MSConfigStartUp-TkBellExe - c:\program files\Common Files\Real\Update_OB\realsched.exe
MSConfigStartUp-URLLSTCK - c:\program files\Norton Internet Security\UrlLstCk.exe
MSConfigStartUp-WhenUSave - c:\program files\Save\Save.exe
MSConfigStartUp-Yahoo! Pager - c:\program files\Yahoo!\Messenger\YahooMessenger.exe
MSConfigStartUp-YSearchProtection - c:\program files\Yahoo!\Search Protection\SearchProtection.exe
MSConfigStartUp-_AntiSpyware - c:\program files\McAfee\McAfee AntiSpyware\MssCli.exe
.
——- Supplementary Scan ——-
.
uStart Page = hxxp://www.facebook.com/
mStart Page = hxxp://qwest.live.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
IE: &Search - http://edits.mywebsearch.com/toolbar…tml?p=ZUfox000
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Owner\Start Menu\Programs\IMVU\Run IMVU.lnk
Trusted Zone: www.myspace.com
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\fxl85fro.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - prefs.js: browser.search.selectedEngine - SearchKindly.org
FF - prefs.js: browser.startup.homepage - hxxp://searchkindly.org/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npkanevapatch.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMyWebS.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-08 10:55:20
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0
**************************************************************************
.
——————— LOCKED REGISTRY KEYS ———————
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{1da7c8ae-7acf-42cc-9217-930050b5fa6e}]
@Denied: (Full) (Everyone)
"Model"=dword:00000001
"Therad"=dword:00000008
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):5c,40,76,ef,d8,17,b1,70,fd,3e,78,af,22,f5,ee,b7,f9,60,f6,72 ,f5,\
49,21,f5,f8,6f,4c,5c,af,85,b1,58,54,9e,31,f0,e3,84,8d,6d,00,00,00,00,00,00, \
00,00,00,00
.
———————— Other Running Processes ————————
.
c:\program files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
c:\program files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
c:\program files\Microsoft Windows OneCare Live\winss.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
c:\program files\AIM6\aolsoftware.exe
.
**************************************************************************
.
Completion time: 2009-01-08 11:04:00 - machine was rebooted [Owner]
ComboFix-quarantined-files.txt 2009-01-08 19:03:12
Pre-Run: 113,227,538,432 bytes free
Post-Run: 121,223,385,088 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
463 — E O F — 2008-12-18 11:03:35
Please download Flash_Disinfector by sUBs and save it to your desktop:
NOTE: In the event you already have Flash_Disinfector, this is a new version that I need you to download.
Plug in your USB flash drive.
Double-click Flash_Disinfector.exe to run it.
Follow any prompts that may appear.
Your desktop will vanish for a while, and then reappear. This is normal.
Wait until the program has finished scanning, then please exit the program. If you use more than 1 flash drive, run the tool with each plugged in.
Once again, please disable any realtime protection applications. Highlight and copy the contents of the code box below and paste it into a blank notepad, then save it to your desktop as;
Filename: CFScript.txt
Save As Type: All Files (*.*)
Code:
http://www.linabbs.com/malware-virus-removal/80211-active-computer-loaded-multiple-cases-trojans-malware-ect.html#post437349
Collect::
c:\windows\system32\efcyxuRj.dll
File::
c:\windows\Tasks\B2CD064C97EAB664.job
c:\windows\Tasks\lepkjcgx.job
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=""
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{36db705f-3c72-11d8-a150-806d6172696f}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4021e6df-0a2a-11da-b762-806d6172696f}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{78c58664-836b-11dc-86fb-0040caaaf5ca}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9e8d2dcc-a465-11dd-8814-0040caaaf5ca}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dcd886df-1ef9-11da-9a49-806d6172696f}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{deff3a65-0821-11da-8b7d-806d6172696f}]
REGLOCK::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{1da7c8ae-7acf-42cc-9217-930050b5fa6e}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
Close all other windows and programs. Now drag the CFScript.txt onto ComboFix.exe and drop it, using the left mouse button. Combofix should run and may reboot the computer when it’s done. A log will open when it’s complete. Post the contents of that log here.
Please do not click on the ComboFix window while it is running a scan. This can cause it to stall.
Please note that I have instructed CFScript to collect some files. This means that when ComboFix finishes, you will be prompted to allow ComboFix to upload a zip file that was created. The zip contains the aforementioned files. Please copy the path shown in the prompt and paste it into the box, then click Send. This will assist the author in adding the files for removal in future updates. Thanks!
After Combo Fix ran the first time the shortcut on the desktop disappeared. Do I download a new one? Or what should I do?
The Combo Fix Icon went away after it ran. DO I download a new one?
Yes, please download a fresh copy. Save it directly to the desktop and run it as described in my last post.
Alright, So I ran it and it completed all of the stages of the autoscan and it said, "’"C:WINDOWS\system32\"’ is not rcognized as an internal or external command operable program or batch file" Then it froze and did not continue.. :/
And that was a fresh download? Run it again and if that happens again see if you can open the Task Manager by pressing Ctrl Alt Del keys then end task on the process catchme.cfexe if listed on the processes tab. ComboFix should continue to run.
Related Posts:
Comments
Leave a Reply
You must be logged in to post a comment.