View Full Version : ZlobdnsChanger w/ HJT & MWB Logs
carolsmith
2008-11-22, 16:21
I tried everything that I have been told to with no succuss so I thought that I would post here with the hope that one of the experts on this forum could assist me with this problem over the weekend before Monday. I have run SB several times, Malwarebytes and Kaspersky scans and all continue to show the Trojan. Thank you so much in advance.
I have followed the "Read First" instructions and here are the logs:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:17:09 AM, on 2008-11-22
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Rosetta Stone\SMS v3.0hs\Service\JavaSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\WINDOWS\VM305_STI.EXE
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.4.0\gears.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [nwiz] "C:\WINDOWS\system32\nwiz.exe" /install
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [BigDog305] "C:\WINDOWS\VM305_STI.EXE" VIMICRO USB PC Camera (ZC0305)
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.4.0\gears.dll
O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.4.0\gears.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIC273~1\WEB2~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O16 - DPF: {D8AA889B-2C65-47C3-8C16-3DCD4EF76A47} (Invoke Solutions Participant Control(MR)) - http://rms2.invokesolutions.com/events/bin/6.2.0.1450/MILive.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: awtttrsT - awtttrsT.dll (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c93b0c5acf175c) (gupdate1c93b0c5acf175c) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
O23 - Service: SMSv3hs - Alexandria Software Consulting - C:\Program Files\Rosetta Stone\SMS v3.0hs\Service\JavaSrvc.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
--
End of file - 13621 bytes
And malwarebytes Log:
Malwarebytes' Anti-Malware 1.30
Database version: 1414
Windows 5.1.2600 Service Pack 3
2008-11-21 1:55:26 PM
mbam-log-2008-11-21 (13-55-21).txt
Scan type: Full Scan (C:\|)
Objects scanned: 239867
Time elapsed: 3 hour(s), 18 minute(s), 32 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 4
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.151 85.255.112.152 1.2.3.4 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{35b098e3-1257-4a2e-b27e-ea77d4af4f14}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.151 85.255.112.152 1.2.3.4 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.151 85.255.112.152 1.2.3.4 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{35b098e3-1257-4a2e-b27e-ea77d4af4f14}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.151 85.255.112.152 1.2.3.4 -> No action taken.
Folders Infected:
(No malicious items detected)
Files Infected:
C:\System Volume Information\_restore{2965C0FC-25D3-49B7-AC35-8C9B0BAED960}\RP545\A0218202.sys (Trojan.Downloader) -> No action taken.
Hello and Welcome to Safer Networking
My name is peku006 and I will be helping you to remove any infection(s) that you may have.
I will be giving you a series of instructions that need to be followed in the order in which I give them to you.
Please observe these rules while we work:
If you don't know, stop and ask! Don't keep going on.
Please reply to this thread. Do not start a new topic.
Please continue to respond until I give you the "All Clear"
If you follow these instructions, everything should go smoothly.
1 - Run Malwarebytes' Anti-Malware
double click Malwarebytes’ Anti-Malware icon to launch the program
On the Scanner tab:
Make sure the "Perform full scan" option is selected.
Then click on the Scan button.
If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button
The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
Click on the Show Results button to see a list of any malware that was found.
Make sure that everything is checked , and click Remove Selected.
When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
2- Run Hijackthis
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad
3 - Status Check
Please reply with
1. the Malwarebytes' Anti-Malware Log
2. a fresh HijackThis log
Thanks peku006
carolsmith
2008-11-23, 22:01
Hi Peku006,
Thank you so much for your help.
Below please find both logs you requested.
The MWB Log:
Malwarebytes' Anti-Malware 1.30
Database version: 1414
Windows 5.1.2600 Service Pack 3
11/23/2008 3:49:27 PM
mbam-log-2008-11-23 (15-49-27).txt
Scan type: Full Scan (C:\|)
Objects scanned: 240264
Time elapsed: 1 hour(s), 27 minute(s), 42 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 6
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.151 85.255.112.152 1.2.3.4 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{35b098e3-1257-4a2e-b27e-ea77d4af4f14}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.151 85.255.112.152 1.2.3.4 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.151 85.255.112.152 1.2.3.4 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{35b098e3-1257-4a2e-b27e-ea77d4af4f14}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.151 85.255.112.152 1.2.3.4 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.151 85.255.112.152 1.2.3.4 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{35b098e3-1257-4a2e-b27e-ea77d4af4f14}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.151 85.255.112.152 1.2.3.4 -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
C:\System Volume Information\_restore{2965C0FC-25D3-49B7-AC35-8C9B0BAED960}\RP548\A0218344.sys (Trojan.Downloader) -> Quarantined and deleted successfully.
The HLT Log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:00:54 PM, on 11/23/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Rosetta Stone\SMS v3.0hs\Service\JavaSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\VM305_STI.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.4.0\gears.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [nwiz] "C:\WINDOWS\system32\nwiz.exe" /install
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [BigDog305] "C:\WINDOWS\VM305_STI.EXE" VIMICRO USB PC Camera (ZC0305)
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.4.0\gears.dll
O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.4.0\gears.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIC273~1\WEB2~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O16 - DPF: {D8AA889B-2C65-47C3-8C16-3DCD4EF76A47} (Invoke Solutions Participant Control(MR)) - http://rms2.invokesolutions.com/events/bin/6.2.0.1450/MILive.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: awtttrsT - awtttrsT.dll (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c93b0c5acf175c) (gupdate1c93b0c5acf175c) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
O23 - Service: SMSv3hs - Alexandria Software Consulting - C:\Program Files\Rosetta Stone\SMS v3.0hs\Service\JavaSrvc.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
--
End of file - 13593 bytes
Waiting your directive.
Hi carolsmith
1 - download and run RSIT
Download random's system information tool (RSIT) by random/random from here (http://images.malwareremoval.com/random/RSIT.exe) and save it to your desktop.
Double click on RSIT.exe to run RSIT.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open. Please post the contents of both log.txt<- (will be maximized) and info.txt<- (will be minimized)
2 - Status Check
Please reply with
1.the logs from RSIT (log.txt ,info.txt)
Thanks peku006
carolsmith
2008-11-24, 00:22
Logfile of random's system information tool 1.04 (written by random/random)
Run by Cameron at 2008-11-23 18:18:47
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 71 GB (62%) free of 114 GB
Total RAM: 767 MB (44% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:19:12 PM, on 11/23/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Rosetta Stone\SMS v3.0hs\Service\JavaSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\WINDOWS\VM305_STI.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\Cameron\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Cameron.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.4.0\gears.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [nwiz] "C:\WINDOWS\system32\nwiz.exe" /install
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [BigDog305] "C:\WINDOWS\VM305_STI.EXE" VIMICRO USB PC Camera (ZC0305)
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.4.0\gears.dll
O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.4.0\gears.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIC273~1\WEB2~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O16 - DPF: {D8AA889B-2C65-47C3-8C16-3DCD4EF76A47} (Invoke Solutions Participant Control(MR)) - http://rms2.invokesolutions.com/events/bin/6.2.0.1450/MILive.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: awtttrsT - awtttrsT.dll (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c93b0c5acf175c) (gupdate1c93b0c5acf175c) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
O23 - Service: SMSv3hs - Alexandria Software Consulting - C:\Program Files\Rosetta Stone\SMS v3.0hs\Service\JavaSrvc.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
--
End of file - 13586 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\CAAntiSpywareScan_Daily as Cameron at 14 24.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachine.job
C:\WINDOWS\tasks\RegCure Program Check.job
C:\WINDOWS\tasks\RegCure.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{074C1DC5-9320-4A9A-947D-C042949C6216}]
ContributeBHO Class - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll [2007-03-16 118784]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2008-11-18 251504]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10 321120]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll [2008-11-18 657904]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll [2008-11-18 522224]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53}]
Google Gears Helper - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.4.0\gears.dll [2008-11-14 1667072]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10 321120]
{517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - Contribute Toolbar - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll [2007-03-16 118784]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2008-11-18 251504]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"nwiz"=C:\WINDOWS\system32\nwiz.exe [2007-04-19 1626112]
"cctray"=C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe [2007-08-16 177416]
"CAVRID"=C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe [2007-05-02 230928]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2007-04-19 7700480]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"NVMixerTray"=C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe [2004-06-03 131072]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2007-04-19 86016]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2007-08-24 33648]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696]
"Acrobat Assistant 8.0"=C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [2008-01-11 623992]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"Adobe_ID0EYTHM"=C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE [2007-03-20 1884160]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-10-01 111936]
"BigDog305"=C:\WINDOWS\VM305_STI.EXE [2005-08-05 61440]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2007-10-18 5724184]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-11-18 39408]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
InterVideo WinCinema Manager.lnk - C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Documents and Settings\Cameron\Start Menu\Programs\Startup
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\awtttrsT]
awtttrsT.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-02-15 236928]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\WINDOWS\system32\java.exe"="C:\WINDOWS\system32\java.exe:*:Enabled:Java(TM) 2 Platform Standard Edition binary"
"C:\Program Files\Java\jre1.5.0_10\bin\java.exe"="C:\Program Files\Java\jre1.5.0_10\bin\java.exe:*:Enabled:Java Runtime Environment"
"C:\Program Files\Rosetta Stone\SMS v3.0hs\server.exe"="C:\Program Files\Rosetta Stone\SMS v3.0hs\server.exe:*:Enabled:SMS Server v3.0hs"
"C:\Program Files\Rosetta Stone\SMS v3.0hs\admin.exe"="C:\Program Files\Rosetta Stone\SMS v3.0hs\admin.exe:*:Enabled:SMS Admin v3.0hs"
"C:\Program Files\Rosetta Stone\SMS v3.0hs\service\JavaSrvc.exe"="C:\Program Files\Rosetta Stone\SMS v3.0hs\service\JavaSrvc.exe:*:Enabled:SMS Service v3.0hs"
"C:\Program Files\Rosetta Stone\RS2.1.4.2Asms\Discover.exe"="C:\Program Files\Rosetta Stone\RS2.1.4.2Asms\Discover.exe:*:Enabled:Rosetta Stone SMS Discovery Tool"
"C:\Program Files\Rosetta Stone\RS2.1.4.2Asms\Rosetta Stone.exe"="C:\Program Files\Rosetta Stone\RS2.1.4.2Asms\Rosetta Stone.exe:*:Enabled:Rosetta Stone Application"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
"C:\WINDOWS\system32\dpnsvr.exe"="C:\WINDOWS\system32\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server"
"C:\Program Files\EA SPORTS\Tiger Woods PGA TOUR 2005\Bin\TW2005.exe"="C:\Program Files\EA SPORTS\Tiger Woods PGA TOUR 2005\Bin\TW2005.exe:*:Enabled:Tiger Woods PGA TOUR 2005"
"C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe"="C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:*:Enabled:Adobe Version Cue CS3 Server"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Microsoft Expression\Media 2\Media.exe"="C:\Program Files\Microsoft Expression\Media 2\Media.exe:*:Enabled:iView Multimedia"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{183d07ce-63ca-11dc-9ce8-00e018f0f400}]
shell\AutoRun\command - I:\LaunchU3.exe -a
======File associations======
.js - open - "C:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe","%1"
======List of files/folders created in the last 1 months======
2008-11-23 18:18:47 ----D---- C:\rsit
2008-11-22 16:34:50 ----D---- C:\Qoobox
2008-11-20 18:59:17 ----SHD---- C:\Config.Msi
2008-11-19 23:16:12 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-11-19 23:16:02 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2008-11-19 23:15:57 ----A---- C:\WINDOWS\imsins.BAK
2008-11-19 23:15:50 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-11-19 23:15:33 ----D---- C:\Program Files\MSXML 4.0
2008-11-19 12:13:55 ----D---- C:\Documents and Settings\Cameron\Application Data\Malwarebytes
2008-11-19 12:13:49 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-11-19 12:13:49 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-11-19 11:15:00 ----D---- C:\Program Files\Trend Micro
2008-11-16 10:16:01 ----A---- C:\WINDOWS\system32\cont_mxlivemedia-remove.exe
2008-11-16 10:15:57 ----A---- C:\WINDOWS\system32\zhjmbtbxktqk.exe
2008-11-12 15:40:29 ----D---- C:\Program Files\jibberish deluxe beta
2008-11-09 22:48:35 ----D---- C:\Program Files\iPod
2008-11-09 22:48:30 ----D---- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-09 20:01:16 ----D---- C:\Program Files\Aimersoft
2008-11-06 13:50:07 ----A---- C:\WINDOWS\system32\cdintf250.dll
2008-11-06 13:50:03 ----D---- C:\Program Files\Rapattoni Corporation
2008-11-04 14:38:15 ----D---- C:\Documents and Settings\Cameron\Application Data\uTorrent
2008-11-04 14:24:06 ----D---- C:\Program Files\Common Files\Scanner
2008-11-04 14:22:40 ----A---- C:\caisslog.txt
2008-11-04 13:04:32 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-11-04 12:38:53 ----A---- C:\WINDOWS\system32\tmp.txt
2008-11-04 12:38:42 ----A---- C:\rapport.txt
2008-11-04 12:38:36 ----A---- C:\WINDOWS\system32\WS2Fix.exe
2008-11-04 12:38:36 ----A---- C:\WINDOWS\system32\VCCLSID.exe
2008-11-04 12:38:36 ----A---- C:\WINDOWS\system32\VACFix.exe
2008-11-04 12:38:36 ----A---- C:\WINDOWS\system32\SrchSTS.exe
2008-11-04 12:38:36 ----A---- C:\WINDOWS\system32\o4Patch.exe
2008-11-04 12:38:36 ----A---- C:\WINDOWS\system32\IEDFix.exe
2008-11-04 12:38:36 ----A---- C:\WINDOWS\system32\IEDFix.C.exe
2008-11-04 12:38:36 ----A---- C:\WINDOWS\system32\dumphive.exe
2008-11-04 12:38:36 ----A---- C:\WINDOWS\system32\AntiXPVSTFix.exe
2008-11-04 12:38:36 ----A---- C:\WINDOWS\system32\404Fix.exe
2008-11-04 01:00:05 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-11-03 16:51:50 ----D---- C:\Documents and Settings\Cameron\Application Data\SUPERAntiSpyware.com
2008-11-03 12:02:15 ----D---- C:\Program Files\JoWooD
2008-11-02 23:42:10 ----A---- C:\WINDOWS\wininit.ini
2008-10-30 22:42:37 ----HD---- C:\WINDOWS\PIF
2008-10-24 09:04:24 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
======List of files/folders modified in the last 1 months======
2008-11-23 18:18:34 ----D---- C:\WINDOWS\Prefetch
2008-11-23 18:17:36 ----D---- C:\WINDOWS\system32
2008-11-23 18:17:36 ----D---- C:\WINDOWS
2008-11-23 17:20:09 ----D---- C:\WINDOWS\Temp
2008-11-23 15:53:36 ----D---- C:\WINDOWS\system32\drivers
2008-11-23 14:51:15 ----D---- C:\WINDOWS\CAVTemp
2008-11-22 10:23:58 ----D---- C:\Program Files\Mozilla Firefox
2008-11-22 09:56:13 ----RD---- C:\Program Files
2008-11-20 18:59:33 ----SHD---- C:\WINDOWS\Installer
2008-11-20 18:59:29 ----D---- C:\Program Files\Google
2008-11-19 23:20:35 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-11-19 23:17:39 ----D---- C:\WINDOWS\Debug
2008-11-19 23:16:17 ----HD---- C:\WINDOWS\inf
2008-11-19 23:16:14 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-11-19 23:16:11 ----HD---- C:\WINDOWS\$hf_mig$
2008-11-19 23:15:40 ----D---- C:\WINDOWS\system32\CatRoot2
2008-11-19 23:15:34 ----D---- C:\WINDOWS\WinSxS
2008-11-19 19:09:01 ----SD---- C:\WINDOWS\Tasks
2008-11-19 09:03:26 ----D---- C:\Documents and Settings\Cameron\Application Data\Google
2008-11-18 12:03:58 ----D---- C:\Documents and Settings\All Users\Application Data\Google
2008-11-18 08:38:15 ----D---- C:\WINDOWS\system32\Macromed
2008-11-17 17:35:22 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-11-16 12:50:01 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-11-16 10:21:28 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-09 22:49:03 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-11-09 22:49:00 ----D---- C:\Program Files\iTunes
2008-11-09 22:41:32 ----D---- C:\Program Files\Bonjour
2008-11-09 22:36:59 ----D---- C:\Program Files\QuickTime
2008-11-09 22:36:24 ----D---- C:\Program Files\Common Files\Apple
2008-11-09 19:35:17 ----A---- C:\Cucu_Video_log.txt
2008-11-06 13:50:05 ----SD---- C:\Documents and Settings\Cameron\Application Data\Microsoft
2008-11-06 13:49:41 ----D---- C:\WINDOWS\Downloaded Installations
2008-11-04 23:40:16 ----D---- C:\Documents and Settings\Cameron\Application Data\Adobe
2008-11-04 22:10:27 ----D---- C:\Program Files\FriendBlasterPro
2008-11-04 14:25:34 ----D---- C:\Documents and Settings\All Users\Application Data\CA
2008-11-04 14:24:06 ----D---- C:\Program Files\Common Files
2008-11-04 14:24:06 ----D---- C:\Program Files\CA
2008-11-04 12:28:54 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-11-04 12:25:44 ----RASH---- C:\boot.ini
2008-11-04 12:25:44 ----A---- C:\WINDOWS\win.ini
2008-11-04 12:25:44 ----A---- C:\WINDOWS\system.ini
2008-11-04 12:25:43 ----D---- C:\WINDOWS\pss
2008-11-04 01:00:02 ----D---- C:\WINDOWS\system32\DirectX
2008-11-04 00:59:27 ----SD---- C:\WINDOWS\system32\Microsoft
2008-11-03 23:47:47 ----D---- C:\WINDOWS\system32\Restore
2008-11-03 19:10:25 ----A---- C:\WINDOWS\system32\MRT.exe
2008-11-03 16:22:06 ----D---- C:\Documents and Settings
2008-11-03 12:05:18 ----RSD---- C:\WINDOWS\assembly
2008-11-03 12:05:16 ----D---- C:\WINDOWS\Microsoft.NET
2008-11-02 08:19:54 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-10-30 23:07:31 ----D---- C:\Documents and Settings\Cameron\Application Data\Mozilla
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 AmdK7;AMD K7 Processor Driver; C:\WINDOWS\System32\DRIVERS\amdk7.sys [2008-04-13 37760]
R1 ASPI32;ASPI32; C:\WINDOWS\system32\drivers\ASPI32.sys [1999-09-10 25244]
R1 VETEFILE;VET File Scan Engine; C:\WINDOWS\system32\drivers\VETEFILE.sys [2008-06-04 880560]
R1 VETFDDNT;VET Floppy Boot Sector Monitor; C:\WINDOWS\system32\drivers\VETFDDNT.sys [2007-05-02 21648]
R1 VET-FILT;VET File System Filter; C:\WINDOWS\system32\drivers\VET-FILT.sys [2007-05-02 26640]
R1 VETMONNT;VET File Monitor; C:\WINDOWS\system32\drivers\VETMONNT.sys [2007-05-02 32528]
R1 VET-REC;VET File System Recognizer; C:\WINDOWS\system32\drivers\VET-REC.sys [2007-05-02 21392]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 EL90Xbc;3Com 3C90X-BC Family PCI EtherLink Adapter; C:\WINDOWS\system32\DRIVERS\el90Xbc5.SYS [2002-08-13 74338]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2003-03-31 12160]
R3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2007-04-19 3988384]
R3 nvax;Service for NVIDIA(R) nForce(TM) Audio Enumerator; C:\WINDOWS\system32\drivers\nvax.sys [2004-05-25 48640]
R3 NVENET;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENET.sys [2004-01-29 93764]
R3 nvnforce;Service for NVIDIA(R) nForce(TM) Audio; C:\WINDOWS\system32\drivers\nvapu.sys [2004-05-25 396032]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2007-01-19 47360]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 VETEBOOT;VET Boot Scan Engine; C:\WINDOWS\system32\drivers\VETEBOOT.sys [2008-06-04 108368]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
S3 61883;61883 Unit Device; C:\WINDOWS\system32\DRIVERS\61883.sys [2008-04-13 48128]
S3 Ad-Watch Connect Filter;Ad-Watch Connect Kernel Filter; \??\C:\WINDOWS\system32\drivers\NSDriver.sys []
S3 Ad-Watch Registry Filter;Ad-Watch Registry Kernel Filter; \??\C:\WINDOWS\system32\drivers\AWRTRD.sys []
S3 ai35m8vy;ai35m8vy; C:\WINDOWS\system32\drivers\ai35m8vy.sys []
S3 Avc;AVC Device; C:\WINDOWS\system32\DRIVERS\avc.sys [2008-04-13 38912]
S3 catchme;catchme; \??\C:\DOCUME~1\Cameron\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 EagleNT;EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys []
S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\system32\DRIVERS\msdv.sys [2008-04-13 51200]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 USB-100;Realtek RTL8150 USB 10/100 Fast Ethernet Adapter; C:\WINDOWS\system32\DRIVERS\RTL8150.SYS [2004-02-28 26505]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 ZSMC0305;VIMICRO USB PC Camera V; C:\WINDOWS\System32\Drivers\usbVM305.sys [2006-03-30 391615]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-07-28 611664]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-10-01 116040]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 CAISafe;CAISafe; C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe [2007-05-02 144960]
R2 ITMRTSVC;CA Pest Patrol Realtime Protection Service; C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe [2007-01-04 280080]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2007-04-19 159810]
R2 SMSv3hs;SMSv3hs; C:\Program Files\Rosetta Stone\SMS v3.0hs\Service\JavaSrvc.exe [2006-04-21 65536]
R2 VETMSGNT;VET Message Service; C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe [2007-05-02 243216]
R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R3 CaCCProvSP;CaCCProvSP; C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe [2007-08-16 214280]
R3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2007-05-04 654848]
R3 PPCtlPriv;PPCtlPriv; C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe [2007-08-16 189704]
R3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S2 gupdate1c93b0c5acf175c;Google Update Service (gupdate1c93b0c5acf175c); C:\Program Files\Google\Update\GoogleUpdate.exe [2008-10-30 133104]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2007-01-29 72704]
S3 Adobe Version Cue CS3;Adobe Version Cue CS3; C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe [2007-03-20 153792]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-11-18 137200]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-10-01 536872]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2007-08-24 68464]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]
-----------------EOF-----------------
carolsmith
2008-11-24, 00:22
info.txt logfile of random's system information tool 1.04 2008-11-23 18:19:16
======Uninstall list======
-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00BA-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0114-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Add or Remove Adobe Creative Suite 3 Design Premium-->C:\Program Files\Common Files\Adobe\Installers\c14ac4070fd9614ffe63f4bb533db2c\Setup.exe
Add or Remove Adobe Creative Suite 3 Web Premium-->C:\Program Files\Common Files\Adobe\Installers\247961ef275e20c5cb073c36394ac32\Setup.exe
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge 1.0-->MsiExec.exe /I{B74D4E10-6884-0000-0000-000000000103}
Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe BridgeTalk Plugin CS3-->MsiExec.exe /I{B7F560B3-6EFF-4026-A982-843895A41149}
Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings-->C:\Program Files\Common Files\Adobe\Installers\6c8e2cb4fd241c55406016127a6ab2e\Setup.exe
Adobe Color Common Settings-->MsiExec.exe /I{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}
Adobe Color EU Extra Settings-->MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings-->MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings-->MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Common File Installer-->MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Contribute CS3-->MsiExec.exe /I{FC9E08AA-CD59-4C59-BEF9-87E05B9E37D7}
Adobe Creative Suite 3 Design Premium-->MsiExec.exe /I{D1C18EDD-571A-4BDD-BE7B-1DD86027D7FF}
Adobe Creative Suite 3 Web Premium-->MsiExec.exe /I{C347D234-93D8-4595-BDAA-C04638B23B48}
Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe Dreamweaver CS3-->MsiExec.exe /I{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}
Adobe ExtendScript Toolkit 2-->C:\Program Files\Common Files\Adobe\Installers\3e054d2218e7aa282c2369d939e58ff\Setup.exe
Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}
Adobe Extension Manager CS3-->MsiExec.exe /I{BE5F3842-8309-4754-92D5-83E02E6077A3}
Adobe Fireworks CS3-->MsiExec.exe /I{7DFC1012-D346-46CE-B03E-FF79125AE029}
Adobe Flash CS3-->MsiExec.exe /I{6B52140A-F189-4945-BFFC-DB3F00B8C589}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Video Encoder-->MsiExec.exe /I{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}
Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Center 1.0-->MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Help Viewer CS3-->MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Illustrator CS3-->MsiExec.exe /I{F08E8D2E-F132-4742-9C87-D5FF223A016A}
Adobe InDesign CS3 Icon Handler-->MsiExec.exe /I{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}
Adobe InDesign CS3-->MsiExec.exe /I{CB3F8375-B600-4B9F-83C9-238ED1E583FD}
Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe MotionPicture Color Files-->MsiExec.exe /I{6B708481-748A-4EB4-97C1-CD386244FF77}
Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS2-->msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Photoshop CS3-->MsiExec.exe /I{0046FA01-C5B9-4985-BACB-398DC480FC05}
Adobe Photoshop Lightroom 2-->MsiExec.exe /I{531BC138-F1F7-496B-879C-F039ECEF438D}
Adobe Premiere Elements 1.0-->msiexec /I {6CCDF4E6-D2AE-4DD8-80FD-F9AFF951AEAE}
Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Setup-->MsiExec.exe /I{09E2111C-16B1-4DDF-BF0D-F994C9A12350}
Adobe Setup-->MsiExec.exe /I{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}
Adobe Setup-->MsiExec.exe /I{6A5D1A94-624A-4D20-B178-3A283B500370}
Adobe Setup-->MsiExec.exe /I{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}
Adobe Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Adobe SING CS3-->MsiExec.exe /I{B671CBFD-4109-4D35-9252-3062D3CCB7B2}
Adobe Stock Photos 1.0-->MsiExec.exe /I{EE0D5DCD-2B97-4473-98DF-E93C0BD92F7A}
Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe Version Cue CS3 Server {ko_KR} -->MsiExec.exe /I{1D58229F-C505-45CA-8223-F35F3A34B963}
Adobe WAS CS3-->MsiExec.exe /I{C5BD220A-EFE8-48A5-B70E-9503D535FACE}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3-->MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
AHV content for Acrobat and Flash-->MsiExec.exe /I{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}
AIM 6-->C:\Program Files\AIM6\uninst.exe
Aimersoft Audio Converter(Build 1.1.52)-->"C:\Program Files\Aimersoft\DVD Studio Pack\AudioConverter\unins000.exe"
Aimersoft DVD Creator(Build 1.1.52)-->"C:\Program Files\Aimersoft\DVD Studio Pack\DVDCreator\unins000.exe"
Aimersoft DVD Ripper(Build 1.1.52)-->"C:\Program Files\Aimersoft\DVD Studio Pack\DVDRipper\unins000.exe"
Aimersoft DVD Studio Pack(Build 1.1.52)-->"C:\Program Files\Aimersoft\DVD Studio Pack\unins000.exe"
Aimersoft Video Converter(Build 1.1.52)-->"C:\Program Files\Aimersoft\DVD Studio Pack\VideoConverter\unins000.exe"
Apple Mobile Device Support-->MsiExec.exe /I{976C2B2A-CE59-4AB3-83FB-BF895E28F2E6}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Autopano Pro-->C:\Program Files\Kolor\Autopano Pro\Uninstall.exe
Blaze Media Pro-->"C:\Documents and Settings\All Users\Application Data\{DE097E60-7F86-4350-B083-1F09B6906C92}\setup_blazemp.exe" REMOVE=TRUE MODIFY=FALSE
Blaze Media Pro-->C:\Documents and Settings\All Users\Application Data\{DE097E60-7F86-4350-B083-1F09B6906C92}\setup_blazemp.exe
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
Browser Performance Tool Mxlivemedia-->C:\WINDOWS\system32\cont_mxlivemedia-remove.exe
CA Anti-Spyware-->"C:\Program Files\CA\CA Internet Security Suite\caunst.exe" /u /product=pp
CA Anti-Virus-->"C:\Program Files\CA\CA Internet Security Suite\caunst.exe" /u /product=av
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Cucusoft Ultimate DVD + Video Converter Suite 7.8.7.6-->"C:\Program Files\Cucusoft\Ultimate-Converter\unins000.exe"
DesignPro 5.0 Media Edition-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{BC8032F1-0D5E-43C6-B14A-77AC8F9690B5}
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
EVGA Display Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BEF3EFE7-5159-436D-9BF0-CCC633179EB4}\Setup.exe" -l0x9 -removeonly
Freak Out Extreme Freeride Demo-->MsiExec.exe /I{D7AF66D9-BC29-4EA1-A39F-32DF5A03B2EC}
FriendBlasterPro-->"C:\Program Files\FriendBlasterPro\unins000.exe"
Google Earth Pro-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{48EE6C79-1CE2-4CE8-B511-F2140B6781D6}\setup.exe" -l0x9 -removeonly
Google Gears-->MsiExec.exe /I{A45BDB01-7BE4-3F3C-A02F-317D07F4C436}
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_11CB06797F2F038A.exe" /uninstall
Google Update-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Guitar Pro 5.0-->"C:\Program Files\Guitar Pro 5\unins000.exe"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Image Resizer Powertoy for Windows XP-->MsiExec.exe /I{1CB92574-96F2-467B-B793-5CEB35C40C29}
InterVideo WinDVD 4-->"C:\Program Files\InstallShield Installation Information\{98E8A2EF-4EAE-43B8-A172-74842B764777}\setup.exe" REMOVEALL
Invoke Solutions Participant 6.2.0.1450-->"C:\Program Files\Invoke Solutions\Participant\6.2\unins000.exe"
iTunes-->MsiExec.exe /I{DDDE0BE3-0CBE-4BF6-B75A-E3F69C947843}
J2SE Runtime Environment 5.0 Update 10-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
J2SE Runtime Environment 5.0 Update 8-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150080}
Java(TM) 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Java(TM) SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
jibberish deluxe beta version-->"C:\Program Files\jibberish deluxe beta\unins000.exe"
jibberish deluxe beta-->"C:\Program Files\jibberish deluxe beta\Custom Levels\jibberish deluxe beta\unins000.exe"
KONICA MINOLTA magicolor 2400W-->MUINST_S.EXE /PRN:"KONICA MINOLTA magicolor 2400W"
LimeWire PRO 4.12.6-->"C:\Program Files\LimeWire\uninstall.exe"
Live 6.0.10-->C:\PROGRA~1\Ableton\LIVE60~1.10\Install\UNWISE.EXE C:\PROGRA~1\Ableton\LIVE60~1.10\Install\INSTALL.LOG
Magic DVD Copier V4.7-->"C:\Program Files\MagicDVDCopier\unins000.exe"
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft .NET Framework 3.0 Service Pack 1-->MsiExec.exe /I{2BA00471-0328-3743-93BD-FA813353A783}
Microsoft .NET Framework 3.5-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setup.exe
Microsoft .NET Framework 3.5-->MsiExec.exe /I{2FC099BD-AC9B-33EB-809C-D332E1B27C40}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Expression Blend 2-->"C:\Program Files\Microsoft Expression\Blend 2\Setup\XSetup.exe" -x -AppLangId:1033 "-manifest:BlendManifest.cab" "-source:C:\Program Files\Microsoft Expression\Blend 2\Setup\;C:\Documents and Settings\Cameron\My Documents\Downloads\Microsoft_Expression_Studio_v2.0-CYGiSO\cyg-est2\cyg-est2\Setup\;C:\Documents and Settings\Cameron\My Documents\Downloads\Microsoft_Expression_Studio_v2.0-CYGiSO\cyg-est2\cyg-est2\Setup"
Microsoft Expression Blend 2-->MsiExec.exe /X{3891E1C9-8E9E-43E2-B009-6D008BCD7669}
Microsoft Expression Design 2-->"C:\Program Files\Microsoft Expression\Design 2\Setup\XSetup.exe" -x -AppLangId:1033 "-manifest:DesignManifest.cab" "-source:C:\Program Files\Microsoft Expression\Design 2\Setup\;C:\Documents and Settings\Cameron\My Documents\Downloads\Microsoft_Expression_Studio_v2.0-CYGiSO\cyg-est2\cyg-est2\Setup\;C:\Documents and Settings\Cameron\My Documents\Downloads\Microsoft_Expression_Studio_v2.0-CYGiSO\cyg-est2\cyg-est2\Setup"
Microsoft Expression Design 2-->MsiExec.exe /X{C3498122-091E-4999-9EBE-7513FE904F6A}
Microsoft Expression Encoder 2-->"C:\Program Files\Microsoft Expression\Encoder 2\Setup\XSetup.exe" -x -AppLangId:1033 "-manifest:EncoderManifest.cab" "-source:C:\Program Files\Microsoft Expression\Encoder 2\Setup\;C:\Documents and Settings\Cameron\My Documents\Downloads\Microsoft_Expression_Studio_v2.0-CYGiSO\cyg-est2\cyg-est2\Setup\;C:\Documents and Settings\Cameron\My Documents\Downloads\Microsoft_Expression_Studio_v2.0-CYGiSO\cyg-est2\cyg-est2\Setup"
Microsoft Expression Encoder 2-->MsiExec.exe /X{1419A197-F6FB-4129-81B2-0113A3B6A09C}
Microsoft Expression Media 2 SP1-->MsiExec.exe /I{842CC0ED-FDC0-4FBF-8C09-2428BFE4FEE1}
Microsoft Expression Studio 2-->"C:\Program Files\Microsoft Expression\ExpressionStudio 2\Setup\XSetup.exe" -x -AppLangId:1033 "-manifest:ExpressionStudioManifest.cab" "-source:C:\Program Files\Microsoft Expression\ExpressionStudio 2\Setup\;C:\Documents and Settings\Cameron\My Documents\Downloads\Microsoft_Expression_Studio_v2.0-CYGiSO\cyg-est2\cyg-est2\Setup\;C:\Documents and Settings\Cameron\My Documents\Downloads\Microsoft_Expression_Studio_v2.0-CYGiSO\cyg-est2\cyg-est2\Setup"
Microsoft Expression Studio 2-->MsiExec.exe /X{C069720D-D6D5-4B02-9CCD-7C2FDA07EAC1}
Microsoft Expression Web 2 MUI (English)-->MsiExec.exe /X{90120000-0045-0409-0000-0000000FF1CE}
Microsoft Expression Web 2-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall XWEB /dll XSETUP.DLL
Microsoft Expression Web 2-->MsiExec.exe /X{90120000-0045-0000-0000-0000000FF1CE}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
MobileMe Control Panel-->MsiExec.exe /I{2604C0F9-BFD3-4BA0-9EB5-22537C648F03}
Mozilla Firefox (3.0.3)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Nidesoft DVD to AVI Converter Platinum v4.0-->"C:\Program Files\Nidesoft DVD to AVI Converter Platinum v4.0\unins000.exe"
Nidesoft DVD to iPod Converter Platinum v4.0-->"C:\Program Files\Nidesoft DVD to iPod Converter Platinum v4.0\unins000.exe"
NvMixer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D7A6C517-11F2-419F-B5BB-27772B939698}\Setup.exe" -uninstall
OpenAL-->"C:\Program Files\OpenAL\OalinstGridRelease.exe" /U
PDF Settings-->MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
PhotoKit Color 2 Plug-In Module-->C:\WINDOWS\unvise32.exe C:\Program Files\Adobe\Adobe Photoshop CS2\Plug-Ins\Adobe Photoshop Only\Automate\PixelGenius Toolbox Plug-In Module\pkc2_uninstal.log
Photomatix Pro version 3.0-->"C:\Program Files\PhotomatixPro3\unins000.exe"
QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
Rapattoni MLS PDF Creator-->MsiExec.exe /I{691652E3-D900-49C8-843B-2EB459A13653}
RegCure 1.2.0.4-->C:\Program Files\RegCure\uninst.exe
RON Tool Mxlivemedia-->C:\WINDOWS\system32\zhjmbtbxktqk.exe
Rosetta Stone 2.1.4.2Asms-->"C:\Program Files\Rosetta Stone\RS2.1.4.2Asms_Support\Uninstall_Rosetta Stone 2.1.4.2Asms\Uninstall Rosetta Stone 2.1.4.2Asms.exe"
Safari-->MsiExec.exe /I{C9D96682-5A4D-45FA-BA3E-DDCB2B0CB868}
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {90120000-0045-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {90120000-0045-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB955936)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {1D94099C-2BBA-440E-BD5E-093BBDF8F028}
Security Update for Microsoft Office Excel 2007 (KB955470)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {6E8637D8-10D6-4568-AA06-E2706F31685E}
Security Update for Microsoft Office OneNote 2007 (KB950130)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F1B2401C-B610-4BF2-AA1C-52C55827A8F4}
Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB951808)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {90120000-0045-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office Word 2007 (KB950113)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9}
Security Update for Visio 2007 (KB947590)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {6BAD036C-261F-4BEF-96CF-C20678D07A41}
Security Update for Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB929969)-->"C:\WINDOWS\ie7updates\KB929969\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Spell Checker For OE 2.1-->C:\Program Files\Common Files\Microsoft Shared\proof\Uninstal.exe
Spybot - Search & Destroy 1.4-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins001.exe"
Student Management System v3.0hs-->C:\WINDOWS\unvise32.exe C:\Program Files\Rosetta Stone\SMS support v3.0hs\uninstal.log
System Requirements Lab-->C:\Program Files\Common Files\SystemRequirementsLab\Uninstall.exe
Tiger Woods PGA TOUR 2005-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2FDD9D12-46C9-4156-A4A0-55297B9498CA}\Setup.exe" -l0x9 uninstallme
Unlocker 1.8.5-->C:\Program Files\Unlocker\uninst.exe
Update for Microsoft Office Outlook 2007 (KB952142)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}
Update for Office 2007 (KB946691)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb957829)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {07A1F6B6-4F1C-418C-A605-755A121C4A16}
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
VIMICRO USB PC Camera V-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8AD824A5-1CCC-4BB7-82C9-E6FB25CC0479}\setup.exe" -l0x9
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live installer-->MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger-->MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Sign-in Assistant-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
======Hosts File======
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
======Security center information======
AV: CA Anti-Virus
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\QuickTime\QTSystem
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 8 Stepping 0, AuthenticAMD
"PROCESSOR_REVISION"=0800
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip
-----------------EOF-----------------
Hi carolsmith
IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.
Limewire
I'd like you to read the this thread. (http://forums.spybot.info/showthread.php?t=282)
Please go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).NOW
1 - Download and run OTMoveIt3
Download OTMoveIt3 by OldTimer from here (http://oldtimer.geekstogo.com/OTMoveIt3.exe) and save it to your desktop
Launch OTMoveIt3.exe and copy the text from the codebox below into the lefthand box below "Paste Instructions for Items to be Moved"
:reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\awtttrsT]
:files
C:\WINDOWS\system32\zhjmbtbxktqk.exe
Double-check that the input matches the code box above and then click the MoveIt! button to start the script. If you're prompted about rebooting allow the request.
Once OTMoveIt finishes, a log will be located at C:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss. (mmddyyyy_hhmmss is a timestamp from when the log was created)
Include this log in your next reply
2 -Run Malwarebytes' Anti-Malware
Open Malwarebytes' Anti-Malware
Select the Update tab
Click Check for Updates
After the update have been completed, Select the Scanner tab.
On the Scanner tab:
Make sure the "Perform full scan" option is selected.
Then click on the Scan button.
If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button
The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
Click on the Show Results button to see a list of any malware that was found.
Make sure that everything is checked, and click Remove Selected.
When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
3 - Run Hijackthis
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad
4 - Status Check
Please reply with
1. the OTMoveIt3 log
2. the Malwarebytes' Anti-Malware Log
3. a fresh HijackThis log
carolsmith
2008-11-24, 18:36
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\awtttrsT\\ deleted successfully.
========== FILES ==========
C:\WINDOWS\system32\zhjmbtbxktqk.exe moved successfully.
OTMoveIt3 by OldTimer - Version 1.0.7.1 log created on 11242008_082725
Malwarebytes' Anti-Malware 1.30
Database version: 1414
Windows 5.1.2600 Service Pack 3
11/24/2008 12:29:04 PM
mbam-log-2008-11-24 (12-29-04).txt
Scan type: Full Scan (C:\|)
Objects scanned: 240591
Time elapsed: 1 hour(s), 26 minute(s), 18 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 6
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.151 85.255.112.152 1.2.3.4 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{35b098e3-1257-4a2e-b27e-ea77d4af4f14}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.151 85.255.112.152 1.2.3.4 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.151 85.255.112.152 1.2.3.4 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{35b098e3-1257-4a2e-b27e-ea77d4af4f14}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.151 85.255.112.152 1.2.3.4 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.151 85.255.112.152 1.2.3.4 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{35b098e3-1257-4a2e-b27e-ea77d4af4f14}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.151 85.255.112.152 1.2.3.4 -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
C:\System Volume Information\_restore{2965C0FC-25D3-49B7-AC35-8C9B0BAED960}\RP549\A0218411.sys (Trojan.Downloader) -> Quarantined and deleted successfully.
carolsmith
2008-11-24, 18:37
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:36:36 PM, on 11/24/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Rosetta Stone\SMS v3.0hs\Service\JavaSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\WINDOWS\VM305_STI.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.4.0\gears.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [nwiz] "C:\WINDOWS\system32\nwiz.exe" /install
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [BigDog305] "C:\WINDOWS\VM305_STI.EXE" VIMICRO USB PC Camera (ZC0305)
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.4.0\gears.dll
O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.4.0\gears.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIC273~1\WEB2~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O16 - DPF: {D8AA889B-2C65-47C3-8C16-3DCD4EF76A47} (Invoke Solutions Participant Control(MR)) - http://rms2.invokesolutions.com/events/bin/6.2.0.1450/MILive.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c93b0c5acf175c) (gupdate1c93b0c5acf175c) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
O23 - Service: SMSv3hs - Alexandria Software Consulting - C:\Program Files\Rosetta Stone\SMS v3.0hs\Service\JavaSrvc.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
--
End of file - 13604 bytes
carolsmith
2008-11-25, 14:16
Hi Peku006,
Thanks for all your help with that last step. What would you like for me to do next? Were the last logs I posted for review OK?
Hi carolsmith
Download and Run Blacklight
Download F-Secure Blacklight (fsbl.exe) from here (ftp://ftp.f-secure.com/anti-virus/tools/fsbl.exe)
Save to C:\ with a name of fsbl.exe
Note: Its important that you save the file to the correct location, otherwise the procedure will not work
Press the windows key and the R key at the same time to open the Run dialog box
(The windows key is usually located two to the left of the space bar and is labeled with a windows logo)
Copy and paste the content of the below codebox into the run box and press enter
C:\fsbl.exe /expert
This will launch Blacklight
Select I accept the agreement
Click Next
Click Scan
Wait for the scan to finish
Click on Next
Click Exit
A logfile should be located at C:\fsbl-xxxxxxxxxxxxxx.log
Include this log in your next reply
Thanks peku006
carolsmith
2008-11-25, 19:54
The scan came back "No items found".
This is the only log that I could find:
11/25/08 13:38:35 [Info]: BlackLight Engine 2.2.1092 initialized
11/25/08 13:38:35 [Info]: OS: 5.1 build 2600 (Service Pack 3)
11/25/08 13:38:35 [Note]: 7019 4
11/25/08 13:38:35 [Note]: 7005 0
11/25/08 13:38:37 [Note]: 7006 0
11/25/08 13:38:37 [Note]: 7022 0
11/25/08 13:38:37 [Note]: 7011 1384
11/25/08 13:38:37 [Note]: 7035 0
11/25/08 13:38:38 [Note]: 7026 0
11/25/08 13:38:38 [Note]: 7026 0
11/25/08 13:38:38 [Note]: FSRAW library version 1.7.1024
11/25/08 13:50:24 [Note]: 7007 0
Hi carolsmith
Please reset your router
next...
Please update mbam, run full scan with it and post back its report.
Thanks peku006
carolsmith
2008-11-26, 01:41
Hi Peku006,
Here is the log you requested.
Malwarebytes' Anti-Malware 1.30
Database version: 1414
Windows 5.1.2600 Service Pack 3
11/25/2008 7:40:25 PM
mbam-log-2008-11-25 (19-40-25).txt
Scan type: Full Scan (C:\|)
Objects scanned: 242621
Time elapsed: 1 hour(s), 30 minute(s), 9 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 4
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.151 85.255.112.152 1.2.3.4 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{35b098e3-1257-4a2e-b27e-ea77d4af4f14}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.151 85.255.112.152 1.2.3.4 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.151 85.255.112.152 1.2.3.4 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{35b098e3-1257-4a2e-b27e-ea77d4af4f14}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.151 85.255.112.152 1.2.3.4 -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
C:\System Volume Information\_restore{2965C0FC-25D3-49B7-AC35-8C9B0BAED960}\RP549\A0218450.sys (Trojan.Downloader) -> Quarantined and deleted successfully.
Hi carolsmith
OTScanIt
Please download OTScanIt.exe (http://download.bleepingcomputer.com/oldtimer/OTScanIt.exe) from Bleeping Computer by OldTimer and save it to your desktop.
Double click on OTScanIt.exe to run it.
Click on Extract. Once done, you will be prompted. Click OK and click Close.
Double click on the OTScanIt folder. Double click on OTScanIt.exe to run it.
Under Drivers section, select Non-Microsoft.
Click on the Run Scan button at the top left hand corner.
OTScanIt will start running. Once done, Notepad will open. Please post the contents of this Notepad file in your next reply.
Thanks peku006
carolsmith
2008-11-26, 14:44
Hi Peku006,
I downloaded the Zip file which contains two files, and when I go to un-zip it it downloads two programs. The first OTS Scanit/catchme which downloads fine but the second file OTScanit.exe is quarantined by CA virus as infected by win32/VMallumEETV.
Waiting your directive.
Hi carolsmith
please restore OTScanit.exe from CA virus quarantine and run it
Please Note, your security programs may give warnings for some of the tools I will ask you to use.
Be assured, any links I give are safe
carolsmith
2008-11-26, 16:22
Hi Peku,
Thanks so much for you help. You don;t know how much we appreciate it or how bad we need to get this fixed today so I can get back to work. I have a meeting at 12:00 so I will be away for a few hours this afternoon and I think you are 7 hours ahead. We have been trying to us my wifes laptop but it too is infected with the same things so I hoping that you can assist us with that as well. We are Realtors and need to use our computers and this has been going on now for 2 weeks darn it!
Ok, snoozed the CA, downloaded and ran the program and here is the log that you requested. I had to post it in 2 seperate posts due to the lenght.
[code]
OTScanIt logfile created on: 11/26/2008 10:12:07 AM
OTScanIt by OldTimer - Version 1.0.19.0 Folder = C:\Documents and Settings\Cameron\Desktop\OTScanIt
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
767.49 Mb Total Physical Memory | 296.94 Mb Available Physical Memory | Hi
38.69% Memory free
1.83 Gb Paging File | 1.36 Gb Available in Paging File | 74.03% Paging File free
Paging file location(s): C:\pagefile.sys 1152 2304;
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.78 Gb Total Space | 68.80 Gb Free Space | 61.55% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: CAMERON-J6XB0NQ
Current User Name: Cameron
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On
[Processes - Non-Microsoft Only]
isafe.exe -> %ProgramFiles%\CA\CA Internet Security Suite\CA Anti-Virus\isafe.exe -> Computer Associates International, Inc. [Ver = Version 8.0.8.0 | Size = 144960 bytes | Modified Date = 5/2/2007 9:14:54 AM | Attr = ]
itmrtsvc.exe -> %ProgramFiles%\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe -> CA, Inc. [Ver = 1.1.0.26 | Size = 280080 bytes | Modified Date = 1/4/2007 12:10:22 PM | Attr = ]
javasrvc.exe -> %ProgramFiles%\Rosetta Stone\SMS v3.0hs\service\JavaSrvc.exe -> Alexandria Software Consulting [Ver = 1, 1, 0, 0 | Size = 65536 bytes | Modified Date = 4/21/2006 11:20:55 AM | Attr = ]
vetmsg.exe -> %ProgramFiles%\CA\CA Internet Security Suite\CA Anti-Virus\vetmsg.exe -> CA, Inc. [Ver = Version 8.4.0.24 | Size = 243216 bytes | Modified Date = 5/2/2007 9:14:55 AM | Attr = ]
viewpointservice.exe -> %ProgramFiles%\Viewpoint\Common\ViewpointService.exe -> Viewpoint Corporation [Ver = 2, 0, 0, 54 | Size = 24652 bytes | Modified Date = 1/4/2007 4:38:08 PM | Attr = ]
cctray.exe -> %ProgramFiles%\CA\CA Internet Security Suite\cctray\cctray.exe -> CA, Inc. [Ver = Version 3.2.1.18 | Size = 177416 bytes | Modified Date = 8/16/2007 10:19:02 PM | Attr = ]
cavrid.exe -> %ProgramFiles%\CA\CA Internet Security Suite\CA Anti-Virus\cavrid.exe -> CA, Inc. [Ver = Version 8.4.0.24 | Size = 230928 bytes | Modified Date = 5/2/2007 9:14:55 AM | Attr = ]
vm305_sti.exe -> %SystemRoot%\VM305_STI.exe -> Vimicro [Ver = 4, 3, 625, 61 | Size = 61440 bytes | Modified Date = 8/5/2005 2:15:04 PM | Attr = ]
wincinemamgr.exe -> %ProgramFiles%\InterVideo\Common\Bin\WinCinemaMgr.exe -> [Ver = 1.0 | Size = 102400 bytes | Modified Date = 9/11/2002 12:33:20 AM | Attr = ]
cappactiveprotection.exe -> %ProgramFiles%\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe -> CA, Inc. [Ver = 9, 1, 0, 2 | Size = 218376 bytes | Modified Date = 8/16/2007 9:10:14 PM | Attr = ]
ppctlpriv.exe -> %ProgramFiles%\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe -> CA, Inc. [Ver = 9.1.0.9 | Size = 189704 bytes | Modified Date = 8/16/2007 9:10:16 PM | Attr = ]
fnplicensingservice.exe -> %CommonProgramFiles%\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -> Macrovision Europe Ltd. [Ver = 11.03.005 | Size = 654848 bytes | Modified Date = 5/4/2007 10:59:30 AM | Attr = ]
ccprovsp.exe -> %ProgramFiles%\CA\CA Internet Security Suite\ccprovsp.exe -> CA, Inc. [Ver = Version 3.2.1.18 | Size = 214280 bytes | Modified Date = 8/16/2007 10:19:02 PM | Attr = ]
[Win32 Services - Non-Microsoft Only]
(Adobe LM Service) Adobe LM Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Adobe Systems Shared\Service\Adobelmsvc.exe -> Adobe Systems [Ver = 2.67.010 | Size = 72704 bytes | Modified Date = 1/29/2007 3:08:10 PM | Attr = ]
(CaCCProvSP) CaCCProvSP [Win32_Own | On_Demand | Running] -> %ProgramFiles%\CA\CA Internet Security Suite\ccprovsp.exe -> CA, Inc. [Ver = Version 3.2.1.18 | Size = 214280 bytes | Modified Date = 8/16/2007 10:19:02 PM | Attr = ]
(CAISafe) CAISafe [Win32_Own | Auto | Running] -> %ProgramFiles%\CA\CA Internet Security Suite\CA Anti-Virus\isafe.exe -> Computer Associates International, Inc. [Ver = Version 8.0.8.0 | Size = 144960 bytes | Modified Date = 5/2/2007 9:14:54 AM | Attr = ]
(FLEXnet Licensing Service) FLEXnet Licensing Service [Win32_Own | On_Demand | Running] -> %CommonProgramFiles%\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -> Macrovision Europe Ltd. [Ver = 11.03.005 | Size = 654848 bytes | Modified Date = 5/4/2007 10:59:30 AM | Attr = ]
(ITMRTSVC) CA Pest Patrol Realtime Protection Service [Win32_Own | Auto | Running] -> %ProgramFiles%\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe -> CA, Inc. [Ver = 1.1.0.26 | Size = 280080 bytes | Modified Date = 1/4/2007 12:10:22 PM | Attr = ]
(PPCtlPriv) PPCtlPriv [Win32_Own | On_Demand | Running] -> %ProgramFiles%\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe -> CA, Inc. [Ver = 9.1.0.9 | Size = 189704 bytes | Modified Date = 8/16/2007 9:10:16 PM | Attr = ]
(SMSv3hs) SMSv3hs [Win32_Own | Auto | Running] -> %ProgramFiles%\Rosetta Stone\SMS v3.0hs\service\JavaSrvc.exe -> Alexandria Software Consulting [Ver = 1, 1, 0, 0 | Size = 65536 bytes | Modified Date = 4/21/2006 11:20:55 AM | Attr = ]
(VETMSGNT) VET Message Service [Win32_Own | Auto | Running] -> %ProgramFiles%\CA\CA Internet Security Suite\CA Anti-Virus\vetmsg.exe -> CA, Inc. [Ver = Version 8.4.0.24 | Size = 243216 bytes | Modified Date = 5/2/2007 9:14:55 AM | Attr = ]
(Viewpoint Manager Service) Viewpoint Manager Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Viewpoint\Common\ViewpointService.exe -> Viewpoint Corporation [Ver = 2, 0, 0, 54 | Size = 24652 bytes | Modified Date = 1/4/2007 4:38:08 PM | Attr = ]
[Driver Services - Non-Microsoft Only]
(ASPI32) ASPI32 [Kernel | System | Running] -> %SystemRoot%\System32\drivers\ASPI32.SYS -> Adaptec [Ver = 4.60 (1021) | Size = 25244 bytes | Modified Date = 9/10/1999 11:06:00 AM | Attr = ]
(catchme) catchme [Kernel | On_Demand | Stopped] -> %SystemDrive%\DOCUME~1\Cameron\LOCALS~1\Temp\catchme.sys -> File not found
(EagleNT) EagleNT [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\EagleNT.sys -> File not found
(pcouffin) VSO Software pcouffin [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\pcouffin.sys -> VSO Software [Ver = 1.37 | Size = 47360 bytes | Modified Date = 1/19/2007 10:16:10 AM | Attr = ]
(SI3112r) Silicon Image SiI 3112 SATARaid Controller [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\SI3112r.sys -> Silicon Image, Inc [Ver = 1, 0, 56, 0 | Size = 102528 bytes | Modified Date = 1/12/2006 12:56:56 PM | Attr = ]
(SiFilter) SATALink driver accelerator [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\SiWinAcc.sys -> Silicon Image, Inc. [Ver = 1.0.0.11 | Size = 10368 bytes | Modified Date = 11/1/2004 12:21:32 PM | Attr = ]
(sptd) sptd [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\sptd.sys -> [Ver = | Size = 682232 bytes | Modified Date = 5/4/2007 10:47:14 AM | Attr = ]
(USB-100) Realtek RTL8150 USB 10/100 Fast Ethernet Adapter [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\RTL8150.SYS -> Realtek [Ver = 5.113.0221.2002 | Size = 26505 bytes | Modified Date = 2/28/2004 11:21:04 AM | Attr = R ]
(VET-FILT) VET File System Filter [Kernel | System | Running] -> %SystemRoot%\System32\drivers\vet-filt.sys -> Computer Associates International, Inc. [Ver = 8.4.0.24 | Size = 26640 bytes | Modified Date = 5/2/2007 9:14:55 AM | Attr = ]
(VET-REC) VET File System Recognizer [Kernel | System | Running] -> %SystemRoot%\System32\drivers\vet-rec.sys -> Computer Associates International, Inc. [Ver = 8.4.0.24 | Size = 21392 bytes | Modified Date = 5/2/2007 9:14:55 AM | Attr = ]
(VETEBOOT) VET Boot Scan Engine [Kernel | On_Demand | Running] -> %SystemRoot%\System32\drivers\veteboot.sys -> Computer Associates International, Inc. [Ver = 31.6.0.0 | Size = 108368 bytes | Modified Date = 6/4/2008 8:40:13 AM | Attr = ]
(VETEFILE) VET File Scan Engine [Kernel | System | Running] -> %SystemRoot%\System32\drivers\vetefile.sys -> Computer Associates International, Inc. [Ver = 31.6.0.0 | Size = 880560 bytes | Modified Date = 6/4/2008 8:40:13 AM | Attr = ]
(VETFDDNT) VET Floppy Boot Sector Monitor [Kernel | System | Running] -> %SystemRoot%\System32\drivers\vetfddnt.sys -> Computer Associates International, Inc. [Ver = 8.4.0.24 | Size = 21648 bytes | Modified Date = 5/2/2007 9:14:55 AM | Attr = ]
(VETMONNT) VET File Monitor [Kernel | System | Running] -> %SystemRoot%\System32\drivers\vetmonnt.sys -> Computer Associates International, Inc. [Ver = 8.4.0.24 | Size = 32528 bytes | Modified Date = 5/2/2007 9:14:55 AM | Attr = ]
(ZSMC0305) VIMICRO USB PC Camera V [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\usbVM305.sys -> Vimicro Corporation [Ver = 3.5.1105. 63 | Size = 391615 bytes | Modified Date = 3/30/2006 12:57:22 AM | Attr = R ]
[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
Acrobat Assistant 8.0 -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe ["C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"] -> Adobe Systems Inc. [Ver = 8.1.2.2008011100 | Size = 623992 bytes | Modified Date = 1/11/2008 6:54:31 PM | Attr = ]
Adobe Reader Speed Launcher -> %ProgramFiles%\Adobe\Reader 8.0\Reader\reader_sl.exe ["C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"] -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 39792 bytes | Modified Date = 1/11/2008 9:16:38 PM | Attr = ]
Adobe_ID0EYTHM -> %CommonProgramFiles%\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3Tray.exe [C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE] -> Adobe Systems Incorporated [Ver = 3, 0, 0, 0 | Size = 1884160 bytes | Modified Date = 3/20/2007 3:40:44 PM | Attr = ]
AppleSyncNotifier -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe] -> Apple Inc. [Ver = 1, 2, 0, 2116 | Size = 111936 bytes | Modified Date = 10/1/2008 12:57:42 PM | Attr = ]
BigDog305 -> %SystemRoot%\VM305_STI.exe ["C:\WINDOWS\VM305_STI.EXE" VIMICRO USB PC Camera (ZC0305)] -> Vimicro [Ver = 4, 3, 625, 61 | Size = 61440 bytes | Modified Date = 8/5/2005 2:15:04 PM | Attr = ]
CAVRID -> %ProgramFiles%\CA\CA Internet Security Suite\CA Anti-Virus\cavrid.exe ["C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"] -> CA, Inc. [Ver = Version 8.4.0.24 | Size = 230928 bytes | Modified Date = 5/2/2007 9:14:55 AM | Attr = ]
cctray -> %ProgramFiles%\CA\CA Internet Security Suite\cctray\cctray.exe ["C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"] -> CA, Inc. [Ver = Version 3.2.1.18 | Size = 177416 bytes | Modified Date = 8/16/2007 10:19:02 PM | Attr = ]
NvCplDaemon -> %SystemRoot%\system32\nvcpl.dll [RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup] -> NVIDIA Corporation [Ver = 6.14.10.9424 | Size = 7700480 bytes | Modified Date = 4/19/2007 11:26:00 AM | Attr = ]
NvMediaCenter -> %SystemRoot%\system32\nvmctray.dll [RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit] -> NVIDIA Corporation [Ver = 6.14.10.9424 | Size = 86016 bytes | Modified Date = 4/19/2007 11:26:00 AM | Attr = ]
NVMixerTray -> %ProgramFiles%\NVIDIA Corporation\NvMixer\NvMixerTray.exe ["C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"] -> NVIDIA Corporation [Ver = 1.0.444 | Size = 131072 bytes | Modified Date = 6/3/2004 8:51:54 PM | Attr = ]
nwiz -> %SystemRoot%\system32\nwiz.exe ["C:\WINDOWS\system32\nwiz.exe" /install] -> [Ver = | Size = 1626112 bytes | Modified Date = 4/19/2007 11:26:00 AM | Attr = ]
QuickTime Task -> %ProgramFiles%\QuickTime\QTTask.exe ["C:\Program Files\QuickTime\QTTask.exe" -atboottime] -> Apple Inc. [Ver = 7.5.5 (990.7) | Size = 413696 bytes | Modified Date = 9/6/2008 3:09:14 PM | Attr = ]
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_07\bin\jusched.exe ["C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 144784 bytes | Modified Date = 6/10/2008 3:27:04 AM | Attr = ]
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
swg -> %ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe] -> Google Inc. [Ver = 4, 1, 509, 1944 | Size = 39408 bytes | Modified Date = 11/18/2008 12:04:22 PM | Attr = ]
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
%AllUsersProfile%\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk -> %ProgramFiles%\InterVideo\Common\Bin\WinCinemaMgr.exe -> [Ver = 1.0 | Size = 102400 bytes | Modified Date = 9/11/2002 12:33:20 AM | Attr = ]
< Cameron Startup Folder > -> C:\Documents and Settings\Cameron\Start Menu\Programs\Startup ->
%UserProfile%\Start Menu\Programs\Startup\Adobe Gamma.lnk -> %CommonProgramFiles%\Adobe\Calibration\Adobe Gamma Loader.exe -> Adobe Systems, Inc. [Ver = 1, 0, 0, 1 | Size = 113664 bytes | Modified Date = 3/16/2005 7:16:50 PM | Attr = ]
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell ->
explorer.exe -> %SystemRoot%\explorer.exe -> Microsoft Corporation [Ver = 6.00.2900.5512 (xpsp.080413-2105) | Size = 1033728 bytes | Modified Date = 4/13/2008 7:12:19 PM | Attr = ]
*MultiFile Done* -> ->
*UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit ->
C:\WINDOWS\system32\userinit.exe -> %SystemRoot%\system32\userinit.exe -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 26112 bytes | Modified Date = 4/13/2008 7:12:38 PM | Attr = ]
*MultiFile Done* -> ->
*UIHost* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost ->
logonui.exe -> %SystemRoot%\system32\logonui.exe -> Microsoft Corporation [Ver = 6.00.2900.5512 (xpsp.080413-2105) | Size = 514560 bytes | Modified Date = 4/13/2008 7:12:24 PM | Attr = ]
*MultiFile Done* -> ->
*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet ->
rundll32 shell32 -> %SystemRoot%\system32\shell32.dll -> Microsoft Corporation [Ver = 6.00.2900.5512 (xpsp.080413-2105) | Size = 8461312 bytes | Modified Date = 4/13/2008 7:12:05 PM | Attr = ]
Control_RunDLL "sysdm.cpl" -> %SystemRoot%\system32\sysdm.cpl -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2105) | Size = 300544 bytes | Modified Date = 4/13/2008 7:12:41 PM | Attr = ]
*MultiFile Done* -> ->
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun -> 67108863 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 255 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\undockwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLegacyLogonScripts -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLogoffScripts -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunLogonScriptSync -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunStartupScriptSync -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideStartupScripts -> 0 ->
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLegacyLogonScripts -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLogoffScripts -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunLogonScriptSync -> 1 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunStartupScriptSync -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideStartupScripts -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\disableregistrytools -> 0 ->
< CDROM Autorun Setting > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\ -> ->
*DependOnGroup* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DependOnGroup ->
SCSI miniport -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Group -> SCSI CDROM Class ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Start -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Tag -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Type -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DisplayName -> CD-ROM Driver ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ImagePath -> %SystemRoot%\system32\drivers\cdrom.sys [System32\DRIVERS\cdrom.sys] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2108) | Size = 62976 bytes | Modified Date = 4/13/2008 1:40:46 PM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun -> 1 ->
*AutoRunAlwaysDisable* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRunAlwaysDisable ->
NEC MBR-7 -> -> File not found
NEC MBR-7.4 -> -> File not found
PIONEER CHANGR DRM-1804X -> -> File not found
PIONEER CD-ROM DRM-6324X -> -> File not found
PIONEER CD-ROM DRM-624X -> -> File not found
TORiSAN CD-ROM CDR_C36 -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\ -> ->
< Drives with AutoRun files > -> ->
AUTOEXEC.BAT [] -> %SystemDrive%\AUTOEXEC.BAT [ NTFS ] -> [Ver = | Size = 0 bytes | Modified Date = 12/19/2006 10:33:03 AM | Attr = ]
< HOSTS File > (287326 bytes and 9952 lines) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
First 25 entries...
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 www.1001namen.com
127.0.0.1 1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123haustiereundmehr.com
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKEY_LOCAL_MACHINE\: Search\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> ->
HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKEY_CURRENT_USER\: Main\\Start Page -> www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome ->
HKEY_CURRENT_USER\: ProxyEnable -> 0 ->
HKEY_CURRENT_USER\: ProxyOverride -> *.local ->
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 5191 domain(s) found. ->
50 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. ->
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 5190 domain(s) found. ->
49 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. ->
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 8.0.0.2006102200 | Size = 62080 bytes | Modified Date = 10/22/2006 10:08:42 PM | Attr = ]
{074C1DC5-9320-4A9A-947D-C042949C6216} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe [ContributeBHO Class] -> [Folder | Modified Date = 10/3/2008 10:39:35 AM | Attr = ]
{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> Safer Networking Limited [Ver = 1, 6, 2, 14 | Size = 1562960 bytes | Modified Date = 9/15/2008 1:25:44 PM | Attr = RHS]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_07\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 509328 bytes | Modified Date = 6/10/2008 3:27:02 AM | Attr = ]
{7E853D72-626A-48EC-A868-BA8D5E23E045} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\Google Toolbar\GoogleToolbar.dll [Google Toolbar Helper] -> [Ver = | Size = 251504 bytes | Modified Date = 11/18/2008 12:04:02 PM | Attr = ]
{AE7CD045-E861-484f-8273-0445EE161910} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [Adobe PDF Conversion Toolbar Helper] -> Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 5/10/2007 9:47:03 PM | Attr = ]
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll [Google Toolbar Notifier BHO] -> Google Inc. [Ver = 5, 0, 926, 3450 | Size = 657904 bytes | Modified Date = 11/18/2008 12:04:22 PM | Attr = ]
{C84D72FE-E17D-4195-BB24-76C02E2E7C4E} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll [Google Dictionary Compression sdch] -> Google Inc. [Ver = 1, 0, 610, 10250 | Size = 522224 bytes | Modified Date = 11/18/2008 12:04:02 PM | Attr = ]
{E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\Google Gears\Internet Explorer\0.5.4.0\gears.dll [Google Gears Helper] -> Google Inc. [Ver = 0.5.4.0 | Size = 1667072 bytes | Modified Date = 11/14/2008 10:30:38 AM | Attr = ]
< Internet Explorer Bars [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ ->
{182EC0BE-5110-49C8-A062-BEB1D02A220B} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 5/10/2007 9:47:03 PM | Attr = ]
< Internet Explorer Bars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ ->
{32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
{2318C2B1-4965-11d4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\Google Toolbar\GoogleToolbar.dll [&Google Toolbar] -> [Ver = | Size = 251504 bytes | Modified Date = 11/18/2008 12:04:02 PM | Attr = ]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 5/10/2007 9:47:03 PM | Attr = ]
{517BDDE4-E3A7-4570-B21E-2B52B6139FC7} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe [Contribute Toolbar] -> [Folder | Modified Date = 10/3/2008 10:39:35 AM | Attr = ]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\Google Toolbar\GoogleToolbar.dll [&Google Toolbar] -> [Ver = | Size = 251504 bytes | Modified Date = 11/18/2008 12:04:02 PM | Attr = ]
WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 5/10/2007 9:47:03 PM | Attr = ]
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 132496 bytes | Modified Date = 6/10/2008 3:27:02 AM | Attr = ]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_07\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 509328 bytes | Modified Date = 6/10/2008 3:27:02 AM | Attr = ]
{09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5}:{0B4350D1-055F-47A3-B112-5F2F2B0D6F08} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\Google Gears\Internet Explorer\0.5.4.0\gears.dll [&Gears Settings] -> Google Inc. [Ver = 0.5.4.0 | Size = 1667072 bytes | Modified Date = 11/14/2008 10:30:38 AM | Attr = ]
{0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8}: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [ieSpell] -> File not found
{1606D6F9-9D3B-4aea-A025-ED5B2FD488E7}: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [ieSpell Options] -> File not found
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> Safer Networking Limited [Ver = 1, 6, 2, 14 | Size = 1562960 bytes | Modified Date = 9/15/2008 1:25:44 PM | Attr = RHS]
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->
&ieSpell Options -> %ProgramFiles%\ieSpell\ieSpell.dll -> Red Egg Software [Ver = 2, 5, 1, 106 | Size = 262144 bytes | Modified Date = 10/31/2006 9:07:16 AM | Attr = ]
Append to existing PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 5/10/2007 9:47:03 PM | Attr = ]
Check &Spelling -> %ProgramFiles%\ieSpell\ieSpell.dll -> Red Egg Software [Ver = 2, 5, 1, 106 | Size = 262144 bytes | Modified Date = 10/31/2006 9:07:16 AM | Attr = ]
Convert link target to Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 5/10/2007 9:47:03 PM | Attr = ]
Convert link target to existing PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 5/10/2007 9:47:03 PM | Attr = ]
Convert selected links to Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 5/10/2007 9:47:03 PM | Attr = ]
Convert selected links to existing PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 5/10/2007 9:47:03 PM | Attr = ]
Convert selection to Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 5/10/2007 9:47:03 PM | Attr = ]
Convert selection to existing PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 5/10/2007 9:47:03 PM | Attr = ]
Convert to Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 5/10/2007 9:47:03 PM | Attr = ]
Lookup on Merriam Webster -> -> File not found
Lookup on Wikipedia -> -> File not found
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
PluginsPageFriendlyName -> Microsoft ActiveX Gallery ->
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s ->
< User Agent Post Platform [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform ->
GTB5 -> ->
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{35B098E3-1257-4A2E-B27E-EA77D4AF4F14} -> (NVIDIA nForce Networking Controller) ->
{3AA34007-CE0F-45D4-A4CB-9A17CDED5D65} -> (3Com 3C920B-EMB Integrated Fast Ethernet Controller) ->
{5B9BEB17-0E3D-4362-9D88-E0623EDF255F} -> (Realtek RTL8150 USB 10/100 Fast Ethernet Adapter) ->
{B1E220E8-626E-4DCE-B697-49CD41FEF86F} -> (1394 Net Adapter) ->
{E70DF64E-9D88-4094-ADD1-E523F4772E45} -> () ->
< Winsock2 Catalogs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\ ->
NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -> %ProgramFiles%\Bonjour\mdnsNSP.dll -> Apple Inc. [Ver = 1,0,5,11 | Size = 147456 bytes | Modified Date = 8/29/2008 9:53:50 AM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000001 -> %SystemRoot%\system32\vetredir.dll -> Computer Associates International, Inc. [Ver = Version 8.0.8.0 | Size = 79424 bytes | Modified Date = 5/2/2007 9:14:54 AM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000002 -> %SystemRoot%\system32\vetredir.dll -> Computer Associates International, Inc. [Ver = Version 8.0.8.0 | Size = 79424 bytes | Modified Date = 5/2/2007 9:14:54 AM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000003 -> %SystemRoot%\system32\vetredir.dll -> Computer Associates International, Inc. [Ver = Version 8.0.8.0 | Size = 79424 bytes | Modified Date = 5/2/2007 9:14:54 AM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000004 -> %SystemRoot%\system32\vetredir.dll -> Computer Associates International, Inc. [Ver = Version 8.0.8.0 | Size = 79424 bytes | Modified Date = 5/2/2007 9:14:54 AM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000005 -> %SystemRoot%\system32\vetredir.dll -> Computer Associates International, Inc. [Ver = Version 8.0.8.0 | Size = 79424 bytes | Modified Date = 5/2/2007 9:14:54 AM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000006 -> %SystemRoot%\system32\vetredir.dll -> Computer Associates International, Inc. [Ver = Version 8.0.8.0 | Size = 79424 bytes | Modified Date = 5/2/2007 9:14:54 AM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000007 -> %SystemRoot%\system32\vetredir.dll -> Computer Associates International, Inc. [Ver = Version 8.0.8.0 | Size = 79424 bytes | Modified Date = 5/2/2007 9:14:54 AM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000008 -> %SystemRoot%\system32\vetredir.dll -> Computer Associates International, Inc. [Ver = Version 8.0.8.0 | Size = 79424 bytes | Modified Date = 5/2/2007 9:14:54 AM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000009 -> %SystemRoot%\system32\vetredir.dll -> Computer Associates International, Inc. [Ver = Version 8.0.8.0 | Size = 79424 bytes | Modified Date = 5/2/2007 9:14:54 AM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000010 -> %SystemRoot%\system32\vetredir.dll -> Computer Associates International, Inc. [Ver = Version 8.0.8.0 | Size = 79424 bytes | Modified Date = 5/2/2007 9:14:54 AM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000011 -> %SystemRoot%\system32\vetredir.dll -> Computer Associates International, Inc. [Ver = Version 8.0.8.0 | Size = 79424 bytes | Modified Date = 5/2/2007 9:14:54 AM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000012 -> %SystemRoot%\system32\vetredir.dll -> Computer Associates International, Inc. [Ver = Version 8.0.8.0 | Size = 79424 bytes | Modified Date = 5/2/2007 9:14:54 AM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000013 -> %SystemRoot%\system32\vetredir.dll -> Computer Associates International, Inc. [Ver = Version 8.0.8.0 | Size = 79424 bytes | Modified Date = 5/2/2007 9:14:54 AM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000014 -> %SystemRoot%\system32\vetredir.dll -> Computer Associates International, Inc. [Ver = Version 8.0.8.0 | Size = 79424 bytes | Modified Date = 5/2/2007 9:14:54 AM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000015 -> %SystemRoot%\system32\vetredir.dll -> Computer Associates International, Inc. [Ver = Version 8.0.8.0 | Size = 79424 bytes | Modified Date = 5/2/2007 9:14:54 AM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000016 -> %SystemRoot%\system32\vetredir.dll -> Computer Associates International, Inc. [Ver = Version 8.0.8.0 | Size = 79424 bytes | Modified Date = 5/2/2007 9:14:54 AM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000017 -> %SystemRoot%\system32\vetredir.dll -> Computer Associates International, Inc. [Ver = Version 8.0.8.0 | Size = 79424 bytes | Modified Date = 5/2/2007 9:14:54 AM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000018 -> %SystemRoot%\system32\vetredir.dll -> Computer Associates International, Inc. [Ver = Version 8.0.8.0 | Size = 79424 bytes | Modified Date = 5/2/2007 9:14:54 AM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000019 -> %SystemRoot%\system32\vetredir.dll -> Computer Associates International, Inc. [Ver = Version 8.0.8.0 | Size = 79424 bytes | Modified Date = 5/2/2007 9:14:54 AM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000020 -> %SystemRoot%\system32\vetredir.dll -> Computer Associates International, Inc. [Ver = Version 8.0.8.0 | Size = 79424 bytes | Modified Date = 5/2/2007 9:14:54 AM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000021 -> %SystemRoot%\system32\vetredir.dll -> Computer Associates International, Inc. [Ver = Version 8.0.8.0 | Size = 79424 bytes | Modified Date = 5/2/2007 9:14:54 AM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000022 -> %SystemRoot%\system32\vetredir.dll -> Computer Associates International, Inc. [Ver = Version 8.0.8.0 | Size = 79424 bytes | Modified Date = 5/2/2007 9:14:54 AM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000023 -> %SystemRoot%\system32\vetredir.dll -> Computer Associates International, Inc. [Ver = Version 8.0.8.0 | Size = 79424 bytes | Modified Date = 5/2/2007 9:14:54 AM | Attr = ]
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
ipp: [HKEY_LOCAL_MACHINE] -> No CLSID value
msdaipp: [HKEY_LOCAL_MACHINE] -> No CLSID value
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{0D41B8C5-2599-4893-8183-00195EC8D5F9}[HKEY_LOCAL_MACHINE] -> http://support.asus.com/common/asusTek_sys_ctrl.cab[asusTek_sysctrl Class] ->
{20A60F0D-9AFA-4515-A0FD-83BD84642501}[HKEY_LOCAL_MACHINE] -> http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab[Checkers Class] ->
{33564D57-0000-0010-8000-00AA00389B71}[HKEY_LOCAL_MACHINE] -> http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB[Reg Error: Key does not exist or could not be opened.] ->
{5D6F45B3-9043-443D-A792-115447494D24}[HKEY_LOCAL_MACHINE] -> http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab[UnoCtrl Class] ->
{8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab[Java Plug-in 1.6.0_07] ->
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab[Reg Error: Key does not exist or could not be opened.] ->
{B8BE5E93-A60C-4D26-A2DC-220313175592}[HKEY_LOCAL_MACHINE] -> http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab[MSN Games - Installer] ->
{C3F79A2B-B9B4-4A66-B012-3EE46475B072}[HKEY_LOCAL_MACHINE] -> http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab[MessengerStatsClient Class] ->
{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_08-windows-i586.cab[Java Plug-in 1.5.0_08] ->
{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab[Java Plug-in 1.5.0_10] ->
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab[Java Plug-in 1.6.0_01] ->
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab[Java Plug-in 1.6.0_02] ->
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab[Java Plug-in 1.6.0_03] ->
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab[Java Plug-in 1.6.0_05] ->
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab[Java Plug-in 1.6.0_07] ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab[Java Plug-in 1.6.0_07] ->
{D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab[Shockwave Flash Object] ->
{D8AA889B-2C65-47C3-8C16-3DCD4EF76A47}[HKEY_LOCAL_MACHINE] -> http://rms2.invokesolutions.com/events/bin/6.2.0.1450/MILive.cab[Invoke Solutions Participant Control(MR)] ->
Microsoft XML Parser for Java[HKEY_LOCAL_MACHINE] -> file:///C:/WINDOWS/Java/classes/xmldso.cab[Reg Error: Key does not exist or could not be opened.] ->
< Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/asusTek_sys_ctrl.dll\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/asusTek_sys_ctrl.dll\\.Owner -> {0D41B8C5-2599-4893-8183-00195EC8D5F9} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/asusTek_sys_ctrl.dll\\{0D41B8C5-2599-4893-8183-00195EC8D5F9} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/FP_AX_CAB_INSTALLER.exe\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/FP_AX_CAB_INSTALLER.exe\\.Owner -> {D27CDB6E-AE6D-11CF-96B8-444553540000} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/FP_AX_CAB_INSTALLER.exe\\{D27CDB6E-AE6D-11CF-96B8-444553540000} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/GAME_UNO1.dll\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/GAME_UNO1.dll\\.Owner -> {5D6F45B3-9043-443D-A792-115447494D24} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/GAME_UNO1.dll\\{5D6F45B3-9043-443D-A792-115447494D24} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MessengerStatsPAClient.dll\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MessengerStatsPAClient.dll\\.Owner -> {C3F79A2B-B9B4-4A66-B012-3EE46475B072} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MessengerStatsPAClient.dll\\{C3F79A2B-B9B4-4A66-B012-3EE46475B072} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/msgrchkr.dll\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/msgrchkr.dll\\.Owner -> {20A60F0D-9AFA-4515-A0FD-83BD84642501} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/msgrchkr.dll\\{20A60F0D-9AFA-4515-A0FD-83BD84642501} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/PrinterBvr.dll\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/PrinterBvr.dll\\.Owner -> {62BC5DB2-0044-4040-B366-D628F3CFD551} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/PrinterBvr.dll\\{62BC5DB2-0044-4040-B366-D628F3CFD551} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ZIntro.ocx\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ZIntro.ocx\\.Owner -> {B8BE5E93-A60C-4D26-A2DC-220313175592} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ZIntro.ocx\\{B8BE5E93-A60C-4D26-A2DC-220313175592} -> ->
[Files/Folders - Created Within 30 days]
Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Created Date = 11/20/2008 6:59:17 PM | Attr = HS]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 804839424 bytes | Created Date = 11/4/2008 1:04:14 PM | Attr = HS]
Qoobox -> %SystemDrive%\Qoobox -> [Folder | Created Date = 11/22/2008 4:34:50 PM | Attr = ]
rsit -> %SystemDrive%\rsit -> [Folder | Created Date = 11/23/2008 6:18:47 PM | Attr = ]
_OTMoveIt -> %SystemDrive%\_OTMoveIt -> [Folder | Created Date = 11/24/2008 8:27:25 AM | Attr = ]
404Fix.exe -> %SystemRoot%\System32\404Fix.exe -> S!Ri.URZ [Ver = | Size = 82432 bytes | Created Date = 11/4/2008 12:38:36 PM | Attr = ]
AntiXPVSTFix.exe -> %SystemRoot%\System32\AntiXPVSTFix.exe -> S!Ri.URZ [Ver = | Size = 88576 bytes | Created Date = 11/4/2008 12:38:36 PM | Attr = ]
cdintf250.dll -> %SystemRoot%\System32\cdintf250.dll -> Amyuni Technologies
http://www.amyuni.com [Ver = 2.50a | Size = 1617920 bytes | Created Date = 11/6/2008 1:50:07 PM | Attr = ]
cont_mxlivemedia-remove.exe -> %SystemRoot%\System32\cont_mxlivemedia-remove.exe -> [Ver = | Size = 53973 bytes | Created Date = 11/16/2008 10:16:01 AM | Attr = ]
dumphive.exe -> %SystemRoot%\System32\dumphive.exe -> [Ver = | Size = 51200 bytes | Created Date = 11/4/2008 12:38:36 PM | Attr = ]
IEDFix.C.exe -> %SystemRoot%\System32\IEDFix.C.exe -> S!Ri.URZ [Ver = | Size = 82944 bytes | Created Date = 11/4/2008 12:38:36 PM | Attr = ]
IEDFix.exe -> %SystemRoot%\System32\IEDFix.exe -> S!Ri.URZ [Ver = | Size = 82944 bytes | Created Date = 11/4/2008 12:38:36 PM | Attr = ]
o4Patch.exe -> %SystemRoot%\System32\o4Patch.exe -> S!Ri.URZ [Ver = | Size = 82944 bytes | Created Date = 11/4/2008 12:38:36 PM | Attr = ]
SrchSTS.exe -> %SystemRoot%\System32\SrchSTS.exe -> S!Ri [Ver = | Size = 288417 bytes | Created Date = 11/4/2008 12:38:36 PM | Attr = ]
tmp.reg -> %SystemRoot%\System32\tmp.reg -> [Ver = | Size = 3524 bytes | Created Date = 11/4/2008 12:38:53 PM | Attr = ]
VACFix.exe -> %SystemRoot%\System32\VACFix.exe -> S!Ri.URZ [Ver = | Size = 87552 bytes | Created Date = 11/4/2008 12:38:36 PM | Attr = ]
VCCLSID.exe -> %SystemRoot%\System32\VCCLSID.exe -> S!Ri [Ver = | Size = 289144 bytes | Created Date = 11/4/2008 12:38:36 PM | Attr = ]
WS2Fix.exe -> %SystemRoot%\System32\WS2Fix.exe -> [Ver = | Size = 25600 bytes | Created Date = 11/4/2008 12:38:36 PM | Attr = ]
imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1393 bytes | Created Date = 11/19/2008 11:15:57 PM | Attr = ]
PIF -> %SystemRoot%\PIF -> [Folder | Created Date = 10/30/2008 10:42:37 PM | Attr = H ]
4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp ->
wininit.ini -> %SystemRoot%\wininit.ini -> [Ver = | Size = 820 bytes | Created Date = 11/2/2008 11:42:10 PM | Attr = ]
CAAntiSpywareScan_Daily as Cameron at 14 24.job -> %SystemRoot%\tasks\CAAntiSpywareScan_Daily as Cameron at 14 24.job -> [Ver = | Size = 518 bytes | Created Date = 11/4/2008 2:24:13 PM | Attr = ]
carolsmith
2008-11-26, 16:23
[Files/Folders - Modified Within 30 days]
boot.ini -> %SystemDrive%\boot.ini -> [Ver = | Size = 211 bytes | Modified Date = 11/4/2008 12:25:44 PM | Attr = RHS]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 804839424 bytes | Modified Date = 11/26/2008 8:18:51 AM | Attr = HS]
HOSTS -> %SystemRoot%\System32\drivers\etc\HOSTS -> [Ver = | Size = 287326 bytes | Modified Date = 11/19/2008 9:12:17 AM | Attr = R ]
hosts.20081116-103054.backup -> %SystemRoot%\System32\drivers\etc\hosts.20081116-103054.backup -> [Ver = | Size = 27 bytes | Modified Date = 11/4/2008 12:40:56 PM | Attr = ]
hosts.20081119-091217.backup -> %SystemRoot%\System32\drivers\etc\hosts.20081119-091217.backup -> [Ver = | Size = 287248 bytes | Modified Date = 11/16/2008 10:30:54 AM | Attr = R ]
16 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp ->
cont_mxlivemedia-remove.exe -> %SystemRoot%\System32\cont_mxlivemedia-remove.exe -> [Ver = | Size = 53973 bytes | Modified Date = 11/16/2008 10:16:01 AM | Attr = ]
nvapps.xml -> %SystemRoot%\System32\nvapps.xml -> [Ver = | Size = 88723 bytes | Modified Date = 11/26/2008 8:20:45 AM | Attr = ]
perfc009.dat -> %SystemRoot%\System32\perfc009.dat -> [Ver = | Size = 72152 bytes | Modified Date = 11/2/2008 8:19:54 AM | Attr = ]
perfh009.dat -> %SystemRoot%\System32\perfh009.dat -> [Ver = | Size = 444528 bytes | Modified Date = 11/2/2008 8:19:54 AM | Attr = ]
PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI -> [Ver = | Size = 526710 bytes | Modified Date = 11/2/2008 8:19:54 AM | Attr = ]
tmp.reg -> %SystemRoot%\System32\tmp.reg -> [Ver = | Size = 3524 bytes | Modified Date = 11/4/2008 12:41:01 PM | Attr = ]
wpa.dbl -> %SystemRoot%\System32\wpa.dbl -> [Ver = | Size = 13646 bytes | Modified Date = 11/26/2008 8:20:46 AM | Attr = ]
4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp ->
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 11/26/2008 8:18:54 AM | Attr = S]
imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1393 bytes | Modified Date = 11/19/2008 11:16:07 PM | Attr = ]
system.ini -> %SystemRoot%\system.ini -> [Ver = | Size = 227 bytes | Modified Date = 11/4/2008 12:25:44 PM | Attr = ]
win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 748 bytes | Modified Date = 11/4/2008 12:25:44 PM | Attr = ]
wininit.ini -> %SystemRoot%\wininit.ini -> [Ver = | Size = 820 bytes | Modified Date = 11/16/2008 12:45:45 PM | Attr = ]
AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job -> [Ver = | Size = 284 bytes | Modified Date = 11/20/2008 6:45:00 PM | Attr = ]
CAAntiSpywareScan_Daily as Cameron at 14 24.job -> %SystemRoot%\tasks\CAAntiSpywareScan_Daily as Cameron at 14 24.job -> [Ver = | Size = 518 bytes | Modified Date = 11/4/2008 3:24:32 PM | Attr = ]
RegCure Program Check.job -> %SystemRoot%\tasks\RegCure Program Check.job -> [Ver = | Size = 442 bytes | Modified Date = 11/26/2008 8:19:56 AM | Attr = ]
RegCure.job -> %SystemRoot%\tasks\RegCure.job -> [Ver = | Size = 376 bytes | Modified Date = 11/6/2008 3:00:00 AM | Attr = ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 11/26/2008 8:19:09 AM | Attr = H ]
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader -> [Folder | Modified Date = 12/19/2006 11:36:31 AM | Attr = ]
qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [Ver = | Size = 4232 bytes | Modified Date = 11/25/2008 7:53:54 PM | Attr = ]
qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [Ver = | Size = 5707 bytes | Modified Date = 11/25/2008 7:53:32 PM | Attr = ]
C:\Documents and Settings\All Users\Application Data\Microsoft\Office\Data\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Office\Data -> [Folder | Modified Date = 1/25/2007 11:02:13 AM | Attr = ]
data.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Office\Data\data.dat -> [Ver = | Size = 1128 bytes | Modified Date = 1/3/2007 12:35:52 PM | Attr = ]
opa12.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Office\Data\opa12.dat -> [Ver = | Size = 8206 bytes | Modified Date = 1/25/2007 11:02:13 AM | Attr = ]
C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing -> [Folder | Modified Date = 10/3/2008 1:37:05 PM | Attr = ]
01150138-5009-875a-72cb-424428ee209a.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\01150138-5009-875a-72cb-424428ee209a.dat -> [Ver = | Size = 6043 bytes | Modified Date = 10/3/2008 1:33:21 PM | Attr = ]
018856e9-4719-c876-dd41-0ea0f79230ed.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\018856e9-4719-c876-dd41-0ea0f79230ed.dat -> [Ver = | Size = 13338 bytes | Modified Date = 10/3/2008 1:37:00 PM | Attr = ]
028a9a45-bdef-40ec-39c7-a65a19d1b97f.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\028a9a45-bdef-40ec-39c7-a65a19d1b97f.dat -> [Ver = | Size = 4324 bytes | Modified Date = 10/3/2008 1:06:26 PM | Attr = ]
03532d8e-5f7b-0dfd-bb13-44a58f647a8a.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\03532d8e-5f7b-0dfd-bb13-44a58f647a8a.dat -> [Ver = | Size = 3338 bytes | Modified Date = 10/3/2008 1:33:17 PM | Attr = ]
037dfe40-e363-9482-4522-41a2cf9ebad8.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\037dfe40-e363-9482-4522-41a2cf9ebad8.dat -> [Ver = | Size = 4339 bytes | Modified Date = 10/3/2008 1:03:01 PM | Attr = ]
043ccb29-fff7-6d75-5451-c519699570c8.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\043ccb29-fff7-6d75-5451-c519699570c8.dat -> [Ver = | Size = 4140 bytes | Modified Date = 10/3/2008 1:03:08 PM | Attr = ]
0476a45f-795c-af9c-6c44-a0958717e29a.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\0476a45f-795c-af9c-6c44-a0958717e29a.dat -> [Ver = | Size = 4324 bytes | Modified Date = 10/3/2008 1:03:05 PM | Attr = ]
04c77644-1ff5-9bd5-d89c-b7db311c6dc2.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\04c77644-1ff5-9bd5-d89c-b7db311c6dc2.dat -> [Ver = | Size = 7371 bytes | Modified Date = 10/3/2008 1:37:01 PM | Attr = ]
04f3168a-f35c-cef5-4d17-b8bc2e368770.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\04f3168a-f35c-cef5-4d17-b8bc2e368770.dat -> [Ver = | Size = 3338 bytes | Modified Date = 10/3/2008 1:03:04 PM | Attr = ]
05cf9d2d-ea14-ca15-36cb-b2a08673620b.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\05cf9d2d-ea14-ca15-36cb-b2a08673620b.dat -> [Ver = | Size = 3033 bytes | Modified Date = 10/3/2008 1:43:43 PM | Attr = ]
0a030b38-3a63-1c3b-e25b-70a6f192f56f.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\0a030b38-3a63-1c3b-e25b-70a6f192f56f.dat -> [Ver = | Size = 4324 bytes | Modified Date = 10/3/2008 1:43:38 PM | Attr = ]
0a33367e-1311-49c1-9d03-1ceb52fa1fd1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\0a33367e-1311-49c1-9d03-1ceb52fa1fd1.dat -> [Ver = | Size = 5259 bytes | Modified Date = 10/3/2008 1:03:01 PM | Attr = ]
0a79c596-e94a-3eb9-4f18-ed8ea2f69ef8.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\0a79c596-e94a-3eb9-4f18-ed8ea2f69ef8.dat -> [Ver = | Size = 4140 bytes | Modified Date = 10/3/2008 1:06:21 PM | Attr = ]
0c7422c6-9075-cfdf-011e-eefcf427bfbc.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\0c7422c6-9075-cfdf-011e-eefcf427bfbc.dat -> [Ver = | Size = 6043 bytes | Modified Date = 10/3/2008 1:43:42 PM | Attr = ]
0fa239e5-13b6-fc6a-b806-d42fdc9468b5.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\0fa239e5-13b6-fc6a-b806-d42fdc9468b5.dat -> [Ver = | Size = 3978 bytes | Modified Date = 10/3/2008 1:06:29 PM | Attr = ]
0fe80cf6-2091-974b-9d25-1f2358fdaa0d.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\0fe80cf6-2091-974b-9d25-1f2358fdaa0d.dat -> [Ver = | Size = 13357 bytes | Modified Date = 10/3/2008 1:03:09 PM | Attr = ]
101967ae-4d9d-21bd-12ff-f8df95f9c4c9.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\101967ae-4d9d-21bd-12ff-f8df95f9c4c9.dat -> [Ver = | Size = 3338 bytes | Modified Date = 10/3/2008 1:03:01 PM | Attr = ]
1056f6af-0eb7-c32b-a827-58c8953db66f.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\1056f6af-0eb7-c32b-a827-58c8953db66f.dat -> [Ver = | Size = 3338 bytes | Modified Date = 10/3/2008 1:43:35 PM | Attr = ]
11cdfb8a-d5b6-86ac-4deb-bc63e3d2aa89.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\11cdfb8a-d5b6-86ac-4deb-bc63e3d2aa89.dat -> [Ver = | Size = 3978 bytes | Modified Date = 10/3/2008 1:37:01 PM | Attr = ]
1331f01f-637e-75be-5d45-90561fe2868f.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\1331f01f-637e-75be-5d45-90561fe2868f.dat -> [Ver = | Size = 16455 bytes | Modified Date = 10/3/2008 1:03:13 PM | Attr = ]
1364246e-ac57-7754-c4be-bd0f9868629c.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\1364246e-ac57-7754-c4be-bd0f9868629c.dat -> [Ver = | Size = 5105 bytes | Modified Date = 10/3/2008 1:33:22 PM | Attr = ]
13b0caf5-8c9b-4967-a11a-8b9c1aa601ad.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\13b0caf5-8c9b-4967-a11a-8b9c1aa601ad.dat -> [Ver = | Size = 3033 bytes | Modified Date = 10/3/2008 1:36:58 PM | Attr = ]
14a9f436-00b3-d833-f613-e03bb2a52e90.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\14a9f436-00b3-d833-f613-e03bb2a52e90.dat -> [Ver = | Size = 6043 bytes | Modified Date = 10/3/2008 1:37:01 PM | Attr = ]
1569b58f-5214-64a1-71de-a3cda2ae6d49.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\1569b58f-5214-64a1-71de-a3cda2ae6d49.dat -> [Ver = | Size = 16393 bytes | Modified Date = 10/3/2008 1:03:09 PM | Attr = ]
1591cf52-cfd0-fc3b-7daf-75473c3e35cf.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\1591cf52-cfd0-fc3b-7daf-75473c3e35cf.dat -> [Ver = | Size = 3033 bytes | Modified Date = 10/3/2008 1:03:06 PM | Attr = ]
175806f8-739f-728a-f4c6-ae60fb674509.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\175806f8-739f-728a-f4c6-ae60fb674509.dat -> [Ver = | Size = 3338 bytes | Modified Date = 10/3/2008 1:03:10 PM | Attr = ]
175eef56-3500-f77b-9a5e-83b5b7593401.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\175eef56-3500-f77b-9a5e-83b5b7593401.dat -> [Ver = | Size = 4140 bytes | Modified Date = 10/3/2008 1:03:01 PM | Attr = ]
1a8fa958-32c2-8916-0b5f-4ce82d61326a.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\1a8fa958-32c2-8916-0b5f-4ce82d61326a.dat -> [Ver = | Size = 5259 bytes | Modified Date = 10/3/2008 1:43:38 PM | Attr = ]
1bb248bf-5a77-08db-5b7b-9b5e0b3685fc.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\1bb248bf-5a77-08db-5b7b-9b5e0b3685fc.dat -> [Ver = | Size = 4140 bytes | Modified Date = 10/3/2008 1:36:56 PM | Attr = ]
1bf12209-18e1-7786-2f67-2ce478c219dc.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\1bf12209-18e1-7786-2f67-2ce478c219dc.dat -> [Ver = | Size = 5105 bytes | Modified Date = 10/3/2008 1:06:24 PM | Attr = ]
1d91f2df-292e-9534-18b7-aa2ff471d05f.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\1d91f2df-292e-9534-18b7-aa2ff471d05f.dat -> [Ver = | Size = 11350 bytes | Modified Date = 10/3/2008 1:03:02 PM | Attr = ]
1f5ea485-eb88-ddbd-30b4-3a335da938ca.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\1f5ea485-eb88-ddbd-30b4-3a335da938ca.dat -> [Ver = | Size = 3033 bytes | Modified Date = 10/3/2008 1:43:41 PM | Attr = ]
1ffc8c65-c06a-b241-c6c2-958963986dcb.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\1ffc8c65-c06a-b241-c6c2-958963986dcb.dat -> [Ver = | Size = 7371 bytes | Modified Date = 10/3/2008 1:43:41 PM | Attr = ]
2074235e-315e-c55c-dd0e-cad7f05767c9.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\2074235e-315e-c55c-dd0e-cad7f05767c9.dat -> [Ver = | Size = 5105 bytes | Modified Date = 10/3/2008 1:03:09 PM | Attr = ]
26d17242-ac09-c64b-e256-606d4c3e3cac.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\26d17242-ac09-c64b-e256-606d4c3e3cac.dat -> [Ver = | Size = 4339 bytes | Modified Date = 10/3/2008 1:37:02 PM | Attr = ]
280a51a1-18e3-9455-ebcc-22102f05d5a8.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\280a51a1-18e3-9455-ebcc-22102f05d5a8.dat -> [Ver = | Size = 7371 bytes | Modified Date = 10/3/2008 1:43:33 PM | Attr = ]
28d3887e-c5e5-d37c-1155-5ba3f513fe35.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\28d3887e-c5e5-d37c-1155-5ba3f513fe35.dat -> [Ver = | Size = 16438 bytes | Modified Date = 10/3/2008 1:43:34 PM | Attr = ]
29495a92-0d4e-e49e-a7eb-930a09b7ec74.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\29495a92-0d4e-e49e-a7eb-930a09b7ec74.dat -> [Ver = | Size = 13369 bytes | Modified Date = 10/3/2008 1:37:03 PM | Attr = ]
2a5d2c62-18d9-bf99-69c1-595eb640522d.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\2a5d2c62-18d9-bf99-69c1-595eb640522d.dat -> [Ver = | Size = 5259 bytes | Modified Date = 10/3/2008 1:36:58 PM | Attr = ]
2ea214f4-f6da-8eef-098d-5f44f1683cb7.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\2ea214f4-f6da-8eef-098d-5f44f1683cb7.dat -> [Ver = | Size = 6043 bytes | Modified Date = 10/3/2008 1:37:05 PM | Attr = ]
2f092dd0-33d8-3121-ac03-7c6ae53cad8c.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\2f092dd0-33d8-3121-ac03-7c6ae53cad8c.dat -> [Ver = | Size = 16437 bytes | Modified Date = 10/3/2008 1:37:03 PM | Attr = ]
32f42bb4-37db-c983-7f4d-03bdd98c0b48.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\32f42bb4-37db-c983-7f4d-03bdd98c0b48.dat -> [Ver = | Size = 2943 bytes | Modified Date = 10/3/2008 1:43:39 PM | Attr = ]
33d6d475-5c39-dc53-e24c-600e002b62b9.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\33d6d475-5c39-dc53-e24c-600e002b62b9.dat -> [Ver = | Size = 6043 bytes | Modified Date = 10/3/2008 1:43:41 PM | Attr = ]
34d8df3a-b88a-c0ea-241d-64137d7ba76f.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\34d8df3a-b88a-c0ea-241d-64137d7ba76f.dat -> [Ver = | Size = 3104 bytes | Modified Date = 10/3/2008 1:03:13 PM | Attr = ]
3511ea8d-a673-7e6d-ab56-7ba36928b1cd.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\3511ea8d-a673-7e6d-ab56-7ba36928b1cd.dat -> [Ver = | Size = 11396 bytes | Modified Date = 10/3/2008 1:43:34 PM | Attr = ]
3547a376-3d9a-99cc-3588-7e3a582e24cd.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\3547a376-3d9a-99cc-3588-7e3a582e24cd.dat -> [Ver = | Size = 5259 bytes | Modified Date = 10/3/2008 1:36:55 PM | Attr = ]
368216a0-150e-c34f-d95c-988827a5a3b4.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\368216a0-150e-c34f-d95c-988827a5a3b4.dat -> [Ver = | Size = 16449 bytes | Modified Date = 10/3/2008 1:06:28 PM | Attr = ]
36bb0d6b-a2ba-08bf-bc6b-71b00a8e16c1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\36bb0d6b-a2ba-08bf-bc6b-71b00a8e16c1.dat -> [Ver = | Size = 5105 bytes | Modified Date = 10/3/2008 1:37:05 PM | Attr = ]
37500bf9-5cc9-6f84-a3d5-8f01039cc3ee.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\37500bf9-5cc9-6f84-a3d5-8f01039cc3ee.dat -> [Ver = | Size = 13375 bytes | Modified Date = 10/3/2008 1:43:33 PM | Attr = ]
37b66a1f-69e1-5842-fe8c-329f9957863c.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\37b66a1f-69e1-5842-fe8c-329f9957863c.dat -> [Ver = | Size = 13328 bytes | Modified Date = 10/3/2008 1:36:56 PM | Attr = ]
37c4e574-bff7-92d0-256d-f8d9fbd6b6c2.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\37c4e574-bff7-92d0-256d-f8d9fbd6b6c2.dat -> [Ver = | Size = 3978 bytes | Modified Date = 10/3/2008 1:43:41 PM | Attr = ]
3864e3a9-9eb5-42a0-cc1e-3b02705eb92d.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\3864e3a9-9eb5-42a0-cc1e-3b02705eb92d.dat -> [Ver = | Size = 2944 bytes | Modified Date = 10/3/2008 1:03:05 PM | Attr = ]
38de428b-ddaa-f916-559c-84cf23642ba0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\38de428b-ddaa-f916-559c-84cf23642ba0.dat -> [Ver = | Size = 3101 bytes | Modified Date = 10/3/2008 1:33:21 PM | Attr = ]
39fecb03-1fd8-a7e0-3a8e-295ea442c539.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\39fecb03-1fd8-a7e0-3a8e-295ea442c539.dat -> [Ver = | Size = 2943 bytes | Modified Date = 10/3/2008 1:33:21 PM | Attr = ]
3a92606f-d11d-a41a-6112-3f9e9ded3541.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\3a92606f-d11d-a41a-6112-3f9e9ded3541.dat -> [Ver = | Size = 2942 bytes | Modified Date = 10/3/2008 1:06:17 PM | Attr = ]
3ce185fa-42e6-3037-88d9-b633e65c810f.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\3ce185fa-42e6-3037-88d9-b633e65c810f.dat -> [Ver = | Size = 3338 bytes | Modified Date = 10/3/2008 1:36:54 PM | Attr = ]
3d722b9e-c1f3-82f8-53e2-ffbcffcf9c94.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\3d722b9e-c1f3-82f8-53e2-ffbcffcf9c94.dat -> [Ver = | Size = 7371 bytes | Modified Date = 10/3/2008 1:06:25 PM | Attr = ]
40ad448c-98a6-0122-ff4b-6f10f326dadd.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\40ad448c-98a6-0122-ff4b-6f10f326dadd.dat -> [Ver = | Size = 11510 bytes | Modified Date = 10/3/2008 1:06:23 PM | Attr = ]
430a5a51-50dd-dac4-530a-9ffec3c85365.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\430a5a51-50dd-dac4-530a-9ffec3c85365.dat -> [Ver = | Size = 5259 bytes | Modified Date = 10/3/2008 1:33:18 PM | Attr = ]
431cb86f-0592-9f61-75ae-e72d42905c10.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\431cb86f-0592-9f61-75ae-e72d42905c10.dat -> [Ver = | Size = 4339 bytes | Modified Date = 10/3/2008 1:33:18 PM | Attr = ]
4348efa5-7435-eb1f-589b-2841c02c68ce.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\4348efa5-7435-eb1f-589b-2841c02c68ce.dat -> [Ver = | Size = 13340 bytes | Modified Date = 10/3/2008 1:03:05 PM | Attr = ]
44495203-5a11-ab27-b4e4-99703605edf5.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\44495203-5a11-ab27-b4e4-99703605edf5.dat -> [Ver = | Size = 7371 bytes | Modified Date = 10/3/2008 1:03:11 PM | Attr = ]
4586ed22-6a3f-1e55-6763-353c0c550e01.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\4586ed22-6a3f-1e55-6763-353c0c550e01.dat -> [Ver = | Size = 13334 bytes | Modified Date = 10/3/2008 1:43:39 PM | Attr = ]
45fe821d-9194-1e85-3713-836b88723ef0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\45fe821d-9194-1e85-3713-836b88723ef0.dat -> [Ver = | Size = 2943 bytes | Modified Date = 10/3/2008 1:43:33 PM | Attr = ]
4668e492-e65e-1198-2ffb-b77891b7475c.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\4668e492-e65e-1198-2ffb-b77891b7475c.dat -> [Ver = | Size = 2942 bytes | Modified Date = 10/3/2008 1:37:02 PM | Attr = ]
490f2ed1-a9ce-6f08-dd7a-b6f6ae364bf2.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\490f2ed1-a9ce-6f08-dd7a-b6f6ae364bf2.dat -> [Ver = | Size = 2942 bytes | Modified Date = 10/3/2008 1:06:27 PM | Attr = ]
49d96fd7-dc3e-eda5-76ec-fa483e9ab83e.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\49d96fd7-dc3e-eda5-76ec-fa483e9ab83e.dat -> [Ver = | Size = 13375 bytes | Modified Date = 10/3/2008 1:06:27 PM | Attr = ]
49dcd4cf-21ff-8eca-da9e-eee4dea5be5e.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\49dcd4cf-21ff-8eca-da9e-eee4dea5be5e.dat -> [Ver = | Size = 11479 bytes | Modified Date = 10/3/2008 1:37:01 PM | Attr = ]
49dd3620-a9be-d286-11b7-89f24c4d4338.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\49dd3620-a9be-d286-11b7-89f24c4d4338.dat -> [Ver = | Size = 3033 bytes | Modified Date = 10/3/2008 1:43:35 PM | Attr = ]
4a0a9903-0107-00c1-6040-ebf16570bc3f.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\4a0a9903-0107-00c1-6040-ebf16570bc3f.dat -> [Ver = | Size = 4324 bytes | Modified Date = 10/3/2008 1:03:01 PM | Attr = ]
4dbe0c9a-16db-53a2-42c8-3a03ca232f4d.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\4dbe0c9a-16db-53a2-42c8-3a03ca232f4d.dat -> [Ver = | Size = 4339 bytes | Modified Date = 10/3/2008 1:36:56 PM | Attr = ]
4e0bcfb3-827a-6c51-81b5-4cb800733840.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\4e0bcfb3-827a-6c51-81b5-4cb800733840.dat -> [Ver = | Size = 3033 bytes | Modified Date = 10/3/2008 1:03:14 PM | Attr = ]
5016fdf7-3156-4417-d8cd-0f6de5389973.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\5016fdf7-3156-4417-d8cd-0f6de5389973.dat -> [Ver = | Size = 5259 bytes | Modified Date = 10/3/2008 1:03:04 PM | Attr = ]
50261f7f-fd82-ed63-93d0-06fdc57fad6a.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\50261f7f-fd82-ed63-93d0-06fdc57fad6a.dat -> [Ver = | Size = 3067 bytes | Modified Date = 10/3/2008 1:33:19 PM | Attr = ]
50f809e9-cccb-419d-c7f8-150e5c26b127.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\50f809e9-cccb-419d-c7f8-150e5c26b127.dat -> [Ver = | Size = 3338 bytes | Modified Date = 10/3/2008 1:43:33 PM | Attr = ]
51664674-d04f-2cef-6cfa-30469d717049.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\51664674-d04f-2cef-6cfa-30469d717049.dat -> [Ver = | Size = 11495 bytes | Modified Date = 10/3/2008 1:33:19 PM | Attr = ]
51d1073f-982e-0e09-dde3-866658682daf.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\51d1073f-982e-0e09-dde3-866658682daf.dat -> [Ver = | Size = 3338 bytes | Modified Date = 10/3/2008 1:36:58 PM | Attr = ]
529c9886-b80c-69e8-78e3-929fd43f799e.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\529c9886-b80c-69e8-78e3-929fd43f799e.dat -> [Ver = | Size = 4339 bytes | Modified Date = 10/3/2008 1:06:26 PM | Attr = ]
52dc722f-4e35-4466-e1c1-0bc295da65d6.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\52dc722f-4e35-4466-e1c1-0bc295da65d6.dat -> [Ver = | Size = 5105 bytes | Modified Date = 10/3/2008 1:03:02 PM | Attr = ]
538b5bf4-3e5f-86db-e2ae-eaa9e15166d9.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\538b5bf4-3e5f-86db-e2ae-eaa9e15166d9.dat -> [Ver = | Size = 4339 bytes | Modified Date = 10/3/2008 1:03:05 PM | Attr = ]
5542af50-8f81-44a6-2693-d335abf2163e.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\5542af50-8f81-44a6-2693-d335abf2163e.dat -> [Ver = | Size = 5105 bytes | Modified Date = 10/3/2008 1:03:06 PM | Attr = ]
5766c7d6-4568-976a-1562-ab47b24b53c9.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\5766c7d6-4568-976a-1562-ab47b24b53c9.dat -> [Ver = | Size = 7371 bytes | Modified Date = 10/3/2008 1:06:21 PM | Attr = ]
57f6dd5e-de41-f7ef-06ef-3add2f7effa4.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\57f6dd5e-de41-f7ef-06ef-3add2f7effa4.dat -> [Ver = | Size = 5105 bytes | Modified Date = 10/3/2008 1:36:57 PM | Attr = ]
583dd47f-0051-5ad1-e19e-68c569b64edb.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\583dd47f-0051-5ad1-e19e-68c569b64edb.dat -> [Ver = | Size = 11416 bytes | Modified Date = 10/3/2008 1:43:41 PM | Attr = ]
58a45f56-0432-4146-43bc-90e7fc1efef4.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\58a45f56-0432-4146-43bc-90e7fc1efef4.dat -> [Ver = | Size = 3033 bytes | Modified Date = 10/3/2008 1:33:23 PM | Attr = ]
590477e1-b860-cbc9-f215-8db4e48d88e6.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\590477e1-b860-cbc9-f215-8db4e48d88e6.dat -> [Ver = | Size = 5259 bytes | Modified Date = 10/3/2008 1:06:17 PM | Attr = ]
5b496b09-5f66-e59f-c5da-2389780e71b1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\5b496b09-5f66-e59f-c5da-2389780e71b1.dat -> [Ver = | Size = 6043 bytes | Modified Date = 10/3/2008 1:06:20 PM | Attr = ]
5c7d4087-622d-69c2-ed9c-e14ebe7dd4be.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\5c7d4087-622d-69c2-ed9c-e14ebe7dd4be.dat -> [Ver = | Size = 3978 bytes | Modified Date = 10/3/2008 1:06:25 PM | Attr = ]
5def3b85-cb3f-2f40-2c26-f9235021438c.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\5def3b85-cb3f-2f40-2c26-f9235021438c.dat -> [Ver = | Size = 11326 bytes | Modified Date = 10/3/2008 1:03:05 PM | Attr = ]
5e3086b4-4c52-a8da-8089-60973ef0fc95.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\5e3086b4-4c52-a8da-8089-60973ef0fc95.dat -> [Ver = | Size = 7371 bytes | Modified Date = 10/3/2008 1:06:17 PM | Attr = ]
5ea5ed37-8c3f-2446-6f06-4bcd27e2e3e9.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\5ea5ed37-8c3f-2446-6f06-4bcd27e2e3e9.dat -> [Ver = | Size = 3056 bytes | Modified Date = 10/3/2008 1:36:57 PM | Attr = ]
5ee4fb8c-3270-c9cb-3a5c-7c486f72e526.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\5ee4fb8c-3270-c9cb-3a5c-7c486f72e526.dat -> [Ver = | Size = 3978 bytes | Modified Date = 10/3/2008 1:03:09 PM | Attr = ]
5f4899a6-db42-dee4-4201-8d722c90b373.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\5f4899a6-db42-dee4-4201-8d722c90b373.dat -> [Ver = | Size = 4140 bytes | Modified Date = 10/3/2008 1:33:21 PM | Attr = ]
5f8c13aa-1ff0-2a36-e268-6ca8d7217a93.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\5f8c13aa-1ff0-2a36-e268-6ca8d7217a93.dat -> [Ver = | Size = 3064 bytes | Modified Date = 10/3/2008 1:37:00 PM | Attr = ]
5fe0d67c-a8a3-c43a-fc04-9b5eb8752e01.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\5fe0d67c-a8a3-c43a-fc04-9b5eb8752e01.dat -> [Ver = | Size = 3107 bytes | Modified Date = 10/3/2008 1:43:41 PM | Attr = ]
60f1afa7-ee00-68f4-4893-6ebb8535dbf4.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\60f1afa7-ee00-68f4-4893-6ebb8535dbf4.dat -> [Ver = | Size = 7371 bytes | Modified Date = 10/3/2008 1:03:01 PM | Attr = ]
613cd5f9-769a-8372-33be-4582799fd345.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\613cd5f9-769a-8372-33be-4582799fd345.dat -> [Ver = | Size = 16350 bytes | Modified Date = 10/3/2008 1:06:18 PM | Attr = ]
63551e80-9586-807b-2e1b-55d3577aae9e.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\63551e80-9586-807b-2e1b-55d3577aae9e.dat -> [Ver = | Size = 3033 bytes | Modified Date = 10/3/2008 1:33:21 PM | Attr = ]
63569bf0-9804-9628-a116-d04eedbed42d.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\63569bf0-9804-9628-a116-d04eedbed42d.dat -> [Ver = | Size = 13375 bytes | Modified Date = 10/3/2008 1:33:21 PM | Attr = ]
6825b33a-027d-d0ca-80bc-756d8a6a65cc.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\6825b33a-027d-d0ca-80bc-756d8a6a65cc.dat -> [Ver = | Size = 4324 bytes | Modified Date = 10/3/2008 1:37:01 PM | Attr = ]
68bc78c2-ae94-60a7-63e2-7b241bcc8f0a.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\68bc78c2-ae94-60a7-63e2-7b241bcc8f0a.dat -> [Ver = | Size = 2942 bytes | Modified Date = 10/3/2008 1:06:21 PM | Attr = ]
69e1749f-65fa-7f05-2fc8-b9e5210f89ab.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\69e1749f-65fa-7f05-2fc8-b9e5210f89ab.dat -> [Ver = | Size = 5105 bytes | Modified Date = 10/3/2008 1:33:21 PM | Attr = ]
6b857805-8428-009e-ffb9-00fefd587ee8.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\6b857805-8428-009e-ffb9-00fefd587ee8.dat -> [Ver = | Size = 7371 bytes | Modified Date = 10/3/2008 1:33:21 PM | Attr = ]
6b9708db-d267-561c-0953-88d79a1218c4.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\6b9708db-d267-561c-0953-88d79a1218c4.dat -> [Ver = | Size = 7371 bytes | Modified Date = 10/3/2008 1:03:04 PM | Attr = ]
6c67cf8b-7c54-57a8-f9b7-7b87bc25e749.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\6c67cf8b-7c54-57a8-f9b7-7b87bc25e749.dat -> [Ver = | Size = 4140 bytes | Modified Date = 10/3/2008 1:06:26 PM | Attr = ]
6d90b7e9-6927-2a8a-a7aa-c99ec469cce7.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\6d90b7e9-6927-2a8a-a7aa-c99ec469cce7.dat -> [Ver = | Size = 11308 bytes | Modified Date = 10/3/2008 1:36:57 PM | Attr = ]
72f89a85-7529-0547-3855-ee3dccb18c9c.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\72f89a85-7529-0547-3855-ee3dccb18c9c.dat -> [Ver = | Size = 5259 bytes | Modified Date = 10/3/2008 1:43:33 PM | Attr = ]
7476ec19-076c-d687-b2d1-dae695fedd27.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\7476ec19-076c-d687-b2d1-dae695fedd27.dat -> [Ver = | Size = 2944 bytes | Modified Date = 10/3/2008 1:03:13 PM | Attr = ]
7557eecc-4e13-c6b7-30c3-dfba2d7d461e.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\7557eecc-4e13-c6b7-30c3-dfba2d7d461e.dat -> [Ver = | Size = 4339 bytes | Modified Date = 10/3/2008 1:43:41 PM | Attr = ]
75868857-b042-e82d-b370-231984d4e7d1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\75868857-b042-e82d-b370-231984d4e7d1.dat -> [Ver = | Size = 3074 bytes | Modified Date = 10/3/2008 1:03:02 PM | Attr = ]
75bf4bd9-c6c7-8e38-0283-54802889cdfc.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\75bf4bd9-c6c7-8e38-0283-54802889cdfc.dat -> [Ver = | Size = 3059 bytes | Modified Date = 10/3/2008 1:43:40 PM | Attr = ]
783dab34-b344-eb79-c81b-df7a368fa5d6.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\783dab34-b344-eb79-c81b-df7a368fa5d6.dat -> [Ver = | Size = 13357 bytes | Modified Date = 10/3/2008 1:06:22 PM | Attr = ]
7aaf50e2-ed7d-2646-e439-75141d3767ac.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\7aaf50e2-ed7d-2646-e439-75141d3767ac.dat -> [Ver = | Size = 11395 bytes | Modified Date = 10/3/2008 1:37:03 PM | Attr = ]
7b792752-f728-4376-8750-4ae015f008cd.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\7b792752-f728-4376-8750-4ae015f008cd.dat -> [Ver = | Size = 7371 bytes | Modified Date = 10/3/2008 1:36:54 PM | Attr = ]
7c0e186f-2b7a-84dc-8e53-d37a73f554ef.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\7c0e186f-2b7a-84dc-8e53-d37a73f554ef.dat -> [Ver = | Size = 5259 bytes | Modified Date = 10/3/2008 1:33:21 PM | Attr = ]
7d46a7ca-31a1-9c36-9397-d38e39c53085.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\7d46a7ca-31a1-9c36-9397-d38e39c53085.dat -> [Ver = | Size = 7371 bytes | Modified Date = 10/3/2008 1:03:07 PM | Attr = ]
7d80dc89-876a-e1df-3248-4ffe8d993fe8.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\7d80dc89-876a-e1df-3248-4ffe8d993fe8.dat -> [Ver = | Size = 5105 bytes | Modified Date = 10/3/2008 1:43:34 PM | Attr = ]
7e97bfcf-0513-ed24-e942-7a4ba52b84ce.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\7e97bfcf-0513-ed24-e942-7a4ba52b84ce.dat -> [Ver = | Size = 4324 bytes | Modified Date = 10/3/2008 1:36:55 PM | Attr = ]
7e9f22d1-245a-2a19-a0be-923730363462.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\7e9f22d1-245a-2a19-a0be-923730363462.dat -> [Ver = | Size = 3338 bytes | Modified Date = 10/3/2008 1:37:01 PM | Attr = ]
80fa1aa1-c301-f0dc-2ce4-cba2c61c7395.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\80fa1aa1-c301-f0dc-2ce4-cba2c61c7395.dat -> [Ver = | Size = 16446 bytes | Modified Date = 10/3/2008 1:33:22 PM | Attr = ]
81d69f60-8800-4dd0-502e-c576a09222e7.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\81d69f60-8800-4dd0-502e-c576a09222e7.dat -> [Ver = | Size = 13381 bytes | Modified Date = 10/3/2008 1:43:41 PM | Attr = ]
853b57fa-060e-060a-ae72-2d2281871b2c.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\853b57fa-060e-060a-ae72-2d2281871b2c.dat -> [Ver = | Size = 3033 bytes | Modified Date = 10/3/2008 1:03:10 PM | Attr = ]
8702be86-42f9-cf81-25e2-c1418dbfb818.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\8702be86-42f9-cf81-25e2-c1418dbfb818.dat -> [Ver = | Size = 3978 bytes | Modified Date = 10/3/2008 1:03:03 PM | Attr = ]
8724ae3e-c5d6-21eb-3d49-5b7873e11b78.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\8724ae3e-c5d6-21eb-3d49-5b7873e11b78.dat -> [Ver = | Size = 6043 bytes | Modified Date = 10/3/2008 1:03:13 PM | Attr = ]
87840c3e-2b34-eabe-154c-5b38fb789ac4.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\87840c3e-2b34-eabe-154c-5b38fb789ac4.dat -> [Ver = | Size = 4339 bytes | Modified Date = 10/3/2008 1:03:08 PM | Attr = ]
8ab7f6ae-2dd0-fefb-8fc6-41e32c926953.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\8ab7f6ae-2dd0-fefb-8fc6-41e32c926953.dat -> [Ver = | Size = 3104 bytes | Modified Date = 10/3/2008 1:06:27 PM | Attr = ]
8c2162f6-0de1-5fa6-7a0f-34676f6ac843.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\8c2162f6-0de1-5fa6-7a0f-34676f6ac843.dat -> [Ver = | Size = 4140 bytes | Modified Date = 10/3/2008 1:43:33 PM | Attr = ]
903eea28-aea6-f566-b6a3-2608cafeb43b.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\903eea28-aea6-f566-b6a3-2608cafeb43b.dat -> [Ver = | Size = 11317 bytes | Modified Date = 10/3/2008 1:43:40 PM | Attr = ]
90b0bbbf-02f9-03c0-9f90-b04a084369c2.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\90b0bbbf-02f9-03c0-9f90-b04a084369c2.dat -> [Ver = | Size = 4339 bytes | Modified Date = 10/3/2008 1:36:59 PM | Attr = ]
938fe3cd-99a8-2cb6-a6c3-4f8a8745a412.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\938fe3cd-99a8-2cb6-a6c3-4f8a8745a412.dat -> [Ver = | Size = 13352 bytes | Modified Date = 10/3/2008 1:03:01 PM | Attr = ]
9a72b98b-5797-a7e8-3141-1b516fc1a12a.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\9a72b98b-5797-a7e8-3141-1b516fc1a12a.dat -> [Ver = | Size = 2943 bytes | Modified Date = 10/3/2008 1:43:41 PM | Attr = ]
9b4a68cd-b52a-1953-c4dc-0579356feb72.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\9b4a68cd-b52a-1953-c4dc-0579356feb72.dat -> [Ver = | Size = 3098 bytes | Modified Date = 10/3/2008 1:37:02 PM | Attr = ]
9c5b3769-d7b3-2745-a2a2-71991c7d5017.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\9c5b3769-d7b3-2745-a2a2-71991c7d5017.dat -> [Ver = | Size = 16384 bytes | Modified Date = 10/3/2008 1:33:20 PM | Attr = ]
9d4db1df-abcf-b877-ecf3-0bc59dc34f21.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\9d4db1df-abcf-b877-ecf3-0bc59dc34f21.dat -> [Ver = | Size = 4339 bytes | Modified Date = 10/3/2008 1:06:21 PM | Attr = ]
9fed50eb-8b4e-8706-f7f8-87941b535b82.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\9fed50eb-8b4e-8706-f7f8-87941b535b82.dat -> [Ver = | Size = 3033 bytes | Modified Date = 10/3/2008 1:37:05 PM | Attr = ]
a06e8775-093f-e401-2b1e-ab04406ed98b.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\a06e8775-093f-e401-2b1e-ab04406ed98b.dat -> [Ver = | Size = 3978 bytes | Modified Date = 10/3/2008 1:36:57 PM | Attr = ]
a0b31dc0-4d2b-b38b-a482-b38ceb5341ff.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\a0b31dc0-4d2b-b38b-a482-b38ceb5341ff.dat -> [Ver = | Size = 5105 bytes | Modified Date = 10/3/2008 1:03:13 PM | Attr = ]
a2c4c528-48ee-291c-b1cd-f52298b753d4.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\a2c4c528-48ee-291c-b1cd-f52298b753d4.dat -> [Ver = | Size = 16399 bytes | Modified Date = 10/3/2008 1:06:23 PM | Attr = ]
a4ceb196-56fa-8dc3-d113-03ff3500d8e9.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\a4ceb196-56fa-8dc3-d113-03ff3500d8e9.dat -> [Ver = | Size = 6043 bytes | Modified Date = 10/3/2008 1:03:10 PM | Attr = ]
a55405a4-e612-dbc3-a8e0-81fd358631f0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\a55405a4-e612-dbc3-a8e0-81fd358631f0.dat -> [Ver = | Size = 3978 bytes | Modified Date = 10/3/2008 1:43:34 PM | Attr = ]
a63ff1b0-7fdc-7227-2d01-bf56f3f4afcb.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\a63ff1b0-7fdc-7227-2d01-bf56f3f4afcb.dat -> [Ver = | Size = 3978 bytes | Modified Date = 10/3/2008 1:33:22 PM | Attr = ]
a73971af-2887-047d-de68-3da845b9e6cd.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\a73971af-2887-047d-de68-3da845b9e6cd.dat -> [Ver = | Size = 16368 bytes | Modified Date = 10/3/2008 1:37:01 PM | Attr = ]
a8e4a4fb-5637-ad2e-3c71-c6cf080194c4.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\a8e4a4fb-5637-ad2e-3c71-c6cf080194c4.dat -> [Ver = | Size = 4140 bytes | Modified Date = 10/3/2008 1:06:17 PM | Attr = ]
aabddb63-124c-f082-a971-44f3bf2866f7.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\aabddb63-124c-f082-a971-44f3bf2866f7.dat -> [Ver = | Size = 2944 bytes | Modified Date = 10/3/2008 1:03:09 PM | Attr = ]
ab897d79-43ca-7087-1067-ceb56fcc8270.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\ab897d79-43ca-7087-1067-ceb56fcc8270.dat -> [Ver = | Size = 2944 bytes | Modified Date = 10/3/2008 1:03:01 PM | Attr = ]
ab936fa4-d11b-1401-461b-30aff3ad4121.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\ab936fa4-d11b-1401-461b-30aff3ad4121.dat -> [Ver = | Size = 5259 bytes | Modified Date = 10/3/2008 1:37:01 PM | Attr = ]
ad964c58-19d8-4bb5-3b25-52e8be5aee04.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\ad964c58-19d8-4bb5-3b25-52e8be5aee04.dat -> [Ver = | Size = 4339 bytes | Modified Date = 10/3/2008 1:03:12 PM | Attr = ]
b155a3e4-2823-7501-7012-74c4b62d951c.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\b155a3e4-2823-7501-7012-74c4b62d951c.dat -> [Ver = | Size = 5259 bytes | Modified Date = 10/3/2008 1:03:07 PM | Attr = ]
b33fc6ec-b2e6-7f86-e9a0-d596f223d4b5.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\b33fc6ec-b2e6-7f86-e9a0-d596f223d4b5.dat -> [Ver = | Size = 3070 bytes | Modified Date = 10/3/2008 1:03:09 PM | Attr = ]
b3e65d2a-e3d3-a376-3916-c6ef641f7d44.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\b3e65d2a-e3d3-a376-3916-c6ef641f7d44.dat -> [Ver = | Size = 6043 bytes | Modified Date = 10/3/2008 1:43:35 PM | Attr = ]
b43c1d7b-564f-8c07-8720-dc1ab53eddee.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\b43c1d7b-564f-8c07-8720-dc1ab53eddee.dat -> [Ver = | Size = 3062 bytes | Modified Date = 10/3/2008 1:03:05 PM | Attr = ]
b43e9a68-ac09-4d5d-8e69-4f7c9bb72a77.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\b43e9a68-ac09-4d5d-8e69-4f7c9bb72a77.dat -> [Ver = | Size = 6043 bytes | Modified Date = 10/3/2008 1:36:57 PM | Attr = ]
b465db1f-e7c2-065c-231e-f2d278b8601f.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\b465db1f-e7c2-065c-231e-f2d278b8601f.dat -> [Ver = | Size = 4324 bytes | Modified Date = 10/3/2008 1:33:21 PM | Attr = ]
b4cca27a-09e3-5810-11da-7b2f539e44ab.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\b4cca27a-09e3-5810-11da-7b2f539e44ab.dat -> [Ver = | Size = 4324 bytes | Modified Date = 10/3/2008 1:06:21 PM | Attr = ]
b52e7e3e-f53d-4348-ef96-23667393f877.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\b52e7e3e-f53d-4348-ef96-23667393f877.dat -> [Ver = | Size = 2942 bytes | Modified Date = 10/3/2008 1:36:56 PM | Attr = ]
b6cc7e35-51d6-f8a1-5761-65dbe92ce784.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\b6cc7e35-51d6-f8a1-5761-65dbe92ce784.dat -> [Ver = | Size = 3338 bytes | Modified Date = 10/3/2008 1:06:16 PM | Attr = ]
b81f4fd4-a699-13a4-2440-cdb0dd1d5014.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\b81f4fd4-a699-13a4-2440-cdb0dd1d5014.dat -> [Ver = | Size = 16368 bytes | Modified Date = 10/3/2008 1:03:05 PM | Attr = ]
b84f0b68-acc8-b20d-1fc4-4b698f35e89c.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\b84f0b68-acc8-b20d-1fc4-4b698f35e89c.dat -> [Ver = | Size = 5259 bytes | Modified Date = 10/3/2008 1:06:21 PM | Attr = ]
b94079ab-00e7-beb3-c717-45599d104c9a.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\b94079ab-00e7-beb3-c717-45599d104c9a.dat -> [Ver = | Size = 3033 bytes | Modified Date = 10/3/2008 1:03:03 PM | Attr = ]
bb0c8cb8-0689-14bd-dc55-7eff529dcef8.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\bb0c8cb8-0689-14bd-dc55-7eff529dcef8.dat -> [Ver = | Size = 4140 bytes | Modified Date = 10/3/2008 1:03:12 PM | Attr = ]
bb49b14f-f1a8-49de-d8f3-35bf9f68cf8f.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\bb49b14f-f1a8-49de-d8f3-35bf9f68cf8f.dat -> [Ver = | Size = 16359 bytes | Modified Date = 10/3/2008 1:43:40 PM | Attr = ]
bbbab49e-a263-7a35-277e-83c41a8568e5.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\bbbab49e-a263-7a35-277e-83c41a8568e5.dat -> [Ver = | Size = 16392 bytes | Modified Date = 10/3/2008 1:03:02 PM | Attr = ]
bbc405ba-f942-1a0c-36ca-b50fa81769e1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\bbc405ba-f942-1a0c-36ca-b50fa81769e1.dat -> [Ver = | Size = 4339 bytes | Modified Date = 10/3/2008 1:43:38 PM | Attr = ]
bcb2c4f7-7c66-b129-3e1f-531fe95afe1e.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\bcb2c4f7-7c66-b129-3e1f-531fe95afe1e.dat -> [Ver = | Size = 4324 bytes | Modified Date = 10/3/2008 1:06:17 PM | Attr = ]
bf6662c6-99de-b389-9fb5-463528f3d4d2.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\bf6662c6-99de-b389-9fb5-463528f3d4d2.dat -> [Ver = | Size = 6043 bytes | Modified Date = 10/3/2008 1:03:03 PM | Attr = ]
c138b469-09f6-e953-d8f3-f8fa462aaae8.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\c138b469-09f6-e953-d8f3-f8fa462aaae8.dat -> [Ver = | Size = 4140 bytes | Modified Date = 10/3/2008 1:33:18 PM | Attr = ]
c184b536-817a-93e9-c6a4-b96bd6ce67a9.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\c184b536-817a-93e9-c6a4-b96bd6ce67a9.dat -> [Ver = | Size = 2943 bytes | Modified Date = 10/3/2008 1:33:18 PM | Attr = ]
c20f053f-6fa3-76a1-e114-4721d420cea1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\c20f053f-6fa3-76a1-e114-4721d420cea1.dat -> [Ver = | Size = 4140 bytes | Modified Date = 10/3/2008 1:43:39 PM | Attr = ]
c4376460-4c07-1f01-0ec1-f6a75f39666e.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\c4376460-4c07-1f01-0ec1-f6a75f39666e.dat -> [Ver = | Size = 4324 bytes | Modified Date = 10/3/2008 1:43:41 PM | Attr = ]
c6f211d4-c893-e2fe-cdaa-6b04eef84478.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\c6f211d4-c893-e2fe-cdaa-6b04eef84478.dat -> [Ver = | Size = 5259 bytes | Modified Date = 10/3/2008 1:06:25 PM | Attr = ]
c8da92bc-3088-a459-c4f0-86ec62ea82d7.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\c8da92bc-3088-a459-c4f0-86ec62ea82d7.dat -> [Ver = | Size = 3033 bytes | Modified Date = 10/3/2008 1:06:30 PM | Attr = ]
c9d5e9e3-7694-810d-f524-549a01788919.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\c9d5e9e3-7694-810d-f524-549a01788919.dat -> [Ver = | Size = 5259 bytes | Modified Date = 10/3/2008 1:43:41 PM | Attr = ]
c9ffb523-352f-89b2-808f-6074c622d807.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\c9ffb523-352f-89b2-808f-6074c622d807.dat -> [Ver = | Size = 11308 bytes | Modified Date = 10/3/2008 1:06:18 PM | Attr = ]
ced9e02d-d1fd-5e95-80f4-180d440440a9.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\ced9e02d-d1fd-5e95-80f4-180d440440a9.dat -> [Ver = | Size = 3076 bytes | Modified Date = 10/3/2008 1:06:23 PM | Attr = ]
cf9acd33-bfc1-4485-8f03-ab3b876bfd60.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\cf9acd33-bfc1-4485-8f03-ab3b876bfd60.dat -> [Ver = | Size = 4339 bytes | Modified Date = 10/3/2008 1:06:17 PM | Attr = ]
d0308a79-d25a-b9fe-8df2-b9d70ca15313.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\d0308a79-d25a-b9fe-8df2-b9d70ca15313.dat -> [Ver = | Size = 13351 bytes | Modified Date = 10/3/2008 1:33:19 PM | Attr = ]
d06d07a4-7e1a-5336-e250-6b10cd8551dd.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\d06d07a4-7e1a-5336-e250-6b10cd8551dd.dat -> [Ver = | Size = 3338 bytes | Modified Date = 10/3/2008 1:33:21 PM | Attr = ]
d17f6ac6-5ecb-0131-e874-15cb640ac5e0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\d17f6ac6-5ecb-0131-e874-15cb640ac5e0.dat -> [Ver = | Size = 5105 bytes | Modified Date = 10/3/2008 1:37:01 PM | Attr = ]
d286ceaa-46e0-23ac-1f2f-2782a9d7f26f.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\d286ceaa-46e0-23ac-1f2f-2782a9d7f26f.dat -> [Ver = | Size = 6043 bytes | Modified Date = 10/3/2008 1:06:29 PM | Attr = ]
d2c0008b-bfc0-2841-bcd2-ae03bffac98b.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\d2c0008b-bfc0-2841-bcd2-ae03bffac98b.dat -> [Ver = | Size = 3033 bytes | Modified Date = 10/3/2008 1:06:20 PM | Attr = ]
d32aab0b-e987-8e69-e419-9e965feb1121.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\d32aab0b-e987-8e69-e419-9e965feb1121.dat -> [Ver = | Size = 7371 bytes | Modified Date = 10/3/2008 1:43:38 PM | Attr = ]
d3e21740-459b-671a-0f86-333e5bdc1369.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\d3e21740-459b-671a-0f86-333e5bdc1369.dat -> [Ver = | Size = 4140 bytes | Modified Date = 10/3/2008 1:37:02 PM | Attr = ]
d5027a0d-7740-63e2-3560-79740248f360.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\d5027a0d-7740-63e2-3560-79740248f360.dat -> [Ver = | Size = 4324 bytes | Modified Date = 10/3/2008 1:36:59 PM | Attr = ]
d7278b09-cb1c-78ea-e84e-f02a87a71008.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\d7278b09-cb1c-78ea-e84e-f02a87a71008.dat -> [Ver = | Size = 4140 bytes | Modified Date = 10/3/2008 1:03:05 PM | Attr = ]
d793cc6f-4100-bc66-ea2e-a6a2782aafee.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\d793cc6f-4100-bc66-ea2e-a6a2782aafee.dat -> [Ver = | Size = 6043 bytes | Modified Date = 10/3/2008 1:03:06 PM | Attr = ]
d8126e67-61b2-c212-ca6d-f31f966c00fa.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\d8126e67-61b2-c212-ca6d-f31f966c00fa.dat -> [Ver = | Size = 13328 bytes | Modified Date = 10/3/2008 1:06:17 PM | Attr = ]
d8ba2422-cb2d-434b-3217-512d5a948fa0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\d8ba2422-cb2d-434b-3217-512d5a948fa0.dat -> [Ver = | Size = 5105 bytes | Modified Date = 10/3/2008 1:06:29 PM | Attr = ]
dcd7d8f0-d3fe-244f-961d-78a65d032bdd.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\dcd7d8f0-d3fe-244f-961d-78a65d032bdd.dat -> [Ver = | Size = 7371 bytes | Modified Date = 10/3/2008 1:36:58 PM | Attr = ]
dd370320-43ba-c766-5724-66b66ae0d2de.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\dd370320-43ba-c766-5724-66b66ae0d2de.dat -> [Ver = | Size = 3033 bytes | Modified Date = 10/3/2008 1:06:25 PM | Attr = ]
dd634af9-fa39-470e-3277-c4538f44c0b4.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\dd634af9-fa39-470e-3277-c4538f44c0b4.dat -> [Ver = | Size = 3338 bytes | Modified Date = 10/3/2008 1:06:20 PM | Attr = ]
dde04cbc-450e-728b-378e-a6bc9b72dbf2.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\dde04cbc-450e-728b-378e-a6bc9b72dbf2.dat -> [Ver = | Size = 4324 bytes | Modified Date = 10/3/2008 1:03:08 PM | Attr = ]
dfc54589-2ddd-1356-4eab-09f073824505.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\dfc54589-2ddd-1356-4eab-09f073824505.dat -> [Ver = | Size = 3093 bytes | Modified Date = 10/3/2008 1:43:33 PM | Attr = ]
e0260839-68b7-963d-05d3-dc657bc13672.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\e0260839-68b7-963d-05d3-dc657bc13672.dat -> [Ver = | Size = 4324 bytes | Modified Date = 10/3/2008 1:43:33 PM | Attr = ]
e03376cf-8f2d-1d29-4ef3-cb065fc79b57.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\e03376cf-8f2d-1d29-4ef3-cb065fc79b57.dat -> [Ver = | Size = 3338 bytes | Modified Date = 10/3/2008 1:43:41 PM | Attr = ]
e03d0346-b1a1-f178-9e66-a7594de8b933.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\e03d0346-b1a1-f178-9e66-a7594de8b933.dat -> [Ver = | Size = 6043 bytes | Modified Date = 10/3/2008 1:06:25 PM | Attr = ]
e10146f6-92dd-f7af-832d-ff097ecc6ed1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\e10146f6-92dd-f7af-832d-ff097ecc6ed1.dat -> [Ver = | Size = 4140 bytes | Modified Date = 10/3/2008 1:36:59 PM | Attr = ]
e25d7a3d-723b-e04e-8236-1219880b78a2.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\e25d7a3d-723b-e04e-8236-1219880b78a2.dat -> [Ver = | Size = 2942 bytes | Modified Date = 10/3/2008 1:37:00 PM | Attr = ]
e34cd3a2-3d93-8853-c6c9-d07b57d77e2a.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\e34cd3a2-3d93-8853-c6c9-d07b57d77e2a.dat -> [Ver = | Size = 5105 bytes | Modified Date = 10/3/2008 1:43:41 PM | Attr = ]
e3db5d57-8c55-f5a6-65ed-3b90951d6a13.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\e3db5d57-8c55-f5a6-65ed-3b90951d6a13.dat -> [Ver = | Size = 16458 bytes | Modified Date = 10/3/2008 1:43:42 PM | Attr = ]
e45f10ab-c1bd-df9b-36b0-92097eaa5f89.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\e45f10ab-c1bd-df9b-36b0-92097eaa5f89.dat -> [Ver = | Size = 3978 bytes | Modified Date = 10/3/2008 1:37:05 PM | Attr = ]
e50fdc19-c16e-fc33-2f44-f4c1f04d7a35.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\e50fdc19-c16e-fc33-2f44-f4c1f04d7a35.dat -> [Ver = | Size = 3978 bytes | Modified Date = 10/3/2008 1:03:13 PM | Attr = ]
e6e0b676-8674-dfa2-1a4e-1074a52ff287.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\e6e0b676-8674-dfa2-1a4e-1074a52ff287.dat -> [Ver = | Size = 5105 bytes | Modified Date = 10/3/2008 1:06:19 PM | Attr = ]
e923a7ad-f935-4622-d746-fe4bc6395278.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\e923a7ad-f935-4622-d746-fe4bc6395278.dat -> [Ver = | Size = 3056 bytes | Modified Date = 10/3/2008 1:06:18 PM | Attr = ]
ec0abe51-e6d6-8253-d5c5-521ed7246ecf.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\ec0abe51-e6d6-8253-d5c5-521ed7246ecf.dat -> [Ver = | Size = 6043 bytes | Modified Date = 10/3/2008 1:33:22 PM | Attr = ]
edf8d765-9887-3cc1-9bfa-4528d3e3c20b.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\edf8d765-9887-3cc1-9bfa-4528d3e3c20b.dat -> [Ver = | Size = 4339 bytes | Modified Date = 10/3/2008 1:43:33 PM | Attr = ]
ee330798-15ba-4ccb-8424-8ca5db4cecb5.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\ee330798-15ba-4ccb-8424-8ca5db4cecb5.dat -> [Ver = | Size = 3978 bytes | Modified Date = 10/3/2008 1:33:21 PM | Attr = ]
f05e0ab6-c5a5-3ea9-0fb8-d833cd95ec07.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\f05e0ab6-c5a5-3ea9-0fb8-d833cd95ec07.dat -> [Ver = | Size = 5105 bytes | Modified Date = 10/3/2008 1:43:42 PM | Attr = ]
f1b79aa0-4348-3583-7856-2c0c148deaaf.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\f1b79aa0-4348-3583-7856-2c0c148deaaf.dat -> [Ver = | Size = 16350 bytes | Modified Date = 10/3/2008 1:36:57 PM | Attr = ]
f22636a8-e034-0e78-8a3a-0ef262b32572.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\f22636a8-e034-0e78-8a3a-0ef262b32572.dat -> [Ver = | Size = 11407 bytes | Modified Date = 10/3/2008 1:06:28 PM | Attr = ]
f2b0c2c4-27df-5037-e327-6330a7037698.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\f2b0c2c4-27df-5037-e327-6330a7037698.dat -> [Ver = | Size = 4324 bytes | Modified Date = 10/3/2008 1:33:18 PM | Attr = ]
f2d04e16-30bf-f4b0-0c74-c7c9eb296442.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\f2d04e16-30bf-f4b0-0c74-c7c9eb296442.dat -> [Ver = | Size = 3978 bytes | Modified Date = 10/3/2008 1:43:42 PM | Attr = ]
f322fbda-5e99-2db8-7ed7-8e2d520a66bd.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\f322fbda-5e99-2db8-7ed7-8e2d520a66bd.dat -> [Ver = | Size = 7371 bytes | Modified Date = 10/3/2008 1:33:17 PM | Attr = ]
f3844366-20e1-0479-d40b-a33e062970b0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\f3844366-20e1-0479-d40b-a33e062970b0.dat -> [Ver = | Size = 4140 bytes | Modified Date = 10/3/2008 1:43:41 PM | Attr = ]
f44e6fc7-0957-d2a5-6430-df066fca97a6.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\f44e6fc7-0957-d2a5-6430-df066fca97a6.dat -> [Ver = | Size = 13381 bytes | Modified Date = 10/3/2008 1:03:13 PM | Attr = ]
f4933eba-f496-5d69-a3d5-e242aa39e1f1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\f4933eba-f496-5d69-a3d5-e242aa39e1f1.dat -> [Ver = | Size = 3978 bytes | Modified Date = 10/3/2008 1:03:06 PM | Attr = ]
f7c6a244-851c-5f7e-c903-c2ee7634acd2.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\f7c6a244-851c-5f7e-c903-c2ee7634acd2.dat -> [Ver = | Size = 3033 bytes | Modified Date = 10/3/2008 1:37:01 PM | Attr = ]
f8226904-8721-d60c-5690-0eaa0d25d1d2.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\f8226904-8721-d60c-5690-0eaa0d25d1d2.dat -> [Ver = | Size = 23123 bytes | Modified Date = 10/3/2008 1:43:42 PM | Attr = ]
f902ac5d-fa96-bede-d73b-cbdef7034641.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\f902ac5d-fa96-bede-d73b-cbdef7034641.dat -> [Ver = | Size = 3978 bytes | Modified Date = 10/3/2008 1:06:20 PM | Attr = ]
fa2be34c-5f05-85b8-3820-eb0129b0f748.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\fa2be34c-5f05-85b8-3820-eb0129b0f748.dat -> [Ver = | Size = 11504 bytes | Modified Date = 10/3/2008 1:03:09 PM | Attr = ]
fa53d244-edf2-1a17-c96a-e56957e2d797.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\fa53d244-edf2-1a17-c96a-e56957e2d797.dat -> [Ver = | Size = 4324 bytes | Modified Date = 10/3/2008 1:03:12 PM | Attr = ]
fb8b0d97-3e1c-d722-3b7e-544d325f869c.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\fb8b0d97-3e1c-d722-3b7e-544d325f869c.dat -> [Ver = | Size = 11413 bytes | Modified Date = 10/3/2008 1:03:13 PM | Attr = ]
fd69c75f-e3c7-bb49-8419-7c7a89805965.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\fd69c75f-e3c7-bb49-8419-7c7a89805965.dat -> [Ver = | Size = 5259 bytes | Modified Date = 10/3/2008 1:03:11 PM | Attr = ]
fdb5d786-94de-1ea9-33e6-5334bacb1c1b.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\fdb5d786-94de-1ea9-33e6-5334bacb1c1b.dat -> [Ver = | Size = 11404 bytes | Modified Date = 10/3/2008 1:33:21 PM | Attr = ]
fe0dcd9f-e8d5-b531-ee11-e8252c2260d0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\fe0dcd9f-e8d5-b531-ee11-e8252c2260d0.dat -> [Ver = | Size = 3338 bytes | Modified Date = 10/3/2008 1:03:07 PM | Attr = ]
ff63c2b3-6d2a-cf6e-f37c-ceef48acf608.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\ff63c2b3-6d2a-cf6e-f37c-ceef48acf608.dat -> [Ver = | Size = 3338 bytes | Modified Date = 10/3/2008 1:06:25 PM | Attr = ]
ff89168d-38f6-cd29-81b1-9eaa6e539775.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\ff89168d-38f6-cd29-81b1-9eaa6e539775.dat -> [Ver = | Size = 4339 bytes | Modified Date = 10/3/2008 1:33:21 PM | Attr = ]
C:\Documents and Settings\Cameron\Local Settings\Temp\ -> C:\Documents and Settings\Cameron\Local Settings\Temp -> [Folder | Modified Date = 11/26/2008 10:11:19 AM | Attr = ]
CF22039.exe -> C:\Documents and Settings\Cameron\Local Settings\Temp\CF22039.exe -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2111) | Size = 389120 bytes | Modified Date = 11/22/2008 4:34:32 PM | Attr = ]
52 C:\Documents and Settings\Cameron\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Cameron\Local Settings\Temp\*.tmp ->
< End of report >
[/code]
Hi carolsmith
infected with the same things so I hoping that you can assist us with that as well
Yes,of course
Click Start> Run> type in CMD tap enter key
Copy/Paste: ipconfig /flushdns
If you are typing this in, note the space between the g /f
It needs to be there.
After that, Reboot
Run MBAM again.
Please reply with
the Malwarebytes' Anti-Malware Log
Thanks peku006
carolsmith
2008-11-26, 20:22
Ran MBAV which found 7 items, did the removal and here is the log:
Malwarebytes' Anti-Malware 1.30
Database version: 1414
Windows 5.1.2600 Service Pack 3
11/26/2008 2:20:01 PM
mbam-log-2008-11-26 (14-20-01).txt
Scan type: Full Scan (C:\|)
Objects scanned: 243437
Time elapsed: 1 hour(s), 26 minute(s), 0 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 6
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.151 85.255.112.152 1.2.3.4 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{35b098e3-1257-4a2e-b27e-ea77d4af4f14}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.151 85.255.112.152 1.2.3.4 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.151 85.255.112.152 1.2.3.4 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{35b098e3-1257-4a2e-b27e-ea77d4af4f14}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.151 85.255.112.152 1.2.3.4 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.151 85.255.112.152 1.2.3.4 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{35b098e3-1257-4a2e-b27e-ea77d4af4f14}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.151 85.255.112.152 1.2.3.4 -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
C:\System Volume Information\_restore{2965C0FC-25D3-49B7-AC35-8C9B0BAED960}\RP550\A0218540.sys (Trojan.Downloader) -> Quarantined and deleted successfully.
Hi
Download and Run SmitfraudFix
Please download SmitfraudFix (http://siri.urz.free.fr/Fix/SmitfraudFix.exe) (by S!Ri)
Run the file, it will extract Smitfraudfix to its own folder and run.
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.
Note: process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm (http://www.beyondlogic.org/consulting/processutil/processutil.htm)
carolsmith
2008-11-26, 21:13
SmitFraudFix v2.378
Scan done at 15:09:27.85, Wed 11/26/2008
Run from C:\Documents and Settings\Cameron\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\WINDOWS\VM305_STI.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Rosetta Stone\SMS v3.0hs\Service\JavaSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\cmd.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
hosts file corrupted !
127.0.0.1 www.legal-at-spybot.info
127.0.0.1 legal-at-spybot.info
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Cameron
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Cameron\LOCALS~1\Temp
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Cameron\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Start Menu
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Cameron\FAVORI~1
»»»»»»»»»»»»»»»»»»»»»»»» Desktop
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys
»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
!!!Attention, following keys are not inevitably infected!!!
o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, following keys are not inevitably infected!!!
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
»»»»»»»»»»»»»»»»»»»»»»»» RK
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Your computer may be victim of a DNS Hijack: 85.255.x.x detected !
Description: NVIDIA nForce MCP Networking Adapter - Packet Scheduler Miniport
DNS Server Search Order: 85.255.112.151
DNS Server Search Order: 85.255.112.152
DNS Server Search Order: 1.2.3.4
HKLM\SYSTEM\CCS\Services\Tcpip\..\{35B098E3-1257-4A2E-B27E-EA77D4AF4F14}: DhcpNameServer=85.255.112.151 85.255.112.152 1.2.3.4
HKLM\SYSTEM\CS1\Services\Tcpip\..\{35B098E3-1257-4A2E-B27E-EA77D4AF4F14}: DhcpNameServer=85.255.112.151 85.255.112.152 1.2.3.4
HKLM\SYSTEM\CS2\Services\Tcpip\..\{35B098E3-1257-4A2E-B27E-EA77D4AF4F14}: DhcpNameServer=85.255.112.151 85.255.112.152 1.2.3.4
HKLM\SYSTEM\CS3\Services\Tcpip\..\{35B098E3-1257-4A2E-B27E-EA77D4AF4F14}: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=85.255.112.151 85.255.112.152 1.2.3.4
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=85.255.112.151 85.255.112.152 1.2.3.4
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=85.255.112.151 85.255.112.152 1.2.3.4
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1
»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection
»»»»»»»»»»»»»»»»»»»»»»»» End
Hi
Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #5 - Search and Clean DNS Hijack by typing 5 and press Enter
Answer Yes to the question by typing Y and hit Enter.
Please post:
1.c:\rapport.txt
carolsmith
2008-11-26, 21:52
SmitFraudFix v2.378
Scan done at 15:51:22.12, Wed 11/26/2008
Run from C:\Documents and Settings\Cameron\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» DNS Before Fix
Your computer may be victim of a DNS Hijack: 85.255.x.x detected !
Description: NVIDIA nForce MCP Networking Adapter - Packet Scheduler Miniport
DNS Server Search Order: 85.255.112.151
DNS Server Search Order: 85.255.112.152
DNS Server Search Order: 1.2.3.4
HKLM\SYSTEM\CCS\Services\Tcpip\..\{35B098E3-1257-4A2E-B27E-EA77D4AF4F14}: DhcpNameServer=85.255.112.151 85.255.112.152 1.2.3.4
HKLM\SYSTEM\CS1\Services\Tcpip\..\{35B098E3-1257-4A2E-B27E-EA77D4AF4F14}: DhcpNameServer=85.255.112.151 85.255.112.152 1.2.3.4
HKLM\SYSTEM\CS2\Services\Tcpip\..\{35B098E3-1257-4A2E-B27E-EA77D4AF4F14}: DhcpNameServer=85.255.112.151 85.255.112.152 1.2.3.4
HKLM\SYSTEM\CS3\Services\Tcpip\..\{35B098E3-1257-4A2E-B27E-EA77D4AF4F14}: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=85.255.112.151 85.255.112.152 1.2.3.4
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=85.255.112.151 85.255.112.152 1.2.3.4
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=85.255.112.151 85.255.112.152 1.2.3.4
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1
»»»»»»»»»»»»»»»»»»»»»»»» DNS After Fix
Hi
Do you use a router to connect to your computer for internet ?
Is there other Zlob-infected machines using the same router ?
Can you check these?
Then right click on your Default Connection
Usually Local Area Connection for Cable and DSL
Left click on Properties
Double-Click on the Internet Protocol (TCP/IP) item
Select the radio dial that says Obtain DNS Servers Automatically
Note: Do this for all Network Connections
Press OK twice to get out of the properties screen and reboot if it asks
carolsmith
2008-11-26, 22:13
This computer is hardwired and not run thru the wireless router.
Yes, as I think I told you above we also had two other laptops that were infected. One was cleaned by the computer store prior to leaving with my son to a ski resort for the winter and I'm not sure it is clean or not as we didn't have time to look at it after we got it back. The second laptop is my wifes and yes, it is infected and I would like to get it fixed as well.
Which brings me to this question:
My sons laptop which was to be cleaned is arriving to him Fed Ex today. He took with him his external hard drive from this desktop computer with him to use with the now cleaned laptop. Would his external hard drive, that he took from this computer, be infected and can/will it re-infect the cleaned laptop as I need to let him know prior to setting it up sometime today.
I checked all three connections listed and they all three are set up that way.
One last questiojn: So I can plan, How late do you plan to work on this as I will stay as long as you but you are 7 hours ahead.
Hi
Would his external hard drive, that he took from this computer, be infected and can/will it re-infect the cleaned laptop
I’m not quite sure but I think it´s not possibily.
How late do you plan to work on this
I’m sorry, I don’t know.........almost night here in Norway
this sounds like a case of Zlob/DNSchanger that change the router's DNS settings.
if there are other Zlob-infected machines using the same router, they will need to be cleared with the below steps before resetting the router. Otherwise, the malware will simply go back and change the router's DNS settings.
let's proceed like this and in the numbered order.
1. Next disconnect your system from the internet, and your router, then…
2. Click Start> Run> type in CMD tap enter key
Copy/Paste: ipconfig /flushdns
If you are typing this in, note the space between the g /f
It needs to be there.
3. Malwarebytes' Anti-Malware
Please do a scan using these settins:
Open Malwarebytes' Anti-Malware
Select the Update tab
Click Check for Updates
After the update have been completed, Select the Scanner tab.
Select Perform Quick scan, then click on Scan
Leave the default options as it is and click on Start Scan
When done, you will be prompted. Click OK, then click on Show Results
Checked (ticked) all items and click on Remove Selected
After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest
4. Next you must reset the router to its default configuration. This can be done by inserting something tiny like a paper clip end or pencil tip into a small hole labeled "reset" located on the back of the router. Press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 10 seconds). If you don’t know the router's default password, you can look it up HERE (http://forums.whatthetech.com/redirect.php?url=http%3A%2F%2Fwww.phenoelit-us.org%2Fdpl%2Fdpl.html)
Once you have ran Malwarebytes' Anti-Malware on the infected system, and reset the router to its default configuration you can reconnect to the internet, and router. Then return to this site to post your logs.
carolsmith
2008-11-26, 23:12
Malwarebytes' Anti-Malware 1.30
Database version: 1414
Windows 5.1.2600 Service Pack 3
11/26/2008 5:07:15 PM
mbam-log-2008-11-26 (17-07-15).txt
Scan type: Quick Scan
Objects scanned: 68965
Time elapsed: 12 minute(s), 13 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.151 85.255.112.152 1.2.3.4 -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
Hi
Malwarebytes' Anti-Malware
Please do a scan using these settins:
Open Malwarebytes' Anti-Malware
Select the Scanner tab.
Select Perform Quick scan, then click on Scan
Leave the default options as it is and click on Start Scan
When done, you will be prompted. Click OK, then click on Show Results
Checked (ticked) all items and click on Remove Selected
After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest
Please reply with
the Malwarebytes' Anti-Malware Log
carolsmith
2008-11-26, 23:41
Malwarebytes' Anti-Malware 1.30
Database version: 1414
Windows 5.1.2600 Service Pack 3
11/26/2008 5:41:17 PM
mbam-log-2008-11-26 (17-41-17).txt
Scan type: Quick Scan
Objects scanned: 68898
Time elapsed: 11 minute(s), 47 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
Hi carolsmith
Looking good :)
let's run one online scan ......
1 - Clean temp files
Download and Run ATF Cleaner
Download ATF (Atribune Temp File) Cleaner© by Atribune (http://www.atribune.org/ccount/click.php?id=1) to your desktop.Double-click ATF Cleaner.exe to open it.
Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.
if you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
if you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
Click Exit on the Main menu to close the program
2 - Kaspersky Online Scan
Please go to Kaspersky website (http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html) and perform an online antivirus scan.
Read through the requirements and privacy statement and click on Accept button.
It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
When the downloads have finished, click on Settings.
Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button: Spyware, Adware, Dialers, and other potentially dangerous programs
Archives
Mail databases Click on My Computer under Scan.
Once the scan is complete, it will display the results. Click on View Scan Report.
You will see a list of infected items there. Click on Save Report As....
Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
Please post this log in your next reply.
3 - Run Hijackthis
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad
4 - Status Check
Please reply with
1. the Kaspersky online scanner report
2. a fresh HijackThis log
How is the computer running now?
Thanks peku006
carolsmith
2008-11-28, 01:31
Happy Thanksgiving Peku006!
Sorry it took so long, I had to do the on-line scan three times, and each scan takes over 5 hours, as I couldn't get the scan reports to "save as" as I couldn't type anything in the "Save As" box. The scan shows it found four items. The computer still is running slow, taking forever to do just about everything and many times it takes to or three attempts to get IE to start as the first one or two attempts say "program not responding".
I think I saved the KASPERSKY ONLINE SCANNER 7 REPORT in the wrong format but I would need to re-scan to change the format so I copied and posted the best I could, sorry.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:19:08, on 11/27/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Rosetta Stone\SMS v3.0hs\Service\JavaSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\WINDOWS\VM305_STI.EXE
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.4.0\gears.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [nwiz] "C:\WINDOWS\system32\nwiz.exe" /install
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [BigDog305] C:\WINDOWS\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.4.0\gears.dll
O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.4.0\gears.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIC273~1\WEB2~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O16 - DPF: {D8AA889B-2C65-47C3-8C16-3DCD4EF76A47} (Invoke Solutions Participant Control(MR)) - http://rms2.invokesolutions.com/events/bin/6.2.0.1450/MILive.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c93b0c5acf175c) (gupdate1c93b0c5acf175c) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
O23 - Service: SMSv3hs - Alexandria Software Consulting - C:\Program Files\Rosetta Stone\SMS v3.0hs\Service\JavaSrvc.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
--
End of file - 14358 bytes
KASPERSKY ONLINE SCANNER 7 REPORT
Thursday, November 27, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Thursday, November 27, 2008 12:59:29
Records in database: 1421210
Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes
Scan area My Computer
A:\
C:\
D:\
E:\
G:\
H:\
Scan statistics
Files scanned 176341
Threat name 2
Infected objects 4
Suspicious objects 0
Duration of the scan 03:48:46
File name Threat name Threats count
C:\Documents and Settings\Cameron\Desktop\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f 1
C:\Documents and Settings\Cameron\Desktop\SmitfraudFix.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f 1
C:\Documents and Settings\Cameron\Local Settings\Application Data\Identities\{558F31C0-2542-4FAE-85BA-88DA9D8CE6F3}\Microsoft\Outlook Express\Sent Items.dbx Infected: Hoax.Win32.BadJoke.VB.ak 2
The selected area was scanned.
Hi carolsmith
Happy Thanksgiving Peku006
Thank you, same to you too......(maybe just a little bit late)
Your logs are looking much better now
Empty out your Sent Items in Outlook Express
You have Viewpoint, Viewpoint Manager, Viewpoint Media Player installed on your system. These programs are not malware but are considered as foistware instead of malware since they are installed without user's approval, and for this reason I recommend you remove them.
To uninstall the the Viewpoint components (Viewpoint, Viewpoint Manager, Viewpoint Media Player):
Click Start, point to Settings, and then click Control Panel.
In Control Panel, double-click Add or Remove Programs.
In Add or Remove Programs, highlight >>Viewpoint component<< , click Remove.
Do the same for each Viewpoint component.
Viewpoint Manager Service (http://www.systemlookup.com/O23/3464-ViewpointService_exe.html)
Remove bad HijackThis entries
Run HijackThis
Click on the Scan button
Put a check beside all of the items listed below (if present):
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
Close all open windows and browsers/email, etc...
Click on the "Fix Checked" button
When completed, close the application.
System Still Slow?
You may wish to try StartupLite. (http://www.malwarebytes.org/startuplite.php) Simply download this tool to your desktop and run it. It will explain any optional auto-start programs on your system, and offer the option to stop these programs from starting at startup. This will result in fewer programs running when you boot your system, and should improve preformance.
If that does not work, you can try the steps mentioned in Slow Computer/browser? Check Here First; It May Not Be Malware (http://www.bleepingcomputer.com/forums/index.php?showtopic=87058&view=findpost&p=487112)
post back if it helped.
carolsmith
2008-11-28, 16:06
Hi Peku006,
Again, thansk for all your help and assistance so far.
I only found one Viewpoint entery and removed it. I am going to run a new malwarebytes scan. I ran an Adware scan last night which found, that said it fixed, one item. Should I run any programs or scans again just to verify that all is removed?
I am going to run a new MWAV scan and see what, if anything it comes up with. I have yet to have a completly clean MWAV scan.
How would you like to start with the laptop infected with the same trojan?
I also ran a new HJT log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:59:57, on 11/28/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Rosetta Stone\SMS v3.0hs\Service\JavaSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\WINDOWS\VM305_STI.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.4.1\gears.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [nwiz] "C:\WINDOWS\system32\nwiz.exe" /install
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [BigDog305] C:\WINDOWS\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.4.1\gears.dll
O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.4.1\gears.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIC273~1\WEB2~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O16 - DPF: {D8AA889B-2C65-47C3-8C16-3DCD4EF76A47} (Invoke Solutions Participant Control(MR)) - http://rms2.invokesolutions.com/events/bin/6.2.0.1450/MILive.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c93b0c5acf175c) (gupdate1c93b0c5acf175c) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
O23 - Service: SMSv3hs - Alexandria Software Consulting - C:\Program Files\Rosetta Stone\SMS v3.0hs\Service\JavaSrvc.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
--
End of file - 14105 bytes
Hi carolsmith
How would you like to start with the laptop infected with the same trojan?
Update mbam, run full scan with it and post back its report ,with a fresh HJT log
Thanks peku006
carolsmith
2008-11-28, 23:06
Hi Peku006,
Thanks for your help. Below are the scans for the laptop.
Malwarebytes' Anti-Malware 1.30
Database version: 1433
Windows 5.1.2600 Service Pack 3
11/28/2008 5:00:06 PM
mbam-log-2008-11-28 (17-00-06).txt
Scan type: Full Scan (C:\|D:\|E:\|)
Objects scanned: 142292
Time elapsed: 47 minute(s), 58 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:05:11 PM, on 11/28/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\dla\DLACTRLW.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Maxtor\Sync\SyncServices.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://newinformation.typepad.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PE_IE_Helper Class - {0941C58F-E461-4E03-BD7D-44C27392ADE1} - C:\Program Files\IBM\Lotus Forms\Viewer\3.0\PEhelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\DLACTRLW.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [masqform.exe] C:\Program Files\IBM\Lotus Forms\Viewer\3.0\masqform.exe -RunOnce"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O15 - Trusted Zone: *.charlotteareamls.com
O15 - Trusted Zone: www.charlotteareamls.net
O15 - Trusted Zone: *.charlotteareamls.net
O15 - Trusted Zone: *.cincymls.net
O15 - Trusted Zone: *.columbianortherndutchessmls.com
O15 - Trusted Zone: www.getoffutt.com
O15 - Trusted Zone: http://ccar.imapp.com
O15 - Trusted Zone: *.instanetforms.com
O15 - Trusted Zone: http://*.lvarmls.com
O15 - Trusted Zone: http://*.prospector.metrolist.net
O15 - Trusted Zone: http://fortmyersmls.rapmls.com
O15 - Trusted Zone: http://*.rapmls.com
O15 - Trusted Zone: *.transactiondesk.com
O15 - Trusted Zone: http://*.www.avrealestate.com
O15 - Trusted Zone: http://*.www.barstowmls.com
O15 - Trusted Zone: http://*.www.cincymls.net
O15 - Trusted Zone: http://*.www.columbianortherndutchessmls.com
O15 - Trusted Zone: http://*.www.dabr.com
O15 - Trusted Zone: http://*.www.firelandsmls.com
O15 - Trusted Zone: http://*.www.fresnomls.com
O15 - Trusted Zone: http://*.www.gniarmls.com
O15 - Trusted Zone: http://*.www.greenemls.com
O15 - Trusted Zone: http://*.www.ivbor.com
O15 - Trusted Zone: http://*.www.ivrealestate.com
O15 - Trusted Zone: http://*.www.lbarmls.com
O15 - Trusted Zone: http://*.www.lvarmls.com
O15 - Trusted Zone: http://*.www.mariposabor.com
O15 - Trusted Zone: http://*.www.marmls.com
O15 - Trusted Zone: http://*.www.midlandsmls.com
O15 - Trusted Zone: http://*.www.northernarizonamls.com
O15 - Trusted Zone: http://*.www.northernkentuckymls.com
O15 - Trusted Zone: http://*.www.nwmls.com
O15 - Trusted Zone: http://*.www.odbrmls.com
O15 - Trusted Zone: http://*.www.ojaivalleymls.com
O15 - Trusted Zone: http://*.www.portervillemls.com
O15 - Trusted Zone: http://*.www.somls.com
O15 - Trusted Zone: http://*.www.swmric.com
O15 - Trusted Zone: http://*.www.tcmls.org
O15 - Trusted Zone: http://*.www.vvmls.com
O15 - ESC Trusted Zone: *.instanetforms.com
O15 - ESC Trusted Zone: *.transactiondesk.com
O16 - DPF: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} (Microsoft VM) -
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5036.cab
O16 - DPF: {62BC5DB2-0044-4040-B366-D628F3CFD551} (PowerTeam HTML Printing Behavior) - file:///C:/DOCUME~1/Carol/LOCALS~1/Temp/IXP000.TMP/setup.cab
O16 - DPF: {6DE617B8-49C0-40F8-8118-D2C3741F1C28} (SetTrustedSitesControl.clsReg) - http://medialaxj.rapmls.com/tools/MlsToTrusted/rapmls/SetTrustedSitesControl.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
O16 - DPF: {9EF34803-43A8-487A-BC9E-C23FACCDBDBE} (PDFConvert.Converter) -
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} (Java Plug-in 1.6.0_07) -
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Plug-in 1.6.0_07) -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
--
End of file - 14597 bytes
Hi carolsmith
MBAM log looks clean. Let's see what Kaspersky turns up
1 - Clean temp files
Download and Run ATF Cleaner
Download ATF (Atribune Temp File) Cleaner© by Atribune (http://www.atribune.org/ccount/click.php?id=1) to your desktop.Double-click ATF Cleaner.exe to open it.
Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.
if you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
if you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
Click Exit on the Main menu to close the program
2 - Kaspersky Online Scan
Please go to Kaspersky website (http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html) and perform an online antivirus scan.
Read through the requirements and privacy statement and click on Accept button.
It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
When the downloads have finished, click on Settings.
Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button: Spyware, Adware, Dialers, and other potentially dangerous programs
Archives
Mail databases Click on My Computer under Scan.
Once the scan is complete, it will display the results. Click on View Scan Report.
You will see a list of infected items there. Click on Save Report As....
Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
Please post this log in your next reply.
3 - Run Hijackthis
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad
4 - Status Check
Please reply with
1. the Kaspersky online scanner report
2. a fresh HijackThis log
carolsmith
2008-11-29, 18:59
Hi Peku006,
I have attached the two logs you requested.
Thank you for your help.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:56:58 PM, on 11/29/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\dla\DLACTRLW.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Maxtor\Sync\SyncServices.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://newinformation.typepad.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PE_IE_Helper Class - {0941C58F-E461-4E03-BD7D-44C27392ADE1} - C:\Program Files\IBM\Lotus Forms\Viewer\3.0\PEhelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\DLACTRLW.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [masqform.exe] C:\Program Files\IBM\Lotus Forms\Viewer\3.0\masqform.exe -RunOnce"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O15 - Trusted Zone: *.charlotteareamls.com
O15 - Trusted Zone: www.charlotteareamls.net
O15 - Trusted Zone: *.charlotteareamls.net
O15 - Trusted Zone: *.cincymls.net
O15 - Trusted Zone: *.columbianortherndutchessmls.com
O15 - Trusted Zone: www.getoffutt.com
O15 - Trusted Zone: http://ccar.imapp.com
O15 - Trusted Zone: *.instanetforms.com
O15 - Trusted Zone: http://*.lvarmls.com
O15 - Trusted Zone: http://*.prospector.metrolist.net
O15 - Trusted Zone: http://fortmyersmls.rapmls.com
O15 - Trusted Zone: http://*.rapmls.com
O15 - Trusted Zone: *.transactiondesk.com
O15 - Trusted Zone: http://*.www.avrealestate.com
O15 - Trusted Zone: http://*.www.barstowmls.com
O15 - Trusted Zone: http://*.www.cincymls.net
O15 - Trusted Zone: http://*.www.columbianortherndutchessmls.com
O15 - Trusted Zone: http://*.www.dabr.com
O15 - Trusted Zone: http://*.www.firelandsmls.com
O15 - Trusted Zone: http://*.www.fresnomls.com
O15 - Trusted Zone: http://*.www.gniarmls.com
O15 - Trusted Zone: http://*.www.greenemls.com
O15 - Trusted Zone: http://*.www.ivbor.com
O15 - Trusted Zone: http://*.www.ivrealestate.com
O15 - Trusted Zone: http://*.www.lbarmls.com
O15 - Trusted Zone: http://*.www.lvarmls.com
O15 - Trusted Zone: http://*.www.mariposabor.com
O15 - Trusted Zone: http://*.www.marmls.com
O15 - Trusted Zone: http://*.www.midlandsmls.com
O15 - Trusted Zone: http://*.www.northernarizonamls.com
O15 - Trusted Zone: http://*.www.northernkentuckymls.com
O15 - Trusted Zone: http://*.www.nwmls.com
O15 - Trusted Zone: http://*.www.odbrmls.com
O15 - Trusted Zone: http://*.www.ojaivalleymls.com
O15 - Trusted Zone: http://*.www.portervillemls.com
O15 - Trusted Zone: http://*.www.somls.com
O15 - Trusted Zone: http://*.www.swmric.com
O15 - Trusted Zone: http://*.www.tcmls.org
O15 - Trusted Zone: http://*.www.vvmls.com
O15 - ESC Trusted Zone: *.instanetforms.com
O15 - ESC Trusted Zone: *.transactiondesk.com
O16 - DPF: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} (Microsoft VM) -
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5036.cab
O16 - DPF: {62BC5DB2-0044-4040-B366-D628F3CFD551} (PowerTeam HTML Printing Behavior) - file:///C:/DOCUME~1/Carol/LOCALS~1/Temp/IXP000.TMP/setup.cab
O16 - DPF: {6DE617B8-49C0-40F8-8118-D2C3741F1C28} (SetTrustedSitesControl.clsReg) - http://medialaxj.rapmls.com/tools/MlsToTrusted/rapmls/SetTrustedSitesControl.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
O16 - DPF: {9EF34803-43A8-487A-BC9E-C23FACCDBDBE} (PDFConvert.Converter) -
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} (Java Plug-in 1.6.0_07) -
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Plug-in 1.6.0_07) -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
--
End of file - 14469 bytes
Saturday, November 29, 2008
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Saturday, November 29, 2008 12:40:36
Records in database: 1426420
Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes
Scan area My Computer
C:\
D:\
E:\
Scan statistics
Files scanned 94918
Threat name 3
Infected objects 6
Suspicious objects 1
Duration of the scan 02:18:16
File name Threat name Threats count
C:\Documents and Settings\Carol\Local Settings\Application Data\Identities\{889A3C13-8ABD-4EFF-9D4F-3832B14D7682}\Microsoft\Outlook Express\Inbox.dbx Infected: Trojan-Spy.HTML.Fraud.eo 5
C:\Documents and Settings\Carol\Local Settings\Application Data\Identities\{889A3C13-8ABD-4EFF-9D4F-3832B14D7682}\Microsoft\Outlook Express\Pay Pal.dbx Infected: Trojan-Spy.HTML.Paylap.cf 1
C:\Documents and Settings\Carol\Local Settings\Application Data\Identities\{889A3C13-8ABD-4EFF-9D4F-3832B14D7682}\Microsoft\Outlook Express\PayPal Inquiries.dbx Suspicious: Trojan-Spy.HTML.Fraud.gen 1
The selected area was scanned.
Hi carolsmith
Empty out your Sent Items in Outlook Express......
Otherwise i dont see much in the log.........
How is the computer running now?
carolsmith
2008-11-29, 19:40
Hi Peku006,
The only thing that changed was when we turned off the router. I lost connection with the IP address. Now I am not sure if I am connected to our router or pehaps a neighbors?
The computer is running ok.
I am going to run another spy bot scan.
I will post the results
carolsmith
2008-12-01, 14:29
Hi Peku006,
Thanks for all your help seems all the scans are showing clear now.
It has been a few days now and things seemes to be OK with the desktop. Still seems a bit slow with starting IE and such but not too bad.
What is the best way to remove all of the programs that we downloaded to troubleshoot and how do I re-set tea timer since it was deactivated when I did the first SB scan? Is therer any thing ales that I need to reset or anything from all of this?
Regarding the laptop. All the scans seems to be clear now which is odd as before we reset the router for the desktop several scans showed infection with Zlob but after, nothing. Is there an explanation?
Also, it seems that after these last scans and a power surge the laptop is unable to connect wirelessly to the router for some reason. I have tried resetting the DSL and the router as well as resetting the laptop but have not been able to log on wireless for two days now. I can connect hardwire.
Any ideas?
carolsmith
2008-12-02, 02:26
Got the router problem fixed by restoring back to before the power surge.
Hi carolsmith
The scans are fine and it looks like both are clean :)
Re-enable Spybot Teatimer
Go to Start > All Programs > Spybot - Search & Destroy > Spybot Search & Destroy.
On the left hand side, click on Tools.
Check (tick) this box: Resident "TeaTimer" (Protection of over-all system settings) active.
Exit Spybot Search & Destroy.
Restart your computer for the changes to take effect.
Next we remove all used tools.
Delete RSIT from your desktop, also delete this folder C:\rsit.
Double-click OTMoveIt3.exe.
Click the CleanUp! button.
Select Yes when the "Begin cleanup Process?" prompt appears.
If you are prompted to Reboot during the cleanup, select Yes.
The tool will delete itself once it finishes, if not delete it by yourself.
Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.
Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
Disable and Enable System Restore-WINDOWS XP
This is a good time to clear your existing system restore points and establish a new clean restore point:
Turn off System Restore
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
Reboot.
Turn ON System Restore
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.
This will remove all restore points except the new one you just created.
Here are some free programs I recommend that could help you improve your computer's security.
Spybot Search and Destroy 1.6
Download it from here (http://www.safer-networking.org/en/mirrors/index.html). Just choose a mirror and off you go.
Find here the tutorial on how to use Spybot properly here (http://www.bleepingcomputer.com/tutorials/tutorial43.html)
Install SpyWare Blaster 4.0
Download it from here (http://www.javacoolsoftware.com/spywareblaster.html)
Find here the tutorial on how to use Spyware Blaster here (http://www.bleepingcomputer.com/tutorials/tutorial49.html)
Install WinPatrol
Download it from here (http://www.winpatrol.com/download.html)
Here you can find information about how WinPatrol works here (http://www.winpatrol.com/features.html)
Install FireTrust SiteHound
You can find information and download it from here (http://www.firetrust.com/en/products/sitehound)
Install MVPS Hosts File from here (http://mvps.org/winhelp2002/hosts.htm)
The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer.
Find Tutorial here : http://www.mvps.org/winhelp2002/hosts.htm
Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
You can use one of these sites to check if any updates are needed for your pc.
Secunia Software Inspector (http://secunia.com/software_inspector/)
F-secure Health Check (http://www.f-secure.com/weblog/archives/00001356.html)
Visit Microsoft often to get the latest updates for your computer.
http://www.update.microsoft.com
Please check out Tony Klein's article "How did I get infected in the first place?" (http://forums.spybot.info/showthread.php?t=279)
Read some information here (http://users.telenet.be/bluepatchy/miekiemoes/prevention.html) how to prevent Malware.
Happy safe surfing! :bigthumb: