Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

redirect malware


  • This topic is locked This topic is locked
15 replies to this topic

#1 harjon

harjon

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:57 PM

Posted 23 April 2009 - 09:59 PM

Please forgive me if I did this wrong or posted in the wrong place. I tried running the DDS.scr file as suggested but it will not run. I then downloaded the Rsit file which ran the HJT I already had installed. below are the logs it created. My browser is being redirected when I search. I have to use the back button to go back to the original link and click it again to get to the original link. also today my e-mails started loosing their "subject" and "from" lines...but when you preview the e-mail it is a liget e-mail which should read in HTML but is all text and gibberish (to me anyway) if I am in the wrong place please just direct me to the right place and I will be on my way. thanks for your help.
JC

Logfile of random's system information tool 1.06 (written by random/random)
Run by Harland Harriman at 2009-04-23 22:53:00
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 10 GB (25%) free of 38 GB
Total RAM: 511 MB (27% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:53:10 PM, on 4/23/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Nhksrv.exe
C:\WINDOWS\System32\PackethSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\MsPMSPSv.exe
c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
C:\PROGRA~1\HEWLET~1\PHOTOS~1\HPSHAR~1\hpgs2wnf.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Harland Harriman\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Harland Harriman.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {87B88B8B-4147-4E33-B99E-5C3CA500C608} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [StatusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
O4 - HKLM\..\Run: [CXMon] "C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\\PSDrvCheck.exe
O4 - HKLM\..\Run: [Lexmark X6100 Series] "C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - HKCU\..\Run: [IW_Drop_Icon] C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe /DropDisc
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZJxdm025RZUS
O8 - Extra context menu item: eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {0FC6BF2B-E16A-11CF-AB2E-0080AD08A326} - http://www.liveupdate.com/controls/getcab5.dll
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...etup1.0.1.1.cab
O16 - DPF: {1DF36010-E276-11D4-A7C0-00C04F0453DD} (Stamps.com Secure Postal Account Registration) - http://www.stamps.com/download/us/registra...23/sdcregie.cab
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.0.6.5.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200211...meInstaller.exe
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} (ContactExtractor Class) - http://www.facebook.com/controls/contactx.dll
O16 - DPF: {8C285F85-0DBD-11D3-8B37-00A02459FA0F} (CuWeb CuWebConf) - http://ic.vcsystem.com/packages/cuweb.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} (View22RTE Class) - http://hgtv.view22.com/view22/app/view22rte.cab
O16 - DPF: {BE5431D2-0F30-11D4-89D9-00C04F509C0A} (SDCInstaller Class) - https://secure.stamps.com/download/us/cab/s...file=stamps.cab
O16 - DPF: {C9B08199-657A-468D-A26B-692137572131} (FFHostContainer Class) - http://www.focusfocus.com/download/windows/ffhost.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {D59931FE-DC91-11D2-88D5-000000000000} (FocusFocusChat Class) - http://www.focusfocus.com/download/windows/ffcall.cab
O16 - DPF: {E87A6788-1D0F-4444-8898-1D25829B6755} (MSN Chat Control 4.0) - http://fdl.msn.com/public/chat/msnchat4.cab
O16 - DPF: {ED28050F-D713-43BA-A376-DCC5C35407D5} (MsnMusicAx Class) - https://music.msn.com/client/msnmusax4227.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.3.0.cab
O21 - SSODL: sqkRCaSl - {347371F7-9ED9-DB5D-2351-6A9E63CFBBCD} - (no file)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Virtual NIC Service (PackethSvc) - America Online, Inc. - C:\WINDOWS\System32\PackethSvc.exe
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SoundMovieServer - SoundMovieServer - C:\WINDOWS\system32\snmvtsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O24 - Desktop Component 0: (no name) - http://www.badpuppy.com/members/images/wal...ated/marmaf.gif
O24 - Desktop Component 1: (no name) - C:\Program Files\Online Services\dibobob.html

--
End of file - 12879 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Disk Cleanup.job
C:\WINDOWS\tasks\RegCure Program Check.job
C:\WINDOWS\tasks\RegCure.job
C:\WINDOWS\tasks\Symantec NetDetect.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-01-12 63128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22D8E815-4A5E-4DFB-845E-AAB64207F5BD}]
eBay Toolbar Helper - C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll [2009-01-15 525552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{87B88B8B-4147-4E33-B99E-5C3CA500C608}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{92085AD4-F48A-450D-BD93-B28CC7DF67CE} - eBay Toolbar - C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll [2009-01-15 525552]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"!AVG Anti-Spyware"=C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe [2007-06-11 6731312]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-08-11 7630848]
"TomcatStartup"=C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe [2003-03-31 155648]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2006-07-04 180269]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"StatusClient"=C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe [2002-12-16 36864]
"Share-to-Web Namespace Daemon"=C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe [2001-07-03 57344]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2006-07-13 282624]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2006-08-11 86016]
"Microsoft Works Update Detection"=C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe [2001-08-17 28738]
"LVCOMS"=C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE [2001-09-24 98304]
"eBayToolbar"=C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe [2009-01-15 632048]
"DXM6Patch_981116"=C:\WINDOWS\p_981116.exe [1998-11-30 497376]
"CXMon"=C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe [2001-08-09 45056]
"Adobe Photo Downloader"=C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe [2005-06-06 57344]
"PinnacleDriverCheck"=C:\WINDOWS\system32\\PSDrvCheck.exe [2003-12-04 406016]
"Lexmark X6100 Series"=C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe [2003-09-23 57344]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"WebCamRT.exe"= []
"updateMgr"=C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [2005-10-24 307200]
"IW_Drop_Icon"=C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe [2006-02-16 1346560]
"Yahoo! Pager"=C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2007-08-30 4670704]
"MsnMsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5724184]
"Aim6"=C:\Program Files\AIM6\aim6.exe [2008-10-21 50472]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OrderReminder]
C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder\OrderReminder.exe [2005-04-27 98304]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Harland Harriman^Start Menu^Programs^Startup^Think-Adz.lnk]
[]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE
NkbMonitor.exe.lnk - C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
NkvMon.exe.lnk - C:\Program Files\Nikon\NkView6\NkvMon.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WRNotifier]
C:\WINDOWS\system32\WRLogonNTF.dll [2006-02-03 492544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
sqkRCaSl - {347371F7-9ED9-DB5D-2351-6A9E63CFBBCD}
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{E9BD0828-1FD9-410C-A50F-43EBE65D310F}"= []
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"=C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [2007-05-30 79408]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Guard]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SYMTDI]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\LeapFTP\LeapFTP.exe"="C:\Program Files\LeapFTP\LeapFTP.exe:*:Enabled:File Transfer Protocol (FTP) Client"
"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer"
"C:\Program Files\AIM95\aim.exe"="C:\Program Files\AIM95\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\Program Files\Yahoo!\Messenger\YPager.exe"="C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
"C:\Program Files\Microsoft Office\OFFICE11\FRONTPG.EXE"="C:\Program Files\Microsoft Office\OFFICE11\FRONTPG.EXE:*:Enabled:Microsoft Office FrontPage"
"C:\Program Files\Acceleration Software\Anti-Virus\stopsignav.exe"="C:\Program Files\Acceleration Software\Anti-Virus\stopsignav.exe:*:Enabled:Stop-Sign Threat Scanner GUI"
"C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe"="C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe:*:Disabled:javaw"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Program Files\WinMX\WinMX.exe"="C:\Program Files\WinMX\WinMX.exe:*:Enabled:WinMX Application"
"C:\Documents and Settings\Harland Harriman\Local Settings\Application Data\Microsoft\CD Burning\LeapFTP.exe"="C:\Documents and Settings\Harland Harriman\Local Settings\Application Data\Microsoft\CD Burning\LeapFTP.exe:*:Enabled:File Transfer Protocol (FTP) Client"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Pinnacle\Studio 10\programs\RM.exe"="C:\Program Files\Pinnacle\Studio 10\programs\RM.exe:*:Enabled:Render Manager"
"C:\Program Files\Pinnacle\Studio 10\programs\Studio.exe"="C:\Program Files\Pinnacle\Studio 10\programs\Studio.exe:*:Enabled:Studio"
"C:\Program Files\Pinnacle\Studio 10\programs\PMSRegisterFile.exe"="C:\Program Files\Pinnacle\Studio 10\programs\PMSRegisterFile.exe:*:Enabled:PMSRegisterFile"
"C:\Program Files\Pinnacle\Studio 10\programs\umi.exe"="C:\Program Files\Pinnacle\Studio 10\programs\umi.exe:*:Enabled:umi"
"F:\Pinnacle\programs\RM.exe"="F:\Pinnacle\programs\RM.exe:*:Enabled:Render Manager"
"F:\Pinnacle\programs\Studio.exe"="F:\Pinnacle\programs\Studio.exe:*:Enabled:Studio"
"F:\Pinnacle\programs\PMSRegisterFile.exe"="F:\Pinnacle\programs\PMSRegisterFile.exe:*:Enabled:PMSRegisterFile"
"F:\Pinnacle\programs\umi.exe"="F:\Pinnacle\programs\umi.exe:*:Enabled:umi"
"C:\Program Files\Pinnacle\Shared Files\Programs\MediaManager\PMSManager.exe"="C:\Program Files\Pinnacle\Shared Files\Programs\MediaManager\PMSManager.exe:*:Enabled:MediaManager Application"
"C:\WINDOWS\SYSTEM32\dxdiag.exe"="C:\WINDOWS\SYSTEM32\dxdiag.exe:*:Enabled:Microsoft DirectX Diagnostic Tool"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Disabled:Messenger"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

======File associations======

.ini - open - C:\WINDOWS\SYSTEM32\NOTEPAD.EXE %1
.txt - open - C:\WINDOWS\SYSTEM32\NOTEPAD.EXE %1

======List of files/folders created in the last 1 months======

2009-04-23 22:53:00 ----D---- C:\rsit
2009-04-17 03:06:40 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2009-04-17 03:06:20 ----HDC---- C:\WINDOWS\$NtUninstallKB961373$
2009-04-17 03:03:30 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2009-04-17 03:02:53 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2009-04-17 03:02:04 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2009-04-17 03:01:22 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2009-04-16 12:25:07 ----D---- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2009-03-30 11:45:33 ----D---- C:\Documents and Settings\Harland Harriman\Application Data\FunWebProducts
2009-03-30 08:40:21 ----D---- C:\Documents and Settings\Harland Harriman\Application Data\acccore
2009-03-30 08:39:21 ----D---- C:\Documents and Settings\All Users\Application Data\acccore
2009-03-30 08:39:00 ----D---- C:\Documents and Settings\All Users\Application Data\AOL OCP
2009-03-30 08:39:00 ----D---- C:\Documents and Settings\All Users\Application Data\AOL
2009-03-30 08:38:30 ----D---- C:\Program Files\Common Files\AOL
2009-03-30 08:38:07 ----D---- C:\Program Files\AIM6

======List of files/folders modified in the last 1 months======

2009-04-23 22:42:46 ----D---- C:\WINDOWS\system32\CatRoot2
2009-04-23 22:42:11 ----D---- C:\WINDOWS\SYSTEM32
2009-04-23 22:42:11 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-04-23 22:39:01 ----D---- C:\WINDOWS\Temp
2009-04-23 22:38:58 ----A---- C:\iwctrllog.txt
2009-04-23 22:38:01 ----D---- C:\WINDOWS
2009-04-23 22:28:19 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-04-23 14:45:23 ----D---- C:\WINDOWS\Prefetch
2009-04-23 05:47:31 ----D---- C:\Program Files\Spyware Doctor
2009-04-23 03:01:48 ----SHD---- C:\WINDOWS\Installer
2009-04-22 16:56:52 ----D---- C:\WINDOWS\system32\DRIVERS
2009-04-22 03:22:51 ----D---- C:\WINDOWS\system32\CatRoot
2009-04-22 03:22:27 ----HD---- C:\WINDOWS\INF
2009-04-22 03:11:05 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-04-17 03:14:31 ----D---- C:\WINDOWS\system32\WBEM
2009-04-17 03:14:31 ----D---- C:\WINDOWS\AppPatch
2009-04-17 03:14:31 ----D---- C:\Program Files\Internet Explorer
2009-04-17 03:06:52 ----RSHD---- C:\WINDOWS\system32\DLLCACHE
2009-04-17 03:06:26 ----A---- C:\WINDOWS\imsins.BAK
2009-04-17 03:05:24 ----D---- C:\WINDOWS\system32\en-US
2009-04-17 03:04:44 ----D---- C:\WINDOWS\ie7updates
2009-04-17 03:03:20 ----HD---- C:\WINDOWS\$hf_mig$
2009-04-07 22:28:49 ----D---- C:\Program Files
2009-04-03 22:55:37 ----D---- C:\Program Files\MyWebSearch
2009-04-03 22:55:36 ----D---- C:\Program Files\FunWebProducts
2009-04-03 07:42:26 ----AC---- C:\WINDOWS\lexstat.ini
2009-04-02 13:36:47 ----D---- C:\Program Files\Steinberg
2009-04-02 07:21:08 ----SD---- C:\WINDOWS\Tasks
2009-03-30 11:39:02 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-03-30 08:39:28 ----D---- C:\Documents and Settings\All Users\Application Data\Viewpoint
2009-03-30 08:39:27 ----D---- C:\Documents and Settings\Harland Harriman\Application Data\Viewpoint
2009-03-30 08:38:30 ----D---- C:\Program Files\Common Files
2009-03-29 06:38:17 ----D---- C:\Program Files\Watermark Factory

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AVG Anti-Spyware Driver;AVG Anti-Spyware Driver; \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys []
R1 AvgAsCln;AVG Anti-Spyware Clean Driver; C:\WINDOWS\System32\DRIVERS\AvgAsCln.sys [2007-05-30 10872]
R1 Cdr4_xp;Cdr4_xp; C:\WINDOWS\system32\drivers\Cdr4_xp.sys [2003-04-08 61424]
R1 Cdralw2k;Cdralw2k; C:\WINDOWS\system32\drivers\Cdralw2k.sys [2003-04-08 23436]
R1 PCLEPCI;PCLEPCI; \??\C:\WINDOWS\system32\drivers\pclepci.sys []
R1 pctfw2;pctfw2; \??\C:\WINDOWS\SYSTEM32\DRIVERS\pctfw2.sys []
R1 vobiw;vobiw; C:\WINDOWS\system32\drivers\vobiw.sys [2004-09-01 188416]
R1 wpsdrvnt;wpsdrvnt; \??\C:\WINDOWS\System32\drivers\wpsdrvnt.sys []
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-18 12032]
R2 Fallback;Fallback; C:\WINDOWS\System32\DRIVERS\fallback.sys [2001-07-18 310899]
R2 Fsks;Fsks; C:\WINDOWS\System32\DRIVERS\fsksnt.sys [2001-07-18 127405]
R2 K56;K56; C:\WINDOWS\System32\DRIVERS\k56nt.sys [2001-07-18 426783]
R2 MCSTRM;MCSTRM; C:\WINDOWS\system32\drivers\MCSTRM.sys [2007-01-19 8413]
R2 SoftFax;SoftFax; C:\WINDOWS\System32\DRIVERS\faxnt.sys [2001-07-18 217019]
R2 Tones;Tones; C:\WINDOWS\System32\DRIVERS\tonesnt.sys [2001-07-18 56607]
R2 V124;V124; C:\WINDOWS\System32\DRIVERS\v124nt.sys [2001-07-18 534125]
R2 wg3n;SyGate for NT, wg3n; C:\WINDOWS\SYSTEM32\Drivers\wg3n.sys [2002-01-07 8023]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2004-08-04 60800]
R3 ASAPIW2k;ASAPIW2K; C:\WINDOWS\System32\Drivers\ASAPIW2K.sys [2003-12-04 11264]
R3 basic2;basic2; C:\WINDOWS\System32\DRIVERS\basic2.sys [2001-07-18 77426]
R3 BCM43XX;Wireless-G PCI Adapter Driver; C:\WINDOWS\System32\DRIVERS\bcmwl5.sys [2003-07-17 265728]
R3 cdrdrv;Cdrdrv; C:\WINDOWS\System32\Drivers\Cdrdrv.sys [2005-02-10 62976]
R3 DM9102;CNet PRO200WL PCI Fast Ethernet NT Driver ; C:\WINDOWS\System32\DRIVERS\DM9PCI5.SYS [2001-12-04 32256]
R3 Dot4;MS IEEE-1284.4 Driver; C:\WINDOWS\system32\DRIVERS\Dot4.sys [2004-08-04 207360]
R3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys [2001-08-17 12928]
R3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\WINDOWS\system32\DRIVERS\dot4usb.sys [2001-08-17 23808]
R3 Eplpdx02;Eplpdx02; \??\C:\WINDOWS\System32\Drivers\EPLPDX02.SYS []
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2005-02-02 14408]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 MarvinBus;Pinnacle Marvin Bus; C:\WINDOWS\system32\DRIVERS\MarvinBus.sys [2005-06-02 171008]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 Msikbd2k;DellTouch; C:\WINDOWS\System32\DRIVERS\msikbd2k.sys [2000-10-03 6942]
R3 MusCDriverV32;MusCDriverV32; C:\WINDOWS\system32\drivers\MusCDriverV32.sys [2007-11-23 515200]
R3 MusCVideo32;MusCVideo32; C:\WINDOWS\system32\DRIVERS\MusCVideo32.sys [2007-11-23 3768]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2004-08-04 61824]
R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2006-08-11 3958496]
R3 pfc;PADUS ASPI SHELL; C:\WINDOWS\system32\drivers\pfc.sys [2002-06-13 14604]
R3 Rksample;Rksample; C:\WINDOWS\System32\DRIVERS\rksample.sys [2001-07-18 67654]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2001-07-25 438200]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2004-08-04 31616]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2004-08-04 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2004-08-04 15104]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-04 20480]
R3 VBus;Virtual Bus; C:\WINDOWS\system32\DRIVERS\NkVBus.sys [2005-06-17 17664]
R3 winachsf;winachsf; C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys [2001-07-25 584336]
S1 P3;Intel PentiumIII Processor Driver; C:\WINDOWS\System32\DRIVERS\p3.sys [2004-08-04 42496]
S2 BDRSDRV;BDRSDRV; \??\C:\Program Files\Softwin\BitDefender10\bdrsdrv.sys []
S3 61883;61883 Unit Device; C:\WINDOWS\System32\DRIVERS\61883.sys [2004-08-04 48128]
S3 ac97intc;Intel® 82801 Audio Driver Install Service (WDM); C:\WINDOWS\system32\drivers\ac97intc.sys [2001-08-17 96256]
S3 Aldebaran;Aldebaran - Storage Filter Drivers; \??\C:\WINDOWS\system32\Drivers\Aldebaran.sys []
S3 Avc;AVC Device; C:\WINDOWS\System32\DRIVERS\avc.sys [2004-08-04 38912]
S3 AVCSTRM;AVC Streaming Filter Driver; C:\WINDOWS\system32\DRIVERS\avcstrm.sys [2004-08-04 13696]
S3 BDFSDRV;BDFSDRV; \??\C:\Program Files\Softwin\BitDefender10\bdfsdrv.sys []
S3 Bridge;MAC Bridge; C:\WINDOWS\System32\DRIVERS\bridge.sys [2004-08-04 71552]
S3 BridgeMP;MAC Bridge Miniport; C:\WINDOWS\System32\DRIVERS\bridge.sys [2004-08-04 71552]
S3 bvrp_pci;bvrp_pci; C:\WINDOWS\system32\drivers\bvrp_pci.sys [2001-06-20 4272]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2004-08-04 17024]
S3 EL90XBC;3Com EtherLink XL 90XB/C Adapter Driver; C:\WINDOWS\System32\DRIVERS\el90xbc5.sys [2001-08-17 66591]
S3 hsf_msft;hsf_msft; C:\WINDOWS\System32\DRIVERS\HSF_MSFT.sys [2001-08-17 542879]
S3 IKFileSec;File Security Driver; C:\WINDOWS\system32\drivers\ikfilesec.sys [2008-02-01 42376]
S3 IKSysFlt;System Filter Driver; C:\WINDOWS\system32\drivers\iksysflt.sys [2007-12-10 66952]
S3 IKSysSec;System Security Driver; C:\WINDOWS\system32\drivers\iksyssec.sys [2007-12-10 81288]
S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\System32\DRIVERS\msdv.sys [2004-08-04 51328]
S3 MSTAPE;Microsoft AV/C Tape Subunit Device; C:\WINDOWS\system32\DRIVERS\mstape.sys [2004-08-04 49024]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-04 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2004-08-04 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [2004-08-04 10880]
S3 nv4;nv4; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2006-08-11 3958496]
S3 PhilCam8116;Logitech QuickCam Pro 3000(PID_08B0); C:\WINDOWS\System32\DRIVERS\CamDrL21.sys [2001-08-01 348169]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\System32\DRIVERS\SLIP.sys [2004-08-04 11136]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 streamip;BDA IPSink; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [2004-08-04 15360]
S3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-04 59264]
S3 wandrv;WAN Network Driver; C:\WINDOWS\System32\DRIVERS\wandrv.sys [2001-08-09 22608]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2004-08-04 19328]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\agpCPQ.sys [2004-08-04 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\alim1541.sys [2004-08-04 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\System32\DRIVERS\amdagp.sys [2004-08-04 43008]
S4 cbidf;cbidf; C:\WINDOWS\System32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\sisagp.sys [2004-08-04 41088]
S4 sr;System Restore Filter Driver; C:\WINDOWS\System32\DRIVERS\sr.sys [2004-08-04 73472]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\viaagp.sys [2004-08-04 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AVG Anti-Spyware Guard;AVG Anti-Spyware Guard; C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe [2007-05-30 312880]
R2 LexBceS;LexBce Server; C:\WINDOWS\system32\LEXBCES.EXE [2003-09-23 303104]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2003-06-20 322120]
R2 MSSQL$PINNACLESYS;MSSQL$PINNACLESYS; C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe [2008-12-18 9158656]
R2 Nhksrv;Netropa NHK Server; C:\WINDOWS\Nhksrv.exe [2001-08-06 28672]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-08-11 155715]
R2 PackethSvc;Virtual NIC Service; C:\WINDOWS\System32\PackethSvc.exe [2001-08-09 64512]
R2 PinnacleSys.MediaServer;Pinnacle Systems Media Service; c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe [2006-01-19 49152]
R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R2 WMDM PMSP Service;WMDM PMSP Service; C:\WINDOWS\System32\MsPMSPSv.exe [2000-08-08 53520]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 iPodService;iPodService; C:\Program Files\iPod\bin\iPodService.exe [2006-06-14 323584]
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2005-05-03 73728]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2002-08-01 65536]
S3 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\pctsAuxs.exe [2008-06-02 337800]
S3 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\pctsSvc.exe [2008-06-02 1017224]
S3 SoundMovieServer;SoundMovieServer; C:\WINDOWS\system32\snmvtsvc.exe [2007-11-23 184320]
S3 SQLAgent$PINNACLESYS;SQLAgent$PINNACLESYS; C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlagent.EXE [2005-05-03 323584]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]

-----------------EOF-----------------
info.txt logfile of random's system information tool 1.06 2009-04-23 22:53:14

======Uninstall list======

-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BD1AD5DB-B0AA-4685-B773-671751D71963}\setup.exe" -l0x9
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ACDSee-->C:\PROGRA~1\ACDSYS~1\ACDSee\UNWISE.EXE C:\PROGRA~1\ACDSYS~1\ACDSee\INSTALL.LOG
Adobe Acrobat 4.0, 5.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 7.0.7-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70500000002}
Adobe Shockwave Player-->C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~2\UNWISE.EXE C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~2\Install.log
Adobe® Photoshop® Album Starter Edition 3.0-->MsiExec.exe /I{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}
AIM 6-->C:\Program Files\AIM6\uninst.exe
AllMusicConverter 3.1.6-->"C:\Program Files\AllMusicConverter\unins000.exe"
AOL Instant Messenger-->C:\Program Files\AIM95\uninstll.exe -LOG= C:\Program Files\AIM95\install.log -OEM=
AVG Anti-Spyware 7.5-->C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Clic*Pic Gallery Creator-->C:\Program Files\ClicPic\Uninstal.exe
Conexant HSF V92 56K Data Fax PCI Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2013&SUBSYS_021213E0\HxFSETUP.EXE -U -IVEN_14F1&DEV_2013&SUBSYS_021213E0
Dell Solution Center-->MsiExec.exe /X{11F1920A-56A2-4642-B6E0-3B31A12C9288}
DiscAPI (Studio 10)-->MsiExec.exe /X{A77F3C2D-50CC-4A29-A1FB-1E018BE4DCA2}
DivX-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
EasySellerCalculator 1.6.7-->"c:\mfcs\easysellercalculator\unins000.exe"
eBay Toolbar Featuring Yahoo!-->C:\Program Files\InstallShield Installation Information\{3DB5FD00-BB93-4AF3-B925-77DAA0E4E2F4}\setup.exe -runfromtemp -l0x0009 eBay Toolbar Featuring Yahoo! -removeonly
eBook Pro Viewer 5.52-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BE5B3364-56D6-4D95-9392-EEEAE922B0D6}\Setup.exe"
EPSON Printer Software-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /r
Google Video Uploader-->"C:\Program Files\Google Video\Uninstall.exe"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix 2050 for SQL Server 2000 ENU (KB948110)-->"C:\WINDOWS\$SQLUninstallSQL2000-KB948110-v8.00.2050-x86-ENU$\spuninst\spuninst.exe"
Hotfix 2055 for SQL Server 2000 ENU (KB960082)-->"C:\WINDOWS\$SQLUninstallSQL2000-KB960082-v8.00.2055-x86-ENU$\spuninst\spuninst.exe"
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
hp LaserJet 1010 Series-->MsiExec.exe /x {292C47B2-8DB7-47BF-896C-C3C5EE8108C4}
HP Photo Imaging Software-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Uninstall.isu" -c"C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\hpiunCX.dll
HP Photo Printing Software-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Printing\Uninstall.isu" -c"C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Printing\hpiunPC.dll
HP Precisionscan Pro 3.1-->MsiExec.exe /I{6B36DEBF-27D0-4B1E-858D-D397091C6C7D}
HP Share-to-Web-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{748F4870-8350-11D3-B0BF-080009FB4A19}\Setup.exe" --MAIN -l9
Ink Monitor-->C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe -U
InterActual Player-->C:\Program Files\InterActual\InterActual Player\inuninst.exe
IrfanView (remove only)-->C:\Program Files\IrfanView\iv_uninstall.exe
iTunes-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{54C0D94A-F467-4ABC-9D02-6E58748668D4} /l1033
Java 2 Runtime Environment, SE v1.4.2_04-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142040}
Java™ 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java™ 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
LeapFTP-->C:\WINDOWS\unleap.exe C:\Program Files\LeapFTP\install.log
Lernout & Hauspie TruVoice American English TTS Engine-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\tv_enua.inf, Uninstall
Lexmark Skin: Helix-->C:\PROGRA~1\LEXMAR~2\Skin1\UNWISE.EXE C:\PROGRA~1\LEXMAR~2\Skin1\INSTALL.LOG
Lexmark Skin: Machine1-->C:\PROGRA~1\LEXMAR~2\Skin5\UNWISE.EXE C:\PROGRA~1\LEXMAR~2\Skin5\INSTALL.LOG
Lexmark Skin: Nature TV1-->C:\PROGRA~1\LEXMAR~2\Skin1\UNWISE.EXE C:\PROGRA~1\LEXMAR~2\Skin1\INSTALL.LOG
Lexmark Skin: Nature TV2-->C:\PROGRA~1\LEXMAR~2\Skin2\UNWISE.EXE C:\PROGRA~1\LEXMAR~2\Skin2\INSTALL.LOG
Lexmark Skin: Nature TV3-->C:\PROGRA~1\LEXMAR~2\Skin3\UNWISE.EXE C:\PROGRA~1\LEXMAR~2\Skin3\INSTALL.LOG
Lexmark X6100 Series-->C:\WINDOWS\system32\spool\drivers\w32x86\3\LXBFUN5C.EXE -dLexmark X6100 Series
LiveReg (Symantec Corporation)-->C:\Program Files\Common Files\Symantec Shared\LiveReg\VcSetup.exe /REMOVE
LiveUpdate 2.6 (Symantec Corporation)-->C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Data Access Components KB870669-->C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft Encarta Encyclopedia Standard 2002-->MsiExec.exe /I{01001202-823E-46CD-A70E-BEE818F97169}
Microsoft FrontPage 2002-->MsiExec.exe /I{90170409-6000-11D3-8CFE-0050048383C9}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Money 2003 System Pack-->MsiExec.exe /I{02D5E8EE-0B08-4F2C-97D6-A400E77275FE}
Microsoft Money 2003-->MsiExec.exe /I{015A0855-1EF5-4C77-93DB-8E2FC6A495B5}
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office 2000 Disc 2-->MsiExec.exe /I{00040409-78E1-11D2-B60F-006097C998E7}
Microsoft Office 2000 Small Business-->MsiExec.exe /I{00030409-78E1-11D2-B60F-006097C998E7}
Microsoft Office 2003 Web Components-->MsiExec.exe /I{90A40409-6000-11D3-8CFE-0150048383C9}
Microsoft Office FrontPage 2003-->MsiExec.exe /I{91170409-6000-11D3-8CFE-0150048383C9}
Microsoft Office XP Web Components-->MsiExec.exe /I{90260409-6000-11D3-8CFE-0150048383C9}
Microsoft Picture It! Photo 2002-->MsiExec.exe /I{C769A271-7E1C-48F9-B331-474600DD4C06}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft SQL Server Desktop Engine (PINNACLESYS)-->MsiExec.exe /X{E09B48B5-E141-427A-AB0C-D3605127224A}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Windows XP SBS Files-->C:\WINDOWS\MSPUNIN.EXE `C:\SBS\WindowsXP` Microsoft Windows XP SBS Files
Microsoft Word 2002-->MsiExec.exe /I{911B0409-6000-11D3-8CFE-0050048383C9}
Microsoft Works 2002 Setup Launcher-->C:\Program Files\Microsoft Works Suite 2002\Setup\Launcher.exe D:\
Microsoft Works 6.0-->MsiExec.exe /I{A1B7B9B3-E1D2-41CA-9B4A-F18DC2710704}
Microsoft Works Suite Add-in for Microsoft Word-->MsiExec.exe /I{C3A439E4-7303-491F-A678-CEA36A87D517}
Microsoft XML Parser and SDK-->MsiExec.exe /I{3E908702-AF35-4611-9518-955DA24B7E07}
Modem Helper-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\SETUP.EXE" ControlPanel
Mozilla Firefox (1.5)-->C:\WINDOWS\UninstallFirefox.exe /ua "1.5 (en-US)"
MSN Music Assistant-->rundll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msninst.inf,Uninstall
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Nikon Message Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}\Setup.exe" -l0x9 UNINSTALL
Nikon View 6-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AAB84E83-C8DF-4752-9DFC-2E2A48EE5E9F}\setup.exe" UNINSTALL
NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI
OrderReminder hp LaserJet 101x-->"C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder\Uninstall-hpLJ_101x\installerhelper.exe" "C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder\Uninstall-hpLJ_101x\installerhelper.properties" -from-addremove
PictureProject In Touch Downloader 1.0-->C:\Program Files\PictureProject In Touch Downloader\uninst.exe
PictureProject-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FF3999BE-1A7B-4738-88AA-97BF14094A4A}\Setup.exe" -l0x9 UNINSTALL
Pinnacle Hollywood FX 4.6-->C:\WINDOWS\unvise32.exe C:\Program Files\Pinnacle\Hollywood FX 4.6\uninstal.log
Pinnacle Hollywood FX Pack0 - Extra FX-->C:\WINDOWS\unvise32.exe C:\WINDOWS\unhfxpack0.log
Pinnacle Instant DVD Recorder-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EF781A5C-58F5-4BFD-87F9-E4F14D382F25}\setup.exe" -l0x9 UNINSTALL
Pinnacle MediaServer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{460CE8B9-6EC2-458A-90D4-691631ECE9D9}\setup.exe" -l0x9 UNINSTALL
Pinnacle Studio MediaSuite-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{77B8ECB2-1ACF-4587-8FB1-FCF856DB8149}\Setup.exe" -l0x9 UNINSTALL
PokerStars.net-->"C:\Program Files\PokerStars.NET\PokerStarsUninstall.exe" /u:PokerStars.net
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
Pro Fishing 3D Tournament Edition-->C:\PROGRA~1\HEADGA~1\ZEBCOP~1\UNINST~1\UNINST~1.EXE
PRO200WL-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{280C7673-2DF8-4E74-B031-D8F108BE2A6D}\SETUP.EXE" -uninst
proDAD Heroglyph 2.5-->"C:\Program Files\proDAD\Heroglyph-2.5\uninstall.exe" uninstall spcp PATHVERSION 2.5 MAINNAME Heroglyph
QuickTime-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{C21D5524-A970-42FA-AC8A-59B8C7CDCA31} /l1033
RAPID (Studio 10)-->MsiExec.exe /X{EEECE229-49F6-4851-A73A-99B058221F8C}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Recolored 1.0.1-->"F:\Recolored\unins000.exe"
RegCure 1.2.0.4-->C:\Documents and Settings\Harland Harriman\My Documents\RegCure\uninst.exe
Rhapsody Player Engine-->MsiExec.exe /I{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}
Rhapsody-->F:\PROGRA~1\RHAPSODY\UNWISE32.EXE /A F:\PROGRA~1\RHAPSODY\INSTALL.LOG
Roxio PhotoSuite 5-->MsiExec.exe /I{607CE53B-0999-4F3B-8FF1-DB1AA47548A8}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950749)-->"C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Seller's Assistant Pro-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DC43EDE1-D664-11D4-8044-444553540000}\Setup.exe" -l0x9
Shockwave Player-->MsiExec.exe /X{95D885F5-B696-11D5-9D1D-0050DAB14E03}
SmartSound Quicktracks Plugin-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}
Spinner Plus 3.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Spinner Plus\uninst.isu" -c"C:\Program Files\Spinner Plus\program\uninst.dll"
Spyware Doctor 5.5-->C:\Program Files\Spyware Doctor\unins000.exe /LOG
SpywareBlaster v3.5.1-->"C:\Program Files\SpywareBlaster\unins000.exe"
Studio 10 Bonus DVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6A012D9C-2E2E-405A-B87C-E909F5297C3F}\Setup.exe" -l0x9 UNINSTALL
Studio 10-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3CB05291-F546-458E-A796-B5BCF5A3CDC4}\Setup2.exe" -l0x9 UNINSTALL
Studio 8-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{53EF6570-21A4-47ED-A40A-E6470A5677A3}\Setup.exe" -l0x9 UNINSTALL-L0x9 -c
Studio Content CD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0700\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4C643986-DE3C-4737-8472-CCEC36CCC267}\Setup.exe" -l0x9
Studio MediaSuite Recording-->MsiExec.exe /I{D29FA925-E9D7-411E-8E75-C726EDF56AE6}
Studio RTFx Volume 1-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5A3A90E9-973C-4076-91A4-0616644137BF}\Setup.exe" -l0x9 UNINSTALL
Turbo Lister 2-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{69640730-B830-4C24-BB5C-222DA1260548}
TurboTax Business 2006-->C:\Program Files\TurboTax\Business 2006\TaxUnst.EXE "C:\Program Files\TurboTax\Business 2006\Uninstall.log" -NoGui
Update for Windows XP (KB932823-v3)-->"C:\WINDOWS\$NtUninstallKB932823-v3$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Viewpoint Manager (Remove Only)-->C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgrInstaller.exe /u /k
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
Watermark Factory-->"C:\Program Files\Watermark Factory\unins000.exe"
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Live installer-->MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger-->MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Photo Gallery-->MsiExec.exe /X{2D4F6BE3-6FEF-4FE9-9D01-1406B220D08C}
Windows Live Sign-in Assistant-->MsiExec.exe /I{9422C8EA-B0C6-4197-B8FC-DC797658CA00}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 10-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player Add-in for FrontPage-->MsiExec.exe /I{51F370EF-5952-4F03-A77A-4910A8D0FB07}
Windows XP Service Pack 2-->C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe
WinMX-->C:\Program Files\WinMX\uninstall.exe
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\unyt.exe

=====HijackThis Backups=====

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = [2007-09-03]
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe [2007-09-03]
O4 - HKLM\..\Run: [vinojodyw] C:\Program Files\ComPlus Applications\vinojodyw22011.exe [2007-09-03]
O4 - HKLM\..\Run: [{37-71-1F-F6-ZN}] C:\windows\system32\ljdsrngl.exe CHD003 [2007-09-03]
O4 - HKCU\..\Run: [WinPop] C:\Program Files\WinPop\winpop.exe [2007-09-03]
O4 - Startup: TA_Start.lnk = C:\WINDOWS\SYSTEM32\ljdsrngl.exe [2007-09-03]
O2 - BHO: (no name) - {E9BD0828-1FD9-410C-A50F-43EBE65D310F} - C:\WINDOWS\system32\ljjkkhg.dll [2007-09-03]
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ? [2007-09-03]
O4 - HKLM\..\Run: [SystemOptimizer] rundll32.exe "C:\WINDOWS\system32\cphnmhmh.dll",forkonce [2007-09-03]
O2 - BHO: (no name) - {B983EEA3-E925-4F99-B814-B426FB3B0859} - C:\WINDOWS\system32\ssqrp.dll [2007-09-03]
O4 - Startup: Think-Adz.lnk = C:\WINDOWS\SYSTEM32\owinkmdt.exe [2007-09-03]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = [2007-09-03]
O2 - BHO: 0 - {5AFD7A65-3987-46C2-2986-013503542CDE} - C:\Program Files\Online Services\zyrimuh.dll (file missing) [2007-09-03]
O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} - http://cdn.downloadcontrol.com/files/insta...easeInstall.cab [2007-09-03]
O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\system32\owinkmdt.exe CHD003 [2007-09-03]
O2 - BHO: (no name) - {CF46BFB3-2ACC-441b-B82B-36B9562C7FF1} - C:\WINDOWS\system32\tbngsyba.dll [2007-09-03]
O16 - DPF: {1C955F3B-5B32-4393-A05D-24B4970CD2A1} - http://streamp.babenet.com/cabs/videox.cab [2007-09-03]
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwe...etup1.0.0.8.cab [2007-09-03]
O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://www.drivecleaner.com/.freeware/inst...leanerstart.cab [2007-09-03]
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/04b0df5caa852e...ip/RdxIE601.cab [2007-09-03]
O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://www.winantispyware.com/download/200...ba711155bdae837 [2007-09-03]
O16 - DPF: {BD11A280-2E73-11CF-B6CF-00AA00A74DAF} - http://images.bonzi.com/freebuddy/wd/bbsetupad1.exe [2007-09-03]
O16 - DPF: {EFB22865-F3BC-4309-ADFA-C8E078A7F762} - http://www.sponsoradulto.com/es/SysWebTelecom.cab [2007-09-03]
O16 - DPF: {E389B374-BB5A-4A73-ACF4-3CE63E4C1DE9} (Brxpdf5 Control) - http://a19.g.akamai.net/7/19/7125/1239/ftp...com/brxpdf5.cab [2007-09-03]
O20 - Winlogon Notify: ljjkkhg - C:\WINDOWS\SYSTEM32\ljjkkhg.dll [2007-09-03]
O20 - Winlogon Notify: ssqrp - C:\WINDOWS\system32\ssqrp.dll [2007-09-03]
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\qogptvng.exe (file missing) [2007-09-03]
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing) [2007-09-03]
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\SGFybGFuZCBIYXJyaW1hbg\command.exe [2007-09-03]

======Hosts File======

127.0.0.1 localhost

======Security center information======

AV: Bitdefender Antivirus (disabled) (outdated)
AV: Spyware Doctor with AntiVirus
FW: Bitdefender Firewall (disabled)

======System event log======

Computer Name: COMPUTER2
Event Code: 10009
Message: DCOM was unable to communicate with the computer GOODRIDDANCE using any of the configured
protocols.

Record Number: 6251963
Source Name: DCOM
Time Written: 20090422212819.000000-240
Event Type: error
User: COMPUTER2\Harland Harriman

Computer Name: COMPUTER2
Event Code: 10009
Message: DCOM was unable to communicate with the computer gra4 using any of the configured
protocols.

Record Number: 6251962
Source Name: DCOM
Time Written: 20090422212746.000000-240
Event Type: error
User: COMPUTER2\Harland Harriman

Computer Name: COMPUTER2
Event Code: 10009
Message: DCOM was unable to communicate with the computer GOODRIDDANCE using any of the configured
protocols.

Record Number: 6251961
Source Name: DCOM
Time Written: 20090422212738.000000-240
Event Type: error
User: COMPUTER2\Harland Harriman

Computer Name: COMPUTER2
Event Code: 10009
Message: DCOM was unable to communicate with the computer gra4 using any of the configured
protocols.

Record Number: 6251960
Source Name: DCOM
Time Written: 20090422212656.000000-240
Event Type: error
User: COMPUTER2\Harland Harriman

Computer Name: COMPUTER2
Event Code: 10009
Message: DCOM was unable to communicate with the computer GOODRIDDANCE using any of the configured
protocols.

Record Number: 6251959
Source Name: DCOM
Time Written: 20090422212648.000000-240
Event Type: error
User: COMPUTER2\Harland Harriman

=====Application event log=====

Computer Name: COMPUTER2
Event Code: 1024
Message: Product: Microsoft Office FrontPage 2003 - Update 'Security Update for Office 2003 (KB921598): GPFILT' could not be installed. Error code 1603. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

Record Number: 20893
Source Name: MsiInstaller
Time Written: 20090225030116.000000-300
Event Type: error
User: NT AUTHORITY\SYSTEM

Computer Name: COMPUTER2
Event Code: 12001
Message: The Messenger Sharing USN Journal Reader service started successfully.

Record Number: 20884
Source Name: usnjsvc
Time Written: 20090224130401.000000-300
Event Type:
User:

Computer Name: COMPUTER2
Event Code: 19011
Message:
Record Number: 20878
Source Name: MSSQL$PINNACLESYS
Time Written: 20090224130019.000000-300
Event Type: warning
User:

Computer Name: COMPUTER2
Event Code: 1024
Message: Product: Microsoft Office FrontPage 2003 - Update 'Security Update for Office 2003 (KB954478): GDIPLUS' could not be installed. Error code 1603. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

Record Number: 20876
Source Name: MsiInstaller
Time Written: 20090224084733.000000-300
Event Type: error
User: NT AUTHORITY\SYSTEM

Computer Name: COMPUTER2
Event Code: 1002
Message: Hanging application msnmsgr.exe, version 8.5.1302.1018, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Record Number: 20875
Source Name: Application Hang
Time Written: 20090224084503.000000-300
Event Type: error
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Microsoft SQL Server\80\Tools\Binn\;C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 1 Stepping 2, GenuineIntel
"PROCESSOR_REVISION"=0102
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"PS5ROOT"=C:\Program Files\Roxio\PhotoSuite\
"FP_NO_HOST_CHECK"=NO
"CLASSPATH"=.;C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip

-----------------EOF-----------------

BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:10:57 PM

Posted 24 April 2009 - 11:03 AM

Hello! :thumbup2:
My name is Sam and I will be helping you.

In order to see what's going on with your computer I'll ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.


We need to create an OTListIt2 Report
  • Please download OTListIt2 from here
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the "Run Scan" button.
  • The scan should take just a few minutes.
  • Copy the log that opens up and paste it back here in your next reply.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 harjon

harjon
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:57 PM

Posted 24 April 2009 - 05:54 PM

hey Sam, Thank You for taking the time to help me. I like the name BTW I did as you said and it took a few trys, but the log is below:
Thanks again for the help.
OTListIt logfile created on: 4/24/2009 7:09:49 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.14.0 Folder = C:\Documents and Settings\Harland Harriman\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.01 Mb Total Physical Memory | 271.93 Mb Available Physical Memory | 53.21% Memory free
1.94 Gb Paging File | 1.51 Gb Available in Paging File | 77.76% Paging File free
Paging file location(s): C:\pagefile.sys 1500 1500;F:\pagefile.sys 2048 2048;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.21 Gb Total Space | 9.33 Gb Free Space | 25.08% Space Free | Partition Type: NTFS
Drive D: | 0.34 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
Drive F: | 74.50 Gb Total Space | 35.81 Gb Free Space | 48.06% Space Free | Partition Type: FAT32
Drive G: | 952.19 Mb Total Space | 914.16 Mb Free Space | 96.01% Space Free | Partition Type: FAT
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: COMPUTER2
Current User Name: Harland Harriman
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - [2003/09/23 01:42:00 | 00,303,104 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\LEXBCES.EXE
PRC - [2003/09/23 01:37:18 | 00,174,592 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\LEXPPS.EXE
PRC - [2001/08/06 15:41:48 | 00,028,672 | ---- | M] () -- C:\WINDOWS\Nhksrv.exe
PRC - [2001/08/09 19:18:30 | 00,064,512 | -H-- | M] (America Online, Inc.) -- C:\WINDOWS\System32\PackethSvc.exe
PRC - [2007/05/30 08:31:10 | 00,312,880 | ---- | M] (GRISOFT s.r.o.) -- C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
PRC - [2003/06/20 03:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
PRC - [2008/12/18 11:47:08 | 09,158,656 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
PRC - [2006/08/11 21:42:50 | 00,155,715 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
PRC - [2007/01/04 17:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2000/08/08 13:32:12 | 00,053,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MsPMSPSv.exe
PRC - [2006/01/19 10:22:20 | 00,049,152 | ---- | M] (Pinnacle Systems) -- c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
PRC - [2007/06/13 06:23:07 | 01,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2006/07/04 20:08:34 | 00,180,269 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2008/06/10 04:27:04 | 00,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
PRC - [2002/12/16 16:51:24 | 00,036,864 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
PRC - [2001/07/03 10:11:52 | 00,057,344 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
PRC - [2001/08/17 00:41:58 | 00,028,738 | ---- | M] (Microsoft® Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
PRC - [2007/01/04 17:38:18 | 00,112,336 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
PRC - [2001/09/24 10:39:28 | 00,098,304 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
PRC - [2001/07/03 10:17:04 | 00,065,536 | ---- | M] () -- C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnf.exe
PRC - [2006/02/16 16:39:40 | 01,346,560 | ---- | M] (Pinnacle Systems GmbH.) -- C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
PRC - [2001/05/06 11:14:22 | 00,020,549 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
PRC - [2005/08/01 17:18:14 | 00,118,784 | ---- | M] (Nikon Corporation) -- C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
PRC - [2003/12/05 10:44:34 | 00,233,472 | ---- | M] (Nikon Corporation) -- C:\Program Files\Nikon\NkView6\NkvMon.exe
PRC - [2008/06/02 23:29:43 | 00,337,800 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe
PRC - [2008/06/02 23:29:53 | 01,107,848 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsTray.exe
PRC - [2009/04/24 18:52:21 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Harland Harriman\Desktop\OTListIt2.exe
PRC - [2009/04/24 18:52:21 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Harland Harriman\Desktop\OTListIt2.exe

========== Win32 Services (SafeList) ==========

SRV - [2004/07/15 02:49:26 | 00,032,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2007/05/30 08:31:10 | 00,312,880 | ---- | M] (GRISOFT s.r.o.) -- C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe -- (AVG Anti-Spyware Guard [Auto | Running])
SRV - [2004/08/04 03:56:44 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2005/04/04 01:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2006/06/14 16:23:58 | 00,323,584 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPodService [On_Demand | Stopped])
SRV - [2003/09/23 01:42:00 | 00,303,104 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\LEXBCES.EXE -- (LexBceS [Auto | Running])
SRV - [2003/06/20 03:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe -- (MDM [Auto | Running])
SRV - [2008/12/18 11:47:08 | 09,158,656 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe -- (MSSQL$PINNACLESYS [Auto | Running])
SRV - [2005/05/03 22:50:28 | 00,073,728 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe -- (MSSQLServerADHelper [On_Demand | Stopped])
SRV - [2001/08/06 15:41:48 | 00,028,672 | ---- | M] () -- C:\WINDOWS\Nhksrv.exe -- (Nhksrv [Auto | Running])
SRV - [2006/08/11 21:42:50 | 00,155,715 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Auto | Running])
SRV - [2003/07/28 12:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2001/08/09 19:18:30 | 00,064,512 | -H-- | M] (America Online, Inc.) -- C:\WINDOWS\System32\PackethSvc.exe -- (PackethSvc [Auto | Running])
SRV - [2006/01/19 10:22:20 | 00,049,152 | ---- | M] (Pinnacle Systems) -- c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe -- (PinnacleSys.MediaServer [Auto | Running])
SRV - [2002/08/01 10:22:40 | 00,065,536 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12 [On_Demand | Stopped])
SRV - [2008/06/02 23:29:43 | 00,337,800 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService [Auto | Running])
SRV - [2008/06/02 23:29:48 | 01,017,224 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService [On_Demand | Stopped])
SRV - File not found -- -- (SmcService [Auto | Stopped])
SRV - [2007/11/23 15:33:10 | 00,184,320 | ---- | M] (SoundMovieServer) -- C:\WINDOWS\system32\snmvtsvc.exe -- (SoundMovieServer [On_Demand | Stopped])
SRV - [2005/05/03 21:42:56 | 00,323,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlagent.EXE -- (SQLAgent$PINNACLESYS [On_Demand | Stopped])
SRV - [2007/10/18 11:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Stopped])
SRV - [2007/01/04 17:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service [Auto | Running])
SRV - [2007/10/25 15:27:54 | 00,266,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc [On_Demand | Stopped])
SRV - [2000/08/08 13:32:12 | 00,053,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MsPMSPSv.exe -- (WMDM PMSP Service [Auto | Running])

========== Driver Services (SafeList) ==========

DRV - [2004/08/04 02:10:10 | 00,048,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\61883.sys -- (61883 [On_Demand | Stopped])
DRV - [2001/08/17 14:20:04 | 00,096,256 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\ac97intc.sys -- (ac97intc [On_Demand | Stopped])
DRV - [2001/08/17 15:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\System32\DRIVERS\aliide.sys -- (AliIde [Disabled | Stopped])
DRV - [2004/08/04 02:07:42 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\System32\DRIVERS\amdagp.sys -- (amdagp [Disabled | Stopped])
DRV - [2003/12/04 11:33:20 | 00,011,264 | ---- | M] (Pinnacle Systems GmbH) -- C:\WINDOWS\System32\Drivers\ASAPIW2K.sys -- (ASAPIW2k [On_Demand | Running])
DRV - [2001/08/17 15:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\System32\DRIVERS\asc.sys -- (asc [Disabled | Stopped])
DRV - [2001/08/17 15:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\System32\DRIVERS\asc3550.sys -- (asc3550 [Disabled | Stopped])
DRV - [2004/08/04 02:10:10 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\avc.sys -- (Avc [On_Demand | Stopped])
DRV - [2004/08/04 03:09:58 | 00,013,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\avcstrm.sys -- (AVCSTRM [On_Demand | Stopped])
DRV - [2007/05/30 08:10:42 | 00,011,000 | ---- | M] () -- C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys -- (AVG Anti-Spyware Driver [System | Running])
DRV - [2007/05/30 08:10:42 | 00,010,872 | ---- | M] (GRISOFT, s.r.o.) -- C:\WINDOWS\System32\DRIVERS\AvgAsCln.sys -- (AvgAsCln [System | Running])
DRV - [2001/07/18 21:01:56 | 00,077,426 | ---- | M] (Conexant Systems) -- C:\WINDOWS\System32\DRIVERS\basic2.sys -- (basic2 [On_Demand | Running])
DRV - [2003/07/17 04:40:06 | 00,265,728 | R--- | M] (Broadcom Corporation) -- C:\WINDOWS\System32\DRIVERS\bcmwl5.sys -- (BCM43XX [On_Demand | Running])
DRV - [2001/06/20 19:32:54 | 00,004,272 | ---- | M] () -- C:\WINDOWS\System32\drivers\bvrp_pci.sys -- (bvrp_pci [On_Demand | Stopped])
DRV - [2003/04/08 21:58:30 | 00,061,424 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp [System | Running])
DRV - [2003/04/08 21:58:29 | 00,023,436 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k [System | Running])
DRV - [2005/02/10 11:55:08 | 00,062,976 | ---- | M] (Pinnacle Systems GmbH) -- C:\WINDOWS\System32\Drivers\Cdrdrv.sys -- (cdrdrv [On_Demand | Running])
DRV - [2001/08/17 15:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\System32\DRIVERS\cmdide.sys -- (CmdIde [Disabled | Stopped])
DRV - [2001/08/17 15:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\System32\DRIVERS\dac2w2k.sys -- (dac2w2k [Disabled | Stopped])
DRV - [2001/12/04 11:26:04 | 00,032,256 | ---- | M] (DAVICOM Semiconductor, Inc. ) -- C:\WINDOWS\System32\DRIVERS\DM9PCI5.SYS -- (DM9102 [On_Demand | Stopped])
DRV - [2001/08/17 14:11:06 | 00,066,591 | ---- | M] (3Com Corporation) -- C:\WINDOWS\System32\DRIVERS\el90xbc5.sys -- (EL90XBC [On_Demand | Stopped])
DRV - [2001/08/09 22:03:00 | 00,070,084 | ---- | M] (MK Systems CO., LTD.) -- C:\WINDOWS\System32\Drivers\EPLPDX02.SYS -- (Eplpdx02 [On_Demand | Running])
DRV - [2001/07/18 21:04:04 | 00,310,899 | ---- | M] (Conexant Systems) -- C:\WINDOWS\System32\DRIVERS\fallback.sys -- (Fallback [Auto | Running])
DRV - [2001/07/18 21:06:12 | 00,127,405 | ---- | M] (Conexant Systems) -- C:\WINDOWS\System32\DRIVERS\fsksnt.sys -- (Fsks [Auto | Running])
DRV - [2005/02/02 02:21:04 | 00,014,408 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
DRV - [2001/08/17 15:52:24 | 00,038,144 | ---- | M] (HighPoint Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\hpt3xx.sys -- (hpt3xx [Disabled | Stopped])
DRV - [2001/08/17 15:28:10 | 00,542,879 | ---- | M] (Conexant) -- C:\WINDOWS\System32\DRIVERS\HSF_MSFT.sys -- (hsf_msft [On_Demand | Stopped])
DRV - [2008/02/01 11:55:52 | 00,042,376 | ---- | M] (PCTools Research Pty Ltd.) -- C:\WINDOWS\system32\drivers\ikfilesec.sys -- (IKFileSec [Boot | Running])
DRV - [2007/12/10 13:53:28 | 00,066,952 | ---- | M] (PCTools Research Pty Ltd.) -- C:\WINDOWS\system32\drivers\iksysflt.sys -- (IKSysFlt [System | Running])
DRV - [2007/12/10 13:53:28 | 00,081,288 | ---- | M] (PCTools Research Pty Ltd.) -- C:\WINDOWS\system32\drivers\iksyssec.sys -- (IKSysSec [System | Running])
DRV - [2001/07/18 21:06:40 | 00,426,783 | ---- | M] (Conexant Systems) -- C:\WINDOWS\System32\DRIVERS\k56nt.sys -- (K56 [Auto | Running])
DRV - [2005/06/02 19:28:38 | 00,171,008 | ---- | M] (Pinnacle Systems GmbH) -- C:\WINDOWS\system32\DRIVERS\MarvinBus.sys -- (MarvinBus [On_Demand | Running])
DRV - [2007/01/19 00:51:24 | 00,008,413 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\drivers\mcstrm.sys -- (MCSTRM [Auto | Running])
DRV - [2001/08/17 15:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\System32\DRIVERS\mraid35x.sys -- (mraid35x [Disabled | Stopped])
DRV - [2004/08/04 02:09:58 | 00,051,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\msdv.sys -- (MSDV [On_Demand | Stopped])
DRV - [2000/10/03 17:18:24 | 00,006,942 | ---- | M] (Netropa Corporation) -- C:\WINDOWS\System32\DRIVERS\msikbd2k.sys -- (Msikbd2k [On_Demand | Running])
DRV - [2004/08/04 03:09:58 | 00,049,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\mstape.sys -- (MSTAPE [On_Demand | Stopped])
DRV - [2007/11/23 16:10:00 | 00,515,200 | ---- | M] (Windows ® 2000/XP) -- C:\WINDOWS\system32\drivers\MusCDriverV32.sys -- (MusCDriverV32 [On_Demand | Running])
DRV - [2007/11/23 16:10:02 | 00,003,768 | ---- | M] (Windows ® 2000 DDK provider) -- C:\WINDOWS\system32\DRIVERS\MusCVideo32.sys -- (MusCVideo32 [On_Demand | Running])
DRV - [2006/08/11 21:42:42 | 03,958,496 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running])
DRV - [2006/08/11 21:42:42 | 03,958,496 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys -- (nv4 [On_Demand | Stopped])
DRV - [2005/02/09 12:59:00 | 00,014,165 | ---- | M] (Pinnacle Systems GmbH) -- C:\WINDOWS\system32\drivers\pclepci.sys -- (PCLEPCI [System | Running])
DRV - [2008/08/05 00:59:02 | 00,160,792 | ---- | M] (PC Tools) -- C:\WINDOWS\SYSTEM32\DRIVERS\pctfw2.sys -- (pctfw2 [System | Running])
DRV - [2002/06/13 16:08:46 | 00,014,604 | ---- | M] (Padus, Inc.) -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc [On_Demand | Running])
DRV - [2001/08/01 16:36:18 | 00,348,169 | ---- | M] (Philips Semiconductors) -- C:\WINDOWS\System32\DRIVERS\CamDrL21.sys -- (PhilCam8116 [On_Demand | Stopped])
DRV - [2001/08/18 08:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2001/08/17 15:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\System32\DRIVERS\ql1080.sys -- (ql1080 [Disabled | Stopped])
DRV - [2001/08/17 15:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\System32\DRIVERS\ql12160.sys -- (ql12160 [Disabled | Stopped])
DRV - [2001/08/17 15:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\System32\DRIVERS\ql1280.sys -- (ql1280 [Disabled | Stopped])
DRV - [2001/07/18 21:01:38 | 00,067,654 | ---- | M] (Conexant Systems) -- C:\WINDOWS\System32\DRIVERS\rksample.sys -- (Rksample [On_Demand | Running])
DRV - [2007/11/13 06:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2004/08/04 02:07:42 | 00,041,088 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\DRIVERS\sisagp.sys -- (sisagp [Disabled | Stopped])
DRV - [2001/07/25 17:40:30 | 00,438,200 | ---- | M] (Analog Devices, Inc.) -- C:\WINDOWS\system32\drivers\smwdm.sys -- (smwdm [On_Demand | Running])
DRV - [2001/07/18 21:05:26 | 00,217,019 | ---- | M] (Conexant Systems) -- C:\WINDOWS\System32\DRIVERS\faxnt.sys -- (SoftFax [Auto | Running])
DRV - [2001/08/17 13:56:16 | 00,007,552 | ---- | M] (Sony Corporation) -- C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS -- (SONYPVU1 [On_Demand | Stopped])
DRV - [2001/08/17 16:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\System32\DRIVERS\sparrow.sys -- (Sparrow [Disabled | Stopped])
DRV - [2001/08/17 16:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\System32\DRIVERS\symc810.sys -- (symc810 [Disabled | Stopped])
DRV - [2001/08/17 16:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\System32\DRIVERS\symc8xx.sys -- (symc8xx [Disabled | Stopped])
DRV - [2003/05/27 13:00:34 | 00,073,496 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent [On_Demand | Stopped])
DRV - [2001/08/17 16:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\System32\DRIVERS\sym_hi.sys -- (sym_hi [Disabled | Stopped])
DRV - [2001/08/17 16:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\System32\DRIVERS\sym_u3.sys -- (sym_u3 [Disabled | Stopped])
DRV - [2003/03/21 17:23:04 | 00,086,896 | ---- | M] (Sygate Technologies, Inc.) -- C:\WINDOWS\SYSTEM32\Drivers\Teefer.sys -- (teefer [Boot | Running])
DRV - [2001/07/18 21:04:26 | 00,056,607 | ---- | M] (Conexant Systems) -- C:\WINDOWS\System32\DRIVERS\tonesnt.sys -- (Tones [Auto | Running])
DRV - [2001/08/17 15:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\System32\DRIVERS\ultra.sys -- (ultra [Disabled | Stopped])
DRV - [2004/08/04 02:07:55 | 00,059,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Stopped])
DRV - [2001/07/18 21:01:20 | 00,534,125 | ---- | M] (Conexant Systems) -- C:\WINDOWS\System32\DRIVERS\v124nt.sys -- (V124 [Auto | Running])
DRV - [2005/06/17 12:11:00 | 00,017,664 | ---- | M] (Nikon Corporation) -- C:\WINDOWS\system32\DRIVERS\NkVBus.sys -- (VBus [On_Demand | Running])
DRV - [2004/09/01 14:50:02 | 00,188,416 | ---- | M] (Pinnacle Systems GmbH) -- C:\WINDOWS\System32\drivers\vobIW.sys -- (vobiw [System | Running])
DRV - [2001/08/09 17:25:22 | 00,022,608 | ---- | M] (America Online, Inc.) -- C:\WINDOWS\System32\DRIVERS\wandrv.sys -- (wandrv [On_Demand | Stopped])
DRV - [2002/01/07 14:29:40 | 00,008,023 | ---- | M] (Sygate Technologies, Inc.) -- C:\WINDOWS\SYSTEM32\Drivers\wg3n.sys -- (wg3n [Auto | Running])
DRV - [2001/07/25 19:58:28 | 00,584,336 | ---- | M] (Conexant Systems) -- C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys -- (winachsf [On_Demand | Running])
DRV - [2003/03/21 17:24:54 | 00,015,360 | ---- | M] (Sygate Technologies, Inc.) -- C:\WINDOWS\System32\drivers\wpsdrvnt.sys -- (wpsdrvnt [System | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dellnet.com/
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com/
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dellnet.com/
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com/
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3689853989-1376643981-488748980-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
IE - HKU\S-1-5-21-3689853989-1376643981-488748980-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\S-1-5-21-3689853989-1376643981-488748980-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-21-3689853989-1376643981-488748980-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig?hl=en
IE - HKU\S-1-5-21-3689853989-1376643981-488748980-1006\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{sub_rfc1766}/srchasst/srchcust.htm
IE - HKU\S-1-5-21-3689853989-1376643981-488748980-1006\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{sub_rfc1766}/srchasst/srchasst.htm
IE - HKU\S-1-5-21-3689853989-1376643981-488748980-1006\S-1-5-21-3689853989-1376643981-488748980-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3689853989-1376643981-488748980-1006\S-1-5-21-3689853989-1376643981-488748980-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

FF - HKLM\software\mozilla\Mozilla Firefox 1.5\Extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2006/07/13 17:36:18 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 1.5\Extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/04/02 13:32:23 | 00,000,000 | ---D | M]

[2008/08/11 18:32:08 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2006/03/10 12:09:28 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008/04/09 01:21:26 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
[2008/08/11 18:32:08 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2006/03/10 12:09:26 | 00,060,518 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jar50.dll
[2006/03/10 12:09:27 | 00,049,248 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jsd3250.dll
[2006/03/10 12:09:26 | 00,165,992 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\xpinstal.dll
[2006/03/10 12:09:33 | 00,000,680 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.png
[2006/03/10 12:09:33 | 00,000,741 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.src
[2006/03/10 12:09:33 | 00,001,150 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.png
[2006/03/10 12:09:33 | 00,000,539 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.src
[2006/03/10 12:09:33 | 00,000,356 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.png
[2006/03/10 12:09:33 | 00,001,007 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.src
[2006/03/10 12:09:33 | 00,000,210 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.gif
[2006/03/10 12:09:33 | 00,001,056 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.src
[2006/03/10 12:09:33 | 00,001,076 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.gif
[2006/03/10 12:09:33 | 00,000,718 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.src
[2006/03/10 12:09:33 | 00,000,088 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.gif
[2006/03/10 12:09:33 | 00,001,122 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.src

O1 HOSTS File: (713 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (eBay Toolbar Helper) - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll (eBay Inc.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - Reg Error: Key error. File not found
O2 - BHO: (no name) - {87B88B8B-4147-4E33-B99E-5C3CA500C608} - Reg Error: Value error. File not found
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (eBay Toolbar) - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll (eBay Inc.)
O3 - HKU\S-1-5-21-3689853989-1376643981-488748980-1006\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Key error. File not found
O3 - HKU\S-1-5-21-3689853989-1376643981-488748980-1006\..\Toolbar\ShellBrowser: (no name) - {46AE04C0-BCFA-4728-90E7-00EB4A8B3863} - Reg Error: Key error. File not found
O3 - HKU\S-1-5-21-3689853989-1376643981-488748980-1006\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Reg Error: Key error. File not found
O3 - HKU\S-1-5-21-3689853989-1376643981-488748980-1006\..\Toolbar\WebBrowser: (no name) - {2ECB7FB2-0333-416F-92FD-4904AD49252B} - C:\WINDOWS\SYSTEM32\3DNAtoolbar.dll ()
O3 - HKU\S-1-5-21-3689853989-1376643981-488748980-1006\..\Toolbar\WebBrowser: (no name) - {40D41A8B-D79B-43D7-99A7-9EE0F344C385} - Reg Error: Value error. File not found
O3 - HKU\S-1-5-21-3689853989-1376643981-488748980-1006\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Key error. File not found
O3 - HKU\S-1-5-21-3689853989-1376643981-488748980-1006\..\Toolbar\WebBrowser: (no name) - {46AE04C0-BCFA-4728-90E7-00EB4A8B3863} - Reg Error: Key error. File not found
O4 - HKLM..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized (GRISOFT s.r.o.)
O4 - HKLM..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [CXMon] "C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe" (Hewlett-Packard Company)
O4 - HKLM..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A (Microsoft Corporation)
O4 - HKLM..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe (eBay Inc.)
O4 - HKLM..\Run: [Lexmark X6100 Series] "C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe" (Lexmark International, Inc.)
O4 - HKLM..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE (Logitech Inc.)
O4 - HKLM..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe (Microsoft® Corporation)
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] nwiz.exe /install ()
O4 - HKLM..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\\PSDrvCheck.exe ()
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Computer, Inc.)
O4 - HKLM..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe (Hewlett-Packard)
O4 - HKLM..\Run: [StatusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto (Hewlett-Packard)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot (RealNetworks, Inc.)
O4 - HKLM..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe (Hewlett-Packard)
O4 - HKU\S-1-5-21-3689853989-1376643981-488748980-1006..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp (AOL LLC)
O4 - HKU\S-1-5-21-3689853989-1376643981-488748980-1006..\Run: [IW_Drop_Icon] C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe /DropDisc (Pinnacle Systems GmbH.)
O4 - HKU\S-1-5-21-3689853989-1376643981-488748980-1006..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (Microsoft Corporation)
O4 - HKU\S-1-5-21-3689853989-1376643981-488748980-1006..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1 (Adobe Systems Incorporated)
O4 - HKU\S-1-5-21-3689853989-1376643981-488748980-1006..\Run: [WebCamRT.exe] File not found
O4 - HKU\S-1-5-21-3689853989-1376643981-488748980-1006..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet (Yahoo! Inc.)
O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] Narrator.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [RunNarrator] Narrator.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe (Nikon Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe (Nikon Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3689853989-1376643981-488748980-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3689853989-1376643981-488748980-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm File not found
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZJxdm025RZUS File not found
O8 - Extra context menu item: eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html (eBay Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe (America Online, Inc.)
O9 - Extra Button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll (Microsoft Corporation)
O9 - Extra Button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe File not found
O9 - Extra 'Tools' menuitem : Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe File not found
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-3689853989-1376643981-488748980-1006\..Trusted Sites: ([]msn in My Computer)
O15 - HKU\S-1-5-21-3689853989-1376643981-488748980-1006\..Trusted Domains: aol.com ([free] http in Trusted sites)
O15 - HKU\S-1-5-21-3689853989-1376643981-488748980-1006\..Trusted Sites: turbotax.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-3689853989-1376643981-488748980-1006\..Trusted Domains: 2 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {0000000A-9980-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/wmsp9dmo.cab (Reg Error: Key error.)
O16 - DPF: {00000075-0000-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/voxmsdec.CAB (Reg Error: Key error.)
O16 - DPF: {00000075-9980-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/voxacm.CAB (Reg Error: Key error.)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {0FC6BF2B-E16A-11CF-AB2E-0080AD08A326} http://www.liveupdate.com/controls/getcab5.dll (Reg Error: Key error.)
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} http://www.ipix.com/viewers/ipixx.cab (iPIX ActiveX Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/pub/shock...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/5/b...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} http://ak.exe.imgfarm.com/images/nocache/f...etup1.0.1.1.cab (Reg Error: Key error.)
O16 - DPF: {1DF36010-E276-11D4-A7C0-00C04F0453DD} http://www.stamps.com/download/us/registra...23/sdcregie.cab (Stamps.com Secure Postal Account Registration)
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} http://dlm.tools.akamai.com/dlmanager/vers...vex-2.0.6.5.cab (DownloadManager Control)
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} http://download.yahoo.com/dl/installs/yinst.cab (YInstStarter Class)
O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/wmv9dmo.cab (Reg Error: Key error.)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdate/content/opuc3.cab (Office Update Installation Engine)
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} http://a1540.g.akamai.net/7/1540/52/200211...meInstaller.exe (Reg Error: Key error.)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1006.cab (MySpace Uploader Control)
O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} http://office.microsoft.com/productupdates/content/opuc.cab (OPUCatalog Class)
O16 - DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} http://www.facebook.com/controls/contactx.dll (ContactExtractor Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {8C285F85-0DBD-11D3-8B37-00A02459FA0F} http://ic.vcsystem.com/packages/cuweb.cab (CuWeb CuWebConf)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupdate.microsoft.com/CAB/...7420.9226967593 (Reg Error: Key error.)
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} http://www.crucial.com/controls/cpcScanner.cab (Crucial cpcScan)
O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} http://hgtv.view22.com/view22/app/view22rte.cab (View22RTE Class)
O16 - DPF: {BE5431D2-0F30-11D4-89D9-00C04F509C0A} https://secure.stamps.com/download/us/cab/s...file=stamps.cab (SDCInstaller Class)
O16 - DPF: {C9B08199-657A-468D-A26B-692137572131} http://www.focusfocus.com/download/windows/ffhost.cab (FFHostContainer Class)
O16 - DPF: {CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.4.2/jinstall-...indows-i586.cab (Java Plug-in 1.4.2_04)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D59931FE-DC91-11D2-88D5-000000000000} http://www.focusfocus.com/download/windows/ffcall.cab (FocusFocusChat Class)
O16 - DPF: {E87A6788-1D0F-4444-8898-1D25829B6755} http://fdl.msn.com/public/chat/msnchat4.cab (MSN Chat Control 4.0)
O16 - DPF: {ED28050F-D713-43BA-A376-DCC5C35407D5} https://music.msn.com/client/msnmusax4227.cab (MsnMusicAx Class)
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} http://cdn.digitalcity.com/_media/dalaillama/ampx.cab (IWinAmpActiveX Class)
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.3.0.cab (DLM Control)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\WRNotifier: DllName - WRLogonNTF.dll - C:\WINDOWS\system32\WRLogonNTF.dll (Webroot Software, Inc.)
O21 - SSODL: sqkRCaSl - {347371F7-9ED9-DB5D-2351-6A9E63CFBBCD} - CLSID or File not found.
O24 - Desktop Components:0 () - http://www.badpuppy.com/members/images/wal...ated/marmaf.gif
O24 - Desktop Components:1 () - C:\Program Files\Online Services\dibobob.html
O24 - Desktop Components:2 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {57B86673-276A-48B2-BAE7-C6DBB3020EB8} - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll (GRISOFT s.r.o.)
O28 - HKLM ShellExecuteHooks: {E9BD0828-1FD9-410C-A50F-43EBE65D310F} - Reg Error: Key error. File not found
O29 - HKLM SecurityProviders - (zwebauth.dll) - C:\WINDOWS\system32\zwebauth.dll ()
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/12/13 22:28:02 | 00,000,095 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2003/01/31 14:25:04 | 00,000,000 | RH-D | M] - F:\autorun -- [ FAT32 ]
O32 - AutoRun File - [2002/10/17 09:56:50 | 00,000,036 | RH-- | M] () - F:\autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (SsiEfr.e) - File not found

========== Files/Folders - Created Within 30 Days ==========

[2 C:\Documents and Settings\Harland Harriman\My Documents\*.tmp files]
[2009/04/24 18:52:20 | 00,501,248 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Harland Harriman\Desktop\OTListIt2.exe
[2009/04/24 07:25:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2009/04/23 22:53:00 | 00,000,000 | ---D | C] -- C:\rsit
[2009/04/23 22:52:39 | 00,781,909 | ---- | C] () -- C:\Documents and Settings\Harland Harriman\Desktop\RSIT.exe
[2009/04/23 22:21:08 | 00,360,021 | ---- | C] () -- C:\Documents and Settings\Harland Harriman\Desktop\dds.scr
[2009/04/23 21:59:46 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Harland Harriman\Desktop\HijackThis.lnk
[2009/04/16 12:43:32 | 00,215,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wordpad.exe
[2009/04/16 12:42:40 | 00,473,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fastprox.dll
[2009/04/16 12:42:40 | 00,399,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcss.dll
[2009/04/16 12:42:40 | 00,283,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pdh.dll
[2009/04/16 12:42:40 | 00,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\services.exe
[2009/04/16 12:42:40 | 00,060,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\colbact.dll
[2009/04/16 12:42:40 | 00,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sc.exe
[2009/04/16 12:42:39 | 00,616,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\advapi32.dll
[2009/04/16 12:42:39 | 00,453,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvsd.dll
[2009/04/16 12:42:39 | 00,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvse.exe
[2009/04/16 12:42:37 | 00,714,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntdll.dll
[2009/04/16 12:25:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\nView_Profiles
[2009/04/03 07:57:32 | 00,168,201 | ---- | C] () -- C:\Documents and Settings\Harland Harriman\Desktop\fesnowcdv2.JPG
[2009/04/02 07:21:08 | 00,000,616 | ---- | C] () -- C:\WINDOWS\tasks\RegCure Program Check.job
[2009/04/02 07:20:58 | 00,000,629 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\RegCure.lnk
[2009/03/31 20:36:34 | 00,173,440 | ---- | C] () -- C:\Documents and Settings\Harland Harriman\Desktop\mcclellancdv.JPG
[2009/03/31 20:33:34 | 00,107,514 | ---- | C] () -- C:\Documents and Settings\Harland Harriman\Desktop\sumner2.JPG
[2009/03/31 20:30:57 | 00,192,371 | ---- | C] () -- C:\Documents and Settings\Harland Harriman\Desktop\sumner.JPG
[2009/03/30 11:45:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Harland Harriman\Application Data\FunWebProducts
[2009/03/30 08:43:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Harland Harriman\My Documents\AIMLogger
[2009/03/30 08:40:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Harland Harriman\Application Data\acccore
[2009/03/30 08:39:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\acccore
[2009/03/30 08:39:18 | 00,001,674 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AIM 6.lnk
[2009/03/30 08:39:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AOL OCP
[2009/03/30 08:39:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AOL
[2009/03/30 08:38:30 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\AOL
[2009/03/30 08:38:07 | 00,000,000 | ---D | C] -- C:\Program Files\AIM6
[2008/06/12 18:53:42 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxbfvs.dll
[2008/06/12 18:52:10 | 00,000,188 | ---- | C] () -- C:\WINDOWS\System32\lxbfcoin.ini
[2008/06/12 18:51:57 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\LXBFLCNP.DLL
[2007/12/13 22:28:00 | 00,196,096 | ---- | C] () -- C:\WINDOWS\System32\macd32.dll
[2007/12/13 22:28:00 | 00,138,752 | ---- | C] () -- C:\WINDOWS\System32\mase32.dll
[2007/12/13 22:28:00 | 00,136,192 | ---- | C] () -- C:\WINDOWS\System32\mamc32.dll
[2007/12/13 22:28:00 | 00,057,856 | ---- | C] () -- C:\WINDOWS\System32\masd32.dll
[2007/12/13 22:28:00 | 00,027,648 | ---- | C] () -- C:\WINDOWS\System32\ma32.dll
[2007/12/13 20:01:43 | 00,000,041 | ---- | C] () -- C:\WINDOWS\msiosd.ini
[2007/12/13 20:01:43 | 00,000,030 | ---- | C] () -- C:\WINDOWS\MMKEYBD.INI
[2007/11/11 00:58:58 | 00,000,049 | ---- | C] () -- C:\WINDOWS\iltwain.ini
[2007/09/01 16:26:11 | 00,002,123 | ---- | C] () -- C:\WINDOWS\cookies.ini
[2006/12/12 00:42:58 | 00,194,248 | ---- | C] () -- C:\WINDOWS\System32\LTRFD13n.DLL
[2006/10/19 17:26:06 | 00,000,017 | ---- | C] () -- C:\WINDOWS\MovingPicture.ini
[2006/10/12 23:19:59 | 00,001,289 | ---- | C] () -- C:\WINDOWS\VFO.INI
[2006/08/11 21:45:20 | 00,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/08/11 21:43:10 | 00,196,608 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/08/11 21:43:00 | 01,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/08/11 21:43:00 | 01,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/08/11 21:43:00 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/08/11 21:43:00 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/08/11 21:43:00 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/04/13 11:30:43 | 00,684,032 | ---- | C] () -- C:\WINDOWS\libeay32.dll
[2006/04/13 11:30:43 | 00,155,648 | ---- | C] () -- C:\WINDOWS\ssleay32.dll
[2006/01/12 17:09:14 | 00,090,112 | ---- | C] () -- C:\WINDOWS\System32\DXFLib.dll
[2006/01/12 17:08:06 | 00,143,360 | ---- | C] () -- C:\WINDOWS\System32\opcode.dll
[2005/08/09 18:12:28 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005/07/29 14:38:24 | 03,375,104 | ---- | C] () -- C:\WINDOWS\System32\qt-mt331.dll
[2005/04/29 15:46:39 | 00,000,133 | ---- | C] () -- C:\WINDOWS\watermark factory.INI
[2005/04/27 10:42:48 | 00,000,103 | ---- | C] () -- C:\WINDOWS\System32\hptrace.ini
[2005/04/27 10:42:11 | 00,017,049 | ---- | C] () -- C:\WINDOWS\hplj1010.ini
[2005/03/26 14:46:49 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\Ultra.dll
[2004/08/02 09:32:30 | 00,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR.DLL
[2004/06/01 23:37:40 | 00,000,529 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2004/05/19 00:06:12 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/04/28 09:23:42 | 00,000,548 | ---- | C] () -- C:\WINDOWS\System32\dpusys.ini
[2004/04/23 10:28:11 | 00,860,160 | ---- | C] () -- C:\WINDOWS\System32\EPSControl.dll
[2004/01/15 19:12:30 | 00,000,035 | ---- | C] () -- C:\WINDOWS\InfModM.ini
[2003/09/23 22:17:33 | 00,012,288 | ---- | C] () -- C:\WINDOWS\impborl.dll
[2003/04/27 23:53:40 | 00,031,744 | ---- | C] () -- C:\WINDOWS\System32\3DNAtoolbar.dll
[2003/04/13 16:27:26 | 00,000,120 | ---- | C] () -- C:\WINDOWS\setihome.ini
[2003/04/08 22:46:44 | 00,000,037 | ---- | C] () -- C:\WINDOWS\ipixActivex.ini
[2003/04/08 22:39:31 | 00,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2003/03/29 01:44:38 | 00,000,039 | ---- | C] () -- C:\WINDOWS\VideoWave.INI
[2003/02/03 00:50:37 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2002/12/14 01:07:38 | 00,000,021 | ---- | C] () -- C:\WINDOWS\RTD.ini
[2002/08/30 00:36:40 | 00,000,044 | ---- | C] () -- C:\WINDOWS\liveup.ini
[2002/06/30 15:59:52 | 00,000,033 | ---- | C] () -- C:\WINDOWS\logimail.INI
[2002/06/21 13:53:29 | 00,000,254 | ---- | C] () -- C:\WINDOWS\CuWeb.ini
[2002/05/23 21:07:09 | 00,016,973 | ---- | C] () -- C:\WINDOWS\System32\ZWebAuth.dll
[2002/05/11 00:06:56 | 00,000,004 | ---- | C] () -- C:\WINDOWS\uccspecb.sys
[2002/04/26 19:59:13 | 00,000,516 | ---- | C] () -- C:\WINDOWS\Film Factory Screen Saver.ini
[2002/04/23 20:30:49 | 00,014,771 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2002/03/22 06:58:22 | 00,000,000 | ---- | C] () -- C:\WINDOWS\arhelper.INI
[2002/03/22 06:55:37 | 00,001,636 | ---- | C] () -- C:\WINDOWS\mybc32.ini
[2002/03/10 11:42:22 | 00,001,065 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2002/03/10 11:42:20 | 00,088,064 | ---- | C] () -- C:\WINDOWS\System32\AudioExCtl.dll
[2002/03/10 11:39:21 | 00,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2002/03/10 11:38:32 | 00,024,576 | ---- | C] () -- C:\WINDOWS\System32\HcdDll32.dll
[2002/03/10 11:38:32 | 00,005,120 | ---- | C] () -- C:\WINDOWS\System32\HWDll.dll
[2002/02/20 12:52:51 | 00,000,023 | ---- | C] () -- C:\WINDOWS\EPC60.ini
[2002/02/15 18:08:25 | 00,000,475 | ---- | C] () -- C:\WINDOWS\PhotoFantasy.ini
[2002/02/15 18:06:36 | 00,000,765 | ---- | C] () -- C:\WINDOWS\efscan.ini
[2002/02/15 18:06:36 | 00,000,021 | ---- | C] () -- C:\WINDOWS\efaxview.ini
[2002/02/15 18:06:06 | 00,335,872 | ---- | C] () -- C:\WINDOWS\System32\ldf252.dll
[2002/02/15 18:05:13 | 00,002,609 | ---- | C] () -- C:\WINDOWS\PhotoImpression.ini
[2002/02/12 12:06:05 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2002/02/12 12:01:57 | 00,000,076 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2002/02/12 12:01:39 | 00,000,015 | ---- | C] () -- C:\WINDOWS\wgedit.ini
[2002/02/12 12:01:36 | 00,057,344 | ---- | C] () -- C:\WINDOWS\uninstBVRP.dll
[2002/02/12 12:01:27 | 00,004,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\bvrp_pci.sys
[2002/02/12 11:58:22 | 00,000,882 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2002/02/12 11:30:26 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2001/11/15 10:19:38 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2001/11/15 09:31:14 | 00,000,967 | ---- | C] () -- C:\WINDOWS\WIN.INI
[2001/11/15 09:23:42 | 00,000,292 | ---- | C] () -- C:\WINDOWS\SYSTEM.INI
[2000/04/14 17:50:02 | 00,343,040 | ---- | C] () -- C:\WINDOWS\System32\Lffpx7.dll
[1999/01/22 14:46:58 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1998/08/16 06:00:00 | 00,004,096 | ---- | C] () -- C:\WINDOWS\System32\sysres.dll
[1998/06/11 15:08:06 | 00,095,232 | ---- | C] () -- C:\WINDOWS\System32\Lfkodak.dll
[1997/06/13 22:56:08 | 00,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll

========== Files - Modified Within 30 Days ==========

[38 C:\WINDOWS\System32\*.tmp files]
[2 C:\WINDOWS\*.tmp files]
[2 C:\Documents and Settings\Harland Harriman\My Documents\*.tmp files]
[2009/04/24 18:52:21 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Harland Harriman\Desktop\OTListIt2.exe
[2009/04/24 17:00:14 | 00,000,616 | ---- | M] () -- C:\WINDOWS\tasks\RegCure Program Check.job
[2009/04/24 16:29:33 | 00,000,386 | ---- | M] () -- C:\WINDOWS\tasks\Symantec NetDetect.job
[2009/04/24 06:24:57 | 00,465,578 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/04/24 06:24:57 | 00,398,180 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2009/04/24 06:24:57 | 00,060,380 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2009/04/23 22:52:41 | 00,781,909 | ---- | M] () -- C:\Documents and Settings\Harland Harriman\Desktop\RSIT.exe
[2009/04/23 22:46:12 | 00,360,021 | ---- | M] () -- C:\Documents and Settings\Harland Harriman\Desktop\dds.scr
[2009/04/23 22:39:01 | 00,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2009/04/23 22:38:49 | 00,081,858 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/04/23 22:37:30 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/04/23 22:37:24 | 00,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2009/04/23 22:37:19 | 53,590,4256 | -HS- | M] () -- C:\hiberfil.sys
[2009/04/23 21:59:46 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Harland Harriman\Desktop\HijackThis.lnk
[2009/04/23 09:00:44 | 00,000,550 | ---- | M] () -- C:\WINDOWS\tasks\RegCure.job
[2009/04/20 23:38:57 | 00,000,349 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\PCLECHAL.INI
[2009/04/20 01:42:00 | 00,000,282 | ---- | M] () -- C:\WINDOWS\tasks\Disk Cleanup.job
[2009/04/17 03:06:26 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/04/09 08:57:30 | 00,002,473 | ---- | M] () -- C:\Documents and Settings\Harland Harriman\Desktop\Microsoft Office FrontPage 2003.lnk
[2009/04/03 07:59:23 | 00,168,201 | ---- | M] () -- C:\Documents and Settings\Harland Harriman\Desktop\fesnowcdv2.JPG
[2009/04/03 07:42:26 | 00,000,529 | ---- | M] () -- C:\WINDOWS\lexstat.ini
[2009/04/02 09:34:18 | 00,107,514 | ---- | M] () -- C:\Documents and Settings\Harland Harriman\Desktop\sumner2.JPG
[2009/04/02 09:33:30 | 00,192,371 | ---- | M] () -- C:\Documents and Settings\Harland Harriman\Desktop\sumner.JPG
[2009/04/02 09:31:22 | 00,173,440 | ---- | M] () -- C:\Documents and Settings\Harland Harriman\Desktop\mcclellancdv.JPG
[2009/04/02 07:20:58 | 00,000,629 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\RegCure.lnk
[2009/04/01 05:40:51 | 00,000,582 | ---- | M] () -- C:\Documents and Settings\Harland Harriman\My Documents\My Sharing Folders.lnk
[2009/03/30 08:39:55 | 00,001,176 | -H-- | M] () -- C:\IPH.PH
[2009/03/30 08:39:18 | 00,001,674 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AIM 6.lnk
[2009/03/29 22:11:32 | 00,870,128 | ---- | M] () -- C:\WINDOWS\System32\mcs.rma
[2009/03/29 22:11:32 | 00,000,004 | ---- | M] () -- C:\WINDOWS\System32\910566
[2009/03/27 03:09:32 | 01,193,414 | ---- | M] () -- C:\WINDOWS\System32\dllcache\sysmain.sdb

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Harland Harriman\Desktop\dds.scr:SummaryInformation
@Alternate Data Stream - 164 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5CB1E0D3
< End of report >

Edited by harjon, 24 April 2009 - 06:17 PM.


#4 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:10:57 PM

Posted 25 April 2009 - 08:09 AM

Run OTListIt2.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTLI
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - Reg Error: Key error. File not found
    O2 - BHO: (no name) - {87B88B8B-4147-4E33-B99E-5C3CA500C608} - Reg Error: Value error. File not found
    O3 - HKU\S-1-5-21-3689853989-1376643981-488748980-1006\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Key error. File not found
    O3 - HKU\S-1-5-21-3689853989-1376643981-488748980-1006\..\Toolbar\ShellBrowser: (no name) - {46AE04C0-BCFA-4728-90E7-00EB4A8B3863} - Reg Error: Key error. File not found
    O3 - HKU\S-1-5-21-3689853989-1376643981-488748980-1006\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Reg Error: Key error. File not found
    O3 - HKU\S-1-5-21-3689853989-1376643981-488748980-1006\..\Toolbar\WebBrowser: (no name) - {40D41A8B-D79B-43D7-99A7-9EE0F344C385} - Reg Error: Value error. File not found
    O3 - HKU\S-1-5-21-3689853989-1376643981-488748980-1006\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Key error. File not found
    O3 - HKU\S-1-5-21-3689853989-1376643981-488748980-1006\..\Toolbar\WebBrowser: (no name) - {46AE04C0-BCFA-4728-90E7-00EB4A8B3863} - Reg Error: Key error. File not found
    O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZJxdm025RZUS File not found
    O21 - SSODL: sqkRCaSl - {347371F7-9ED9-DB5D-2351-6A9E63CFBBCD} - CLSID or File not found.
    O28 - HKLM ShellExecuteHooks: {E9BD0828-1FD9-410C-A50F-43EBE65D310F} - Reg Error: Key error. File not found
    
    :Commands
    [purity]
    [emptytemp]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then post a new OTL2 log

=================



Please download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
  • Open JavaRa.exe again and select Search For Updates.
  • Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.

=================


Please do an online scan with Kaspersky WebScanner.
  • Please visit the Kaspersky Online Scanner website.
  • Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#5 harjon

harjon
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:57 PM

Posted 26 April 2009 - 06:21 AM

New OTLISTIT file after doing what you requested. going to download java now.

========== OTLISTIT ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{87B88B8B-4147-4E33-B99E-5C3CA500C608}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{87B88B8B-4147-4E33-B99E-5C3CA500C608}\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3689853989-1376643981-488748980-1006\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_USERS\S-1-5-21-3689853989-1376643981-488748980-1006\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{46AE04C0-BCFA-4728-90E7-00EB4A8B3863} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{46AE04C0-BCFA-4728-90E7-00EB4A8B3863}\ not found.
Registry value HKEY_USERS\S-1-5-21-3689853989-1376643981-488748980-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_USERS\S-1-5-21-3689853989-1376643981-488748980-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{40D41A8B-D79B-43D7-99A7-9EE0F344C385} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40D41A8B-D79B-43D7-99A7-9EE0F344C385}\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3689853989-1376643981-488748980-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_USERS\S-1-5-21-3689853989-1376643981-488748980-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{46AE04C0-BCFA-4728-90E7-00EB4A8B3863} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{46AE04C0-BCFA-4728-90E7-00EB4A8B3863}\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&Search\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\sqkRCaSl deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{347371F7-9ED9-DB5D-2351-6A9E63CFBBCD}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{E9BD0828-1FD9-410C-A50F-43EBE65D310F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E9BD0828-1FD9-410C-A50F-43EBE65D310F}\ not found.
========== COMMANDS ==========
File delete failed. C:\Documents and Settings\Harland Harriman\Local Settings\Temp\Temporary Internet Files\Content.IE5\ZOLD3D85\sun-rubber_Vintage-Antique-Toys_W0QQcatrefZC12QQcoactionZcompareQQcoentrypageZsearchQQcopagenumZ1QQfromZR10QQfsooZ1QQfsopZ1QQftrtZ1QQftrvZ1QQsacatZ717QQsaprchiZQQsaprclo[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Harland Harriman\Local Settings\Temp\Temporary Internet Files\Content.IE5\STMVK5IR\AccountOverview-inside;lang=en_US;acct=biz;resid=US;PVDN=none;debit=true;bcapp=true;bcpre=true;verif=true;ebayS=true;ebayB=true;F1=f;F2=f;F3=f;F4=t;F5=t;F6=t;F7=t;F8=f;F[2] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Harland Harriman\Local Settings\Temp\Temporary Internet Files\Content.IE5\STMVK5IR\AccountOverview-inside;lang=en_US;acct=biz;resid=US;PVDN=none;debit=true;bcapp=true;bcpre=true;verif=true;ebayS=true;ebayB=true;F1=f;F2=f;F3=f;F4=t;F5=t;F6=t;F7=t;F8=f;F[3] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Harland Harriman\Local Settings\Temp\Temporary Internet Files\Content.IE5\STMVK5IR\CHICAGO-HISTORICAL-SOCIETY_W0QQcatrefZC6QQcoactionZcompareQQcoentrypageZsearchQQcopagenumZ1QQfromZR10QQfrtsZ200QQfsooZ1QQfsopZ1QQftrtZ1QQftrvZ1QQftsZ2QQsacatZQ2d1QQsaprc[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Harland Harriman\Local Settings\Temp\Temporary Internet Files\Content.IE5\STMVK5IR\WESTERN-SHIRT_W0QQcatrefZC6QQcoactionZcompareQQcoentrypageZsearchQQcopagenumZ1QQfromZR10QQfsooZ2QQfsopZ2QQftrtZ1QQftrvZ1QQsacatZQ2d1QQsaprchiZQQsaprcloZQQsbrsrtZd[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Harland Harriman\Local Settings\Temp\Temporary Internet Files\Content.IE5\STMVK5IR\_W0QQcatrefZC6QQcoactionZcompareQQcoentrypageZsearchQQcopagenumZ1QQfisZ2QQfromZR32QQfrppZ25QQfrtsZ25QQfsooZ2QQfsopZ3QQsacatZQ2d1QQsassZbackQ5finQ5ftymes2QQsbrsrtZd[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Harland Harriman\Local Settings\Temp\Temporary Internet Files\Content.IE5\STMVK5IR\_W0QQcatrefZC6QQcoactionZcompareQQcoentrypageZsearchQQcopagenumZ1QQfisZ2QQfromZR32QQfrppZ25QQfsooZ2QQfsopZ3QQsacatZQ2d1QQsaprchiZQQsaprcloZQQsassZbackQ5finQ5ftymes2QQsat[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Harland Harriman\Local Settings\Temp\Temporary Internet Files\Content.IE5\QPO3I5UX\war-ration-book_W0QQcatrefZC6QQcoactionZcompareQQcoentrypageZsearchQQcopagenumZ1QQfisZ2QQfromZR32QQfsooZ2QQfsopZ3QQsacatZQ2d1QQsaprchiZQQsaprcloZQQsbrsrtZd[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Harland Harriman\Local Settings\Temp\Temporary Internet Files\Content.IE5\O1EFK5IF\AccountOverview-inside;lang=en_US;acct=biz;resid=US;PVDN=none;debit=true;bcapp=true;bcpre=true;verif=true;ebayS=true;ebayB=true;F1=f;F2=f;F3=f;F4=t;F5=t;F6=t;F7=t;F8=f;F[2] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Harland Harriman\Local Settings\Temp\Temporary Internet Files\Content.IE5\O1EFK5IF\AccountOverview-inside;lang=en_US;acct=biz;resid=US;PVDN=none;debit=true;bcapp=true;bcpre=true;verif=true;ebayS=true;ebayB=true;F1=f;F2=f;F3=f;F4=t;F5=t;F6=t;F7=t;F8=f;F[3] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Harland Harriman\Local Settings\Temp\Temporary Internet Files\Content.IE5\O1EFK5IF\AccountOverview-inside;lang=en_US;acct=biz;resid=US;PVDN=none;debit=true;bcapp=true;bcpre=true;verif=true;ebayS=true;ebayB=true;F1=f;F2=f;F3=f;F4=t;F5=t;F6=t;F7=t;F8=f;F[4] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Harland Harriman\Local Settings\Temp\Temporary Internet Files\Content.IE5\O1EFK5IF\perfect-picture-puzzles_W0QQcatrefZC6QQfromZR10QQfsooZ1QQfsopZ1QQftrtZ1QQftrvZ1QQpqryZPERFECTQ20PICTUREQ20PUQ5AQ5AELSQQsacatZQ2d1QQsaprchiZQQsaprcloZQQsofocusZbs[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Harland Harriman\Local Settings\Temp\Temporary Internet Files\Content.IE5\NK3YC121\CA49PFS6.com%2Fsearch%3Fhl%3Den%26lr%3D%26q%3DCHARLES%2BFECHTER%26btnG%3DSearch&cc=100&u_h=768&u_w=1024&u_ah=740&u_aw=1024&u_cd=32&u_tz=-240&u_his=148&u_java=true scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Harland Harriman\Local Settings\Temp\Temporary Internet Files\Content.IE5\K5Y3CT2V\imgres[1]. scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Harland Harriman\Local Settings\Temp\Temporary Internet Files\Content.IE5\K1QPV75T\CAS5Q3KD.com%2Fsearch%3Fhl%3Den%26lr%3D%26q%3DCHARLES%2BFECHTER%26btnG%3DSearch&cc=100&u_h=768&u_w=1024&u_ah=740&u_aw=1024&u_cd=32&u_tz=-240&u_his=148&u_java=true scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Harland Harriman\Local Settings\Temp\Temporary Internet Files\Content.IE5\ETROP8BY\fisher-mickey-mouse_W0QQcatrefZC6QQcoactionZcompareQQcoentrypageZsearchQQcopagenumZ1QQfisZ2QQfromZR32QQfsooZ2QQfsopZ3QQsacatZQ2d1QQsaprchiZQQsaprcloZQQsbrsrtZd[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Harland Harriman\Local Settings\Temp\Temporary Internet Files\Content.IE5\ETROP8BY\warcraft-account_W0QQcatrefZC6QQcoactionZcompareQQcoentrypageZsearchQQcopagenumZ1QQfisZ2QQfromZR32QQfsooZ2QQfsopZ3QQsacatZQ2d1QQsaprchiZgoodQ5friddanceQ5fauctionsQ5fllcQ[1] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Harland Harriman\Local Settings\Temp\Temporary Internet Files\Content.IE5\BLPXYBDA\AccountOverview-inside;lang=en_US;acct=biz;resid=US;PVDN=none;debit=true;bcapp=true;bcpre=true;verif=true;ebayS=true;ebayB=true;F1=f;F2=f;F3=f;F4=t;F5=t;F6=t;F7=t;F8=f;F[2] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Harland Harriman\Local Settings\Temp\Temporary Internet Files\Content.IE5\BLPXYBDA\AccountOverview-inside;lang=en_US;acct=biz;resid=US;PVDN=none;debit=true;bcapp=true;bcpre=true;verif=true;ebayS=true;ebayB=true;F1=f;F2=f;F3=f;F4=t;F5=t;F6=t;F7=t;F8=f;F[3] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Harland Harriman\Local Settings\Temp\Temporary Internet Files\Content.IE5\BLPXYBDA\GAY-INT-PHOTO_Other-Antique-Images_W0QQa43ZQ2d24QQa44ZQ2d24QQa47ZQ2d24QQalistZa44Q2ca52Q2ca43Q2ca47Q2ca3801QQcatrefZC6QQcoactionZcompareQQcoentrypageZsearchQQcopagenumZ1[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Harland Harriman\Local Settings\Temp\Temporary Internet Files\Content.IE5\BLPXYBDA\griswold-stove_W0QQcatrefZC6QQcoactionZcompareQQcoentrypageZsearchQQcopagenumZ1QQfromZR10QQfsooZ2QQfsopZ2QQftrtZ1QQftrvZ1QQpqryZGRISWALDQ20STOVEQQsacatZQ2d1QQsaprchiZQQs[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Harland Harriman\Local Settings\Temp\Temporary Internet Files\Content.IE5\BLPXYBDA\puzzle_W0QQcatrefZC6QQcoactionZcompareQQcoentrypageZsearchQQcopagenumZ1QQfromZR10QQfsooZ2QQfsopZ3QQftrtZ1QQftrvZ1QQsacatZQ2d1QQsaprchiZQQsaprcloZQQsbrsrtZd[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Harland Harriman\Local Settings\Temp\Temporary Internet Files\Content.IE5\BLPXYBDA\warcraft-account_W0QQcoactionZcompareQQcoentrypageZsearchQQcopagenumZ1QQfisZ2QQfromZR32QQfsooZ2QQfsopZ3QQsacatZQ2d1QQsaprchiZQQsaprcloZQQsbrsrtZd[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Harland Harriman\Local Settings\Temp\Temporary Internet Files\Content.IE5\B4XN6RTV\original-rubiks-cube_W0QQcatrefZC6QQcoactionZcompareQQcoentrypageZsearchQQcopagenumZ1QQfisZ2QQfromZR32QQfsooZ2QQfsopZ3QQsacatZQ2d1QQsaprchiZQQsaprcloZQQsbrsrtZd[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Harland Harriman\Local Settings\Temp\Temporary Internet Files\Content.IE5\B4XN6RTV\photographic_images;kw=antique+pre-1940;cat=1;cat=14277;cat=407;cat=13706;cat=15906;dcopt=ist;tcat=15906;items=205;sz=440x198;tile=4;ord=1159287082671;[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Harland Harriman\Local Settings\Temp\Temporary Internet Files\Content.IE5\8LMJ8DEJ\AccountOverview-inside;lang=en_US;acct=biz;resid=US;PVDN=none;debit=true;bcapp=true;bcpre=true;verif=true;ebayS=true;ebayB=true;F1=f;F2=f;F3=f;F4=t;F5=t;F6=t;F7=t;F8=f;F[2] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Harland Harriman\Local Settings\Temp\Temporary Internet Files\Content.IE5\8LMJ8DEJ\AccountOverview-inside;lang=en_US;acct=biz;resid=US;PVDN=none;debit=true;bcapp=true;bcpre=true;verif=true;ebayS=true;ebayB=true;F1=f;F2=f;F3=f;F4=t;F5=t;F6=t;F7=t;F8=f;F[3] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Harland Harriman\Local Settings\Temp\Temporary Internet Files\Content.IE5\8LMJ8DEJ\AccountOverview-inside;lang=en_US;acct=biz;resid=US;PVDN=none;debit=true;bcapp=true;bcpre=true;verif=true;ebayS=true;ebayB=true;F1=f;F2=f;F3=f;F4=t;F5=t;F6=t;F7=t;F8=f;F[4] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Harland Harriman\Local Settings\Temp\Temporary Internet Files\Content.IE5\8LMJ8DEJ\myebayselling;dcopt=ist;pos=1;ssmt=pro;sstt=3;ssrt=plus;ssat=none;spmt=none;ups=true;sstl=2;seg=US_RTM_AllStoreSellers_031006;sz=150x36;tile=1;ord=1158805323625;[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Harland Harriman\Local Settings\Temp\Temporary Internet Files\Content.IE5\892BOP2B\lead-soldiers_W0QQcatrefZC6QQcoactionZcompareQQcoentrypageZsearchQQcopagenumZ1QQfromZR10QQfsooZ2QQfsopZ3QQftrtZ1QQftrvZ1QQsacatZQ2d1QQsaprchiZQQsaprcloZQQsbrsrtZd[1].htm scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\Harland Harriman\Local Settings\Temporary Internet Files\Content.IE5\V5OGNC1Z\getInlineGalleryData[1]. scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Harland Harriman\Local Settings\Temporary Internet Files\Content.IE5\SI97V1CY\index[2].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Harland Harriman\Local Settings\Temporary Internet Files\Content.IE5\PGYI5WEB\sony-personal-sound-system-cfd_W0QQsofocusZbsQQsbrftogZ0QQfromZR10QQsotrZ2QQsosortpropertyZ1QQsosortorderZ1[1]. scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Harland Harriman\Local Settings\Temporary Internet Files\Content.IE5\N0RBFV0V\fi76dseyf2[1]. scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Harland Harriman\Local Settings\Temporary Internet Files\Content.IE5\K9UB8DAN\images[1]. scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Harland Harriman\Local Settings\Temporary Internet Files\Content.IE5\JE3YNCAK\imgres[1]. scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Harland Harriman\Local Settings\Temporary Internet Files\Content.IE5\I7KFGB0V\search[1]. scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Harland Harriman\Local Settings\Temporary Internet Files\Content.IE5\EM14RG5S\mygroups[1]. scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Harland Harriman\Local Settings\Temporary Internet Files\Content.IE5\EDGDUPYF\search[1]. scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Harland Harriman\Local Settings\Temporary Internet Files\Content.IE5\C56VC927\102-4041217-1662508[1]. scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Harland Harriman\Local Settings\Temporary Internet Files\Content.IE5\AB1RSN91\model11781[1]. scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Harland Harriman\Local Settings\Temporary Internet Files\Content.IE5\AB1RSN91\_W0QQgotopageZ1QQsassZcombichQQsosortorderZ1QQsosortpropertyZ1QQssPageNameZFAVQ3aFQ3aSLLR[1]. scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Harland Harriman\Local Settings\Temporary Internet Files\Content.IE5\8RS2F7E6\offerpts_W0QQanytimeZonQQfromZR8QQhtZ1QQsosortorderZ2QQsosortpropertyZ3QQsotextsearchedZ2[1]. scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Harland Harriman\Local Settings\Temporary Internet Files\Content.IE5\1NNVYUU5\iframe[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Harland Harriman\Local Settings\Temporary Internet Files\Content.IE5\0DE3GT6V\imghp[1]. scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Harland Harriman\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Harland Harriman\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat scheduled to be deleted on reboot.
User's Temporary Internet Files folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\INDEX.DAT scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
File delete failed. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Network Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_f4.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
Temp folders emptied.

OTListIt2 by OldTimer - Version 2.0.14.0 log created on 04262009_064925

Files moved on Reboot...
File C:\Documents and Settings\Harland Harriman\Local Settings\Temp\Temporary Internet Files\Content.IE5\ZOLD3D85\sun-rubber_Vintage-Antique-Toys_W0QQcatrefZC12QQcoactionZcompareQQcoentrypageZsearchQQcopagenumZ1QQfromZR10QQfsooZ1QQfsopZ1QQftrtZ1QQftrvZ1QQsacatZ717QQsaprchiZQQsaprclo[1].htm not found!
File C:\Documents and Settings\Harland Harriman\Local Settings\Temp\Temporary Internet Files\Content.IE5\STMVK5IR\AccountOverview-inside;lang=en_US;acct=biz;resid=US;PVDN=none;debit=true;bcapp=true;bcpre=true;verif=true;ebayS=true;ebayB=true;F1=f;F2=f;F3=f;F4=t;F5=t;F6=t;F7=t;F8=f;F[2] not found!
File C:\Documents and Settings\Harland Harriman\Local Settings\Temp\Temporary Internet Files\Content.IE5\STMVK5IR\AccountOverview-inside;lang=en_US;acct=biz;resid=US;PVDN=none;debit=true;bcapp=true;bcpre=true;verif=true;ebayS=true;ebayB=true;F1=f;F2=f;F3=f;F4=t;F5=t;F6=t;F7=t;F8=f;F[3] not found!
File C:\Documents and Settings\Harland Harriman\Local Settings\Temp\Temporary Internet Files\Content.IE5\STMVK5IR\CHICAGO-HISTORICAL-SOCIETY_W0QQcatrefZC6QQcoactionZcompareQQcoentrypageZsearchQQcopagenumZ1QQfromZR10QQfrtsZ200QQfsooZ1QQfsopZ1QQftrtZ1QQftrvZ1QQftsZ2QQsacatZQ2d1QQsaprc[1].htm not found!
File C:\Documents and Settings\Harland Harriman\Local Settings\Temp\Temporary Internet Files\Content.IE5\STMVK5IR\WESTERN-SHIRT_W0QQcatrefZC6QQcoactionZcompareQQcoentrypageZsearchQQcopagenumZ1QQfromZR10QQfsooZ2QQfsopZ2QQftrtZ1QQftrvZ1QQsacatZQ2d1QQsaprchiZQQsaprcloZQQsbrsrtZd[1].htm not found!
File C:\Documents and Settings\Harland Harriman\Local Settings\Temp\Temporary Internet Files\Content.IE5\STMVK5IR\_W0QQcatrefZC6QQcoactionZcompareQQcoentrypageZsearchQQcopagenumZ1QQfisZ2QQfromZR32QQfrppZ25QQfrtsZ25QQfsooZ2QQfsopZ3QQsacatZQ2d1QQsassZbackQ5finQ5ftymes2QQsbrsrtZd[1].htm not found!
File C:\Documents and Settings\Harland Harriman\Local Settings\Temp\Temporary Internet Files\Content.IE5\STMVK5IR\_W0QQcatrefZC6QQcoactionZcompareQQcoentrypageZsearchQQcopagenumZ1QQfisZ2QQfromZR32QQfrppZ25QQfsooZ2QQfsopZ3QQsacatZQ2d1QQsaprchiZQQsaprcloZQQsassZbackQ5finQ5ftymes2QQsat[1].htm not found!
File C:\Documents and Settings\Harland Harriman\Local Settings\Temp\Temporary Internet Files\Content.IE5\QPO3I5UX\war-ration-book_W0QQcatrefZC6QQcoactionZcompareQQcoentrypageZsearchQQcopagenumZ1QQfisZ2QQfromZR32QQfsooZ2QQfsopZ3QQsacatZQ2d1QQsaprchiZQQsaprcloZQQsbrsrtZd[1].htm not found!
File C:\Documents and Settings\Harland Harriman\Local Settings\Temp\Temporary Internet Files\Content.IE5\O1EFK5IF\AccountOverview-inside;lang=en_US;acct=biz;resid=US;PVDN=none;debit=true;bcapp=true;bcpre=true;verif=true;ebayS=true;ebayB=true;F1=f;F2=f;F3=f;F4=t;F5=t;F6=t;F7=t;F8=f;F[2] not found!
File C:\Documents and Settings\Harland Harriman\Local Settings\Temp\Temporary Internet Files\Content.IE5\O1EFK5IF\AccountOverview-inside;lang=en_US;acct=biz;resid=US;PVDN=none;debit=true;bcapp=true;bcpre=true;verif=true;ebayS=true;ebayB=true;F1=f;F2=f;F3=f;F4=t;F5=t;F6=t;F7=t;F8=f;F[3] not found!
File C:\Documents and Settings\Harland Harriman\Local Settings\Temp\Temporary Internet Files\Content.IE5\O1EFK5IF\AccountOverview-inside;lang=en_US;acct=biz;resid=US;PVDN=none;debit=true;bcapp=true;bcpre=true;verif=true;ebayS=true;ebayB=true;F1=f;F2=f;F3=f;F4=t;F5=t;F6=t;F7=t;F8=f;F[4] not found!
File C:\Documents and Settings\Harland Harriman\Local Settings\Temp\Temporary Internet Files\Content.IE5\O1EFK5IF\perfect-picture-puzzles_W0QQcatrefZC6QQfromZR10QQfsooZ1QQfsopZ1QQftrtZ1QQftrvZ1QQpqryZPERFECTQ20PICTUREQ20PUQ5AQ5AELSQQsacatZQ2d1QQsaprchiZQQsaprcloZQQsofocusZbs[1].htm not found!
File C:\Documents and Settings\Harland Harriman\Local Settings\Temp\Temporary Internet Files\Content.IE5\NK3YC121\CA49PFS6.com%2Fsearch%3Fhl%3Den%26lr%3D%26q%3DCHARLES%2BFECHTER%26btnG%3DSearch&cc=100&u_h=768&u_w=1024&u_ah=740&u_aw=1024&u_cd=32&u_tz=-240&u_his=148&u_java=true not found!
File C:\Documents and Settings\Harland Harriman\Local Settings\Temp\Temporary Internet Files\Content.IE5\K5Y3CT2V\imgres[1]. not found!
File C:\Documents and Settings\Harland Harriman\Local Settings\Temp\Temporary Internet Files\Content.IE5\K1QPV75T\CAS5Q3KD.com%2Fsearch%3Fhl%3Den%26lr%3D%26q%3DCHARLES%2BFECHTER%26btnG%3DSearch&cc=100&u_h=768&u_w=1024&u_ah=740&u_aw=1024&u_cd=32&u_tz=-240&u_his=148&u_java=true not found!
File C:\Documents and Settings\Harland Harriman\Local Settings\Temp\Temporary Internet Files\Content.IE5\ETROP8BY\fisher-mickey-mouse_W0QQcatrefZC6QQcoactionZcompareQQcoentrypageZsearchQQcopagenumZ1QQfisZ2QQfromZR32QQfsooZ2QQfsopZ3QQsacatZQ2d1QQsaprchiZQQsaprcloZQQsbrsrtZd[1].htm not found!
File C:\Documents and Settings\Harland Harriman\Local Settings\Temp\Temporary Internet Files\Content.IE5\ETROP8BY\warcraft-account_W0QQcatrefZC6QQcoactionZcompareQQcoentrypageZsearchQQcopagenumZ1QQfisZ2QQfromZR32QQfsooZ2QQfsopZ3QQsacatZQ2d1QQsaprchiZgoodQ5friddanceQ5fauctionsQ5fllcQ[1] not found!
File C:\Documents and Settings\Harland Harriman\Local Settings\Temp\Temporary Internet Files\Content.IE5\BLPXYBDA\AccountOverview-inside;lang=en_US;acct=biz;resid=US;PVDN=none;debit=true;bcapp=true;bcpre=true;verif=true;ebayS=true;ebayB=true;F1=f;F2=f;F3=f;F4=t;F5=t;F6=t;F7=t;F8=f;F[2] not found!
File C:\Documents and Settings\Harland Harriman\Local Settings\Temp\Temporary Internet Files\Content.IE5\BLPXYBDA\AccountOverview-inside;lang=en_US;acct=biz;resid=US;PVDN=none;debit=true;bcapp=true;bcpre=true;verif=true;ebayS=true;ebayB=true;F1=f;F2=f;F3=f;F4=t;F5=t;F6=t;F7=t;F8=f;F[3] not found!
File C:\Documents and Settings\Harland Harriman\Local Settings\Temp\Temporary Internet Files\Content.IE5\BLPXYBDA\GAY-INT-PHOTO_Other-Antique-Images_W0QQa43ZQ2d24QQa44ZQ2d24QQa47ZQ2d24QQalistZa44Q2ca52Q2ca43Q2ca47Q2ca3801QQcatrefZC6QQcoactionZcompareQQcoentrypageZsearchQQcopagenumZ1[1].htm not found!
File C:\Documents and Settings\Harland Harriman\Local Settings\Temp\Temporary Internet Files\Content.IE5\BLPXYBDA\griswold-stove_W0QQcatrefZC6QQcoactionZcompareQQcoentrypageZsearchQQcopagenumZ1QQfromZR10QQfsooZ2QQfsopZ2QQftrtZ1QQftrvZ1QQpqryZGRISWALDQ20STOVEQQsacatZQ2d1QQsaprchiZQQs[1].htm not found!
File C:\Documents and Settings\Harland Harriman\Local Settings\Temp\Temporary Internet Files\Content.IE5\BLPXYBDA\puzzle_W0QQcatrefZC6QQcoactionZcompareQQcoentrypageZsearchQQcopagenumZ1QQfromZR10QQfsooZ2QQfsopZ3QQftrtZ1QQftrvZ1QQsacatZQ2d1QQsaprchiZQQsaprcloZQQsbrsrtZd[1].htm not found!
File C:\Documents and Settings\Harland Harriman\Local Settings\Temp\Temporary Internet Files\Content.IE5\BLPXYBDA\warcraft-account_W0QQcoactionZcompareQQcoentrypageZsearchQQcopagenumZ1QQfisZ2QQfromZR32QQfsooZ2QQfsopZ3QQsacatZQ2d1QQsaprchiZQQsaprcloZQQsbrsrtZd[1].htm not found!
File C:\Documents and Settings\Harland Harriman\Local Settings\Temp\Temporary Internet Files\Content.IE5\B4XN6RTV\original-rubiks-cube_W0QQcatrefZC6QQcoactionZcompareQQcoentrypageZsearchQQcopagenumZ1QQfisZ2QQfromZR32QQfsooZ2QQfsopZ3QQsacatZQ2d1QQsaprchiZQQsaprcloZQQsbrsrtZd[1].htm not found!
File C:\Documents and Settings\Harland Harriman\Local Settings\Temp\Temporary Internet Files\Content.IE5\B4XN6RTV\photographic_images;kw=antique+pre-1940;cat=1;cat=14277;cat=407;cat=13706;cat=15906;dcopt=ist;tcat=15906;items=205;sz=440x198;tile=4;ord=1159287082671;[1].htm not found!
File C:\Documents and Settings\Harland Harriman\Local Settings\Temp\Temporary Internet Files\Content.IE5\8LMJ8DEJ\AccountOverview-inside;lang=en_US;acct=biz;resid=US;PVDN=none;debit=true;bcapp=true;bcpre=true;verif=true;ebayS=true;ebayB=true;F1=f;F2=f;F3=f;F4=t;F5=t;F6=t;F7=t;F8=f;F[2] not found!
File C:\Documents and Settings\Harland Harriman\Local Settings\Temp\Temporary Internet Files\Content.IE5\8LMJ8DEJ\AccountOverview-inside;lang=en_US;acct=biz;resid=US;PVDN=none;debit=true;bcapp=true;bcpre=true;verif=true;ebayS=true;ebayB=true;F1=f;F2=f;F3=f;F4=t;F5=t;F6=t;F7=t;F8=f;F[3] not found!
File C:\Documents and Settings\Harland Harriman\Local Settings\Temp\Temporary Internet Files\Content.IE5\8LMJ8DEJ\AccountOverview-inside;lang=en_US;acct=biz;resid=US;PVDN=none;debit=true;bcapp=true;bcpre=true;verif=true;ebayS=true;ebayB=true;F1=f;F2=f;F3=f;F4=t;F5=t;F6=t;F7=t;F8=f;F[4] not found!
File C:\Documents and Settings\Harland Harriman\Local Settings\Temp\Temporary Internet Files\Content.IE5\8LMJ8DEJ\myebayselling;dcopt=ist;pos=1;ssmt=pro;sstt=3;ssrt=plus;ssat=none;spmt=none;ups=true;sstl=2;seg=US_RTM_AllStoreSellers_031006;sz=150x36;tile=1;ord=1158805323625;[1].htm not found!
File C:\Documents and Settings\Harland Harriman\Local Settings\Temp\Temporary Internet Files\Content.IE5\892BOP2B\lead-soldiers_W0QQcatrefZC6QQcoactionZcompareQQcoentrypageZsearchQQcopagenumZ1QQfromZR10QQfsooZ2QQfsopZ3QQftrtZ1QQftrvZ1QQsacatZQ2d1QQsaprchiZQQsaprcloZQQsbrsrtZd[1].htm not found!
File C:\Documents and Settings\Harland Harriman\Local Settings\Temporary Internet Files\Content.IE5\V5OGNC1Z\getInlineGalleryData[1]. not found!
C:\Documents and Settings\Harland Harriman\Local Settings\Temporary Internet Files\Content.IE5\SI97V1CY\index[2].htm moved successfully.
File C:\Documents and Settings\Harland Harriman\Local Settings\Temporary Internet Files\Content.IE5\PGYI5WEB\sony-personal-sound-system-cfd_W0QQsofocusZbsQQsbrftogZ0QQfromZR10QQsotrZ2QQsosortpropertyZ1QQsosortorderZ1[1]. not found!
File C:\Documents and Settings\Harland Harriman\Local Settings\Temporary Internet Files\Content.IE5\N0RBFV0V\fi76dseyf2[1]. not found!
File C:\Documents and Settings\Harland Harriman\Local Settings\Temporary Internet Files\Content.IE5\K9UB8DAN\images[1]. not found!
File C:\Documents and Settings\Harland Harriman\Local Settings\Temporary Internet Files\Content.IE5\JE3YNCAK\imgres[1]. not found!
File C:\Documents and Settings\Harland Harriman\Local Settings\Temporary Internet Files\Content.IE5\I7KFGB0V\search[1]. not found!
File C:\Documents and Settings\Harland Harriman\Local Settings\Temporary Internet Files\Content.IE5\EM14RG5S\mygroups[1]. not found!
File C:\Documents and Settings\Harland Harriman\Local Settings\Temporary Internet Files\Content.IE5\EDGDUPYF\search[1]. not found!
File C:\Documents and Settings\Harland Harriman\Local Settings\Temporary Internet Files\Content.IE5\C56VC927\102-4041217-1662508[1]. not found!
File C:\Documents and Settings\Harland Harriman\Local Settings\Temporary Internet Files\Content.IE5\AB1RSN91\model11781[1]. not found!
File C:\Documents and Settings\Harland Harriman\Local Settings\Temporary Internet Files\Content.IE5\AB1RSN91\_W0QQgotopageZ1QQsassZcombichQQsosortorderZ1QQsosortpropertyZ1QQssPageNameZFAVQ3aFQ3aSLLR[1]. not found!
File C:\Documents and Settings\Harland Harriman\Local Settings\Temporary Internet Files\Content.IE5\8RS2F7E6\offerpts_W0QQanytimeZonQQfromZR8QQhtZ1QQsosortorderZ2QQsosortpropertyZ3QQsotextsearchedZ2[1]. not found!
C:\Documents and Settings\Harland Harriman\Local Settings\Temporary Internet Files\Content.IE5\1NNVYUU5\iframe[1].htm moved successfully.
File C:\Documents and Settings\Harland Harriman\Local Settings\Temporary Internet Files\Content.IE5\0DE3GT6V\imghp[1]. not found!
C:\Documents and Settings\Harland Harriman\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat moved successfully.
C:\WINDOWS\temp\Perflib_Perfdata_f4.dat moved successfully.

Registry entries deleted on Reboot...

#6 harjon

harjon
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:57 PM

Posted 26 April 2009 - 06:26 AM

from new java download:
JavaRa 1.12 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Sun Apr 26 07:31:48 2009

Found and removed: C:\Program Files\Java\j2re1.4.2_04

Found and removed: C:\Program Files\Java\jre1.5.0_06

Found and removed: C:\Program Files\Java\jre1.6.0_05

Found and removed: C:\Windows\Installer\{7148F0A8-6813-11D6-A77B-00B0D0142040}

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.4

Found and removed: Software\JavaSoft\Java2D\1.5.0_05

Found and removed: Software\JavaSoft\Java2D\1.5.0_06

Found and removed: Software\JavaSoft\Java2D\1.5.0_10

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610005

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610005

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610005

Found and removed: SOFTWARE\Classes\JavaPlugin.160_05

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_05

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_05

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610005

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610005

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610005

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160050}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7148F0A8-6813-11D6-A77B-00B0D0142040}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F841731866D117AB7000B0D410204

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F841731866D117AB7000B0D410204

Found and removed: SOFTWARE\Classes\JavaPlugin.142_04

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.4.2_04

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.4.2_04

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.4.2_04

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA}

Found and removed: Software\Classes\JavaPlugin.142_04

Found and removed: Software\Classes\JavaPlugin.160_05

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_05

Found and removed: Software\JavaSoft\Java2D\1.6.0_05

Found and removed: Software\JavaSoft\Java Runtime Environment\1.6.0_05

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.5.0_06\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_05\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_05\bin\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_07\bin\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\patch-jre1.6.0_05.b13\

------------------------------------

Finished reporting.

#7 harjon

harjon
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:57 PM

Posted 26 April 2009 - 06:46 AM

I am doing the last step now---I have to get to work but I will finish it when I return home. Thanks for your help. I will post the new file tonight. I can not wrap my head around how anyone would know all of this code, much less understand any of it....props to you!

#8 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:10:57 PM

Posted 26 April 2009 - 10:51 AM

I know the Kaspersky scan usually takes a few hours. Just post back with it when you can.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#9 harjon

harjon
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:57 PM

Posted 26 April 2009 - 10:38 PM

OK That did take a while, here is the result of the scan...bad?

KASPERSKY ONLINE SCANNER 7.0 REPORT
Sunday, April 26, 2009
Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Sunday, April 26, 2009 23:42:14
Records in database: 2081885


Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes

Scan area My Computer
A:\
C:\
D:\
E:\
F:\
G:\

Scan statistics
Files scanned 177333
Threat name 11
Infected objects 19
Suspicious objects 0
Duration of the scan 04:27:32

File name Threat name Threats count
C:\info.exe Infected: Trojan-Downloader.Win32.Searcher.e 1

C:\Program Files\ComPlus Applications\vinojodyw22011.exe Infected: not-a-virus:AdWare.Win32.TTC.c 1

C:\Program Files\Online Services\dibobob.html Infected: Trojan-Clicker.HTML.IFrame.dn 1

C:\Program Files\Trend Micro\HijackThis\backups\backup-20070903-085319-976.dll Infected: Trojan.Win32.BHO.hj 1

C:\VundoFix Backups\bnarnoha.dll.bad Infected: Trojan.Win32.BHO.hj 1

C:\VundoFix Backups\cphnmhmh.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.quj 1

C:\VundoFix Backups\ddcdeff.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.jp 1

C:\VundoFix Backups\iifcbax.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.jp 1

C:\VundoFix Backups\ljjkkhg.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.jp 1

C:\VundoFix Backups\pmnlljk.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.jp 1

C:\VundoFix Backups\wvussro.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.jp 1

C:\VundoFix Backups\xxyyaxy.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.jp 1

C:\VundoFix Backups\xyrwuqww.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.quj 1

C:\WINDOWS\b122.exe Infected: not-a-virus:AdWare.Win32.Rond.c 1

C:\WINDOWS\SYSTEM32\capcom\nab22011.exe Infected: not-a-virus:AdWare.Win32.TTC.c 1

C:\WINDOWS\SYSTEM32\cfig322\icm33o.exe Infected: Trojan-Downloader.Win32.Small.fky 1

C:\WINDOWS\SYSTEM32\f02WtR\f02WtR1065.exe Infected: Trojan-Downloader.Win32.VB.bgd 1

C:\WINDOWS\SYSTEM32\ljdsrngl.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.o 1

C:\WINDOWS\SYSTEM32\wlccbeqq.exe Infected: Trojan.Win32.Agent.bck 1

The selected area was scanned.

#10 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:10:57 PM

Posted 27 April 2009 - 05:14 PM

There is malware present, but we should be able to remove it.


Run OTListIt2.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTLI
    PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    
    :Files
    C:\Program Files\ComPlus Applications\vinojodyw22011.exe 
    C:\Program Files\Online Services\dibobob.html 
    C:\WINDOWS\b122.exe 
    C:\WINDOWS\SYSTEM32\capcom\nab22011.exe 
    C:\WINDOWS\SYSTEM32\cfig322\icm33o.exe 
    C:\WINDOWS\SYSTEM32\f02WtR\f02WtR1065.exe
    C:\WINDOWS\SYSTEM32\ljdsrngl.exe 
    C:\WINDOWS\SYSTEM32\wlccbeqq.exe
    
    :Commands
    [purity]
    [emptytemp]
    [start explorer]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then post a new OTL2 log

===================


Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
If you have a previous version of MBAM, remove it via Add/Remove Programs and download a fresh copy.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you after scanning with MBAM. Please temporarily disable such programs or permit them to allow the changes.


How is your computer behaving now?
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#11 harjon

harjon
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:57 PM

Posted 27 April 2009 - 10:03 PM

new OTlistIT2 log and Malwarebytes log follows that. so far so good? going to reboot now. again thanks for the help.
========== OTLISTIT ==========
Process explorer.exe killed successfully!
========== FILES ==========
C:\Program Files\ComPlus Applications\vinojodyw22011.exe moved successfully.
C:\Program Files\Online Services\dibobob.html moved successfully.
C:\WINDOWS\b122.exe moved successfully.
C:\WINDOWS\SYSTEM32\capcom\nab22011.exe moved successfully.
C:\WINDOWS\SYSTEM32\cfig322\icm33o.exe moved successfully.
C:\WINDOWS\SYSTEM32\f02WtR\f02WtR1065.exe moved successfully.
C:\WINDOWS\SYSTEM32\ljdsrngl.exe moved successfully.
C:\WINDOWS\SYSTEM32\wlccbeqq.exe moved successfully.
========== COMMANDS ==========
File delete failed. C:\Documents and Settings\Harland Harriman\Local Settings\Temp\Temporary Internet Files\Content.IE5\K5Y3CT2V\imgres[1]. scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Harland Harriman\Local Settings\Temp\~DF7787.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\Harland Harriman\Local Settings\Temporary Internet Files\Content.IE5\V5OGNC1Z\getInlineGalleryData[1]. scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Harland Harriman\Local Settings\Temporary Internet Files\Content.IE5\PGYI5WEB\sony-personal-sound-system-cfd_W0QQsofocusZbsQQsbrftogZ0QQfromZR10QQsotrZ2QQsosortpropertyZ1QQsosortorderZ1[1]. scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Harland Harriman\Local Settings\Temporary Internet Files\Content.IE5\N0RBFV0V\fi76dseyf2[1]. scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Harland Harriman\Local Settings\Temporary Internet Files\Content.IE5\K9UB8DAN\images[1]. scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Harland Harriman\Local Settings\Temporary Internet Files\Content.IE5\JE3YNCAK\imgres[1]. scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Harland Harriman\Local Settings\Temporary Internet Files\Content.IE5\I7KFGB0V\search[1]. scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Harland Harriman\Local Settings\Temporary Internet Files\Content.IE5\EM14RG5S\mygroups[1]. scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Harland Harriman\Local Settings\Temporary Internet Files\Content.IE5\EDGDUPYF\search[1]. scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Harland Harriman\Local Settings\Temporary Internet Files\Content.IE5\C56VC927\102-4041217-1662508[1]. scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Harland Harriman\Local Settings\Temporary Internet Files\Content.IE5\AB1RSN91\model11781[1]. scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Harland Harriman\Local Settings\Temporary Internet Files\Content.IE5\AB1RSN91\_W0QQgotopageZ1QQsassZcombichQQsosortorderZ1QQsosortpropertyZ1QQssPageNameZFAVQ3aFQ3aSLLR[1]. scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Harland Harriman\Local Settings\Temporary Internet Files\Content.IE5\9U8J0RO6\iframe[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Harland Harriman\Local Settings\Temporary Internet Files\Content.IE5\9U8J0RO6\index[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Harland Harriman\Local Settings\Temporary Internet Files\Content.IE5\8RS2F7E6\offerpts_W0QQanytimeZonQQfromZR8QQhtZ1QQsosortorderZ2QQsosortpropertyZ3QQsotextsearchedZ2[1]. scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Harland Harriman\Local Settings\Temporary Internet Files\Content.IE5\0DE3GT6V\imghp[1]. scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Harland Harriman\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Harland Harriman\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat scheduled to be deleted on reboot.
User's Temporary Internet Files folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
File delete failed. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Network Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_1ac.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_bb4.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
Temp folders emptied.
Explorer started successfully

OTListIt2 by OldTimer - Version 2.0.14.0 log created on 04272009_225707

Files moved on Reboot...
File C:\Documents and Settings\Harland Harriman\Local Settings\Temp\Temporary Internet Files\Content.IE5\K5Y3CT2V\imgres[1]. not found!
C:\Documents and Settings\Harland Harriman\Local Settings\Temp\~DF7787.tmp moved successfully.
File C:\Documents and Settings\Harland Harriman\Local Settings\Temporary Internet Files\Content.IE5\V5OGNC1Z\getInlineGalleryData[1]. not found!
File C:\Documents and Settings\Harland Harriman\Local Settings\Temporary Internet Files\Content.IE5\PGYI5WEB\sony-personal-sound-system-cfd_W0QQsofocusZbsQQsbrftogZ0QQfromZR10QQsotrZ2QQsosortpropertyZ1QQsosortorderZ1[1]. not found!
File C:\Documents and Settings\Harland Harriman\Local Settings\Temporary Internet Files\Content.IE5\N0RBFV0V\fi76dseyf2[1]. not found!
File C:\Documents and Settings\Harland Harriman\Local Settings\Temporary Internet Files\Content.IE5\K9UB8DAN\images[1]. not found!
File C:\Documents and Settings\Harland Harriman\Local Settings\Temporary Internet Files\Content.IE5\JE3YNCAK\imgres[1]. not found!
File C:\Documents and Settings\Harland Harriman\Local Settings\Temporary Internet Files\Content.IE5\I7KFGB0V\search[1]. not found!
File C:\Documents and Settings\Harland Harriman\Local Settings\Temporary Internet Files\Content.IE5\EM14RG5S\mygroups[1]. not found!
File C:\Documents and Settings\Harland Harriman\Local Settings\Temporary Internet Files\Content.IE5\EDGDUPYF\search[1]. not found!
File C:\Documents and Settings\Harland Harriman\Local Settings\Temporary Internet Files\Content.IE5\C56VC927\102-4041217-1662508[1]. not found!
File C:\Documents and Settings\Harland Harriman\Local Settings\Temporary Internet Files\Content.IE5\AB1RSN91\model11781[1]. not found!
File C:\Documents and Settings\Harland Harriman\Local Settings\Temporary Internet Files\Content.IE5\AB1RSN91\_W0QQgotopageZ1QQsassZcombichQQsosortorderZ1QQsosortpropertyZ1QQssPageNameZFAVQ3aFQ3aSLLR[1]. not found!
C:\Documents and Settings\Harland Harriman\Local Settings\Temporary Internet Files\Content.IE5\9U8J0RO6\iframe[1].htm moved successfully.
C:\Documents and Settings\Harland Harriman\Local Settings\Temporary Internet Files\Content.IE5\9U8J0RO6\index[1].htm moved successfully.
File C:\Documents and Settings\Harland Harriman\Local Settings\Temporary Internet Files\Content.IE5\8RS2F7E6\offerpts_W0QQanytimeZonQQfromZR8QQhtZ1QQsosortorderZ2QQsosortpropertyZ3QQsotextsearchedZ2[1]. not found!
File C:\Documents and Settings\Harland Harriman\Local Settings\Temporary Internet Files\Content.IE5\0DE3GT6V\imghp[1]. not found!
C:\Documents and Settings\Harland Harriman\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat moved successfully.
File C:\WINDOWS\temp\Perflib_Perfdata_1ac.dat not found!
File C:\WINDOWS\temp\Perflib_Perfdata_bb4.dat not found!

Registry entries deleted on Reboot...

Edited by harjon, 27 April 2009 - 10:23 PM.


#12 harjon

harjon
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:57 PM

Posted 27 April 2009 - 11:12 PM

I think my computer is doing the happy dance....Thanks for your help Sam.

#13 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:10:57 PM

Posted 28 April 2009 - 03:59 PM

I'll take that as a good sign! :)
Just a few last things for you.


Run an online scan at Secunia Online Software Inspector
  • Click on the red button at the bottom of the screen that says Start Scanner.
  • Follow the prompts to install the scanning software.
  • Do not check the box for Enable thorough system inspection
  • Click the Start button.
  • The program will scan your system and identify insecure versions of software and missing security updates.
  • Using the links provided in the scan, download and install any current and secure versions that are needed.


================


Run OTListIt and click on the CleanUp button.
Reboot when it asks you to.


================



Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
  • Disable and Enable System Restore. - If you are using Windows ME or XP then you should disable and reenable system restore to make sure there are no infected files found in a restore point left over from what we have just cleaned.

    You can find instructions on how to enable and reenable system restore here:

    Windows XP System Restore Guide

    Renable system restore with instructions from tutorial above

  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
    • From within Internet Explorer click on the Tools menu and then click on Options.
    • Click once on the Security tab
    • Click once on the Internet icon so it becomes highlighted.
    • Click once on the Custom Level button.
      • Change the Download signed ActiveX controls to Prompt
      • Change the Download unsigned ActiveX controls to Disable
      • Change the Initialize and script ActiveX controls not marked as safe to Disable
      • Change the Installation of desktop items to Prompt
      • Change the Launching programs and files in an IFRAME to Prompt
      • Change the Navigate sub-frames across different domains to Prompt
      • When all these settings have been made, click on the OK button.
      • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    • Next press the Apply button and then the OK to exit the Internet Properties page.
  • Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.

    See this link for a listing of some online & their stand-alone antivirus programs:

    Virus, Spyware, and Malware Protection and Removal Resources

  • Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

  • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

    For a tutorial on Firewalls and a listing of some available ones see the link below:

    Understanding and Using Firewalls

  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

  • Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an antivirus software.

    A tutorial on installing & using this product can be found here:

    Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers

  • Install Ad-Aware - Install and download Ad-Aware. ou should also scan your computer with program on a regular basis just as you would an antivirus software in conjunction with Spybot.

    A tutorial on installing & using this product can be found here:

    Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer

  • Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

    A tutorial on installing & using this product can be found here:

    Using SpywareBlaster to protect your computer from Spyware and Malware

  • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

:thumbup2: :step4:
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#14 harjon

harjon
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:57 PM

Posted 28 April 2009 - 05:54 PM

my word, :thumbup2: all of this information is mind numbing...how in the world is an average computer user supposed to keep up with all of this information before they get into trouble??? I give you all credit for the things you do here...amazing.

#15 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:10:57 PM

Posted 29 April 2009 - 01:46 PM

It's not too bad once you get a handle on it. The most important thing you can do is use common sense. Be wary of the internet. Things are not always as they appear. Keep your programs updated and run those scans every so often and you should be just fine. :thumbup2:
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users