View Full Version : VirusRL2009.exe in Startup. Disabled? Need help cleaning.
Crymmsun
2009-05-03, 05:53
So, I have this *little* thing I found in my startup - VirusRL2009. I have since disabled it in the startup, but I know there must be tons of other things it has downloaded into my registry and onto my hard drive. Thing is, when I run Spybot S&D it says I'm clean. I have the latest update.
I would appreciate any help y'all can give me. You've been so wonderful in the past.
Here is my HJT log and I installed and ran ERUNT.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:46:20 PM, on 5/2/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Rainlendar2\Rainlendar2.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
c:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://neworleans.cox.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [Motorola Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: members.homegrownvideo.com
O15 - Trusted Zone: http://www.kaspersky.com
O15 - Trusted Zone: www.pornhub.com
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} (Scanner.SysScanner) - http://i.dell.com/images/global/js/scanner/SysProExe.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo2.walgreens.com/WalgreensActivia.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1239734013757
O16 - DPF: {B9F79165-A264-4C4A-A211-133A5E8D647F} (F-Secure Health Check 1.1) - http://support.f-secure.com/enu/home/onlineservices/fshc/fscax.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - https://secure.thefilingroom.com/members/XUpload.ocx
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/optimize2/pcpitstop2.dll
O20 - Winlogon Notify: SSOExec - %windir%\temp\sso\ssoexec.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
--
End of file - 7285 bytes
Hello and welcome to Safer Networking
My name is peku006 and I will be helping you to remove any infection(s) that you may have.
I will be giving you a series of instructions that need to be followed in the order in which I give them to you.
Please observe these rules while we work:
I f you don't know or understand something please don't hesitate to ask
Please DO NOT run any other tools or scans whilst I am helping you.
It is important that you reply to this thread. Do not start a new topic.
Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
Absence of symptoms does not mean that everything is clear.
1 - Download and run SmitfraudFix
Download SmitFraudFix.exe (http://siri.urz.free.fr/Fix/SmitfraudFix.exe) by S!Ri and save it to the desktop
If the above link does not work, use one of these alternative sites:
From Geekstogo (http://siri.geekstogo.com/SmitfraudFix.exe)
From Security Cadets (http://downloads.securitycadets.com/SmitfraudFix.exe)
From Zebulon (http://telechargement.zebulon.fr/259-smitfraudfix.html)
Double click on SmitfraudFix.exe to start the tool
Press 1 then hit the Enter key
After SmitfraudFix has finished it will create a log named rapport.txt, usually at C:\rapport.txt
Include this log in your next post
Note: process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user. More info here (http://www.beyondlogic.org/consulting/processutil/processutil.htm)
2 - Status Check
Please reply with
1. the SmitfraudFix log(C:\rapport.txt)
Thanks peku006
Crymmsun
2009-05-04, 01:25
Thank you so much for taking your time to help me with this! Here is my SmitFraudFix log.
SmitFraudFix v2.414
Scan done at 18:22:13.38, Sun 05/03/2009
Run from C:\Documents and Settings\Owner\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Rainlendar2\Rainlendar2.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
c:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Desktop\SmitfraudFix\Policies.exe
C:\WINDOWS\system32\cmd.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Owner
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Owner\LOCALS~1\Temp
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Owner\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Start Menu
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Owner\FAVORI~1
»»»»»»»»»»»»»»»»»»»»»»»» Desktop
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys
»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
!!!Attention, following keys are not inevitably infected!!!
o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix
!!!Attention, following keys are not inevitably infected!!!
Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, following keys are not inevitably infected!!!
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
»»»»»»»»»»»»»»»»»»»»»»»» RK
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: Dell Wireless 1350 WLAN Mini-PCI Card - Packet Scheduler Miniport
DNS Server Search Order: 68.105.28.11
DNS Server Search Order: 68.105.29.11
DNS Server Search Order: 68.105.28.12
HKLM\SYSTEM\CCS\Services\Tcpip\..\{5065CB1E-5C1A-4B95-956C-F6138E6495A9}: DhcpNameServer=68.105.28.11 68.105.29.11 68.105.28.12
HKLM\SYSTEM\CS1\Services\Tcpip\..\{5065CB1E-5C1A-4B95-956C-F6138E6495A9}: DhcpNameServer=68.105.28.11 68.105.29.11 68.105.28.12
HKLM\SYSTEM\CS2\Services\Tcpip\..\{5065CB1E-5C1A-4B95-956C-F6138E6495A9}: DhcpNameServer=68.105.28.11 68.105.29.11 68.105.28.12
HKLM\SYSTEM\CS3\Services\Tcpip\..\{5065CB1E-5C1A-4B95-956C-F6138E6495A9}: DhcpNameServer=68.105.28.11 68.105.29.11 68.105.28.12
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=68.105.28.11 68.105.29.11 68.105.28.12
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=68.105.28.11 68.105.29.11 68.105.28.12
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=68.105.28.11 68.105.29.11 68.105.28.12
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=68.105.28.11 68.105.29.11 68.105.28.12
»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection
»»»»»»»»»»»»»»»»»»»»»»»» End
Hi Crymmsun
1 - Download and Run Malwarebytes' Anti-Malware
Please download Malwarebytes' Anti-Malware (http://www.besttechie.net/tools/mbam-setup.exe) and save it to a convenient location.
Double click on mbam-setup.exe to install it.
Before clicking the Finish button, make sure that these 2 boxes are checked (ticked): Update Malwarebytes' Anti-Malware
Launch Malwarebytes' Anti-Malware Malwarebytes' Anti-Malware will now check for updates. If your firewall prompts, please allow it. If you can't update it, select the Update tab. Under Update Mirror, select one of the websites and click on Check for Updates.
Select the Scanner tab. Click on Perform full scan, then click on Scan.
Leave the default options as it is and click on Start Scan.
When done, you will be prompted. Click OK, then click on Show Results.
Checked (ticked) all items except items in the System Volume Information folder and click on Remove Selected.
http://i35.photobucket.com/albums/d165/ndmmxiaomayi/mayi/mbam1.png
After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest.
2 - download and run RSIT
Download random's system information tool (RSIT) by random/random from here (http://images.malwareremoval.com/random/RSIT.exe) and save it to your desktop.
Double click on RSIT.exe to run RSIT.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open. Please post the contents of both log.txt<- (will be maximized) and info.txt<- (will be minimized)
3 - Status Check
Please reply with
1.the logs from RSIT (log.txt ,info.txt)
2. the Malwarebytes' Anti-Malware Log
description of any problems you are having with your PC
Thanks peku006
Crymmsun
2009-05-05, 06:55
My computer is running seriously sluggish. At times I get those pop ups saying I have an infection that want me to buy something in order to clean it. Other than that nothing unusual, but I know this VirusRL2009 has to have added some nefarious things to my computer along with the Startup item. I have no proof, but I'm sure it must have.
Again, thank you for your time in this matter.
Here are my RSIT logs and then my Malwarebyte's log:
Logfile of random's system information tool 1.06 (written by random/random)
Run by Owner at 2009-05-04 23:46:33
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 23 GB (31%) free of 76 GB
Total RAM: 1022 MB (62% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:47:04, on 5/4/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
c:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Rainlendar2\Rainlendar2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Owner\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Owner.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://neworleans.cox.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [Motorola Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: members.homegrownvideo.com
O15 - Trusted Zone: http://www.kaspersky.com
O15 - Trusted Zone: www.pornhub.com
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} (Scanner.SysScanner) - http://i.dell.com/images/global/js/scanner/SysProExe.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo2.walgreens.com/WalgreensActivia.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1239734013757
O16 - DPF: {B9F79165-A264-4C4A-A211-133A5E8D647F} (F-Secure Health Check 1.1) - http://support.f-secure.com/enu/home/onlineservices/fshc/fscax.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - https://secure.thefilingroom.com/members/XUpload.ocx
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/optimize2/pcpitstop2.dll
O20 - Winlogon Notify: SSOExec - %windir%\temp\sso\ssoexec.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
--
End of file - 7360 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\EasyShare Registration RunOnce Task.job
C:\WINDOWS\tasks\EasyShare Registration Task.job
C:\WINDOWS\tasks\Microsoft_Hardware_Launch_LifeExp_exe.job
C:\WINDOWS\tasks\Microsoft_Hardware_Launch_vVX3000_exe.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-09 35840]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-03-09 73728]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Motorola Wireless Manager UI"=C:\WINDOWS\system32\WLTRAY []
"Broadcom Wireless Manager UI"=C:\WINDOWS\system32\WLTRAY.exe [2006-11-01 1392640]
"igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2005-09-20 94208]
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2005-09-20 114688]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-02-05 81000]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-03-09 148888]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Rainlendar2"=C:\Program Files\Rainlendar2\Rainlendar2.exe [2007-07-24 1298432]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch]
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe [2009-04-30 516440]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
[]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
C:\WINDOWS\system32\hkcmd.exe [2005-09-20 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam]
c:\Program Files\Microsoft LifeCam\LifeExp.exe [2007-05-17 279912]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2009-01-05 413696]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusRL2009]
C:\Program Files\VirusRL2009\VirusRL2009.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VX3000]
C:\WINDOWS\vVX3000.exe [2007-04-10 709992]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk.disabled]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk.disabled []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ymetray.lnk]
C:\PROGRA~1\Yahoo!\YAHOO!~1\ymetray.exe yahoomusicengine -preload []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ymetray.lnk.disabled]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ymetray.lnk.disabled []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"UPS"=3
"TermService"=3
"TapiSrv"=3
"SCardSvr"=3
"RDSessMgr"=3
"mnmsrvc"=3
"Netlogon"=3
"CiSvc"=3
"FastUserSwitchingCompatibility"=3
"Browser"=2
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE
C:\Documents and Settings\Owner\Start Menu\Programs\Startup
ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2005-09-20 57344]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SSOExec]
C:\WINDOWS\temp\sso\ssoexec.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoWindowsUpdate"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=
"HonorAutoRunSetting"=
"NoWindowsUpdate"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\mmc.exe"="C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\SightSpeed\SightSpeed.exe"="C:\Program Files\SightSpeed\SightSpeed.exe:*:Enabled:SightSpeed"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\Program Files\Microsoft LifeCam\LifeCam.exe"="C:\Program Files\Microsoft LifeCam\LifeCam.exe:*:Enabled:LifeCam.exe"
"C:\Program Files\Microsoft LifeCam\LifeExp.exe"="C:\Program Files\Microsoft LifeCam\LifeExp.exe:*:Enabled:LifeExp.exe"
"C:\Program Files\MySpace\IM\MySpaceIM.exe"="C:\Program Files\MySpace\IM\MySpaceIM.exe:*:Enabled:MySpaceIM"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{82da9170-a5a0-11dc-90b5-00114362eace}]
shell\AutoRun\command - wd_windows_tools\setup.exe
======File associations======
.reg - open - regedit.exe "%1" %*
======List of files/folders created in the last 1 months======
2009-05-04 23:46:33 ----D---- C:\rsit
2009-05-04 22:29:44 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-05-03 18:22:33 ----A---- C:\WINDOWS\system32\tmp.txt
2009-05-03 18:22:13 ----A---- C:\rapport.txt
2009-05-02 22:44:32 ----D---- C:\WINDOWS\ERDNT
2009-05-02 22:43:15 ----D---- C:\Program Files\ERUNT
2009-05-02 03:01:48 ----HDC---- C:\WINDOWS\$NtUninstallKB961503$
2009-04-30 09:38:32 ----D---- C:\Program Files\Microsoft
2009-04-30 09:38:11 ----D---- C:\Program Files\Windows Live SkyDrive
2009-04-30 09:37:44 ----D---- C:\Program Files\Windows Live
2009-04-30 09:33:56 ----D---- C:\Program Files\Common Files\Windows Live
2009-04-28 22:24:21 ----A---- C:\WINDOWS\system32\javaws.exe
2009-04-28 22:24:21 ----A---- C:\WINDOWS\system32\javaw.exe
2009-04-28 22:24:21 ----A---- C:\WINDOWS\system32\java.exe
2009-04-15 18:43:34 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$
2009-04-15 17:02:54 ----D---- C:\WINDOWS\system32\XPSViewer
2009-04-15 17:02:46 ----D---- C:\Program Files\MSBuild
2009-04-15 17:02:31 ----D---- C:\Program Files\Reference Assemblies
2009-04-15 17:01:49 ----N---- C:\WINDOWS\system32\xpsshhdr.dll
2009-04-15 17:01:49 ----N---- C:\WINDOWS\system32\prntvpt.dll
2009-04-15 17:01:48 ----N---- C:\WINDOWS\system32\xpssvcs.dll
2009-04-15 17:01:47 ----D---- C:\d44de6da6492a16af7385b1555
2009-04-15 16:53:14 ----D---- C:\WINDOWS\system32\URTTemp
2009-04-15 13:16:11 ----A---- C:\WINDOWS\system32\MRT.exe
2009-04-15 13:15:25 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2009-04-15 13:15:15 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2009-04-15 13:15:02 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2009-04-15 13:14:41 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2009-04-15 13:14:23 ----HDC---- C:\WINDOWS\$NtUninstallKB961373$
2009-04-15 13:14:12 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2009-04-15 13:14:03 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2$
2009-04-15 13:13:49 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2009-04-15 13:13:33 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2009-04-15 13:09:00 ----N---- C:\WINDOWS\system32\xpsp4res.dll
2009-04-15 12:57:56 ----D---- C:\WINDOWS\Prefetch
2009-04-15 12:55:31 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2009-04-15 12:55:18 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2009-04-15 12:55:06 ----HDC---- C:\WINDOWS\$NtUninstallKB958690$
2009-04-15 12:54:55 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-04-15 12:54:43 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2009-04-15 12:54:33 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2009-04-15 12:54:22 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2009-04-15 12:54:09 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2009-04-15 12:53:57 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2009-04-15 12:53:46 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2009-04-15 12:53:30 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2009-04-15 12:53:19 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2009-04-15 12:53:07 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2009-04-15 12:52:54 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2009-04-15 12:52:43 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2009-04-15 12:52:30 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2009-04-15 12:52:19 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2009-04-15 12:52:08 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2009-04-15 12:51:54 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2009-04-15 12:51:42 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2009-04-15 12:51:31 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2009-04-15 12:51:15 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2009-04-15 12:51:05 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2009-04-15 12:44:52 ----D---- C:\WINDOWS\system32\scripting
2009-04-15 12:44:51 ----D---- C:\WINDOWS\l2schemas
2009-04-15 12:44:50 ----D---- C:\WINDOWS\system32\en
2009-04-15 12:44:49 ----D---- C:\WINDOWS\system32\bits
2009-04-15 12:37:21 ----D---- C:\WINDOWS\ServicePackFiles
2009-04-15 12:34:17 ----D---- C:\WINDOWS\network diagnostic
2009-04-15 12:28:05 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2009-04-15 12:28:02 ----D---- C:\WINDOWS\EHome
======List of files/folders modified in the last 1 months======
2009-05-04 23:42:13 ----D---- C:\Program Files\Rainlendar2
2009-05-04 23:42:11 ----D---- C:\WINDOWS\Temp
2009-05-04 23:40:44 ----D---- C:\WINDOWS
2009-05-04 23:39:56 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-05-04 22:29:49 ----D---- C:\WINDOWS\system32\drivers
2009-05-04 22:29:44 ----RD---- C:\Program Files
2009-05-03 18:24:05 ----D---- C:\WINDOWS\system32
2009-05-02 22:25:02 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-05-02 22:24:37 ----D---- C:\Program Files\LimeWire
2009-05-02 22:21:31 ----D---- C:\Documents and Settings\Owner\Application Data\LimeWire
2009-05-02 21:59:05 ----SH---- C:\boot.ini
2009-05-02 21:59:05 ----A---- C:\WINDOWS\win.ini
2009-05-02 21:59:05 ----A---- C:\WINDOWS\system.ini
2009-05-02 03:02:24 ----HD---- C:\WINDOWS\inf
2009-05-02 03:01:53 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-05-01 06:44:55 ----A---- C:\WINDOWS\NeroDigital.ini
2009-05-01 03:27:03 ----HD---- C:\WINDOWS\$hf_mig$
2009-05-01 03:23:44 ----D---- C:\WINDOWS\system32\CatRoot2
2009-04-30 09:39:38 ----SHD---- C:\WINDOWS\Installer
2009-04-30 09:39:38 ----SHD---- C:\Config.Msi
2009-04-30 09:38:19 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-04-30 09:38:19 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-04-30 09:37:51 ----RSD---- C:\WINDOWS\Fonts
2009-04-30 09:33:56 ----D---- C:\Program Files\Common Files
2009-04-28 22:24:19 ----D---- C:\Program Files\Java
2009-04-19 19:24:05 ----D---- C:\WINDOWS\Debug
2009-04-19 18:30:07 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-04-19 18:29:48 ----D---- C:\Program Files\SpywareBlaster
2009-04-19 03:59:19 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-04-18 10:45:45 ----D---- C:\Documents and Settings\Owner\Application Data\Move Networks
2009-04-15 18:44:34 ----D---- C:\WINDOWS\system32\CatRoot
2009-04-15 18:42:11 ----D---- C:\WINDOWS\Registration
2009-04-15 18:41:46 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-04-15 18:41:27 ----SD---- C:\Documents and Settings\Owner\Application Data\Microsoft
2009-04-15 18:39:52 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-04-15 18:39:41 ----D---- C:\WINDOWS\Help
2009-04-15 17:23:39 ----RSD---- C:\WINDOWS\assembly
2009-04-15 17:23:39 ----D---- C:\WINDOWS\Microsoft.NET
2009-04-15 17:08:09 ----D---- C:\WINDOWS\WinSxS
2009-04-15 17:02:49 ----D---- C:\WINDOWS\system32\en-US
2009-04-15 17:02:04 ----D---- C:\WINDOWS\system32\spool
2009-04-15 16:59:47 ----D---- C:\Program Files\Internet Explorer
2009-04-15 16:53:37 ----D---- C:\WINDOWS\system32\mui
2009-04-15 13:49:07 ----D---- C:\WINDOWS\system32\wbem
2009-04-15 13:49:07 ----D---- C:\WINDOWS\AppPatch
2009-04-15 13:15:39 ----D---- C:\WINDOWS\ie7updates
2009-04-15 12:57:10 ----D---- C:\WINDOWS\system32\Setup
2009-04-15 12:51:17 ----D---- C:\Program Files\Messenger
2009-04-15 12:50:37 ----D---- C:\WINDOWS\security
2009-04-15 12:45:27 ----D---- C:\WINDOWS\ime
2009-04-15 12:44:54 ----D---- C:\WINDOWS\system32\usmt
2009-04-15 12:44:49 ----D---- C:\WINDOWS\PeerNet
2009-04-15 12:44:48 ----D---- C:\Program Files\Movie Maker
2009-04-15 12:37:14 ----D---- C:\WINDOWS\system32\Restore
2009-04-15 12:37:13 ----D---- C:\WINDOWS\system32\npp
2009-04-15 12:37:11 ----D---- C:\WINDOWS\msagent
2009-04-15 12:37:09 ----D---- C:\WINDOWS\srchasst
2009-04-15 12:37:07 ----D---- C:\Program Files\NetMeeting
2009-04-15 12:37:05 ----D---- C:\WINDOWS\system32\Com
2009-04-15 12:37:02 ----D---- C:\Program Files\Windows Media Player
2009-04-15 12:37:01 ----D---- C:\Program Files\Windows NT
2009-04-15 12:37:01 ----D---- C:\Program Files\Outlook Express
2009-04-15 12:36:56 ----D---- C:\Program Files\Common Files\System
2009-04-15 12:36:31 ----D---- C:\WINDOWS\system32\oobe
2009-04-15 12:36:28 ----D---- C:\WINDOWS\system
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-02-05 26944]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-02-05 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-02-05 51376]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.2.0.3; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2007-10-30 17801]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-02-05 94032]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-03-17 13059]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-02-05 23152]
R3 BCM43XX;Dell Wireless WLAN Card Driver; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2006-10-12 604928]
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys [2003-09-26 44032]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.SYS [2005-05-03 1033728]
R3 HSFHWICH;HSFHWICH; C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys [2005-05-03 208384]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-09-20 1302332]
R3 STAC97;Audio Driver (WDM) - SigmaTel CODEC; C:\WINDOWS\system32\drivers\stac97.sys [2004-11-15 264440]
R3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 VX3000;VX-3000; C:\WINDOWS\system32\DRIVERS\VX3000.sys [2007-04-10 1966696]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2005-05-03 705408]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 Lvckap;Logitech Kernel Audio Processing Filter Driver; \??\C:\WINDOWS\system32\drivers\Lvckap.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 PID_0928;Logitech QuickCam Express(PID_0928); C:\WINDOWS\system32\DRIVERS\LV561AV.SYS []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 TVICHW32;TVICHW32; \??\C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS []
S3 UIUSys;Conexant Setup API; C:\WINDOWS\system32\drivers\UIUSys.sys []
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [2003-01-10 33588]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-02-05 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-02-05 138680]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-03-09 152984]
R2 MSCamSvc;MSCamSvc; c:\Program Files\Microsoft LifeCam\MSCamS32.exe [2007-05-17 271720]
R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R2 wltrysvc;Dell Wireless WLAN Tray Service; C:\WINDOWS\System32\WLTRYSVC.EXE [2006-11-01 20480]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-02-05 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-02-05 352920]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2009-04-30 953168]
S3 MSCSPTISRV;MSCSPTISRV; C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe [2006-12-14 45056]
S3 PACSPTISVR;PACSPTISVR; C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [2006-12-14 57344]
S3 SPTISRV;Sony SPTI Service; C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe [2006-12-14 69632]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
info.txt logfile of random's system information tool 1.06 2009-05-04 23:47:10
======Uninstall list======
-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->C:\WINDOWS\UNNMP.exe /UNINSTALL
Ad-Aware-->"C:\Documents and Settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe" REMOVE=TRUE MODIFY=FALSE
Ad-Aware-->C:\Documents and Settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->MsiExec.exe /X{ECA1A3B6-898F-4DCE-9F04-714CF3BA126B}
Adobe Photoshop 7.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop 7.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 7.0\Uninst.dll"
Adobe Reader 8.1.4-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81300000003}
Adobe Shockwave Player-->C:\WINDOWS\system32\Adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
AIM 6-->C:\Program Files\AIM6\uninst.exe
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
AudibleManager-->C:\Program Files\Audible\Bin\Upgrade.exe /Uninstall
avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
Broadcom 440x 10/100 Integrated Controller-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{52504CE6-E909-4113-B232-4AFEC6543A61} /l1033
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
CleanUp!-->C:\Program Files\CleanUp!\uninstall.exe
C-Major Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x9 -remove -removeonly
Conexant D480 MDC V.92 Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1\HXFSETUP.EXE -U -Idel5422k.inf
Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
Dell Wireless WLAN Card-->"C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Program Files\Dell\Dell Wireless WLAN Card"
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Plus DirectShow Filters-->C:\Program Files\DivX\DivXDSFiltersUninstall.exe /DSFILTERS
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
ERUNT 1.1j-->"C:\Program Files\ERUNT\unins000.exe"
Eye Candy 4000-->C:\PROGRA~1\Adobe\PHOTOS~1.0\Plug-Ins\EYECAN~1\EYECAN~2\UNWISE.EXE C:\PROGRA~1\Adobe\PHOTOS~1.0\Plug-Ins\EYECAN~1\EYECAN~2\INSTALL.LOG
gbText-->C:\Program Files\gbText5\Uninstal.exe
GURU 1.1-->C:\WINDOWS\uninst.exe -f"C:\Program Files\AquaCreations\GURU\DeIsL3.isu" -cC:\PROGRA~1\AQUACR~1\GURU\_ISREG32.DLL
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Intel(R) Extreme Graphics 2 Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_3582
Java(TM) 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Java(TM) 6 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160060}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft LifeCam-->MsiExec.exe /X{63AFACBC-4795-4A1B-8037-5085DC03FC54}
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office PowerPoint Viewer 2007 (English)-->MsiExec.exe /X{95120000-00AF-0409-0000-0000000FF1CE}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Word 2000-->MsiExec.exe /I{00170409-78E1-11D2-B60F-006097C998E7}
Motorola Wireless Network Adapter-->C:\WINDOWS\system32\BCMWLU00.exe verbose
Mozilla Firefox (3.0.4)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Nero PhotoShow Express-->"C:\Program Files\Nero\data\Xtras\Uninstall.exe"
Nero Suite-->C:\Program Files\Common Files\Nero\Uninstall\setupx.exe /uninstall ExtraUninstallID=""
Netflix Movie Viewer-->MsiExec.exe /X{BCE72AED-3332-4863-9567-C5DCB9052CA2}
OpenMG Limited Patch 4.7-07-14-05-01-->C:\Program Files\Common Files\Sony Shared\OpenMG\HotFixes\HotFix4.7-07-14-05-01\HotFixSetup\setup.exe /u
OpenMG Secure Module 4.7.00-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1150\INTEL3~1\IDriver.exe /M{CCD663AE-610D-4BDF-AAB0-E914B044527D} UNINSTALL
Paint Shop Pro 7 Try And Buy-->MsiExec.exe /I{D6DE02C7-1F47-11D4-9515-00105AE4B89A}
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
QuickTime-->MsiExec.exe /I{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}
Rainlendar2 (remove only)-->"C:\Program Files\Rainlendar2\uninst.exe"
Rhapsody Player Engine-->MsiExec.exe /I{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
SightSpeed (remove only)-->"C:\Program Files\SightSpeed\uninst.exe"
Spybot - Search & Destroy 1.5.2.20-->"C:\WINDOWS\unins000.exe"
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins001.exe"
SpywareBlaster 4.2-->"C:\Program Files\SpywareBlaster\unins000.exe"
UHS Reader (Version 4.5)-->C:\PROGRA~1\UHS\UNWISE.EXE C:\PROGRA~1\UHS\INSTALL.LOG
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB961503)-->"C:\WINDOWS\$NtUninstallKB961503$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B}
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\WINDOWS\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
WAV MP3 Converter 3.7 build 956-->C:\Program Files\HooTech\WAV_MP3\uninst.exe
Windows Live Call-->MsiExec.exe /I{F6BD194C-4190-4D73-B1B1-C48C99921BFE}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{C6CA8874-5F22-4AF0-9BE3-016BF299C536}
Windows Live Messenger-->MsiExec.exe /X{0AAA9C97-74D4-47CE-B089-0B147EF3553C}
Windows Live Sign-in Assistant-->MsiExec.exe /I{45338B07-A236-4270-9A77-EBB4115517B5}
Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
=====HijackThis Backups=====
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe [2008-06-28]
O4 - HKLM\..\Run: [BM33cb7a5f] Rundll32.exe "C:\WINDOWS\system32\efsuxaiy.dll",s [2008-06-28]
O4 - HKLM\..\Run: [30f849c3] rundll32.exe "C:\WINDOWS\system32\glaqbaxk.dll",b [2008-06-28]
O2 - BHO: (no name) - {05F4C21B-3977-413A-AFB6-B4E4388181B1} - C:\WINDOWS\system32\rqRJDstQ.dll (file missing) [2008-06-28]
O2 - BHO: (no name) - {361900AB-261D-4828-B64D-3A8EB6D03A2D} - C:\WINDOWS\system32\hgGwXnNe.dll (file missing) [2008-06-28]
O2 - BHO: (no name) - {2394DA0E-7DAB-4A40-B1F8-30B69C15D0C4} - C:\WINDOWS\system32\hgGwTjhG.dll (file missing) [2008-06-28]
O2 - BHO: (no name) - {18FD94A8-011C-42C7-BB60-C7EB4A15AC22} - C:\WINDOWS\system32\iifdcYsr.dll (file missing) [2008-06-28]
O3 - Toolbar: Internet Service - {144A6B24-0EBC-4D89-BF09-A06A718E57B5} - C:\Program Files\Applications\iebr.dll (file missing) [2008-10-12]
O2 - BHO: (no name) - {18FD94A8-011C-42C7-BB60-C7EB4A15AC22} - (no file) [2008-10-12]
O2 - BHO: (no name) - {753319DF-A376-4D91-8F6D-62A0C3316231} - (no file) [2008-10-12]
O2 - BHO: (no name) - {05F4C21B-3977-413A-AFB6-B4E4388181B1} - (no file) [2008-10-12]
O2 - BHO: VRLWarningBHO Class - {0DCD4F35-9FD5-420b-A9AA-FED0E2AECEE0} - C:\Program Files\VirusRL2009\AVLWarning.dll (file missing) [2008-10-12]
O2 - BHO: (no name) - {D3F901B9-7C4B-4B7D-9836-F21F8E68FDC2} - (no file) [2008-10-12]
O2 - BHO: (no name) - {2394DA0E-7DAB-4A40-B1F8-30B69C15D0C4} - (no file) [2008-10-12]
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} (Java Plug-in 1.6.0_02) - [2008-10-12]
O2 - BHO: (no name) - {4C427B26-3474-4110-B8E9-AA3866922AA1} - (no file) [2008-10-12]
O2 - BHO: (no name) - {CFEE97A3-4911-444D-8BE8-E243A23D3DE2} - C:\Program Files\Applications\iebt.dll (file missing) [2008-10-12]
O2 - BHO: (no name) - {361900AB-261D-4828-B64D-3A8EB6D03A2D} - (no file) [2008-10-12]
O2 - BHO: (no name) - {a8a44a07-9e1b-460a-9014-b22a75e5afa1} - (no file) [2008-10-12]
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} (Java Plug-in 1.6.0_03) - [2008-10-12]
O20 - Winlogon Notify: jkkJabyy - C:\WINDOWS\ [2008-10-12]
======Hosts File======
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
======Security center information======
AV: avast! antivirus 4.8.1335 [VPS 090504-1]
======System event log======
Computer Name: JUBILEE
Event Code: 7001
Message: The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
Record Number: 59246
Source Name: Service Control Manager
Time Written: 20090504143329.000000-300
Event Type: error
User:
Computer Name: JUBILEE
Event Code: 7001
Message: The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
Record Number: 59245
Source Name: Service Control Manager
Time Written: 20090504143328.000000-300
Event Type: error
User:
Computer Name: JUBILEE
Event Code: 7001
Message: The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
Record Number: 59244
Source Name: Service Control Manager
Time Written: 20090504143328.000000-300
Event Type: error
User:
Computer Name: JUBILEE
Event Code: 7001
Message: The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
Record Number: 59243
Source Name: Service Control Manager
Time Written: 20090504143324.000000-300
Event Type: error
User:
Computer Name: JUBILEE
Event Code: 7001
Message: The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
Record Number: 59242
Source Name: Service Control Manager
Time Written: 20090504143324.000000-300
Event Type: error
User:
=====Application event log=====
Computer Name: JUBILEE
Event Code: 1002
Message: Hanging application explorer.exe, version 6.0.2900.3156, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Record Number: 5003
Source Name: Application Hang
Time Written: 20090413235854.000000-300
Event Type: error
User:
Computer Name: JUBILEE
Event Code: 1000
Message: Faulting application iexplore.exe, version 7.0.6000.16791, faulting module flash10b.ocx, version 10.0.22.87, fault address 0x002249b1.
Record Number: 4901
Source Name: Application Error
Time Written: 20090411210540.000000-300
Event Type: error
User:
Computer Name: JUBILEE
Event Code: 1002
Message: Hanging application iexplore.exe, version 7.0.6000.16791, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Record Number: 4856
Source Name: Application Hang
Time Written: 20090410232739.000000-300
Event Type: error
User:
Computer Name: JUBILEE
Event Code: 1002
Message: Hanging application iexplore.exe, version 7.0.6000.16791, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Record Number: 4855
Source Name: Application Hang
Time Written: 20090410232343.000000-300
Event Type: error
User:
Computer Name: JUBILEE
Event Code: 1002
Message: Hanging application iexplore.exe, version 7.0.6000.16791, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Record Number: 4538
Source Name: Application Hang
Time Written: 20090404110008.000000-300
Event Type: error
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\QuickTime\QTSystem;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 9, GenuineIntel
"PROCESSOR_REVISION"=0209
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip
-----------------EOF-----------------
Malwarebytes' Anti-Malware 1.36
Database version: 2075
Windows 5.1.2600 Service Pack 3
5/4/2009 11:38:25 PM
mbam-log-2009-05-04 (23-38-25).txt
Scan type: Full Scan (C:\|)
Objects scanned: 157091
Time elapsed: 53 minute(s), 47 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
Crymmsun
2009-05-05, 07:16
Oh, one more thing that's recent (within the last 10 hours) with my computer. The computer's clock has reset itself to display a 24 hour format (for instance, at one minute after midnight it reads 00:01) and I can't figure out how to set it back to the twelve hour format.
Hi Crymmsun
HOW TO: Change Date, Time, Number, and Currency Value Displays in Windows XP (http://support.microsoft.com/kb/307938/en-us)
1 - Download and Run ComboFix
Download ComboFix from one of these locations:
Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)
Link 3 (http://subs.geekstogo.com/ComboFix.exe)
Here you can find a tutorial about Combofix: HOW TO USE COMBOFIX (http://www.bleepingcomputer.com/combofix/how-to-use-combofix)
IMPORTANT: combofix.exe MUST be on your Desktop for us to proceed.
Please continue as follows:
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs (http://www.bleepingcomputer.com/forums/topic114351.html#)
Double click on ComboFix.exe and follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
NOTE: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
http://img.photobucket.com/albums/v706/ried7/RcAuto1.gif
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
http://img.photobucket.com/albums/v706/ried7/whatnext.png
Click on Yes, to continue scanning for malware.
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
Combofix should never take more that 20 minutes including the reboot if malware is detected.
2 - Run Hijackthis
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad
3 - Status Check
Please reply with
1. the ComboFix log(C:\ComboFix.txt)
2. a fresh HijackThis log
Thanks peku006
Crymmsun
2009-05-05, 10:11
Here is my ComboFix log and then my HijackThis log:
ComboFix 09-05-04.04 - Owner 05/05/2009 2:54.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.652 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090504-1] *On-access scanning disabled* (Updated)
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Owner\Julie's Documents\My Documents.url
c:\documents and settings\Owner\Julie's Documents\My Videos\My Video.url
c:\windows\Downloaded Program Files\ODCTOOLS
c:\windows\system32\tmp.reg
.
((((((((((((((((((((((((( Files Created from 2009-04-05 to 2009-05-05 )))))))))))))))))))))))))))))))
.
2009-05-05 04:46 . 2009-05-05 04:47 -------- d-----w C:\rsit
2009-05-05 03:29 . 2009-04-06 20:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-05 03:29 . 2009-04-06 20:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-05 03:29 . 2009-05-05 03:29 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-03 03:43 . 2009-05-03 03:43 -------- d-----w c:\program files\ERUNT
2009-04-30 14:41 . 2009-05-03 04:03 -------- d-----w c:\documents and settings\Owner\Tracing
2009-04-30 14:38 . 2009-04-30 14:38 -------- d-----w c:\program files\Microsoft
2009-04-30 14:38 . 2009-04-30 14:38 -------- d-----w c:\program files\Windows Live SkyDrive
2009-04-30 14:37 . 2009-04-30 14:38 -------- d-----w c:\program files\Windows Live
2009-04-30 14:33 . 2009-04-30 14:33 -------- d-----w c:\program files\Common Files\Windows Live
2009-04-15 23:39 . 2009-04-15 23:44 -------- d-----w c:\documents and settings\Owner\Local Settings\Application Data\ApplicationHistory
2009-04-15 22:02 . 2009-04-15 22:02 -------- d-----w c:\windows\system32\XPSViewer
2009-04-15 22:02 . 2009-04-15 22:02 -------- d-----w c:\program files\MSBuild
2009-04-15 22:02 . 2009-04-15 22:02 -------- d-----w c:\program files\Reference Assemblies
2009-04-15 22:01 . 2008-07-06 12:06 117760 ------w c:\windows\system32\prntvpt.dll
2009-04-15 22:01 . 2008-07-06 12:06 89088 -c----w c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-04-15 22:01 . 2008-07-06 10:50 597504 -c----w c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-04-15 22:01 . 2008-07-06 12:06 575488 -c----w c:\windows\system32\dllcache\xpsshhdr.dll
2009-04-15 22:01 . 2008-07-06 12:06 575488 ------w c:\windows\system32\xpsshhdr.dll
2009-04-15 22:01 . 2008-07-06 12:06 1676288 -c----w c:\windows\system32\dllcache\xpssvcs.dll
2009-04-15 22:01 . 2008-07-06 12:06 1676288 ------w c:\windows\system32\xpssvcs.dll
2009-04-15 22:01 . 2009-04-15 22:02 -------- d-----w C:\d44de6da6492a16af7385b1555
2009-04-15 21:53 . 2009-04-15 21:54 -------- d-----w c:\windows\system32\URTTemp
2009-04-15 18:09 . 2009-03-06 14:22 284160 -c----w c:\windows\system32\dllcache\pdh.dll
2009-04-15 18:09 . 2009-02-09 12:10 401408 -c----w c:\windows\system32\dllcache\rpcss.dll
2009-04-15 18:09 . 2009-02-06 11:11 110592 -c----w c:\windows\system32\dllcache\services.exe
2009-04-15 18:09 . 2009-02-09 12:10 473600 -c----w c:\windows\system32\dllcache\fastprox.dll
2009-04-15 18:09 . 2009-02-06 10:10 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-15 18:09 . 2009-02-09 12:10 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-15 18:09 . 2009-02-09 12:10 729088 -c----w c:\windows\system32\dllcache\lsasrv.dll
2009-04-15 18:09 . 2009-02-09 12:10 617472 -c----w c:\windows\system32\dllcache\advapi32.dll
2009-04-15 18:09 . 2009-02-09 12:10 714752 -c----w c:\windows\system32\dllcache\ntdll.dll
2009-04-15 18:09 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll
2009-04-15 18:08 . 2008-04-21 12:08 215552 -c----w c:\windows\system32\dllcache\wordpad.exe
2009-04-15 17:44 . 2009-04-15 17:44 -------- d-----w c:\windows\system32\scripting
2009-04-15 17:44 . 2009-04-15 17:44 -------- d-----w c:\windows\l2schemas
2009-04-15 17:44 . 2009-04-15 17:44 -------- d-----w c:\windows\system32\en
2009-04-15 17:44 . 2009-04-15 17:44 -------- d-----w c:\windows\system32\bits
2009-04-15 17:37 . 2009-04-15 17:45 -------- d-----w c:\windows\ServicePackFiles
2009-04-15 17:28 . 2009-04-15 17:28 -------- d-----w c:\windows\EHome
2009-04-15 17:14 . 2009-04-15 17:15 4158 ----a-w C:\fix.reg
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-05 07:34 . 2007-11-02 13:47 -------- d-----w c:\program files\SpywareBlaster
2009-05-05 05:50 . 2007-11-02 18:35 -------- d-----w c:\program files\Rainlendar2
2009-05-03 03:24 . 2007-11-02 14:10 -------- d-----w c:\program files\LimeWire
2009-04-30 14:40 . 2007-10-31 04:15 67656 ----a-w c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-29 03:24 . 2007-11-02 14:11 -------- d-----w c:\program files\Java
2009-04-15 17:49 . 2007-10-31 03:50 77423 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-03-30 13:47 . 2009-03-30 13:46 -------- d-----w c:\program files\QuickTime
2009-03-26 21:41 . 2007-11-02 13:59 -------- d-----w c:\program files\CCleaner
2009-03-26 20:55 . 2007-10-31 04:34 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-03-26 19:52 . 2007-10-31 04:34 -------- d-----w c:\program files\Lavasoft
2009-03-09 19:06 . 2009-03-26 20:18 15688 ----a-w c:\windows\system32\lsdelete.exe
2009-03-09 10:19 . 2009-01-02 05:42 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-06 14:22 . 2004-08-04 10:00 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-03 00:18 . 2006-03-04 03:33 826368 ----a-w c:\windows\system32\wininet.dll
2009-02-20 18:09 . 2004-08-04 10:00 78336 ----a-w c:\windows\system32\ieencode.dll
2009-02-09 12:10 . 2004-08-04 10:00 729088 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 12:10 . 2004-08-04 10:00 714752 ----a-w c:\windows\system32\ntdll.dll
2009-02-09 12:10 . 2004-08-04 10:00 617472 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 12:10 . 2004-08-04 10:00 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 11:13 . 2004-08-04 10:00 1846784 ----a-w c:\windows\system32\win32k.sys
2009-02-08 00:02 . 2005-03-30 01:01 2066048 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-06 23:52 . 2009-02-06 23:52 49504 ----a-w c:\windows\system32\sirenacm.dll
2009-02-06 11:11 . 2004-08-04 10:00 110592 ----a-w c:\windows\system32\services.exe
2009-02-06 11:08 . 2005-03-30 01:23 2189056 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-06 10:39 . 2004-08-04 10:00 35328 ----a-w c:\windows\system32\sc.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Rainlendar2"="c:\program files\Rainlendar2\Rainlendar2.exe" [2007-07-24 1298432]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Motorola Wireless Manager UI"="c:\windows\system32\WLTRAY" [X]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-11-02 1392640]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
c:\documents and settings\Owner\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-11-2 113664]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /r \??\e:\0autocheck autochk *\0lsdelete
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk.disabled]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk.disabled
backup=c:\windows\pss\Logitech Desktop Messenger.lnk.disabledCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ymetray.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\ymetray.lnk
backup=c:\windows\pss\ymetray.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ymetray.lnk.disabled]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\ymetray.lnk.disabled
backup=c:\windows\pss\ymetray.lnk.disabledCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"UPS"=3 (0x3)
"TermService"=3 (0x3)
"TapiSrv"=3 (0x3)
"SCardSvr"=3 (0x3)
"RDSessMgr"=3 (0x3)
"mnmsrvc"=3 (0x3)
"Netlogon"=3 (0x3)
"CiSvc"=3 (0x3)
"FastUserSwitchingCompatibility"=3 (0x3)
"Browser"=2 (0x2)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Aim6"=
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" /background
"LDM"=c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
"PhotoShow Deluxe Media Manager"=c:\progra~1\Nero\data\Xtras\mssysmgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"NeroFilterCheck"=c:\windows\system32\NeroCheck.exe
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe"
"LogitechCameraAssistant"=c:\program files\Logitech\Video\CameraAssistant.exe
"LogitechCameraService(E)"=c:\windows\system32\ElkCtrl.exe /automation
"LogitechVideo[inspector]"=c:\program files\Logitech\Video\InstallHelper.exe /inspect
"LVCOMSX"=c:\windows\system32\LVCOMSX.EXE
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe"
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\SightSpeed\\SightSpeed.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
R3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-04-30 953168]
S1 aswSP;avast! Self Protection; [x]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{82da9170-a5a0-11dc-90b5-00114362eace}]
\Shell\AutoRun\command - wd_windows_tools\setup.exe
.
Contents of the 'Scheduled Tasks' folder
2009-05-04 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 20:01]
2009-05-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
2008-07-25 c:\windows\Tasks\Microsoft_Hardware_Launch_LifeExp_exe.job
- c:\program files\Microsoft LifeCam\LifeExp.exe [2007-05-17 19:45]
2008-07-31 c:\windows\Tasks\Microsoft_Hardware_Launch_vVX3000_exe.job
- c:\windows\vVX3000.exe [2008-07-25 19:46]
.
- - - - ORPHANS REMOVED - - - -
Notify-SSOExec - c:\windows\temp\sso\ssoexec.dll
.
------- Supplementary Scan -------
.
uStart Page = hxxp://neworleans.cox.net/
Trusted Zone: homegrownvideo.com\members
Trusted Zone: kaspersky.com\www
Trusted Zone: microsoft.com\update
Trusted Zone: pornhub.com\www
FF - ProfilePath -
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-05 02:57
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(792)
c:\windows\System32\BCMLogon.dll
.
Completion time: 2009-05-05 3:00
ComboFix-quarantined-files.txt 2009-05-05 07:59
Pre-Run: 24,435,335,168 bytes free
Post-Run: 24,647,880,704 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
214 --- E O F --- 2009-05-02 08:02
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:05:08 AM, on 5/5/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
c:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Rainlendar2\Rainlendar2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://neworleans.cox.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [Motorola Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: members.homegrownvideo.com
O15 - Trusted Zone: http://www.kaspersky.com
O15 - Trusted Zone: www.pornhub.com
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} (Scanner.SysScanner) - http://i.dell.com/images/global/js/scanner/SysProExe.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo2.walgreens.com/WalgreensActivia.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1239734013757
O16 - DPF: {B9F79165-A264-4C4A-A211-133A5E8D647F} (F-Secure Health Check 1.1) - http://support.f-secure.com/enu/home/onlineservices/fshc/fscax.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - https://secure.thefilingroom.com/members/XUpload.ocx
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/optimize2/pcpitstop2.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
--
End of file - 7149 bytes
Hi Crymmsun
1 - Remove bad HijackThis entries
Run HijackThis
Click on the Scan button
Put a check beside all of the items listed below (if present):
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
Having a site in your trusted zone means that this site has full access to your computer when you are on that site. This isnt recommended unless you trust the site and its absolutely necessary to make the site work.
I recommend you put a checkmark next to the below as well, but this is up to you. If something you use on those sites stop working for you, you might have to re-add them to your trusted zone later.
O15 - Trusted Zone: members.homegrownvideo.com
O15 - Trusted Zone: http://www.kaspersky.com
O15 - Trusted Zone: www.pornhub.com
Close all open windows and browsers/email, etc...
Click on the "Fix Checked" button
When completed, close the application.
2 - Clean temp files
Download and Run ATF Cleaner
Download ATF (Atribune Temp File) Cleaner© by Atribune (http://www.atribune.org/ccount/click.php?id=1) to your desktop.Double-click ATF Cleaner.exe to open it.
Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.
if you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
if you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
Click Exit on the Main menu to close the program
3 - Kaspersky Online Scan
Please go to Kaspersky website (http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html) and perform an online antivirus scan.
Read through the requirements and privacy statement and click on Accept button.
It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
When the downloads have finished, click on Settings.
Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button: Spyware, Adware, Dialers, and other potentially dangerous programs
Archives
Mail databases Click on My Computer under Scan.
Once the scan is complete, it will display the results. Click on View Scan Report.
You will see a list of infected items there. Click on Save Report As....
Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
Please post this log in your next reply.
4 - Run Hijackthis
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad
5 - Status Check
Please reply with
1. the Kaspersky online scanner report
2. a fresh HijackThis log
How's the computer running now? Any problems?
Thanks peku006
Crymmsun
2009-05-06, 11:26
The computer seems to be running smoother now. Though, I still see the VirusRL2009 item in my startup list when I checked just now. It's still unchecked and therefore disabled, but will it remain there in the list?
Here is my Kaspersky Log and then my HijackThis Log:
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Wednesday, May 6, 2009
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Wednesday, May 06, 2009 10:15:13
Records in database: 2137352
--------------------------------------------------------------------------------
Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes
Scan area - My Computer:
C:\
D:\
Scan statistics:
Files scanned: 52879
Threat name: 0
Infected objects: 0
Suspicious objects: 0
Duration of the scan: 01:07:50
No malware has been detected. The scan area is clean.
The selected area was scanned.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:20:02 AM, on 5/6/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
c:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Rainlendar2\Rainlendar2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://neworleans.cox.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [Motorola Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} (Scanner.SysScanner) - http://i.dell.com/images/global/js/scanner/SysProExe.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo2.walgreens.com/WalgreensActivia.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1239734013757
O16 - DPF: {B9F79165-A264-4C4A-A211-133A5E8D647F} (F-Secure Health Check 1.1) - http://support.f-secure.com/enu/home/onlineservices/fshc/fscax.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - https://secure.thefilingroom.com/members/XUpload.ocx
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/optimize2/pcpitstop2.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
--
End of file - 6927 bytes
Hi Crymmsun
Let us take a deeper look.
Please download OTScanIt2 (http://oldtimer.geekstogo.com/OTScanIt2.exe) from Geeks to Go by OldTimer. Alternate download site (http://download.bleepingcomputer.com/oldtimer/OTScanIt2.exe).
Save it to your desktop.
Double click on OTScanIt2.exe to run it.
Click on Extract. Once done, when prompted. Click OK and click Close.
This is a self-extracting file...It will create a folder named OTScanIt2 on your desktop.
Double click on the OTScanIt2 folder to open... then double click on OTScanIt2.exe to run it.
Under Rookit Search, select Yes.
Click on Run Scan at the top left hand corner. It may take a few minutes...be patient, let it run.
When done, Notepad will open with the log file "OTScanIt.Txt" contents.
Please post the contents of the OTScanIt.Txt Notepad file in your next reply.
Thanks peku006
Crymmsun
2009-05-06, 16:05
It won't let me post the OTScanIt Log. It gives me an error message at the top of the page that says "The text that you have entered is too long (103800 characters). Please shorten it to 64000 characters long."
How do you want me to handle this?
Hi Crymmsun
the log is too big to fit into a single post and you will need to split it into multiple posts or attach it as a file.:D:
Crymmsun
2009-05-06, 17:28
Hello peku006,
I'll go ahead and split it into two since it's also too big to attach as a file. ::Grins.:: Thanks again so much for this help.
[code]
OTScanIt2 logfile created on: 5/6/2009 8:54:26 AM - Run 3
OTScanIt2 by OldTimer - Version 1.0.14.0 Folder = C:\Documents and Settings\Owner\Desktop\OTScanIt2
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1022.33 Mb Total Physical Memory | 650.67 Mb Available Physical Memory | 63.65% Memory free
1.28 Gb Paging File | 0.92 Gb Available in Paging File | 72.00% Paging File free
Paging file location(s): C:\pagefile.sys 384 768;
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 22.88 Gb Free Space | 30.71% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: JUBILEE
Current User Name: Owner
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On
File Age = 30 Days
[Processes - Safe List]
ashdisp.exe -> %ProgramFiles%\Alwil Software\Avast4\ashDisp.exe -> [2009/02/05 16:08:45 | 00,081,000 | ---- | M] (ALWIL Software)
ashserv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashServ.exe -> [2009/02/05 16:08:40 | 00,138,680 | ---- | M] (ALWIL Software)
aswupdsv.exe -> %ProgramFiles%\Alwil Software\Avast4\aswUpdSv.exe -> [2009/02/05 16:01:25 | 00,018,752 | ---- | M] (ALWIL Software)
bcmwltry.exe -> %SystemRoot%\System32\bcmwltry.exe -> [2006/11/01 20:48:10 | 01,253,376 | ---- | M] (Dell Inc.)
explorer.exe -> %SystemRoot%\explorer.exe -> [2008/04/13 19:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation)
iexplore.exe -> %ProgramFiles%\internet explorer\iexplore.exe -> [2009/02/27 23:54:41 | 00,636,072 | ---- | M] (Microsoft Corporation)
igfxpers.exe -> %SystemRoot%\system32\igfxpers.exe -> [2005/09/20 10:36:20 | 00,114,688 | ---- | M] (Intel Corporation)
igfxsrvc.exe -> %SystemRoot%\system32\igfxsrvc.exe -> [2005/09/20 10:32:16 | 00,159,744 | ---- | M] (Intel Corporation)
jqs.exe -> %ProgramFiles%\Java\jre6\bin\jqs.exe -> [2009/03/09 05:19:15 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.)
jusched.exe -> %ProgramFiles%\Java\jre6\bin\jusched.exe -> [2009/03/09 05:19:17 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.)
mscams32.exe -> %ProgramFiles%\Microsoft LifeCam\MSCamS32.exe -> [2007/05/17 14:45:34 | 00,271,720 | ---- | M] (Microsoft Corporation)
otscanit2.exe -> %UserProfile%\Desktop\OTScanIt2\OTScanIt2.exe -> [2009/04/11 16:32:52 | 00,494,080 | ---- | M] (OldTimer Tools)
rainlendar2.exe -> %ProgramFiles%\Rainlendar2\Rainlendar2.exe -> [2007/07/24 02:12:56 | 01,298,432 | ---- | M] ()
viewpointservice.exe -> %ProgramFiles%\Viewpoint\Common\ViewpointService.exe -> [2007/01/04 16:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation)
wltray.exe -> %SystemRoot%\system32\WLTRAY.exe -> [2006/11/01 20:48:12 | 01,392,640 | ---- | M] (Dell Inc.)
wltrysvc.exe -> %SystemRoot%\System32\WLTRYSVC.EXE -> [2006/11/01 20:48:12 | 00,020,480 | ---- | M] ()
[Win32 Services - Safe List]
(aspnet_state) ASP.NET State Service [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -> [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation)
(aswUpdSv) avast! iAVS4 Control Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Alwil Software\Avast4\aswUpdSv.exe -> [2009/02/05 16:01:25 | 00,018,752 | ---- | M] (ALWIL Software)
(avast! Antivirus) avast! Antivirus [Win32_Own | Auto | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashServ.exe -> [2009/02/05 16:08:40 | 00,138,680 | ---- | M] (ALWIL Software)
(avast! Mail Scanner) avast! Mail Scanner [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Alwil Software\Avast4\ashMaiSv.exe -> [2009/02/05 16:08:26 | 00,254,040 | ---- | M] (ALWIL Software)
(avast! Web Scanner) avast! Web Scanner [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Alwil Software\Avast4\ashWebSv.exe -> [2009/02/05 16:06:04 | 00,352,920 | ---- | M] (ALWIL Software)
(clr_optimization_v2.0.50727_32) .NET Runtime Optimization Service v2.0.50727_X86 [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -> [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation)
(FontCache3.0.0.0) Windows Presentation Foundation Font Cache 3.0.0.0 [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -> [2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation)
(helpsvc) Help and Support [Win32_Shared | Auto | Running] -> %SystemRoot%\PCHealth\HelpCtr\Binaries\pchsvc.dll -> [2008/04/13 19:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation)
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\1150\Intel 32\IDriverT.exe -> [2005/11/14 01:06:04 | 00,069,632 | ---- | M] (Macrovision Corporation)
(idsvc) Windows CardSpace [Win32_Shared | Unknown | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -> [2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation)
(JavaQuickStarterService) Java Quick Starter [Win32_Own | Auto | Running] -> %ProgramFiles%\Java\jre6\bin\jqs.exe -> [2009/03/09 05:19:15 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.)
(Lavasoft Ad-Aware Service) Lavasoft Ad-Aware Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Lavasoft\Ad-Aware\AAWService.exe -> [2009/04/30 14:52:26 | 00,953,168 | ---- | M] (Lavasoft)
(MSCamSvc) MSCamSvc [Win32_Own | Auto | Running] -> %ProgramFiles%\Microsoft LifeCam\MSCamS32.exe -> [2007/05/17 14:45:34 | 00,271,720 | ---- | M] (Microsoft Corporation)
(MSCSPTISRV) MSCSPTISRV [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Sony Shared\AVLib\MSCSPTISRV.exe -> [2006/12/14 02:21:20 | 00,045,056 | ---- | M] (Sony Corporation)
(NetTcpPortSharing) Net.Tcp Port Sharing Service [Win32_Shared | Disabled | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -> [2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation)
(PACSPTISVR) PACSPTISVR [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Sony Shared\AVLib\PACSPTISVR.exe -> [2006/12/14 01:46:16 | 00,057,344 | ---- | M] ()
(SPTISRV) Sony SPTI Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Sony Shared\AVLib\SPTISRV.exe -> [2006/12/14 02:02:08 | 00,069,632 | ---- | M] (Sony Corporation)
(Viewpoint Manager Service) Viewpoint Manager Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Viewpoint\Common\ViewpointService.exe -> [2007/01/04 16:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation)
(wltrysvc) Dell Wireless WLAN Tray Service [Win32_Own | Auto | Running] -> %SystemRoot%\System32\WLTRYSVC.EXE -> [2006/11/01 20:48:12 | 00,020,480 | ---- | M] ()
(WMPNetworkSvc) Windows Media Player Network Sharing Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Windows Media Player\WMPNetwk.exe -> [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation)
[Driver Services - Safe List]
(Aavmker4) avast! Asynchronous Virus Monitor [Kernel | System | Running] -> %SystemRoot%\System32\drivers\aavmker4.sys -> [2009/02/05 16:05:11 | 00,026,944 | ---- | M] (ALWIL Software)
(AegisP) AEGIS Protocol (IEEE 802.1x) v3.2.0.3 [Kernel | Auto | Running] -> %SystemRoot%\system32\DRIVERS\AegisP.sys -> [2007/10/30 23:16:49 | 00,017,801 | ---- | M] (Meetinghouse Data Communications)
(aswFsBlk) aswFsBlk [File_System | Auto | Running] -> %SystemRoot%\system32\DRIVERS\aswFsBlk.sys -> [2009/02/05 16:07:12 | 00,020,560 | ---- | M] (ALWIL Software)
(aswMon2) avast! Standard Shield Support [File_System | Auto | Running] -> %SystemRoot%\System32\drivers\aswmon2.sys -> [2009/02/05 16:08:10 | 00,094,032 | ---- | M] (ALWIL Software)
(aswRdr) aswRdr [Kernel | On_Demand | Running] -> %SystemRoot%\System32\drivers\aswRdr.sys -> [2009/02/05 16:06:10 | 00,023,152 | ---- | M] (ALWIL Software)
(aswSP) avast! Self Protection [Kernel | System | Running] -> %SystemRoot%\System32\drivers\aswSP.sys -> [2009/02/05 16:07:23 | 00,114,768 | ---- | M] (ALWIL Software)
(aswTdi) avast! Network Shield Support [Kernel | System | Running] -> %SystemRoot%\System32\drivers\aswTdi.sys -> [2009/02/05 16:06:20 | 00,051,376 | ---- | M] (ALWIL Software)
(BCM43XX) Dell Wireless WLAN Card Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\bcmwl5.sys -> [2006/10/12 23:28:42 | 00,604,928 | ---- | M] (Broadcom Corporation)
(bcm4sbxp) Broadcom 440x 10/100 Integrated Controller XP Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\bcm4sbxp.sys -> [2003/09/26 13:41:10 | 00,044,032 | ---- | M] (Broadcom Corporation)
(cercsr6) cercsr6 [Kernel | Boot | Stopped] -> %SystemRoot%\System32\drivers\cercsr6.sys -> [2004/12/13 16:14:00 | 00,039,904 | ---- | M] (Adaptec, Inc.)
(HSFHWICH) HSFHWICH [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\HSFHWICH.sys -> [2005/05/03 18:08:50 | 00,208,384 | ---- | M] (Conexant Systems, Inc.)
(HSF_DPV) HSF_DPV [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\HSF_DPV.SYS -> [2005/05/03 18:09:28 | 01,033,728 | ---- | M] (Conexant Systems, Inc.)
(ialm) ialm [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\ialmnt5.sys -> [2005/09/20 11:00:54 | 01,302,332 | ---- | M] (Intel Corporation)
(mdmxsdk) mdmxsdk [Kernel | Auto | Running] -> %SystemRoot%\system32\DRIVERS\mdmxsdk.sys -> [2004/03/17 15:04:14 | 00,013,059 | ---- | M] (Conexant)
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\ptilink.sys -> [2004/08/04 05:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.)
(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %SystemRoot%\System32\Drivers\PxHelp20.sys -> [2007/09/28 11:07:50 | 00,043,528 | ---- | M] (Sonic Solutions)
(Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\DRIVERS\secdrv.sys -> [2007/11/13 05:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
(STAC97) Audio Driver (WDM) - SigmaTel CODEC [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\stac97.sys -> [2004/11/15 18:37:52 | 00,264,440 | ---- | M] (SigmaTel, Inc.)
(TVICHW32) TVICHW32 [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\DRIVERS\TVICHW32.SYS -> [2007/10/30 23:19:09 | 00,023,600 | ---- | M] (EnTech Taiwan)
(usbaudio) USB Audio Driver (WDM) [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\usbaudio.sys -> [2008/04/13 13:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation)
(VX3000) VX-3000 [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\VX3000.sys -> [2007/04/10 14:46:48 | 01,966,696 | ---- | M] (Microsoft Corporation)
(wanatw) WAN Miniport (ATW) [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\DRIVERS\wanatw4.sys -> [2003/01/10 16:13:04 | 00,033,588 | ---- | M] (America Online, Inc.)
(winachsf) winachsf [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\HSF_CNXT.sys -> [2005/05/03 18:08:44 | 00,705,408 | ---- | M] (Conexant Systems, Inc.)
[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKEY_LOCAL_MACHINE\: Main\\"Default_Search_URL" -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\"Default_Secondary_Page_URL" -> Reg Error: Invalid data type. ->
HKEY_LOCAL_MACHINE\: Main\\"Extensions Off Page" -> about:NoAdd-ons ->
HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> %SystemRoot%\system32\blank.htm ->
HKEY_LOCAL_MACHINE\: Main\\"Search Page" -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\"Security Risk Page" -> about:SecurityRisk ->
HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKEY_LOCAL_MACHINE\: Search\\"CustomizeSearch" -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKEY_LOCAL_MACHINE\: Search\\"SearchAssistant" -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> ->
HKEY_CURRENT_USER\: Main\\"Local Page" -> C:\WINDOWS\system32\blank.htm ->
HKEY_CURRENT_USER\: Main\\"Page_Transitions" -> Reg Error: Invalid data type. ->
HKEY_CURRENT_USER\: Main\\"Search Page" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKEY_CURRENT_USER\: Main\\"Start Page" -> http://neworleans.cox.net/ ->
HKEY_CURRENT_USER\: "ProxyEnable" -> 0 ->
< FireFox Settings [Prefs.js] > -> C:\Documents and Settings\Owner\Application Data\Mozilla\FireFox\Profiles\akl73k0n.default\prefs.js ->
browser.search.selectedEngine -> "Search" ->
browser.search.useDBForOrder -> true ->
browser.startup.homepage -> "http://neworleans.cox.net/" ->
extensions.enabledItems -> {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07 ->
extensions.enabledItems -> moveplayer@movenetworks.com:1.0.0.07103010 ->
extensions.enabledItems -> {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.4 ->
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
HKLM\software\mozilla\Firefox\Extensions -> ->
HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b} -> %SystemRoot%\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION [C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\] -> [2009/04/15 17:04:21 | 00,000,000 | ---D | M]
HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com -> %ProgramFiles%\JAVA\JRE6\LIB\DEPLOY\JQS\FF [C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF] -> [2009/01/02 00:42:11 | 00,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 3.0.4\extensions -> ->
HKLM\software\mozilla\Mozilla Firefox 3.0.4\extensions\\Components -> %ProgramFiles%\MOZILLA FIREFOX\COMPONENTS [C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS] -> [2009/03/30 08:47:33 | 00,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 3.0.4\extensions\\Plugins -> %ProgramFiles%\MOZILLA FIREFOX\PLUGINS [C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS] -> [2009/03/30 08:47:32 | 00,000,000 | ---D | M]
< FireFox Extensions [User Folders] > ->
-> C:\Documents and Settings\Owner\Application Data\mozilla\Extensions -> [2008/06/29 00:26:31 | 00,000,000 | ---D | M]
-> C:\Documents and Settings\Owner\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} -> [2008/06/29 00:26:31 | 00,000,000 | ---D | M]
-> C:\Documents and Settings\Owner\Application Data\mozilla\Extensions\mozswing@mozswing.org -> [2008/06/29 00:26:31 | 00,000,000 | ---D | M]
-> C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\akl73k0n.default\extensions -> [2008/12/02 04:13:42 | 00,096,764 | ---- | M] ()
-> C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\akl73k0n.default\extensions\moveplayer@movenetworks.com -> [2008/12/02 04:13:42 | 00,096,764 | ---- | M] ()
< FireFox SearchPlugins [User Folders] > ->
C:\Documents and Settings\Owner\Application Data\Mozilla\FireFox\Profiles\akl73k0n.default\searchplugins\ -> C:\Documents and Settings\Owner\Application Data\Mozilla\FireFox\Profiles\akl73k0n.default\searchplugins -> [2008/10/02 05:46:39 | 00,000,000 | ---D | M]
search.xml -> C:\Documents and Settings\Owner\Application Data\Mozilla\FireFox\Profiles\akl73k0n.default\searchplugins\search.xml -> [2008/10/02 05:46:39 | 00,000,274 | ---- | M] ()
< FireFox Extensions [Program Folders] > ->
-> C:\PROGRAM FILES\MOZILLA FIREFOX\extensions -> [2008/12/02 04:13:22 | 09,729,536 | ---- | M] (Mozilla Foundation)
-> C:\PROGRAM FILES\MOZILLA FIREFOX\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} -> [2008/12/02 04:13:22 | 09,729,536 | ---- | M] (Mozilla Foundation)
-> C:\PROGRAM FILES\MOZILLA FIREFOX\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} -> [2008/12/02 04:13:22 | 09,729,536 | ---- | M] (Mozilla Foundation)
-> C:\PROGRAM FILES\MOZILLA FIREFOX\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} -> [2008/12/02 04:13:22 | 09,729,536 | ---- | M] (Mozilla Foundation)
-> C:\PROGRAM FILES\MOZILLA FIREFOX\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} -> [2008/12/02 04:13:22 | 09,729,536 | ---- | M] (Mozilla Foundation)
< FireFox Components [Program Folders] > ->
C:\PROGRAM FILES\MOZILLA FIREFOX\components\ -> C:\PROGRAM FILES\MOZILLA FIREFOX\components -> [2009/03/30 08:47:33 | 00,000,000 | ---D | M]
browserdirprovider.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\components\browserdirprovider.dll -> [2008/12/02 04:13:15 | 00,023,040 | ---- | M] (Mozilla Foundation)
brwsrcmp.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\components\brwsrcmp.dll -> [2008/12/02 04:13:15 | 00,134,656 | ---- | M] (Mozilla Foundation)
< FireFox Plugins [Program Folders] > ->
C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\ -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins -> [2009/03/30 08:47:32 | 00,000,000 | ---D | M]
npdeploytk.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npdeploytk.dll -> [2009/03/09 05:19:09 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.)
npdivx32.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npdivx32.dll -> [2008/11/06 11:33:48 | 01,332,224 | ---- | M] (DivX,Inc.)
npdivx32.xpt -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npdivx32.xpt -> [2008/11/06 11:33:50 | 00,001,607 | ---- | M] ()
npDivxPlayerPlugin.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npDivxPlayerPlugin.dll -> [2008/12/10 19:33:34 | 00,098,304 | ---- | M] (DivX, Inc)
npnul32.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npnul32.dll -> [2008/12/02 04:13:18 | 00,065,536 | ---- | M] (mozilla.org)
nppdf32.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\nppdf32.dll -> [2008/10/14 22:33:30 | 00,095,600 | ---- | M] (Adobe Systems Inc.)
npqtplugin.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npqtplugin.dll -> [2009/03/30 08:47:32 | 00,143,360 | ---- | M] (Apple Inc.)
npqtplugin2.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npqtplugin2.dll -> [2009/03/30 08:47:32 | 00,143,360 | ---- | M] (Apple Inc.)
npqtplugin3.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npqtplugin3.dll -> [2009/03/30 08:47:32 | 00,143,360 | ---- | M] (Apple Inc.)
npqtplugin4.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npqtplugin4.dll -> [2009/03/30 08:47:32 | 00,143,360 | ---- | M] (Apple Inc.)
npqtplugin5.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npqtplugin5.dll -> [2009/03/30 08:47:32 | 00,143,360 | ---- | M] (Apple Inc.)
npqtplugin6.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npqtplugin6.dll -> [2009/03/30 08:47:32 | 00,143,360 | ---- | M] (Apple Inc.)
npqtplugin7.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npqtplugin7.dll -> [2009/03/30 08:47:32 | 00,143,360 | ---- | M] (Apple Inc.)
npViewpoint.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npViewpoint.dll -> [2007/04/16 12:07:12 | 00,180,293 | ---- | M] ()
npViewpoint.xpt -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npViewpoint.xpt -> [2006/10/09 13:26:35 | 00,000,266 | ---- | M] ()
nsIDivxPlayerPlugin.xpt -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\nsIDivxPlayerPlugin.xpt -> [2008/11/06 11:34:08 | 00,000,297 | ---- | M] ()
QuickTimePlugin.class -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\QuickTimePlugin.cla -> [2009/03/30 08:47:32 | 00,004,208 | ---- | M] ()
< FireFox SearchPlugins [Program Folders] > ->
C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\ -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins -> [2008/12/02 04:13:22 | 00,000,000 | ---D | M]
amazondotcom.xml -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\amazondotcom.xml -> [2008/10/11 15:08:38 | 00,001,394 | ---- | M] ()
answers.xml -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\answers.xml -> [2008/10/11 15:08:38 | 00,002,193 | ---- | M] ()
creativecommons.xml -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\creativecommons.xml -> [2008/10/11 15:08:38 | 00,001,534 | ---- | M] ()
eBay.xml -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\eBay.xml -> [2008/12/02 04:13:18 | 00,002,343 | ---- | M] ()
google.xml -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\google.xml -> [2008/10/11 15:08:38 | 00,001,706 | ---- | M] ()
wikipedia.xml -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\wikipedia.xml -> [2008/10/11 15:08:38 | 00,001,178 | ---- | M] ()
yahoo.xml -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\yahoo.xml -> [2008/10/11 15:08:38 | 00,000,792 | ---- | M] ()
< HOSTS File > (305685 bytes and 10575 lines) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
First 25 entries...
Reset Hosts
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.100888290cs.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.10sek.com
127.0.0.1 10sek.com
127.0.0.1 www.123topsearch.com
127.0.0.1 123topsearch.com
127.0.0.1 www.132.com
127.0.0.1 132.com
127.0.0.1 www.136136.net
127.0.0.1 136136.net
127.0.0.1 www.163ns.com
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> [2006/10/23 00:08:42 | 00,062,080 | ---- | M] (Adobe Systems Incorporated)
{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> [2009/01/26 15:31:02 | 01,879,896 | ---- | M] (Safer Networking Limited)
{9030D464-4C02-4ABF-8ECC-5164760863C6} [HKLM] -> %CommonProgramFiles%\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [Windows Live Sign-in Helper] -> [2009/01/22 15:41:30 | 00,408,448 | ---- | M] (Microsoft Corporation)
{DBC80044-A445-435b-BC74-9C25C1C588A9} [HKLM] -> %ProgramFiles%\Java\jre6\bin\jp2ssv.dll [Java(tm) Plug-In 2 SSV Helper] -> [2009/03/09 05:18:50 | 00,035,840 | ---- | M] (Sun Microsystems, Inc.)
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} [HKLM] -> %ProgramFiles%\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [JQSIEStartDetectorImpl Class] -> [2009/03/09 05:18:52 | 00,073,728 | ---- | M] (Sun Microsystems, Inc.)
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"avast!" -> %ProgramFiles%\Alwil Software\Avast4\ashDisp.exe [C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe] -> [2009/02/05 16:08:45 | 00,081,000 | ---- | M] (ALWIL Software)
"Broadcom Wireless Manager UI" -> %SystemRoot%\system32\WLTRAY.exe [C:\WINDOWS\system32\WLTRAY.exe] -> [2006/11/01 20:48:12 | 01,392,640 | ---- | M] (Dell Inc.)
"igfxpers" -> %SystemRoot%\system32\igfxpers.exe [C:\WINDOWS\system32\igfxpers.exe] -> [2005/09/20 10:36:20 | 00,114,688 | ---- | M] (Intel Corporation)
"igfxtray" -> %SystemRoot%\system32\igfxtray.exe [C:\WINDOWS\system32\igfxtray.exe] -> [2005/09/20 10:35:40 | 00,094,208 | ---- | M] (Intel Corporation)
"Motorola Wireless Manager UI" -> %SystemRoot%\system32\WLTRAY.exe [C:\WINDOWS\system32\WLTRAY] -> [2006/11/01 20:48:12 | 01,392,640 | ---- | M] (Dell Inc.)
"SunJavaUpdateSched" -> %ProgramFiles%\Java\jre6\bin\jusched.exe ["C:\Program Files\Java\jre6\bin\jusched.exe"] -> [2009/03/09 05:19:17 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.)
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"Rainlendar2" -> %ProgramFiles%\Rainlendar2\Rainlendar2.exe [C:\Program Files\Rainlendar2\Rainlendar2.exe] -> [2007/07/24 02:12:56 | 01,298,432 | ---- | M] ()
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
%AllUsersProfile%\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk -> %CommonProgramFiles%\Adobe\Calibration\Adobe Gamma Loader.exe -> [1999/11/04 16:06:48 | 00,113,664 | ---- | M] (Adobe Systems, Inc.)
%AllUsersProfile%\Start Menu\Programs\Startup\Microsoft Office.lnk -> %ProgramFiles%\Microsoft Office\Office\OSA9.EXE -> [1999/02/17 15:05:56 | 00,065,588 | ---- | M] (Microsoft Corporation)
< Owner Startup Folder > -> C:\Documents and Settings\Owner\Start Menu\Programs\Startup ->
%UserProfile%\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk -> %ProgramFiles%\ERUNT\AUTOBACK.EXE -> [2005/10/20 12:04:08 | 00,038,912 | ---- | M] ()
< Software Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer ->
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveAutoRun" -> [67108863] -> File not found
\\"NoDriveTypeAutoRun" -> [323] -> File not found
\\"NoDrives" -> [0] -> File not found
\\"HonorAutoRunSetting" -> [1] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
\\"dontdisplaylastusername" -> [0] -> File not found
\\"legalnoticecaption" -> [] -> File not found
\\"legalnoticetext" -> [] -> File not found
\\"shutdownwithoutlogon" -> [1] -> File not found
\\"undockwithoutlogon" -> [1] -> File not found
\\"DisableRegistryTools" -> [0] -> File not found
< CurrentVersion Policy Settings - Explorer [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveAutoRun" -> [67108863] -> File not found
\\"NoDriveTypeAutoRun" -> [323] -> File not found
\\"NoDrives" -> [0] -> File not found
< CurrentVersion Policy Settings - System [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Menu: Spybot - Search & Destroy Configuration] -> [2009/01/26 15:31:02 | 01,879,896 | ---- | M] (Safer Networking Limited)
{e2e2dd38-d088-4134-82b7-f2ba38496583}:Exec [HKLM] -> %SystemRoot%\Network Diagnostic\xpnetdiag.exe [Menu: @xpsp3res.dll,-20001] -> [2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Button: Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Menu: Windows Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] -> [Reg Error: Value error.] -> File not found
CmdMapping\\"{4982D40A-C53B-4615-B15B-B5B5E98D167C}" [HKLM] -> [Reg Error: Key error.] -> File not found
CmdMapping\\"{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}" [HKLM] -> [Reg Error: Value error.] -> File not found
CmdMapping\\"{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}" [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> [2009/01/26 15:31:02 | 01,879,896 | ---- | M] (Safer Networking Limited)
CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
PluginsPageFriendlyName -> Microsoft ActiveX Gallery ->
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s ->
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 5504 domain(s) found. ->
50 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. ->
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 9072 domain(s) found. ->
objects_aol.com -> Out of zone range - ( 5 ) ->
update_microsoft.com [http] -> Trusted sites ->
59 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 86 range(s) found. ->
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} [HKLM] -> http://go.microsoft.com/fwlink/?linkid=58813 [Office Genuine Advantage Validation Tool] ->
{0742B9EF-8C83-41CA-BFBA-830A59E23533} [HKLM] -> https://support.microsoft.com/OAS/ActiveX/MSDcode.cab [Microsoft Data Collection Control] ->
{0CCA191D-13A6-4E29-B746-314DEE697D83} [HKLM] -> http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab [Facebook Photo Uploader 5 Control] ->
{362C56AA-6E4F-40C7-A0B5-85501DBDAD77} [HKLM] -> http://i.dell.com/images/global/js/scanner/SysProExe.cab [Scanner.SysScanner] ->
{406B5949-7190-4245-91A9-30A17DE16AD0} [HKLM] -> http://photo2.walgreens.com/WalgreensActivia.cab [Snapfish Activia] ->
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} [HKLM] -> http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1239734013757 [MUWebControl Class] ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab [Java Plug-in 1.6.0_13] ->
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [HKLM] -> http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab [Reg Error: Key error.] ->
{B9F79165-A264-4C4A-A211-133A5E8D647F} [HKLM] -> http://support.f-secure.com/enu/home/onlineservices/fshc/fscax.cab [F-Secure Health Check 1.1] ->
{C7DB51B4-BCF7-4923-8874-7F1A0DC92277} [HKLM] -> http://office.microsoft.com/officeupdate/content/opuc4.cab [Office Update Installation Engine] ->
{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab [Reg Error: Key error.] ->
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab [Reg Error: Key error.] ->
{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab [Java Plug-in 1.6.0_13] ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab [Java Plug-in 1.6.0_13] ->
{D27CDB6E-AE6D-11CF-96B8-444553540000} [HKLM] -> http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab [Shockwave Flash Object] ->
{E87F6C8E-16C0-11D3-BEF7-009027438003} [HKLM] -> https://secure.thefilingroom.com/members/XUpload.ocx [Persits Software XUpload] ->
{FFB3A759-98B1-446F-BDA9-909C6EB18CC7} [HKLM] -> http://utilities.pcpitstop.com/optimize2/pcpitstop2.dll [PCPitstop Exam] ->
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{018F015E-C361-4F18-B41F-28105991C9CB} -> (Dell TrueMobile 1300 WLAN Mini-PCI Card) ->
{5065CB1E-5C1A-4B95-956C-F6138E6495A9} -> (Dell Wireless 1350 WLAN Mini-PCI Card) ->
{A8F4D2E7-E5FF-4F19-8CDF-DC9795B2612B} -> () ->
{E9389068-2DDA-4819-8F38-F5A1F758FA7E} -> (Broadcom 440x 10/100 Integrated Controller) ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell ->
Explorer.exe -> %SystemRoot%\Explorer.exe -> [2008/04/13 19:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> ->
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
igfxcui -> %SystemRoot%\system32\igfxsrvc.dll -> [2005/09/20 10:32:16 | 00,057,344 | ---- | M] (Intel Corporation)
< Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List ->
"%windir%\Network Diagnostic\xpnetdiag.exe" -> C:\WINDOWS\Network Diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> [2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> [2008/04/13 19:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation)
"C:\Program Files\MSN Messenger\livecall.exe" -> C:\Program Files\MSN Messenger\livecall.exe [C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)] -> File not found
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" -> C:\Program Files\Windows Live\Messenger\msnmsgr.exe [C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger] -> [2009/02/06 18:51:28 | 03,885,408 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" -> C:\Program Files\Windows Live\Messenger\wlcsdk.exe [C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call] -> [2009/02/06 18:21:00 | 00,583,024 | ---- | M] (Microsoft Corporation)
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List ->
"%windir%\Network Diagnostic\xpnetdiag.exe" -> C:\WINDOWS\Network Diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> [2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> [2008/04/13 19:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation)
"C:\Program Files\AIM6\aim6.exe" -> C:\Program Files\AIM6\aim6.exe [C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM] -> [2008/10/31 14:22:38 | 00,050,480 | ---- | M] (AOL LLC)
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" -> C:\Program Files\Common Files\AOL\Loader\aolload.exe [C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader] -> [2006/11/03 02:17:27 | 00,010,800 | ---- | M] (AOL LLC)
"C:\Program Files\Microsoft LifeCam\LifeCam.exe" -> C:\Program Files\Microsoft LifeCam\LifeCam.exe [C:\Program Files\Microsoft LifeCam\LifeCam.exe:*:Enabled:LifeCam.exe] -> [2007/05/17 14:45:32 | 04,277,608 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Microsoft LifeCam\LifeExp.exe" -> C:\Program Files\Microsoft LifeCam\LifeExp.exe [C:\Program Files\Microsoft LifeCam\LifeExp.exe:*:Enabled:LifeExp.exe] -> [2007/05/17 14:45:32 | 00,279,912 | ---- | M] (Microsoft Corporation)
"C:\Program Files\SightSpeed\SightSpeed.exe" -> C:\Program Files\SightSpeed\SightSpeed.exe [C:\Program Files\SightSpeed\SightSpeed.exe:*:Enabled:SightSpeed] -> [2007/10/25 18:08:48 | 03,638,584 | ---- | M] (SightSpeed Inc.)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" -> C:\Program Files\Windows Live\Messenger\msnmsgr.exe [C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger] -> [2009/02/06 18:51:28 | 03,885,408 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" -> C:\Program Files\Windows Live\Messenger\wlcsdk.exe [C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call] -> [2009/02/06 18:21:00 | 00,583,024 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -> C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger] -> [2007/08/30 17:43:18 | 04,670,704 | ---- | M] (Yahoo! Inc.)
"C:\Program Files\Yahoo!\Messenger\YServer.exe" -> C:\Program Files\Yahoo!\Messenger\YServer.exe [C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server] -> [2007/08/30 17:43:18 | 00,091,376 | ---- | M] (Yahoo! Inc.)
"C:\WINDOWS\system32\dpvsetup.exe" -> C:\WINDOWS\system32\dpvsetup.exe [C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test] -> [2008/04/13 19:12:18 | 00,083,456 | ---- | M] (Microsoft Corporation)
"C:\WINDOWS\system32\mmc.exe" -> C:\WINDOWS\system32\mmc.exe [C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console] -> [2008/04/13 19:12:25 | 01,414,656 | ---- | M] (Microsoft Corporation)
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot ->
"AlternateShell" -> cmd.exe ->
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 ->
Crymmsun
2009-05-06, 17:31
"DisplayName" -> CD-ROM Driver ->
"ImagePath" -> %SystemRoot%\system32\DRIVERS\cdrom.sys [system32\DRIVERS\cdrom.sys] -> [2008/04/13 13:40:46 | 00,062,976 | ---- | M] (Microsoft Corporation)
< Drives with AutoRun files > -> ->
C:\AUTOEXEC.BAT [] -> %SystemDrive%\AUTOEXEC.BAT [ NTFS ] -> [2007/10/30 22:51:41 | 00,000,000 | ---- | M] ()
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 ->
\{82da9170-a5a0-11dc-90b5-00114362eace}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{82da9170-a5a0-11dc-90b5-00114362eace}\Shell\AutoRun\command
\{82da9170-a5a0-11dc-90b5-00114362eace}\Shell\AutoRun\command\\"" -> [wd_windows_tools\setup.exe] -> File not found
[Files/Folders - Created Within 30 Days]
1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp ->
3 C:\Documents and Settings\Owner\Desktop\*.tmp files -> C:\Documents and Settings\Owner\Desktop\*.tmp ->
OTScanIt2 -> %UserProfile%\Desktop\OTScanIt2 -> [2009/05/06 08:47:34 | 00,000,000 | ---D | C]
OTScanIt2.exe -> %UserProfile%\Desktop\OTScanIt2.exe -> [2009/05/06 08:43:55 | 00,665,196 | ---- | C] ()
RECYCLER -> %SystemDrive%\RECYCLER -> [2009/05/05 03:01:04 | 00,000,000 | -HSD | C]
Boot.bak -> %SystemDrive%\Boot.bak -> [2009/05/05 02:53:07 | 00,000,211 | ---- | C] ()
cmldr -> %SystemDrive%\cmldr -> [2009/05/05 02:53:03 | 00,260,272 | ---- | C] ()
cmdcons -> %SystemDrive%\cmdcons -> [2009/05/05 02:52:59 | 00,000,000 | RHSD | C]
SWXCACLS.exe -> %SystemRoot%\SWXCACLS.exe -> [2009/05/05 02:51:44 | 00,212,480 | ---- | C] (SteelWerX)
SWREG.exe -> %SystemRoot%\SWREG.exe -> [2009/05/05 02:51:44 | 00,161,792 | ---- | C] (SteelWerX)
SWSC.exe -> %SystemRoot%\SWSC.exe -> [2009/05/05 02:51:44 | 00,136,704 | ---- | C] (SteelWerX)
vFind.exe -> %SystemRoot%\vFind.exe -> [2009/05/05 02:51:44 | 00,117,248 | ---- | C] ()
sed.exe -> %SystemRoot%\sed.exe -> [2009/05/05 02:51:44 | 00,098,816 | ---- | C] ()
grep.exe -> %SystemRoot%\grep.exe -> [2009/05/05 02:51:44 | 00,080,412 | ---- | C] ()
zip.exe -> %SystemRoot%\zip.exe -> [2009/05/05 02:51:44 | 00,068,096 | ---- | C] ()
NIRCMD.exe -> %SystemRoot%\NIRCMD.exe -> [2009/05/05 02:51:44 | 00,029,696 | ---- | C] (NirSoft)
Qoobox -> %SystemDrive%\Qoobox -> [2009/05/05 02:50:42 | 00,000,000 | ---D | C]
ComboFix.exe -> %UserProfile%\Desktop\ComboFix.exe -> [2009/05/05 02:30:21 | 03,012,646 | R--- | C] ()
rsit -> %SystemDrive%\rsit -> [2009/05/04 23:46:33 | 00,000,000 | ---D | C]
RSIT.exe -> %UserProfile%\Desktop\RSIT.exe -> [2009/05/04 23:46:06 | 00,781,909 | ---- | C] ()
mbam.sys -> %SystemRoot%\System32\drivers\mbam.sys -> [2009/05/04 22:29:49 | 00,015,504 | ---- | C] (Malwarebytes Corporation)
mbamswissarmy.sys -> %SystemRoot%\System32\drivers\mbamswissarmy.sys -> [2009/05/04 22:29:46 | 00,038,496 | ---- | C] (Malwarebytes Corporation)
Malwarebytes' Anti-Malware -> %ProgramFiles%\Malwarebytes' Anti-Malware -> [2009/05/04 22:29:44 | 00,000,000 | ---D | C]
SmitfraudFix -> %UserProfile%\Desktop\SmitfraudFix -> [2009/05/03 18:21:52 | 00,000,000 | ---D | C]
SmitfraudFix.exe -> %UserProfile%\Desktop\SmitfraudFix.exe -> [2009/05/03 18:21:26 | 01,883,396 | ---- | C] ()
ERDNT -> %SystemRoot%\ERDNT -> [2009/05/02 22:44:32 | 00,000,000 | ---D | C]
ERUNT AutoBackup.lnk -> %UserProfile%\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk -> [2009/05/02 22:43:41 | 00,000,774 | ---- | C] ()
ERUNT -> %ProgramFiles%\ERUNT -> [2009/05/02 22:43:15 | 00,000,000 | ---D | C]
Tracing -> %UserProfile%\Tracing -> [2009/04/30 09:41:22 | 00,000,000 | ---D | C]
Microsoft -> %ProgramFiles%\Microsoft -> [2009/04/30 09:38:32 | 00,000,000 | ---D | C]
microsoft -> %AllUsersProfile%\Documents\microsoft -> [2009/04/30 09:38:21 | 00,000,000 | ---D | C]
Windows Live SkyDrive -> %ProgramFiles%\Windows Live SkyDrive -> [2009/04/30 09:38:11 | 00,000,000 | ---D | C]
Windows Live -> %ProgramFiles%\Windows Live -> [2009/04/30 09:37:44 | 00,000,000 | ---D | C]
Windows Live -> %CommonProgramFiles%\Windows Live -> [2009/04/30 09:33:56 | 00,000,000 | ---D | C]
Recent -> %UserProfile%\Recent -> [2009/04/19 19:24:04 | 00,000,000 | RH-D | C]
ApplicationHistory -> %UserProfile%\Local Settings\Application Data\ApplicationHistory -> [2009/04/15 18:39:12 | 00,000,000 | ---D | C]
ntprint.cat -> %SystemRoot%\System32\dllcache\ntprint.cat -> [2009/04/15 18:38:42 | 01,089,593 | ---- | C] ()
XPSViewer -> %SystemRoot%\System32\XPSViewer -> [2009/04/15 17:02:54 | 00,000,000 | ---D | C]
MSBuild -> %ProgramFiles%\MSBuild -> [2009/04/15 17:02:46 | 00,000,000 | ---D | C]
Reference Assemblies -> %ProgramFiles%\Reference Assemblies -> [2009/04/15 17:02:31 | 00,000,000 | ---D | C]
printfilterpipelinesvc.exe -> %SystemRoot%\System32\dllcache\printfilterpipelinesvc.exe -> [2009/04/15 17:01:49 | 00,597,504 | ---- | C] (Microsoft Corporation)
xpsshhdr.dll -> %SystemRoot%\System32\xpsshhdr.dll -> [2009/04/15 17:01:49 | 00,575,488 | ---- | C] (Microsoft Corporation)
xpsshhdr.dll -> %SystemRoot%\System32\dllcache\xpsshhdr.dll -> [2009/04/15 17:01:49 | 00,575,488 | ---- | C] (Microsoft Corporation)
prntvpt.dll -> %SystemRoot%\System32\prntvpt.dll -> [2009/04/15 17:01:49 | 00,117,760 | ---- | C] (Microsoft Corporation)
filterpipelineprintproc.dll -> %SystemRoot%\System32\dllcache\filterpipelineprintproc.dll -> [2009/04/15 17:01:49 | 00,089,088 | ---- | C] (Microsoft Corporation)
xpssvcs.dll -> %SystemRoot%\System32\xpssvcs.dll -> [2009/04/15 17:01:48 | 01,676,288 | ---- | C] (Microsoft Corporation)
xpssvcs.dll -> %SystemRoot%\System32\dllcache\xpssvcs.dll -> [2009/04/15 17:01:48 | 01,676,288 | ---- | C] (Microsoft Corporation)
d44de6da6492a16af7385b1555 -> %SystemDrive%\d44de6da6492a16af7385b1555 -> [2009/04/15 17:01:47 | 00,000,000 | ---D | C]
URTTemp -> %SystemRoot%\System32\URTTemp -> [2009/04/15 16:53:14 | 00,000,000 | ---D | C]
MRT.exe -> %SystemRoot%\System32\MRT.exe -> [2009/04/15 13:16:11 | 24,921,544 | ---- | C] (Microsoft Corporation)
pdh.dll -> %SystemRoot%\System32\dllcache\pdh.dll -> [2009/04/15 13:09:43 | 00,284,160 | ---- | C] (Microsoft Corporation)
fastprox.dll -> %SystemRoot%\System32\dllcache\fastprox.dll -> [2009/04/15 13:09:42 | 00,473,600 | ---- | C] (Microsoft Corporation)
wmiprvsd.dll -> %SystemRoot%\System32\dllcache\wmiprvsd.dll -> [2009/04/15 13:09:42 | 00,453,120 | ---- | C] (Microsoft Corporation)
rpcss.dll -> %SystemRoot%\System32\dllcache\rpcss.dll -> [2009/04/15 13:09:42 | 00,401,408 | ---- | C] (Microsoft Corporation)
wmiprvse.exe -> %SystemRoot%\System32\dllcache\wmiprvse.exe -> [2009/04/15 13:09:42 | 00,227,840 | ---- | C] (Microsoft Corporation)
services.exe -> %SystemRoot%\System32\dllcache\services.exe -> [2009/04/15 13:09:42 | 00,110,592 | ---- | C] (Microsoft Corporation)
lsasrv.dll -> %SystemRoot%\System32\dllcache\lsasrv.dll -> [2009/04/15 13:09:41 | 00,729,088 | ---- | C] (Microsoft Corporation)
advapi32.dll -> %SystemRoot%\System32\dllcache\advapi32.dll -> [2009/04/15 13:09:41 | 00,617,472 | ---- | C] (Microsoft Corporation)
ntdll.dll -> %SystemRoot%\System32\dllcache\ntdll.dll -> [2009/04/15 13:09:40 | 00,714,752 | ---- | C] (Microsoft Corporation)
xpsp4res.dll -> %SystemRoot%\System32\xpsp4res.dll -> [2009/04/15 13:09:00 | 00,002,560 | ---- | C] (Microsoft Corporation)
sysmain.sdb -> %SystemRoot%\System32\dllcache\sysmain.sdb -> [2009/04/15 13:08:59 | 01,203,922 | ---- | C] ()
wordpad.exe -> %SystemRoot%\System32\dllcache\wordpad.exe -> [2009/04/15 13:08:59 | 00,215,552 | ---- | C] (Microsoft Corporation)
Prefetch -> %SystemRoot%\Prefetch -> [2009/04/15 12:57:56 | 00,000,000 | ---D | C]
scripting -> %SystemRoot%\System32\scripting -> [2009/04/15 12:44:52 | 00,000,000 | ---D | C]
l2schemas -> %SystemRoot%\l2schemas -> [2009/04/15 12:44:51 | 00,000,000 | ---D | C]
en -> %SystemRoot%\System32\en -> [2009/04/15 12:44:50 | 00,000,000 | ---D | C]
bits -> %SystemRoot%\System32\bits -> [2009/04/15 12:44:49 | 00,000,000 | ---D | C]
ServicePackFiles -> %SystemRoot%\ServicePackFiles -> [2009/04/15 12:37:21 | 00,000,000 | ---D | C]
network diagnostic -> %SystemRoot%\network diagnostic -> [2009/04/15 12:34:17 | 00,000,000 | ---D | C]
$NtServicePackUninstall$ -> %SystemRoot%\$NtServicePackUninstall$ -> [2009/04/15 12:28:05 | 00,000,000 | -H-D | C]
EHome -> %SystemRoot%\EHome -> [2009/04/15 12:28:02 | 00,000,000 | ---D | C]
fix.reg -> %SystemDrive%\fix.reg -> [2009/04/15 12:14:49 | 00,004,158 | ---- | C] ()
Julie's_Resume[1].doc -> %UserProfile%\Desktop\Julie's_Resume[1].doc -> [2009/04/07 02:53:36 | 00,028,672 | ---- | C] ()
qt-dx331.dll -> %SystemRoot%\System32\qt-dx331.dll -> [2008/11/06 11:37:32 | 03,596,288 | ---- | C] ()
dtu100.dll.manifest -> %SystemRoot%\System32\dtu100.dll.manifest -> [2008/11/06 11:34:00 | 00,000,416 | ---- | C] ()
dpl100.dll.manifest -> %SystemRoot%\System32\dpl100.dll.manifest -> [2008/11/06 11:34:00 | 00,000,416 | ---- | C] ()
DivXWMPExtType.dll -> %SystemRoot%\System32\DivXWMPExtType.dll -> [2008/11/06 11:33:02 | 00,012,288 | ---- | C] ()
VX3000.ini -> %SystemRoot%\VX3000.ini -> [2008/07/25 01:21:40 | 00,015,498 | ---- | C] ()
msoffice.ini -> %SystemRoot%\msoffice.ini -> [2008/04/15 01:08:01 | 00,000,002 | ---- | C] ()
wininit.ini -> %SystemRoot%\wininit.ini -> [2008/02/21 06:42:13 | 00,001,145 | ---- | C] ()
OGACheckControl.DLL -> %SystemRoot%\System32\OGACheckControl.DLL -> [2008/02/04 18:23:10 | 00,693,792 | ---- | C] ()
ODBC.INI -> %SystemRoot%\ODBC.INI -> [2007/11/30 02:42:27 | 00,000,376 | ---- | C] ()
NeroDigital.ini -> %SystemRoot%\NeroDigital.ini -> [2007/11/02 18:31:39 | 00,000,202 | ---- | C] ()
CddbPlaylist2Sony.dll -> %SystemRoot%\System32\CddbPlaylist2Sony.dll -> [2007/11/02 09:48:32 | 00,532,480 | ---- | C] ()
bcm1xsup.dll -> %SystemRoot%\System32\bcm1xsup.dll -> [2007/10/30 23:32:03 | 00,757,760 | ---- | C] ()
preflib.dll -> %SystemRoot%\System32\preflib.dll -> [2007/10/30 23:32:03 | 00,086,016 | ---- | C] ()
win.ini -> %SystemRoot%\win.ini -> [2004/08/04 05:00:00 | 00,000,580 | ---- | C] ()
system.ini -> %SystemRoot%\system.ini -> [2004/08/04 05:00:00 | 00,000,227 | ---- | C] ()
indounin.dll -> %SystemRoot%\System32\indounin.dll -> [1999/01/27 14:39:06 | 00,065,024 | ---- | C] ()
Iyvu9_32.dll -> %SystemRoot%\System32\Iyvu9_32.dll -> [1997/06/13 08:56:08 | 00,056,832 | ---- | C] ()
DOCOBJ.DLL -> %SystemRoot%\System32\DOCOBJ.DLL -> [1996/12/09 01:00:00 | 00,022,016 | ---- | C] ()
HLINKPRX.DLL -> %SystemRoot%\System32\HLINKPRX.DLL -> [1996/12/09 01:00:00 | 00,012,288 | ---- | C] ()
[Files/Folders - Modified Within 30 Days]
1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp ->
3 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp ->
3 C:\Documents and Settings\Owner\Desktop\*.tmp files -> C:\Documents and Settings\Owner\Desktop\*.tmp ->
ntuser.dat -> %UserProfile%\ntuser.dat -> [2009/05/06 08:47:59 | 09,437,184 | ---- | M] ()
OTScanIt2.exe -> %UserProfile%\Desktop\OTScanIt2.exe -> [2009/05/06 08:43:59 | 00,665,196 | ---- | M] ()
sfdb.dat -> %UserProfile%\Local Settings\temp\jkos-Owner\engine\bases\sfdb.dat -> [2009/05/06 03:08:41 | 00,313,436 | ---- | M] ()
kosglue-7.0.26.0.dll -> %UserProfile%\Local Settings\temp\jkos-Owner\binaries\kosglue-7.0.26.0.dll -> [2009/05/06 03:08:02 | 00,729,152 | ---- | M] (Kaspersky Lab)
msvcr80.dll -> %UserProfile%\Local Settings\temp\jkos-Owner\binaries\msvcr80.dll -> [2009/05/06 03:08:01 | 00,626,688 | ---- | M] (Microsoft Corporation)
msvcp80.dll -> %UserProfile%\Local Settings\temp\jkos-Owner\binaries\msvcp80.dll -> [2009/05/06 03:08:01 | 00,548,864 | ---- | M] (Microsoft Corporation)
kave.dll -> %UserProfile%\Local Settings\temp\jkos-Owner\binaries\kave.dll -> [2009/05/06 03:08:01 | 00,282,624 | ---- | M] (Kaspersky Lab.)
prLoader.dll -> %UserProfile%\Local Settings\temp\jkos-Owner\binaries\prLoader.dll -> [2009/05/06 03:08:01 | 00,184,320 | ---- | M] (Kaspersky Lab)
ScanningProcess.exe -> %UserProfile%\Local Settings\temp\jkos-Owner\binaries\ScanningProcess.exe -> [2009/05/06 03:08:01 | 00,139,264 | ---- | M] (Kaspersky Lab.)
prremote.dll -> %UserProfile%\Local Settings\temp\jkos-Owner\binaries\prremote.dll -> [2009/05/06 03:08:01 | 00,090,112 | ---- | M] (Kaspersky Lab)
ikave.dll -> %UserProfile%\Local Settings\temp\jkos-Owner\binaries\ikave.dll -> [2009/05/06 03:08:01 | 00,065,536 | ---- | M] ()
msvcm80.dll -> %UserProfile%\Local Settings\temp\jkos-Owner\binaries\msvcm80.dll -> [2009/05/06 03:08:00 | 00,479,232 | ---- | M] (Microsoft Corporation)
FSSync.dll -> %UserProfile%\Local Settings\temp\jkos-Owner\binaries\FSSync.dll -> [2009/05/06 03:08:00 | 00,038,400 | ---- | M] (Kaspersky Lab)
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [2009/05/05 03:00:12 | 00,000,006 | -H-- | M] ()
system.ini -> %SystemRoot%\system.ini -> [2009/05/05 02:57:32 | 00,000,227 | ---- | M] ()
boot.ini -> %SystemDrive%\boot.ini -> [2009/05/05 02:53:07 | 00,000,281 | RHS- | M] ()
ComboFix.exe -> %UserProfile%\Desktop\ComboFix.exe -> [2009/05/05 02:51:11 | 03,012,646 | R--- | M] ()
EasyShare Registration RunOnce Task.job -> %SystemRoot%\tasks\EasyShare Registration RunOnce Task.job -> [2009/05/05 00:49:55 | 00,000,450 | ---- | M] ()
Perflib_Perfdata_d8.dat -> %SystemRoot%\Temp\Perflib_Perfdata_d8.dat -> [2009/05/05 00:48:49 | 00,016,384 | ---- | M] ()
bootstat.dat -> %SystemRoot%\bootstat.dat -> [2009/05/05 00:48:36 | 00,002,048 | --S- | M] ()
ntuser.ini -> %UserProfile%\ntuser.ini -> [2009/05/05 00:48:01 | 00,000,178 | -HS- | M] ()
RSIT.exe -> %UserProfile%\Desktop\RSIT.exe -> [2009/05/04 23:46:09 | 00,781,909 | ---- | M] ()
Ad-Aware Update (Weekly).job -> %SystemRoot%\tasks\Ad-Aware Update (Weekly).job -> [2009/05/04 14:52:35 | 00,000,472 | ---- | M] ()
AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job -> [2009/05/04 08:42:03 | 00,000,284 | ---- | M] ()
SmitfraudFix.exe -> %UserProfile%\Desktop\SmitfraudFix.exe -> [2009/05/03 18:21:34 | 01,883,396 | ---- | M] ()
ERUNT AutoBackup.lnk -> %UserProfile%\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk -> [2009/05/02 22:43:41 | 00,000,774 | ---- | M] ()
hosts -> %SystemRoot%\System32\drivers\etc\hosts -> [2009/05/02 22:30:09 | 00,305,685 | R--- | M] ()
win.ini -> %SystemRoot%\win.ini -> [2009/05/02 21:59:05 | 00,000,580 | ---- | M] ()
Boot.bak -> %SystemDrive%\Boot.bak -> [2009/05/02 21:59:05 | 00,000,211 | ---- | M] ()
vFind.exe -> %SystemRoot%\vFind.exe -> [2009/05/01 15:36:46 | 00,117,248 | ---- | M] ()
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %UserProfile%\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2009/05/01 06:44:55 | 00,120,832 | ---- | M] ()
NeroDigital.ini -> %SystemRoot%\NeroDigital.ini -> [2009/05/01 06:44:55 | 00,000,202 | ---- | M] ()
qmgr1.dat -> %AllUsersProfile%\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [2009/05/01 03:27:10 | 00,008,452 | ---- | M] ()
qmgr0.dat -> %AllUsersProfile%\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [2009/05/01 03:27:09 | 00,008,866 | ---- | M] ()
FNTCACHE.DAT -> %SystemRoot%\System32\FNTCACHE.DAT -> [2009/04/30 11:28:56 | 00,270,984 | ---- | M] ()
GDIPFONTCACHEV1.DAT -> %UserProfile%\Local Settings\Application Data\GDIPFONTCACHEV1.DAT -> [2009/04/30 09:40:33 | 00,067,656 | ---- | M] ()
My Sharing Folders.lnk -> %UserProfile%\Julie's Documents\My Sharing Folders.lnk -> [2009/04/30 09:39:35 | 00,000,906 | ---- | M] ()
img2-001.raw -> %SystemDrive%\img2-001.raw -> [2009/04/30 03:48:18 | 00,230,424 | ---- | M] ()
wpa.dbl -> %SystemRoot%\System32\wpa.dbl -> [2009/04/21 16:10:06 | 00,002,206 | ---- | M] ()
Perflib_Perfdata_670.dat -> %SystemRoot%\Temp\Perflib_Perfdata_670.dat -> [2009/04/19 19:28:57 | 00,016,384 | ---- | M] ()
hosts.20090502-223009.backup -> %SystemRoot%\System32\drivers\etc\hosts.20090502-223009.backup -> [2009/04/19 19:16:03 | 00,305,032 | R--- | M] ()
Chris.doc -> %UserProfile%\Desktop\Chris.doc -> [2009/04/19 02:46:30 | 00,104,448 | ---- | M] ()
PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI -> [2009/04/15 18:41:46 | 00,715,190 | ---- | M] ()
perfh009.dat -> %SystemRoot%\System32\perfh009.dat -> [2009/04/15 18:41:46 | 00,604,828 | ---- | M] ()
perfc009.dat -> %SystemRoot%\System32\perfc009.dat -> [2009/04/15 18:41:46 | 00,109,706 | ---- | M] ()
ntldr -> %SystemDrive%\ntldr -> [2009/04/15 12:33:44 | 00,250,048 | RHS- | M] ()
fix.reg -> %SystemDrive%\fix.reg -> [2009/04/15 12:15:57 | 00,004,158 | ---- | M] ()
EasyShare Registration Task.job -> %SystemRoot%\tasks\EasyShare Registration Task.job -> [2009/04/08 23:47:00 | 00,000,436 | ---- | M] ()
Julie's_Resume[1].doc -> %UserProfile%\Desktop\Julie's_Resume[1].doc -> [2009/04/07 03:05:56 | 00,028,672 | ---- | M] ()
mbamswissarmy.sys -> %SystemRoot%\System32\drivers\mbamswissarmy.sys -> [2009/04/06 15:32:54 | 00,038,496 | ---- | M] (Malwarebytes Corporation)
mbam.sys -> %SystemRoot%\System32\drivers\mbam.sys -> [2009/04/06 15:32:46 | 00,015,504 | ---- | M] (Malwarebytes Corporation)
[CatchMe Rootkit Scan by GMER]
< Windows folder & sub-folders >
scanning hidden processes ...
scanning hidden services & system hive ...
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
< Document and Settings folder & sub folders >
scanning hidden files ...
C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34 125 bytes
C:\Documents and Settings\All Users\Application Data\TEMP:825D5945 109 bytes
C:\Documents and Settings\Owner\Favorites\Links\Google.url:favicon 1150 bytes
C:\Documents and Settings\Owner\Favorites\Links\Windows Update.url:favicon 25214 bytes
C:\Documents and Settings\Owner\Favorites\Safe, Sane, Sensual\Literotica.url:favicon 1406 bytes
C:\Documents and Settings\Owner\Favorites\Safe, Sane, Sensual\Private\Toys\Shop Erotic Online Store.url:favicon 1150 bytes
C:\Documents and Settings\Owner\Favorites\Safe, Sane, Sensual\Private\Wasteland.com - Darker Side of Desire.url:favicon 1150 bytes
C:\Documents and Settings\Owner\Favorites\Safe, Sane, Sensual\Tantra Chair.url:favicon 3638 bytes
C:\Documents and Settings\Owner\Favorites\AOL\Welcome to AOL Anywhere.url:favicon 2862 bytes
C:\Documents and Settings\Owner\Favorites\Comics\Kenzer and Company.url:favicon 1406 bytes
C:\Documents and Settings\Owner\Favorites\Comics\Starchild.url:favicon 1151 bytes
C:\Documents and Settings\Owner\Favorites\Computer Help\Tech Support\Bleeping Computer Computer Help and Discussion.url:favicon 1406 bytes
C:\Documents and Settings\Owner\Favorites\Computer Help\Tech Support\Linksys.com.url:favicon 3638 bytes
C:\Documents and Settings\Owner\Favorites\Computer Help\Tech Support\MalWare Removal.url:favicon 1150 bytes
C:\Documents and Settings\Owner\Favorites\Computer Help\Tech Support\PC Pitstop.url:favicon 26694 bytes
C:\Documents and Settings\Owner\Favorites\Computer Help\Tech Support\Safer Networking Forums - S&D.url:favicon 10134 bytes
C:\Documents and Settings\Owner\Favorites\Computer Help\Tech Support\Trend Micro - Free online virus Scan.url:favicon 1406 bytes
C:\Documents and Settings\Owner\Favorites\Computer Help\TheFilingRoom.url:favicon 2238 bytes
C:\Documents and Settings\Owner\Favorites\Me\Cooking\Asparagus Lasagna - Food Network Canada.url:favicon 894 bytes
C:\Documents and Settings\Owner\Favorites\Me\Cooking\Betty Crocker - Cookbook.url:favicon 4286 bytes
C:\Documents and Settings\Owner\Favorites\Me\Cooking\Cooks.com.url:favicon 2550 bytes
C:\Documents and Settings\Owner\Favorites\Me\Cooking\Food Network.url:favicon 894 bytes
C:\Documents and Settings\Owner\Favorites\Me\Financial\AT&T MyWireless.url:favicon 1150 bytes
C:\Documents and Settings\Owner\Favorites\Me\Financial\Capital One.url:favicon 894 bytes
C:\Documents and Settings\Owner\Favorites\Me\Financial\GEICO.url:favicon 1406 bytes
C:\Documents and Settings\Owner\Favorites\Me\Financial\Netflix Log In.url:favicon 318 bytes
C:\Documents and Settings\Owner\Favorites\Me\Job Related\craigslist new orleans.url:favicon 1150 bytes
C:\Documents and Settings\Owner\Favorites\Me\Job Related\Network for Good.url:favicon 894 bytes
C:\Documents and Settings\Owner\Favorites\Me\Job Related\NOLA.com.url:favicon 894 bytes
C:\Documents and Settings\Owner\Favorites\Me\My Pages\Facebook Profile.url:favicon 1150 bytes
C:\Documents and Settings\Owner\Favorites\Me\My Pages\MSNLive - Crymsun.url:favicon 1150 bytes
C:\Documents and Settings\Owner\Favorites\Me\My Pages\MySpace - ObsidianShayd.url:favicon 1406 bytes
C:\Documents and Settings\Owner\Favorites\Me\My Pages\Photobucket - Crymmsun.url:favicon 1150 bytes
C:\Documents and Settings\Owner\Favorites\Me\My Pages\Tribe.net - ObsidianShayd.url:favicon 894 bytes
C:\Documents and Settings\Owner\Favorites\Me\My Pages\Webshots - FuchsiaIce.url:favicon 22486 bytes
C:\Documents and Settings\Owner\Favorites\Me\My Pages\Youniverse - Crymmsun.url:favicon 1406 bytes
C:\Documents and Settings\Owner\Favorites\Me\My Pages\YouTube - ObsidianShayd.url:favicon 318 bytes
C:\Documents and Settings\Owner\Favorites\Me\Personal\Hotmail Sign In.url:favicon 1150 bytes
C:\Documents and Settings\Owner\Favorites\Me\Personal\KODAK EASYSHARE CX7525 Zoom Digital Camera Support.url:favicon 1150 bytes
C:\Documents and Settings\Owner\Favorites\Me\Personal\Lavalife.url:favicon 1150 bytes
C:\Documents and Settings\Owner\Favorites\Me\Personal\Party Vibe.url:favicon 894 bytes
C:\Documents and Settings\Owner\Favorites\Me\Personal\Tarot.com.url:favicon 1406 bytes
C:\Documents and Settings\Owner\Favorites\Me\Personal\The Bono - Obama Generation.url:favicon 5430 bytes
C:\Documents and Settings\Owner\Favorites\Me\Personal\Visual DNA.url:favicon 894 bytes
C:\Documents and Settings\Owner\Favorites\Me\RP&Web\Disney Fairies.url:favicon 1150 bytes
C:\Documents and Settings\Owner\Favorites\Me\Shop\Every Car Listed.url:favicon 894 bytes
C:\Documents and Settings\Owner\Favorites\Media\Music\Bands\ALABAMA3 HOME.url:favicon 6446 bytes
C:\Documents and Settings\Owner\Favorites\Media\Music\Bands\Asylum Street Spankers.url:favicon 1406 bytes
C:\Documents and Settings\Owner\Favorites\Media\Music\Bands\Stiff Little Fingers.url:favicon 3638 bytes
C:\Documents and Settings\Owner\Favorites\Media\Music\Downloads\Lime Wire.url:favicon 1150 bytes
C:\Documents and Settings\Owner\Favorites\Media\Music\Garageband.url:favicon 318 bytes
C:\Documents and Settings\Owner\Favorites\Media\Music\Lyrics\LyricWiki.url:favicon 894 bytes
C:\Documents and Settings\Owner\Favorites\Media\Music\Radio\Last.fm.url:favicon 1150 bytes
C:\Documents and Settings\Owner\Favorites\Media\Music\Radio\Pandora Internet Radio.url:favicon 15086 bytes
C:\Documents and Settings\Owner\Favorites\Media\TV & Movies\Buffy - Angel\Spike's Sweet Poison.url:favicon 2238 bytes
C:\Documents and Settings\Owner\Favorites\Media\TV & Movies\GateWorld Your Complete Guide to Stargate!.url:favicon 2942 bytes
C:\Documents and Settings\Owner\Favorites\Media\TV & Movies\Misc. Movie\Hulu - Watch your favorites. Anytime. For free..url:favicon 1150 bytes
C:\Documents and Settings\Owner\Favorites\Media\TV & Movies\Stations\ABC.com.url:favicon 2550 bytes
C:\Documents and Settings\Owner\Favorites\Media\TV & Movies\Stations\CBS.url:favicon 1406 bytes
C:\Documents and Settings\Owner\Favorites\Media\TV & Movies\Stations\NBC.com.url:favicon 318 bytes
C:\Documents and Settings\Owner\Favorites\Media\TV & Movies\Stations\SCIFI.COM.url:favicon 2494 bytes
C:\Documents and Settings\Owner\Favorites\Media\TV & Movies\Stations\The CW Television Network.url:favicon 894 bytes
C:\Documents and Settings\Owner\Favorites\Media\TV & Movies\Stations\USA Network.url:favicon 25214 bytes
C:\Documents and Settings\Owner\Favorites\Media\TV & Movies\The Internet Movie Database (IMDb).url:favicon 1718 bytes
C:\Documents and Settings\Owner\Favorites\Medical\Residency Programs\Methodist Institute for Reconstructive Surgery -Houston (The Texas Medical Center, Houston, Texas).url:favicon 15086 bytes
C:\Documents and Settings\Owner\Favorites\Mom\Star Tribune Crossword Corner.url:favicon 3638 bytes
C:\Documents and Settings\Owner\Favorites\Money\PayPal.url:favicon 5430 bytes
C:\Documents and Settings\Owner\Favorites\Resources\Pagan Resources\Astrology and Horoscope Homepage - Astrodienst.url:favicon 894 bytes
C:\Documents and Settings\Owner\Favorites\Resources\Pagan Resources\Witches' Voice.url:favicon 318 bytes
C:\Documents and Settings\Owner\Favorites\Resources\Dictionaries & Like\Dictionary.com.url:favicon 318 bytes
C:\Documents and Settings\Owner\Favorites\Resources\Dictionaries & Like\Thesaurus.com.url:favicon 318 bytes
C:\Documents and Settings\Owner\Favorites\Resources\Dictionaries & Like\Urban Dictionary.url:favicon 1150 bytes
C:\Documents and Settings\Owner\Favorites\Resources\Encyclopedias\THEOI GREEK MYTHOLOGY.url:favicon 1406 bytes
C:\Documents and Settings\Owner\Favorites\Resources\Foreign\General Irish.url:favicon 1406 bytes
C:\Documents and Settings\Owner\Favorites\Resources\Marvel Database.url:favicon 24942 bytes
C:\Documents and Settings\Owner\Favorites\Resources\Misc. Resources\Arčthane - Elvin Resource.url:favicon 1406 bytes
C:\Documents and Settings\Owner\Favorites\Resources\Misc. Resources\Karate Tips.url:favicon 1406 bytes
C:\Documents and Settings\Owner\Favorites\Resources\Misc. Resources\snopes.com Urban Legends Reference Pages.url:favicon 318 bytes
C:\Documents and Settings\Owner\Favorites\Resources\Misc. Resources\SuperPages Yellow Pages & White Pages.url:favicon 2734 bytes
C:\Documents and Settings\Owner\Favorites\Resources\Names\Baby Names.url:favicon 894 bytes
C:\Documents and Settings\Owner\Favorites\Resources\Names\Elven Names.url:favicon 1406 bytes
C:\Documents and Settings\Owner\Favorites\Resources\Wikipedia\List of colors - Wikipedia.url:favicon 318 bytes
C:\Documents and Settings\Owner\Favorites\Resources\Wikipedia\Wikipedia.url:favicon 318 bytes
C:\Documents and Settings\Owner\Favorites\Dell\Dell.url:favicon 3638 bytes
C:\Documents and Settings\Owner\Favorites\ECards\Kid E Card Sites For Kids Of All Ages..url:favicon 2238 bytes
C:\Documents and Settings\Owner\Favorites\FreakAngels.url:favicon 1150 bytes
C:\Documents and Settings\Owner\Favorites\Friend's Sites\Cody's MySpace.url:favicon 1406 bytes
C:\Documents and Settings\Owner\Favorites\Friend's Sites\Cooper's MySpace.url:favicon 1406 bytes
C:\Documents and Settings\Owner\Favorites\Friend's Sites\Crescent Lotus Dance - Kryss.url:favicon 41662 bytes
C:\Documents and Settings\Owner\Favorites\Friend's Sites\Tara Rynieyn.url:favicon 5222 bytes
C:\Documents and Settings\Owner\Favorites\Funny & Interesting\Weird and Cool\Liquid Generation.url:favicon 1150 bytes
C:\Documents and Settings\Owner\Favorites\Gaming\Bordertown\B-Town RP.url:favicon 6598 bytes
C:\Documents and Settings\Owner\Favorites\Gaming\Bordertown\Mock Ave. Time RPG.url:favicon 1406 bytes
C:\Documents and Settings\Owner\Favorites\Gaming\Downloadable games\IF Games, Resources\DNA-HHGG Infocom Adventure.url:favicon 1078 bytes
C:\Documents and Settings\Owner\Favorites\Gaming\Resources\Weaponry\Zombie Tools Accessories for the Apocalypse.url:favicon 1150 bytes
C:\Documents and Settings\Owner\Favorites\Gaming\Rhydin & AOL Related Sites\DM & Affliates\Dragon's Mark.url:favicon 318 bytes
C:\Documents and Settings\Owner\Favorites\Gaming\Rhydin & AOL Related Sites\DM & Affliates\Rings of Honor (The Duels).url:favicon 894 bytes
C:\Documents and Settings\Owner\Favorites\Gaming\Rhydin & AOL Related Sites\DM & Affliates\The RDI Group Homepage.url:favicon 318 bytes
C:\Documents and Settings\Owner\Favorites\Gaming\Rhydin & AOL Related Sites\DM & Affliates\The Realm of RhyDin.url:favicon 318 bytes
C:\Documents and Settings\Owner\Favorites\Gaming\Rhydin & AOL Related Sites\NorseLady's Realms of Fantasy.url:favicon 1406 bytes
C:\Documents and Settings\Owner\Favorites\Gaming\Rhydin & AOL Related Sites\Welcome to Lyran Tal Press.url:favicon 3638 bytes
C:\Documents and Settings\Owner\Favorites\Gaming\Vampires\Sanguinarius.org.url:favicon 318 bytes
C:\Documents and Settings\Owner\Favorites\Gaming\Vampires\Vampires! The Dark Alleyway.url:favicon 766 bytes
C:\Documents and Settings\Owner\Favorites\Gaming\VillainSource -- formerly VillainSupply.url:favicon 1150 bytes
C:\Documents and Settings\Owner\Favorites\Gaming\Web Gaming\Pan Historia.url:favicon 3638 bytes
C:\Documents and Settings\Owner\Favorites\Gaming\Web Gaming\Vampires! The Dark Alleyway.url:favicon 766 bytes
C:\Documents and Settings\Owner\Favorites\Gaming\www.rpgmp3.com.url:favicon 1406 bytes
C:\Documents and Settings\Owner\Favorites\Graphics & Art\Gothic\8652.jpg (image).url:favicon 1406 bytes
C:\Documents and Settings\Owner\Favorites\Graphics & Art\Gothic\goth+girl+2.jpg (image).url:favicon 1406 bytes
C:\Documents and Settings\Owner\Favorites\Graphics & Art\Gothic\goth+girl.jpg (image).url:favicon 1406 bytes
C:\Documents and Settings\Owner\Favorites\Graphics & Art\Gothic\http--www.kaax.org-images-archives-2002-06_0201-015-26_Goth_girl.jpg.url:favicon 1406 bytes
C:\Documents and Settings\Owner\Favorites\Graphics & Art\Gothic\http--www.xoospace.com-myspace-backgrounds-29425.jpg.url:favicon 3262 bytes
C:\Documents and Settings\Owner\Favorites\Graphics & Art\Ruth Thompson Tarnished Images (fantasy artwork).url:favicon 3638 bytes
C:\Documents and Settings\Owner\Favorites\Shopping\Books & More\Amazon.com.url:favicon 17542 bytes
C:\Documents and Settings\Owner\Favorites\Shopping\Books & More\BestBuy.com.url:favicon 3638 bytes
C:\Documents and Settings\Owner\Favorites\Shopping\Books & More\Buy.com.url:favicon 1150 bytes
C:\Documents and Settings\Owner\Favorites\Shopping\Books & More\circuitcity.com.url:favicon 318 bytes
C:\Documents and Settings\Owner\Favorites\Shopping\Books & More\eBay - The World's Online Marketplace.url:favicon 1406 bytes
C:\Documents and Settings\Owner\Favorites\Shopping\Books & More\Etsy Your place to buy and sell all things handmade.url:favicon 894 bytes
C:\Documents and Settings\Owner\Favorites\Shopping\Books & More\Kmart.url:favicon 1654 bytes
C:\Documents and Settings\Owner\Favorites\Shopping\Books & More\Louie's Juke Joint Music Shop - Music and Voodoo in New Or.url:favicon 6598 bytes
C:\Documents and Settings\Owner\Favorites\Shopping\Books & More\One Spirit.url:favicon 318 bytes
C:\Documents and Settings\Owner\Favorites\Shopping\Books & More\Overstock.com.url:favicon 1406 bytes
C:\Documents and Settings\Owner\Favorites\Shopping\Books & More\Sears.com.url:favicon 1406 bytes
C:\Documents and Settings\Owner\Favorites\Shopping\Books & More\SFBC.url:favicon 318 bytes
C:\Documents and Settings\Owner\Favorites\Shopping\Books & More\Walgreens.url:favicon 1406 bytes
C:\Documents and Settings\Owner\Favorites\Shopping\Books & More\Walmart.com - Always Low Prices!.url:favicon 1406 bytes
C:\Documents and Settings\Owner\Favorites\Shopping\Clothing & Personal\80s t-shirts.url:favicon 1150 bytes
C:\Documents and Settings\Owner\Favorites\Shopping\Clothing & Personal\Compression Garments\Healing Enhancements.url:favicon 3638 bytes
C:\Documents and Settings\Owner\Favorites\Shopping\Clothing & Personal\Compression Garments\Make Me Heal.url:favicon 1150 bytes
C:\Documents and Settings\Owner\Favorites\Shopping\Clothing & Personal\Compression Garments\Marena ComfortWear.url:favicon 4022 bytes
C:\Documents and Settings\Owner\Favorites\Shopping\Clothing & Personal\Dr. Martens USA Store.url:favicon 1150 bytes
C:\Documents and Settings\Owner\Favorites\Shopping\Clothing & Personal\FragranceNet.com®.url:favicon 1406 bytes
C:\Documents and Settings\Owner\Favorites\Shopping\Clothing & Personal\Gothic Clothing.url:favicon 3638 bytes
C:\Documents and Settings\Owner\Favorites\Shopping\Clothing & Personal\Hot Topic.url:favicon 1150 bytes
C:\Documents and Settings\Owner\Favorites\Shopping\Clothing & Personal\J!NX Clothing for Gamers and Geeks.url:favicon 3638 bytes
C:\Documents and Settings\Owner\Favorites\Shopping\Clothing & Personal\ROMANTASY Corsets.url:favicon 4150 bytes
C:\Documents and Settings\Owner\Favorites\Shopping\Clothing & Personal\RPG Apparel Absurda-T.url:favicon 894 bytes
C:\Documents and Settings\Owner\Favorites\Shopping\Clothing & Personal\T-Shirts that ROCK.url:favicon 894 bytes
C:\Documents and Settings\Owner\Favorites\Shopping\Clothing & Personal\Teeth by DNash.url:favicon 3638 bytes
C:\Documents and Settings\Owner\Favorites\Shopping\Clothing & Personal\URBAN DECAY.url:favicon 1406 bytes
C:\Documents and Settings\Owner\Favorites\Shopping\Clothing & Personal\Vampfangs - Alternative Superstore.url:favicon 3638 bytes
C:\Documents and Settings\Owner\Favorites\Shopping\Comics\Midtowncomics.com.url:favicon 1150 bytes
C:\Documents and Settings\Owner\Favorites\Shopping\Comics\mycomicshop.com.url:favicon 1406 bytes
C:\Documents and Settings\Owner\Favorites\Shopping\Crafty\Artbeads.url:favicon 1150 bytes
C:\Documents and Settings\Owner\Favorites\Shopping\Crafty\AuntiesBeads.com.url:favicon 3638 bytes
C:\Documents and Settings\Owner\Favorites\Shopping\Crafty\BestCrystals.com.url:favicon 2550 bytes
C:\Documents and Settings\Owner\Favorites\Shopping\Crafty\Healing Crystals.url:favicon 11502 bytes
C:\Documents and Settings\Owner\Favorites\Shopping\Crafty\Silver Enchantments.url:favicon 568 bytes
C:\Documents and Settings\Owner\Favorites\Shopping\Gifts\Harriet Carter.url:favicon 894 bytes
C:\Documents and Settings\Owner\Favorites\Shopping\Gifts\Lillian Vernon.url:favicon 894 bytes
C:\Documents and Settings\Owner\Favorites\Shopping\Gifts\Potpourri Online Catalog.url:favicon 894 bytes
C:\Documents and Settings\Owner\Favorites\Shopping\Gifts\Pyramid Collection.url:favicon 894 bytes
C:\Documents and Settings\Owner\Favorites\Shopping\Pagan Related\Azenta Products - Uniquely blended fragrances.url:favicon 1406 bytes
C:\Documents and Settings\Owner\Favorites\Shopping\Pagan Related\Clove Smokes.url:favicon 822 bytes
C:\Documents and Settings\Owner\Favorites\Shopping\Shopping Channels\HSN.url:favicon 894 bytes
C:\Documents and Settings\Owner\Favorites\Shopping\Shopping Channels\QVC.url:favicon 1150 bytes
C:\Documents and Settings\Owner\Favorites\The Webtender.url:favicon 2238 bytes
C:\Documents and Settings\Owner\Favorites\Travel\Air Fare Watchdog.url:favicon 4286 bytes
C:\Documents and Settings\Owner\Favorites\Travel\AirTran Airways.url:favicon 9062 bytes
C:\Documents and Settings\Owner\Favorites\Travel\CheapAir.com.url:favicon 1078 bytes
C:\Documents and Settings\Owner\Favorites\Travel\Farecast.url:favicon 1150 bytes
C:\Documents and Settings\Owner\Favorites\Travel\Flight Stats.url:favicon 894 bytes
C:\Documents and Settings\Owner\Favorites\Travel\ITA Software.url:favicon 1150 bytes
C:\Documents and Settings\Owner\Favorites\Travel\Kayak.url:favicon 3750 bytes
C:\Documents and Settings\Owner\Favorites\Travel\MapQuest.url:favicon 1150 bytes
C:\Documents and Settings\Owner\Favorites\Travel\Northwest Airlines.url:favicon 894 bytes
C:\Documents and Settings\Owner\Favorites\Travel\Priceline.com.url:favicon 1406 bytes
C:\Documents and Settings\Owner\Favorites\Travel\Southwest Airlines.url:favicon 2550 bytes
C:\Documents and Settings\Owner\Favorites\Travel\Travelocity.com.url:favicon 1406 bytes
C:\Documents and Settings\Owner\Favorites\Travel\TripAdvisor.url:favicon 1150 bytes
C:\Documents and Settings\Owner\Favorites\Travel\United Airlines.url:favicon 1406 bytes
C:\Documents and Settings\Owner\Favorites\Travel\US Airways.url:favicon 1150 bytes
C:\Documents and Settings\Owner\Julie's Documents\Julie's Stuff\Shtuff\Poetry and Personal\WiccaPaganShaman-FAQ.pdf:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} 0 bytes
C:\Documents and Settings\Owner\Julie's Documents\Julie's Stuff\Shtuff\Private\FromChris\Personal\Archived\020108-Skylar.3g2:�SummaryInformation 120 bytes
C:\Documents and Settings\Owner\Julie's Documents\Julie's Stuff\Shtuff\Private\FromChris\Personal\Archived\020108-Skylar.3g2:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} 0 bytes
C:\Documents and Settings\Owner\Julie's Documents\Julie's Stuff\Shtuff\Private\FromChris\Personal\Archived\102707-Julie.3g2:�SummaryInformation 120 bytes
C:\Documents and Settings\Owner\Julie's Documents\Julie's Stuff\Shtuff\Private\FromChris\Personal\Archived\102707-Julie.3g2:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} 0 bytes
C:\Documents and Settings\Owner\Julie's Documents\My Music\Grace Potter and the Nocturnals\Here's to the Meantime - Grace Potter and the Nocturnals.m4a:�SummaryInformation 184 bytes
C:\Documents and Settings\Owner\Julie's Documents\My Music\Grace Potter and the Nocturnals\Here's to the Meantime - Grace Potter and the Nocturnals.m4a:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} 0 bytes
C:\Documents and Settings\Owner\Julie's Documents\My Music\Grace Potter and the Nocturnals\Kissing In A Tree - Grace Potter and the Nocturnals.m4a:�SummaryInformation 180 bytes
C:\Documents and Settings\Owner\Julie's Documents\My Music\Grace Potter and the Nocturnals\Kissing In A Tree - Grace Potter and the Nocturnals.m4a:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} 0 bytes
C:\Documents and Settings\Owner\Julie's Documents\My Music\Dead Can Dance\Summoning Of The Muse - Dead Can Dance.m4a:�SummaryInformation 168 bytes
C:\Documents and Settings\Owner\Julie's Documents\My Music\Dead Can Dance\Summoning Of The Muse - Dead Can Dance.m4a:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} 0 bytes
C:\Documents and Settings\Owner\Julie's Documents\My Music\Cocteau Twins\My Truth - Cocteau Twins.m4a:�SummaryInformation 156 bytes
C:\Documents and Settings\Owner\Julie's Documents\My Music\Cocteau Twins\My Truth - Cocteau Twins.m4a:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} 0 bytes
C:\Documents and Settings\Owner\Julie's Documents\My Music\Corinne Bailey Rae\One Night (Of Sin) - Corinne Bailey Rae.m4a:�SummaryInformation 168 bytes
C:\Documents and Settings\Owner\Julie's Documents\My Music\Corinne Bailey Rae\One Night (Of Sin) - Corinne Bailey Rae.m4a:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} 0 bytes
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\crymsun@hotmail.com\SharingMetadata\anjettyler@live.com\DFSR\Staging\CS{D95A480A-DF8C-A3D4-DE86-488207013408}\01\68-{D95A480A-DF8C-A3D4-DE86-488207013408}-v1-{8C52E055-F65F-47F7-85EF-E91245BE424C}-v68-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\crymsun@hotmail.com\SharingMetadata\anjettyler@live.com\DFSR\Staging\CS{D95A480A-DF8C-A3D4-DE86-488207013408}\05\107-{8C52E055-F65F-47F7-85EF-E91245BE424C}-v105-{8C52E055-F65F-47F7-85EF-E91245BE424C}-v107-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 930 bytes hidden from API
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\crymsun@hotmail.com\SharingMetadata\anjettyler@live.com\DFSR\Staging\CS{D95A480A-DF8C-A3D4-DE86-488207013408}\05\107-{8C52E055-F65F-47F7-85EF-E91245BE424C}-v105-{8C52E055-F65F-47F7-85EF-E91245BE424C}-v107-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 104 bytes hidden from API
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\crymsun@hotmail.com\SharingMetadata\anjettyler@live.com\DFSR\Staging\CS{D95A480A-DF8C-A3D4-DE86-488207013408}\11\112-{8C52E055-F65F-47F7-85EF-E91245BE424C}-v111-{8C52E055-F65F-47F7-85EF-E91245BE424C}-v112-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 696 bytes hidden from API
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\crymsun@hotmail.com\SharingMetadata\anjettyler@live.com\DFSR\Staging\CS{D95A480A-DF8C-A3D4-DE86-488207013408}\11\112-{8C52E055-F65F-47F7-85EF-E91245BE424C}-v111-{8C52E055-F65F-47F7-85EF-E91245BE424C}-v112-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 72 bytes hidden from API
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\crymsun@hotmail.com\SharingMetadata\anjettyler@live.com\DFSR\Staging\CS{D95A480A-DF8C-A3D4-DE86-488207013408}\17\18-{B900FBFA-B252-4D60-97BF-A1EA14F64BDF}-v17-{B900FBFA-B252-4D60-97BF-A1EA14F64BDF}-v18-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 81560 bytes hidden from API
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\crymsun@hotmail.com\SharingMetadata\anjettyler@live.com\DFSR\Staging\CS{D95A480A-DF8C-A3D4-DE86-488207013408}\20\83-{B900FBFA-B252-4D60-97BF-A1EA14F64BDF}-v20-{8C52E055-F65F-47F7-85EF-E91245BE424C}-v83-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 47352 bytes hidden from API
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\crymsun@hotmail.com\SharingMetadata\anjettyler@live.com\DFSR\Staging\CS{D95A480A-DF8C-A3D4-DE86-488207013408}\20\83-{B900FBFA-B252-4D60-97BF-A1EA14F64BDF}-v20-{8C52E055-F65F-47F7-85EF-E91245BE424C}-v83-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 5224 bytes hidden from API
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\crymsun@hotmail.com\SharingMetadata\anjettyler@live.com\DFSR\Staging\CS{D95A480A-DF8C-A3D4-DE86-488207013408}\22\84-{B900FBFA-B252-4D60-97BF-A1EA14F64BDF}-v22-{8C52E055-F65F-47F7-85EF-E91245BE424C}-v84-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 40026 bytes hidden from API
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\crymsun@hotmail.com\SharingMetadata\anjettyler@live.com\DFSR\Staging\CS{D95A480A-DF8C-A3D4-DE86-488207013408}\22\84-{B900FBFA-B252-4D60-97BF-A1EA14F64BDF}-v22-{8C52E055-F65F-47F7-85EF-E91245BE424C}-v84-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 4424 bytes hidden from API
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\crymsun@hotmail.com\SharingMetadata\anjettyler@live.com\DFSR\Staging\CS{D95A480A-DF8C-A3D4-DE86-488207013408}\26\30-{B900FBFA-B252-4D60-97BF-A1EA14F64BDF}-v26-{B900FBFA-B252-4D60-97BF-A1EA14F64BDF}-v30-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 1200 bytes hidden from API
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\crymsun@hotmail.com\SharingMetadata\anjettyler@live.com\DFSR\Staging\CS{D95A480A-DF8C-A3D4-DE86-488207013408}\26\30-{B900FBFA-B252-4D60-97BF-A1EA14F64BDF}-v26-{B900FBFA-B252-4D60-97BF-A1EA14F64BDF}-v30-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 144 bytes hidden from API
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\crymsun@hotmail.com\SharingMetadata\anjettyler@live.com\DFSR\Staging\CS{D95A480A-DF8C-A3D4-DE86-488207013408}\31\35-{B900FBFA-B252-4D60-97BF-A1EA14F64BDF}-v31-{B900FBFA-B252-4D60-97BF-A1EA14F64BDF}-v35-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 1272 bytes hidden from API
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\crymsun@hotmail.com\SharingMetadata\anjettyler@live.com\DFSR\Staging\CS{D95A480A-DF8C-A3D4-DE86-488207013408}\31\35-{B900FBFA-B252-4D60-97BF-A1EA14F64BDF}-v31-{B900FBFA-B252-4D60-97BF-A1EA14F64BDF}-v35-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 144 bytes hidden from API
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\crymsun@hotmail.com\SharingMetadata\anjettyler@live.com\DFSR\Staging\CS{D95A480A-DF8C-A3D4-DE86-488207013408}\36\37-{B900FBFA-B252-4D60-97BF-A1EA14F64BDF}-v36-{B900FBFA-B252-4D60-97BF-A1EA14F64BDF}-v37-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 152 bytes hidden from API
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\crymsun@hotmail.com\SharingMetadata\anjettyler@live.com\DFSR\Staging\CS{D95A480A-DF8C-A3D4-DE86-488207013408}\38\94-{B900FBFA-B252-4D60-97BF-A1EA14F64BDF}-v38-{8C52E055-F65F-47F7-85EF-E91245BE424C}-v94-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 18066 bytes hidden from API
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\crymsun@hotmail.com\SharingMetadata\anjettyler@live.com\DFSR\Staging\CS{D95A480A-DF8C-A3D4-DE86-488207013408}\38\94-{B900FBFA-B252-4D60-97BF-A1EA14F64BDF}-v38-{8C52E055-F65F-47F7-85EF-E91245BE424C}-v94-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1984 bytes hidden from API
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\crymsun@hotmail.com\SharingMetadata\anjettyler@live.com\DFSR\Staging\CS{D95A480A-DF8C-A3D4-DE86-488207013408}\41\95-{B900FBFA-B252-4D60-97BF-A1EA14F64BDF}-v41-{8C52E055-F65F-47F7-85EF-E91245BE424C}-v95-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 282 bytes hidden from API
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\crymsun@hotmail.com\SharingMetadata\anjettyler@live.com\DFSR\Staging\CS{D95A480A-DF8C-A3D4-DE86-488207013408}\41\95-{B900FBFA-B252-4D60-97BF-A1EA14F64BDF}-v41-{8C52E055-F65F-47F7-85EF-E91245BE424C}-v95-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 816 bytes hidden from API
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\crymsun@hotmail.com\SharingMetadata\anjettyler@live.com\DFSR\Staging\CS{D95A480A-DF8C-A3D4-DE86-488207013408}\46\97-{B900FBFA-B252-4D60-97BF-A1EA14F64BDF}-v46-{8C52E055-F65F-47F7-85EF-E91245BE424C}-v97-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 7086 bytes hidden from API
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\crymsun@hotmail.com\SharingMetadata\anjettyler@live.com\DFSR\Staging\CS{D95A480A-DF8C-A3D4-DE86-488207013408}\46\97-{B900FBFA-B252-4D60-97BF-A1EA14F64BDF}-v46-{8C52E055-F65F-47F7-85EF-E91245BE424C}-v97-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 808 bytes hidden from API
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\crymsun@hotmail.com\SharingMetadata\anjettyler@live.com\DFSR\Staging\CS{D95A480A-DF8C-A3D4-DE86-488207013408}\51\100-{B900FBFA-B252-4D60-97BF-A1EA14F64BDF}-v51-{8C52E055-F65F-47F7-85EF-E91245BE424C}-v100-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 7536 bytes hidden from API
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\crymsun@hotmail.com\SharingMetadata\anjettyler@live.com\DFSR\Staging\CS{D95A480A-DF8C-A3D4-DE86-488207013408}\51\100-{B900FBFA-B252-4D60-97BF-A1EA14F64BDF}-v51-{8C52E055-F65F-47F7-85EF-E91245BE424C}-v100-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 832 bytes hidden from API
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\crymsun@hotmail.com\SharingMetadata\anjettyler@live.com\DFSR\Staging\CS{D95A480A-DF8C-A3D4-DE86-488207013408}\69\13-{8C52E055-F65F-47F7-85EF-E91245BE424C}-v69-{B900FBFA-B252-4D60-97BF-A1EA14F64BDF}-v13-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 91596 bytes hidden from API
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\crymsun@hotmail.com\SharingMetadata\anjettyler@live.com\DFSR\Staging\CS{D95A480A-DF8C-A3D4-DE86-488207013408}\69\13-{8C52E055-F65F-47F7-85EF-E91245BE424C}-v69-{B900FBFA-B252-4D60-97BF-A1EA14F64BDF}-v13-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2 6474 bytes hidden from API
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\crymsun@hotmail.com\SharingMetadata\anjettyler@live.com\DFSR\Staging\CS{D95A480A-DF8C-A3D4-DE86-488207013408}\69\13-{8C52E055-F65F-47F7-85EF-E91245BE424C}-v69-{B900FBFA-B252-4D60-97BF-A1EA14F64BDF}-v13-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 11344 bytes hidden from API
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\crymsun@hotmail.com\SharingMetadata\aparnell@hotmail.co.uk\DFSR\Staging\CS{73A88DF1-4E43-6D7F-16CA-89B79D990B7A}\01\120-{73A88DF1-4E43-6D7F-16CA-89B79D990B7A}-v1-{8C52E055-F65F-47F7-85EF-E91245BE424C}-v120-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\crymsun@hotmail.com\SharingMetadata\aparnell@hotmail.co.uk\DFSR\Staging\CS{73A88DF1-4E43-6D7F-16CA-89B79D990B7A}\21\122-{8C52E055-F65F-47F7-85EF-E91245BE424C}-v121-{8C52E055-F65F-47F7-85EF-E91245BE424C}-v122-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 732 bytes hidden from API
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\crymsun@hotmail.com\SharingMetadata\aparnell@hotmail.co.uk\DFSR\Staging\CS{73A88DF1-4E43-6D7F-16CA-89B79D990B7A}\21\122-{8C52E055-F65F-47F7-85EF-E91245BE424C}-v121-{8C52E055-F65F-47F7-85EF-E91245BE424C}-v122-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 80 bytes hidden from API
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\crymsun@hotmail.com\SharingMetadata\thepoobler@talktalk.net\DFSR\Staging\CS{5389E97F-164C-12E7-77D9-1100CA231D6D}\01\10-{5389E97F-164C-12E7-77D9-1100CA231D6D}-v1-{8C52E055-F65F-47F7-85EF-E91245BE424C}-v10-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\crymsun@hotmail.com\SharingMetadata\thepoobler@talktalk.net\DFSR\Staging\CS{5389E97F-164C-12E7-77D9-1100CA231D6D}\11\14-{8C52E055-F65F-47F7-85EF-E91245BE424C}-v11-{8C52E055-F65F-47F7-85EF-E91245BE424C}-v14-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 1758 bytes hidden from API
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\crymsun@hotmail.com\SharingMetadata\thepoobler@talktalk.net\DFSR\Staging\CS{5389E97F-164C-12E7-77D9-1100CA231D6D}\11\14-{8C52E055-F65F-47F7-85EF-E91245BE424C}-v11-{8C52E055-F65F-47F7-85EF-E91245BE424C}-v14-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 184 bytes hidden from API
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\crymsun@hotmail.com\SharingMetadata\thepoobler@talktalk.net\DFSR\Staging\CS{5389E97F-164C-12E7-77D9-1100CA231D6D}\15\119-{8C52E055-F65F-47F7-85EF-E91245BE424C}-v115-{8C52E055-F65F-47F7-85EF-E91245BE424C}-v119-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 4692 bytes hidden from API
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\crymsun@hotmail.com\SharingMetadata\thepoobler@talktalk.net\DFSR\Staging\CS{5389E97F-164C-12E7-77D9-1100CA231D6D}\15\119-{8C52E055-F65F-47F7-85EF-E91245BE424C}-v115-{8C52E055-F65F-47F7-85EF-E91245BE424C}-v119-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 528 bytes hidden from API
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\crymsun@hotmail.com\SharingMetadata\thepoobler@talktalk.net\DFSR\Staging\CS{5389E97F-164C-12E7-77D9-1100CA231D6D}\16\118-{8C52E055-F65F-47F7-85EF-E91245BE424C}-v116-{8C52E055-F65F-47F7-85EF-E91245BE424C}-v118-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 4728 bytes hidden from API
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\crymsun@hotmail.com\SharingMetadata\thepoobler@talktalk.net\DFSR\Staging\CS{5389E97F-164C-12E7-77D9-1100CA231D6D}\16\118-{8C52E055-F65F-47F7-85EF-E91245BE424C}-v116-{8C52E055-F65F-47F7-85EF-E91245BE424C}-v118-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 520 bytes hidden from API
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\crymsun@hotmail.com\SharingMetadata\thepoobler@talktalk.net\DFSR\Staging\CS{5389E97F-164C-12E7-77D9-1100CA231D6D}\17\19-{8C52E055-F65F-47F7-85EF-E91245BE424C}-v17-{8C52E055-F65F-47F7-85EF-E91245BE424C}-v19-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 2460 bytes hidden from API
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\crymsun@hotmail.com\SharingMetadata\thepoobler@talktalk.net\DFSR\Staging\CS{5389E97F-164C-12E7-77D9-1100CA231D6D}\17\19-{8C52E055-F65F-47F7-85EF-E91245BE424C}-v17-{8C52E055-F65F-47F7-85EF-E91245BE424C}-v19-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 280 bytes hidden from API
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\crymsun@hotmail.com\SharingMetadata\thepoobler@talktalk.net\DFSR\Staging\CS{5389E97F-164C-12E7-77D9-1100CA231D6D}\17\21-{8C52E055-F65F-47F7-85EF-E91245BE424C}-v17-{8C52E055-F65F-47F7-85EF-E91245BE424C}-v21-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 2460 bytes hidden from API
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\crymsun@hotmail.com\SharingMetadata\thepoobler@talktalk.net\DFSR\Staging\CS{5389E97F-164C-12E7-77D9-1100CA231D6D}\17\21-{8C52E055-F65F-47F7-85EF-E91245BE424C}-v17-{8C52E055-F65F-47F7-85EF-E91245BE424C}-v21-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 280 bytes hidden from API
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\crymsun@hotmail.com\SharingMetadata\thepoobler@talktalk.net\DFSR\Staging\CS{5389E97F-164C-12E7-77D9-1100CA231D6D}\26\46-{8C52E055-F65F-47F7-85EF-E91245BE424C}-v26-{8C52E055-F65F-47F7-85EF-E91245BE424C}-v46-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 13962 bytes hidden from API
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\crymsun@hotmail.com\SharingMetadata\thepoobler@talktalk.net\DFSR\Staging\CS{5389E97F-164C-12E7-77D9-1100CA231D6D}\26\46-{8C52E055-F65F-47F7-85EF-E91245BE424C}-v26-{8C52E055-F65F-47F7-85EF-E91245BE424C}-v46-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1552 bytes hidden from API
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\crymsun@hotmail.com\SharingMetadata\thepoobler@talktalk.net\DFSR\Staging\CS{5389E97F-164C-12E7-77D9-1100CA231D6D}\27\41-{8C52E055-F65F-47F7-85EF-E91245BE424C}-v27-{8C52E055-F65F-47F7-85EF-E91245BE424C}-v41-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 9642 bytes hidden from API
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\crymsun@hotmail.com\SharingMetadata\thepoobler@talktalk.net\DFSR\Staging\CS{5389E97F-164C-12E7-77D9-1100CA231D6D}\27\41-{8C52E055-F65F-47F7-85EF-E91245BE424C}-v27-{8C52E055-F65F-47F7-85EF-E91245BE424C}-v41-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1080 bytes hidden from API
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\crymsun@hotmail.com\SharingMetadata\thepoobler@talktalk.net\DFSR\Staging\CS{5389E97F-164C-12E7-77D9-1100CA231D6D}\28\42-{8C52E055-F65F-47F7-85EF-E91245BE424C}-v28-{8C52E055-F65F-47F7-85EF-E91245BE424C}-v42-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 13512 bytes hidden from API
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\crymsun@hotmail.com\SharingMetadata\thepoobler@talktalk.net\DFSR\Staging\CS{5389E97F-164C-12E7-77D9-1100CA231D6D}\28\42-{8C52E055-F65F-47F7-85EF-E91245BE424C}-v28-{8C52E055-F65F-47F7-85EF-E91245BE424C}-v42-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1504 bytes hidden from API
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\crymsun@hotmail.com\SharingMetadata\thepoobler@talktalk.net\DFSR\Staging\CS{5389E97F-164C-12E7-77D9-1100CA231D6D}\29\43-{8C52E055-F65F-47F7-85EF-E91245BE424C}-v29-{8C52E055-F65F-47F7-85EF-E91245BE424C}-v43-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 16752 bytes hidden from API
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\crymsun@hotmail.com\SharingMetadata\thepoobler@talktalk.net\DFSR\Staging\CS{5389E97F-164C-12E7-77D9-1100CA231D6D}\29\43-{8C52E055-F65F-47F7-85EF-E91245BE424C}-v29-{8C52E055-F65F-47F7-85EF-E91245BE424C}-v43-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2 1254 bytes hidden from API
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\crymsun@hotmail.com\SharingMetadata\thepoobler@talktalk.net\DFSR\Staging\CS{5389E97F-164C-12E7-77D9-1100CA231D6D}\29\43-{8C52E055-F65F-47F7-85EF-E91245BE424C}-v29-{8C52E055-F65F-47F7-85EF-E91245BE424C}-v43-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1864 bytes hidden from API
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\crymsun@hotmail.com\SharingMetadata\thepoobler@talktalk.net\DFSR\Staging\CS{5389E97F-164C-12E7-77D9-1100CA231D6D}\30\44-{8C52E055-F65F-47F7-85EF-E91245BE424C}-v30-{8C52E055-F65F-47F7-85EF-E91245BE424C}-v44-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 12684 bytes hidden from API
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\crymsun@hotmail.com\SharingMetadata\thepoobler@talktalk.net\DFSR\Staging\CS{5389E97F-164C-12E7-77D9-1100CA231D6D}\30\44-{8C52E055-F65F-47F7-85EF-E91245BE424C}-v30-{8C52E055-F65F-47F7-85EF-E91245BE424C}-v44-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1408 bytes hidden from API
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\crymsun@hotmail.com\SharingMetadata\thepoobler@talktalk.net\DFSR\Staging\CS{5389E97F-164C-12E7-77D9-1100CA231D6D}\31\53-{8C52E055-F65F-47F7-85EF-E91245BE424C}-v31-{8C52E055-F65F-47F7-85EF-E91245BE424C}-v53-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 14088 bytes hidden from API
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\crymsun@hotmail.com\SharingMetadata\thepoobler@talktalk.net\DFSR\Staging\CS{5389E97F-164C-12E7-77D9-1100CA231D6D}\31\53-{8C52E055-F65F-47F7-85EF-E91245BE424C}-v31-{8C52E055-F65F-47F7-85EF-E91245BE424C}-v53-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1616 bytes hidden from API
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\crymsun@hotmail.com\SharingMetadata\thepoobler@talktalk.net\DFSR\Staging\CS{5389E97F-164C-12E7-77D9-1100CA231D6D}\33\54-{8C52E055-F65F-47F7-85EF-E91245BE424C}-v33-{8C52E055-F65F-47F7-85EF-E91245BE424C}-v54-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 14916 bytes hidden from API
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\crymsun@hotmail.com\SharingMetadata\thepoobler@talktalk.net\DFSR\Staging\CS{5389E97F-164C-12E7-77D9-1100CA231D6D}\33\54-{8C52E055-F65F-47F7-85EF-E91245BE424C}-v33-{8C52E055-F65F-47F7-85EF-E91245BE424C}-v54-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1664 bytes hidden from API
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\crymsun@hotmail.com\SharingMetadata\thepoobler@talktalk.net\DFSR\Staging\CS{5389E97F-164C-12E7-77D9-1100CA231D6D}\34\58-{8C52E055-F65F-47F7-85EF-E91245BE424C}-v34-{8C52E055-F65F-47F7-85EF-E91245BE424C}-v58-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 12126 bytes hidden from API
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\crymsun@hotmail.com\SharingMetadata\thepoobler@talktalk.net\DFSR\Staging\CS{5389E97F-164C-12E7-77D9-1100CA231D6D}\34\58-{8C52E055-F65F-47F7-85EF-E91245BE424C}-v34-{8C52E055-F65F-47F7-85EF-E91245BE424C}-v58-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1368 bytes hidden from API
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\crymsun@hotmail.com\SharingMetadata\thepoobler@talktalk.net\DFSR\Staging\CS{5389E97F-164C-12E7-77D9-1100CA231D6D}\35\59-{8C52E055-F65F-47F7-85EF-E91245BE424C}-v35-{8C52E055-F65F-47F7-85EF-E91245BE424C}-v59-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 11838 bytes hidden from API
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\crymsun@hotmail.com\SharingMetadata\thepoobler@talktalk.net\DFSR\Staging\CS{5389E97F-164C-12E7-77D9-1100CA231D6D}\35\59-{8C52E055-F65F-47F7-85EF-E91245BE424C}-v35-{8C52E055-F65F-47F7-85EF-E91245BE424C}-v59-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1288 bytes hidden from API
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\crymsun@hotmail.com\SharingMetadata\thepoobler@talktalk.net\DFSR\Staging\CS{5389E97F-164C-12E7-77D9-1100CA231D6D}\36\60-{8C52E055-F65F-47F7-85EF-E91245BE424C}-v36-{8C52E055-F65F-47F7-85EF-E91245BE424C}-v60-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 11208 bytes hidden from API
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\crymsun@hotmail.com\SharingMetadata\thepoobler@talktalk.net\DFSR\Staging\CS{5389E97F-164C-12E7-77D9-1100CA231D6D}\36\60-{8C52E055-F65F-47F7-85EF-E91245BE424C}-v36-{8C52E055-F65F-47F7-85EF-E91245BE424C}-v60-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1248 bytes hidden from API
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\crymsun@hotmail.com\SharingMetadata\thepoobler@talktalk.net\DFSR\Staging\CS{5389E97F-164C-12E7-77D9-1100CA231D6D}\37\61-{8C52E055-F65F-47F7-85EF-E91245BE424C}-v37-{8C52E055-F65F-47F7-85EF-E91245BE424C}-v61-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 9390 bytes hidden from API
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\crymsun@hotmail.com\SharingMetadata\thepoobler@talktalk.net\DFSR\Staging\CS{5389E97F-164C-12E7-77D9-1100CA231D6D}\37\61-{8C52E055-F65F-47F7-85EF-E91245BE424C}-v37-{8C52E055-F65F-47F7-85EF-E91245BE424C}-v61-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1048 bytes hidden from API
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\crymsun@hotmail.com\SharingMetadata\thepoobler@talktalk.net\DFSR\Staging\CS{5389E97F-164C-12E7-77D9-1100CA231D6D}\38\62-{8C52E055-F65F-47F7-85EF-E91245BE424C}-v38-{8C52E055-F65F-47F7-85EF-E91245BE424C}-v62-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 14016 bytes hidden from API
Crymmsun
2009-05-06, 17:32
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\crymsun@hotmail.com\SharingMetadata\thepoobler@talktalk.net\DFSR\Staging\CS{5389E97F-164C-12E7-77D9-1100CA231D6D}\38\62-{8C52E055-F65F-47F7-85EF-E91245BE424C}-v38-{8C52E055-F65F-47F7-85EF-E91245BE424C}-v62-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1536 bytes hidden from API
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\crymsun@hotmail.com\SharingMetadata\thepoobler@talktalk.net\DFSR\Staging\CS{5389E97F-164C-12E7-77D9-1100CA231D6D}\40\64-{8C52E055-F65F-47F7-85EF-E91245BE424C}-v40-{8C52E055-F65F-47F7-85EF-E91245BE424C}-v64-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 10470 bytes hidden from API
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\crymsun@hotmail.com\SharingMetadata\thepoobler@talktalk.net\DFSR\Staging\CS{5389E97F-164C-12E7-77D9-1100CA231D6D}\40\64-{8C52E055-F65F-47F7-85EF-E91245BE424C}-v40-{8C52E055-F65F-47F7-85EF-E91245BE424C}-v64-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1152 bytes hidden from API
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\crymsun@hotmail.com\SharingMetadata\thepoobler@talktalk.net\DFSR\Staging\CS{5389E97F-164C-12E7-77D9-1100CA231D6D}\47\65-{8C52E055-F65F-47F7-85EF-E91245BE424C}-v47-{8C52E055-F65F-47F7-85EF-E91245BE424C}-v65-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 13674 bytes hidden from API
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\crymsun@hotmail.com\SharingMetadata\thepoobler@talktalk.net\DFSR\Staging\CS{5389E97F-164C-12E7-77D9-1100CA231D6D}\47\65-{8C52E055-F65F-47F7-85EF-E91245BE424C}-v47-{8C52E055-F65F-47F7-85EF-E91245BE424C}-v65-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1512 bytes hidden from API
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\crymsun@hotmail.com\SharingMetadata\thepoobler@talktalk.net\DFSR\Staging\CS{5389E97F-164C-12E7-77D9-1100CA231D6D}\63\67-{8C52E055-F65F-47F7-85EF-E91245BE424C}-v63-{8C52E055-F65F-47F7-85EF-E91245BE424C}-v67-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 12990 bytes hidden from API
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\crymsun@hotmail.com\SharingMetadata\thepoobler@talktalk.net\DFSR\Staging\CS{5389E97F-164C-12E7-77D9-1100CA231D6D}\63\67-{8C52E055-F65F-47F7-85EF-E91245BE424C}-v63-{8C52E055-F65F-47F7-85EF-E91245BE424C}-v67-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1448 bytes hidden from API
scan completed successfully
hidden files: 518
[Alternate Data Streams]
@Alternate Data Stream - 109 bytes -> %AllUsersProfile%\Application Data\TEMP:825D5945
@Alternate Data Stream - 125 bytes -> %AllUsersProfile%\Application Data\TEMP:5C321E34
< End of report >
[/code]
Hi Crymmsun
i cant find anything about VirusRL2009
SystemLook
Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1 (http://jpshortstuff.247fixes.com/SystemLook.exe)
Download Mirror #2 (http://images.malwareremoval.com/jpshortstuff/SystemLook.exe)
Double-click SystemLook.exe to run it.
Copy the content of the following codebox into the main textfield:
::regfind
VirusRL2009
Click the Look button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found at on your Desktop entitled SystemLook.txt
Thanks peku006
Crymmsun
2009-05-07, 01:36
All right, it says it can't be found either. Here's the log:
SystemLook v1.0 by jpshortstuff (24.04.09)
Log created at 18:01 on 06/05/2009 by Owner (Administrator - Elevation successful)
Invalid Context: :regfind
No Context: VirusRL2009
-=End Of File=-
Here, though is a screen shot copy/paste of part of my startup from MSconfig. I had to make this an attachment because I couldn't figure out how to paste the screen shot to this reply.
Yes, the item is disabled as I did that before I contacted you here. Can it be deleted somehow? If it can't, is it posing a problem? Also, I've checked under "C:\ProgramFiles\VirusRL2009\VirusRL2009.exe" and this does not exist. So, how come the item is still in the startup line up?
I know, I'm probably just being nitpicky, huh? ::Grins.:: If you tell me it's nothing to worry about I'll let it go and not worry. ::Winks.:: Thank you for helping me on this.
Hi bjacks9
I am sorry I did a "typo"......should be so ":regfind" not "::regfind"
Double-click SystemLook.exe to run it.
Copy the content of the following codebox into the main textfield:
:regfind
VirusRL2009
Click the Look button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found at on your Desktop entitled SystemLook.txt
Thanks peku006
Crymmsun
2009-05-07, 23:36
Here is the new SystemLook Log:
SystemLook v1.0 by jpshortstuff (24.04.09)
Log created at 16:34 on 07/05/2009 by Owner (Administrator - Elevation successful)
========== regfind ==========
Searching for "VirusRL2009"
[HKEY_CURRENT_USER\Software\Microsoft\Office\9.0\Common\Open Find\Microsoft Word\Settings\Save As\File Name MRU]
""Value""=="VirusRL2009ScreenShot.doc Julie's_Resume[1a].doc Nickelback-DarkHorse.doc The slings and arrows.doc The Old West.doc DeadWarlocksExplained DeadWarlocks.doc Dreams In Dreams - 11-18-2008.doc Mab&Dragon111508.doc TheDragonAndMab111508"
[HKEY_CURRENT_USER\Software\Microsoft\Search Assistant\ACMru\5603]
""000""=="VirusRL2009"
[HKEY_CURRENT_USER\Software\Microsoft\Search Assistant\ACMru\5603]
""000""=="VirusRL2009"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\VirusRL2009]
[HKEY_USERS\S-1-5-21-854245398-789336058-2147007523-1003\Software\Microsoft\Office\9.0\Common\Open Find\Microsoft Word\Settings\Save As\File Name MRU]
""Value""=="VirusRL2009ScreenShot.doc Julie's_Resume[1a].doc Nickelback-DarkHorse.doc The slings and arrows.doc The Old West.doc DeadWarlocksExplained DeadWarlocks.doc Dreams In Dreams - 11-18-2008.doc Mab&Dragon111508.doc TheDragonAndMab111508"
[HKEY_USERS\S-1-5-21-854245398-789336058-2147007523-1003\Software\Microsoft\Search Assistant\ACMru\5603]
""000""=="VirusRL2009"
[HKEY_USERS\S-1-5-21-854245398-789336058-2147007523-1003\Software\Microsoft\Search Assistant\ACMru\5603]
""000""=="VirusRL2009"
-=End Of File=-
Hi Crymmsun
Download and Run OTMoveIt3
Download OTMoveIt3 (http://oldtimer.geekstogo.com/OTMoveIt3.exe) by Old Timer and save it to your Desktop.
Double-click OTMoveIt3.exe.
Copy the lines in the codebox below.
:Reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\VirusRL2009]
Return to OTMoveIt3, right click in the Paste Instructions for Items to be Moved window (under the yellow bar) and choose Paste.
Click the red Moveit! button.
Copy everything in the Results window (under the green bar), and paste it in your next reply.
Close OTMoveIt3
Is problem away ?
Thanks peku006
Crymmsun
2009-05-09, 00:28
Here's the paste from the OTMoveIt3 Results window. The item in my startup list is now gone. Thank you!!
:thanks: :bigthumb: :yahoo: :bow:
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\VirusRL2009\\ deleted successfully.
OTMoveIt3 by OldTimer - Version 1.0.11.0 log created on 05082009_172303
Hi Crymmsun
the scans are fine and it looks like your machine is clean :yahoo:
To remove all of the tools we used and the files and folders they created do the following:
Double-click OTMoveIt3.exe.
Click the CleanUp! button.
Select Yes when the "Begin cleanup Process?" prompt appears.
If you are prompted to Reboot during the cleanup, select Yes.
The tool will delete itself once it finishes, if not delete it by yourself.
Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
Disable and Enable System Restore-WINDOWS XP
This is a good time to clear your existing system restore points and establish a new clean restore point:
Turn off System Restore
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
Reboot.
Turn ON System Restore
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.
This will remove all restore points except the new one you just created.
Here are some free programs I recommend that could help you improve your computer's security.
Spybot Search and Destroy
Download it from here (http://www.safer-networking.org/en/mirrors/index.html). Just choose a mirror and off you go.
Find here the tutorial on how to use Spybot properly here (http://www.bleepingcomputer.com/tutorials/tutorial43.html)
Install SpyWare Blaster
Download it from here (http://www.javacoolsoftware.com/spywareblaster.html)
Find here the tutorial on how to use Spyware Blaster here (http://www.bleepingcomputer.com/tutorials/tutorial49.html)
Install WinPatrol
Download it from here (http://www.winpatrol.com/download.html)
Here you can find information about how WinPatrol works here (http://www.winpatrol.com/features.html)
Install FireTrust SiteHound
You can find information and download it from here (http://www.firetrust.com/en/products/sitehound)
Install MVPS Hosts File from here (http://mvps.org/winhelp2002/hosts.htm)
The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer.
Find Tutorial here : http://www.mvps.org/winhelp2002/hosts.htm
Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
You can use one of these sites to check if any updates are needed for your pc.
Secunia Software Inspector (http://secunia.com/software_inspector/)
F-secure Health Check (http://www.f-secure.com/weblog/archives/00001356.html)
Visit Microsoft often to get the latest updates for your computer.
http://www.update.microsoft.com
Please check out Tony Klein's article "How did I get infected in the first place?" (http://forums.spybot.info/showthread.php?t=279)
Read some information here (http://users.telenet.be/bluepatchy/miekiemoes/prevention.html) how to prevent Malware.
Happy safe surfing! :bigthumb:
Crymmsun
2009-05-09, 11:29
I am following your reccomendations right now. Thank you so very, very much for helping me!!
:bighug::wub::flowers:
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.
Note:If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.
If it has been less than four days since your last response and you need the thread re-opened, please send me or MOD a private message (pm). A valid, working link to the closed topic is required.