Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Popups Taskbar At Bottom Right Does Not Work


  • This topic is locked This topic is locked
8 replies to this topic

#1 AndresParra

AndresParra

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:22 PM

Posted 21 April 2008 - 08:07 PM

I get IE popups. The task manager is disabled. And the bottom right taskbar is unable to be used.
The computer seems fine, however it runs quite slowly, and I get popups every few minutes like "ZEDO" or some phone book directory or travel to Asia,

Deckard's System Scanner v20071014.68
Run by Owner on 2008-04-21 20:52:21
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
25: 2008-04-22 00:53:28 UTC - RP138 - Deckard's System Scanner Restore Point
24: 2008-04-21 04:02:42 UTC - RP137 - Software Distribution Service 3.0
23: 2008-04-21 04:01:21 UTC - RP136 - Installed Windows Internet Explorer 7.
22: 2008-04-21 03:59:49 UTC - RP135 - Installed Windows IDNMitigationAPIs.
21: 2008-04-21 03:59:16 UTC - RP134 - Installed Windows NLSDownlevelMapping.


-- First Restore Point --
1: 2008-04-20 22:23:54 UTC - RP114 - Microsoft OneCare Protection Checkpoint


Backed up registry hives.
Performed disk cleanup.

Percentage of Memory in Use: 87% (more than 75%).
Total Physical Memory: 502 MiB (512 MiB recommended).


-- HijackThis (run as Owner.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:58:48 PM, on 4/21/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\zHotkey.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Documents and Settings\Owner\svchost.exe
C:\WINDOWS\System32\Rundll32.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Desktop\dss.exe
C:\Program Files\Windows Live Toolbar\msn_sl.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Owner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://wapp.verizon.net/bookmarks/bmredir....&bm=wl_home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0D428C81-C7B2-4F49-A33D-D50AAF60259C} - C:\WINDOWS\system32\yayyXrRH.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: gooochi browser optimizer - {dd2d73b2-c84e-f597-0459-28ae2acc3dd6} - C:\WINDOWS\system32\{16cfbf49-69bb-4bfb-01bf-ec430cac37b5}.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [Mixersel] C:\Program Files\Realtek\InstallShield\mixersel.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [Host Process] C:\Documents and Settings\Owner\svchost.exe
O4 - HKLM\..\Run: [spa_start] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\{16cfbf49-69bb-4bfb-01bf-ec430cac37b5}.dll" DllInit
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - Startup: Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: Exif Launcher.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Surround - {82DE9632-7BBB-4E86-AB98-78066C3FA880} - http://wapp.verizon.net/bookmarks/bmredir....;bm=wl_surround (file missing) (HKCU)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemydsl.verizon.net/sdcCommon...DSL/tgctlcm.cab
O16 - DPF: {1A595EDD-978A-48C7-B730-AF3B9CC64DAB} (DLManager Class) - https://vmodlms.widerthanam.com/component/VZWDLManager.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4E77DBA6-3506-46EC-93C0-AB1E0DBD7E4A} (ZtServiceManager Class) - http://mvod.web.aol.com/mce/new/ServiceMgr.CAB
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O24 - Desktop Component 0: (no name) - http://www.kudosbar.com/kudos/images/home/home-logo.gif

--
End of file - 10154 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 cdrbsdrv - c:\windows\system32\drivers\cdrbsdrv.sys <Not Verified; B.H.A Corporation; B's Recorder GOLD7>
R1 FileDisk - c:\windows\system32\drivers\filedisk.sys <Not Verified; Bo Brantén; filedisk>
R1 imapii - c:\windows\system32\drivers\imapii.sys
R3 SunkFilt (Alcor Micro Corp Reader) - c:\windows\system32\drivers\sunkfilt.sys <Not Verified; Alcor Micro Corp.; SunkFilt>

S3 mqdmbus (Motorola DM Composite Driver (WDM)) - c:\windows\system32\drivers\mqdmbus.sys (file missing)
S3 mqdmmdfl (Motorola USB Modem (Filter)) - c:\windows\system32\drivers\mqdmmdfl.sys (file missing)
S3 mqdmmdm (Motorola USB Modem) - c:\windows\system32\drivers\mqdmmdm.sys (file missing)
S3 mqdmserd (Motorola USB Diag) - c:\windows\system32\drivers\mqdmserd.sys (file missing)
S3 MREMPR5 (MREMPR5 NDIS Protocol Driver) - c:\program files\common files\motive\mrempr5.sys <Not Verified; Motive, Inc.; Motive Rawether for Windows>
S3 MRENDIS5 (MRENDIS5 NDIS Protocol Driver) - c:\program files\common files\motive\mrendis5.sys <Not Verified; Motive, Inc.; Motive Rawether for Windows>
S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager>

S2 CLTNetCnService (Symantec Lic NetConnect service) - "c:\program files\common files\symantec shared\ccsvchst.exe" /h cccommon (file missing)


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-04-21 20:38:03 254 --a------ C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
2008-04-19 17:53:03 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2008-04-18 18:00:00 408 --a------ C:\WINDOWS\Tasks\Norton Security Scan.job


-- Files created between 2008-03-21 and 2008-04-21 -----------------------------

2008-04-21 20:29:42 0 d-------- C:\Program Files\Trend Micro
2008-04-21 15:07:01 0 d-------- C:\WINDOWS\LastGood
2008-04-20 23:38:58 0 d-------- C:\Program Files\LimeWire
2008-04-20 23:07:05 0 d-------- C:\Program Files\Three Rings Design
2008-04-20 22:44:22 0 d-------- C:\Documents and Settings\Owner\Application Data\DivX
2008-04-20 22:32:40 171 --a------ C:\KillUnin.bat
2008-04-20 19:56:34 0 d-------- C:\Program Files\Microsoft Windows OneCare Live
2008-04-20 01:35:40 0 d-------- C:\81fb2ccf914e86d7bba8
2008-04-20 01:22:12 399926 --a------ C:\WINDOWS\system32\g80.exe
2008-04-19 22:50:23 0 d-------- C:\WINDOWS\system32\bits
2008-04-19 22:33:20 0 d-------- C:\Documents and Settings\LocalService\Application Data\Google
2008-04-19 22:33:12 0 d---s---- C:\Documents and Settings\LocalService\Favorites
2008-04-19 21:33:31 419763 --ahs---- C:\WINDOWS\system32\HRrXyyay.ini2
2008-04-19 21:31:43 862 --a------ C:\WINDOWS\system32\winpfz33.sys
2008-04-19 21:31:00 0 d--hs---- C:\Documents and Settings\Owner\!
2008-04-19 21:30:38 88961 --a------ C:\WINDOWS\system32\mysidesearch_sidebar_uninstall.exe
2008-04-19 21:30:02 0 d--hs---- C:\WINDOWS\IA
2008-04-19 21:29:56 298311 --a------ C:\WINDOWS\system32\gside.exe
2008-04-19 21:29:47 1773568 ---hs---- C:\Documents and Settings\Owner\svchost.exe
2008-04-19 21:29:00 86144 --a------ C:\WINDOWS\system32\drivers\imapii.sys
2008-04-19 21:28:46 0 d-------- C:\WINDOWS\system32\Vb1
2008-04-19 21:28:46 0 d-------- C:\WINDOWS\system32\trcTMP
2008-04-19 21:28:46 0 d-------- C:\WINDOWS\system32\slNew
2008-04-19 21:28:45 0 d-------- C:\WINDOWS\system32\iTmp
2008-04-19 21:28:19 0 d-------- C:\WINDOWS\system32\xcsDd05
2008-04-19 16:08:19 0 d-------- C:\Documents and Settings\Tati\Application Data\Google
2008-04-18 20:00:00 0 d-------- C:\Documents and Settings\Guest\Application Data\Real
2008-04-17 15:49:30 0 d-------- C:\Documents and Settings\Tati\Application Data\Real
2008-04-17 11:46:57 0 d-------- C:\Documents and Settings\Owner\Application Data\Real
2008-04-17 11:29:44 0 d-------- C:\Program Files\Stardock
2008-04-16 13:17:51 0 d-------- C:\Program Files\Frets on Fire
2008-04-15 15:46:59 0 d-------- C:\Documents and Settings\Tati\Application Data\Apple Computer
2008-04-15 15:33:53 0 d-------- C:\Documents and Settings\Tati\Application Data\LimeWire
2008-04-14 23:37:51 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-04-14 18:04:55 0 d-------- C:\Documents and Settings\Tati\Application Data\FUJIFILM
2008-04-14 18:04:55 0 d-------- C:\Documents and Settings\Guest\Application Data\FUJIFILM
2008-04-14 14:01:54 0 d-------- C:\Documents and Settings\Tati\Contacts
2008-04-14 13:55:50 0 d-------- C:\Documents and Settings\Tati\Application Data\Macromedia
2008-04-14 13:55:08 0 d-------- C:\Documents and Settings\Tati\Application Data\Mozilla
2008-04-14 13:44:07 0 d-------- C:\Documents and Settings\Tati\Application Data\Motive
2008-04-14 13:29:16 0 d-------- C:\Documents and Settings\Tati\Application Data\Adobe
2008-04-14 13:23:07 0 d-------- C:\Documents and Settings\Tati\Application Data\Identities
2008-04-14 13:23:06 0 d--h----- C:\Documents and Settings\Tati\NetHood
2008-04-14 13:23:06 0 d---s---- C:\Documents and Settings\Tati\My Documents
2008-04-14 13:23:06 0 d--h----- C:\Documents and Settings\Tati\Local Settings
2008-04-14 13:23:06 0 d---s---- C:\Documents and Settings\Tati\Favorites
2008-04-14 13:23:06 0 d-------- C:\Documents and Settings\Tati\Desktop
2008-04-14 13:23:06 0 d--hs---- C:\Documents and Settings\Tati\Cookies
2008-04-14 13:23:06 0 d--h----- C:\Documents and Settings\Tati\Application Data
2008-04-14 13:23:06 0 d-------- C:\Documents and Settings\Tati\Application Data\Sun
2008-04-14 13:23:06 0 d-------- C:\Documents and Settings\Tati\Application Data\SampleView
2008-04-14 13:23:06 0 d---s---- C:\Documents and Settings\Tati\Application Data\Microsoft
2008-04-14 13:23:05 0 d-------- C:\Documents and Settings\Tati\WINDOWS
2008-04-14 13:23:05 0 d--h----- C:\Documents and Settings\Tati\Templates
2008-04-14 13:23:05 0 dr------- C:\Documents and Settings\Tati\Start Menu
2008-04-14 13:23:05 0 dr-h----- C:\Documents and Settings\Tati\SendTo
2008-04-14 13:23:05 0 d--hs---- C:\Documents and Settings\Tati\Recent
2008-04-14 13:23:05 0 d--h----- C:\Documents and Settings\Tati\PrintHood
2008-04-14 13:23:05 2621440 --ah----- C:\Documents and Settings\Tati\NTUSER.DAT
2008-04-14 12:37:52 13567 --a------ C:\WINDOWS\system32\drivers\CDRBSDRV.SYS <Not Verified; B.H.A Corporation; B's Recorder GOLD7>
2008-04-14 12:37:49 0 d-------- C:\Program Files\PIXELA
2008-04-14 12:37:16 106496 --a------ C:\WINDOWS\system32\FPXS2Pro.dll <Not Verified; FUJI PHOTO FILM CO., LTD.; FPXS2Pro.dll>
2008-04-14 12:36:51 0 d-------- C:\Documents and Settings\Owner\Application Data\FUJIFILM
2008-04-14 12:36:19 274432 --a------ C:\WINDOWS\system32\FFTIFF16.dll <Not Verified; FUJI PHOTO FILM CO., LTD.; FUJIFILM TIFF Image Library>
2008-04-14 12:36:19 155648 --a------ C:\WINDOWS\system32\FFRAFLIB.DLL <Not Verified; FUJI PHOTO FILM CO., LTD.; FUJIFILM CCD-RAW LIBRARY>
2008-04-14 12:36:19 0 d-------- C:\Program Files\FinePixViewer
2008-04-14 12:35:58 45056 --a------ C:\WINDOWS\system32\FINFCOPY.dll <Not Verified; FUJIFILM; FUJIFILM FINFCOPY>
2008-04-14 12:35:58 65536 --a------ C:\WINDOWS\system32\FINFCHECK.dll <Not Verified; FUJIFILM; FUJIFILM FINFCHECK>
2008-04-14 12:35:58 0 d-------- C:\Program Files\REGSHAVE
2008-04-14 12:35:56 69632 --a------ C:\WINDOWS\system32\FREGSHEX.DLL <Not Verified; FUJIFILM; FUJIFILM Fregshave>
2008-04-14 12:35:56 45056 --a------ C:\WINDOWS\system32\FCLKBTN.DLL <Not Verified; FUJIFILM; FUJIFILM FCLKBTN>
2008-04-13 19:00:15 9514 --a------ C:\logfile
2008-04-13 18:54:15 0 d-------- C:\Program Files\Kodak
2008-04-13 18:51:04 0 d-------- C:\Documents and Settings\All Users\Application Data\Kodak
2008-04-10 18:20:23 0 d-------- C:\Documents and Settings\Guest\Application Data\DivX
2008-04-10 15:35:09 0 d-------- C:\Documents and Settings\Owner\AbiSuite
2008-04-10 15:34:19 0 d-------- C:\Documents and Settings\Owner\Application Data\Thunderbird
2008-04-10 15:34:09 0 d-------- C:\Program Files\Mozilla Thunderbird
2008-04-10 15:14:14 12928 --a------ C:\WINDOWS\system32\drivers\filedisk.sys <Not Verified; Bo Brantén; filedisk>
2008-04-10 15:14:07 0 d-------- C:\Program Files\WinImage
2008-04-10 14:55:46 0 d-------- C:\Documents and Settings\Owner\Application Data\InfraRecorder
2008-04-09 18:26:30 0 d-------- C:\Program Files\Common Files\Motorola Shared
2008-04-09 18:25:15 5936 --a------ C:\WINDOWS\system32\drivers\mqdmwh.sys <Not Verified; MCCI; Motorola DM Composite Driver>
2008-04-09 18:25:15 6208 --a------ C:\WINDOWS\system32\drivers\mqdmcm.sys <Not Verified; MCCI; Motorola USB DIAG>
2008-04-09 18:25:15 5936 --a------ C:\Documents and Settings\Owner\mqdmwhnt.sys <Not Verified; MCCI; Motorola DM Composite Driver>
2008-04-09 18:25:15 79328 --a------ C:\Documents and Settings\Owner\mqdmserd.sys <Not Verified; MCCI; Motorola USB Diag>
2008-04-09 18:25:15 92064 --a------ C:\Documents and Settings\Owner\mqdmmdm.sys <Not Verified; MCCI; Motorola USB Modem>
2008-04-09 18:25:15 9232 --a------ C:\Documents and Settings\Owner\mqdmmdfl.sys <Not Verified; MCCI; Motorola USB Modem Filter>
2008-04-09 18:25:15 4048 --a------ C:\Documents and Settings\Owner\mqdmcr.sys <Not Verified; MCCI; Motorola USB DIAG>
2008-04-09 18:25:15 6208 --a------ C:\Documents and Settings\Owner\mqdmcmnt.sys <Not Verified; MCCI; Motorola USB DIAG>
2008-04-09 18:25:15 66656 --a------ C:\Documents and Settings\Owner\mqdmbus.sys <Not Verified; MCCI; Motorola DM Composite Driver>
2008-04-09 18:25:14 6947 --a------ C:\Documents and Settings\Owner\1207779914-(null)
2008-04-09 17:43:44 22768 --a------ C:\Documents and Settings\Owner\usbsermpt.sys <Not Verified; Microsoft Corporation; Microsoft® Windows ® 2000 Operating System>
2008-04-07 22:08:22 0 d-------- C:\Program Files\DivX
2008-04-07 17:51:27 54356 --ah----- C:\WINDOWS\system32\mlfcache.dat
2008-04-07 17:16:03 0 d-------- C:\Program Files\MSBuild
2008-04-07 17:11:44 0 d-------- C:\WINDOWS\system32\XPSViewer
2008-04-07 17:11:12 0 d-------- C:\Program Files\Reference Assemblies
2008-04-07 17:10:12 0 d-------- C:\6d56f5267322cc7720fc22c557fc
2008-04-07 17:10:09 0 d-------- C:\Program Files\MSXML 6.0
2008-04-07 16:36:35 55039 --a------ C:\WINDOWS\BricoPackUninst.cmd
2008-04-07 16:33:42 6114 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd
2008-04-07 16:33:19 0 d-------- C:\WINDOWS\BricoPacks
2008-04-07 16:22:12 0 d-------- C:\Program Files\Safari
2008-04-07 16:20:22 0 d-------- C:\Program Files\iPod
2008-04-07 16:20:09 0 d-------- C:\Program Files\iTunes
2008-04-07 16:18:53 0 d-------- C:\Program Files\QuickTime
2008-04-07 12:27:56 328704 --a------ C:\WINDOWS\system32\{16cfbf49-69bb-4bfb-01bf-ec430cac37b5}.dll
2008-04-03 19:01:49 0 d-------- C:\Program Files\MSXML 4.0
2008-04-03 19:00:08 0 d-------- C:\Program Files\Microsoft Games
2008-03-31 20:41:26 0 d-------- C:\temp
2008-03-31 20:37:34 0 d-------- C:\Program Files\Sony
2008-03-31 17:25:48 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2008-03-31 17:25:48 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2008-03-31 17:25:46 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-03-31 17:25:46 831488 --a------ C:\WINDOWS\system32\divx_xx0a.dll
2008-03-31 17:25:46 682496 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2008-03-30 21:33:42 0 d-------- C:\Program Files\MSN Messenger
2008-03-30 18:11:11 0 d-------- C:\Documents and Settings\Owner\Application Data\Leadertech
2008-03-28 20:03:50 0 d-------- C:\WINDOWS\Cache
2008-03-28 20:03:20 159744 --a------ C:\WINDOWS\system32\xvidvfw.dll
2008-03-28 20:03:20 552960 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-03-28 20:03:20 8704 --a------ C:\WINDOWS\system32\vidccleaner.exe <Not Verified; ; vidccleaner Application>
2008-03-28 20:03:02 217088 --a------ C:\WINDOWS\system32\skjpeg40.dll <Not Verified; STOIK Software; STOIK Software skjpeg>
2008-03-28 20:03:01 83968 --a------ C:\WINDOWS\system32\Skbase40.dll <Not Verified; STOIK Software Ltd.; STOIK Software Ltd. skbase>
2008-03-28 20:03:00 0 d-------- C:\Program Files\Samsung
2008-03-28 00:28:34 0 d-------- C:\Documents and Settings\Guest\Application Data\MSNInstaller
2008-03-28 00:28:34 0 d-------- C:\Documents and Settings\Guest\Application Data\MSN6
2008-03-28 00:04:55 0 d-------- C:\Documents and Settings\Guest\Application Data\Motive
2008-03-27 12:45:06 0 d-------- C:\Documents and Settings\Owner\Application Data\Motive
2008-03-27 12:31:19 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar
2008-03-27 12:31:12 0 d-------- C:\Program Files\Windows Live Toolbar
2008-03-27 11:55:56 0 d-------- C:\Documents and Settings\All Users\Application Data\Motive
2008-03-27 11:55:49 0 d-------- C:\Program Files\Common Files\Motive
2008-03-27 11:55:30 0 d-------- C:\Program Files\Verizon
2008-03-25 23:48:38 0 d-------- C:\Documents and Settings\Guest\Application Data\alot
2008-03-24 19:22:58 0 d-------- C:\Documents and Settings\Owner\Application Data\Template
2008-03-24 19:22:56 448 --a------ C:\Documents and Settings\Owner\Application Data\wklnhst.dat
2008-03-21 16:30:08 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-03-21 16:28:54 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-03-21 16:28:54 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-03-21 16:28:20 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll


-- Find3M Report ---------------------------------------------------------------

2008-04-21 14:58:22 0 d-------- C:\Documents and Settings\Owner\Application Data\LimeWire
2008-04-21 00:21:33 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-04-21 00:21:22 0 d-------- C:\Program Files\Norton Security Scan
2008-04-20 23:51:45 0 d-------- C:\Program Files\Common Files
2008-04-20 23:33:11 0 d-------- C:\Program Files\Movie Maker
2008-04-20 23:06:43 0 d-------- C:\Program Files\Java
2008-04-20 20:22:08 0 d-------- C:\Program Files\Symantec
2008-04-20 19:04:22 0 d-------- C:\Program Files\Real
2008-04-20 19:03:23 0 d-------- C:\Program Files\Common Files\Real
2008-04-20 19:01:24 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-18 21:15:17 0 d-------- C:\Program Files\Microsoft Picture It! 10
2008-04-10 15:34:23 0 d-------- C:\Documents and Settings\Owner\Application Data\Mozilla
2008-04-07 17:31:20 67376 --a------ C:\WINDOWS\system32\GDIPFONTCACHEV1.DAT
2008-04-07 17:09:01 0 d-------- C:\Program Files\Windows Media Connect 2
2008-04-07 16:36:35 218624 --a------ C:\WINDOWS\system32\uxtheme.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-07 16:22:46 0 d-------- C:\Documents and Settings\Owner\Application Data\Apple Computer
2008-03-28 20:02:17 0 d-------- C:\Program Files\Common Files\InstallShield
2008-03-27 12:54:06 0 d-------- C:\Documents and Settings\Owner\Application Data\MSN6
2008-03-20 20:09:55 0 d-------- C:\Program Files\Windows Live Safety Center
2008-03-16 21:53:16 0 d-------- C:\Documents and Settings\Owner\Application Data\Adobe
2008-03-16 13:36:56 0 d-------- C:\Program Files\MSN Encarta Plus
2008-03-16 13:36:55 0 d-------- C:\Program Files\Messenger
2008-03-16 13:36:54 0 d-------- C:\Program Files\Microsoft Works
2008-03-12 18:39:50 0 d-------- C:\Program Files\Common Files\Adobe
2008-03-12 18:33:44 0 d-------- C:\Documents and Settings\Owner\Application Data\AdobeUM
2008-03-11 21:02:04 0 d-------- C:\Program Files\Microsoft.NET
2008-03-11 21:02:04 0 d-------- C:\Program Files\Common Files\ODBC
2008-03-10 21:03:10 0 d-------- C:\Documents and Settings\Owner\Application Data\Macromedia
2008-03-08 22:40:43 0 d-------- C:\Program Files\Common Files\Digi506
2008-03-08 18:45:47 0 d-------- C:\Documents and Settings\Owner\Application Data\MSNInstaller
2008-03-08 18:23:07 0 d-------- C:\Documents and Settings\Owner\Application Data\Google
2008-03-08 17:29:36 0 d-------- C:\Program Files\Napster
2008-03-08 17:28:32 0 d-------- C:\Program Files\Common Files\Nullsoft
2008-03-08 17:28:30 0 d-------- C:\Program Files\Common Files\AOL
2008-03-06 17:17:46 0 d-------- C:\Documents and Settings\Owner\Application Data\Roxio
2008-03-06 01:02:15 0 d-------- C:\Program Files\Common Files\Logitech
2008-03-06 01:02:13 0 d-------- C:\Program Files\Logitech
2008-03-06 00:58:28 0 d-------- C:\Program Files\Windows Media Components
2008-03-05 01:16:23 0 d-------- C:\Program Files\America Online 9.0
2008-03-04 23:56:02 0 d-------- C:\Program Files\18 Wheels of Steel Haulin
2008-03-04 23:11:25 0 d-------- C:\Documents and Settings\Owner\Application Data\Viewpoint
2008-03-04 17:11:32 0 d-------- C:\Program Files\MSECache
2008-03-04 12:00:30 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-03-03 22:33:20 0 d-------- C:\Program Files\Canon
2008-03-03 21:36:20 0 d-------- C:\Program Files\Microsoft Office Outlook Connector for MSN
2008-03-03 21:35:56 0 d-------- C:\Program Files\Design Science
2008-03-03 20:16:39 0 d-------- C:\Program Files\Windows Live
2008-03-03 20:16:05 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-03-03 17:25:04 0 d-------- C:\Program Files\Apple Software Update
2008-03-03 17:24:44 0 d-------- C:\Program Files\Common Files\Apple
2008-03-03 17:13:57 0 d-------- C:\Program Files\Yahoo!
2008-03-03 17:12:00 0 d-------- C:\Program Files\Google
2008-03-03 16:32:59 0 d-------- C:\Documents and Settings\Owner\Application Data\acccore
2008-03-03 16:32:32 0 d-------- C:\Program Files\AIM6
2008-03-03 16:31:15 0 d-------- C:\Program Files\Viewpoint
2008-03-03 15:41:27 73728 --a------ C:\WINDOWS\ALCFDRTM.EXE <Not Verified; Realtek Semiconductor Corp.; Realtek ALCFDRTM>
2008-03-03 03:26:12 0 d-------- C:\Documents and Settings\Owner\Application Data\SampleView
2008-03-03 03:24:58 0 d-------- C:\Program Files\Realtek
2008-03-03 03:24:28 0 d-------- C:\Program Files\CyberLink
2008-03-03 03:24:20 0 d-------- C:\Program Files\Microsoft Money 2005
2008-03-03 03:23:28 0 d-------- C:\Program Files\Common Files\Roxio Shared
2008-03-03 03:19:37 0 d-------- C:\Program Files\BigFix
2008-03-03 03:19:26 0 d-------- C:\Program Files\Ahead
2008-03-03 03:19:01 0 d-------- C:\Program Files\Common Files\Ahead
2008-03-03 03:17:45 335 --a------ C:\WINDOWS\nsreg.dat
2008-03-03 03:17:15 0 d-------- C:\Program Files\Intel
2008-03-03 03:15:28 0 d-------- C:\Program Files\Digital Media Reader
2008-03-03 03:14:52 0 d-------- C:\Program Files\Common Files\New Boundary
2008-03-03 03:11:49 2 -r-hs---- C:\USER
2008-03-03 03:10:06 0 d-------- C:\Program Files\CONEXANT
2008-03-03 03:07:30 60 --a------ C:\WINDOWS\system32\SYSDRV.DAT


-- Registry Dump ---------------------------------------------------------------

Unable to run batchfile; The process cannot access the file because it is being used by another process.
ComSpec: C:\WINDOWS\system32\cmd.exe


-- End of Deckard's System Scanner: finished at 2008-04-21 20:59:48 ------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 3.00GHz
CPU 1: Intel® Pentium® 4 CPU 3.00GHz
Percentage of Memory in Use: 89%
Physical Memory (total/avail): 501.77 MiB / 50.79 MiB
Pagefile Memory (total/avail): 1225.55 MiB / 402.66 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1918.25 MiB

C: is Fixed (NTFS) - 228.64 GiB total, 198.22 GiB free.
D: is Fixed (FAT32) - 4.23 GiB total, 0 GiB free.
E: is CDROM (No Media)
F: is CDROM (No Media)
G: is Removable (No Media)
H: is Removable (No Media)
I: is Removable (No Media)
J: is Removable (No Media)

\\.\PHYSICALDRIVE0 - WDC WD2500JD-22HBC0 - 232.88 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 228.64 GiB - C:
\PARTITION1 - Unknown - 4.24 GiB - D:

\\.\PHYSICALDRIVE2 - Generic USB CF Reader USB Device

\\.\PHYSICALDRIVE4 - Generic USB MS Reader USB Device

\\.\PHYSICALDRIVE1 - Generic USB SD Reader USB Device

\\.\PHYSICALDRIVE3 - Generic USB SM Reader USB Device



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.

FW: Windows Live OneCare Firewall v1.0.0 (Microsoft Corporation)
AV: Windows Live OneCare v1.0.0 (Microsoft Corporation)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:AOL"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\AIM6\\aim6.exe"="C:\\Program Files\\AIM6\\aim6.exe:*:Enabled:AIM"
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS\\system32\\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\Microsoft Games\\Halo Trial\\halo.exe"="C:\\Program Files\\Microsoft Games\\Halo Trial\\halo.exe:*:Enabled:Halo"
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"="C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe:*:Enabled:EasyShare"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"


-- Environment Variables -------------------------------------------------------

Unable to get environment variables; The process cannot access the file because it is being used by another process.
ComSpec: C:\WINDOWS\system32\cmd.exe


-- User Profiles ---------------------------------------------------------------

Owner (admin)
Tati
Administrator (admin)
Guest (guest)


-- Add/Remove Programs ---------------------------------------------------------

18 Wheels of Steel: Haulin' (remove only) --> "C:\Program Files\18 Wheels of Steel Haulin\Uninstall.exe"
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
AIM 6 --> C:\Program Files\AIM6\uninst.exe
BigFix --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\BigFix\Uninst.isu" -c"C:\Program Files\BigFix\Lib\UninstallHelper.dll"
Canon PIXMA iP1500 --> C:\WINDOWS\system32\CNMCP5y.exe "-PRINTERNAMECanon PIXMA iP1500" "-HELPERDLLC:\BJPrinter\CNMWINDOWS\Canon PIXMA iP1500 Installer\Inst2\cnmis.dll" "-RCDLLC:\BJPrinter\CNMWINDOWS\Canon PIXMA iP1500 Installer\Inst2\cnmi0409.dll"
Soft Data Fax Modem with SmartCP --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200014F1\HXFSETUP.EXE -U -IPDRSLSM5K.inf
Enhancement Browser Tools Gooochi --> C:\WINDOWS\system32\{16cfbf49-69bb-4bfb-01bf-ec430cac37b5}.dll-uninst.exe
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Microsoft Office Home and Student 2007 Trial --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Internationalized Domain Names Mitigation APIs --> "C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Windows Internet Explorer 7 --> "C:\WINDOWS\ie7\spuninst\spuninst.exe"
Digital Media Reader --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{81EED1A1-AE78-4B11-BE47-C6AE9F5E87F1}
Windows XP Hotfix - KB834707 -->
High Definition Audio Driver Package - KB835221 --> C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
Windows XP Hotfix - KB867282 -->
Windows XP Hotfix - KB873333 -->
Windows XP Hotfix - KB873339 -->
Windows XP Hotfix - KB885250 -->
Windows XP Hotfix - KB885835 -->
Windows XP Hotfix - KB885836 -->
Windows XP Hotfix - KB886185 --> C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
Windows XP Hotfix - KB887472 --> C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
Windows XP Hotfix - KB888113 -->
Windows XP Hotfix - KB888239 --> C:\WINDOWS\$NtUninstallKB888239$\spuninst\spuninst.exe
Windows XP Hotfix - KB888302 -->
Hotfix for Windows XP (KB888795) --> "C:\WINDOWS\$NtUninstallKB888795$\spuninst\spuninst.exe"
Security Update for Windows XP (KB890046) --> "C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
Windows XP Hotfix - KB890047 -->
Windows XP Hotfix - KB890175 -->
Windows XP Media Center Edition 2005 KB890629 -->
Windows XP Media Center Edition 2005 KB890760 -->
Windows XP Hotfix - KB890859 -->
Windows XP Hotfix - KB890923 -->
Hotfix for Windows XP (KB891593) --> "C:\WINDOWS\$NtUninstallKB891593$\spuninst\spuninst.exe"
Windows XP Hotfix - KB891781 -->
Windows Genuine Advantage Validation Tool (KB892130) -->
Windows XP Hotfix - KB893066 -->
Windows XP Hotfix - KB893086 -->
Security Update for Windows XP (KB893756) --> "C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Windows Installer 3.1 (KB893803) -->
Windows Installer 3.1 (KB893803) --> "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Update for Windows XP (KB894391) --> "C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
Windows XP Media Center Edition 2005 KB895198 -->
Windows XP Media Center Edition 2005 KB895678 -->
Hotfix for Windows XP (KB895961) --> "C:\WINDOWS\$NtUninstallKB895961$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB896344) --> "C:\WINDOWS\$NtUninstallKB896344$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896358) --> "C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896423) --> "C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896428) --> "C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Update for Windows XP (KB898461) --> "C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB899337) --> "C:\WINDOWS\$NtUninstallKB899337$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB899510) --> "C:\WINDOWS\$NtUninstallKB899510$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899587) --> "C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899591) --> "C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Update Rollup 2 for Windows XP Media Center Edition 2005 --> C:\WINDOWS\$NtUninstallKB900325$\spuninst\spuninst.exe
Update for Windows XP (KB900485) --> "C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Security Update for Windows XP (KB900725) --> "C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901017) --> "C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901214) --> "C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB902400) --> "C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB902841) --> "C:\WINDOWS\$NtUninstallKB902841$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 10 (KB903157) --> "C:\WINDOWS\$NtUninstallKB903157$\spuninst\spuninst.exe"
Update for Windows XP (KB904942) --> "C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905414) --> "C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905749) --> "C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB908519) --> "C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Update for Windows XP (KB908531) --> "C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Microsoft Base Smart Card Cryptographic Service Provider Package --> "C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Update for Windows XP (KB910437) --> "C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Update for Windows XP (KB911280) --> "C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911562) --> "C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911927) --> "C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB912024) --> "C:\WINDOWS\$NtUninstallKB912024$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913580) --> "C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Update for Windows Media Player 10 (KB913800) --> "C:\WINDOWS\$NtUninstallKB913800$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914388) --> "C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914389) --> "C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB914440) --> "C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe"
Update for Windows XP (KB914882) --> "C:\WINDOWS\$NtUninstallKB914882$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB915865) --> "C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe"
Update for Windows XP (KB916595) --> "C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917344) --> "C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918118) --> "C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918439) --> "C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
Security Update for Windows XP (KB919007) --> "C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920213) --> "C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Update for Windows XP (KB920342) --> "C:\WINDOWS\$NtUninstallKB920342$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920670) --> "C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920683) --> "C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920685) --> "C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Update for Windows XP (KB920872) --> "C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Update for Windows XP (KB922582) --> "C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922819) --> "C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923191) --> "C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923414) --> "C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923689) --> "C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Update for Windows XP (KB923845) --> "C:\WINDOWS\$NtUninstallKB923845$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923980) --> "C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924270) --> "C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924496) --> "C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924667) --> "C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Security Update for Windows Media Player 6.4 (KB925398) --> "C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"
Update for Windows XP (KB925720) --> "C:\WINDOWS\$NtUninstallKB925720$\spuninst\spuninst.exe"
Windows XP Media Center Edition 2005 KB925766 --> "C:\WINDOWS\$NtUninstallKB925766$\spuninst\spuninst.exe"
Update for Windows XP (KB925876) --> "C:\WINDOWS\$NtUninstallKB925876$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925902) --> "C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB926239) --> "C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe"
Update for Windows Media Player 10 (KB926251) --> "C:\WINDOWS\$NtUninstallKB926251$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926255) --> "C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926436) --> "C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927779) --> "C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927802) --> "C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Update for Windows XP (KB927891) --> "C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928255) --> "C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928843) --> "C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Security Update for Windows XP (KB929123) --> "C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Security Update for Windows XP (KB930178) --> "C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Microsoft .NET Framework 1.0 Hotfix (KB930494) --> "C:\WINDOWS\$NtUninstallKB930494$\spuninst\spuninst.exe"
Update for Windows XP (KB930916) --> "C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931261) --> "C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931784) --> "C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Windows XP (KB932168) --> "C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Security Update for Windows XP (KB933729) --> "C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB935448) --> "C:\WINDOWS\$NtUninstallKB935448$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935839) --> "C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935840) --> "C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
Security Update for Windows XP (KB936021) --> "C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
Update for Windows XP (KB936357) --> "C:\WINDOWS\$NtUninstallKB936357$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782) --> "C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782) --> "C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB937894) --> "C:\WINDOWS\$NtUninstallKB937894$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938127) --> "C:\WINDOWS\$NtUninstallKB938127$\spuninst\spuninst.exe"
Update for Windows XP (KB938828) --> "C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938829) --> "C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683) --> "C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941202) --> "C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941568) --> "C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569) --> "C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941644) --> "C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941693) --> "C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615) --> "C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Update for Windows XP (KB942763) --> "C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943055) --> "C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943460) --> "C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943485) --> "C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944533) --> "C:\WINDOWS\$NtUninstallKB944533$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944653) --> "C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
Security Update for Windows XP (KB945553) --> "C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946026) --> "C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
Hotfix for Windows Internet Explorer 7 (KB947864) --> "C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Security Update for Windows XP (KB948590) --> "C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948881) --> "C:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.exe"
LiveUpdate 3.2 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
Microsoft .NET Framework 1.1 Hotfix (KB928366) --> "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1 --> msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 3.0 --> c:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setup.exe
Microsoft Money 2005 --> C:\Program Files\Microsoft Money 2005\MNYCoreFiles\Setup\uninst.exe /s:120
Mozilla Firefox (2.0.0.14) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
MSN --> C:\Program Files\MSN\MsnInstaller\msniadm.exe /Action:ARP
Nero OEM --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
Nero BurnRights --> C:\WINDOWS\UNNeroBurnRights.exe /UNINSTALL
Microsoft National Language Support Downlevel APIs --> "C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Microsoft Picture It! Premium 10 --> "C:\Program Files\Common Files\Microsoft Shared\Picture It!\RmvSuite.exe" ADDREMOVE=1 SKU=PREM
Intel® PRO Network Adapters and Drivers --> Prounstl.exe
Verizon Online Help and Support --> C:\PROGRA~1\Verizon\UNWISE.EXE C:\PROGRA~1\Verizon\INSTALL.LOG
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 --> "C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live OneCare safety scanner --> RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Live Toolbar --> "C:\Program Files\Windows Live Toolbar\UnInstall.exe" {C6876FE6-A314-4628-B0D7-F3EE5E35C4B4}
Windows Media Format 11 runtime --> "C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Player 11 --> "C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Live OneCare --> "C:\Program Files\Microsoft Windows OneCare Live\OCSetup.exe" /u
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11 --> "C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
XML Paper Specification Shared Components Pack 1.0 -->
Yahoo! Widgets --> C:\PROGRA~1\Yahoo!\Widgets\uninstall.exe
Yahoo! Install Manager --> C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
MSN Encarta Plus Support Files --> MsiExec.exe /I{00000000-785F-478A-BAA2-87F1A136068C}
Logitech iTouch Software --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{036AA4D4-6D32-11D4-9875-00105ACE7734}\Setup.exe" -l0x9 UNINSTALL
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Windows Live Sign-in Assistant --> MsiExec.exe /I{0ED47137-C071-46CC-A243-E5E33271E10E}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Microsoft .NET Framework 3.0 --> MsiExec.exe /X{15095BF3-A3D7-4DDF-B193-3A496881E003}
Recovery Software Suite Gateway --> MsiExec.exe /I{15377C3E-9655-400F-B441-E69F0A6BEAFE}
QuickTime --> MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
FinePixViewer Ver.5.1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{24ED4D80-8294-11D5-96CD-0040266301AD}\SETUP.EXE" -l0x9
Microsoft Windows OneCare Live v2.0.2500.22 Idcrl Install --> MsiExec.exe /I{3851147E-5A91-4469-BA4D-13FFFCC8A920}
Microsoft Works --> MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Norton Security Scan --> MsiExec.exe /I{48B82226-75E3-4E90-92CC-D30F79EA6380}
Windows Communication Foundation --> MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
FUJIFILM USB Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5490882C-6961-11D5-BAE5-00E0188E010B}\SETUP.EXE"
Microsoft Windows Live OneCare Resources v2.0.2500.22 --> MsiExec.exe /I{5660022E-F3F2-4126-8CC5-9726C47150EB}
iTunes --> MsiExec.exe /I{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}
Logitech ImageStudio --> MsiExec.exe /I{5A24DD7E-7B01-41AC-ADA8-F1776177A3BA}
PX Engine --> MsiExec.exe /I{6513E869-647F-40FD-A55D-CFC92579B9BA}
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
Multimedia Keyboard Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6E66ECBD-FCA7-4AE1-A8C5-1CA78BEEB057}\Setup.exe" -l0x9
MSXML 4.0 SP2 Parser and SDK --> MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
GTOneCare --> MsiExec.exe /X{72690A58-4C2A-4CDE-928C-DF925B125F43}
--> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
Windows Workflow Foundation --> MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
Microsoft Protection Service --> MsiExec.exe /I{85CFDC2D-710E-49D5-B799-F3743CA506BA}
Samsung USB Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{86D6A20D-3910-4441-A3E5-EB6977251C86}\Setup.exe" anything
Intel® Graphics Media Accelerator Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_2782 PCI\VEN_8086&DEV_2582
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
Napster Burn Engine --> MsiExec.exe /I{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}
Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
Microsoft Office OneNote MUI (English) 2007 --> MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
Microsoft Office Home and Student 2007 --> MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Security Update for Office 2007 (KB947801) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {02B5A17B-01BE-4BA6-95F1-1CBB46EBC76E}
Security Update for Visio 2007 (KB947590) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {6BAD036C-261F-4BEF-96CF-C20678D07A41}
Security Update for Excel 2007 (KB946974) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {85E83E2E-AF9B-439B-B4F9-EB9B7EF6A00E}
Update for Office 2007 (KB946691) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
Microsoft Office PowerPoint Viewer 2007 (English) --> MsiExec.exe /X{95120000-00AF-0409-0000-0000000FF1CE}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Digimax Master --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AEC0CEBC-0FC7-4716-8222-1C4A742719B1}\Setup.exe" -l0x9 -removeonly
ImageMixer VCD2 LE for FinePix --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B093990A-AAF2-44AC-9216-14BB7A2189B6}\SETUP.EXE" -l0x9
DivX Converter --> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
FinePixViewer Resource --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B44529FF-501E-47CD-A06D-223C161BE058}\SETUP.EXE" -l0x9
Microsoft .NET Framework 2.0 Service Pack 1 --> MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
Windows Presentation Foundation --> MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
MSXML 4.0 SP2 (KB936181) --> MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
Windows Live Toolbar --> MsiExec.exe /X{C6876FE6-A314-4628-B0D7-F3EE5E35C4B4}
Microsoft .NET Framework 1.1 --> MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Windows OneCare Live v2.0.2500.22 --> MsiExec.exe /I{D07A8E7E-D324-4945-BA8C-E532AD008FF3}
RAW FILE CONVERTER LE --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D680C913-5955-469D-9D88-C1940F7506D6}\SETUP.EXE" -l0x9
Canon PhotoRecord --> MsiExec.exe /X{D958FAC4-BAE0-4B1D-A42E-DE9BFDE7DDEE}
Microsoft Office Outlook Connector for MSN --> MsiExec.exe /X{DC4DD556-DD03-422A-926B-470746D8B50D}
Microsoft Windows OneCare Live AntiSpyware and AntiVirus --> MsiExec.exe /I{E6A31482-989E-4E3C-B0C0-1ED4DBD5BC83}
Safari --> MsiExec.exe /I{F0E8F94D-6E68-4B35-92DF-3AA6DC6A6768}
Realtek High Definition Audio Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\setup.exe" REMOVE
Puzzle Pirates --> C:\Program Files\Three Rings Design\Puzzle Pirates\Uninstall-yohoho.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type2204 / Error
Event Submitted/Written: 04/21/2008 08:53:21 PM / 04/21/2008 08:53:22 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application aim6.exe, version 1.4.9.1, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type2199 / Success
Event Submitted/Written: 04/21/2008 08:15:10 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type2198 / Error
Event Submitted/Written: 04/21/2008 06:48:41 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application FinePixViewer.exe, version 5.1.0.1, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type2186 / Warning
Event Submitted/Written: 04/21/2008 00:32:42 AM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Event Record #/Type2167 / Warning
Event Submitted/Written: 04/20/2008 11:42:18 PM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type5520 / Warning
Event Submitted/Written: 04/21/2008 07:13:34 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type5516 / Warning
Event Submitted/Written: 04/21/2008 04:46:51 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type5510 / Warning
Event Submitted/Written: 04/21/2008 02:58:00 PM
Event ID/Source: 20192 / RemoteAccess
Event Description:
A certificate could not be found. Connections that use the L2TP protocol over IPSec
require the installation of a machine certificate, also known as a computer
certificate. No L2TP calls will be accepted.

Event Record #/Type5509 / Error
Event Submitted/Written: 04/21/2008 02:58:00 PM
Event ID/Source: 20106 / RemoteAccess
Event Description:
Unable to add the interface {A5969219-71E0-4507-AC7B-E0ED12DF23C4} with the Router Manager for the IP protocol. The
following error occurred: Cannot complete this function.

Event Record #/Type5469 / Error
Event Submitted/Written: 04/20/2008 10:18:54 PM
Event ID/Source: 10010 / DCOM
Event Description:
The server {00BF57EF-C57F-47D4-9119-1F31FAD912C8} did not register with DCOM within the required timeout.



-- End of Deckard's System Scanner: finished at 2008-04-21 20:59:48 ------------



Any help on what to do to fix my problem is greatly appreciated.
Thank you very much for your help.

Edited by AndresParra, 21 April 2008 - 10:22 PM.


BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:06:22 PM

Posted 22 April 2008 - 06:22 AM

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. :thumbsup:

What can you tell me about this program?

Enhancement Browser Tools Gooochi

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 AndresParra

AndresParra
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:22 PM

Posted 22 April 2008 - 05:50 PM

Hey Sam,

I am not sure what this program is, but it is in my Add/Remove Programs list. However, I don't know what it is nor do I remember downloading/installing it. I just uninstalled it using my Add/Remove Programs List.

Also, I scanned my computer with Hijack This and checked all the items and clicked the "Fix Checked" button. This resolved my taskbar and task manager problems as now both work. However, I still get numerous IE popups of ads and stuff. Here is my new HJT Log:

Deckard's System Scanner v20071014.68
Run by Owner on 2008-04-22 19:13:14
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 502 MiB (512 MiB recommended).


-- HijackThis (run as Owner.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:13:16 PM, on 4/22/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Owner.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe

--
End of file - 2520 bytes

-- Files created between 2008-03-22 and 2008-04-22 -----------------------------

2008-04-22 15:30:41 0 d-------- C:\Documents and Settings\Tati\Application Data\SiteAdvisor
2008-04-21 22:36:34 0 d-------- C:\Documents and Settings\LocalService\Desktop
2008-04-21 22:36:34 0 d-------- C:\Documents and Settings\LocalService\Application Data\SiteAdvisor
2008-04-21 22:36:26 0 d-------- C:\Program Files\SiteAdvisor
2008-04-21 22:36:26 0 d-------- C:\Documents and Settings\Owner\Application Data\SiteAdvisor
2008-04-21 22:36:26 0 d-------- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-04-21 22:32:53 0 d-------- C:\Program Files\McAfee.com
2008-04-21 22:32:44 0 d-------- C:\Program Files\Common Files\McAfee
2008-04-21 22:32:17 0 d-------- C:\Program Files\McAfee
2008-04-21 21:17:00 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-04-21 21:16:57 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-04-21 20:29:42 0 d-------- C:\Program Files\Trend Micro
2008-04-20 23:38:58 0 d-------- C:\Program Files\LimeWire
2008-04-20 23:07:05 0 d-------- C:\Program Files\Three Rings Design
2008-04-20 22:44:22 0 d-------- C:\Documents and Settings\Owner\Application Data\DivX
2008-04-20 22:32:40 171 --a------ C:\KillUnin.bat
2008-04-20 01:35:40 0 d-------- C:\81fb2ccf914e86d7bba8
2008-04-20 01:22:12 399926 --a------ C:\WINDOWS\system32\g80.exe
2008-04-19 22:50:23 0 d-------- C:\WINDOWS\system32\bits
2008-04-19 22:33:20 0 d-------- C:\Documents and Settings\LocalService\Application Data\Google
2008-04-19 22:33:12 0 d---s---- C:\Documents and Settings\LocalService\Favorites
2008-04-19 21:33:31 419763 --ahs---- C:\WINDOWS\system32\HRrXyyay.ini2
2008-04-19 21:31:43 862 --a------ C:\WINDOWS\system32\winpfz33.sys
2008-04-19 21:31:00 0 d--hs---- C:\Documents and Settings\Owner\!
2008-04-19 21:30:38 88961 --a------ C:\WINDOWS\system32\mysidesearch_sidebar_uninstall.exe
2008-04-19 21:30:02 0 d--hs---- C:\WINDOWS\IA
2008-04-19 21:29:56 298311 --a------ C:\WINDOWS\system32\gside.exe
2008-04-19 21:29:47 1773568 ---hs---- C:\Documents and Settings\Owner\svchost.exe
2008-04-19 21:29:00 86144 --a------ C:\WINDOWS\system32\drivers\imapii.sys
2008-04-19 21:28:46 0 d-------- C:\WINDOWS\system32\Vb1
2008-04-19 21:28:46 0 d-------- C:\WINDOWS\system32\trcTMP
2008-04-19 21:28:46 0 d-------- C:\WINDOWS\system32\slNew
2008-04-19 21:28:45 0 d-------- C:\WINDOWS\system32\iTmp
2008-04-19 21:28:19 0 d-------- C:\WINDOWS\system32\xcsDd05
2008-04-19 16:08:19 0 d-------- C:\Documents and Settings\Tati\Application Data\Google
2008-04-18 20:00:00 0 d-------- C:\Documents and Settings\Guest\Application Data\Real
2008-04-17 15:49:30 0 d-------- C:\Documents and Settings\Tati\Application Data\Real
2008-04-17 11:46:57 0 d-------- C:\Documents and Settings\Owner\Application Data\Real
2008-04-17 11:29:44 0 d-------- C:\Program Files\Stardock
2008-04-16 13:17:51 0 d-------- C:\Program Files\Frets on Fire
2008-04-15 15:46:59 0 d-------- C:\Documents and Settings\Tati\Application Data\Apple Computer
2008-04-15 15:33:53 0 d-------- C:\Documents and Settings\Tati\Application Data\LimeWire
2008-04-14 23:37:51 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-04-14 18:04:55 0 d-------- C:\Documents and Settings\Tati\Application Data\FUJIFILM
2008-04-14 18:04:55 0 d-------- C:\Documents and Settings\Guest\Application Data\FUJIFILM
2008-04-14 14:01:54 0 d-------- C:\Documents and Settings\Tati\Contacts
2008-04-14 13:55:50 0 d-------- C:\Documents and Settings\Tati\Application Data\Macromedia
2008-04-14 13:55:08 0 d-------- C:\Documents and Settings\Tati\Application Data\Mozilla
2008-04-14 13:44:07 0 d-------- C:\Documents and Settings\Tati\Application Data\Motive
2008-04-14 13:29:16 0 d-------- C:\Documents and Settings\Tati\Application Data\Adobe
2008-04-14 13:23:07 0 d-------- C:\Documents and Settings\Tati\Application Data\Identities
2008-04-14 13:23:06 0 d--h----- C:\Documents and Settings\Tati\NetHood
2008-04-14 13:23:06 0 d---s---- C:\Documents and Settings\Tati\My Documents
2008-04-14 13:23:06 0 d--h----- C:\Documents and Settings\Tati\Local Settings
2008-04-14 13:23:06 0 d---s---- C:\Documents and Settings\Tati\Favorites
2008-04-14 13:23:06 0 d-------- C:\Documents and Settings\Tati\Desktop
2008-04-14 13:23:06 0 d--hs---- C:\Documents and Settings\Tati\Cookies
2008-04-14 13:23:06 0 d--h----- C:\Documents and Settings\Tati\Application Data
2008-04-14 13:23:06 0 d-------- C:\Documents and Settings\Tati\Application Data\Sun
2008-04-14 13:23:06 0 d-------- C:\Documents and Settings\Tati\Application Data\SampleView
2008-04-14 13:23:06 0 d---s---- C:\Documents and Settings\Tati\Application Data\Microsoft
2008-04-14 13:23:05 0 d-------- C:\Documents and Settings\Tati\WINDOWS
2008-04-14 13:23:05 0 d--h----- C:\Documents and Settings\Tati\Templates
2008-04-14 13:23:05 0 dr------- C:\Documents and Settings\Tati\Start Menu
2008-04-14 13:23:05 0 dr-h----- C:\Documents and Settings\Tati\SendTo
2008-04-14 13:23:05 0 d--hs---- C:\Documents and Settings\Tati\Recent
2008-04-14 13:23:05 0 d--h----- C:\Documents and Settings\Tati\PrintHood
2008-04-14 13:23:05 2621440 --ah----- C:\Documents and Settings\Tati\NTUSER.DAT
2008-04-14 12:37:52 13567 --a------ C:\WINDOWS\system32\drivers\CDRBSDRV.SYS <Not Verified; B.H.A Corporation; B's Recorder GOLD7>
2008-04-14 12:37:49 0 d-------- C:\Program Files\PIXELA
2008-04-14 12:37:16 106496 --a------ C:\WINDOWS\system32\FPXS2Pro.dll <Not Verified; FUJI PHOTO FILM CO., LTD.; FPXS2Pro.dll>
2008-04-14 12:36:51 0 d-------- C:\Documents and Settings\Owner\Application Data\FUJIFILM
2008-04-14 12:36:19 274432 --a------ C:\WINDOWS\system32\FFTIFF16.dll <Not Verified; FUJI PHOTO FILM CO., LTD.; FUJIFILM TIFF Image Library>
2008-04-14 12:36:19 155648 --a------ C:\WINDOWS\system32\FFRAFLIB.DLL <Not Verified; FUJI PHOTO FILM CO., LTD.; FUJIFILM CCD-RAW LIBRARY>
2008-04-14 12:36:19 0 d-------- C:\Program Files\FinePixViewer
2008-04-14 12:35:58 45056 --a------ C:\WINDOWS\system32\FINFCOPY.dll <Not Verified; FUJIFILM; FUJIFILM FINFCOPY>
2008-04-14 12:35:58 65536 --a------ C:\WINDOWS\system32\FINFCHECK.dll <Not Verified; FUJIFILM; FUJIFILM FINFCHECK>
2008-04-14 12:35:58 0 d-------- C:\Program Files\REGSHAVE
2008-04-14 12:35:56 69632 --a------ C:\WINDOWS\system32\FREGSHEX.DLL <Not Verified; FUJIFILM; FUJIFILM Fregshave>
2008-04-14 12:35:56 45056 --a------ C:\WINDOWS\system32\FCLKBTN.DLL <Not Verified; FUJIFILM; FUJIFILM FCLKBTN>
2008-04-13 19:00:15 9514 --a------ C:\logfile
2008-04-13 18:54:15 0 d-------- C:\Program Files\Kodak
2008-04-13 18:51:04 0 d-------- C:\Documents and Settings\All Users\Application Data\Kodak
2008-04-10 18:20:23 0 d-------- C:\Documents and Settings\Guest\Application Data\DivX
2008-04-10 15:35:09 0 d-------- C:\Documents and Settings\Owner\AbiSuite
2008-04-10 15:34:19 0 d-------- C:\Documents and Settings\Owner\Application Data\Thunderbird
2008-04-10 15:34:09 0 d-------- C:\Program Files\Mozilla Thunderbird
2008-04-10 15:14:14 12928 --a------ C:\WINDOWS\system32\drivers\filedisk.sys <Not Verified; Bo Brantén; filedisk>
2008-04-10 15:14:07 0 d-------- C:\Program Files\WinImage
2008-04-10 14:55:46 0 d-------- C:\Documents and Settings\Owner\Application Data\InfraRecorder
2008-04-09 18:26:30 0 d-------- C:\Program Files\Common Files\Motorola Shared
2008-04-09 18:25:15 5936 --a------ C:\WINDOWS\system32\drivers\mqdmwh.sys <Not Verified; MCCI; Motorola DM Composite Driver>
2008-04-09 18:25:15 6208 --a------ C:\WINDOWS\system32\drivers\mqdmcm.sys <Not Verified; MCCI; Motorola USB DIAG>
2008-04-09 18:25:15 5936 --a------ C:\Documents and Settings\Owner\mqdmwhnt.sys <Not Verified; MCCI; Motorola DM Composite Driver>
2008-04-09 18:25:15 79328 --a------ C:\Documents and Settings\Owner\mqdmserd.sys <Not Verified; MCCI; Motorola USB Diag>
2008-04-09 18:25:15 92064 --a------ C:\Documents and Settings\Owner\mqdmmdm.sys <Not Verified; MCCI; Motorola USB Modem>
2008-04-09 18:25:15 9232 --a------ C:\Documents and Settings\Owner\mqdmmdfl.sys <Not Verified; MCCI; Motorola USB Modem Filter>
2008-04-09 18:25:15 4048 --a------ C:\Documents and Settings\Owner\mqdmcr.sys <Not Verified; MCCI; Motorola USB DIAG>
2008-04-09 18:25:15 6208 --a------ C:\Documents and Settings\Owner\mqdmcmnt.sys <Not Verified; MCCI; Motorola USB DIAG>
2008-04-09 18:25:15 66656 --a------ C:\Documents and Settings\Owner\mqdmbus.sys <Not Verified; MCCI; Motorola DM Composite Driver>
2008-04-09 18:25:14 6947 --a------ C:\Documents and Settings\Owner\1207779914-(null)
2008-04-09 17:43:44 22768 --a------ C:\Documents and Settings\Owner\usbsermpt.sys <Not Verified; Microsoft Corporation; Microsoft® Windows ® 2000 Operating System>
2008-04-07 22:08:22 0 d-------- C:\Program Files\DivX
2008-04-07 17:51:27 54356 --ah----- C:\WINDOWS\system32\mlfcache.dat
2008-04-07 17:16:03 0 d-------- C:\Program Files\MSBuild
2008-04-07 17:11:44 0 d-------- C:\WINDOWS\system32\XPSViewer
2008-04-07 17:11:12 0 d-------- C:\Program Files\Reference Assemblies
2008-04-07 17:10:12 0 d-------- C:\6d56f5267322cc7720fc22c557fc
2008-04-07 17:10:09 0 d-------- C:\Program Files\MSXML 6.0
2008-04-07 16:36:35 55039 --a------ C:\WINDOWS\BricoPackUninst.cmd
2008-04-07 16:33:42 6114 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd
2008-04-07 16:33:19 0 d-------- C:\WINDOWS\BricoPacks
2008-04-07 16:22:12 0 d-------- C:\Program Files\Safari
2008-04-07 16:20:22 0 d-------- C:\Program Files\iPod
2008-04-07 16:20:09 0 d-------- C:\Program Files\iTunes
2008-04-07 16:18:53 0 d-------- C:\Program Files\QuickTime
2008-04-03 19:01:49 0 d-------- C:\Program Files\MSXML 4.0
2008-04-03 19:00:08 0 d-------- C:\Program Files\Microsoft Games
2008-03-31 20:41:26 0 d-------- C:\temp
2008-03-31 20:37:34 0 d-------- C:\Program Files\Sony
2008-03-31 17:25:48 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2008-03-31 17:25:48 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2008-03-31 17:25:46 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-03-31 17:25:46 831488 --a------ C:\WINDOWS\system32\divx_xx0a.dll
2008-03-31 17:25:46 682496 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2008-03-30 21:33:42 0 d-------- C:\Program Files\MSN Messenger
2008-03-30 18:11:11 0 d-------- C:\Documents and Settings\Owner\Application Data\Leadertech
2008-03-28 20:03:50 0 d-------- C:\WINDOWS\Cache
2008-03-28 20:03:20 159744 --a------ C:\WINDOWS\system32\xvidvfw.dll
2008-03-28 20:03:20 552960 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-03-28 20:03:20 8704 --a------ C:\WINDOWS\system32\vidccleaner.exe <Not Verified; ; vidccleaner Application>
2008-03-28 20:03:02 217088 --a------ C:\WINDOWS\system32\skjpeg40.dll <Not Verified; STOIK Software; STOIK Software skjpeg>
2008-03-28 20:03:01 83968 --a------ C:\WINDOWS\system32\Skbase40.dll <Not Verified; STOIK Software Ltd.; STOIK Software Ltd. skbase>
2008-03-28 20:03:00 0 d-------- C:\Program Files\Samsung
2008-03-28 00:28:34 0 d-------- C:\Documents and Settings\Guest\Application Data\MSNInstaller
2008-03-28 00:28:34 0 d-------- C:\Documents and Settings\Guest\Application Data\MSN6
2008-03-28 00:04:55 0 d-------- C:\Documents and Settings\Guest\Application Data\Motive
2008-03-27 12:45:06 0 d-------- C:\Documents and Settings\Owner\Application Data\Motive
2008-03-27 12:31:19 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar
2008-03-27 12:31:12 0 d-------- C:\Program Files\Windows Live Toolbar
2008-03-27 11:55:56 0 d-------- C:\Documents and Settings\All Users\Application Data\Motive
2008-03-27 11:55:49 0 d-------- C:\Program Files\Common Files\Motive
2008-03-27 11:55:30 0 d-------- C:\Program Files\Verizon
2008-03-25 23:48:38 0 d-------- C:\Documents and Settings\Guest\Application Data\alot
2008-03-24 19:22:58 0 d-------- C:\Documents and Settings\Owner\Application Data\Template
2008-03-24 19:22:56 448 --a------ C:\Documents and Settings\Owner\Application Data\wklnhst.dat


-- Find3M Report ---------------------------------------------------------------

2008-04-22 14:27:17 0 d-------- C:\Documents and Settings\Owner\Application Data\LimeWire
2008-04-21 22:42:14 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-04-21 22:32:44 0 d-------- C:\Program Files\Common Files
2008-04-21 00:21:22 0 d-------- C:\Program Files\Norton Security Scan
2008-04-20 23:33:11 0 d-------- C:\Program Files\Movie Maker
2008-04-20 23:06:43 0 d-------- C:\Program Files\Java
2008-04-20 20:22:08 0 d-------- C:\Program Files\Symantec
2008-04-20 19:04:22 0 d-------- C:\Program Files\Real
2008-04-20 19:03:23 0 d-------- C:\Program Files\Common Files\Real
2008-04-20 19:01:24 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-18 21:15:17 0 d-------- C:\Program Files\Microsoft Picture It! 10
2008-04-10 15:34:23 0 d-------- C:\Documents and Settings\Owner\Application Data\Mozilla
2008-04-07 17:31:20 67376 --a------ C:\WINDOWS\system32\GDIPFONTCACHEV1.DAT
2008-04-07 17:09:01 0 d-------- C:\Program Files\Windows Media Connect 2
2008-04-07 16:36:35 218624 --a------ C:\WINDOWS\system32\uxtheme.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-07 16:22:46 0 d-------- C:\Documents and Settings\Owner\Application Data\Apple Computer
2008-03-28 20:02:17 0 d-------- C:\Program Files\Common Files\InstallShield
2008-03-27 12:54:06 0 d-------- C:\Documents and Settings\Owner\Application Data\MSN6
2008-03-21 16:30:08 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-03-21 16:28:54 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-03-21 16:28:54 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-03-21 16:28:20 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2008-03-20 20:09:55 0 d-------- C:\Program Files\Windows Live Safety Center
2008-03-16 21:53:16 0 d-------- C:\Documents and Settings\Owner\Application Data\Adobe
2008-03-16 13:36:56 0 d-------- C:\Program Files\MSN Encarta Plus
2008-03-16 13:36:55 0 d-------- C:\Program Files\Messenger
2008-03-16 13:36:54 0 d-------- C:\Program Files\Microsoft Works
2008-03-12 18:39:50 0 d-------- C:\Program Files\Common Files\Adobe
2008-03-12 18:33:44 0 d-------- C:\Documents and Settings\Owner\Application Data\AdobeUM
2008-03-11 21:02:04 0 d-------- C:\Program Files\Microsoft.NET
2008-03-11 21:02:04 0 d-------- C:\Program Files\Common Files\ODBC
2008-03-10 21:03:10 0 d-------- C:\Documents and Settings\Owner\Application Data\Macromedia
2008-03-08 22:40:43 0 d-------- C:\Program Files\Common Files\Digi506
2008-03-08 18:45:47 0 d-------- C:\Documents and Settings\Owner\Application Data\MSNInstaller
2008-03-08 18:23:07 0 d-------- C:\Documents and Settings\Owner\Application Data\Google
2008-03-08 17:29:36 0 d-------- C:\Program Files\Napster
2008-03-08 17:28:32 0 d-------- C:\Program Files\Common Files\Nullsoft
2008-03-08 17:28:30 0 d-------- C:\Program Files\Common Files\AOL
2008-03-06 17:17:46 0 d-------- C:\Documents and Settings\Owner\Application Data\Roxio
2008-03-06 01:02:15 0 d-------- C:\Program Files\Common Files\Logitech
2008-03-06 01:02:13 0 d-------- C:\Program Files\Logitech
2008-03-06 00:58:28 0 d-------- C:\Program Files\Windows Media Components
2008-03-05 01:16:23 0 d-------- C:\Program Files\America Online 9.0
2008-03-04 23:56:02 0 d-------- C:\Program Files\18 Wheels of Steel Haulin
2008-03-04 23:11:25 0 d-------- C:\Documents and Settings\Owner\Application Data\Viewpoint
2008-03-04 17:11:32 0 d-------- C:\Program Files\MSECache
2008-03-04 12:00:30 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-03-03 22:33:20 0 d-------- C:\Program Files\Canon
2008-03-03 21:36:20 0 d-------- C:\Program Files\Microsoft Office Outlook Connector for MSN
2008-03-03 21:35:56 0 d-------- C:\Program Files\Design Science
2008-03-03 20:16:39 0 d-------- C:\Program Files\Windows Live
2008-03-03 20:16:05 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-03-03 17:25:04 0 d-------- C:\Program Files\Apple Software Update
2008-03-03 17:24:44 0 d-------- C:\Program Files\Common Files\Apple
2008-03-03 17:13:57 0 d-------- C:\Program Files\Yahoo!
2008-03-03 17:12:00 0 d-------- C:\Program Files\Google
2008-03-03 16:32:59 0 d-------- C:\Documents and Settings\Owner\Application Data\acccore
2008-03-03 16:32:32 0 d-------- C:\Program Files\AIM6
2008-03-03 16:31:15 0 d-------- C:\Program Files\Viewpoint
2008-03-03 15:41:27 73728 --a------ C:\WINDOWS\ALCFDRTM.EXE <Not Verified; Realtek Semiconductor Corp.; Realtek ALCFDRTM>
2008-03-03 03:26:12 0 d-------- C:\Documents and Settings\Owner\Application Data\SampleView
2008-03-03 03:24:58 0 d-------- C:\Program Files\Realtek
2008-03-03 03:24:28 0 d-------- C:\Program Files\CyberLink
2008-03-03 03:24:20 0 d-------- C:\Program Files\Microsoft Money 2005
2008-03-03 03:23:28 0 d-------- C:\Program Files\Common Files\Roxio Shared
2008-03-03 03:19:37 0 d-------- C:\Program Files\BigFix
2008-03-03 03:19:26 0 d-------- C:\Program Files\Ahead
2008-03-03 03:19:01 0 d-------- C:\Program Files\Common Files\Ahead
2008-03-03 03:17:45 335 --a------ C:\WINDOWS\nsreg.dat
2008-03-03 03:17:15 0 d-------- C:\Program Files\Intel
2008-03-03 03:15:28 0 d-------- C:\Program Files\Digital Media Reader
2008-03-03 03:14:52 0 d-------- C:\Program Files\Common Files\New Boundary
2008-03-03 03:11:49 2 -r-hs---- C:\USER
2008-03-03 03:10:06 0 d-------- C:\Program Files\CONEXANT
2008-03-03 03:07:30 60 --a------ C:\WINDOWS\system32\SYSDRV.DAT


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"@"="" []
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [03/28/2008 11:37 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/10/2004 03:00 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\yayyXrRH

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{18642bf6-ec8f-11dc-9cb2-0013204f03da}]
AutoRun\command- L:\setupSNK.exe




-- End of Deckard's System Scanner: finished at 2008-04-22 19:13:44 ------------


Thanks for your help Sam

Edited by AndresParra, 22 April 2008 - 06:17 PM.


#4 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:06:22 PM

Posted 23 April 2008 - 07:02 AM

Also, I scanned my computer with Hijack This and checked all the items and clicked the "Fix Checked" button.

No no no no..... you are fortunate that your computer still boots up properly.
You don't kill cockroaches in your house with dynamite. You just kill the roaches. That's what we're trying to do.

Open HijackThis, and click on "View the list of Backups".
Place a check mark next to everything in that window except this one.

O4 - HKLM\..\Run: [Host Process] C:\Documents and Settings\Owner\svchost.exe

Click Restore, then click Yes
Reboot your computer, this is an important step.
Run HijackThis and post a new HijackThis log for review.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#5 AndresParra

AndresParra
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:22 PM

Posted 23 April 2008 - 05:55 PM

Deckard's System Scanner v20071014.68
Run by Owner on 2008-04-23 18:40:44
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Percentage of Memory in Use: 92% (more than 75%).
Total Physical Memory: 502 MiB (512 MiB recommended).


-- HijackThis (run as Owner.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:41:44 PM, on 4/23/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\QuickTime\QTTask.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\PROGRA~1\McAfee\MSC\mcregist.exe
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\zHotkey.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\System32\Rundll32.exe
C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\Owner\Desktop\dss.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Owner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://wapp.verizon.net/bookmarks/bmredir....&bm=wl_home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: (no name) - {0D428C81-C7B2-4F49-A33D-D50AAF60259C} - C:\WINDOWS\system32\yayyXrRH.dll (file missing)
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: gooochi browser optimizer - {dd2d73b2-c84e-f597-0459-28ae2acc3dd6} - C:\WINDOWS\system32\{16cfbf49-69bb-4bfb-01bf-ec430cac37b5}.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Mixersel] C:\Program Files\Realtek\InstallShield\mixersel.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [spa_start] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\{16cfbf49-69bb-4bfb-01bf-ec430cac37b5}.dll" DllInit
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
O4 - HKLM\..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-21-2572962645-943555807-991132012-1007\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (User 'Tati')
O4 - HKUS\S-1-5-21-2572962645-943555807-991132012-1007\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Tati')
O4 - HKUS\S-1-5-21-2572962645-943555807-991132012-1007\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Tati')
O4 - HKUS\S-1-5-21-2572962645-943555807-991132012-1007\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User 'Tati')
O4 - HKUS\S-1-5-21-2572962645-943555807-991132012-501\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (User 'Guest')
O4 - S-1-5-21-2572962645-943555807-991132012-1007 Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (User 'Tati')
O4 - S-1-5-21-2572962645-943555807-991132012-1007 User Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (User 'Tati')
O4 - S-1-5-21-2572962645-943555807-991132012-501 Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (User 'Guest')
O4 - S-1-5-21-2572962645-943555807-991132012-501 User Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (User 'Guest')
O4 - Startup: Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: Exif Launcher.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 10634 bytes

-- Files created between 2008-03-23 and 2008-04-23 -----------------------------

2008-04-22 15:30:41 0 d-------- C:\Documents and Settings\Tati\Application Data\SiteAdvisor
2008-04-21 22:36:34 0 d-------- C:\Documents and Settings\LocalService\Desktop
2008-04-21 22:36:34 0 d-------- C:\Documents and Settings\LocalService\Application Data\SiteAdvisor
2008-04-21 22:36:26 0 d-------- C:\Program Files\SiteAdvisor
2008-04-21 22:36:26 0 d-------- C:\Documents and Settings\Owner\Application Data\SiteAdvisor
2008-04-21 22:36:26 0 d-------- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-04-21 22:32:53 0 d-------- C:\Program Files\McAfee.com
2008-04-21 22:32:44 0 d-------- C:\Program Files\Common Files\McAfee
2008-04-21 22:32:17 0 d-------- C:\Program Files\McAfee
2008-04-21 21:17:00 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-04-21 21:16:57 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-04-21 20:29:42 0 d-------- C:\Program Files\Trend Micro
2008-04-20 23:38:58 0 d-------- C:\Program Files\LimeWire
2008-04-20 23:07:05 0 d-------- C:\Program Files\Three Rings Design
2008-04-20 22:44:22 0 d-------- C:\Documents and Settings\Owner\Application Data\DivX
2008-04-20 22:32:40 171 --a------ C:\KillUnin.bat
2008-04-20 01:35:40 0 d-------- C:\81fb2ccf914e86d7bba8
2008-04-20 01:22:12 399926 --a------ C:\WINDOWS\system32\g80.exe
2008-04-19 22:50:23 0 d-------- C:\WINDOWS\system32\bits
2008-04-19 22:33:20 0 d-------- C:\Documents and Settings\LocalService\Application Data\Google
2008-04-19 22:33:12 0 d---s---- C:\Documents and Settings\LocalService\Favorites
2008-04-19 21:33:31 419763 --ahs---- C:\WINDOWS\system32\HRrXyyay.ini2
2008-04-19 21:31:43 862 --a------ C:\WINDOWS\system32\winpfz33.sys
2008-04-19 21:31:00 0 d--hs---- C:\Documents and Settings\Owner\!
2008-04-19 21:30:38 88961 --a------ C:\WINDOWS\system32\mysidesearch_sidebar_uninstall.exe
2008-04-19 21:30:02 0 d--hs---- C:\WINDOWS\IA
2008-04-19 21:29:56 298311 --a------ C:\WINDOWS\system32\gside.exe
2008-04-19 21:29:47 1773568 ---hs---- C:\Documents and Settings\Owner\svchost.exe
2008-04-19 21:29:00 86144 --a------ C:\WINDOWS\system32\drivers\imapii.sys
2008-04-19 21:28:46 0 d-------- C:\WINDOWS\system32\Vb1
2008-04-19 21:28:46 0 d-------- C:\WINDOWS\system32\trcTMP
2008-04-19 21:28:46 0 d-------- C:\WINDOWS\system32\slNew
2008-04-19 21:28:45 0 d-------- C:\WINDOWS\system32\iTmp
2008-04-19 21:28:19 0 d-------- C:\WINDOWS\system32\xcsDd05
2008-04-19 16:08:19 0 d-------- C:\Documents and Settings\Tati\Application Data\Google
2008-04-18 20:00:00 0 d-------- C:\Documents and Settings\Guest\Application Data\Real
2008-04-17 15:49:30 0 d-------- C:\Documents and Settings\Tati\Application Data\Real
2008-04-17 11:46:57 0 d-------- C:\Documents and Settings\Owner\Application Data\Real
2008-04-17 11:29:44 0 d-------- C:\Program Files\Stardock
2008-04-16 13:17:51 0 d-------- C:\Program Files\Frets on Fire
2008-04-15 15:46:59 0 d-------- C:\Documents and Settings\Tati\Application Data\Apple Computer
2008-04-15 15:33:53 0 d-------- C:\Documents and Settings\Tati\Application Data\LimeWire
2008-04-14 23:37:51 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-04-14 18:04:55 0 d-------- C:\Documents and Settings\Tati\Application Data\FUJIFILM
2008-04-14 18:04:55 0 d-------- C:\Documents and Settings\Guest\Application Data\FUJIFILM
2008-04-14 14:01:54 0 d-------- C:\Documents and Settings\Tati\Contacts
2008-04-14 13:55:50 0 d-------- C:\Documents and Settings\Tati\Application Data\Macromedia
2008-04-14 13:55:08 0 d-------- C:\Documents and Settings\Tati\Application Data\Mozilla
2008-04-14 13:44:07 0 d-------- C:\Documents and Settings\Tati\Application Data\Motive
2008-04-14 13:29:16 0 d-------- C:\Documents and Settings\Tati\Application Data\Adobe
2008-04-14 13:23:07 0 d-------- C:\Documents and Settings\Tati\Application Data\Identities
2008-04-14 13:23:06 0 d--h----- C:\Documents and Settings\Tati\NetHood
2008-04-14 13:23:06 0 d---s---- C:\Documents and Settings\Tati\My Documents
2008-04-14 13:23:06 0 d--h----- C:\Documents and Settings\Tati\Local Settings
2008-04-14 13:23:06 0 d---s---- C:\Documents and Settings\Tati\Favorites
2008-04-14 13:23:06 0 d-------- C:\Documents and Settings\Tati\Desktop
2008-04-14 13:23:06 0 d--hs---- C:\Documents and Settings\Tati\Cookies
2008-04-14 13:23:06 0 d--h----- C:\Documents and Settings\Tati\Application Data
2008-04-14 13:23:06 0 d-------- C:\Documents and Settings\Tati\Application Data\Sun
2008-04-14 13:23:06 0 d-------- C:\Documents and Settings\Tati\Application Data\SampleView
2008-04-14 13:23:06 0 d---s---- C:\Documents and Settings\Tati\Application Data\Microsoft
2008-04-14 13:23:05 0 d-------- C:\Documents and Settings\Tati\WINDOWS
2008-04-14 13:23:05 0 d--h----- C:\Documents and Settings\Tati\Templates
2008-04-14 13:23:05 0 dr------- C:\Documents and Settings\Tati\Start Menu
2008-04-14 13:23:05 0 dr-h----- C:\Documents and Settings\Tati\SendTo
2008-04-14 13:23:05 0 d--hs---- C:\Documents and Settings\Tati\Recent
2008-04-14 13:23:05 0 d--h----- C:\Documents and Settings\Tati\PrintHood
2008-04-14 13:23:05 2621440 --ah----- C:\Documents and Settings\Tati\NTUSER.DAT
2008-04-14 12:37:52 13567 --a------ C:\WINDOWS\system32\drivers\CDRBSDRV.SYS <Not Verified; B.H.A Corporation; B's Recorder GOLD7>
2008-04-14 12:37:49 0 d-------- C:\Program Files\PIXELA
2008-04-14 12:37:16 106496 --a------ C:\WINDOWS\system32\FPXS2Pro.dll <Not Verified; FUJI PHOTO FILM CO., LTD.; FPXS2Pro.dll>
2008-04-14 12:36:51 0 d-------- C:\Documents and Settings\Owner\Application Data\FUJIFILM
2008-04-14 12:36:19 274432 --a------ C:\WINDOWS\system32\FFTIFF16.dll <Not Verified; FUJI PHOTO FILM CO., LTD.; FUJIFILM TIFF Image Library>
2008-04-14 12:36:19 155648 --a------ C:\WINDOWS\system32\FFRAFLIB.DLL <Not Verified; FUJI PHOTO FILM CO., LTD.; FUJIFILM CCD-RAW LIBRARY>
2008-04-14 12:36:19 0 d-------- C:\Program Files\FinePixViewer
2008-04-14 12:35:58 45056 --a------ C:\WINDOWS\system32\FINFCOPY.dll <Not Verified; FUJIFILM; FUJIFILM FINFCOPY>
2008-04-14 12:35:58 65536 --a------ C:\WINDOWS\system32\FINFCHECK.dll <Not Verified; FUJIFILM; FUJIFILM FINFCHECK>
2008-04-14 12:35:58 0 d-------- C:\Program Files\REGSHAVE
2008-04-14 12:35:56 69632 --a------ C:\WINDOWS\system32\FREGSHEX.DLL <Not Verified; FUJIFILM; FUJIFILM Fregshave>
2008-04-14 12:35:56 45056 --a------ C:\WINDOWS\system32\FCLKBTN.DLL <Not Verified; FUJIFILM; FUJIFILM FCLKBTN>
2008-04-13 19:00:15 9514 --a------ C:\logfile
2008-04-13 18:54:15 0 d-------- C:\Program Files\Kodak
2008-04-13 18:51:04 0 d-------- C:\Documents and Settings\All Users\Application Data\Kodak
2008-04-10 18:20:23 0 d-------- C:\Documents and Settings\Guest\Application Data\DivX
2008-04-10 15:35:09 0 d-------- C:\Documents and Settings\Owner\AbiSuite
2008-04-10 15:34:19 0 d-------- C:\Documents and Settings\Owner\Application Data\Thunderbird
2008-04-10 15:34:09 0 d-------- C:\Program Files\Mozilla Thunderbird
2008-04-10 15:14:14 12928 --a------ C:\WINDOWS\system32\drivers\filedisk.sys <Not Verified; Bo Brantén; filedisk>
2008-04-10 15:14:07 0 d-------- C:\Program Files\WinImage
2008-04-10 14:55:46 0 d-------- C:\Documents and Settings\Owner\Application Data\InfraRecorder
2008-04-09 18:26:30 0 d-------- C:\Program Files\Common Files\Motorola Shared
2008-04-09 18:25:15 5936 --a------ C:\WINDOWS\system32\drivers\mqdmwh.sys <Not Verified; MCCI; Motorola DM Composite Driver>
2008-04-09 18:25:15 6208 --a------ C:\WINDOWS\system32\drivers\mqdmcm.sys <Not Verified; MCCI; Motorola USB DIAG>
2008-04-09 18:25:15 5936 --a------ C:\Documents and Settings\Owner\mqdmwhnt.sys <Not Verified; MCCI; Motorola DM Composite Driver>
2008-04-09 18:25:15 79328 --a------ C:\Documents and Settings\Owner\mqdmserd.sys <Not Verified; MCCI; Motorola USB Diag>
2008-04-09 18:25:15 92064 --a------ C:\Documents and Settings\Owner\mqdmmdm.sys <Not Verified; MCCI; Motorola USB Modem>
2008-04-09 18:25:15 9232 --a------ C:\Documents and Settings\Owner\mqdmmdfl.sys <Not Verified; MCCI; Motorola USB Modem Filter>
2008-04-09 18:25:15 4048 --a------ C:\Documents and Settings\Owner\mqdmcr.sys <Not Verified; MCCI; Motorola USB DIAG>
2008-04-09 18:25:15 6208 --a------ C:\Documents and Settings\Owner\mqdmcmnt.sys <Not Verified; MCCI; Motorola USB DIAG>
2008-04-09 18:25:15 66656 --a------ C:\Documents and Settings\Owner\mqdmbus.sys <Not Verified; MCCI; Motorola DM Composite Driver>
2008-04-09 18:25:14 6947 --a------ C:\Documents and Settings\Owner\1207779914-(null)
2008-04-09 17:43:44 22768 --a------ C:\Documents and Settings\Owner\usbsermpt.sys <Not Verified; Microsoft Corporation; Microsoft® Windows ® 2000 Operating System>
2008-04-07 22:08:22 0 d-------- C:\Program Files\DivX
2008-04-07 17:51:27 54356 --ah----- C:\WINDOWS\system32\mlfcache.dat
2008-04-07 17:16:03 0 d-------- C:\Program Files\MSBuild
2008-04-07 17:11:44 0 d-------- C:\WINDOWS\system32\XPSViewer
2008-04-07 17:11:12 0 d-------- C:\Program Files\Reference Assemblies
2008-04-07 17:10:12 0 d-------- C:\6d56f5267322cc7720fc22c557fc
2008-04-07 17:10:09 0 d-------- C:\Program Files\MSXML 6.0
2008-04-07 16:36:35 55039 --a------ C:\WINDOWS\BricoPackUninst.cmd
2008-04-07 16:33:42 6114 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd
2008-04-07 16:33:19 0 d-------- C:\WINDOWS\BricoPacks
2008-04-07 16:22:12 0 d-------- C:\Program Files\Safari
2008-04-07 16:20:22 0 d-------- C:\Program Files\iPod
2008-04-07 16:20:09 0 d-------- C:\Program Files\iTunes
2008-04-07 16:18:53 0 d-------- C:\Program Files\QuickTime
2008-04-07 12:27:56 328704 --a------ C:\WINDOWS\system32\{16cfbf49-69bb-4bfb-01bf-ec430cac37b5}.dll
2008-04-03 19:01:49 0 d-------- C:\Program Files\MSXML 4.0
2008-04-03 19:00:08 0 d-------- C:\Program Files\Microsoft Games
2008-03-31 20:41:26 0 d-------- C:\temp
2008-03-31 20:37:34 0 d-------- C:\Program Files\Sony
2008-03-31 17:25:48 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2008-03-31 17:25:48 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2008-03-31 17:25:46 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-03-31 17:25:46 831488 --a------ C:\WINDOWS\system32\divx_xx0a.dll
2008-03-31 17:25:46 682496 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2008-03-30 21:33:42 0 d-------- C:\Program Files\MSN Messenger
2008-03-30 18:11:11 0 d-------- C:\Documents and Settings\Owner\Application Data\Leadertech
2008-03-28 20:03:50 0 d-------- C:\WINDOWS\Cache
2008-03-28 20:03:20 159744 --a------ C:\WINDOWS\system32\xvidvfw.dll
2008-03-28 20:03:20 552960 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-03-28 20:03:20 8704 --a------ C:\WINDOWS\system32\vidccleaner.exe <Not Verified; ; vidccleaner Application>
2008-03-28 20:03:02 217088 --a------ C:\WINDOWS\system32\skjpeg40.dll <Not Verified; STOIK Software; STOIK Software skjpeg>
2008-03-28 20:03:01 83968 --a------ C:\WINDOWS\system32\Skbase40.dll <Not Verified; STOIK Software Ltd.; STOIK Software Ltd. skbase>
2008-03-28 20:03:00 0 d-------- C:\Program Files\Samsung
2008-03-28 00:28:34 0 d-------- C:\Documents and Settings\Guest\Application Data\MSNInstaller
2008-03-28 00:28:34 0 d-------- C:\Documents and Settings\Guest\Application Data\MSN6
2008-03-28 00:04:55 0 d-------- C:\Documents and Settings\Guest\Application Data\Motive
2008-03-27 12:45:06 0 d-------- C:\Documents and Settings\Owner\Application Data\Motive
2008-03-27 12:31:19 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar
2008-03-27 12:31:12 0 d-------- C:\Program Files\Windows Live Toolbar
2008-03-27 11:55:56 0 d-------- C:\Documents and Settings\All Users\Application Data\Motive
2008-03-27 11:55:49 0 d-------- C:\Program Files\Common Files\Motive
2008-03-27 11:55:30 0 d-------- C:\Program Files\Verizon
2008-03-25 23:48:38 0 d-------- C:\Documents and Settings\Guest\Application Data\alot
2008-03-24 19:22:58 0 d-------- C:\Documents and Settings\Owner\Application Data\Template
2008-03-24 19:22:56 448 --a------ C:\Documents and Settings\Owner\Application Data\wklnhst.dat


-- Find3M Report ---------------------------------------------------------------

2008-04-22 14:27:17 0 d-------- C:\Documents and Settings\Owner\Application Data\LimeWire
2008-04-21 22:42:14 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-04-21 22:32:44 0 d-------- C:\Program Files\Common Files
2008-04-21 00:21:22 0 d-------- C:\Program Files\Norton Security Scan
2008-04-20 23:33:11 0 d-------- C:\Program Files\Movie Maker
2008-04-20 23:06:43 0 d-------- C:\Program Files\Java
2008-04-20 20:22:08 0 d-------- C:\Program Files\Symantec
2008-04-20 19:04:22 0 d-------- C:\Program Files\Real
2008-04-20 19:03:23 0 d-------- C:\Program Files\Common Files\Real
2008-04-20 19:01:24 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-18 21:15:17 0 d-------- C:\Program Files\Microsoft Picture It! 10
2008-04-10 15:34:23 0 d-------- C:\Documents and Settings\Owner\Application Data\Mozilla
2008-04-07 17:31:20 67376 --a------ C:\WINDOWS\system32\GDIPFONTCACHEV1.DAT
2008-04-07 17:09:01 0 d-------- C:\Program Files\Windows Media Connect 2
2008-04-07 16:36:35 218624 --a------ C:\WINDOWS\system32\uxtheme.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-07 16:22:46 0 d-------- C:\Documents and Settings\Owner\Application Data\Apple Computer
2008-03-28 20:02:17 0 d-------- C:\Program Files\Common Files\InstallShield
2008-03-27 12:54:06 0 d-------- C:\Documents and Settings\Owner\Application Data\MSN6
2008-03-21 16:30:08 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-03-21 16:28:54 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-03-21 16:28:54 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-03-21 16:28:20 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2008-03-20 20:09:55 0 d-------- C:\Program Files\Windows Live Safety Center
2008-03-16 21:53:16 0 d-------- C:\Documents and Settings\Owner\Application Data\Adobe
2008-03-16 13:36:56 0 d-------- C:\Program Files\MSN Encarta Plus
2008-03-16 13:36:55 0 d-------- C:\Program Files\Messenger
2008-03-16 13:36:54 0 d-------- C:\Program Files\Microsoft Works
2008-03-12 18:39:50 0 d-------- C:\Program Files\Common Files\Adobe
2008-03-12 18:33:44 0 d-------- C:\Documents and Settings\Owner\Application Data\AdobeUM
2008-03-11 21:02:04 0 d-------- C:\Program Files\Microsoft.NET
2008-03-11 21:02:04 0 d-------- C:\Program Files\Common Files\ODBC
2008-03-10 21:03:10 0 d-------- C:\Documents and Settings\Owner\Application Data\Macromedia
2008-03-08 22:40:43 0 d-------- C:\Program Files\Common Files\Digi506
2008-03-08 18:45:47 0 d-------- C:\Documents and Settings\Owner\Application Data\MSNInstaller
2008-03-08 18:23:07 0 d-------- C:\Documents and Settings\Owner\Application Data\Google
2008-03-08 17:29:36 0 d-------- C:\Program Files\Napster
2008-03-08 17:28:32 0 d-------- C:\Program Files\Common Files\Nullsoft
2008-03-08 17:28:30 0 d-------- C:\Program Files\Common Files\AOL
2008-03-06 17:17:46 0 d-------- C:\Documents and Settings\Owner\Application Data\Roxio
2008-03-06 01:02:15 0 d-------- C:\Program Files\Common Files\Logitech
2008-03-06 01:02:13 0 d-------- C:\Program Files\Logitech
2008-03-06 00:58:28 0 d-------- C:\Program Files\Windows Media Components
2008-03-05 01:16:23 0 d-------- C:\Program Files\America Online 9.0
2008-03-04 23:56:02 0 d-------- C:\Program Files\18 Wheels of Steel Haulin
2008-03-04 23:11:25 0 d-------- C:\Documents and Settings\Owner\Application Data\Viewpoint
2008-03-04 17:11:32 0 d-------- C:\Program Files\MSECache
2008-03-04 12:00:30 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-03-03 22:33:20 0 d-------- C:\Program Files\Canon
2008-03-03 21:36:20 0 d-------- C:\Program Files\Microsoft Office Outlook Connector for MSN
2008-03-03 21:35:56 0 d-------- C:\Program Files\Design Science
2008-03-03 20:16:39 0 d-------- C:\Program Files\Windows Live
2008-03-03 20:16:05 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-03-03 17:25:04 0 d-------- C:\Program Files\Apple Software Update
2008-03-03 17:24:44 0 d-------- C:\Program Files\Common Files\Apple
2008-03-03 17:13:57 0 d-------- C:\Program Files\Yahoo!
2008-03-03 17:12:00 0 d-------- C:\Program Files\Google
2008-03-03 16:32:59 0 d-------- C:\Documents and Settings\Owner\Application Data\acccore
2008-03-03 16:32:32 0 d-------- C:\Program Files\AIM6
2008-03-03 16:31:15 0 d-------- C:\Program Files\Viewpoint
2008-03-03 15:41:27 73728 --a------ C:\WINDOWS\ALCFDRTM.EXE <Not Verified; Realtek Semiconductor Corp.; Realtek ALCFDRTM>
2008-03-03 03:26:12 0 d-------- C:\Documents and Settings\Owner\Application Data\SampleView
2008-03-03 03:24:58 0 d-------- C:\Program Files\Realtek
2008-03-03 03:24:28 0 d-------- C:\Program Files\CyberLink
2008-03-03 03:24:20 0 d-------- C:\Program Files\Microsoft Money 2005
2008-03-03 03:23:28 0 d-------- C:\Program Files\Common Files\Roxio Shared
2008-03-03 03:19:37 0 d-------- C:\Program Files\BigFix
2008-03-03 03:19:26 0 d-------- C:\Program Files\Ahead
2008-03-03 03:19:01 0 d-------- C:\Program Files\Common Files\Ahead
2008-03-03 03:17:45 335 --a------ C:\WINDOWS\nsreg.dat
2008-03-03 03:17:15 0 d-------- C:\Program Files\Intel
2008-03-03 03:15:28 0 d-------- C:\Program Files\Digital Media Reader
2008-03-03 03:14:52 0 d-------- C:\Program Files\Common Files\New Boundary
2008-03-03 03:11:49 2 -r-hs---- C:\USER
2008-03-03 03:10:06 0 d-------- C:\Program Files\CONEXANT
2008-03-03 03:07:30 60 --a------ C:\WINDOWS\system32\SYSDRV.DAT


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0D428C81-C7B2-4F49-A33D-D50AAF60259C}]
C:\WINDOWS\system32\yayyXrRH.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{dd2d73b2-c84e-f597-0459-28ae2acc3dd6}]
04/07/2008 12:27 PM 328704 --a------ C:\WINDOWS\system32\{16cfbf49-69bb-4bfb-01bf-ec430cac37b5}.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"@"="" []
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [03/28/2008 11:37 PM]
"Alcmtr"="ALCMTR.EXE" [10/13/2004 09:00 PM C:\WINDOWS\ALCMTR.EXE]
"Mixersel"="C:\Program Files\Realtek\InstallShield\mixersel.exe" [11/10/2003 10:23 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 10:16 PM]
"Reminder"="%WINDIR%\Creator\Remind_XP.exe" []
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [12/01/2004 04:00 PM]
"ShowWnd"="ShowWnd.exe" [09/19/2003 01:09 PM C:\WINDOWS\ShowWnd.exe]
"LogitechImageStudioTray"="C:\Program Files\Logitech\ImageStudio\LogiTray.exe" [12/10/2002 07:31 PM]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [07/09/2001 03:50 PM]
"AlcWzrd"="ALCWZRD.EXE" [10/21/2004 10:44 PM C:\WINDOWS\ALCWZRD.EXE]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [08/05/2005 02:56 PM]
"Recguard"="%WINDIR%\SMINST\RECGUARD.EXE" []
"CHotkey"="zHotkey.exe" [05/17/2004 10:30 PM C:\WINDOWS\zHotkey.exe]
"SunKistEM"="C:\Program Files\Digital Media Reader\shwiconem.exe" [11/15/2004 07:04 PM]
"LVCOMS"="C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE" [12/10/2002 06:54 PM]
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" [08/12/2004 09:45 PM C:\WINDOWS\system32\Hdaudpropshortcut.exe]
"spa_start"="C:\WINDOWS\system32\{16cfbf49-69bb-4bfb-01bf-ec430cac37b5}.dll" [04/07/2008 12:27 PM]
"LogitechGalleryRepair"="C:\Program Files\Logitech\ImageStudio\ISStart.exe" [12/10/2002 07:32 PM]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [11/01/2007 07:12 PM]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6172\SiteAdv.exe" [08/24/2007 05:57 PM]
"Verizon_McciTrayApp"="C:\Program Files\Verizon\McciTrayApp.exe" [03/11/2007 05:37 PM]
"SoundMan"="SOUNDMAN.EXE" [10/21/2004 07:20 PM C:\WINDOWS\SOUNDMAN.EXE]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [12/01/2004 03:55 PM]
"zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [03/18/2004 10:33 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [03/30/2008 10:36 AM]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [02/04/2002 10:32 PM]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [11/03/2004 12:24 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/10/2004 03:00 PM]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [10/18/2007 11:34 AM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [04/23/2008 06:36 PM]

C:\Documents and Settings\Owner\Start Menu\Programs\Startup\
Yahoo! Widgets.lnk - C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe [12/11/2007 6:34:48 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
BigFix.lnk - C:\Program Files\BigFix\BigFix.exe [3/3/2008 3:19:37 AM]
Exif Launcher.lnk - C:\Program Files\FinePixViewer\QuickDCF.exe [4/14/2008 12:36:39 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\yayyXrRH

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{18642bf6-ec8f-11dc-9cb2-0013204f03da}]
AutoRun\command- L:\setupSNK.exe




-- End of Deckard's System Scanner: finished at 2008-04-23 18:43:16 ------------

Popups still come. I did what you said (restore and reboot), thanks for you help. Looking forward to further instructions.

#6 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:06:22 PM

Posted 23 April 2008 - 06:02 PM

Ok, good. Now let's get rid of what's bad.



Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    C:\WINDOWS\system32\HRrXyyay.ini2
    C:\WINDOWS\system32\winpfz33.sys
    C:\Documents and Settings\Owner\svchost.exe
    C:\WINDOWS\system32\gside.exe
    C:\WINDOWS\system32\drivers\imapii.sys
    C:\WINDOWS\system32\Vb1
    C:\WINDOWS\system32\trcTMP
    C:\WINDOWS\system32\slNew
    C:\WINDOWS\system32\iTmp
    C:\WINDOWS\system32\xcsDd05
    C:\WINDOWS\system32\yayyXrRH.dll 
    C:\WINDOWS\system32\{16cfbf49-69bb-4bfb-01bf-ec430cac37b5}.dll
    HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0D428C81-C7B2-4F49-A33D-D50AAF60259C}
    HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{dd2d73b2-c84e-f597-0459-28ae2acc3dd6}
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


==============




Please download ComboFix and save it to your desktop.
Prior to running Combofix.exe you should disable your antivirus program and disconnect from the internet.

Double click combofix.exe and follow the prompts.
When it's done running it will produce a log for you. Please post that log in your next reply.

Important Note - Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#7 AndresParra

AndresParra
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:22 PM

Posted 23 April 2008 - 10:10 PM

When the log came up
This error message also appeared
Error loading C:\WINDOWS\system32\{16cfbf49-69bb-4bfb-01bf-ec430cac37b5}.dll

the specified module could not be found

Not sure what that means, anyway here's the log

C:\WINDOWS\system32\HRrXyyay.ini2 moved successfully.
C:\WINDOWS\system32\winpfz33.sys moved successfully.
C:\Documents and Settings\Owner\svchost.exe moved successfully.
C:\WINDOWS\system32\gside.exe moved successfully.
File move failed. C:\WINDOWS\system32\drivers\imapii.sys scheduled to be moved on reboot.
C:\WINDOWS\system32\Vb1 moved successfully.
C:\WINDOWS\system32\trcTMP moved successfully.
C:\WINDOWS\system32\slNew moved successfully.
C:\WINDOWS\system32\iTmp moved successfully.
C:\WINDOWS\system32\xcsDd05 moved successfully.
File/Folder C:\WINDOWS\system32\yayyXrRH.dll not found.
C:\WINDOWS\system32\{16cfbf49-69bb-4bfb-01bf-ec430cac37b5}.dll unregistered successfully.
C:\WINDOWS\system32\{16cfbf49-69bb-4bfb-01bf-ec430cac37b5}.dll moved successfully.
< HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0D428C81-C7B2-4F49-A33D-D50AAF60259C} >
Registry key HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0D428C81-C7B2-4F49-A33D-D50AAF60259C}\\ not found.
< HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{dd2d73b2-c84e-f597-0459-28ae2acc3dd6} >
Registry key HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{dd2d73b2-c84e-f597-0459-28ae2acc3dd6}\\ not found.

OTMoveIt2 by OldTimer - Version 1.0.4.1 log created on 04232008_221338

Files moved on Reboot...
File move failed. C:\WINDOWS\system32\drivers\imapii.sys scheduled to be moved on reboot.

ComboFix 08-04-22.5 - Owner 2008-04-23 22:35:34.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.138 [GMT -4:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\temp\tn3
C:\WINDOWS\cookies.ini
C:\WINDOWS\IA
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\drivers\imapii.sys
C:\WINDOWS\system32\HRrXyyay.ini
C:\WINDOWS\system32\msnav32.ax
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\zxdnt3d.cfg

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_IMAPII
-------\Legacy_NETWORK_MONITOR
-------\Service_imapii


((((((((((((((((((((((((( Files Created from 2008-03-24 to 2008-04-24 )))))))))))))))))))))))))))))))
.

2008-04-23 22:13 . 2008-04-23 22:13 <DIR> d-------- C:\_OTMoveIt
2008-04-22 15:30 . 2008-04-22 15:30 <DIR> d-------- C:\Documents and Settings\Tati\Application Data\SiteAdvisor
2008-04-21 22:37 . 2008-04-23 22:44 9,569 --a------ C:\WINDOWS\system32\Config.MPF
2008-04-21 22:36 . 2008-04-23 18:39 <DIR> d-------- C:\Program Files\SiteAdvisor
2008-04-21 22:36 . 2008-04-21 23:44 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\SiteAdvisor
2008-04-21 22:36 . 2008-04-22 00:00 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\SiteAdvisor
2008-04-21 22:36 . 2008-04-21 22:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-04-21 22:34 . 2007-11-22 06:44 33,832 --a------ C:\WINDOWS\system32\drivers\mferkdk.sys
2008-04-21 22:33 . 2007-11-22 06:44 201,320 --a------ C:\WINDOWS\system32\drivers\mfehidk.sys
2008-04-21 22:33 . 2007-07-13 06:20 113,952 --a------ C:\WINDOWS\system32\drivers\Mpfp.sys
2008-04-21 22:33 . 2007-11-22 06:44 79,304 --a------ C:\WINDOWS\system32\drivers\mfeavfk.sys
2008-04-21 22:33 . 2007-12-02 12:51 40,488 --a------ C:\WINDOWS\system32\drivers\mfesmfk.sys
2008-04-21 22:33 . 2007-11-22 06:44 35,240 --a------ C:\WINDOWS\system32\drivers\mfebopk.sys
2008-04-21 22:32 . 2008-04-21 22:33 <DIR> d-------- C:\Program Files\McAfee.com
2008-04-21 22:32 . 2008-04-22 14:23 <DIR> d-------- C:\Program Files\McAfee
2008-04-21 22:32 . 2008-04-21 22:33 <DIR> d-------- C:\Program Files\Common Files\McAfee
2008-04-21 21:17 . 2008-04-21 21:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-04-21 21:16 . 2008-04-21 21:16 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-04-21 20:51 . 2008-04-21 20:51 <DIR> d-------- C:\Deckard
2008-04-21 20:29 . 2008-04-21 20:29 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-20 23:38 . 2008-04-20 23:51 <DIR> d-------- C:\Program Files\LimeWire
2008-04-20 23:07 . 2008-04-20 23:07 <DIR> d-------- C:\Program Files\Three Rings Design
2008-04-20 22:44 . 2008-04-20 22:44 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\DivX
2008-04-20 22:32 . 2008-04-20 22:32 171 --a------ C:\KillUnin.bat
2008-04-20 20:37 . 2008-04-20 20:37 4,432 --a------ C:\WINDOWS\system32\OEMINFO.PNF
2008-04-20 19:32 . 2008-04-20 20:22 7,570 --a------ C:\Documents and Settings\All Users\Application Data\LUUnInstall.LiveUpdate
2008-04-20 15:11 . 2008-04-20 15:40 1,540,653 --ahs---- C:\WINDOWS\system32\oyeeslkb.ini
2008-04-20 15:10 . 2008-04-20 15:36 109,788 --a------ C:\WINDOWS\BMeffcb530.xml
2008-04-20 01:35 . 2008-04-20 01:35 <DIR> d-------- C:\81fb2ccf914e86d7bba8
2008-04-20 01:22 . 2008-04-20 01:22 399,926 --a------ C:\WINDOWS\system32\g80.exe
2008-04-19 22:50 . 2008-04-19 22:50 <DIR> d-------- C:\WINDOWS\system32\bits
2008-04-19 22:49 . 2007-03-29 08:56 409,600 --a--c--- C:\WINDOWS\system32\dllcache\qmgr.dll
2008-04-19 22:49 . 2007-03-29 08:56 18,944 --a--c--- C:\WINDOWS\system32\dllcache\qmgrprxy.dll
2008-04-19 22:49 . 2007-03-29 08:56 8,192 --a--c--- C:\WINDOWS\system32\dllcache\bitsprx2.dll
2008-04-19 22:49 . 2007-03-29 08:56 7,168 --a--c--- C:\WINDOWS\system32\dllcache\bitsprx4.dll
2008-04-19 22:49 . 2007-03-29 08:56 7,168 --a--c--- C:\WINDOWS\system32\dllcache\bitsprx3.dll
2008-04-19 22:49 . 2007-03-29 08:56 7,168 --a------ C:\WINDOWS\system32\bitsprx4.dll
2008-04-19 21:31 . 2008-04-19 22:20 <DIR> d--hs---- C:\Documents and Settings\Owner\!
2008-04-19 21:30 . 2008-04-19 21:30 88,961 --a------ C:\WINDOWS\system32\mysidesearch_sidebar_uninstall.exe
2008-04-19 21:29 . 2008-04-19 21:29 167,545 --a------ C:\WINDOWS\system32\drivers\core.cache.dsk
2008-04-19 21:28 . 2008-04-19 21:29 <DIR> d-------- C:\temp\berDrv11
2008-04-17 11:29 . 2008-04-17 11:29 <DIR> d-------- C:\Program Files\Stardock
2008-04-16 13:17 . 2008-04-20 18:59 <DIR> d-------- C:\Program Files\Frets on Fire
2008-04-15 15:46 . 2008-04-19 13:18 <DIR> d-------- C:\Documents and Settings\Tati\Application Data\Apple Computer
2008-04-15 15:33 . 2008-04-19 17:39 <DIR> d-------- C:\Documents and Settings\Tati\Application Data\LimeWire
2008-04-15 11:47 . 2001-08-17 13:48 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-04-15 11:47 . 2001-08-17 13:48 12,160 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys
2008-04-15 11:45 . 2004-08-03 23:08 36,224 --a------ C:\WINDOWS\system32\drivers\hidclass.sys
2008-04-15 11:45 . 2004-08-03 23:08 36,224 --a--c--- C:\WINDOWS\system32\dllcache\hidclass.sys
2008-04-15 11:45 . 2004-08-03 23:08 24,960 --a------ C:\WINDOWS\system32\drivers\hidparse.sys
2008-04-15 11:45 . 2004-08-03 23:08 24,960 --a--c--- C:\WINDOWS\system32\dllcache\hidparse.sys
2008-04-15 11:45 . 2001-08-17 14:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2008-04-15 11:45 . 2001-08-17 14:02 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys
2008-04-14 23:37 . 2008-04-16 12:16 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-04-14 18:04 . 2008-04-14 18:04 <DIR> d-------- C:\Documents and Settings\Tati\Application Data\FUJIFILM
2008-04-14 18:04 . 2008-04-14 18:04 <DIR> d-------- C:\Documents and Settings\Guest\Application Data\FUJIFILM
2008-04-14 14:01 . 2008-04-14 14:03 <DIR> d-------- C:\Documents and Settings\Tati\Contacts
2008-04-14 13:44 . 2008-04-14 13:44 <DIR> d-------- C:\Documents and Settings\Tati\Application Data\Motive
2008-04-14 13:23 . 2005-04-13 14:17 <DIR> d-------- C:\Documents and Settings\Tati\WINDOWS
2008-04-14 13:23 . 2008-03-03 03:26 <DIR> d-------- C:\Documents and Settings\Tati\Application Data\SampleView
2008-04-14 13:23 . 2008-04-19 21:06 <DIR> d-------- C:\Documents and Settings\Tati
2008-04-14 13:23 . 2008-04-23 22:45 1,024 --ah----- C:\Documents and Settings\Tati\ntuser.dat.LOG
2008-04-14 12:37 . 2008-04-14 12:37 <DIR> d-------- C:\Program Files\PIXELA
2008-04-14 12:37 . 2002-04-07 13:26 106,496 --a------ C:\WINDOWS\system32\FPXS2Pro.dll
2008-04-14 12:37 . 2004-03-08 12:55 13,567 --a------ C:\WINDOWS\system32\drivers\CDRBSDRV.SYS
2008-04-14 12:36 . 2008-04-21 18:48 <DIR> d-------- C:\Program Files\FinePixViewer
2008-04-14 12:36 . 2008-04-14 12:49 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\FUJIFILM
2008-04-14 12:36 . 2003-09-03 07:45 274,432 --a------ C:\WINDOWS\system32\FFTIFF16.dll
2008-04-14 12:36 . 2004-07-24 12:28 155,648 --a------ C:\WINDOWS\system32\FFRAFLIB.DLL
2008-04-14 12:36 . 2001-11-25 07:11 81,924 --a------ C:\WINDOWS\system32\drivers\VC4CB104.SYS
2008-04-14 12:35 . 2008-04-14 12:35 <DIR> d-------- C:\Program Files\REGSHAVE
2008-04-14 12:35 . 2002-02-05 12:33 69,632 --a------ C:\WINDOWS\system32\FREGSHEX.DLL
2008-04-14 12:35 . 2002-02-27 07:27 65,536 --a------ C:\WINDOWS\system32\FINFCHECK.dll
2008-04-14 12:35 . 2002-06-25 10:06 45,056 --a------ C:\WINDOWS\system32\FINFCOPY.dll
2008-04-14 12:35 . 2002-02-13 06:00 45,056 --a------ C:\WINDOWS\system32\FCLKBTN.DLL
2008-04-13 19:00 . 2008-04-20 18:47 9,514 --a------ C:\logfile
2008-04-13 18:55 . 2004-08-04 00:56 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2008-04-13 18:55 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-04-13 18:55 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2008-04-13 18:55 . 2001-08-17 22:36 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2008-04-13 18:54 . 2008-04-20 19:08 <DIR> d-------- C:\Program Files\Kodak
2008-04-13 18:51 . 2008-04-20 19:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kodak
2008-04-13 18:45 . 2008-04-13 18:45 16 --a------ C:\s5no.1
2008-04-10 18:20 . 2008-04-10 18:20 <DIR> d-------- C:\Documents and Settings\Guest\Application Data\DivX
2008-04-10 15:35 . 2008-04-10 15:35 <DIR> d-------- C:\Documents and Settings\Owner\AbiSuite
2008-04-10 15:34 . 2008-04-20 19:02 <DIR> d-------- C:\Program Files\Mozilla Thunderbird
2008-04-10 15:34 . 2008-04-10 15:34 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Thunderbird
2008-04-10 15:19 . 2008-04-10 15:19 0 --a------ C:\Debug.QC6
2008-04-10 15:14 . 2008-04-20 22:32 <DIR> d-------- C:\Program Files\WinImage
2008-04-10 15:14 . 2005-10-16 08:00 12,928 --a------ C:\WINDOWS\system32\drivers\filedisk.sys
2008-04-10 14:55 . 2008-04-10 15:11 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\InfraRecorder
2008-04-09 18:46 . 2008-04-09 18:46 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-04-09 18:46 . 2008-04-09 18:46 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_motport_01005.Wdf
2008-04-09 18:46 . 2008-04-09 18:46 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_motmodem_01005.Wdf
2008-04-09 18:46 . 2008-04-09 18:46 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_motccgpfl_01005.Wdf
2008-04-09 18:46 . 2008-04-09 18:46 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_motccgp_01005.Wdf
2008-04-09 18:45 . 2006-11-13 14:45 1,419,232 --a------ C:\WINDOWS\system32\wdfcoinstaller01005.dll
2008-04-09 18:45 . 2007-02-27 14:31 21,504 --a------ C:\WINDOWS\system32\drivers\motport.sys
2008-04-09 18:45 . 2007-02-27 14:31 21,504 --a------ C:\WINDOWS\system32\drivers\motmodem.sys
2008-04-09 18:45 . 2007-02-27 14:31 17,792 --a------ C:\WINDOWS\system32\drivers\motccgp.sys
2008-04-09 18:45 . 2007-01-23 19:03 7,680 --a------ C:\WINDOWS\system32\drivers\motccgpfl.sys
2008-04-09 18:45 . 2006-12-06 17:33 6,400 --a------ C:\WINDOWS\system32\drivers\motswch.sys
2008-04-09 18:26 . 2008-04-09 18:26 <DIR> d-------- C:\Program Files\Common Files\Motorola Shared
2008-04-09 18:25 . 2008-04-09 18:25 92,064 --a------ C:\Documents and Settings\Owner\mqdmmdm.sys
2008-04-09 18:25 . 2008-04-09 18:25 79,328 --a------ C:\Documents and Settings\Owner\mqdmserd.sys
2008-04-09 18:25 . 2008-04-09 18:25 66,656 --a------ C:\Documents and Settings\Owner\mqdmbus.sys
2008-04-09 18:25 . 2008-04-09 18:25 9,232 --a------ C:\Documents and Settings\Owner\mqdmmdfl.sys
2008-04-09 18:25 . 2008-04-09 18:25 6,208 --a------ C:\WINDOWS\system32\drivers\mqdmcm.sys
2008-04-09 18:25 . 2008-04-09 18:25 6,208 --a------ C:\Documents and Settings\Owner\mqdmcmnt.sys
2008-04-09 18:25 . 2008-04-09 18:25 5,936 --a------ C:\WINDOWS\system32\drivers\mqdmwh.sys
2008-04-09 18:25 . 2008-04-09 18:25 5,936 --a------ C:\Documents and Settings\Owner\mqdmwhnt.sys
2008-04-09 18:25 . 2008-04-09 18:25 4,048 --a------ C:\Documents and Settings\Owner\mqdmcr.sys
2008-04-09 17:45 . 2004-08-03 23:08 25,600 --a------ C:\WINDOWS\system32\drivers\usbser.sys
2008-04-09 17:45 . 2004-08-03 23:08 25,600 --a--c--- C:\WINDOWS\system32\dllcache\usbser.sys
2008-04-09 17:45 . 2003-12-26 05:22 24,192 -ra------ C:\WINDOWS\system32\drivers\OLD26D.tmp
2008-04-09 17:43 . 2008-04-09 18:25 25,600 --a------ C:\Documents and Settings\Owner\usbsermptxp.sys
2008-04-09 17:43 . 2008-04-09 18:25 22,768 --a------ C:\Documents and Settings\Owner\usbsermpt.sys
2008-04-07 22:08 . 2008-04-07 22:10 <DIR> d-------- C:\Program Files\DivX
2008-04-07 17:51 . 2008-04-07 17:51 54,356 --ah----- C:\WINDOWS\system32\mlfcache.dat
2008-04-07 17:16 . 2008-04-07 17:16 <DIR> d-------- C:\Program Files\MSBuild
2008-04-07 17:11 . 2008-04-07 17:11 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2008-04-07 17:11 . 2008-04-07 17:11 <DIR> d-------- C:\Program Files\Reference Assemblies
2008-04-07 17:10 . 2008-04-07 17:10 <DIR> d-------- C:\Program Files\MSXML 6.0
2008-04-07 17:10 . 2008-04-07 17:10 <DIR> d-------- C:\6d56f5267322cc7720fc22c557fc
2008-04-07 17:10 . 2006-06-29 13:07 14,048 --a------ C:\WINDOWS\system32\spmsg2.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-22 18:27 --------- d-----w C:\Documents and Settings\Owner\Application Data\LimeWire
2008-04-22 02:42 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-04-22 02:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2008-04-21 04:21 --------- d-----w C:\Program Files\Norton Security Scan
2008-04-21 03:06 --------- d-----w C:\Program Files\Java
2008-04-21 00:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-04-21 00:22 --------- d-----w C:\Program Files\Symantec
2008-04-20 23:04 --------- d-----w C:\Program Files\Real
2008-04-20 23:03 --------- d-----w C:\Program Files\Common Files\Real
2008-04-20 23:01 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-20 05:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee.com
2008-04-19 01:15 --------- d-----w C:\Program Files\Microsoft Picture It! 10
2008-04-19 00:01 --------- d-----w C:\Documents and Settings\Guest\Application Data\LimeWire
2008-04-09 03:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-04-07 21:09 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-04-07 20:22 --------- d-----w C:\Documents and Settings\Owner\Application Data\Apple Computer
2008-04-01 19:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-04-01 04:53 446 ----a-w C:\Documents and Settings\Guest\Application Data\wklnhst.dat
2008-03-29 00:02 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-03-27 16:54 --------- d-----w C:\Documents and Settings\Owner\Application Data\MSN6
2008-03-21 00:09 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-03-16 17:39 --------- d-----w C:\Documents and Settings\Guest\Application Data\Leadertech
2008-03-16 17:36 --------- d-----w C:\Program Files\MSN Encarta Plus
2008-03-16 17:36 --------- d-----w C:\Program Files\Microsoft Works
2008-03-12 22:39 --------- d-----w C:\Program Files\Common Files\Adobe
2008-03-12 22:33 --------- d-----w C:\Documents and Settings\Owner\Application Data\AdobeUM
2008-03-12 01:02 --------- d-----w C:\Program Files\Microsoft.NET
2008-03-09 03:00 --------- d-----w C:\Documents and Settings\Guest\Application Data\Apple Computer
2008-03-09 02:40 --------- d-----w C:\Program Files\Common Files\Digi506
2008-03-08 22:45 --------- d-----w C:\Documents and Settings\Owner\Application Data\MSNInstaller
2008-03-08 21:29 --------- d-----w C:\Program Files\Napster
2008-03-08 21:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Napster
2008-03-08 21:28 --------- d-----w C:\Program Files\Common Files\Nullsoft
2008-03-08 21:28 --------- d-----w C:\Program Files\Common Files\AOL
2008-03-08 02:00 --------- d-----w C:\Documents and Settings\Guest\Application Data\InstallShield Installation Information
2008-03-08 02:00 --------- d-----w C:\Documents and Settings\Guest\Application Data\InstallShield
2008-03-06 21:17 --------- d-----w C:\Documents and Settings\Owner\Application Data\Roxio
2008-03-06 05:02 --------- d-----w C:\Program Files\Logitech
2008-03-06 05:02 --------- d-----w C:\Program Files\Common Files\Logitech
2008-03-06 04:58 --------- d-----w C:\Program Files\Windows Media Components
2008-03-05 05:16 --------- d-----w C:\Program Files\America Online 9.0
2008-03-05 05:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-03-05 03:56 --------- d-----w C:\Program Files\18 Wheels of Steel Haulin
2008-03-05 03:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Trymedia
2008-03-05 03:11 --------- d-----w C:\Documents and Settings\Owner\Application Data\Viewpoint
2008-03-05 00:28 --------- d-----w C:\Documents and Settings\Guest\Application Data\acccore
2008-03-04 21:11 --------- d-----w C:\Program Files\MSECache
2008-03-04 20:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\MSN6
2008-03-04 16:00 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-03-04 03:47 --------- d-----w C:\Documents and Settings\Guest\Application Data\Template
2008-03-04 02:33 --------- d-----w C:\Program Files\Canon
2008-03-04 01:36 --------- d-----w C:\Program Files\Microsoft Office Outlook Connector for MSN
2008-03-04 01:35 --------- d-----w C:\Program Files\Design Science
2008-03-04 00:16 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-03-04 00:16 --------- d-----w C:\Program Files\Windows Live
2008-03-03 21:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-03-03 21:25 --------- d-----w C:\Program Files\Apple Software Update
2008-03-03 21:24 --------- d-----w C:\Program Files\Common Files\Apple
2008-03-03 21:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2008-03-03 21:13 --------- d-----w C:\Program Files\Yahoo!
2008-03-03 21:12 --------- d-----w C:\Program Files\Google
2008-03-03 20:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL OCP
2008-03-03 20:32 --------- d-----w C:\Program Files\AIM6
2008-03-03 20:32 --------- d-----w C:\Documents and Settings\Owner\Application Data\acccore
2008-03-03 20:31 --------- d-----w C:\Program Files\Viewpoint
2008-03-03 20:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-03-03 19:41 73,728 ----a-w C:\WINDOWS\ALCFDRTM.EXE
2008-03-03 07:26 --------- d-----w C:\WINDOWS\system32\config\systemprofile\Application Data\SampleView
2008-03-03 07:26 --------- d-----w C:\Documents and Settings\Owner\Application Data\SampleView
2008-03-03 07:26 --------- d-----w C:\Documents and Settings\Guest\Application Data\SampleView
2008-03-03 07:26 --------- d-----w C:\Documents and Settings\Administrator\Application Data\SampleView
2008-03-03 07:24 --------- d-----w C:\Program Files\Realtek
2008-03-03 07:24 --------- d-----w C:\Program Files\Microsoft Money 2005
2008-03-03 07:24 --------- d-----w C:\Program Files\CyberLink
2008-03-03 07:23 --------- d-----w C:\Program Files\Common Files\Roxio Shared
2008-03-03 07:20 --------- d-----w C:\WINDOWS\system32\config\systemprofile\Application Data\McAfee
2008-03-03 07:19 --------- d-----w C:\Program Files\Common Files\Ahead
2008-03-03 07:19 --------- d-----w C:\Program Files\BigFix
2008-03-03 07:19 --------- d-----w C:\Program Files\Ahead
2008-03-03 07:18 --------- d-----w C:\WINDOWS\system32\config\systemprofile\Application Data\You've Got Pictures Screensaver
2008-03-03 07:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\QuickTime
2008-03-03 07:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Pure Networks
2008-03-03 07:17 --------- d-----w C:\Program Files\Intel
2008-03-03 07:15 --------- d-----w C:\Program Files\Digital Media Reader
2008-03-03 07:14 --------- d-----w C:\Program Files\Common Files\New Boundary
2008-03-03 07:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Prism Deploy
2008-03-03 07:12 --------- d-----w C:\WINDOWS\system32\config\systemprofile\Application Data\Symantec
2008-03-03 07:10 --------- d-----w C:\Program Files\CONEXANT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0D428C81-C7B2-4F49-A33D-D50AAF60259C}]
C:\WINDOWS\system32\yayyXrRH.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 15:00 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-04-23 18:36 171448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"Mixersel"="C:\Program Files\Realtek\InstallShield\mixersel.exe" [2003-11-10 22:23 369664]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"Reminder"="%WINDIR%\Creator\Remind_XP.exe" [ ]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-12-01 16:00 155648]
"ShowWnd"="ShowWnd.exe" [2003-09-19 13:09 36864 C:\WINDOWS\ShowWnd.exe]
"LogitechImageStudioTray"="C:\Program Files\Logitech\ImageStudio\LogiTray.exe" [2002-12-10 19:31 61440]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 15:50 155648]
"AlcWzrd"="ALCWZRD.EXE" [2004-10-21 22:44 2744832 C:\WINDOWS\ALCWZRD.EXE]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 14:56 64512]
"Recguard"="%WINDIR%\SMINST\RECGUARD.EXE" [ ]
"CHotkey"="zHotkey.exe" [2004-05-17 22:30 543232 C:\WINDOWS\zHotkey.exe]
"SunKistEM"="C:\Program Files\Digital Media Reader\shwiconem.exe" [2004-11-15 19:04 135168]
"LVCOMS"="C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE" [2002-12-10 18:54 127022]
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" [2004-08-12 21:45 61952 C:\WINDOWS\system32\Hdaudpropshortcut.exe]
"LogitechGalleryRepair"="C:\Program Files\Logitech\ImageStudio\ISStart.exe" [2002-12-10 19:32 155648]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-11-01 19:12 582992]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6172\SiteAdv.exe" [2007-08-24 17:57 36640]
"Verizon_McciTrayApp"="C:\Program Files\Verizon\McciTrayApp.exe" [2007-03-11 17:37 936960]
"SoundMan"="SOUNDMAN.EXE" [2004-10-21 19:20 77824 C:\WINDOWS\SOUNDMAN.EXE]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-12-01 15:55 126976]
"zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [2004-03-18 10:33 892928]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [2002-02-04 22:32 53248]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-03 00:24 32768]

C:\Documents and Settings\Owner\Start Menu\Programs\Startup\
Yahoo! Widgets.lnk - C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe [2007-12-11 18:34:48 3746856]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
BigFix.lnk - C:\Program Files\BigFix\BigFix.exe [2008-03-03 03:19:37 1742384]
Exif Launcher.lnk - C:\Program Files\FinePixViewer\QuickDCF.exe [2008-04-14 12:36:39 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\WINDOWS\\system32\\rundll32.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 17:38]
S3 motccgp;Motorola USB Composite Device Driver;C:\WINDOWS\system32\DRIVERS\motccgp.sys [2007-02-27 14:31]
S3 motccgpfl;MotCcgpFlService;C:\WINDOWS\system32\DRIVERS\motccgpfl.sys [2007-01-23 19:03]
S3 motport;Motorola USB Diagnostic Port;C:\WINDOWS\system32\DRIVERS\motport.sys [2007-02-27 14:31]
S3 mqdmbus;Motorola DM Composite Driver (WDM);C:\WINDOWS\system32\DRIVERS\mqdmbus.sys []
S3 mqdmmdfl;Motorola USB Modem (Filter);C:\WINDOWS\system32\DRIVERS\mqdmmdfl.sys []
S3 mqdmmdm;Motorola USB Modem;C:\WINDOWS\system32\DRIVERS\mqdmmdm.sys []
S3 mqdmserd;Motorola USB Diag;C:\WINDOWS\system32\DRIVERS\mqdmserd.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{18642bf6-ec8f-11dc-9cb2-0013204f03da}]
\Shell\AutoRun\command - L:\setupSNK.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-04-19 21:53:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-04-24 02:38:04 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-04-22 02:33:20 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe'
"2008-04-22 02:33:18 C:\WINDOWS\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
"2008-04-18 22:00:00 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-23 22:50:31
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 70

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\Program Files\SiteAdvisor\6172\saHook.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\ehome\ehrecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\PROGRA~1\COMMON~1\McAfee\MNA\McNASvc.exe
C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\Mcshield.exe
C:\Program Files\McAfee\MPF\MpfSrv.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\PROGRA~1\McAfee\MSC\mcuimgr.exe
.
**************************************************************************
.
Completion time: 2008-04-23 22:58:45 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-24 02:58:38

Pre-Run: 213,365,403,648 bytes free
Post-Run: 214,719,369,216 bytes free

380 --- E O F --- 2008-04-22 07:01:34

Here's a fresh HJT Log:

Deckard's System Scanner v20071014.68
Run by Owner on 2008-04-23 23:17:26
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Percentage of Memory in Use: 78% (more than 75%).
Total Physical Memory: 502 MiB (512 MiB recommended).


-- HijackThis (run as Owner.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:17:44 PM, on 4/23/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\dllhost.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\QuickTime\QTTask.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\zHotkey.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\WINDOWS\explorer.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Documents and Settings\Owner\Desktop\dss.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Owner.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: (no name) - {0D428C81-C7B2-4F49-A33D-D50AAF60259C} - C:\WINDOWS\system32\yayyXrRH.dll (file missing)
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Mixersel] C:\Program Files\Realtek\InstallShield\mixersel.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
O4 - HKLM\..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Startup: Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: Exif Launcher.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 8610 bytes

-- Files created between 2008-03-23 and 2008-04-23 -----------------------------

2008-04-23 22:33:28 68096 --a------ C:\WINDOWS\zip.exe
2008-04-23 22:33:28 49152 --a------ C:\WINDOWS\VFind.exe
2008-04-23 22:33:28 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-04-23 22:33:28 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-04-23 22:33:28 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-04-23 22:33:28 98816 --a------ C:\WINDOWS\sed.exe
2008-04-23 22:33:28 80412 --a------ C:\WINDOWS\grep.exe
2008-04-23 22:33:28 73728 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-04-22 15:30:41 0 d-------- C:\Documents and Settings\Tati\Application Data\SiteAdvisor
2008-04-21 22:36:34 0 d-------- C:\Documents and Settings\LocalService\Desktop
2008-04-21 22:36:34 0 d-------- C:\Documents and Settings\LocalService\Application Data\SiteAdvisor
2008-04-21 22:36:26 0 d-------- C:\Program Files\SiteAdvisor
2008-04-21 22:36:26 0 d-------- C:\Documents and Settings\Owner\Application Data\SiteAdvisor
2008-04-21 22:36:26 0 d-------- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-04-21 22:32:53 0 d-------- C:\Program Files\McAfee.com
2008-04-21 22:32:44 0 d-------- C:\Program Files\Common Files\McAfee
2008-04-21 22:32:17 0 d-------- C:\Program Files\McAfee
2008-04-21 21:17:00 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-04-21 21:16:57 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-04-21 20:29:42 0 d-------- C:\Program Files\Trend Micro
2008-04-20 23:38:58 0 d-------- C:\Program Files\LimeWire
2008-04-20 23:07:05 0 d-------- C:\Program Files\Three Rings Design
2008-04-20 22:44:22 0 d-------- C:\Documents and Settings\Owner\Application Data\DivX
2008-04-20 22:32:40 171 --a------ C:\KillUnin.bat
2008-04-20 01:35:40 0 d-------- C:\81fb2ccf914e86d7bba8
2008-04-20 01:22:12 399926 --a------ C:\WINDOWS\system32\g80.exe
2008-04-19 22:50:23 0 d-------- C:\WINDOWS\system32\bits
2008-04-19 22:33:20 0 d-------- C:\Documents and Settings\LocalService\Application Data\Google
2008-04-19 22:33:12 0 d---s---- C:\Documents and Settings\LocalService\Favorites
2008-04-19 21:31:00 0 d--hs---- C:\Documents and Settings\Owner\!
2008-04-19 21:30:38 88961 --a------ C:\WINDOWS\system32\mysidesearch_sidebar_uninstall.exe
2008-04-19 16:08:19 0 d-------- C:\Documents and Settings\Tati\Application Data\Google
2008-04-18 20:00:00 0 d-------- C:\Documents and Settings\Guest\Application Data\Real
2008-04-17 15:49:30 0 d-------- C:\Documents and Settings\Tati\Application Data\Real
2008-04-17 11:46:57 0 d-------- C:\Documents and Settings\Owner\Application Data\Real
2008-04-17 11:29:44 0 d-------- C:\Program Files\Stardock
2008-04-16 13:17:51 0 d-------- C:\Program Files\Frets on Fire
2008-04-15 15:46:59 0 d-------- C:\Documents and Settings\Tati\Application Data\Apple Computer
2008-04-15 15:33:53 0 d-------- C:\Documents and Settings\Tati\Application Data\LimeWire
2008-04-14 23:37:51 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-04-14 18:04:55 0 d-------- C:\Documents and Settings\Tati\Application Data\FUJIFILM
2008-04-14 18:04:55 0 d-------- C:\Documents and Settings\Guest\Application Data\FUJIFILM
2008-04-14 14:01:54 0 d-------- C:\Documents and Settings\Tati\Contacts
2008-04-14 13:55:50 0 d-------- C:\Documents and Settings\Tati\Application Data\Macromedia
2008-04-14 13:55:08 0 d-------- C:\Documents and Settings\Tati\Application Data\Mozilla
2008-04-14 13:44:07 0 d-------- C:\Documents and Settings\Tati\Application Data\Motive
2008-04-14 13:29:16 0 d-------- C:\Documents and Settings\Tati\Application Data\Adobe
2008-04-14 13:23:07 0 d-------- C:\Documents and Settings\Tati\Application Data\Identities
2008-04-14 13:23:06 0 d--h----- C:\Documents and Settings\Tati\NetHood
2008-04-14 13:23:06 0 d---s---- C:\Documents and Settings\Tati\My Documents
2008-04-14 13:23:06 0 d--h----- C:\Documents and Settings\Tati\Local Settings
2008-04-14 13:23:06 0 d---s---- C:\Documents and Settings\Tati\Favorites
2008-04-14 13:23:06 0 d-------- C:\Documents and Settings\Tati\Desktop
2008-04-14 13:23:06 0 d--hs---- C:\Documents and Settings\Tati\Cookies
2008-04-14 13:23:06 0 d--h----- C:\Documents and Settings\Tati\Application Data
2008-04-14 13:23:06 0 d-------- C:\Documents and Settings\Tati\Application Data\Sun
2008-04-14 13:23:06 0 d-------- C:\Documents and Settings\Tati\Application Data\SampleView
2008-04-14 13:23:06 0 d---s---- C:\Documents and Settings\Tati\Application Data\Microsoft
2008-04-14 13:23:05 0 d-------- C:\Documents and Settings\Tati\WINDOWS
2008-04-14 13:23:05 0 d--h----- C:\Documents and Settings\Tati\Templates
2008-04-14 13:23:05 0 dr------- C:\Documents and Settings\Tati\Start Menu
2008-04-14 13:23:05 0 dr-h----- C:\Documents and Settings\Tati\SendTo
2008-04-14 13:23:05 0 d--hs---- C:\Documents and Settings\Tati\Recent
2008-04-14 13:23:05 0 d--h----- C:\Documents and Settings\Tati\PrintHood
2008-04-14 13:23:05 2621440 --ah----- C:\Documents and Settings\Tati\NTUSER.DAT
2008-04-14 12:37:52 13567 --a------ C:\WINDOWS\system32\drivers\CDRBSDRV.SYS <Not Verified; B.H.A Corporation; B's Recorder GOLD7>
2008-04-14 12:37:49 0 d-------- C:\Program Files\PIXELA
2008-04-14 12:37:16 106496 --a------ C:\WINDOWS\system32\FPXS2Pro.dll <Not Verified; FUJI PHOTO FILM CO., LTD.; FPXS2Pro.dll>
2008-04-14 12:36:51 0 d-------- C:\Documents and Settings\Owner\Application Data\FUJIFILM
2008-04-14 12:36:19 274432 --a------ C:\WINDOWS\system32\FFTIFF16.dll <Not Verified; FUJI PHOTO FILM CO., LTD.; FUJIFILM TIFF Image Library>
2008-04-14 12:36:19 155648 --a------ C:\WINDOWS\system32\FFRAFLIB.DLL <Not Verified; FUJI PHOTO FILM CO., LTD.; FUJIFILM CCD-RAW LIBRARY>
2008-04-14 12:36:19 0 d-------- C:\Program Files\FinePixViewer
2008-04-14 12:35:58 45056 --a------ C:\WINDOWS\system32\FINFCOPY.dll <Not Verified; FUJIFILM; FUJIFILM FINFCOPY>
2008-04-14 12:35:58 65536 --a------ C:\WINDOWS\system32\FINFCHECK.dll <Not Verified; FUJIFILM; FUJIFILM FINFCHECK>
2008-04-14 12:35:58 0 d-------- C:\Program Files\REGSHAVE
2008-04-14 12:35:56 69632 --a------ C:\WINDOWS\system32\FREGSHEX.DLL <Not Verified; FUJIFILM; FUJIFILM Fregshave>
2008-04-14 12:35:56 45056 --a------ C:\WINDOWS\system32\FCLKBTN.DLL <Not Verified; FUJIFILM; FUJIFILM FCLKBTN>
2008-04-13 19:00:15 9514 --a------ C:\logfile
2008-04-13 18:54:15 0 d-------- C:\Program Files\Kodak
2008-04-13 18:51:04 0 d-------- C:\Documents and Settings\All Users\Application Data\Kodak
2008-04-10 18:20:23 0 d-------- C:\Documents and Settings\Guest\Application Data\DivX
2008-04-10 15:35:09 0 d-------- C:\Documents and Settings\Owner\AbiSuite
2008-04-10 15:34:19 0 d-------- C:\Documents and Settings\Owner\Application Data\Thunderbird
2008-04-10 15:34:09 0 d-------- C:\Program Files\Mozilla Thunderbird
2008-04-10 15:14:14 12928 --a------ C:\WINDOWS\system32\drivers\filedisk.sys <Not Verified; Bo Brantén; filedisk>
2008-04-10 15:14:07 0 d-------- C:\Program Files\WinImage
2008-04-10 14:55:46 0 d-------- C:\Documents and Settings\Owner\Application Data\InfraRecorder
2008-04-09 18:26:30 0 d-------- C:\Program Files\Common Files\Motorola Shared
2008-04-09 18:25:15 5936 --a------ C:\WINDOWS\system32\drivers\mqdmwh.sys <Not Verified; MCCI; Motorola DM Composite Driver>
2008-04-09 18:25:15 6208 --a------ C:\WINDOWS\system32\drivers\mqdmcm.sys <Not Verified; MCCI; Motorola USB DIAG>
2008-04-09 18:25:15 5936 --a------ C:\Documents and Settings\Owner\mqdmwhnt.sys <Not Verified; MCCI; Motorola DM Composite Driver>
2008-04-09 18:25:15 79328 --a------ C:\Documents and Settings\Owner\mqdmserd.sys <Not Verified; MCCI; Motorola USB Diag>
2008-04-09 18:25:15 92064 --a------ C:\Documents and Settings\Owner\mqdmmdm.sys <Not Verified; MCCI; Motorola USB Modem>
2008-04-09 18:25:15 9232 --a------ C:\Documents and Settings\Owner\mqdmmdfl.sys <Not Verified; MCCI; Motorola USB Modem Filter>
2008-04-09 18:25:15 4048 --a------ C:\Documents and Settings\Owner\mqdmcr.sys <Not Verified; MCCI; Motorola USB DIAG>
2008-04-09 18:25:15 6208 --a------ C:\Documents and Settings\Owner\mqdmcmnt.sys <Not Verified; MCCI; Motorola USB DIAG>
2008-04-09 18:25:15 66656 --a------ C:\Documents and Settings\Owner\mqdmbus.sys <Not Verified; MCCI; Motorola DM Composite Driver>
2008-04-09 18:25:14 6947 --a------ C:\Documents and Settings\Owner\1207779914-(null)
2008-04-09 17:43:44 22768 --a------ C:\Documents and Settings\Owner\usbsermpt.sys <Not Verified; Microsoft Corporation; Microsoft® Windows ® 2000 Operating System>
2008-04-07 22:08:22 0 d-------- C:\Program Files\DivX
2008-04-07 17:51:27 54356 --ah----- C:\WINDOWS\system32\mlfcache.dat
2008-04-07 17:16:03 0 d-------- C:\Program Files\MSBuild
2008-04-07 17:11:44 0 d-------- C:\WINDOWS\system32\XPSViewer
2008-04-07 17:11:12 0 d-------- C:\Program Files\Reference Assemblies
2008-04-07 17:10:12 0 d-------- C:\6d56f5267322cc7720fc22c557fc
2008-04-07 17:10:09 0 d-------- C:\Program Files\MSXML 6.0
2008-04-07 16:36:35 55039 --a------ C:\WINDOWS\BricoPackUninst.cmd
2008-04-07 16:33:42 6114 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd
2008-04-07 16:33:19 0 d-------- C:\WINDOWS\BricoPacks
2008-04-07 16:22:12 0 d-------- C:\Program Files\Safari
2008-04-07 16:20:22 0 d-------- C:\Program Files\iPod
2008-04-07 16:20:09 0 d-------- C:\Program Files\iTunes
2008-04-07 16:18:53 0 d-------- C:\Program Files\QuickTime
2008-04-03 19:01:49 0 d-------- C:\Program Files\MSXML 4.0
2008-04-03 19:00:08 0 d-------- C:\Program Files\Microsoft Games
2008-03-31 20:41:26 0 d-------- C:\temp
2008-03-31 20:37:34 0 d-------- C:\Program Files\Sony
2008-03-31 17:25:48 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2008-03-31 17:25:48 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2008-03-31 17:25:46 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-03-31 17:25:46 831488 --a------ C:\WINDOWS\system32\divx_xx0a.dll
2008-03-31 17:25:46 682496 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2008-03-30 21:33:42 0 d-------- C:\Program Files\MSN Messenger
2008-03-30 18:11:11 0 d-------- C:\Documents and Settings\Owner\Application Data\Leadertech
2008-03-28 20:03:50 0 d-------- C:\WINDOWS\Cache
2008-03-28 20:03:20 159744 --a------ C:\WINDOWS\system32\xvidvfw.dll
2008-03-28 20:03:20 552960 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-03-28 20:03:20 8704 --a------ C:\WINDOWS\system32\vidccleaner.exe <Not Verified; ; vidccleaner Application>
2008-03-28 20:03:02 217088 --a------ C:\WINDOWS\system32\skjpeg40.dll <Not Verified; STOIK Software; STOIK Software skjpeg>
2008-03-28 20:03:01 83968 --a------ C:\WINDOWS\system32\Skbase40.dll <Not Verified; STOIK Software Ltd.; STOIK Software Ltd. skbase>
2008-03-28 20:03:00 0 d-------- C:\Program Files\Samsung
2008-03-28 00:28:34 0 d-------- C:\Documents and Settings\Guest\Application Data\MSNInstaller
2008-03-28 00:28:34 0 d-------- C:\Documents and Settings\Guest\Application Data\MSN6
2008-03-28 00:04:55 0 d-------- C:\Documents and Settings\Guest\Application Data\Motive
2008-03-27 12:45:06 0 d-------- C:\Documents and Settings\Owner\Application Data\Motive
2008-03-27 12:31:19 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar
2008-03-27 12:31:12 0 d-------- C:\Program Files\Windows Live Toolbar
2008-03-27 11:55:56 0 d-------- C:\Documents and Settings\All Users\Application Data\Motive
2008-03-27 11:55:49 0 d-------- C:\Program Files\Common Files\Motive
2008-03-27 11:55:30 0 d-------- C:\Program Files\Verizon
2008-03-25 23:48:38 0 d-------- C:\Documents and Settings\Guest\Application Data\alot
2008-03-24 19:22:58 0 d-------- C:\Documents and Settings\Owner\Application Data\Template
2008-03-24 19:22:56 448 --a------ C:\Documents and Settings\Owner\Application Data\wklnhst.dat


-- Find3M Report ---------------------------------------------------------------

2008-04-22 14:27:17 0 d-------- C:\Documents and Settings\Owner\Application Data\LimeWire
2008-04-21 22:42:14 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-04-21 22:32:44 0 d-------- C:\Program Files\Common Files
2008-04-21 00:21:22 0 d-------- C:\Program Files\Norton Security Scan
2008-04-20 23:33:11 0 d-------- C:\Program Files\Movie Maker
2008-04-20 23:06:43 0 d-------- C:\Program Files\Java
2008-04-20 20:22:08 0 d-------- C:\Program Files\Symantec
2008-04-20 19:04:22 0 d-------- C:\Program Files\Real
2008-04-20 19:03:23 0 d-------- C:\Program Files\Common Files\Real
2008-04-20 19:01:24 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-18 21:15:17 0 d-------- C:\Program Files\Microsoft Picture It! 10
2008-04-10 15:34:23 0 d-------- C:\Documents and Settings\Owner\Application Data\Mozilla
2008-04-07 17:31:20 67376 --a------ C:\WINDOWS\system32\GDIPFONTCACHEV1.DAT
2008-04-07 17:09:01 0 d-------- C:\Program Files\Windows Media Connect 2
2008-04-07 16:36:35 218624 --a------ C:\WINDOWS\system32\uxtheme.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-07 16:22:46 0 d-------- C:\Documents and Settings\Owner\Application Data\Apple Computer
2008-03-28 20:02:17 0 d-------- C:\Program Files\Common Files\InstallShield
2008-03-27 12:54:06 0 d-------- C:\Documents and Settings\Owner\Application Data\MSN6
2008-03-21 16:30:08 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-03-21 16:28:54 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-03-21 16:28:54 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-03-21 16:28:20 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2008-03-20 20:09:55 0 d-------- C:\Program Files\Windows Live Safety Center
2008-03-16 21:53:16 0 d-------- C:\Documents and Settings\Owner\Application Data\Adobe
2008-03-16 13:36:56 0 d-------- C:\Program Files\MSN Encarta Plus
2008-03-16 13:36:55 0 d-------- C:\Program Files\Messenger
2008-03-16 13:36:54 0 d-------- C:\Program Files\Microsoft Works
2008-03-12 18:39:50 0 d-------- C:\Program Files\Common Files\Adobe
2008-03-12 18:33:44 0 d-------- C:\Documents and Settings\Owner\Application Data\AdobeUM
2008-03-11 21:02:04 0 d-------- C:\Program Files\Microsoft.NET
2008-03-11 21:02:04 0 d-------- C:\Program Files\Common Files\ODBC
2008-03-10 21:03:10 0 d-------- C:\Documents and Settings\Owner\Application Data\Macromedia
2008-03-08 22:40:43 0 d-------- C:\Program Files\Common Files\Digi506
2008-03-08 18:45:47 0 d-------- C:\Documents and Settings\Owner\Application Data\MSNInstaller
2008-03-08 18:23:07 0 d-------- C:\Documents and Settings\Owner\Application Data\Google
2008-03-08 17:29:36 0 d-------- C:\Program Files\Napster
2008-03-08 17:28:32 0 d-------- C:\Program Files\Common Files\Nullsoft
2008-03-08 17:28:30 0 d-------- C:\Program Files\Common Files\AOL
2008-03-06 17:17:46 0 d-------- C:\Documents and Settings\Owner\Application Data\Roxio
2008-03-06 01:02:15 0 d-------- C:\Program Files\Common Files\Logitech
2008-03-06 01:02:13 0 d-------- C:\Program Files\Logitech
2008-03-06 00:58:28 0 d-------- C:\Program Files\Windows Media Components
2008-03-05 01:16:23 0 d-------- C:\Program Files\America Online 9.0
2008-03-04 23:56:02 0 d-------- C:\Program Files\18 Wheels of Steel Haulin
2008-03-04 23:11:25 0 d-------- C:\Documents and Settings\Owner\Application Data\Viewpoint
2008-03-04 17:11:32 0 d-------- C:\Program Files\MSECache
2008-03-04 12:00:30 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-03-03 22:33:20 0 d-------- C:\Program Files\Canon
2008-03-03 21:36:20 0 d-------- C:\Program Files\Microsoft Office Outlook Connector for MSN
2008-03-03 21:35:56 0 d-------- C:\Program Files\Design Science
2008-03-03 20:16:39 0 d-------- C:\Program Files\Windows Live
2008-03-03 20:16:05 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-03-03 17:25:04 0 d-------- C:\Program Files\Apple Software Update
2008-03-03 17:24:44 0 d-------- C:\Program Files\Common Files\Apple
2008-03-03 17:13:57 0 d-------- C:\Program Files\Yahoo!
2008-03-03 17:12:00 0 d-------- C:\Program Files\Google
2008-03-03 16:32:59 0 d-------- C:\Documents and Settings\Owner\Application Data\acccore
2008-03-03 16:32:32 0 d-------- C:\Program Files\AIM6
2008-03-03 16:31:15 0 d-------- C:\Program Files\Viewpoint
2008-03-03 15:41:27 73728 --a------ C:\WINDOWS\ALCFDRTM.EXE <Not Verified; Realtek Semiconductor Corp.; Realtek ALCFDRTM>
2008-03-03 03:26:12 0 d-------- C:\Documents and Settings\Owner\Application Data\SampleView
2008-03-03 03:24:58 0 d-------- C:\Program Files\Realtek
2008-03-03 03:24:28 0 d-------- C:\Program Files\CyberLink
2008-03-03 03:24:20 0 d-------- C:\Program Files\Microsoft Money 2005
2008-03-03 03:23:28 0 d-------- C:\Program Files\Common Files\Roxio Shared
2008-03-03 03:19:37 0 d-------- C:\Program Files\BigFix
2008-03-03 03:19:26 0 d-------- C:\Program Files\Ahead
2008-03-03 03:19:01 0 d-------- C:\Program Files\Common Files\Ahead
2008-03-03 03:17:45 335 --a------ C:\WINDOWS\nsreg.dat
2008-03-03 03:17:15 0 d-------- C:\Program Files\Intel
2008-03-03 03:15:28 0 d-------- C:\Program Files\Digital Media Reader
2008-03-03 03:14:52 0 d-------- C:\Program Files\Common Files\New Boundary
2008-03-03 03:11:49 2 -r-hs---- C:\USER
2008-03-03 03:10:06 0 d-------- C:\Program Files\CONEXANT
2008-03-03 03:07:30 60 --a------ C:\WINDOWS\system32\SYSDRV.DAT


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0D428C81-C7B2-4F49-A33D-D50AAF60259C}]
C:\WINDOWS\system32\yayyXrRH.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [03/28/2008 11:37 PM]
"Mixersel"="C:\Program Files\Realtek\InstallShield\mixersel.exe" [11/10/2003 10:23 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 10:16 PM]
"Reminder"="%WINDIR%\Creator\Remind_XP.exe" []
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [12/01/2004 04:00 PM]
"ShowWnd"="ShowWnd.exe" [09/19/2003 01:09 PM C:\WINDOWS\ShowWnd.exe]
"LogitechImageStudioTray"="C:\Program Files\Logitech\ImageStudio\LogiTray.exe" [12/10/2002 07:31 PM]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [07/09/2001 03:50 PM]
"AlcWzrd"="ALCWZRD.EXE" [10/21/2004 10:44 PM C:\WINDOWS\ALCWZRD.EXE]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [08/05/2005 02:56 PM]
"Recguard"="%WINDIR%\SMINST\RECGUARD.EXE" []
"CHotkey"="zHotkey.exe" [05/17/2004 10:30 PM C:\WINDOWS\zHotkey.exe]
"SunKistEM"="C:\Program Files\Digital Media Reader\shwiconem.exe" [11/15/2004 07:04 PM]
"LVCOMS"="C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE" [12/10/2002 06:54 PM]
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" [08/12/2004 09:45 PM C:\WINDOWS\system32\Hdaudpropshortcut.exe]
"LogitechGalleryRepair"="C:\Program Files\Logitech\ImageStudio\ISStart.exe" [12/10/2002 07:32 PM]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [11/01/2007 07:12 PM]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6172\SiteAdv.exe" [08/24/2007 05:57 PM]
"Verizon_McciTrayApp"="C:\Program Files\Verizon\McciTrayApp.exe" [03/11/2007 05:37 PM]
"SoundMan"="SOUNDMAN.EXE" [10/21/2004 07:20 PM C:\WINDOWS\SOUNDMAN.EXE]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [12/01/2004 03:55 PM]
"zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [03/18/2004 10:33 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [03/30/2008 10:36 AM]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [02/04/2002 10:32 PM]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [11/03/2004 12:24 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/10/2004 03:00 PM]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [10/18/2007 11:34 AM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [04/23/2008 06:36 PM]

C:\Documents and Settings\Owner\Start Menu\Programs\Startup\
Yahoo! Widgets.lnk - C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe [12/11/2007 6:34:48 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
BigFix.lnk - C:\Program Files\BigFix\BigFix.exe [3/3/2008 3:19:37 AM]
Exif Launcher.lnk - C:\Program Files\FinePixViewer\QuickDCF.exe [4/14/2008 12:36:39 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{18642bf6-ec8f-11dc-9cb2-0013204f03da}]
AutoRun\command- L:\setupSNK.exe




-- End of Deckard's System Scanner: finished at 2008-04-23 23:18:36 ------------


So far no popups. I'm keeping my fingers crossed that they are gone for good!
Thanks so much for you help Sam!!!!

Edited by AndresParra, 23 April 2008 - 10:28 PM.


#8 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:06:22 PM

Posted 24 April 2008 - 08:49 AM

It looks like we got most of it, but there was a rootkit involved, so we're going to want to want to run a virus scan to be sure.

Copy and paste ALL the following text in the Quote box below into Notepad.
Click on File(in the menu at the top)>Save as../Save as Type: 'All Files' /File name: CFScript to your desktop.

Folder::
C:\temp\berDrv11

Dirlook::
C:\Documents and Settings\Owner\!

File::
C:\WINDOWS\system32\oyeeslkb.ini
C:\WINDOWS\system32\mysidesearch_sidebar_uninstall.exe
C:\WINDOWS\system32\drivers\core.cache.dsk

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0D428C81-C7B2-4F49-A33D-D50AAF60259C}]
Prior to running Combofix.exe you should disable your antivirus program and disconnect from the internet.

Now drag then drop the CFScript file onto ComboFix.exe as seen in the image below.

Posted Image

This will start ComboFix again.
After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.


===================



Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#9 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:06:22 PM

Posted 19 May 2008 - 07:56 AM

Unfortunately there has been no response. :thumbsup:
This thread will now be closed.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users