Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Rundll32.exe missing qlpmakrl.dll


  • This topic is locked This topic is locked
20 replies to this topic

#1 SNG

SNG

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:16 PM

Posted 03 November 2008 - 09:20 PM

Here is the log from Hijackthis as requested by Atri: (FYI, I have unchecked that RUNDLL32.exe in MSCONFIG in the startup programs and computer was running without that in startup when I created this log).

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:07, on 2008-11-03
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\NavNT\vptray.exe
C:\WINDOWS\System32\hphmon04.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Logitech\Video\CameraAssistant.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\ISS\issSensors\DesktopProtection\blackd.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {75ABCF92-9764-4DFA-A83F-5142C3905052} - C:\WINDOWS\system32\nnnoOeDs.dll (file missing)
O2 - BHO: (no name) - {9CB1B50A-EB1B-44DF-A466-245BF3DF271B} - C:\WINDOWS\system32\efcDsqrP.dll (file missing)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\System32\hphmon04.exe
O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Facegame] "C:\Documents and Settings\Sri\Application Data\Facegame\Facegame.exe" 61A847B5BBF72813338B2B27128065E9C084320161C4661227A755E9C2933154389A
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe" -quiet (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe" -quiet (User 'Default user')
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by109w.bay109.mail.live.com/mail/re...es/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1095429468631
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://www.samsphotoclub.com/upload/FujifilmUploadClient.cab
O20 - Winlogon Notify: nnnoOeDs - nnnoOeDs.dll (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BlackICE - Internet Security Systems, Inc. - C:\Program Files\ISS\issSensors\DesktopProtection\blackd.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: NAVRoam - symantec - C:\PROGRA~1\NavNT\NAVRoam.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\System32\HPHipm11.exe
O23 - Service: RapApp - Internet Security Systems, Inc. - C:\Program Files\ISS\issSensors\DesktopProtection\RapApp.exe

--
End of file - 7680 bytes

Edited by SNG, 03 November 2008 - 09:23 PM.


BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:05:16 PM

Posted 04 November 2008 - 05:24 PM

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. :thumbsup:



Please download ComboFix from one of these locations:

Link 1
Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 SNG

SNG
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:16 PM

Posted 04 November 2008 - 07:10 PM

Sam, Thank you.

I ran Combofix as per instruction. It froze after completing Stage50 with the nessage:

' "C:\Windows\system32\''' is not recognized as an internal or external command, operable program or batch file.

I have waited half an hour.

Also, please note while running through stage 50 there were no other messages with combo window, but outside on the screen I gor the following prompt twice:

Are you sure you want to close Quick Assistant? Note: you can restore the quick assistant from the logitech tray in the logitech camera set up.

I answered Yes both times.

Also, FYI I still have RUNDLL disabled in the startup as I previously advised. Spybot and Adaware were closed, nothing was open on the task bar (only icon there was NAV)

Please advise what I should now. Thanks FYI, Just in case I do not reply quickly, I am out during the day time.

Edited by SNG, 04 November 2008 - 07:15 PM.


#4 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:05:16 PM

Posted 05 November 2008 - 07:09 AM

Reboot your computer.
Rename combofix.exe to cf.exe
Then run it again.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#5 SNG

SNG
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:16 PM

Posted 05 November 2008 - 07:40 PM

Sam,

I did that. When I click on CF, it comes up for requesting to RUN, I click on that. It comes up with COMBOFIX small bar that runs through all green and then refreshes the screen and nothing happens after that.

If I click on CF (on desktop) again without rebooting, it runs through as yesterday but then comes back with same message as yesterday and stops. I am puzzled.

FYI, quick assistant messages still come up and the last one comes just before the bad command message shows up in the AUTORUN stats. If you want, I could remove camera programs using control panel.

Thanks, looking forward to your advice.

#6 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:05:16 PM

Posted 06 November 2008 - 10:16 AM

Let's go a different route.


Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Finally paste the contents of the Report.txt back here in your next reply.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#7 SNG

SNG
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:16 PM

Posted 07 November 2008 - 09:02 AM

Sam,

Here is the log from SDFIX. Please note I checked startups in MSCONFIG after this, the entry for qlpmakrl with RUNDLL.exe that I had disabled is still there and still disabled and HKCU: Run: [facegame] "c:documents and settings\sri\application\facegame\facegame.exe entry in registry may still be there (I think


SDFix: Version 1.240
Run by Administrator on Fri 11/07/2008 at 08:24 AM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\sdfix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

Trojan Files Found:

C:\WINDOWS\system32\drivers\etc\hosts.bho - Deleted





Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-07 08:37:27
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
"DeviceNotSelectedTimeout"="15"
"GDIProcessHandleQuota"=dword:00002710
"Spooler"="yes"
"swapdisk"=""
"TransmissionRetryTimeout"="90"
"USERProcessHandleQuota"=dword:00002710

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\WINDOWS\\SYSTEM32\\fxsclnt.exe"="C:\\WINDOWS\\SYSTEM32\\fxsclnt.exe:*:Enabled:Microsoft Fax Console"
"C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\WINDOWS\\SYSTEM32\\CIMSVR.exe"="C:\\WINDOWS\\SYSTEM32\\CIMSVR.exe:*:Enabled:Logitech IM Video Companion Server"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Lavasoft\\Ad-Aware SE Personal\\Ad-Aware.exe"="C:\\Program Files\\Lavasoft\\Ad-Aware SE Personal\\Ad-Aware.exe:*:Enabled:Ad-Aware SE Personal"
"C:\\Program Files\\Logitech\\IM Video Companion\\VideoIM.exe"="C:\\Program Files\\Logitech\\IM Video Companion\\VideoIM.exe:*:Enabled:Logitech IM Video Companion"
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe:*:Enabled:backWeb-8876480"
"C:\\Program Files\\Logitech\\VideoCall\\VideoCall.exe"="C:\\Program Files\\Logitech\\VideoCall\\VideoCall.exe:*:Disabled:videocall.exe"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

Remaining Files :


File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Tue 30 May 2006 61,952 A..H. --- "C:\Program Files\MSN\msnupdate!@#@.exe"
Tue 30 May 2006 308,224 A..H. --- "C:\Program Files\MSN\txsrvc.dll"
Tue 30 May 2006 302,592 A..H. --- "C:\Program Files\MSN\unicows.dll"
Mon 14 Apr 2008 60,416 A.SH. --- "C:\Program Files\Outlook Express\msimn.exe"
Mon 15 Sep 2008 1,562,960 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDHelper.dll"
Mon 7 Jul 2008 1,429,840 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
Mon 7 Jul 2008 4,891,472 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
Tue 16 Sep 2008 1,833,296 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
Fri 20 Oct 2006 121,344 A..H. --- "C:\Documents and Settings\Sri\Application Data\MSN6\msnupdate!@#@.exe"

Finished!

#8 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:05:16 PM

Posted 07 November 2008 - 09:12 AM

For this next step you will need to disable Spybot's Teatimer or it will interfere with Hijackthis.
  • Open Spybot Search & Destroy.
  • In the Mode menu click "Advanced mode" if not already selected.
  • Choose "Yes" at the Warning prompt.
  • Expand the "Tools" menu.
  • Click "Resident".
  • Uncheck the "Resident "TeaTimer" (Protection of overall system settings) active." box.
  • In the File menu click "Exit" to exit Spybot Search & Destroy.

Run Hijackthis again, click scan, and Put a checkmark next to each of the lines listed below. Then close all other windows--you should only see HijackThis on your Desktop--and click the Fix Checked button.

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {75ABCF92-9764-4DFA-A83F-5142C3905052} - C:\WINDOWS\system32\nnnoOeDs.dll (file missing)
O2 - BHO: (no name) - {9CB1B50A-EB1B-44DF-A466-245BF3DF271B} - C:\WINDOWS\system32\efcDsqrP.dll (file missing)
O4 - HKCU\..\Run: [Facegame] "C:\Documents and Settings\Sri\Application Data\Facegame\Facegame.exe" 61A847B5BBF72813338B2B27128065E9C084320161C4661227A755E9C2933154389A
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O20 - Winlogon Notify: nnnoOeDs - nnnoOeDs.dll (file missing)



=================


Please download random's system information tool (RSIT) and save it to your desktop.
  • Double click on RSIT.exe to run it.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#9 SNG

SNG
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:16 PM

Posted 07 November 2008 - 10:45 AM

Thanks.


First when checking items indicated, facegame entry does not exist. i did all others and completed fix in spybot. when i ran RSIT, it came up with an error bos;

Autolt error

line-1 error
:variable used without being declared



let me know next steps. thanks

#10 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:05:16 PM

Posted 07 November 2008 - 11:08 AM

Let's try this one.
  • Please download OTViewIt by OldTimer to your desktop.
  • Double click on the OTViewIt.exe icon on your desktop.
  • Check the Scan All Users checkbox and leave Use Whitelist checked. Set the File Age to 30 days.
  • Click on the Run Scan button. Two reports that are located in the same location as OTViewIt will open.OTViewIt.txt <-- Will be opened
    Extra.txt <-- Will be minimized
Copy and Paste the logs into your next reply.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#11 SNG

SNG
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:16 PM

Posted 07 November 2008 - 11:31 AM

I ran it again, this is what I got,

:info.txt logfile of random's system information tool 1.04 2008-11-07 10:41:10

======Uninstall list======

-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->C:\WINDOWS\UNINST.EXE -f"C:\Program Files\Adobe\Photoshop 5.0\DeIsL1.isu" -c"C:\Program Files\Adobe\Photoshop 5.0\Uninst.dll"
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player 9 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Reader 7.1.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A71000000002}
Apple Mobile Device Support-->MsiExec.exe /I{8FC46258-0843-4D79-B7F0-F2B82FE6173B}
BCM V.92 56K Modem-->C:\WINDOWS\BCMSMU.exe quiet
Bridge Baron 14-->MsiExec.exe /X{96D9AEF8-8BBB-4C90-8A73-246D413755DF}
Broadcom Advanced Control Suite-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{468190DA-FB4C-45BA-8E40-4B165FF1A939} /l1033
Canon Camera Window for ZoomBrowser EX-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{570B96D1-70D3-4B48-93EF-029440FA1BCE}
Canon Utilities ZoomBrowser EX-->MsiExec.exe /X{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}
Classic PhoneTools-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E3436EE2-D5CB-4249-840B-3A0140CC34C3}\setup.exe" -l0x9 ControlPanel
Digital Line Detect-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
DVDSentry-->MsiExec.exe /I{98DF85D9-96C0-4F57-A92E-C3539477EF5E}
Easy CD Creator 5 Basic-->MsiExec.exe /I{609F7AC8-C510-11D4-A788-009027ABA5D0}
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HP Photo and Imaging 1.0 - HP Photosmart Printer Series-->MsiExec.exe /I{0D396571-7BBD-44CE-ABB3-518BF86B72F7}
ImageMixer for HDD Camcorder-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{44E5B47F-870E-4E38-A458-8A5FC4DCFECF}\setup.exe" -l0x9 UNINSTALL -removeonly
Intel® Extreme Graphics Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2562
iPod for Windows 2005-02-22-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{B6ACFF51-248A-4290-B50B-E50C81F25B97} /l1033
iTunes-->MsiExec.exe /I{85B90D8C-70F3-4E84-BD31-5E9489C0F9FB}
LiveUpdate 1.7 (Symantec Corporation)-->C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Logitech QuickCam Software-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C191BE7C-8542-4A61-973A-714EF76C5995}\setup.exe" -l0x9
Logitech® Camera Driver-->"C:\Program Files\Common Files\Logitech\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT
Microsoft .NET Framework (English) v1.0.3705-->C:\WINDOWS\Microsoft.NET\Framework\Install.exe /u /p Microsoft .NET Framework Full v1.0.3705 (1033)
Microsoft .NET Framework (English)-->MsiExec.exe /X{B43357AA-3A6D-4D94-B56E-43C44D09E548}
Microsoft .NET Framework 1.0 Hotfix (KB928367)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Updates\M928367\M928367Uninstall.msp"
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft Data Access Components KB870669-->C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office 2000 Premium-->MsiExec.exe /I{00000409-78E1-11D2-B60F-006097C998E7}
MioMore Desktop 2008-->C:\Program Files\InstallShield Installation Information\{7617FC2E-EA1B-4F07-A0F5-5D5F437CB32D}\Setup.exe -runfromtemp -l0x0009 -removeonly
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
Musicmatch® Jukebox-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8EF1122E-E90C-4EE9-AB0C-7FDE2BA42C26}\setup.exe" -l0x9 -uninst
neoDVDstandard-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{D1AD7439-FBCA-4345-A780-2A5617EBA9DE} /l1033
Nero Digital-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
Nero OEM-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
Norton AntiVirus Corporate Edition-->MsiExec.exe /I{BD12EB47-DBDF-11D3-BEEA-00A0CC272509}
Oubliette 1.9.5-->"C:\Program Files\Oubliette\unins000.exe"
Photosmart Printer 130,230,7150,7350,7550 (Remove only)-->C:\Program Files\HP Photosmart 11\Printer\hphuni04.exe
PL-2303 USB-to-Serial-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}\Setup.exe" -l0x9 Installed
SafeCast Shared Components-->C:\WINDOWS\CDAC13BA.EXE /uninstall
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Time Zone Data Update Tool for Microsoft Office Outlook-->MsiExec.exe /X{95120000-0038-0409-0000-0000000FF1CE}
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Window Search-->C:\DOCUME~1\Sri\APPLIC~1\lyblecrz.exe -UnIst
Windows Defender-->MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Genuine Advantage v1.3.0254.0-->MsiExec.exe /I{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}
Windows Live installer-->MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Mail-->MsiExec.exe /I{184E7118-0295-43C4-B72C-1D54AA75AAF7}
Windows Live Messenger-->MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Sign-in Assistant-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"

=====HijackThis Backups=====

O2 - BHO: (no name) - {9CB1B50A-EB1B-44DF-A466-245BF3DF271B} - C:\WINDOWS\system32\efcDsqrP.dll (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O20 - Winlogon Notify: nnnoOeDs - C:\WINDOWS\
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: (no name) - {75ABCF92-9764-4DFA-A83F-5142C3905052} - (no file)

Hosts File Missing


Logfile of random's system information tool 1.04 (written by random/random)
Run by Sri at 2008-11-07 11:27:09
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 8 GB (21%) free of 39 GB
Total RAM: 254 MB (31% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:27, on 2008-11-07
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\ISS\issSensors\DesktopProtection\blackd.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\NavNT\vptray.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\WINDOWS\System32\hphmon04.exe
C:\WINDOWS\System32\HPHipm11.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Logitech\Video\CameraAssistant.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Sri\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Sri.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\System32\hphmon04.exe
O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe" -quiet (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe" -quiet (User 'Default user')
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by109w.bay109.mail.live.com/mail/re...es/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1095429468631
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://www.samsphotoclub.com/upload/FujifilmUploadClient.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BlackICE - Internet Security Systems, Inc. - C:\Program Files\ISS\issSensors\DesktopProtection\blackd.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: NAVRoam - symantec - C:\PROGRA~1\NavNT\NAVRoam.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\System32\HPHipm11.exe
O23 - Service: RapApp - Internet Security Systems, Inc. - C:\Program Files\ISS\issSensors\DesktopProtection\RapApp.exe

--
End of file - 6864 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\MP Scheduled Scan.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2005-10-19 155648]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2005-10-19 126976]
"DVDSentry"=C:\WINDOWS\System32\DSentry.exe [2002-08-15 28672]
"vptray"=C:\Program Files\NavNT\vptray.exe [2002-06-03 73728]
"HPDJ Taskbar Utility"=C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe [2002-04-04 188416]
"HPHmon04"=C:\WINDOWS\System32\hphmon04.exe [2002-04-04 335872]
"HPHUPD04"=C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe [2002-04-04 49152]
"Share-to-Web Namespace Daemon"=C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe [2002-04-11 69632]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2006-01-12 155648]
"mmtask"=C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe [2005-03-15 53248]
"LogitechCameraService(E)"=C:\WINDOWS\system32\ElkCtrl.exe [2004-11-01 262144]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe []
"Microsoft Works Update Detection"=C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe []
"BCMSMMSG"=C:\WINDOWS\BCMSMMSG.exe [2003-08-29 122880]
"LVCOMSX"=C:\WINDOWS\system32\LVCOMSX.EXE [2005-12-09 225280]
"LVCOMS"=C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE [2002-12-10 127022]
"LogitechVideo[inspector]"=C:\Program Files\Logitech\Video\InstallHelper.exe [2005-12-07 73728]
"LogitechCameraAssistant"=C:\Program Files\Logitech\Video\CameraAssistant.exe [2005-12-07 489472]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2007-06-28 270648]
"AdaptecDirectCD"=C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe [2006-11-18 684032]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"WebCamRT.exe"= []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\d8bb1681]
C:\WINDOWS\system32\qlpmakrl.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2005-10-19 348160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
C:\WINDOWS\System32\NavLogon.dll [2002-06-03 45056]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PSEXESVC]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=
"NoDrives"=
"NoDriveAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\SYSTEM32\fxsclnt.exe"="C:\WINDOWS\SYSTEM32\fxsclnt.exe:*:Enabled:Microsoft Fax Console"
"C:\Program Files\Yahoo!\Messenger\YPager.exe"="C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\WINDOWS\SYSTEM32\CIMSVR.exe"="C:\WINDOWS\SYSTEM32\CIMSVR.exe:*:Enabled:Logitech IM Video Companion Server"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"="C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe:*:Enabled:Ad-Aware SE Personal"
"C:\Program Files\Logitech\IM Video Companion\VideoIM.exe"="C:\Program Files\Logitech\IM Video Companion\VideoIM.exe:*:Enabled:Logitech IM Video Companion"
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe:*:Enabled:backWeb-8876480"
"C:\Program Files\Logitech\VideoCall\VideoCall.exe"="C:\Program Files\Logitech\VideoCall\VideoCall.exe:*:Disabled:videocall.exe"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

======List of files/folders created in the last 1 months======

2008-11-07 10:40:34 ----D---- C:\rsit
2008-11-07 08:20:50 ----D---- C:\WINDOWS\ERUNT
2008-11-07 08:11:55 ----D---- C:\SDFix
2008-11-05 19:31:27 ----A---- C:\WINDOWS\system32\cmd.execf
2008-11-05 19:29:47 ----D---- C:\32788R22FWJFW
2008-11-05 19:23:13 ----D---- C:\WINDOWS\temp
2008-11-05 19:15:49 ----D---- C:\cf
2008-11-05 19:15:46 ----A---- C:\WINDOWS\system32\CF8449.exe
2008-11-05 18:46:16 ----A---- C:\WINDOWS\system32\CF2685.exe
2008-11-04 18:36:37 ----A---- C:\WINDOWS\system32\CF13538.exe
2008-11-03 21:06:07 ----D---- C:\Program Files\Trend Micro
2008-11-03 19:07:56 ----D---- C:\WINDOWS\pss
2008-11-02 13:38:23 ----A---- C:\WINDOWS\system32\CF13433.exe
2008-11-02 13:37:11 ----A---- C:\WINDOWS\system32\CF13149.exe
2008-11-02 13:35:37 ----A---- C:\WINDOWS\system32\CF12744.exe
2008-11-02 13:06:06 ----A---- C:\Boot.bak
2008-11-02 13:05:51 ----D---- C:\cmdcons
2008-11-02 12:59:33 ----A---- C:\WINDOWS\zip.exe
2008-11-02 12:59:33 ----A---- C:\WINDOWS\SWREG.exe
2008-11-02 12:59:33 ----A---- C:\WINDOWS\sed.exe
2008-11-02 12:59:33 ----A---- C:\WINDOWS\NIRCMD.exe
2008-11-02 12:59:33 ----A---- C:\WINDOWS\grep.exe
2008-11-02 12:59:33 ----A---- C:\WINDOWS\fdsv.exe
2008-11-02 12:59:32 ----A---- C:\WINDOWS\VFIND.exe
2008-11-02 12:59:32 ----A---- C:\WINDOWS\SWSC.exe
2008-11-02 12:59:31 ----A---- C:\WINDOWS\SWXCACLS.exe
2008-11-02 12:59:03 ----D---- C:\WINDOWS\ERDNT
2008-11-02 12:59:02 ----D---- C:\Qoobox
2008-11-02 12:58:57 ----A---- C:\WINDOWS\system32\CF5667.exe
2008-11-02 12:24:02 ----A---- C:\WINDOWS\ModemLog_BCM V.92 56K Modem.txt
2008-11-02 12:16:08 ----A---- C:\WINDOWS\system32\tmp.txt
2008-11-02 12:15:37 ----A---- C:\rapport.txt
2008-11-02 12:00:42 ----A---- C:\WINDOWS\system32\WS2Fix.exe
2008-11-02 12:00:42 ----A---- C:\WINDOWS\system32\VCCLSID.exe
2008-11-02 12:00:42 ----A---- C:\WINDOWS\system32\VACFix.exe
2008-11-02 12:00:42 ----A---- C:\WINDOWS\system32\o4Patch.exe
2008-11-02 12:00:42 ----A---- C:\WINDOWS\system32\IEDFix.exe
2008-11-02 12:00:42 ----A---- C:\WINDOWS\system32\IEDFix.C.exe
2008-11-02 12:00:42 ----A---- C:\WINDOWS\system32\dumphive.exe
2008-11-02 12:00:42 ----A---- C:\WINDOWS\system32\AntiXPVSTFix.exe
2008-11-02 12:00:42 ----A---- C:\WINDOWS\system32\404Fix.exe
2008-11-02 12:00:41 ----A---- C:\WINDOWS\system32\swsc.exe
2008-11-02 12:00:41 ----A---- C:\WINDOWS\system32\SrchSTS.exe
2008-11-02 11:09:46 ----A---- C:\WINDOWS\system32\d398d2ff-.txt
2008-10-24 16:47:22 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-10-20 20:02:31 ----D---- C:\Program Files\Windows Defender
2008-10-14 22:15:27 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-10-14 22:15:13 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-10-14 22:15:00 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-10-14 22:13:49 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-10-14 22:13:27 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$

======List of files/folders modified in the last 1 months======

2008-11-07 10:40:49 ----D---- C:\WINDOWS\Prefetch
2008-11-07 08:45:15 ----RSHD---- C:\WINDOWS\system32\DLLCACHE
2008-11-07 08:35:55 ----D---- C:\WINDOWS\system32\CatRoot2
2008-11-07 08:34:27 ----SD---- C:\WINDOWS\Tasks
2008-11-07 08:23:43 ----A---- C:\WINDOWS\ntbtlog.txt
2008-11-07 08:20:50 ----D---- C:\WINDOWS
2008-11-07 08:17:27 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-11-05 19:31:27 ----D---- C:\WINDOWS\SYSTEM32
2008-11-05 19:21:49 ----D---- C:\WINDOWS\system32\DRIVERS
2008-11-05 19:21:48 ----D---- C:\WINDOWS\AppPatch
2008-11-05 19:21:48 ----D---- C:\Program Files\Common Files
2008-11-03 21:06:07 ----AD---- C:\Program Files
2008-11-03 20:01:08 ----RASH---- C:\BOOT.INI
2008-11-03 20:01:08 ----A---- C:\WINDOWS\WIN.INI
2008-11-03 20:01:08 ----A---- C:\WINDOWS\SYSTEM.INI
2008-11-02 16:28:34 ----D---- C:\Program Files\NavNT
2008-11-02 15:11:13 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-02 13:33:26 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-11-02 12:29:59 ----D---- C:\WINDOWS\system32\CatRoot
2008-11-02 11:33:54 ----SHD---- C:\WINDOWS\Installer
2008-11-02 11:29:54 ----D---- C:\Program Files\Symantec
2008-11-02 11:16:49 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-11-02 11:15:57 ----D---- C:\WINDOWS\Temporary Internet Files
2008-11-02 11:14:34 ----D---- C:\Temp
2008-11-02 08:59:26 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-10-24 16:47:35 ----HD---- C:\WINDOWS\INF
2008-10-24 16:46:33 ----HD---- C:\WINDOWS\$hf_mig$
2008-10-21 16:35:11 ----D---- C:\Program Files\Lavasoft
2008-10-21 16:35:07 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-10-21 16:34:57 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-10-20 20:02:31 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-10-19 17:57:43 ----D---- C:\WINDOWS\system32\FxsTmp
2008-10-15 11:34:24 ----A---- C:\WINDOWS\system32\netapi32.dll
2008-10-14 22:15:36 ----A---- C:\WINDOWS\imsins.BAK
2008-10-14 22:14:28 ----D---- C:\Program Files\Internet Explorer

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2004-10-07 35840]
R1 Cdr4_xp;Cdr4_xp; C:\WINDOWS\system32\drivers\Cdr4_xp.sys [2005-08-19 2432]
R1 Cdralw2k;Cdralw2k; C:\WINDOWS\system32\drivers\Cdralw2k.sys [2005-08-19 2560]
R1 omci;OMCI WDM Device Driver; C:\WINDOWS\System32\DRIVERS\omci.sys [2002-07-19 17153]
R1 pwd_2k;pwd_2k; C:\WINDOWS\system32\drivers\pwd_2k.sys [2006-11-18 144250]
R1 UdfReadr_xp;UdfReadr_xp; C:\WINDOWS\system32\drivers\UdfReadr_xp.sys [2006-11-18 206464]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2002-08-29 12032]
R2 CdaC15BA;CdaC15BA; \??\C:\WINDOWS\System32\drivers\CdaC15BA.SYS []
R2 NAVAPEL;NAVAPEL; \??\C:\Program Files\NavNT\NAVAPEL.SYS []
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2002-04-01 4816]
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\System32\DRIVERS\bcm4sbxp.sys [2003-01-15 42368]
R3 BCMModem;BCM V.92 56K Modem; C:\WINDOWS\System32\DRIVERS\BCMSM.sys [2003-08-29 1101696]
R3 Cap7134;TVFM 503 WDM Video Capture; C:\WINDOWS\System32\DRIVERS\Cap7134.sys [2004-01-02 428064]
R3 catchme;catchme; \??\C:\DOCUME~1\Sri\LOCALS~1\Temp\catchme.sys []
R3 Dot4 HPH11;Dot4 HPH11; C:\WINDOWS\System32\DRIVERS\hphid411.sys [2002-04-04 50800]
R3 Dot4Print HPH11;Print Class Driver for IEEE-1284.4 HPH11; C:\WINDOWS\System32\DRIVERS\hphipr11.sys [2002-04-04 16112]
R3 Dot4Storage HPH11;Storage Class Driver for IEEE-1284.4 (HPH11); C:\WINDOWS\System32\Drivers\hphs2k11.sys [2002-04-04 49956]
R3 Dot4Usb HPH11;Dot4Usb HPH11; C:\WINDOWS\System32\drivers\hphius11.sys [2002-04-04 18928]
R3 dvd_2K;dvd_2K; C:\WINDOWS\system32\drivers\dvd_2K.sys [2006-11-18 25930]
R3 GEARAspiWDM;GEAR CDRom Filter; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2006-09-19 15664]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 ialm;ialm; C:\WINDOWS\System32\DRIVERS\ialmnt5.sys [2005-10-19 807998]
R3 LVPrcMon;Logitech LVPrcMon Driver; \??\C:\WINDOWS\system32\drivers\LVPrcMon.sys []
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NAVAP;NAVAP; \??\C:\Program Files\NavNT\NAVAP.sys []
R3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20081102.004\NAVENG.sys []
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20081102.004\NAVEX15.sys []
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2002-08-05 545208]
R3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R4 black;black; C:\WINDOWS\System32\drivers\BlackDrv.sys [2005-03-29 229367]
S1 cdudf_xp;cdudf_xp; C:\WINDOWS\system32\drivers\cdudf_xp.sys [2006-11-18 241280]
S1 P3;Intel PentiumIII Processor Driver; C:\WINDOWS\System32\DRIVERS\p3.sys [2008-04-13 42752]
S3 {6080A529-897E-4629-A488-ABA0C29B635E};Intel® Graphics Platform (SoftBIOS) Driver; C:\WINDOWS\system32\drivers\ialmsbw.sys [2003-01-14 108736]
S3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91};Intel® Graphics Chipset (KCH) Driver; C:\WINDOWS\system32\drivers\ialmkchw.sys [2003-01-14 78272]
S3 BEL6001P;Belkin 11Mbps Wireless Desktop Adapter (F5D6001 V.2); C:\WINDOWS\System32\DRIVERS\BEL6001P.sys []
S3 Bridge;MAC Bridge; C:\WINDOWS\System32\DRIVERS\bridge.sys [2008-04-13 71552]
S3 BridgeMP;MAC Bridge Miniport; C:\WINDOWS\System32\DRIVERS\bridge.sys [2008-04-13 71552]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 CVirtA;Cisco Systems VPN Adapter; C:\WINDOWS\system32\DRIVERS\CVirtA.sys [2003-05-01 5220]
S3 EL90XBC;3Com EtherLink XL 90XB/C Adapter Driver; C:\WINDOWS\System32\DRIVERS\el90xbc5.sys [2001-08-17 66591]
S3 i81x;i81x; C:\WINDOWS\System32\DRIVERS\i81xnt5.sys [2004-08-04 161020]
S3 iAimFP0;iAimFP0; C:\WINDOWS\System32\DRIVERS\wADV01nt.sys [2004-08-04 12415]
S3 iAimFP1;iAimFP1; C:\WINDOWS\System32\DRIVERS\wADV02NT.sys [2004-08-04 12127]
S3 iAimFP2;iAimFP2; C:\WINDOWS\System32\DRIVERS\wADV05NT.sys [2004-08-04 11775]
S3 iAimFP3;iAimFP3; C:\WINDOWS\System32\DRIVERS\wSiINTxx.sys [2004-08-04 12063]
S3 iAimFP4;iAimFP4; C:\WINDOWS\System32\DRIVERS\wVchNTxx.sys [2004-08-04 19455]
S3 iAimTV0;iAimTV0; C:\WINDOWS\System32\DRIVERS\wATV01nt.sys [2004-08-04 29311]
S3 iAimTV1;iAimTV1; C:\WINDOWS\System32\DRIVERS\wATV02NT.sys [2004-08-04 19551]
S3 iAimTV2;iAimTV2; C:\WINDOWS\System32\DRIVERS\wATV03nt.sys []
S3 iAimTV3;iAimTV3; C:\WINDOWS\System32\DRIVERS\wATV04nt.sys [2004-08-04 33599]
S3 iAimTV4;iAimTV4; C:\WINDOWS\System32\DRIVERS\wCh7xxNT.sys [2004-08-04 23615]
S3 Lvckap;Logitech Kernel Audio Processing Filter Driver; \??\C:\WINDOWS\system32\drivers\Lvckap.sys []
S3 lvmvdrv;Logitech Machine Vision Engine Loader; \??\C:\WINDOWS\system32\drivers\lvmvdrv.sys []
S3 mmc_2K;mmc_2K; C:\WINDOWS\system32\drivers\mmc_2K.sys [2006-11-18 30662]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2004-08-04 1897408]
S3 pcand5bk;PCAND5BK PCANDIS5 Protocol Driver; \??\C:\WINDOWS\SYSTEM32\pcand5bk.SYS []
S3 QCMerced;Logitech QuickCam Express; C:\WINDOWS\system32\DRIVERS\LVCM.sys [2002-09-20 472396]
S3 RapFile;RapFile; \??\C:\WINDOWS\system32\drivers\RapFile.sys []
S3 RapNet;RapNet; \??\C:\WINDOWS\system32\drivers\RapNet.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\System32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 vsdatant;vsdatant; \??\C:\WINDOWS\System32\vsdatant.sys []
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\System32\DRIVERS\wanatw4.sys []
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-10-21 611664]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2007-06-28 106496]
R2 BlackICE;BlackICE; C:\Program Files\ISS\issSensors\DesktopProtection\blackd.exe [2004-10-29 847872]
R2 C-DillaCdaC11BA;C-DillaCdaC11BA; C:\WINDOWS\System32\drivers\CDAC11BA.EXE [2003-02-08 52736]
R2 DefWatch;DefWatch; C:\Program Files\NavNT\defwatch.exe [2002-06-03 32768]
R2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 267776]
R2 LVPrcSrv;Logitech Process Monitor; c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe [2005-12-09 81920]
R2 Norton AntiVirus Server;Norton AntiVirus Client; C:\Program Files\NavNT\rtvscan.exe [2002-06-03 471040]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]
R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2007-06-28 501048]
R3 Pml Driver HPH11;Pml Driver HPH11; C:\WINDOWS\System32\HPHipm11.exe [2002-04-04 77824]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 NAVRoam;NAVRoam; C:\PROGRA~1\NavNT\NAVRoam.exe [2002-06-03 237568]
S3 RapApp;RapApp; C:\Program Files\ISS\issSensors\DesktopProtection\RapApp.exe [2003-06-19 688128]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]

-----------------EOF-----------------

Edited by SNG, 07 November 2008 - 11:40 AM.


#12 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:05:16 PM

Posted 07 November 2008 - 11:49 AM

That's perfect! :thumbsup:


Click Start -> Control Panel -> Add Remove Programs and uninstall this program:

Window Search



Don't be concerned if you get an error during uninstallation.


Please download the OTMoveIt3 by OldTimer.
  • Save it to your desktop.
  • Please click OTMoveIt3 and then click >> run.
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    :reg
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\d8bb1681]
    
    :Commands
    [EmptyTemp]
    [Reboot]
  • Return to OTMoveIt3, right click in the "Paste Instructions for items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt3
Note: If an item cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.


=================


Please do an online scan with Kaspersky WebScanner.
  • Please visit the Kaspersky Online Scanner website.
  • Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

Also post a new log from RSIT.
Let me know how your computer is behaving.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#13 SNG

SNG
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:16 PM

Posted 07 November 2008 - 12:16 PM

Here is the log from Moveit. I will send you the log from Kaspersky later. Thanks

========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\d8bb1681\\ deleted successfully.
========== COMMANDS ==========
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\INDEX.DAT scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Java cache emptied.
Temp folders emptied.

OTMoveIt3 by OldTimer - Version 1.0.7.0 log created on 11072008_120312

Files moved on Reboot...
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\INDEX.DAT scheduled to be moved on reboot.

#14 SNG

SNG
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:16 PM

Posted 07 November 2008 - 03:32 PM

Here is report from Kaspersky, I will upload log from RSIT next. I guess it is running better, i will find out after i start using it. Do I need to do anything with Spybot, Spyblaster, or defender, etc?

KASPERSKY ONLINE SCANNER 7 REPORT
Friday, November 7, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Friday, November 07, 2008 16:05:00
Records in database: 1373888


Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes

Scan area My Computer
A:\
C:\
D:\
E:\
F:\

Scan statistics
Files scanned 68481
Threat name 16
Infected objects 79
Suspicious objects 0
Duration of the scan 02:36:37

File name Threat name Threats count
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\02FC0000.VBN Infected: Trojan-Downloader.Win32.VB.ah 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\02FC0002.VBN Infected: Trojan-Downloader.Win32.Keenval 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05140000.VBN Infected: Backdoor.Win32.UltimateDefender.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05A00000.VBN Infected: Trojan-Dropper.Win32.Agent.of 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09100000.VBN Infected: Email-Worm.Win32.Bagle.dx 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09100001.VBN Infected: Email-Worm.Win32.Bagle.dx 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09700000.VBN Infected: Email-Worm.Win32.NetSky.q 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09700001.VBN Infected: Email-Worm.Win32.NetSky.q 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0B140000.VBN Infected: Trojan-Dropper.Win32.Agent.of 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0B140001.VBN Infected: Trojan-Dropper.Win32.Agent.of 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0B140002.VBN Infected: Trojan-Dropper.Win32.Agent.of 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0B140003.VBN Infected: Trojan-Dropper.Win32.Agent.of 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0B600000.VBN Infected: Trojan-Dropper.Win32.Agent.of 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0B600001.VBN Infected: Trojan-Dropper.Win32.Agent.of 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0BC00000.VBN Infected: Trojan-Downloader.Win32.FraudLoad.vdho 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0BC00001.VBN Infected: Trojan-Downloader.Win32.FraudLoad.vdho 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0BC00002.VBN Infected: Trojan.Win32.Pakes.lnh 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0BC00003.VBN Infected: Trojan.Win32.Pakes.lnh 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0BC00004.VBN Infected: Trojan-Downloader.Win32.Agent.akwa 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0BC00005.VBN Infected: Trojan-Downloader.Win32.Agent.akwa 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0BC00006.VBN Infected: Trojan-Downloader.Win32.Agent.akwa 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0BC00007.VBN Infected: Trojan-Downloader.Win32.Agent.akwa 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0BC00008.VBN Infected: Trojan-Downloader.Win32.FraudLoad.vdho 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0BC00009.VBN Infected: Trojan-Downloader.Win32.FraudLoad.vdho 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0BC0000A.VBN Infected: Backdoor.Win32.UltimateDefender.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0BC0000B.VBN Infected: Backdoor.Win32.UltimateDefender.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0BC0000C.VBN Infected: Trojan.Win32.Pakes.lnh 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0BC0000D.VBN Infected: Trojan.Win32.Pakes.lnh 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0BC0000E.VBN Infected: Trojan.Win32.Agent.ajdu 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0BC0000F.VBN Infected: Trojan.Win32.Agent.ajdu 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0BC00010.VBN Infected: Trojan-Downloader.Win32.FraudLoad.vdho 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0BC00011.VBN Infected: Trojan-Downloader.Win32.FraudLoad.vdho 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0BC00012.VBN Infected: Backdoor.Win32.UltimateDefender.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0BC00013.VBN Infected: Backdoor.Win32.UltimateDefender.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0BC00014.VBN Infected: Trojan.Win32.Pakes.lnh 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0BC00015.VBN Infected: Trojan.Win32.Pakes.lnh 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0BC00016.VBN Infected: Trojan.Win32.Pakes.lnh 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0BC00017.VBN Infected: Trojan.Win32.Pakes.lnh 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0BC00018.VBN Infected: Trojan-Downloader.Win32.FraudLoad.vdho 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0BC00019.VBN Infected: Trojan-Downloader.Win32.FraudLoad.vdho 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0BC0001A.VBN Infected: Trojan-Downloader.Win32.Delf.pfs 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0BC0001B.VBN Infected: Trojan-Downloader.Win32.Delf.pfs 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0BC0001E.VBN Infected: Trojan.Win32.Pakes.lnh 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0BC0001F.VBN Infected: Trojan.Win32.Pakes.lnh 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0BC00020.VBN Infected: Trojan-Downloader.Win32.FraudLoad.vdho 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0BC00021.VBN Infected: Trojan-Downloader.Win32.FraudLoad.vdho 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0BC00022.VBN Infected: Backdoor.Win32.UltimateDefender.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0BC00023.VBN Infected: Backdoor.Win32.UltimateDefender.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0BC00024.VBN Infected: Trojan.Win32.Pakes.lnh 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0BC00025.VBN Infected: Trojan.Win32.Pakes.lnh 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0BC00026.VBN Infected: Trojan-Downloader.Win32.Delf.pfs 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0BC00027.VBN Infected: Trojan-Downloader.Win32.Delf.pfs 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0CA80000.VBN Infected: Trojan-Dropper.Win32.Agent.of 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0CA80001.VBN Infected: Trojan-Dropper.Win32.Agent.of 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0DF00000.VBN Infected: Trojan.Win32.Agent.ajdu 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0DF00001.VBN Infected: Trojan.Win32.Agent.ajdu 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0EA00000.VBN Infected: Email-Worm.Win32.NetSky.q 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0EA00001.VBN Infected: Email-Worm.Win32.NetSky.q 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0EE80000.VBN Infected: Backdoor.Win32.UltimateDefender.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0FB40000.VBN Infected: Email-Worm.Win32.NetSky.q 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0FB40001.VBN Infected: Email-Worm.Win32.NetSky.q 1

C:\Documents and Settings\Sri\My Documents\documents\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f 1

C:\Documents and Settings\Sri\My Documents\documents\SmitfraudFix.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f 1

C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\cbXQiHXN.dll.vir Infected: Trojan.Win32.Agent.alqy 1

C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\efcBsQJC.dll.vir Infected: Trojan.Win32.Agent.alqy 1

C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\iifgGVNh.dll.vir Infected: Trojan.Win32.Agent.alqy 1

C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\msansspc.dll.vir Infected: Trojan-Downloader.Win32.Tibs.kvn 1

C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\nnnoOeDs.dll.vir Infected: Trojan.Win32.Agent.alqy 1

C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\qlpmakrl.dll.vir Infected: Trojan.Win32.Agent.alra 1

C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\Xcite.dll.vir Infected: not-a-virus:AdWare.Win32.MyWay.i 1

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP867\A0103478.dll Infected: Trojan-Downloader.Win32.Tibs.kvn 1

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP867\A0103479.dll Infected: not-a-virus:AdWare.Win32.MyWay.i 1

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP867\A0103649.dll Infected: Trojan.Win32.Agent.alqy 1

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP867\A0103650.dll Infected: Trojan.Win32.Agent.alqy 1

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP867\A0103652.dll Infected: Trojan.Win32.Agent.alqy 1

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP867\A0103655.dll Infected: Trojan.Win32.Agent.alqy 1

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP867\A0103656.dll Infected: Trojan.Win32.Agent.alra 1

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP870\A0104460.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f 1

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP870\A0104476.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f 1

The selected area was scanned.

#15 SNG

SNG
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:16 PM

Posted 07 November 2008 - 03:43 PM

Here rae the logs from RSIT, info.txt did not seem to get updated.:

Logfile of random's system information tool 1.04 (written by random/random)
Run by Sri at 2008-11-07 15:36:07
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 8 GB (20%) free of 39 GB
Total RAM: 254 MB (26% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:36, on 2008-11-07
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\ISS\issSensors\DesktopProtection\blackd.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\NavNT\vptray.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\WINDOWS\System32\hphmon04.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\WINDOWS\System32\HPHipm11.exe
C:\Program Files\Logitech\Video\CameraAssistant.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\Documents and Settings\Sri\Local Settings\temp\jkos-Sri\binaries\ScanningProcess.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Documents and Settings\Sri\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Sri.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\System32\hphmon04.exe
O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe" -quiet (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe" -quiet (User 'Default user')
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by109w.bay109.mail.live.com/mail/re...es/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1095429468631
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD5/JSCDL/jdk/6u1...ows-i586-jc.cab
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://www.samsphotoclub.com/upload/FujifilmUploadClient.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BlackICE - Internet Security Systems, Inc. - C:\Program Files\ISS\issSensors\DesktopProtection\blackd.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: NAVRoam - symantec - C:\PROGRA~1\NavNT\NAVRoam.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\System32\HPHipm11.exe
O23 - Service: RapApp - Internet Security Systems, Inc. - C:\Program Files\ISS\issSensors\DesktopProtection\RapApp.exe

--
End of file - 8027 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\MP Scheduled Scan.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-11-07 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-11-07 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-11-07 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2005-10-19 155648]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2005-10-19 126976]
"DVDSentry"=C:\WINDOWS\System32\DSentry.exe [2002-08-15 28672]
"vptray"=C:\Program Files\NavNT\vptray.exe [2002-06-03 73728]
"HPDJ Taskbar Utility"=C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe [2002-04-04 188416]
"HPHmon04"=C:\WINDOWS\System32\hphmon04.exe [2002-04-04 335872]
"HPHUPD04"=C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe [2002-04-04 49152]
"Share-to-Web Namespace Daemon"=C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe [2002-04-11 69632]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2006-01-12 155648]
"mmtask"=C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe [2005-03-15 53248]
"LogitechCameraService(E)"=C:\WINDOWS\system32\ElkCtrl.exe [2004-11-01 262144]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-11-07 136600]
"Microsoft Works Update Detection"=C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe []
"BCMSMMSG"=C:\WINDOWS\BCMSMMSG.exe [2003-08-29 122880]
"LVCOMSX"=C:\WINDOWS\system32\LVCOMSX.EXE [2005-12-09 225280]
"LVCOMS"=C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE [2002-12-10 127022]
"LogitechVideo[inspector]"=C:\Program Files\Logitech\Video\InstallHelper.exe [2005-12-07 73728]
"LogitechCameraAssistant"=C:\Program Files\Logitech\Video\CameraAssistant.exe [2005-12-07 489472]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2007-06-28 270648]
"AdaptecDirectCD"=C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe [2006-11-18 684032]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"WebCamRT.exe"= []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2005-10-19 348160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
C:\WINDOWS\System32\NavLogon.dll [2002-06-03 45056]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PSEXESVC]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=
"NoDrives"=
"NoDriveAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\SYSTEM32\fxsclnt.exe"="C:\WINDOWS\SYSTEM32\fxsclnt.exe:*:Enabled:Microsoft Fax Console"
"C:\Program Files\Yahoo!\Messenger\YPager.exe"="C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\WINDOWS\SYSTEM32\CIMSVR.exe"="C:\WINDOWS\SYSTEM32\CIMSVR.exe:*:Enabled:Logitech IM Video Companion Server"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"="C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe:*:Enabled:Ad-Aware SE Personal"
"C:\Program Files\Logitech\IM Video Companion\VideoIM.exe"="C:\Program Files\Logitech\IM Video Companion\VideoIM.exe:*:Enabled:Logitech IM Video Companion"
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe:*:Enabled:backWeb-8876480"
"C:\Program Files\Logitech\VideoCall\VideoCall.exe"="C:\Program Files\Logitech\VideoCall\VideoCall.exe:*:Disabled:videocall.exe"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

======List of files/folders created in the last 3 months======

2008-11-07 12:23:06 ----D---- C:\Program Files\Sun
2008-11-07 12:22:11 ----A---- C:\WINDOWS\system32\javaws.exe
2008-11-07 12:22:11 ----A---- C:\WINDOWS\system32\javaw.exe
2008-11-07 12:22:11 ----A---- C:\WINDOWS\system32\java.exe
2008-11-07 12:22:11 ----A---- C:\WINDOWS\system32\deploytk.dll
2008-11-07 12:21:15 ----D---- C:\Program Files\Java
2008-11-07 12:03:12 ----D---- C:\_OTMoveIt
2008-11-07 10:40:34 ----D---- C:\rsit
2008-11-07 08:20:50 ----D---- C:\WINDOWS\ERUNT
2008-11-07 08:11:55 ----D---- C:\SDFix
2008-11-05 19:31:27 ----A---- C:\WINDOWS\system32\cmd.execf
2008-11-05 19:29:47 ----D---- C:\32788R22FWJFW
2008-11-05 19:23:13 ----D---- C:\WINDOWS\temp
2008-11-05 19:15:49 ----D---- C:\cf
2008-11-05 19:15:46 ----A---- C:\WINDOWS\system32\CF8449.exe
2008-11-05 18:46:16 ----A---- C:\WINDOWS\system32\CF2685.exe
2008-11-04 18:36:37 ----A---- C:\WINDOWS\system32\CF13538.exe
2008-11-03 21:06:07 ----D---- C:\Program Files\Trend Micro
2008-11-03 19:07:56 ----D---- C:\WINDOWS\pss
2008-11-02 13:38:23 ----A---- C:\WINDOWS\system32\CF13433.exe
2008-11-02 13:37:11 ----A---- C:\WINDOWS\system32\CF13149.exe
2008-11-02 13:35:37 ----A---- C:\WINDOWS\system32\CF12744.exe
2008-11-02 13:06:06 ----A---- C:\Boot.bak
2008-11-02 13:05:51 ----D---- C:\cmdcons
2008-11-02 12:59:33 ----A---- C:\WINDOWS\zip.exe
2008-11-02 12:59:33 ----A---- C:\WINDOWS\SWREG.exe
2008-11-02 12:59:33 ----A---- C:\WINDOWS\sed.exe
2008-11-02 12:59:33 ----A---- C:\WINDOWS\NIRCMD.exe
2008-11-02 12:59:33 ----A---- C:\WINDOWS\grep.exe
2008-11-02 12:59:33 ----A---- C:\WINDOWS\fdsv.exe
2008-11-02 12:59:32 ----A---- C:\WINDOWS\VFIND.exe
2008-11-02 12:59:32 ----A---- C:\WINDOWS\SWSC.exe
2008-11-02 12:59:31 ----A---- C:\WINDOWS\SWXCACLS.exe
2008-11-02 12:59:03 ----D---- C:\WINDOWS\ERDNT
2008-11-02 12:59:02 ----D---- C:\Qoobox
2008-11-02 12:58:57 ----A---- C:\WINDOWS\system32\CF5667.exe
2008-11-02 12:24:02 ----A---- C:\WINDOWS\ModemLog_BCM V.92 56K Modem.txt
2008-11-02 12:16:08 ----A---- C:\WINDOWS\system32\tmp.txt
2008-11-02 12:15:37 ----A---- C:\rapport.txt
2008-11-02 12:00:42 ----A---- C:\WINDOWS\system32\WS2Fix.exe
2008-11-02 12:00:42 ----A---- C:\WINDOWS\system32\VCCLSID.exe
2008-11-02 12:00:42 ----A---- C:\WINDOWS\system32\VACFix.exe
2008-11-02 12:00:42 ----A---- C:\WINDOWS\system32\o4Patch.exe
2008-11-02 12:00:42 ----A---- C:\WINDOWS\system32\IEDFix.exe
2008-11-02 12:00:42 ----A---- C:\WINDOWS\system32\IEDFix.C.exe
2008-11-02 12:00:42 ----A---- C:\WINDOWS\system32\dumphive.exe
2008-11-02 12:00:42 ----A---- C:\WINDOWS\system32\AntiXPVSTFix.exe
2008-11-02 12:00:42 ----A---- C:\WINDOWS\system32\404Fix.exe
2008-11-02 12:00:41 ----A---- C:\WINDOWS\system32\swsc.exe
2008-11-02 12:00:41 ----A---- C:\WINDOWS\system32\SrchSTS.exe
2008-11-02 11:09:46 ----A---- C:\WINDOWS\system32\d398d2ff-.txt
2008-10-24 16:47:22 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-10-20 20:02:31 ----D---- C:\Program Files\Windows Defender
2008-10-14 22:15:27 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-10-14 22:15:13 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-10-14 22:15:00 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-10-14 22:13:49 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-10-14 22:13:27 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-09-13 11:20:40 ----A---- C:\WINDOWS\system32\TwnLib4.dll
2008-09-13 11:20:37 ----A---- C:\WINDOWS\system32\ImagXRA7.dll
2008-09-13 11:20:37 ----A---- C:\WINDOWS\system32\ImagXR7.dll
2008-09-13 11:20:37 ----A---- C:\WINDOWS\system32\ImagXpr7.dll
2008-09-13 11:20:36 ----A---- C:\WINDOWS\system32\ImagX7.dll
2008-09-10 21:18:59 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-08-27 21:29:59 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2008-08-22 14:04:35 ----D---- C:\WINDOWS\Prefetch
2008-08-22 14:02:03 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-08-22 14:01:48 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-08-22 14:01:27 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-08-22 14:01:07 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-08-22 14:00:52 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-08-22 14:00:37 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$
2008-08-22 14:00:17 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-08-22 14:00:02 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-08-22 13:59:47 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-08-22 13:59:27 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-08-22 13:49:47 ----A---- C:\WINDOWS\system32\msxml6r.dll
2008-08-22 13:49:46 ----A---- C:\WINDOWS\system32\msxml6.dll
2008-08-22 13:48:56 ----A---- C:\WINDOWS\system32\aaclient.dll
2008-08-22 13:48:52 ----A---- C:\WINDOWS\system32\bitsprx4.dll
2008-08-22 13:48:52 ----A---- C:\WINDOWS\system32\azroles.dll
2008-08-22 13:48:51 ----A---- C:\WINDOWS\system32\credssp.dll
2008-08-22 13:48:50 ----A---- C:\WINDOWS\system32\dot3svc.dll
2008-08-22 13:48:50 ----A---- C:\WINDOWS\system32\dot3msm.dll
2008-08-22 13:48:50 ----A---- C:\WINDOWS\system32\dot3gpclnt.dll
2008-08-22 13:48:50 ----A---- C:\WINDOWS\system32\dot3dlg.dll
2008-08-22 13:48:50 ----A---- C:\WINDOWS\system32\dot3cfg.dll
2008-08-22 13:48:50 ----A---- C:\WINDOWS\system32\dot3api.dll
2008-08-22 13:48:50 ----A---- C:\WINDOWS\system32\dimsroam.dll
2008-08-22 13:48:50 ----A---- C:\WINDOWS\system32\dimsntfy.dll
2008-08-22 13:48:50 ----A---- C:\WINDOWS\system32\dhcpqec.dll
2008-08-22 13:48:49 ----A---- C:\WINDOWS\system32\dot3ui.dll
2008-08-22 13:48:48 ----A---- C:\WINDOWS\system32\eappgnui.dll
2008-08-22 13:48:48 ----A---- C:\WINDOWS\system32\eappcfg.dll
2008-08-22 13:48:48 ----A---- C:\WINDOWS\system32\eapp3hst.dll
2008-08-22 13:48:48 ----A---- C:\WINDOWS\system32\eapolqec.dll
2008-08-22 13:48:47 ----A---- C:\WINDOWS\system32\eapsvc.dll
2008-08-22 13:48:47 ----A---- C:\WINDOWS\system32\eapqec.dll
2008-08-22 13:48:47 ----A---- C:\WINDOWS\system32\eappprxy.dll
2008-08-22 13:48:47 ----A---- C:\WINDOWS\system32\eapphost.dll
2008-08-22 13:48:43 ----A---- C:\WINDOWS\system32\kbdbhc.dll
2008-08-22 13:48:42 ----A---- C:\WINDOWS\system32\kbdnepr.dll
2008-08-22 13:48:42 ----A---- C:\WINDOWS\system32\kbdiultn.dll
2008-08-22 13:48:41 ----A---- C:\WINDOWS\system32\l2gpstore.dll
2008-08-22 13:48:41 ----A---- C:\WINDOWS\system32\kmsvc.dll
2008-08-22 13:48:41 ----A---- C:\WINDOWS\system32\kbdpash.dll
2008-08-22 13:48:39 ----A---- C:\WINDOWS\system32\mmcperf.exe
2008-08-22 13:48:39 ----A---- C:\WINDOWS\system32\mmcfxcommon.dll
2008-08-22 13:48:39 ----A---- C:\WINDOWS\system32\mmcex.dll
2008-08-22 13:48:39 ----A---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2008-08-22 13:48:37 ----A---- C:\WINDOWS\system32\msshavmsg.dll
2008-08-22 13:48:37 ----A---- C:\WINDOWS\system32\mssha.dll
2008-08-22 13:48:36 ----A---- C:\WINDOWS\system32\napstat.exe
2008-08-22 13:48:36 ----A---- C:\WINDOWS\system32\napmontr.dll
2008-08-22 13:48:36 ----A---- C:\WINDOWS\system32\napipsec.dll
2008-08-22 13:48:33 ----A---- C:\WINDOWS\system32\onex.dll
2008-08-22 13:48:32 ----A---- C:\WINDOWS\system32\qagent.dll
2008-08-22 13:48:32 ----A---- C:\WINDOWS\system32\photometadatahandler.dll
2008-08-22 13:48:31 ----A---- C:\WINDOWS\system32\rhttpaa.dll
2008-08-22 13:48:31 ----A---- C:\WINDOWS\system32\rasqec.dll
2008-08-22 13:48:31 ----A---- C:\WINDOWS\system32\qutil.dll
2008-08-22 13:48:31 ----A---- C:\WINDOWS\system32\qcliprov.dll
2008-08-22 13:48:31 ----A---- C:\WINDOWS\system32\qagentrt.dll
2008-08-22 13:48:30 ----A---- C:\WINDOWS\system32\setupn.exe
2008-08-22 13:48:28 ----A---- C:\WINDOWS\system32\tspkg.dll
2008-08-22 13:48:28 ----A---- C:\WINDOWS\system32\tsgqec.dll
2008-08-22 13:48:26 ----A---- C:\WINDOWS\system32\windowscodecsext.dll
2008-08-22 13:48:26 ----A---- C:\WINDOWS\system32\windowscodecs.dll
2008-08-22 13:48:25 ----A---- C:\WINDOWS\system32\wmphoto.dll
2008-08-22 13:48:25 ----A---- C:\WINDOWS\system32\wlanapi.dll
2008-08-22 13:33:13 ----A---- C:\WINDOWS\003299_.tmp
2008-08-22 13:23:17 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-08-22 11:11:47 ----A---- C:\WINDOWS\system32\SET12AB.tmp
2008-08-22 11:11:11 ----A---- C:\WINDOWS\system32\SET1211.tmp
2008-08-22 11:10:56 ----A---- C:\WINDOWS\system32\SET11DE.tmp
2008-08-22 11:10:55 ----A---- C:\WINDOWS\system32\SET11D9.tmp
2008-08-22 11:10:54 ----A---- C:\WINDOWS\system32\SET11D6.tmp
2008-08-22 11:00:01 ----A---- C:\WINDOWS\SET784.tmp
2008-08-22 10:59:51 ----A---- C:\WINDOWS\system32\SET759.tmp
2008-08-22 10:59:51 ----A---- C:\WINDOWS\system32\SET757.tmp
2008-08-22 10:59:50 ----A---- C:\WINDOWS\system32\SET755.tmp
2008-08-22 10:59:49 ----A---- C:\WINDOWS\system32\SET751.tmp
2008-08-22 10:59:48 ----A---- C:\WINDOWS\system32\SET74E.tmp
2008-08-22 10:59:46 ----A---- C:\WINDOWS\system32\SET748.tmp
2008-08-22 10:59:45 ----A---- C:\WINDOWS\system32\SET743.tmp
2008-08-22 10:59:44 ----A---- C:\WINDOWS\system32\SET742.tmp
2008-08-22 10:59:43 ----A---- C:\WINDOWS\system32\SET73F.tmp
2008-08-22 10:59:43 ----A---- C:\WINDOWS\system32\SET73E.tmp
2008-08-22 10:59:43 ----A---- C:\WINDOWS\system32\SET73D.tmp
2008-08-22 10:59:42 ----A---- C:\WINDOWS\system32\SET739.tmp
2008-08-22 10:59:41 ----A---- C:\WINDOWS\system32\SET738.tmp
2008-08-22 10:59:40 ----A---- C:\WINDOWS\system32\SET737.tmp
2008-08-22 10:59:38 ----A---- C:\WINDOWS\system32\SET731.tmp
2008-08-22 10:59:37 ----A---- C:\WINDOWS\system32\SET72F.tmp
2008-08-22 10:59:36 ----A---- C:\WINDOWS\system32\SET72C.tmp
2008-08-22 10:59:35 ----A---- C:\WINDOWS\system32\SET729.tmp
2008-08-22 10:59:35 ----A---- C:\WINDOWS\system32\SET726.tmp
2008-08-22 10:59:34 ----A---- C:\WINDOWS\system32\SET724.tmp
2008-08-22 10:59:32 ----A---- C:\WINDOWS\system32\SET71D.tmp
2008-08-22 10:59:30 ----A---- C:\WINDOWS\system32\SET715.tmp
2008-08-22 10:59:29 ----A---- C:\WINDOWS\system32\SET714.tmp
2008-08-22 10:59:28 ----A---- C:\WINDOWS\system32\SET70F.tmp
2008-08-22 10:59:27 ----A---- C:\WINDOWS\system32\SET70D.tmp
2008-08-22 10:59:26 ----A---- C:\WINDOWS\system32\SET70A.tmp
2008-08-22 10:59:25 ----A---- C:\WINDOWS\system32\SET707.tmp
2008-08-22 10:59:25 ----A---- C:\WINDOWS\system32\SET706.tmp
2008-08-22 10:59:24 ----A---- C:\WINDOWS\system32\SET703.tmp
2008-08-22 10:59:24 ----A---- C:\WINDOWS\system32\SET701.tmp
2008-08-22 10:59:23 ----A---- C:\WINDOWS\system32\SET700.tmp
2008-08-22 10:59:23 ----A---- C:\WINDOWS\system32\SET6FF.tmp
2008-08-22 10:59:22 ----A---- C:\WINDOWS\system32\SET6FE.tmp
2008-08-22 10:59:21 ----A---- C:\WINDOWS\system32\SET6FB.tmp
2008-08-22 10:59:21 ----A---- C:\WINDOWS\system32\SET6FA.tmp
2008-08-22 10:59:21 ----A---- C:\WINDOWS\system32\SET6F9.tmp
2008-08-22 10:59:18 ----A---- C:\WINDOWS\system32\SET6F0.tmp
2008-08-22 10:59:08 ----A---- C:\WINDOWS\system32\SET6BB.tmp
2008-08-22 10:59:07 ----A---- C:\WINDOWS\system32\SET6BA.tmp
2008-08-22 10:59:04 ----A---- C:\WINDOWS\system32\SET69F.tmp
2008-08-22 10:59:01 ----A---- C:\WINDOWS\system32\SET694.tmp
2008-08-22 10:59:00 ----A---- C:\WINDOWS\system32\SET690.tmp
2008-08-22 10:58:57 ----A---- C:\WINDOWS\system32\SET688.tmp
2008-08-22 10:58:56 ----A---- C:\WINDOWS\system32\SET687.tmp
2008-08-22 10:58:55 ----A---- C:\WINDOWS\system32\SET686.tmp
2008-08-22 10:58:55 ----A---- C:\WINDOWS\system32\SET684.tmp
2008-08-22 10:58:53 ----A---- C:\WINDOWS\system32\SET67F.tmp
2008-08-22 10:58:51 ----A---- C:\WINDOWS\system32\SET675.tmp
2008-08-22 10:58:49 ----A---- C:\WINDOWS\system32\SET66F.tmp
2008-08-22 10:58:48 ----A---- C:\WINDOWS\system32\SET66D.tmp
2008-08-22 10:58:47 ----A---- C:\WINDOWS\system32\SET66A.tmp
2008-08-22 10:58:47 ----A---- C:\WINDOWS\system32\SET669.tmp
2008-08-22 10:58:46 ----A---- C:\WINDOWS\system32\SET668.tmp
2008-08-22 10:58:46 ----A---- C:\WINDOWS\system32\SET666.tmp
2008-08-22 10:58:44 ----A---- C:\WINDOWS\system32\SET662.tmp
2008-08-22 10:58:43 ----A---- C:\WINDOWS\system32\SET65E.tmp
2008-08-22 10:58:41 ----A---- C:\WINDOWS\system32\SET658.tmp
2008-08-22 10:58:40 ----A---- C:\WINDOWS\system32\SET657.tmp
2008-08-22 10:58:39 ----A---- C:\WINDOWS\system32\SET655.tmp
2008-08-22 10:58:37 ----A---- C:\WINDOWS\system32\SET64D.tmp
2008-08-22 10:58:34 ----A---- C:\WINDOWS\system32\SET63C.tmp
2008-08-22 10:58:33 ----A---- C:\WINDOWS\system32\SET638.tmp
2008-08-22 10:58:31 ----A---- C:\WINDOWS\system32\SET632.tmp
2008-08-22 10:58:31 ----A---- C:\WINDOWS\system32\SET630.tmp
2008-08-22 10:58:30 ----A---- C:\WINDOWS\system32\SET62E.tmp
2008-08-22 10:58:24 ----A---- C:\WINDOWS\system32\SET615.tmp
2008-08-22 10:58:24 ----A---- C:\WINDOWS\system32\SET613.tmp
2008-08-22 10:58:21 ----A---- C:\WINDOWS\system32\SET605.tmp
2008-08-22 10:58:20 ----A---- C:\WINDOWS\system32\SET602.tmp
2008-08-22 10:58:18 ----A---- C:\WINDOWS\system32\SET5F9.tmp
2008-08-22 10:58:16 ----A---- C:\WINDOWS\system32\SET5E8.tmp
2008-08-22 10:58:15 ----A---- C:\WINDOWS\system32\SET5E3.tmp
2008-08-22 10:58:14 ----A---- C:\WINDOWS\system32\SET5E2.tmp
2008-08-22 10:58:14 ----A---- C:\WINDOWS\system32\SET5E0.tmp
2008-08-22 10:58:12 ----A---- C:\WINDOWS\system32\SET5DC.tmp
2008-08-22 10:58:09 ----A---- C:\WINDOWS\system32\SET5CD.tmp
2008-08-22 10:58:08 ----A---- C:\WINDOWS\system32\SET5C3.tmp
2008-08-22 10:58:07 ----A---- C:\WINDOWS\system32\SET5C1.tmp
2008-08-22 10:58:06 ----A---- C:\WINDOWS\system32\SET5B9.tmp
2008-08-22 10:58:06 ----A---- C:\WINDOWS\system32\SET5B4.tmp
2008-08-22 10:58:05 ----A---- C:\WINDOWS\system32\SET5AE.tmp
2008-08-22 10:58:04 ----A---- C:\WINDOWS\system32\SET5AB.tmp
2008-08-22 10:58:04 ----A---- C:\WINDOWS\system32\SET5A8.tmp
2008-08-22 10:58:03 ----A---- C:\WINDOWS\system32\SET5A7.tmp
2008-08-22 10:58:03 ----A---- C:\WINDOWS\system32\SET5A6.tmp
2008-08-22 10:58:02 ----A---- C:\WINDOWS\system32\SET5A3.tmp
2008-08-22 10:57:59 ----A---- C:\WINDOWS\system32\SET597.tmp
2008-08-22 10:57:58 ----A---- C:\WINDOWS\system32\SET594.tmp
2008-08-22 10:57:57 ----A---- C:\WINDOWS\system32\SET592.tmp
2008-08-22 10:57:57 ----A---- C:\WINDOWS\system32\SET58F.tmp
2008-08-22 10:57:57 ----A---- C:\WINDOWS\system32\SET58E.tmp
2008-08-22 10:57:56 ----A---- C:\WINDOWS\system32\SET58D.tmp
2008-08-22 10:57:56 ----A---- C:\WINDOWS\system32\SET58C.tmp
2008-08-22 10:57:55 ----A---- C:\WINDOWS\system32\SET589.tmp
2008-08-22 10:57:54 ----A---- C:\WINDOWS\system32\SET581.tmp
2008-08-22 10:57:53 ----A---- C:\WINDOWS\system32\SET580.tmp
2008-08-22 10:57:53 ----A---- C:\WINDOWS\system32\SET57A.tmp
2008-08-22 10:57:52 ----A---- C:\WINDOWS\system32\SET579.tmp
2008-08-22 10:57:50 ----A---- C:\WINDOWS\system32\SET572.tmp
2008-08-22 10:57:50 ----A---- C:\WINDOWS\system32\SET571.tmp
2008-08-22 10:57:49 ----A---- C:\WINDOWS\system32\SET56E.tmp
2008-08-22 10:57:48 ----A---- C:\WINDOWS\system32\SET56B.tmp
2008-08-22 10:57:48 ----A---- C:\WINDOWS\system32\SET568.tmp
2008-08-22 10:57:46 ----A---- C:\WINDOWS\system32\SET55E.tmp
2008-08-22 10:57:44 ----A---- C:\WINDOWS\system32\SET55B.tmp
2008-08-22 10:57:44 ----A---- C:\WINDOWS\system32\SET557.tmp
2008-08-22 10:57:42 ----A---- C:\WINDOWS\system32\SET54B.tmp
2008-08-22 10:57:42 ----A---- C:\WINDOWS\system32\SET54A.tmp
2008-08-22 10:57:41 ----A---- C:\WINDOWS\system32\SET545.tmp
2008-08-22 10:57:40 ----A---- C:\WINDOWS\system32\SET541.tmp
2008-08-22 10:57:39 ----A---- C:\WINDOWS\system32\SET540.tmp
2008-08-22 10:57:37 ----A---- C:\WINDOWS\system32\SET535.tmp
2008-08-22 10:57:37 ----A---- C:\WINDOWS\system32\SET534.tmp
2008-08-22 10:57:36 ----A---- C:\WINDOWS\system32\SET531.tmp
2008-08-22 10:57:35 ----A---- C:\WINDOWS\system32\SET52D.tmp
2008-08-22 10:57:34 ----A---- C:\WINDOWS\system32\SET529.tmp
2008-08-22 10:57:34 ----A---- C:\WINDOWS\system32\SET526.tmp
2008-08-22 10:57:33 ----A---- C:\WINDOWS\system32\SET524.tmp
2008-08-22 10:57:32 ----A---- C:\WINDOWS\system32\SET523.tmp
2008-08-22 10:57:32 ----A---- C:\WINDOWS\system32\SET51D.tmp
2008-08-22 10:57:31 ----A---- C:\WINDOWS\system32\SET51B.tmp
2008-08-22 10:57:31 ----A---- C:\WINDOWS\system32\SET51A.tmp
2008-08-22 10:57:29 ----A---- C:\WINDOWS\system32\SET50F.tmp
2008-08-22 10:57:28 ----A---- C:\WINDOWS\system32\SET502.tmp
2008-08-22 10:57:27 ----A---- C:\WINDOWS\system32\SET500.tmp
2008-08-22 10:57:27 ----A---- C:\WINDOWS\system32\SET4FB.tmp
2008-08-22 10:57:27 ----A---- C:\WINDOWS\system32\SET4F9.tmp
2008-08-22 10:57:26 ----A---- C:\WINDOWS\system32\SET4F8.tmp
2008-08-22 10:57:26 ----A---- C:\WINDOWS\system32\SET4F3.tmp
2008-08-22 10:57:25 ----A---- C:\WINDOWS\system32\SET4E1.tmp
2008-08-22 10:57:25 ----A---- C:\WINDOWS\system32\SET4E0.tmp
2008-08-22 10:57:25 ----A---- C:\WINDOWS\system32\SET4D9.tmp
2008-08-22 10:57:25 ----A---- C:\WINDOWS\system32\SET4D6.tmp
2008-08-22 10:57:24 ----A---- C:\WINDOWS\system32\SET4D5.tmp
2008-08-22 10:57:23 ----A---- C:\WINDOWS\system32\SET4D0.tmp
2008-08-22 10:57:23 ----A---- C:\WINDOWS\system32\SET4CD.tmp
2008-08-22 10:57:21 ----A---- C:\WINDOWS\system32\SET4C1.tmp
2008-08-22 10:57:21 ----A---- C:\WINDOWS\system32\SET4BF.tmp
2008-08-22 10:57:20 ----A---- C:\WINDOWS\system32\SET4BE.tmp
2008-08-22 10:57:15 ----A---- C:\WINDOWS\system32\SET493.tmp
2008-08-22 10:57:14 ----A---- C:\WINDOWS\system32\SET490.tmp
2008-08-22 10:57:13 ----A---- C:\WINDOWS\system32\SET48E.tmp
2008-08-22 10:57:12 ----A---- C:\WINDOWS\system32\SET488.tmp
2008-08-22 10:57:12 ----A---- C:\WINDOWS\system32\SET486.tmp
2008-08-22 10:57:10 ----A---- C:\WINDOWS\system32\SET47B.tmp
2008-08-22 10:57:06 ----A---- C:\WINDOWS\system32\SET46B.tmp
2008-08-22 10:57:05 ----A---- C:\WINDOWS\system32\SET468.tmp
2008-08-22 10:57:05 ----A---- C:\WINDOWS\system32\SET465.tmp
2008-08-22 10:57:04 ----A---- C:\WINDOWS\system32\SET462.tmp
2008-08-22 10:57:04 ----A---- C:\WINDOWS\system32\SET452.tmp
2008-08-22 10:57:03 ----A---- C:\WINDOWS\system32\SET44E.tmp
2008-08-22 10:57:00 ----A---- C:\WINDOWS\system32\SET416.tmp
2008-08-22 10:56:58 ----A---- C:\WINDOWS\system32\SET3FE.tmp
2008-08-22 10:56:57 ----A---- C:\WINDOWS\system32\SET3F8.tmp
2008-08-22 10:56:56 ----A---- C:\WINDOWS\system32\SET3F2.tmp
2008-08-22 10:56:55 ----A---- C:\WINDOWS\system32\SET3F0.tmp
2008-08-22 10:56:54 ----A---- C:\WINDOWS\system32\SET3DD.tmp
2008-08-22 10:56:51 ----A---- C:\WINDOWS\system32\SET3A9.tmp
2008-08-22 10:56:51 ----A---- C:\WINDOWS\system32\SET3A8.tmp
2008-08-22 10:56:50 ----A---- C:\WINDOWS\system32\SET3A6.tmp
2008-08-22 10:56:48 ----A---- C:\WINDOWS\system32\SET396.tmp
2008-08-22 10:56:48 ----A---- C:\WINDOWS\system32\SET395.tmp
2008-08-22 10:56:47 ----A---- C:\WINDOWS\system32\SET38F.tmp
2008-08-22 10:56:47 ----A---- C:\WINDOWS\system32\SET38C.tmp
2008-08-22 10:56:46 ----A---- C:\WINDOWS\system32\SET383.tmp
2008-08-22 10:56:45 ----A---- C:\WINDOWS\system32\SET382.tmp
2008-08-22 10:56:44 ----A---- C:\WINDOWS\system32\SET373.tmp
2008-08-22 10:56:38 ----A---- C:\WINDOWS\system32\SET371.tmp
2008-08-22 10:56:37 ----A---- C:\WINDOWS\system32\SET36A.tmp
2008-08-22 10:56:36 ----A---- C:\WINDOWS\system32\SET361.tmp
2008-08-22 10:56:36 ----A---- C:\WINDOWS\system32\SET35E.tmp
2008-08-22 10:56:34 ----A---- C:\WINDOWS\system32\SET34D.tmp
2008-08-22 10:56:30 ----A---- C:\WINDOWS\system32\SET313.tmp
2008-08-22 10:56:30 ----A---- C:\WINDOWS\system32\SET30D.tmp
2008-08-22 10:56:29 ----A---- C:\WINDOWS\system32\SET30B.tmp
2008-08-22 10:56:29 ----A---- C:\WINDOWS\system32\SET30A.tmp
2008-08-22 10:56:28 ----A---- C:\WINDOWS\system32\SET308.tmp
2008-08-22 10:56:27 ----A---- C:\WINDOWS\system32\SET2F6.tmp
2008-08-22 10:56:26 ----A---- C:\WINDOWS\system32\SET2EF.tmp
2008-08-22 10:56:26 ----A---- C:\WINDOWS\system32\SET2E5.tmp
2008-08-22 10:56:23 ----A---- C:\WINDOWS\system32\SET28B.tmp
2008-08-22 10:56:22 ----A---- C:\WINDOWS\system32\SET282.tmp
2008-08-22 10:56:21 ----A---- C:\WINDOWS\system32\SET27C.tmp
2008-08-22 10:56:20 ----A---- C:\WINDOWS\system32\SET27A.tmp
2008-08-22 10:56:18 ----A---- C:\WINDOWS\system32\SET255.tmp
2008-08-22 10:56:17 ----A---- C:\WINDOWS\system32\SET254.tmp
2008-08-22 10:56:16 ----A---- C:\WINDOWS\system32\SET24F.tmp
2008-08-22 10:56:15 ----A---- C:\WINDOWS\system32\SET243.tmp
2008-08-22 10:56:14 ----A---- C:\WINDOWS\system32\SET242.tmp
2008-08-22 10:56:13 ----A---- C:\WINDOWS\system32\SET21B.tmp
2008-08-22 10:56:11 ----A---- C:\WINDOWS\system32\SET206.tmp
2008-08-22 10:56:11 ----A---- C:\WINDOWS\system32\SET204.tmp
2008-08-22 10:56:10 ----A---- C:\WINDOWS\system32\SET1FA.tmp
2008-08-22 10:56:10 ----A---- C:\WINDOWS\system32\SET1F5.tmp
2008-08-22 10:56:09 ----A---- C:\WINDOWS\system32\SET1F3.tmp
2008-08-22 10:56:08 ----A---- C:\WINDOWS\system32\SET1D1.tmp
2008-08-22 10:56:07 ----A---- C:\WINDOWS\system32\SET1CF.tmp
2008-08-22 10:56:07 ----A---- C:\WINDOWS\system32\SET1CC.tmp
2008-08-22 10:56:06 ----A---- C:\WINDOWS\system32\SET1B2.tmp
2008-08-22 10:56:04 ----A---- C:\WINDOWS\system32\SET18C.tmp
2008-08-22 10:56:03 ----A---- C:\WINDOWS\system32\SET17F.tmp
2008-08-22 10:56:02 ----A---- C:\WINDOWS\system32\SET17B.tmp
2008-08-22 10:56:01 ----A---- C:\WINDOWS\system32\SET178.tmp
2008-08-22 10:56:01 ----A---- C:\WINDOWS\system32\SET176.tmp
2008-08-22 10:56:01 ----A---- C:\WINDOWS\system32\SET175.tmp
2008-08-22 10:55:58 ----A---- C:\WINDOWS\system32\SET163.tmp
2008-08-22 10:55:57 ----A---- C:\WINDOWS\system32\SET15E.tmp
2008-08-22 10:55:56 ----A---- C:\WINDOWS\system32\SET15C.tmp
2008-08-22 10:55:55 ----A---- C:\WINDOWS\system32\SET158.tmp
2008-08-22 10:55:54 ----A---- C:\WINDOWS\system32\SET150.tmp
2008-08-22 10:55:54 ----A---- C:\WINDOWS\system32\SET14F.tmp
2008-08-22 10:55:54 ----A---- C:\WINDOWS\system32\SET14E.tmp
2008-08-22 10:55:53 ----A---- C:\WINDOWS\system32\SET14D.tmp
2008-08-22 10:55:53 ----A---- C:\WINDOWS\system32\SET14C.tmp
2008-08-22 10:55:52 ----A---- C:\WINDOWS\system32\SET149.tmp
2008-08-22 10:55:51 ----A---- C:\WINDOWS\system32\SET145.tmp
2008-08-22 10:55:51 ----A---- C:\WINDOWS\system32\SET13F.tmp
2008-08-22 10:55:48 ----A---- C:\WINDOWS\system32\SET130.tmp
2008-08-22 10:55:47 ----A---- C:\WINDOWS\system32\SET12B.tmp
2008-08-22 10:55:46 ----A---- C:\WINDOWS\system32\SET12A.tmp
2008-08-22 10:55:45 ----A---- C:\WINDOWS\system32\SET11E.tmp
2008-08-22 10:55:44 ----A---- C:\WINDOWS\system32\SET11C.tmp
2008-08-22 10:55:44 ----A---- C:\WINDOWS\system32\SET11A.tmp
2008-08-22 10:55:43 ----A---- C:\WINDOWS\system32\SET118.tmp
2008-08-22 10:55:42 ----A---- C:\WINDOWS\system32\SET117.tmp
2008-08-22 10:49:53 ----A---- C:\WINDOWS\003291_.tmp
2008-08-22 10:43:19 ----A---- C:\WINDOWS\system32\qmgr.dll
2008-08-22 10:42:57 ----A---- C:\WINDOWS\system32\xpsp2res.dll
2008-08-22 10:40:05 ----A---- C:\WINDOWS\system32\comctl32.dll
2008-08-22 10:40:05 ----A---- C:\WINDOWS\system32\cmd.exe
2008-08-22 10:40:05 ----A---- C:\WINDOWS\system32\cacls.exe
2008-08-22 10:40:05 ----A---- C:\WINDOWS\system32\autoconv.exe
2008-08-22 10:40:05 ----A---- C:\WINDOWS\system32\autochk.exe
2008-08-22 10:40:05 ----A---- C:\WINDOWS\system32\advapi32.dll
2008-08-22 10:40:04 ----A---- C:\WINDOWS\system32\imagehlp.dll
2008-08-22 10:40:04 ----A---- C:\WINDOWS\system32\ftp.exe
2008-08-22 10:40:04 ----A---- C:\WINDOWS\system32\format.com
2008-08-22 10:40:04 ----A---- C:\WINDOWS\system32\dhcpcsvc.dll
2008-08-22 10:40:04 ----A---- C:\WINDOWS\system32\csrsrv.dll
2008-08-22 10:40:04 ----A---- C:\WINDOWS\system32\comdlg32.dll
2008-08-22 10:40:03 ----A---- C:\WINDOWS\system32\nslookup.exe
2008-08-22 10:40:03 ----A---- C:\WINDOWS\system32\msv1_0.dll
2008-08-22 10:40:03 ----A---- C:\WINDOWS\system32\msgsvc.dll
2008-08-22 10:40:03 ----A---- C:\WINDOWS\system32\mgmtapi.dll
2008-08-22 10:40:03 ----A---- C:\WINDOWS\system32\lsasrv.dll
2008-08-22 10:40:03 ----A---- C:\WINDOWS\system32\locator.exe
2008-08-22 10:40:03 ----A---- C:\WINDOWS\system32\localspl.dll
2008-08-22 10:40:03 ----A---- C:\WINDOWS\system32\lmhsvc.dll
2008-08-22 10:40:03 ----A---- C:\WINDOWS\system32\kernel32.dll
2008-08-22 10:40:02 ----A---- C:\WINDOWS\system32\olecnv32.dll
2008-08-22 10:40:02 ----A---- C:\WINDOWS\system32\oleaut32.dll
2008-08-22 10:40:02 ----A---- C:\WINDOWS\system32\nwprovau.dll
2008-08-22 10:40:02 ----A---- C:\WINDOWS\system32\ntvdm.exe
2008-08-22 10:40:02 ----A---- C:\WINDOWS\system32\ntprint.dll
2008-08-22 10:40:02 ----A---- C:\WINDOWS\system32\ntlsapi.dll
2008-08-22 10:40:02 ----A---- C:\WINDOWS\system32\ntdll.dll
2008-08-22 10:40:01 ----A---- C:\WINDOWS\system32\rasman.dll
2008-08-22 10:40:01 ----A---- C:\WINDOWS\system32\rasdlg.dll
2008-08-22 10:40:01 ----A---- C:\WINDOWS\system32\rasauto.dll
2008-08-22 10:40:01 ----A---- C:\WINDOWS\system32\rasapi32.dll
2008-08-22 10:40:01 ----A---- C:\WINDOWS\system32\printui.dll
2008-08-22 10:40:01 ----A---- C:\WINDOWS\system32\perfctrs.dll
2008-08-22 10:40:00 ----A---- C:\WINDOWS\system32\sessmgr.exe
2008-08-22 10:40:00 ----A---- C:\WINDOWS\system32\services.exe
2008-08-22 10:40:00 ----A---- C:\WINDOWS\system32\schannel.dll
2008-08-22 10:40:00 ----A---- C:\WINDOWS\system32\scardsvr.exe
2008-08-22 10:40:00 ----A---- C:\WINDOWS\system32\savedump.exe
2008-08-22 10:40:00 ----A---- C:\WINDOWS\system32\samsrv.dll
2008-08-22 10:40:00 ----A---- C:\WINDOWS\system32\samlib.dll
2008-08-22 10:40:00 ----A---- C:\WINDOWS\system32\rshx32.dll
2008-08-22 10:40:00 ----A---- C:\WINDOWS\system32\rastapi.dll
2008-08-22 10:39:59 ----A---- C:\WINDOWS\system32\tcpmonui.dll
2008-08-22 10:39:59 ----A---- C:\WINDOWS\system32\syssetup.dll
2008-08-22 10:39:59 ----A---- C:\WINDOWS\system32\srvsvc.dll
2008-08-22 10:39:59 ----A---- C:\WINDOWS\system32\smss.exe
2008-08-22 10:39:59 ----A---- C:\WINDOWS\system32\setupapi.dll
2008-08-22 10:39:58 ----A---- C:\WINDOWS\system32\win32spl.dll
2008-08-22 10:39:58 ----A---- C:\WINDOWS\system32\userinit.exe
2008-08-22 10:39:58 ----A---- C:\WINDOWS\system32\untfs.dll
2008-08-22 10:39:58 ----A---- C:\WINDOWS\system32\ulib.dll
2008-08-22 10:39:57 ----A---- C:\WINDOWS\system32\wkssvc.dll
2008-08-22 10:39:42 ----A---- C:\WINDOWS\system32\HAL.DLL
2008-08-22 10:39:41 ----A---- C:\WINDOWS\system32\ntkrnlpa.exe
2008-08-22 10:39:40 ----A---- C:\WINDOWS\system32\ntoskrnl.exe
2008-08-22 09:48:35 ----D---- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2008-08-17 09:01:39 ----HDC---- C:\WINDOWS\$NtUninstallKB952954_0$
2008-08-17 09:01:21 ----HDC---- C:\WINDOWS\$NtUninstallKB946648_0$
2008-08-17 09:01:02 ----HDC---- C:\WINDOWS\$NtUninstallKB953839$
2008-08-17 09:00:34 ----HDC---- C:\WINDOWS\$NtUninstallKB950974_0$
2008-08-17 08:56:26 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
2008-08-17 08:56:03 ----HDC---- C:\WINDOWS\$NtUninstallKB952287_0$
2008-08-17 08:54:02 ----HDC---- C:\WINDOWS\$NtUninstallKB951066_0$
2008-08-15 13:49:24 ----A---- C:\WINDOWS\system32\SET11C0.tmp
2008-08-15 13:49:12 ----A---- C:\WINDOWS\system32\SET118D.tmp
2008-08-15 13:40:23 ----A---- C:\WINDOWS\SET733.tmp
2008-08-15 13:40:17 ----A---- C:\WINDOWS\system32\SET708.tmp
2008-08-15 13:40:16 ----A---- C:\WINDOWS\system32\SET704.tmp
2008-08-15 13:40:15 ----A---- C:\WINDOWS\system32\SET6FD.tmp
2008-08-15 13:40:14 ----A---- C:\WINDOWS\system32\SET6F7.tmp
2008-08-15 13:40:13 ----A---- C:\WINDOWS\system32\SET6F1.tmp
2008-08-15 13:40:12 ----A---- C:\WINDOWS\system32\SET6ED.tmp
2008-08-15 13:40:11 ----A---- C:\WINDOWS\system32\SET6E8.tmp
2008-08-15 13:40:09 ----A---- C:\WINDOWS\system32\SET6E6.tmp
2008-08-15 13:40:06 ----A---- C:\WINDOWS\system32\SET6DB.tmp
2008-08-15 13:40:05 ----A---- C:\WINDOWS\system32\SET6D8.tmp
2008-08-15 13:40:04 ----A---- C:\WINDOWS\system32\SET6D3.tmp
2008-08-15 13:40:03 ----A---- C:\WINDOWS\system32\SET6CC.tmp
2008-08-15 13:40:00 ----A---- C:\WINDOWS\system32\SET6BE.tmp
2008-08-15 13:39:58 ----A---- C:\WINDOWS\system32\SET6B9.tmp
2008-08-15 13:39:57 ----A---- C:\WINDOWS\system32\SET6B7.tmp
2008-08-15 13:39:56 ----A---- C:\WINDOWS\system32\SET6B6.tmp
2008-08-15 13:39:56 ----A---- C:\WINDOWS\system32\SET6B4.tmp
2008-08-15 13:39:55 ----A---- C:\WINDOWS\system32\SET6B2.tmp
2008-08-15 13:39:55 ----A---- C:\WINDOWS\system32\SET6B1.tmp
2008-08-15 13:39:54 ----A---- C:\WINDOWS\system32\SET6B0.tmp
2008-08-15 13:39:54 ----A---- C:\WINDOWS\system32\SET6AF.tmp
2008-08-15 13:39:53 ----A---- C:\WINDOWS\system32\SET6AD.tmp
2008-08-15 13:39:53 ----A---- C:\WINDOWS\system32\SET6AC.tmp
2008-08-15 13:39:50 ----A---- C:\WINDOWS\system32\SET6A4.tmp
2008-08-15 13:39:43 ----A---- C:\WINDOWS\system32\SET678.tmp
2008-08-15 13:39:40 ----A---- C:\WINDOWS\system32\SET667.tmp
2008-08-15 13:39:33 ----A---- C:\WINDOWS\system32\SET64E.tmp
2008-08-15 13:39:32 ----A---- C:\WINDOWS\system32\SET64C.tmp
2008-08-15 13:39:31 ----A---- C:\WINDOWS\system32\SET647.tmp
2008-08-15 13:39:30 ----A---- C:\WINDOWS\system32\SET63F.tmp
2008-08-15 13:39:27 ----A---- C:\WINDOWS\system32\SET62C.tmp
2008-08-15 13:39:24 ----A---- C:\WINDOWS\system32\SET61F.tmp
2008-08-15 13:39:20 ----A---- C:\WINDOWS\system32\SET607.tmp
2008-08-15 13:39:18 ----A---- C:\WINDOWS\system32\SET5F5.tmp
2008-08-15 13:39:13 ----A---- C:\WINDOWS\system32\SET5CF.tmp
2008-08-15 13:39:11 ----A---- C:\WINDOWS\system32\SET5C0.tmp
2008-08-15 13:39:10 ----A---- C:\WINDOWS\system32\SET5BB.tmp
2008-08-15 13:39:09 ----A---- C:\WINDOWS\system32\SET5AD.tmp
2008-08-15 13:39:08 ----A---- C:\WINDOWS\system32\SET5A4.tmp
2008-08-15 13:39:05 ----A---- C:\WINDOWS\system32\SET59C.tmp
2008-08-15 13:39:02 ----A---- C:\WINDOWS\system32\SET591.tmp
2008-08-15 13:39:00 ----A---- C:\WINDOWS\system32\SET58A.tmp
2008-08-15 13:39:00 ----A---- C:\WINDOWS\system32\SET587.tmp
2008-08-15 13:38:59 ----A---- C:\WINDOWS\system32\SET582.tmp
2008-08-15 13:38:58 ----A---- C:\WINDOWS\system32\SET57C.tmp
2008-08-15 13:38:58 ----A---- C:\WINDOWS\system32\SET57B.tmp
2008-08-15 13:38:57 ----A---- C:\WINDOWS\system32\SET578.tmp
2008-08-15 13:38:55 ----A---- C:\WINDOWS\system32\SET56C.tmp
2008-08-15 13:38:53 ----A---- C:\WINDOWS\system32\SET569.tmp
2008-08-15 13:38:52 ----A---- C:\WINDOWS\system32\SET565.tmp
2008-08-15 13:38:52 ----A---- C:\WINDOWS\system32\SET564.tmp
2008-08-15 13:38:52 ----A---- C:\WINDOWS\system32\SET563.tmp
2008-08-15 13:38:51 ----A---- C:\WINDOWS\system32\SET561.tmp
2008-08-15 13:38:51 ----A---- C:\WINDOWS\system32\SET55F.tmp
2008-08-15 13:38:49 ----A---- C:\WINDOWS\system32\SET559.tmp
2008-08-15 13:38:49 ----A---- C:\WINDOWS\system32\SET558.tmp
2008-08-15 13:38:49 ----A---- C:\WINDOWS\system32\SET551.tmp
2008-08-15 13:38:46 ----A---- C:\WINDOWS\system32\SET547.tmp
2008-08-15 13:38:45 ----A---- C:\WINDOWS\system32\SET546.tmp
2008-08-15 13:38:43 ----A---- C:\WINDOWS\system32\SET53F.tmp
2008-08-15 13:38:41 ----A---- C:\WINDOWS\system32\SET53A.tmp
2008-08-15 13:38:40 ----A---- C:\WINDOWS\system32\SET52B.tmp
2008-08-15 13:38:39 ----A---- C:\WINDOWS\system32\SET52A.tmp
2008-08-15 13:38:38 ----A---- C:\WINDOWS\system32\SET521.tmp
2008-08-15 13:38:37 ----A---- C:\WINDOWS\system32\SET51C.tmp
2008-08-15 13:38:36 ----A---- C:\WINDOWS\system32\SET519.tmp
2008-08-15 13:38:33 ----A---- C:\WINDOWS\system32\SET516.tmp
2008-08-15 13:38:33 ----A---- C:\WINDOWS\system32\SET514.tmp
2008-08-15 13:38:32 ----A---- C:\WINDOWS\system32\SET513.tmp
2008-08-15 13:38:32 ----A---- C:\WINDOWS\system32\SET512.tmp
2008-08-15 13:38:30 ----A---- C:\WINDOWS\system32\SET50B.tmp
2008-08-15 13:38:30 ----A---- C:\WINDOWS\system32\SET50A.tmp
2008-08-15 13:38:30 ----A---- C:\WINDOWS\system32\SET509.tmp
2008-08-15 13:38:28 ----A---- C:\WINDOWS\system32\SET4FD.tmp
2008-08-15 13:38:27 ----A---- C:\WINDOWS\system32\SET4F7.tmp
2008-08-15 13:38:27 ----A---- C:\WINDOWS\system32\SET4F5.tmp
2008-08-15 13:38:27 ----A---- C:\WINDOWS\system32\SET4F4.tmp
2008-08-15 13:38:27 ----A---- C:\WINDOWS\system32\SET4F2.tmp
2008-08-15 13:38:26 ----A---- C:\WINDOWS\system32\SET4EF.tmp
2008-08-15 13:38:26 ----A---- C:\WINDOWS\system32\SET4EE.tmp
2008-08-15 13:38:26 ----A---- C:\WINDOWS\system32\SET4E9.tmp
2008-08-15 13:38:26 ----A---- C:\WINDOWS\system32\SET4E8.tmp
2008-08-15 13:38:26 ----A---- C:\WINDOWS\system32\SET4E7.tmp
2008-08-15 13:38:25 ----A---- C:\WINDOWS\system32\SET4E4.tmp
2008-08-15 13:38:25 ----A---- C:\WINDOWS\system32\SET4E2.tmp
2008-08-15 13:38:25 ----A---- C:\WINDOWS\system32\SET4DE.tmp
2008-08-15 13:38:24 ----A---- C:\WINDOWS\system32\SET4DC.tmp
2008-08-15 13:38:22 ----A---- C:\WINDOWS\system32\SET4CF.tmp
2008-08-15 13:38:21 ----A---- C:\WINDOWS\system32\SET4CE.tmp
2008-08-15 13:38:18 ----A---- C:\WINDOWS\system32\SET4A0.tmp
2008-08-15 13:38:18 ----A---- C:\WINDOWS\system32\SET49E.tmp
2008-08-15 13:38:17 ----A---- C:\WINDOWS\system32\SET49A.tmp
2008-08-15 13:38:13 ----A---- C:\WINDOWS\system32\SET481.tmp
2008-08-15 13:38:10 ----A---- C:\WINDOWS\system32\SET451.tmp
2008-08-15 13:38:09 ----A---- C:\WINDOWS\system32\SET440.tmp
2008-08-15 13:38:07 ----A---- C:\WINDOWS\system32\SET43D.tmp
2008-08-15 13:38:07 ----A---- C:\WINDOWS\system32\SET436.tmp
2008-08-15 13:38:06 ----A---- C:\WINDOWS\system32\SET434.tmp
2008-08-15 13:38:05 ----A---- C:\WINDOWS\system32\SET422.tmp
2008-08-15 13:38:04 ----A---- C:\WINDOWS\system32\SET402.tmp
2008-08-15 13:38:03 ----A---- C:\WINDOWS\system32\SET401.tmp
2008-08-15 13:38:02 ----A---- C:\WINDOWS\system32\SET3ED.tmp
2008-08-15 13:38:01 ----A---- C:\WINDOWS\system32\SET3DE.tmp
2008-08-15 13:38:00 ----A---- C:\WINDOWS\system32\SET3D5.tmp
2008-08-15 13:38:00 ----A---- C:\WINDOWS\system32\SET3D4.tmp
2008-08-15 13:37:58 ----A---- C:\WINDOWS\system32\SET3BC.tmp
2008-08-15 13:37:47 ----A---- C:\WINDOWS\system32\SET3BA.tmp
2008-08-15 13:37:47 ----A---- C:\WINDOWS\system32\SET3B4.tmp
2008-08-15 13:37:46 ----A---- C:\WINDOWS\system32\SET3B2.tmp
2008-08-15 13:37:45 ----A---- C:\WINDOWS\system32\SET3A3.tmp
2008-08-15 13:37:42 ----A---- C:\WINDOWS\system32\SET37A.tmp
2008-08-15 13:37:42 ----A---- C:\WINDOWS\system32\SET378.tmp
2008-08-15 13:37:42 ----A---- C:\WINDOWS\system32\SET376.tmp
2008-08-15 13:37:41 ----A---- C:\WINDOWS\system32\SET372.tmp
2008-08-15 13:37:37 ----A---- C:\WINDOWS\system32\SET33F.tmp
2008-08-15 13:37:36 ----A---- C:\WINDOWS\system32\SET33D.tmp
2008-08-15 13:37:34 ----A---- C:\WINDOWS\system32\SET320.tmp
2008-08-15 13:37:32 ----A---- C:\WINDOWS\system32\SET305.tmp
2008-08-15 13:37:30 ----A---- C:\WINDOWS\system32\SET2D1.tmp
2008-08-15 13:37:29 ----A---- C:\WINDOWS\system32\SET2CE.tmp
2008-08-15 13:37:29 ----A---- C:\WINDOWS\system32\SET2C3.tmp
2008-08-15 13:37:29 ----A---- C:\WINDOWS\system32\SET2C1.tmp
2008-08-15 13:37:27 ----A---- C:\WINDOWS\system32\SET285.tmp
2008-08-15 13:37:27 ----A---- C:\WINDOWS\system32\SET284.tmp
2008-08-15 13:37:26 ----A---- C:\WINDOWS\system32\SET281.tmp
2008-08-15 13:37:25 ----A---- C:\WINDOWS\system32\SET275.tmp
2008-08-15 13:37:24 ----A---- C:\WINDOWS\system32\SET263.tmp
2008-08-15 13:37:23 ----A---- C:\WINDOWS\system32\SET25D.tmp
2008-08-15 13:37:22 ----A---- C:\WINDOWS\system32\SET257.tmp
2008-08-15 13:37:19 ----A---- C:\WINDOWS\system32\SET238.tmp
2008-08-15 13:37:19 ----A---- C:\WINDOWS\system32\SET237.tmp
2008-08-15 13:37:18 ----A---- C:\WINDOWS\system32\SET232.tmp
2008-08-15 13:37:18 ----A---- C:\WINDOWS\system32\SET231.tmp
2008-08-15 13:37:17 ----A---- C:\WINDOWS\system32\SET22C.tmp
2008-08-15 13:37:17 ----A---- C:\WINDOWS\system32\SET224.tmp
2008-08-15 13:37:17 ----A---- C:\WINDOWS\system32\SET21D.tmp
2008-08-15 13:37:16 ----A---- C:\WINDOWS\system32\SET218.tmp
2008-08-15 13:37:15 ----A---- C:\WINDOWS\system32\SET216.tmp
2008-08-15 13:37:12 ----A---- C:\WINDOWS\system32\SET1EC.tmp
2008-08-15 13:37:11 ----A---- C:\WINDOWS\system32\SET1D9.tmp
2008-08-15 13:37:10 ----A---- C:\WINDOWS\system32\SET1D8.tmp
2008-08-15 13:37:09 ----A---- C:\WINDOWS\system32\SET1C5.tmp
2008-08-15 13:37:09 ----A---- C:\WINDOWS\system32\SET1B3.tmp
2008-08-15 13:37:08 ----A---- C:\WINDOWS\system32\SET1AE.tmp
2008-08-15 13:33:31 ----A---- C:\WINDOWS\003283_.tmp
2008-08-15 12:51:36 ----A---- C:\WINDOWS\ntbtlog.txt

======List of files/folders modified in the last 3 months======

2008-11-07 15:36:01 ----RSHD---- C:\WINDOWS\system32\DLLCACHE
2008-11-07 12:24:25 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-11-07 12:23:10 ----SHD---- C:\WINDOWS\Installer
2008-11-07 12:23:06 ----AD---- C:\Program Files
2008-11-07 12:22:11 ----D---- C:\WINDOWS\SYSTEM32
2008-11-07 12:10:26 ----D---- C:\WINDOWS\system32\CatRoot2
2008-11-07 12:10:12 ----SD---- C:\WINDOWS\Tasks
2008-11-07 12:05:42 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-11-07 08:20:50 ----D---- C:\WINDOWS
2008-11-05 19:21:49 ----D---- C:\WINDOWS\system32\DRIVERS
2008-11-05 19:21:48 ----D---- C:\WINDOWS\AppPatch
2008-11-05 19:21:48 ----D---- C:\Program Files\Common Files
2008-11-03 20:01:08 ----RASH---- C:\BOOT.INI
2008-11-03 20:01:08 ----A---- C:\WINDOWS\WIN.INI
2008-11-03 20:01:08 ----A---- C:\WINDOWS\SYSTEM.INI
2008-11-02 16:28:34 ----D---- C:\Program Files\NavNT
2008-11-02 15:11:13 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-02 13:33:26 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-11-02 12:29:59 ----D---- C:\WINDOWS\system32\CatRoot
2008-11-02 11:29:54 ----D---- C:\Program Files\Symantec
2008-11-02 11:15:57 ----D---- C:\WINDOWS\Temporary Internet Files
2008-11-02 11:14:34 ----D---- C:\Temp
2008-11-02 08:59:26 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-10-24 16:47:35 ----HD---- C:\WINDOWS\INF
2008-10-24 16:46:33 ----HD---- C:\WINDOWS\$hf_mig$
2008-10-21 16:35:11 ----D---- C:\Program Files\Lavasoft
2008-10-21 16:35:07 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-10-21 16:34:57 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-10-20 20:02:31 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-10-19 17:57:43 ----D---- C:\WINDOWS\system32\FxsTmp
2008-10-15 11:34:24 ----A---- C:\WINDOWS\system32\netapi32.dll
2008-10-14 22:15:36 ----A---- C:\WINDOWS\imsins.BAK
2008-10-14 22:14:28 ----D---- C:\Program Files\Internet Explorer
2008-10-07 12:19:42 ----A---- C:\WINDOWS\system32\MRT.exe
2008-10-03 12:41:15 ----A---- C:\WINDOWS\system32\ieframe.dll
2008-09-17 16:34:44 ----D---- C:\WINDOWS\Help
2008-09-13 11:39:28 ----D---- C:\Program Files\Ahead
2008-09-13 11:23:03 ----D---- C:\Documents and Settings\Sri\Application Data\Ahead
2008-09-10 21:19:24 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-09-10 21:19:01 ----D---- C:\WINDOWS\WinSxS
2008-08-27 03:24:32 ----A---- C:\WINDOWS\system32\mshtml.dll
2008-08-26 02:24:31 ----A---- C:\WINDOWS\system32\wininet.dll
2008-08-26 02:24:31 ----A---- C:\WINDOWS\system32\webcheck.dll
2008-08-26 02:24:31 ----A---- C:\WINDOWS\system32\urlmon.dll
2008-08-26 02:24:30 ----A---- C:\WINDOWS\system32\url.dll
2008-08-26 02:24:30 ----A---- C:\WINDOWS\system32\pngfilt.dll
2008-08-26 02:24:30 ----A---- C:\WINDOWS\system32\occache.dll
2008-08-26 02:24:30 ----A---- C:\WINDOWS\system32\mstime.dll
2008-08-26 02:24:30 ----A---- C:\WINDOWS\system32\msrating.dll
2008-08-26 02:24:30 ----A---- C:\WINDOWS\system32\mshtmled.dll
2008-08-26 02:24:30 ----A---- C:\WINDOWS\system32\msfeedsbs.dll
2008-08-26 02:24:30 ----A---- C:\WINDOWS\system32\msfeeds.dll
2008-08-26 02:24:30 ----A---- C:\WINDOWS\system32\jsproxy.dll
2008-08-26 02:24:29 ----A---- C:\WINDOWS\system32\iertutil.dll
2008-08-26 02:24:29 ----A---- C:\WINDOWS\system32\iernonce.dll
2008-08-26 02:24:29 ----A---- C:\WINDOWS\system32\iedkcs32.dll
2008-08-26 02:24:28 ----A---- C:\WINDOWS\system32\ieapfltr.dll
2008-08-26 02:24:28 ----A---- C:\WINDOWS\system32\ieaksie.dll
2008-08-26 02:24:28 ----A---- C:\WINDOWS\system32\ieakeng.dll
2008-08-26 02:24:28 ----A---- C:\WINDOWS\system32\icardie.dll
2008-08-26 02:24:28 ----A---- C:\WINDOWS\system32\extmgr.dll
2008-08-26 02:24:28 ----A---- C:\WINDOWS\system32\dxtrans.dll
2008-08-26 02:24:28 ----A---- C:\WINDOWS\system32\dxtmsft.dll
2008-08-26 02:24:28 ----A---- C:\WINDOWS\system32\advpack.dll
2008-08-25 03:38:00 ----A---- C:\WINDOWS\system32\ieudinit.exe
2008-08-25 03:37:59 ----A---- C:\WINDOWS\system32\ie4uinit.exe
2008-08-23 00:54:51 ----A---- C:\WINDOWS\system32\ieakui.dll
2008-08-22 14:33:43 ----SHD---- C:\RECYCLER
2008-08-22 14:31:08 ----A---- C:\WINDOWS\OEWABLog.txt
2008-08-22 14:03:46 ----D---- C:\WINDOWS\system32\Setup
2008-08-22 14:03:45 ----D---- C:\WINDOWS\system32\WBEM
2008-08-22 14:03:44 ----RSD---- C:\WINDOWS\Fonts
2008-08-22 14:02:58 ----D---- C:\WINDOWS\SECURITY
2008-08-22 13:59:30 ----D---- C:\Program Files\Messenger
2008-08-22 13:51:54 ----A---- C:\WINDOWS\SETUPLOG.TXT
2008-08-22 13:49:49 ----D---- C:\WINDOWS\ServicePackFiles
2008-08-22 13:49:45 ----D---- C:\Program Files\Windows Media Player
2008-08-22 13:49:14 ----D---- C:\WINDOWS\network diagnostic
2008-08-22 13:49:14 ----D---- C:\WINDOWS\IME
2008-08-22 13:48:23 ----D---- C:\WINDOWS\system32\en-US
2008-08-22 13:48:22 ----D---- C:\WINDOWS\system32\USMT
2008-08-22 13:48:19 ----D---- C:\WINDOWS\system32\scripting
2008-08-22 13:48:04 ----D---- C:\WINDOWS\l2schemas
2008-08-22 13:48:01 ----D---- C:\WINDOWS\system32\en
2008-08-22 13:48:00 ----D---- C:\WINDOWS\system32\bits
2008-08-22 13:47:59 ----D---- C:\WINDOWS\peernet
2008-08-22 13:47:58 ----D---- C:\Program Files\Movie Maker
2008-08-22 13:40:27 ----D---- C:\WINDOWS\system32\Restore
2008-08-22 13:40:26 ----D---- C:\WINDOWS\system32\NPP
2008-08-22 13:40:25 ----D---- C:\WINDOWS\MSAGENT
2008-08-22 13:40:21 ----D---- C:\WINDOWS\SRCHASST
2008-08-22 13:40:18 ----D---- C:\Program Files\NetMeeting
2008-08-22 13:40:16 ----D---- C:\WINDOWS\system32\Com
2008-08-22 13:40:04 ----D---- C:\Program Files\Windows NT
2008-08-22 13:40:03 ----D---- C:\Program Files\Outlook Express
2008-08-22 13:39:56 ----D---- C:\Program Files\Common Files\System
2008-08-22 13:39:26 ----D---- C:\WINDOWS\system32\OOBE
2008-08-22 13:39:22 ----D---- C:\WINDOWS\SYSTEM
2008-08-22 13:33:04 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-08-22 13:23:09 ----D---- C:\WINDOWS\EHome
2008-08-17 08:54:51 ----D---- C:\WINDOWS\ie7updates
2008-08-15 14:51:08 ----A---- C:\WINDOWS\NeroDigital.ini
2008-08-15 12:52:23 ----D---- C:\Documents and Settings

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2004-10-07 35840]
R1 Cdr4_xp;Cdr4_xp; C:\WINDOWS\system32\drivers\Cdr4_xp.sys [2005-08-19 2432]
R1 Cdralw2k;Cdralw2k; C:\WINDOWS\system32\drivers\Cdralw2k.sys [2005-08-19 2560]
R1 omci;OMCI WDM Device Driver; C:\WINDOWS\System32\DRIVERS\omci.sys [2002-07-19 17153]
R1 pwd_2k;pwd_2k; C:\WINDOWS\system32\drivers\pwd_2k.sys [2006-11-18 144250]
R1 UdfReadr_xp;UdfReadr_xp; C:\WINDOWS\system32\drivers\UdfReadr_xp.sys [2006-11-18 206464]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2002-08-29 12032]
R2 CdaC15BA;CdaC15BA; \??\C:\WINDOWS\System32\drivers\CdaC15BA.SYS []
R2 NAVAPEL;NAVAPEL; \??\C:\Program Files\NavNT\NAVAPEL.SYS []
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2002-04-01 4816]
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\System32\DRIVERS\bcm4sbxp.sys [2003-01-15 42368]
R3 BCMModem;BCM V.92 56K Modem; C:\WINDOWS\System32\DRIVERS\BCMSM.sys [2003-08-29 1101696]
R3 Cap7134;TVFM 503 WDM Video Capture; C:\WINDOWS\System32\DRIVERS\Cap7134.sys [2004-01-02 428064]
R3 Dot4 HPH11;Dot4 HPH11; C:\WINDOWS\System32\DRIVERS\hphid411.sys [2002-04-04 50800]
R3 Dot4Print HPH11;Print Class Driver for IEEE-1284.4 HPH11; C:\WINDOWS\System32\DRIVERS\hphipr11.sys [2002-04-04 16112]
R3 Dot4Storage HPH11;Storage Class Driver for IEEE-1284.4 (HPH11); C:\WINDOWS\System32\Drivers\hphs2k11.sys [2002-04-04 49956]
R3 Dot4Usb HPH11;Dot4Usb HPH11; C:\WINDOWS\System32\drivers\hphius11.sys [2002-04-04 18928]
R3 dvd_2K;dvd_2K; C:\WINDOWS\system32\drivers\dvd_2K.sys [2006-11-18 25930]
R3 GEARAspiWDM;GEAR CDRom Filter; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2006-09-19 15664]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 ialm;ialm; C:\WINDOWS\System32\DRIVERS\ialmnt5.sys [2005-10-19 807998]
R3 LVPrcMon;Logitech LVPrcMon Driver; \??\C:\WINDOWS\system32\drivers\LVPrcMon.sys []
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NAVAP;NAVAP; \??\C:\Program Files\NavNT\NAVAP.sys []
R3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20081102.004\NAVENG.sys []
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20081102.004\NAVEX15.sys []
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2002-08-05 545208]
R3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R4 black;black; C:\WINDOWS\System32\drivers\BlackDrv.sys [2005-03-29 229367]
S1 cdudf_xp;cdudf_xp; C:\WINDOWS\system32\drivers\cdudf_xp.sys [2006-11-18 241280]
S1 P3;Intel PentiumIII Processor Driver; C:\WINDOWS\System32\DRIVERS\p3.sys [2008-04-13 42752]
S3 {6080A529-897E-4629-A488-ABA0C29B635E};Intel® Graphics Platform (SoftBIOS) Driver; C:\WINDOWS\system32\drivers\ialmsbw.sys [2003-01-14 108736]
S3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91};Intel® Graphics Chipset (KCH) Driver; C:\WINDOWS\system32\drivers\ialmkchw.sys [2003-01-14 78272]
S3 BEL6001P;Belkin 11Mbps Wireless Desktop Adapter (F5D6001 V.2); C:\WINDOWS\System32\DRIVERS\BEL6001P.sys []
S3 Bridge;MAC Bridge; C:\WINDOWS\System32\DRIVERS\bridge.sys [2008-04-13 71552]
S3 BridgeMP;MAC Bridge Miniport; C:\WINDOWS\System32\DRIVERS\bridge.sys [2008-04-13 71552]
S3 catchme;catchme; \??\C:\DOCUME~1\Sri\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 CVirtA;Cisco Systems VPN Adapter; C:\WINDOWS\system32\DRIVERS\CVirtA.sys [2003-05-01 5220]
S3 EL90XBC;3Com EtherLink XL 90XB/C Adapter Driver; C:\WINDOWS\System32\DRIVERS\el90xbc5.sys [2001-08-17 66591]
S3 i81x;i81x; C:\WINDOWS\System32\DRIVERS\i81xnt5.sys [2004-08-04 161020]
S3 iAimFP0;iAimFP0; C:\WINDOWS\System32\DRIVERS\wADV01nt.sys [2004-08-04 12415]
S3 iAimFP1;iAimFP1; C:\WINDOWS\System32\DRIVERS\wADV02NT.sys [2004-08-04 12127]
S3 iAimFP2;iAimFP2; C:\WINDOWS\System32\DRIVERS\wADV05NT.sys [2004-08-04 11775]
S3 iAimFP3;iAimFP3; C:\WINDOWS\System32\DRIVERS\wSiINTxx.sys [2004-08-04 12063]
S3 iAimFP4;iAimFP4; C:\WINDOWS\System32\DRIVERS\wVchNTxx.sys [2004-08-04 19455]
S3 iAimTV0;iAimTV0; C:\WINDOWS\System32\DRIVERS\wATV01nt.sys [2004-08-04 29311]
S3 iAimTV1;iAimTV1; C:\WINDOWS\System32\DRIVERS\wATV02NT.sys [2004-08-04 19551]
S3 iAimTV2;iAimTV2; C:\WINDOWS\System32\DRIVERS\wATV03nt.sys []
S3 iAimTV3;iAimTV3; C:\WINDOWS\System32\DRIVERS\wATV04nt.sys [2004-08-04 33599]
S3 iAimTV4;iAimTV4; C:\WINDOWS\System32\DRIVERS\wCh7xxNT.sys [2004-08-04 23615]
S3 Lvckap;Logitech Kernel Audio Processing Filter Driver; \??\C:\WINDOWS\system32\drivers\Lvckap.sys []
S3 lvmvdrv;Logitech Machine Vision Engine Loader; \??\C:\WINDOWS\system32\drivers\lvmvdrv.sys []
S3 mmc_2K;mmc_2K; C:\WINDOWS\system32\drivers\mmc_2K.sys [2006-11-18 30662]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2004-08-04 1897408]
S3 pcand5bk;PCAND5BK PCANDIS5 Protocol Driver; \??\C:\WINDOWS\SYSTEM32\pcand5bk.SYS []
S3 QCMerced;Logitech QuickCam Express; C:\WINDOWS\system32\DRIVERS\LVCM.sys [2002-09-20 472396]
S3 RapFile;RapFile; \??\C:\WINDOWS\system32\drivers\RapFile.sys []
S3 RapNet;RapNet; \??\C:\WINDOWS\system32\drivers\RapNet.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\System32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 vsdatant;vsdatant; \??\C:\WINDOWS\System32\vsdatant.sys []
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\System32\DRIVERS\wanatw4.sys []
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-10-21 611664]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2007-06-28 106496]
R2 BlackICE;BlackICE; C:\Program Files\ISS\issSensors\DesktopProtection\blackd.exe [2004-10-29 847872]
R2 C-DillaCdaC11BA;C-DillaCdaC11BA; C:\WINDOWS\System32\drivers\CDAC11BA.EXE [2003-02-08 52736]
R2 DefWatch;DefWatch; C:\Program Files\NavNT\defwatch.exe [2002-06-03 32768]
R2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 267776]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-11-07 152984]
R2 LVPrcSrv;Logitech Process Monitor; c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe [2005-12-09 81920]
R2 Norton AntiVirus Server;Norton AntiVirus Client; C:\Program Files\NavNT\rtvscan.exe [2002-06-03 471040]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]
R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2007-06-28 501048]
R3 Pml Driver HPH11;Pml Driver HPH11; C:\WINDOWS\System32\HPHipm11.exe [2002-04-04 77824]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 NAVRoam;NAVRoam; C:\PROGRA~1\NavNT\NAVRoam.exe [2002-06-03 237568]
S3 RapApp;RapApp; C:\Program Files\ISS\issSensors\DesktopProtection\RapApp.exe [2003-06-19 688128]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]

-----------------EOF-----------------
info.txt logfile of random's system information tool 1.04 2008-11-07 10:41:10

======Uninstall list======

-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->C:\WINDOWS\UNINST.EXE -f"C:\Program Files\Adobe\Photoshop 5.0\DeIsL1.isu" -c"C:\Program Files\Adobe\Photoshop 5.0\Uninst.dll"
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player 9 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Reader 7.1.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A71000000002}
Apple Mobile Device Support-->MsiExec.exe /I{8FC46258-0843-4D79-B7F0-F2B82FE6173B}
BCM V.92 56K Modem-->C:\WINDOWS\BCMSMU.exe quiet
Bridge Baron 14-->MsiExec.exe /X{96D9AEF8-8BBB-4C90-8A73-246D413755DF}
Broadcom Advanced Control Suite-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{468190DA-FB4C-45BA-8E40-4B165FF1A939} /l1033
Canon Camera Window for ZoomBrowser EX-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{570B96D1-70D3-4B48-93EF-029440FA1BCE}
Canon Utilities ZoomBrowser EX-->MsiExec.exe /X{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}
Classic PhoneTools-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E3436EE2-D5CB-4249-840B-3A0140CC34C3}\setup.exe" -l0x9 ControlPanel
Digital Line Detect-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
DVDSentry-->MsiExec.exe /I{98DF85D9-96C0-4F57-A92E-C3539477EF5E}
Easy CD Creator 5 Basic-->MsiExec.exe /I{609F7AC8-C510-11D4-A788-009027ABA5D0}
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HP Photo and Imaging 1.0 - HP Photosmart Printer Series-->MsiExec.exe /I{0D396571-7BBD-44CE-ABB3-518BF86B72F7}
ImageMixer for HDD Camcorder-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{44E5B47F-870E-4E38-A458-8A5FC4DCFECF}\setup.exe" -l0x9 UNINSTALL -removeonly
Intel® Extreme Graphics Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2562
iPod for Windows 2005-02-22-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{B6ACFF51-248A-4290-B50B-E50C81F25B97} /l1033
iTunes-->MsiExec.exe /I{85B90D8C-70F3-4E84-BD31-5E9489C0F9FB}
LiveUpdate 1.7 (Symantec Corporation)-->C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Logitech QuickCam Software-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C191BE7C-8542-4A61-973A-714EF76C5995}\setup.exe" -l0x9
Logitech® Camera Driver-->"C:\Program Files\Common Files\Logitech\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT
Microsoft .NET Framework (English) v1.0.3705-->C:\WINDOWS\Microsoft.NET\Framework\Install.exe /u /p Microsoft .NET Framework Full v1.0.3705 (1033)
Microsoft .NET Framework (English)-->MsiExec.exe /X{B43357AA-3A6D-4D94-B56E-43C44D09E548}
Microsoft .NET Framework 1.0 Hotfix (KB928367)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Updates\M928367\M928367Uninstall.msp"
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft Data Access Components KB870669-->C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office 2000 Premium-->MsiExec.exe /I{00000409-78E1-11D2-B60F-006097C998E7}
MioMore Desktop 2008-->C:\Program Files\InstallShield Installation Information\{7617FC2E-EA1B-4F07-A0F5-5D5F437CB32D}\Setup.exe -runfromtemp -l0x0009 -removeonly
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
Musicmatch® Jukebox-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8EF1122E-E90C-4EE9-AB0C-7FDE2BA42C26}\setup.exe" -l0x9 -uninst
neoDVDstandard-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{D1AD7439-FBCA-4345-A780-2A5617EBA9DE} /l1033
Nero Digital-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
Nero OEM-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
Norton AntiVirus Corporate Edition-->MsiExec.exe /I{BD12EB47-DBDF-11D3-BEEA-00A0CC272509}
Oubliette 1.9.5-->"C:\Program Files\Oubliette\unins000.exe"
Photosmart Printer 130,230,7150,7350,7550 (Remove only)-->C:\Program Files\HP Photosmart 11\Printer\hphuni04.exe
PL-2303 USB-to-Serial-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}\Setup.exe" -l0x9 Installed
SafeCast Shared Components-->C:\WINDOWS\CDAC13BA.EXE /uninstall
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Time Zone Data Update Tool for Microsoft Office Outlook-->MsiExec.exe /X{95120000-0038-0409-0000-0000000FF1CE}
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Window Search-->C:\DOCUME~1\Sri\APPLIC~1\lyblecrz.exe -UnIst
Windows Defender-->MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Genuine Advantage v1.3.0254.0-->MsiExec.exe /I{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}
Windows Live installer-->MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Mail-->MsiExec.exe /I{184E7118-0295-43C4-B72C-1D54AA75AAF7}
Windows Live Messenger-->MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Sign-in Assistant-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"

=====HijackThis Backups=====

O2 - BHO: (no name) - {9CB1B50A-EB1B-44DF-A466-245BF3DF271B} - C:\WINDOWS\system32\efcDsqrP.dll (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O20 - Winlogon Notify: nnnoOeDs - C:\WINDOWS\
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: (no name) - {75ABCF92-9764-4DFA-A83F-5142C3905052} - (no file)

Hosts File Missing




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users