Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Xp Total Chaos


  • Please log in to reply
7 replies to this topic

#1 nat

nat

  • Members
  • 262 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Cape Town
  • Local time:08:05 AM

Posted 12 June 2007 - 01:53 AM

Hi All :thumbsup:

Please see my profile for my system info.

I have attached the HJT Log for the purposes of the
following errors et al and included a number of screenshots to aid "the
process!"

1. Google Toolbar dissapeared in both Firefox (main browser)
and IE 7. After re installing and selecting options etc, no response and
unable to load on the toolbar.

2. Outlook 2003 - uninstalled - lost all
my personal folders etc. Shortly after opening a new account I was
totally unable to open - not even in Safe Mode. Additionally, I was
unable to import my personal folders which I am desperate to get back -
Very Important. Detect & Repair does XP Professioanl Edition -
Mine is the HOME Edition. It would appear that
Outlook 2003 is no longer installed.

3. Browser (Firefox) does not open
fully - as in leaves a gap between the Taskbar and Status Bar.

4.
Entire System is very very slow and often
declares "fatal error" or MS...has encountered...and needs to close.

5.
NB I downloaded the trial version of Vista Transformation Pack and I
think this is where things began to go wrong. I have saved HJT logs if
you need to see them.

6. I have kept all my antispyware antivirus up to
date and run regularly, along with Ccleaner amongst others. I also
download and run the latest Smitfraud, today being most recent - log
file available if required.

7. I always say that lots of info is
preferable to lack of info !! So, hence this very detailed post.

Hope
that you can help as I am now beyond desperate!!


Posted Image
Posted Image
Posted Image
Posted Image
Posted Image
Having looked at the HJT Log - what is going on with
the Logitech Desktop Messenger??
Logfile of HijackThis v1.99.1

Logfile of HijackThis v1.99.1
Scan saved at 02:55:03, on 12-Jun-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.windowsxlive.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.windowsxlive.net
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: (no name) - {57F02779-3D88-4958-8AD3-83C12D86ADC7} - (no file)
O2 - BHO: IE7pro BHO - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IE7pro\IE7pro.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {206E52E0-D52E-11D4-AD54-0000E86C26F6} - (no file)
O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {B6FFE2AE-4D12-451F-B457-FE6125FFB1CF} - (no file)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {D5792AA9-D373-4039-8670-2CDAB6A71F15} - (no file)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\PROGRA~1\DAP\dapiebar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll
O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKCU\..\Run: [StickyPassword] C:\Program Files\Sticky Password\stpass.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [UniClipper] "C:\Program Files\EverNote\EverNote\UniClipper.exe"
O4 - Startup: EverNote.lnk = C:\Program Files\EverNote\EverNote\EverNote.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to EverNote - res://C:\Program Files\EverNote\EverNote\enbar.dll/2000
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Browster Prefetch On/Off - res://C:\Program Files\Browster\Browster.dll/CustomPrefetchMenu.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: IE7pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7pro\IE7pro.dll
O9 - Extra 'Tools' menuitem: IE7pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7pro\IE7pro.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Add to EverNote - {A5ABA0BB-F195-40d8-A5E9-0801153E6597} - C:\Program Files\EverNote\EverNote\enbar.dll (HKCU)
O9 - Extra 'Tools' menuitem: Add to EverNote - {A5ABA0BB-F195-40d8-A5E9-0801153E6597} - C:\Program Files\EverNote\EverNote\enbar.dll (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1170432514220
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1179939464125
O18 - Protocol: bw+0 - {AEA85B8F-D80E-4952-BC55-FA86BE78D52D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {AEA85B8F-D80E-4952-BC55-FA86BE78D52D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {AEA85B8F-D80E-4952-BC55-FA86BE78D52D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {AEA85B8F-D80E-4952-BC55-FA86BE78D52D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {AEA85B8F-D80E-4952-BC55-FA86BE78D52D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {AEA85B8F-D80E-4952-BC55-FA86BE78D52D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {AEA85B8F-D80E-4952-BC55-FA86BE78D52D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {AEA85B8F-D80E-4952-BC55-FA86BE78D52D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {AEA85B8F-D80E-4952-BC55-FA86BE78D52D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {AEA85B8F-D80E-4952-BC55-FA86BE78D52D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {AEA85B8F-D80E-4952-BC55-FA86BE78D52D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {AEA85B8F-D80E-4952-BC55-FA86BE78D52D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {AEA85B8F-D80E-4952-BC55-FA86BE78D52D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {AEA85B8F-D80E-4952-BC55-FA86BE78D52D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {AEA85B8F-D80E-4952-BC55-FA86BE78D52D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {AEA85B8F-D80E-4952-BC55-FA86BE78D52D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {AEA85B8F-D80E-4952-BC55-FA86BE78D52D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {AEA85B8F-D80E-4952-BC55-FA86BE78D52D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {AEA85B8F-D80E-4952-BC55-FA86BE78D52D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {AEA85B8F-D80E-4952-BC55-FA86BE78D52D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {AEA85B8F-D80E-4952-BC55-FA86BE78D52D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {AEA85B8F-D80E-4952-BC55-FA86BE78D52D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {AEA85B8F-D80E-4952-BC55-FA86BE78D52D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {AEA85B8F-D80E-4952-BC55-FA86BE78D52D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {AEA85B8F-D80E-4952-BC55-FA86BE78D52D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {AEA85B8F-D80E-4952-BC55-FA86BE78D52D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {AEA85B8F-D80E-4952-BC55-FA86BE78D52D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {AEA85B8F-D80E-4952-BC55-FA86BE78D52D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {AEA85B8F-D80E-4952-BC55-FA86BE78D52D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {AEA85B8F-D80E-4952-BC55-FA86BE78D52D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {AEA85B8F-D80E-4952-BC55-FA86BE78D52D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {AEA85B8F-D80E-4952-BC55-FA86BE78D52D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {AEA85B8F-D80E-4952-BC55-FA86BE78D52D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {AEA85B8F-D80E-4952-BC55-FA86BE78D52D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {AEA85B8F-D80E-4952-BC55-FA86BE78D52D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {AEA85B8F-D80E-4952-BC55-FA86BE78D52D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {AEA85B8F-D80E-4952-BC55-FA86BE78D52D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {AEA85B8F-D80E-4952-BC55-FA86BE78D52D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {AEA85B8F-D80E-4952-BC55-FA86BE78D52D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {AEA85B8F-D80E-4952-BC55-FA86BE78D52D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {AEA85B8F-D80E-4952-BC55-FA86BE78D52D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {AEA85B8F-D80E-4952-BC55-FA86BE78D52D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {AEA85B8F-D80E-4952-BC55-FA86BE78D52D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {AEA85B8F-D80E-4952-BC55-FA86BE78D52D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {AEA85B8F-D80E-4952-BC55-FA86BE78D52D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {AEA85B8F-D80E-4952-BC55-FA86BE78D52D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {AEA85B8F-D80E-4952-BC55-FA86BE78D52D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {AEA85B8F-D80E-4952-BC55-FA86BE78D52D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {AEA85B8F-D80E-4952-BC55-FA86BE78D52D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {AEA85B8F-D80E-4952-BC55-FA86BE78D52D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {AEA85B8F-D80E-4952-BC55-FA86BE78D52D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {AEA85B8F-D80E-4952-BC55-FA86BE78D52D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {AEA85B8F-D80E-4952-BC55-FA86BE78D52D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {AEA85B8F-D80E-4952-BC55-FA86BE78D52D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {AEA85B8F-D80E-4952-BC55-FA86BE78D52D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {AEA85B8F-D80E-4952-BC55-FA86BE78D52D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {AEA85B8F-D80E-4952-BC55-FA86BE78D52D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {AEA85B8F-D80E-4952-BC55-FA86BE78D52D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {AEA85B8F-D80E-4952-BC55-FA86BE78D52D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {AEA85B8F-D80E-4952-BC55-FA86BE78D52D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {AEA85B8F-D80E-4952-BC55-FA86BE78D52D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {AEA85B8F-D80E-4952-BC55-FA86BE78D52D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {AEA85B8F-D80E-4952-BC55-FA86BE78D52D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {AEA85B8F-D80E-4952-BC55-FA86BE78D52D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {AEA85B8F-D80E-4952-BC55-FA86BE78D52D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {AEA85B8F-D80E-4952-BC55-FA86BE78D52D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {AEA85B8F-D80E-4952-BC55-FA86BE78D52D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {AEA85B8F-D80E-4952-BC55-FA86BE78D52D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {AEA85B8F-D80E-4952-BC55-FA86BE78D52D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {AEA85B8F-D80E-4952-BC55-FA86BE78D52D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {AEA85B8F-D80E-4952-BC55-FA86BE78D52D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {AEA85B8F-D80E-4952-BC55-FA86BE78D52D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {AEA85B8F-D80E-4952-BC55-FA86BE78D52D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {AEA85B8F-D80E-4952-BC55-FA86BE78D52D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {AEA85B8F-D80E-4952-BC55-FA86BE78D52D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {AEA85B8F-D80E-4952-BC55-FA86BE78D52D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: offline-8876480 - {AEA85B8F-D80E-4952-BC55-FA86BE78D52D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

XP Professional FIrefox 3


BC AdBot (Login to Remove)

 


#2 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:02:05 AM

Posted 20 June 2007 - 04:37 PM

Hello nat and welcome to the BC HijackThis forum. I don't see any signs of viruses or malware in the log but it does appear that there is some housekeeping we can do so let's do that while you are here.

Start HijackThis and click the Scan button to perform a scan. Look for the following items and click in the checkbox in front of each item to select it:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: (no name) - {57F02779-3D88-4958-8AD3-83C12D86ADC7} - (no file)
O2 - BHO: (no name) - {206E52E0-D52E-11D4-AD54-0000E86C26F6} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {B6FFE2AE-4D12-451F-B457-FE6125FFB1CF} - (no file)
O2 - BHO: (no name) - {D5792AA9-D373-4039-8670-2CDAB6A71F15} - (no file)
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\

Now close ALL open windows except HijackThis and click the Fix Checked button to finish the cleanup.

The HijackThis forum deals exclusively with virus and malware issues. HijackThis does not have the capability to analyze performance, hardware or application issues. For internet browser or email application issues the techs in the Web Browsing/Email and Other Internet Applications forum would be the ones to diagnose those. For XP performance issues the Windows XP Home and Professional forum techs can look at the system to determine if there are any changes necessary.

When posting to any other forum, let them know that you have been to this forum and that no malware was found. and do not post a HijackThis log or the post will simply be moved back to this forum for infection analysis. That is what HijackThis is used for and that is what we specialize in here in this forum.

Also, when posting in any other forum for assistance, give as much detail as possible regarding any issues that are occurring. The more information they have, the better the techs can analyze the issue and make any recommendations for resolving it.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#3 nat

nat
  • Topic Starter

  • Members
  • 262 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Cape Town
  • Local time:08:05 AM

Posted 22 June 2007 - 06:14 AM

Hi Old Timer

Thanks so much for replying.

I have done as you suggested, and am posting the latest HJT Log. I've gotta say that I am struggling with serious problems, so am hoping that the HJT will help to reveal something.

I have attached the screenshots regarding AVG7Core incase it is of any firther relevance to you. ???

Posted Image

Posted Image


I don't know if it is relevant, but I usually use Firefox browser, but that seems to be in a bad state so am now using IE7 to post this to you? Perhaps it's Mozilla Firefox that's at the root of the problem ???

Many thanks :thumbsup:

Logfile of HijackThis v1.99.1
Scan saved at 12:54:42, on 22/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.windowsxlive.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.windowsxlive.net
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: IE7pro BHO - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IE7pro\IE7pro.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\PROGRA~1\DAP\dapiebar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: 1-Click Answers - {7754C418-F62E-44aa-B169-E719E718BCFD} - C:\PROGRA~1\1-CLIC~1\IEToolbar\AnswersToolbarU.dll
O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [SplitView] C:\Program Files\SplitView 2007\SplitScr.exe
O4 - HKLM\..\Run: [Desktop Calendar XP] C:\Program Files\Desktop Calendar XP\Desktop Calendar XP.exe
O4 - HKLM\..\Run: [SmartDefrag] "C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" /startup
O4 - HKCU\..\Run: [StickyPassword] C:\Program Files\Sticky Password\stpass.exe
O4 - HKCU\..\Run: [UniClipper] "C:\Program Files\EverNote\EverNote\UniClipper.exe"
O4 - HKCU\..\Run: [SplitScreen] C:\Program Files\SplitView 2007\SplitScr.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: EverNote.lnk = C:\Program Files\EverNote\EverNote\EverNote.exe
O4 - Global Startup: 1-Click Answers.lnk = C:\Program Files\1-Click Answers\answers.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to EverNote - res://C:\Program Files\EverNote\EverNote\enbar.dll/2000
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Answers... - file://C:\Program Files\1-Click Answers\Html\atiemenu.htm
O8 - Extra context menu item: Browster Prefetch On/Off - res://C:\Program Files\Browster\Browster.dll/CustomPrefetchMenu.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: IE7pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7pro\IE7pro.dll
O9 - Extra 'Tools' menuitem: IE7pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7pro\IE7pro.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Add to EverNote - {A5ABA0BB-F195-40d8-A5E9-0801153E6597} - C:\Program Files\EverNote\EverNote\enbar.dll (HKCU)
O9 - Extra 'Tools' menuitem: Add to EverNote - {A5ABA0BB-F195-40d8-A5E9-0801153E6597} - C:\Program Files\EverNote\EverNote\enbar.dll (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1170432514220
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1179939464125
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SQL Server (MSSMLBIZ) (MSSQL$MSSMLBIZ) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ (file missing)

XP Professional FIrefox 3


#4 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:02:05 AM

Posted 22 June 2007 - 11:27 AM

Hi nat. the HJT log looks good. No signs of viruses or malware there.

AVG7.5 will not run in Safe Mode unless it has been updated to the latest release. There were some problems with the version released in the April/May timeframe.

I don't think you are dealing with any type of infection or malware. Some users have reported the Vista Transformation Pack hosed their systems up. If the issues started after installing that then you might be one of the unlucky users to have that happen.

Just to be sure let's see if we can run 1 other scan and see if it shows anything. If nothing shows up in that scan then it would probably be time to start thinking about backing up any critical data and reinstalling the OS.

Download WinPFind3u.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind3u on your desktop.

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Open the WinPFind3u folder and double-click on WinPFind3U.exe to start the program.
  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in.

If, after posting, the last line is not < End of Report > then the log is too big to fit into a single post and you will need to split it into multiple posts.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#5 nat

nat
  • Topic Starter

  • Members
  • 262 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Cape Town
  • Local time:08:05 AM

Posted 22 June 2007 - 01:31 PM

Hi. I have run the WINPFind - log below.

Regarding what you said about AVG and Vista - the AVG issues are in Normal Mode, and at some point I did have the Vista Transformation Pack, and this when, as far as I can recall, all the problems started to occur. I think that I have uninstalled it, but not sure. If this is about Vista, what can be done about it??


AVG7.5 will not run in Safe Mode unless it has been updated to the latest release. There were some problems with the version released in the April/May timeframe.

I don't think you are dealing with any type of infection or malware. Some users have reported the Vista Transformation Pack hosed their systems up. If the issues started after installing that then you might be one of the unlucky users to have that happen




With regard to possibly having to reinstall the OS, what does that involve. I don't have any CD's for XP home.

[color="#0000FF"]In my initial post:

http://www.bleepingcomputer.com/forums/t/95764/xp-total-chaos/

2. Outlook 2003 - uninstalled - lost all
my personal folders etc. Shortly after opening a new account I was
totally unable to open - not even in Safe Mode. Additionally, I was
unable to import my personal folders which I am desperate to get back -
Very Important. Detect & Repair does XP Professioanl Edition -
Mine is the HOME Edition. It would appear that
Outlook 2003 is no longer installed.


One of my main concerns for me was that Outlook 2003 was detect & Repair WIN XP PROFFESIONAL, and as you know, I have XP HOME. What is this all about?[/color]






WinPFind3 logfile created on: 22/06/2007 19:58:44
WinPFind3U by OldTimer - Version 1.0.38 Folder = C:\Documents and Settings\Natasha\Desktop\WinPFind3u\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 7.0.5730.11)

446.48 Mb Total Physical Memory | 159.25 Mb Available Physical Memory | 35.67% Memory free
1.03 Gb Paging File | 0.80 Gb Available in Paging File | 77.91% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 5.58 Gb Free Space | 14.98% Space Free
Drive D: | 37.27 Gb Total Space | 37.20 Gb Free Space | 99.82% Space Free
E: Drive not present or media not loaded
F: Drive not present or media not loaded

Computer Name: NICK
Current User Name: Natasha
Logged in as Administrator.
Current Boot Mode: Normal


[Processes - Non-Microsoft Only]
ati2evxx.exe -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4119 | Size = 376832 bytes | Modified Date = 31/08/2005 07:36:10 | Attr = ]
googleupdaterservice.exe -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.2.824.5515.beta | Size = 138680 bytes | Modified Date = 09/05/2007 18:12:42 | Attr = ]
guard.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 204800 bytes | Modified Date = 28/09/2006 16:13:20 | Attr = ]
winpfind3u.exe -> %UserDesktop%\WinPFind3u\WinPFind3U.exe -> OldTimer Tools [Ver = 1.0.38.0 | Size = 318976 bytes | Modified Date = 22/05/2007 18:27:40 | Attr = ]

[Win32 Services - Non-Microsoft Only]
(Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Auto | Running] -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4119 | Size = 376832 bytes | Modified Date = 31/08/2005 07:36:10 | Attr = ]
(ATI Smart) ATI Smart [Win32_Own | Auto | Stopped] -> %System32%\ati2sgag.exe -> [Ver = 5.13.0024 | Size = 516096 bytes | Modified Date = 30/08/2005 21:05:00 | Attr = ]
(AVG Anti-Spyware Guard) AVG Anti-Spyware Guard [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 204800 bytes | Modified Date = 28/09/2006 16:13:20 | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 04/08/2004 14:00:00 | Attr = ]
(GoogleDesktopManager) GoogleDesktopManager [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Google\Google Desktop Search\GoogleDesktop.exe -> Google [Ver = 5.1.705.4505 | Size = 1831936 bytes | Modified Date = 13/06/2007 18:43:54 | Attr = ]
(gusvc) Google Updater Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.2.824.5515.beta | Size = 138680 bytes | Modified Date = 09/05/2007 18:12:42 | Attr = ]
(iPod Service) iPod Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.1.1.5 | Size = 500800 bytes | Modified Date = 14/03/2007 19:05:42 | Attr = ]

[Registry - Non-Microsoft Only]
< OptionalComponents [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\
IMAIL -> Installed = 1 ->
MAPI -> Installed = 1 ->
MSFS -> Installed = 1 ->
< AppInit_DLLs [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls ->
C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL -> %ProgramFiles%\Google\Google Desktop Search\GoogleDesktopNetwork3.dll -> Google [Ver = 5.1.705.4505 | Size = 144896 bytes | Modified Date = 13/06/2007 18:43:54 | Attr = ]
< ShellExecuteHooks [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
{57B86673-276A-48B2-BAE7-C6DBB3020EB8} [HKLM] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [AVG Anti-Spyware 7.5] -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 73728 bytes | Modified Date = 28/09/2006 16:13:28 | Attr = ]
{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} [HKLM] -> %ProgramFiles%\SUPERAntiSpyware\SASSEH.DLL [] -> SuperAdBlocker.com [Ver = 1, 0, 0, 1008 | Size = 77824 bytes | Modified Date = 20/12/2006 12:55:48 | Attr = ]
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
< Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
WgaLogon -> Reg Data - Value does not exist -> File not found
< CurrentVersion Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\\NoCDBurning -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\\LinkResolveIgnoreLinkInfo -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\\NoResolveSearch -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
< CurrentVersion Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\\NoResolveTrack -> 1 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\ClearRecentDocsOnExit -> 1 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoRecentDocsMenu -> 1 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\LinkResolveIgnoreLinkInfo -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\Shell\ -> ->
< HOSTS File > (792 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts
127.0.0.1 Localhost -> ->
< Internet Explorer Settings > ->
HKLM: Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome ->
HKLM: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKLM: Local Page -> C:\windows\system32\blank.htm ->
HKLM: Search Page -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKLM: Start Page -> http://www.windowsxlive.net ->
HKLM: CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKLM: Search\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKLM: SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
HKCU: Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKCU: Local Page -> C:\WINDOWS\SYSTEM32\blank.htm ->
HKCU: Search Page -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKCU: Start Page -> http://www.windowsxlive.net ->
HKCU: CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKCU: Search\\Default_Search_URL -> http://www.google.com/ie ->
HKCU: URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2006, 10, 26, 1 | Size = 440384 bytes | Modified Date = 26/10/2006 10:28:40 | Attr = ]
HKCU: ProxyEnable -> 0 ->
< Trusted Sites > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
msn.com [ - ] -> ->
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{00011268-E188-40DF-A514-835FCD78B1BF} [HKLM] -> %ProgramFiles%\IE7pro\IE7pro.dll [IE7pro BHO] -> IE7pro.com [Ver = 0, 9, 0, 10 | Size = 520192 bytes | Modified Date = 10/02/2007 16:38:38 | Attr = ]
{02478D38-C3F9-4EFB-9B51-7695ECA05670} [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar Helper] -> Yahoo! Inc. [Ver = 2006, 10, 26, 1 | Size = 440384 bytes | Modified Date = 26/10/2006 10:28:40 | Attr = ]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 8.0.0.2006102200 | Size = 62080 bytes | Modified Date = 22/10/2006 23:08:42 | Attr = ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_01\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 501400 bytes | Modified Date = 14/03/2007 03:43:40 | Attr = ]
{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKLM] -> %ProgramFiles%\Google\googletoolbar1.dll [Google Toolbar Helper] -> Google Inc. [Ver = 4, 0, 1602, 1060 | Size = 2554944 bytes | Modified Date = 12/06/2007 10:56:06 | Attr = R ]
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKLM] -> %ProgramFiles%\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll [Google Toolbar Notifier BHO] -> Google Inc. [Ver = 2, 0, 301, 7164 | Size = 325048 bytes | Modified Date = 12/06/2007 10:56:08 | Attr = ]
< Internet Explorer ToolBars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
{2318C2B1-4965-11d4-9B18-009027A5CD4F} [HKLM] -> %ProgramFiles%\Google\googletoolbar1.dll [&Google] -> Google Inc. [Ver = 4, 0, 1602, 1060 | Size = 2554944 bytes | Modified Date = 12/06/2007 10:56:06 | Attr = R ]
{327C2873-E90D-4c37-AA9D-10AC9BABA46C} [HKLM] -> %ProgramFiles%\Canon\Easy-WebPrint\Toolband.dll [Easy-WebPrint] -> [Ver = 2, 5, 0, 25 | Size = 405504 bytes | Modified Date = 16/04/2004 19:43:12 | Attr = ]
{62999427-33FC-4baf-9C9C-BCE6BD127F08} [HKLM] -> %ProgramFiles%\DAP\DAPIEBar.dll [DAP Bar] -> [Ver = 5, 3, 9, 9 | Size = 573514 bytes | Modified Date = 20/02/2007 01:27:26 | Attr = ]
{7754C418-F62E-44aa-B169-E719E718BCFD} [HKLM] -> %ProgramFiles%\1-Click Answers\IEToolbar\AnswersToolbarU.dll [1-Click Answers] -> Answers Corporation [Ver = 2.1 (build 521) | Size = 458752 bytes | Modified Date = 21/11/2006 18:25:06 | Attr = ]
{D2F8F919-690B-4EA2-9FA7-A203D1E04F75} [HKLM] -> %ProgramFiles%\Styler\TB\StylerTB.dll [StylerToolBar] -> StyleFantasist [Ver = 1, 1, 8, 0 | Size = 102400 bytes | Modified Date = 02/05/2006 04:31:26 | Attr = ]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2006, 10, 26, 1 | Size = 440384 bytes | Modified Date = 26/10/2006 10:28:40 | Attr = ]
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKLM] -> %ProgramFiles%\Google\googletoolbar1.dll [&Google] -> Google Inc. [Ver = 4, 0, 1602, 1060 | Size = 2554944 bytes | Modified Date = 12/06/2007 10:56:06 | Attr = R ]
WebBrowser\\{57F02779-3D88-4958-8AD3-83C12D86ADC7} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
WebBrowser\\{7754C418-F62E-44AA-B169-E719E718BCFD} [HKLM] -> %ProgramFiles%\1-Click Answers\IEToolbar\AnswersToolbarU.dll [1-Click Answers] -> Answers Corporation [Ver = 2.1 (build 521) | Size = 458752 bytes | Modified Date = 21/11/2006 18:25:06 | Attr = ]
WebBrowser\\{BE1D6C5B-250E-474D-ACA0-E437D20019CE} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{0026439F-A980-4f18-8C95-4F1CBBF9C1D8} -> Reg Data - Value does not exist [ButtonText: IE7pro Preferences] -> File not found
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_01\bin\npjpi160_01.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 132760 bytes | Modified Date = 14/03/2007 03:43:42 | Attr = ]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKCU] -> %ProgramFiles%\Java\jre1.6.0_01\bin\ssv.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 501400 bytes | Modified Date = 14/03/2007 03:43:40 | Attr = ]
{92780B25-18CC-41C8-B9BE-3C9C571A8263} -> Reg Data - Value does not exist [ButtonText: Research] -> File not found
{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> Reg Data - Key not found [MenuText: @xpsp3res.dll,-20001] -> File not found
< Internet Explorer Menu Extensions [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\
&Clean Traces -> %ProgramFiles%\DAP\Privacy Package\dapcleanerie.htm -> [Ver = | Size = 1748 bytes | Modified Date = 09/04/2007 07:03:56 | Attr = ]
&Download with &DAP -> %ProgramFiles%\DAP\dapextie.htm -> [Ver = | Size = 2020 bytes | Modified Date = 09/04/2007 07:03:56 | Attr = ]
&Windows Live Search -> %ProgramFiles%\Windows Live Toolbar\msntb.dll\search.htm -> File not found
Add to EverNote -> -> File not found
Add to Windows &Live Favorites -> http:\favorites.live.com\quickadd.asp -> File not found
Answers... -> %ProgramFiles%\1-Click Answers\Html\atiemenu.htm -> [Ver = | Size = 376 bytes | Modified Date = 21/11/2006 18:04:00 | Attr = ]
Browster Prefetch On/Off -> %ProgramFiles%\Browster\Browster.dll\CustomPrefetchMenu.htm -> File not found
Download &all with DAP -> %ProgramFiles%\DAP\dapextie2.htm -> [Ver = | Size = 1041 bytes | Modified Date = 09/04/2007 07:03:56 | Attr = ]
E&xport to Microsoft Excel -> -> File not found
Easy-WebPrint Add To Print List -> %ProgramFiles%\Canon\Easy-WebPrint\Resource.dll\RC_AddToList.htm -> File not found
Easy-WebPrint High Speed Print -> %ProgramFiles%\Canon\Easy-WebPrint\Resource.dll\RC_HSPrint.htm -> File not found
Easy-WebPrint Preview -> %ProgramFiles%\Canon\Easy-WebPrint\Resource.dll\RC_Preview.htm -> File not found
Easy-WebPrint Print -> %ProgramFiles%\Canon\Easy-WebPrint\Resource.dll\RC_Print.htm -> File not found
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\
{DEC1581A-7C6D-4E9B-BEC9-B4B41A92FE46} -> (Realtek RTL8139 Family PCI Fast Ethernet NIC) ->
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\
belarc -> %ProgramFiles%\Belarc\Advisor\System\BAVoilaX.dll -> Belarc, Inc. [Ver = 7.2m | Size = 106496 bytes | Modified Date = 23/04/2007 16:33:20 | Attr = ]
ipp -> Reg Data - Key not found -> File not found
msdaipp -> Reg Data - Key not found -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\
{17492023-C23A-453E-A040-C7C580BBF700} -> Windows Genuine Advantage Validation Tool - CodeBase = http://download.microsoft.com/download/3/9...heckControl.cab ->
{30528230-99f7-4bb4-88d8-fa1d4f56a2ab} -> Installation Support - CodeBase = C:\Program Files\Yahoo!\Common\Yinsthelper.dll ->
{33564D57-0000-0010-8000-00AA00389B71} -> - CodeBase = http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB ->
{6414512B-B978-451D-A0D8-FCFDF33E833C} -> WUWebControl Class - CodeBase = http://update.microsoft.com/windowsupdate/...b?1170432514220 ->
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -> MUWebControl Class - CodeBase = http://www.update.microsoft.com/microsoftu...b?1179939464125 ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} -> Java Plug-in 1.6.0_01 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab ->
{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} -> Java Plug-in 1.6.0 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab ->
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} -> Java Plug-in 1.6.0_01 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -> Java Plug-in 1.6.0_01 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab ->
{D27CDB6E-AE6D-11CF-96B8-444553540000} -> - CodeBase = http://fpdownload.macromedia.com/get/flash...ent/swflash.cab ->


[Files/Folders - Created Within 30 days]
grab00000.jpg -> %SystemDrive%\grab00000.jpg -> [Ver = | Size = 7665 bytes | Created Date = 30/05/2007 12:21:02 | Attr = ]
My Music -> %SystemDrive%\My Music -> [Folder | Created Date = 24/05/2007 04:19:21 | Attr = ]
VTPFiles -> %SystemDrive%\VTPFiles -> [Folder | Created Date = 26/05/2007 01:23:02 | Attr = ]
wmdownloads -> %SystemDrive%\wmdownloads -> [Folder | Created Date = 06/06/2007 15:22:14 | Attr = ]
$NtUninstallKB929123$ -> %SystemRoot%\$NtUninstallKB929123$ -> [Folder | Created Date = 13/06/2007 03:02:19 | Attr = H ]
$NtUninstallKB935839$ -> %SystemRoot%\$NtUninstallKB935839$ -> [Folder | Created Date = 13/06/2007 03:02:06 | Attr = H ]
$NtUninstallKB935840$ -> %SystemRoot%\$NtUninstallKB935840$ -> [Folder | Created Date = 13/06/2007 03:02:12 | Attr = H ]
Calendar.INI -> %SystemRoot%\Calendar.INI -> [Ver = | Size = 766 bytes | Created Date = 18/06/2007 19:11:46 | Attr = ]
FlvAmp FLV Player -> %SystemRoot%\FlvAmp FLV Player -> [Folder | Created Date = 10/06/2007 05:49:57 | Attr = ]
Icon_1.ico -> %SystemRoot%\Icon_1.ico -> [Ver = | Size = 78942 bytes | Created Date = 26/05/2007 01:24:18 | Attr = ]
iltwain.ini -> %SystemRoot%\iltwain.ini -> [Ver = | Size = 48 bytes | Created Date = 27/05/2007 12:21:42 | Attr = ]
Password Manager -> %SystemRoot%\Password Manager -> [Folder | Created Date = 10/06/2007 05:52:15 | Attr = ]
QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Created Date = 19/06/2007 21:48:33 | Attr = ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Created Date = 19/06/2007 21:48:33 | Attr = H ]
winomnifile.dat -> %SystemRoot%\winomnifile.dat -> [Ver = | Size = 41 bytes | Created Date = 27/05/2007 01:52:01 | Attr = ]
At1.job -> %SystemRoot%\tasks\At1.job -> [Ver = | Size = 382 bytes | Created Date = 11/06/2007 20:20:42 | Attr = ]
Norton Security Scan.job -> %SystemRoot%\tasks\Norton Security Scan.job -> [Ver = | Size = 412 bytes | Created Date = 13/06/2007 18:44:51 | Attr = ]
1180223965.(null) -> %System32%\1180223965.(null) -> [Ver = | Size = 100 bytes | Created Date = 27/05/2007 01:59:25 | Attr = ]
1181053868.(null) -> %System32%\1181053868.(null) -> [Ver = | Size = 78 bytes | Created Date = 05/06/2007 16:31:08 | Attr = ]
1181097734.(null) -> %System32%\1181097734.(null) -> [Ver = | Size = 55 bytes | Created Date = 06/06/2007 04:42:14 | Attr = ]
bieappnt.exe -> %System32%\bieappnt.exe -> Black Ice Software, Inc. [Ver = 2, 1, 0, 0 | Size = 65536 bytes | Created Date = 13/06/2007 21:29:34 | Attr = ]
biemonnt.dll -> %System32%\biemonnt.dll -> Black Ice Software [Ver = 1.3 | Size = 303104 bytes | Created Date = 13/06/2007 21:29:33 | Attr = ]
bieresnt.dll -> %System32%\bieresnt.dll -> [Ver = | Size = 73728 bytes | Created Date = 13/06/2007 21:29:33 | Attr = ]
biimg.dll -> %System32%\biimg.dll -> Black Ice Software [Ver = 0, 1, 0, 1 | Size = 258560 bytes | Created Date = 13/06/2007 21:29:33 | Attr = ]
cdintf210.dll -> %System32%\cdintf210.dll -> Amyuni Technologies
http://www.amyuni.com [Ver = 2.10i | Size = 1056768 bytes | Created Date = 13/06/2007 21:31:17 | Attr = ]
closeapp.exe -> %System32%\closeapp.exe -> NoŽl Danjou [Ver = 1.2.6.3 | Size = 81920 bytes | Created Date = 26/05/2007 01:23:05 | Attr = ]
custmon32.dll -> %System32%\custmon32.dll -> [Ver = | Size = 86016 bytes | Created Date = 21/06/2007 19:58:31 | Attr = ]
cwmpedit.ocx -> %System32%\cwmpedit.ocx -> DGPDev, DevNetMedia [Ver = 2, 0, 5, 56 | Size = 114688 bytes | Created Date = 06/06/2007 04:36:39 | Attr = ]
cwpwmd10.dll -> %System32%\cwpwmd10.dll -> [Ver = | Size = 77824 bytes | Created Date = 06/06/2007 04:36:40 | Attr = ]
cwsmaf40.dll -> %System32%\cwsmaf40.dll -> [Ver = | Size = 102400 bytes | Created Date = 06/06/2007 04:36:40 | Attr = ]
DGVorbis.dll -> %System32%\DGVorbis.dll -> [Ver = | Size = 182784 bytes | Created Date = 06/06/2007 04:36:39 | Attr = ]
ff_acm.acm -> %System32%\ff_acm.acm -> [Ver = 1, 0, 0, 1 | Size = 6144 bytes | Created Date = 26/05/2007 01:03:52 | Attr = ]
ff_vfw.dll -> %System32%\ff_vfw.dll -> [Ver = | Size = 5120 bytes | Created Date = 26/05/2007 01:03:51 | Attr = ]
ff_vfw.dll.manifest -> %System32%\ff_vfw.dll.manifest -> [Ver = | Size = 547 bytes | Created Date = 26/05/2007 01:03:51 | Attr = ]
Hlink.srg -> %System32%\Hlink.srg -> [Ver = | Size = 457 bytes | Created Date = 13/06/2007 20:10:05 | Attr = ]
Hlinkprx.dll -> %System32%\Hlinkprx.dll -> [Ver = | Size = 12288 bytes | Created Date = 13/06/2007 20:10:11 | Attr = ]
ImageViewer2.OCX -> %System32%\ImageViewer2.OCX -> Viscom Software [Ver = 2.6 | Size = 73728 bytes | Created Date = 06/06/2007 04:36:37 | Attr = ]
JETDEF35.hlp -> %System32%\JETDEF35.hlp -> [Ver = | Size = 86101 bytes | Created Date = 13/06/2007 20:10:11 | Attr = ]
JETERR35.cnt -> %System32%\JETERR35.cnt -> [Ver = | Size = 337 bytes | Created Date = 13/06/2007 20:10:12 | Attr = ]
JETERR35.hlp -> %System32%\JETERR35.hlp -> [Ver = | Size = 384399 bytes | Created Date = 13/06/2007 20:10:12 | Attr = ]
lame_enc.dll -> %System32%\lame_enc.dll -> [Ver = | Size = 430080 bytes | Created Date = 06/06/2007 04:36:39 | Attr = ]
LClock.cpl -> %System32%\LClock.cpl -> [Ver = | Size = 172032 bytes | Created Date = 26/05/2007 01:28:40 | Attr = ]
Misc.srg -> %System32%\Misc.srg -> [Ver = | Size = 5438 bytes | Created Date = 13/06/2007 20:10:05 | Attr = ]
Misc2.srg -> %System32%\Misc2.srg -> [Ver = | Size = 504 bytes | Created Date = 13/06/2007 20:10:05 | Attr = ]
modifype.exe -> %System32%\modifype.exe -> [Ver = | Size = 8636 bytes | Created Date = 26/05/2007 01:23:05 | Attr = ]
moveex.exe -> %System32%\moveex.exe -> [Ver = | Size = 69632 bytes | Created Date = 26/05/2007 01:23:05 | Attr = ]
Mp3dec.dll -> %System32%\Mp3dec.dll -> [Ver = | Size = 118784 bytes | Created Date = 06/06/2007 04:36:39 | Attr = ]
MP3enc.dll -> %System32%\MP3enc.dll -> [Ver = | Size = 49152 bytes | Created Date = 06/06/2007 04:36:38 | Attr = ]
Msaccess.srg -> %System32%\Msaccess.srg -> [Ver = | Size = 2 bytes | Created Date = 13/06/2007 20:10:03 | Attr = ]
ogg.dll -> %System32%\ogg.dll -> [Ver = | Size = 32768 bytes | Created Date = 06/06/2007 04:36:38 | Attr = ]
paypal.url -> %System32%\paypal.url -> [Ver = | Size = 199 bytes | Created Date = 26/05/2007 01:17:20 | Attr = ]
PerfStringBackup.TMP -> %System32%\PerfStringBackup.TMP -> [Ver = | Size = 4510 bytes | Created Date = 14/06/2007 12:54:00 | Attr = ]
pwmdtl40.dll -> %System32%\pwmdtl40.dll -> [Ver = | Size = 511488 bytes | Created Date = 06/06/2007 04:36:40 | Attr = ]
reico.exe -> %System32%\reico.exe -> Dead Knight [Ver = | Size = 19968 bytes | Created Date = 26/05/2007 01:23:05 | Attr = ]
Selfreg.dll -> %System32%\Selfreg.dll -> Microsoft [Ver = 8.0 | Size = 32256 bytes | Created Date = 13/06/2007 20:10:13 | Attr = ]
Threed20.ocx -> %System32%\Threed20.ocx -> Sheridan Software Systems, Inc. [Ver = 2.04.0003 | Size = 305432 bytes | Created Date = 06/06/2007 04:36:41 | Attr = ]
Uharc.exe -> %System32%\Uharc.exe -> [Ver = | Size = 111104 bytes | Created Date = 26/05/2007 01:23:05 | Attr = ]
VIRepair -> %System32%\VIRepair -> [Folder | Created Date = 12/06/2007 04:05:16 | Attr = ]
vorbis.dll -> %System32%\vorbis.dll -> [Ver = | Size = 1097728 bytes | Created Date = 06/06/2007 04:36:38 | Attr = ]
vorbisenc.dll -> %System32%\vorbisenc.dll -> [Ver = | Size = 1003520 bytes | Created Date = 06/06/2007 04:36:38 | Attr = ]
vorbisfile.dll -> %System32%\vorbisfile.dll -> [Ver = | Size = 32768 bytes | Created Date = 06/06/2007 04:36:38 | Attr = ]
webupl50.ocx -> %System32%\webupl50.ocx -> /n software inc. - www.nsoftware.com [Ver = 5.0.0.1284 | Size = 170248 bytes | Created Date = 06/06/2007 04:36:40 | Attr = ]
winx.url -> %System32%\winx.url -> [Ver = | Size = 104 bytes | Created Date = 26/05/2007 01:17:20 | Attr = ]

[Files/Folders - Modified Within 30 days]
$VAULT$.AVG -> %SystemDrive%\$VAULT$.AVG -> [Folder | Modified Date = 15/06/2007 12:03:14 | Attr = RH ]
BJPrinter -> %SystemDrive%\BJPrinter -> [Folder | Modified Date = 22/06/2007 12:46:44 | Attr = H ]
Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Modified Date = 18/06/2007 18:20:04 | Attr = ]
Downloads -> %SystemDrive%\Downloads -> [Folder | Modified Date = 19/06/2007 15:57:50 | Attr = ]
grab00000.jpg -> %SystemDrive%\grab00000.jpg -> [Ver = | Size = 7665 bytes | Modified Date = 05/06/2007 16:45:54 | Attr = ]
My Music -> %SystemDrive%\My Music -> [Folder | Modified Date = 30/05/2007 20:14:22 | Attr = ]
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 21/06/2007 19:21:42 | Attr = ]
VTPFiles -> %SystemDrive%\VTPFiles -> [Folder | Modified Date = 12/06/2007 03:59:52 | Attr = ]
WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 22/06/2007 01:21:24 | Attr = R ]
@Alternate Data Stream - 8 bytes -> %SystemRoot%: ->
wmdownloads -> %SystemDrive%\wmdownloads -> [Folder | Modified Date = 06/06/2007 15:22:16 | Attr = ]
$hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 13/06/2007 00:34:02 | Attr = H ]
$NtUninstallKB927891$ -> %SystemRoot%\$NtUninstallKB927891$ -> [Folder | Modified Date = 10/06/2007 05:49:54 | Attr = H ]
$NtUninstallKB929123$ -> %SystemRoot%\$NtUninstallKB929123$ -> [Folder | Modified Date = 13/06/2007 03:02:22 | Attr = H ]
$NtUninstallKB935839$ -> %SystemRoot%\$NtUninstallKB935839$ -> [Folder | Modified Date = 13/06/2007 03:02:08 | Attr = H ]
$NtUninstallKB935840$ -> %SystemRoot%\$NtUninstallKB935840$ -> [Folder | Modified Date = 13/06/2007 03:02:14 | Attr = H ]
assembly -> %SystemRoot%\assembly -> [Folder | Modified Date = 14/06/2007 15:15:46 | Attr = R S]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 22/06/2007 19:46:30 | Attr = S]
Calendar.INI -> %SystemRoot%\Calendar.INI -> [Ver = | Size = 766 bytes | Modified Date = 18/06/2007 19:11:48 | Attr = ]
Cursors -> %SystemRoot%\Cursors -> [Folder | Modified Date = 26/05/2007 01:28:56 | Attr = ]
Debug -> %SystemRoot%\Debug -> [Folder | Modified Date = 21/06/2007 18:36:52 | Attr = ]
Downloaded Installations -> %SystemRoot%\Downloaded Installations -> [Folder | Modified Date = 10/06/2007 05:50:46 | Attr = ]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 10/06/2007 08:34:18 | Attr = S]
FlvAmp FLV Player -> %SystemRoot%\FlvAmp FLV Player -> [Folder | Modified Date = 10/06/2007 05:50:00 | Attr = ]
Fonts -> %SystemRoot%\Fonts -> [Folder | Modified Date = 21/06/2007 19:30:18 | Attr = R S]
Help -> %SystemRoot%\Help -> [Folder | Modified Date = 19/06/2007 16:20:48 | Attr = ]
Icon_1.ico -> %SystemRoot%\Icon_1.ico -> [Ver = | Size = 78942 bytes | Modified Date = 26/05/2007 01:24:20 | Attr = ]
ie7updates -> %SystemRoot%\ie7updates -> [Folder | Modified Date = 13/06/2007 03:01:34 | Attr = ]
iltwain.ini -> %SystemRoot%\iltwain.ini -> [Ver = | Size = 48 bytes | Modified Date = 27/05/2007 12:21:44 | Attr = ]
inf -> %SystemRoot%\inf -> [Folder | Modified Date = 19/06/2007 16:21:12 | Attr = H ]
Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 18/06/2007 20:35:16 | Attr = HS]
Media -> %SystemRoot%\Media -> [Folder | Modified Date = 26/05/2007 01:28:44 | Attr = ]
Microsoft.NET -> %SystemRoot%\Microsoft.NET -> [Folder | Modified Date = 14/06/2007 13:16:56 | Attr = ]
mozver.dat -> %SystemRoot%\mozver.dat -> [Ver = | Size = 14291 bytes | Modified Date = 12/06/2007 03:24:20 | Attr = ]
msagent -> %SystemRoot%\msagent -> [Folder | Modified Date = 19/06/2007 16:20:50 | Attr = ]
ODBC.INI -> %SystemRoot%\ODBC.INI -> [Ver = | Size = 376 bytes | Modified Date = 07/06/2007 19:55:58 | Attr = ]
Password Manager -> %SystemRoot%\Password Manager -> [Folder | Modified Date = 10/06/2007 05:52:16 | Attr = ]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 22/06/2007 19:56:48 | Attr = ]
QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Modified Date = 19/06/2007 21:48:34 | Attr = ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Modified Date = 20/06/2007 11:11:40 | Attr = H ]
Registration -> %SystemRoot%\Registration -> [Folder | Modified Date = 14/06/2007 12:47:04 | Attr = ]
speech -> %SystemRoot%\speech -> [Folder | Modified Date = 10/06/2007 05:50:00 | Attr = ]
system -> %SystemRoot%\system -> [Folder | Modified Date = 22/06/2007 01:21:22 | Attr = ]
system32 -> %System32% -> [Folder | Modified Date = 22/06/2007 01:21:24 | Attr = ]
Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 13/06/2007 18:44:52 | Attr = S]
Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 22/06/2007 19:47:36 | Attr = ]
win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 675 bytes | Modified Date = 09/06/2007 20:24:50 | Attr = ]
winomnifile.dat -> %SystemRoot%\winomnifile.dat -> [Ver = | Size = 41 bytes | Modified Date = 27/05/2007 01:52:02 | Attr = ]
xpsyspad.ini -> %SystemRoot%\xpsyspad.ini -> [Ver = | Size = 67 bytes | Modified Date = 27/05/2007 13:00:52 | Attr = ]
At1.job -> %SystemRoot%\tasks\At1.job -> [Ver = | Size = 382 bytes | Modified Date = 21/06/2007 20:23:02 | Attr = ]
Check Updates for Windows Live Toolbar.job -> %SystemRoot%\tasks\Check Updates for Windows Live Toolbar.job -> [Ver = | Size = 258 bytes | Modified Date = 22/06/2007 12:35:02 | Attr = ]
Norton Security Scan.job -> %SystemRoot%\tasks\Norton Security Scan.job -> [Ver = | Size = 412 bytes | Modified Date = 15/06/2007 15:16:10 | Attr = ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 22/06/2007 19:46:38 | Attr = H ]
User_Feed_Synchronization-{D1ABC234-E62A-4020-9922-A61CCA581AE7}.job -> %SystemRoot%\tasks\User_Feed_Synchronization-{D1ABC234-E62A-4020-9922-A61CCA581AE7}.job -> [Ver = | Size = 426 bytes | Modified Date = 22/06/2007 19:58:02 | Attr = H ]
1180223965.(null) -> %System32%\1180223965.(null) -> [Ver = | Size = 100 bytes | Modified Date = 27/05/2007 01:59:28 | Attr = ]
1181053868.(null) -> %System32%\1181053868.(null) -> [Ver = | Size = 78 bytes | Modified Date = 05/06/2007 16:31:10 | Attr = ]
1181097734.(null) -> %System32%\1181097734.(null) -> [Ver = | Size = 55 bytes | Modified Date = 06/06/2007 04:42:14 | Attr = ]
amcompat.tlb -> %System32%\amcompat.tlb -> [Ver = | Size = 16832 bytes | Modified Date = 24/05/2007 02:19:54 | Attr = ]
CatRoot -> %System32%\CatRoot -> [Folder | Modified Date = 10/06/2007 08:33:54 | Attr = ]
CatRoot2 -> %System32%\CatRoot2 -> [Folder | Modified Date = 22/06/2007 19:04:44 | Attr = ]
config -> %System32%\config -> [Folder | Modified Date = 12/06/2007 01:31:00 | Attr = ]
d3d9caps.dat -> %System32%\d3d9caps.dat -> [Ver = | Size = 664 bytes | Modified Date = 14/06/2007 20:21:18 | Attr = ]
dllcache -> %System32%\dllcache -> [Folder | Modified Date = 19/06/2007 16:18:20 | Attr = RHS]
drivers -> %System32%\drivers -> [Folder | Modified Date = 22/06/2007 01:21:24 | Attr = ]
DRVSTORE -> %System32%\DRVSTORE -> [Folder | Modified Date = 10/06/2007 01:31:02 | Attr = ]
FNTCACHE.DAT -> %System32%\FNTCACHE.DAT -> [Ver = | Size = 249496 bytes | Modified Date = 14/06/2007 13:34:00 | Attr = ]
Lang -> %System32%\Lang -> [Folder | Modified Date = 10/06/2007 05:40:26 | Attr = ]
nscompat.tlb -> %System32%\nscompat.tlb -> [Ver = | Size = 23392 bytes | Modified Date = 24/05/2007 02:19:54 | Attr = ]
perfc009.dat -> %System32%\perfc009.dat -> [Ver = | Size = 80846 bytes | Modified Date = 14/06/2007 12:54:02 | Attr = ]
perfh009.dat -> %System32%\perfh009.dat -> [Ver = | Size = 450812 bytes | Modified Date = 14/06/2007 12:54:02 | Attr = ]
PerfStringBackup.TMP -> %System32%\PerfStringBackup.TMP -> [Ver = | Size = 4510 bytes | Modified Date = 14/06/2007 12:54:02 | Attr = ]
Restore -> %System32%\Restore -> [Folder | Modified Date = 20/06/2007 11:41:24 | Attr = ]
ShellExt -> %System32%\ShellExt -> [Folder | Modified Date = 10/06/2007 05:57:06 | Attr = ]
VIRepair -> %System32%\VIRepair -> [Folder | Modified Date = 12/06/2007 04:05:40 | Attr = ]
wbem -> %System32%\wbem -> [Folder | Modified Date = 12/06/2007 01:30:32 | Attr = ]
wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 13646 bytes | Modified Date = 22/06/2007 12:50:58 | Attr = ]

[File String Scan - Non-Microsoft Only]
@Alternate Data Stream - 0 bytes -> %SystemDrive%\Thumbs.db:encryptable ->
@Alternate Data Stream - 8 bytes -> %SystemRoot%: ->
UPX0 , -> %SystemRoot%\RTLCPL.EXE -> Realtek Semiconductor Corp. [Ver = 1.0.1.51 | Size = 9710592 bytes | Modified Date = 22/09/2005 00:23:42 | Attr = R ]
@Alternate Data Stream - 0 bytes -> %SystemRoot%\Thumbs.db:encryptable ->
PEC2 , -> %System32%\dfrg.msc -> [Ver = | Size = 41397 bytes | Modified Date = 04/08/2004 14:00:00 | Attr = ]
UPX! , UPX0 , -> %System32%\DGVorbis.dll -> [Ver = | Size = 182784 bytes | Modified Date = 19/07/2002 14:08:14 | Attr = ]
PEC2 , PECompact2 , -> %System32%\DivX.dll -> DivX, Inc. [Ver = 6.6.1.1 | Size = 740442 bytes | Modified Date = 11/05/2007 06:37:16 | Attr = ]
UPX! , UPX0 , -> %System32%\SrchSTS.exe -> S!Ri [Ver = | Size = 288417 bytes | Modified Date = 27/04/2006 17:49:30 | Attr = ]
UPX! , UPX0 , -> %System32%\swreg.exe -> SteelWerX [Ver = 2.0.1.0 | Size = 135168 bytes | Modified Date = 29/08/2006 19:43:54 | Attr = ]
UPX! , UPX0 , -> %System32%\swsc.exe -> [Ver = | Size = 40960 bytes | Modified Date = 09/01/2006 10:36:06 | Attr = ]
UPX! , UPX0 , -> %System32%\swxcacls.exe -> SteelWerX [Ver = 1.0.1.1 | Size = 79360 bytes | Modified Date = 01/12/2006 06:20:34 | Attr = ]
@Alternate Data Stream - 0 bytes -> %System32%\Thumbs.db:encryptable ->
UPX! , UPX0 , -> %System32%\Uharc.exe -> [Ver = | Size = 111104 bytes | Modified Date = 03/12/2006 17:15:34 | Attr = ]
winsync , -> %System32%\wbdbase.deu -> [Ver = | Size = 1309184 bytes | Modified Date = 04/08/2004 14:00:00 | Attr = ]
Thawte Consulting , -> %System32%\webupl50.ocx -> /n software inc. - www.nsoftware.com [Ver = 5.0.0.1284 | Size = 170248 bytes | Modified Date = 09/07/2003 05:21:24 | Attr = ]
qoologic , PTech , SAHAgent , abetterinternet.com , web-nex , ad-w-a-r-e.com , -> %System32%\drivers\etc\HOSTS.MVP -> [Ver = | Size = 569099 bytes | Modified Date = 16/02/2007 14:12:48 | Attr = ]

< End of report >

XP Professional FIrefox 3


#6 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:02:05 AM

Posted 23 June 2007 - 07:53 AM

Hi nat. I don't see any problems with viruses or malware in the WPF3 log either. The log comes up clean.

The problems appear to be in the operating system itself. The XP forum can help with OS types of issues. If they determine that a repair of the OS is needed you will need an XP CD. Without one, you won't be able to do a repair install so they will need to determine what other options might be available. Let them know that you have been to this forum and that no malware was found in the system.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#7 nat

nat
  • Topic Starter

  • Members
  • 262 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Cape Town
  • Local time:08:05 AM

Posted 23 June 2007 - 01:56 PM

Hi Old Timer

Thanks so much for your time and effort. TG1911 - moderator, closed my topics awaiting your conclusions, so I have now sent him a PM with the link to this topic. I am sure i will hear back from him soon - he's on the ball!!

Regarding the possibility of having to reinstall the OS : - As you know I have switched back to using IE7, and as yet, have encountered no problems.

Also, it appears that accessing other programs is much faster.

So, I am (humbly) thinking that rather than the OS being a total mess, all the problems seem to connected to Mozilla Firefox. I have tried using firefox just to test this out, and it simply freezes and all the usual.

So, if this is the case, would it not be more advisable to totally uninstall Mozilla Firefox.???

I'm going to copy this post to TG1911 and see what he has to say.

I'm sure that between the two of you experts, all will go well.

As an afterthought, regarding the problem with Outlook 2003 and the whole "detecting XP Proffesional" not XP Home, do you have any thoughts?

I will of course follow your suggested links to other forums, but I thought that seeing as you already have all the info, you might have some idea as to the root cause.??

If not, not to worry, as you have already been such a help. Oh, one other thing (really sorry!!) - about using SAFE MODE - it gives the option to open in simple mode to allow repair of Active Directory Services. I've been searching for help ob how to use this option, but have come up empty. Any ideas??

Once agaon, many thanks.


:thumbsup: :flowers: :huh:

XP Professional FIrefox 3


#8 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:02:05 AM

Posted 24 June 2007 - 10:57 AM

Hi nat. If FireFox isn't working and you are not using it anyway then go ahead and uninstall it. It certainly isn't doing you any good anyway.

As for the rest, those are all things the techs in the XP forum will need to look at. They are the operatings system gurus.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users