DiggityDesigns

Member
  • Content Count

    6
  • Joined

  • Last visited

Community Reputation

0 Neutral

About DiggityDesigns

  • Rank
    New Member
  1. Thanks a million ShadowPuterDude, everything seems to be A-OK... Hopefully I wont have to re-visit anytime soon... You guys do EXCELLENT work and I will highly recommend this service to anyone I know... Keep up the great work!! thanks.......
  2. Uninstalled and removed RegCure, deleted the specified items and ran a new scan. A2 Scan: a-squared Free - Version 4.5 Last update: 10/3/2009 9:34:15 PM Scan settings: Scan type: Deep Scan Objects: Memory, Traces, Cookies, C:\, D:\, E:\, F:\ Scan archives: On Heuristics: Off ADS Scan: On Scan start: 10/3/2009 9:47:28 PM Value: HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Emule --> Order detected: Trace.Registry.Emule 5.0!A2 Value: HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Emule --> Order detected: Trace.Registry.Emule 5.0!A2 c:\documents and settings\owner\application data\microsoft\internet explorer\quick launch\emule.lnk detected: Trace.File.Emule 5.0!A2 C:\Documents and Settings\Owner\Cookies\[email protected][2].txt detected: Trace.TrackingCookie.247realmedia!A2 C:\Documents and Settings\Owner\Cookies\[email protected][2].txt detected: Trace.TrackingCookie.2o7!A2 C:\Documents and Settings\Owner\Cookies\[email protected][1].txt detected: Trace.TrackingCookie.advertising!A2 C:\Documents and Settings\Owner\Cookies\[email protected][1].txt detected: Trace.TrackingCookie.atdmt!A2 C:\Documents and Settings\Owner\Cookies\[email protected][2].txt detected: Trace.TrackingCookie.atdmt!A2 C:\Documents and Settings\Owner\Cookies\[email protected][1].txt detected: Trace.TrackingCookie.bs.serving-sys!A2 C:\Documents and Settings\Owner\Cookies\[email protected][1].txt detected: Trace.TrackingCookie.com!A2 C:\Documents and Settings\Owner\Cookies\[email protected][2].txt detected: Trace.TrackingCookie.dealtime!A2 C:\Documents and Settings\Owner\Cookies\[email protected][1].txt detected: Trace.TrackingCookie.doubleclick!A2 C:\Documents and Settings\Owner\Cookies\[email protected][3].txt detected: Trace.TrackingCookie.doubleclick!A2 C:\Documents and Settings\Owner\Cookies\[email protected][1].txt detected: Trace.TrackingCookie.fastclick!A2 C:\Documents and Settings\Owner\Cookies\[email protected][1].txt detected: Trace.TrackingCookie.media!A2 C:\Documents and Settings\Owner\Cookies\[email protected][1].txt detected: Trace.TrackingCookie.media!A2 C:\Documents and Settings\Owner\Cookies\[email protected][2].txt detected: Trace.TrackingCookie.pricegrabber!A2 C:\Documents and Settings\Owner\Cookies\[email protected][2].txt detected: Trace.TrackingCookie.questionmarket!A2 C:\Documents and Settings\Owner\Cookies\[email protected][1].txt detected: Trace.TrackingCookie.serving-sys!A2 C:\Documents and Settings\Owner\Cookies\[email protected][2].txt detected: Trace.TrackingCookie.specificclick!A2 C:\Documents and Settings\Owner\Cookies\[email protected][1].txt detected: Trace.TrackingCookie.stat.dealtime!A2 C:\Documents and Settings\Owner\Cookies\[email protected][2].txt detected: Trace.TrackingCookie.tribalfusion!A2 C:\Documents and Settings\Owner\Cookies\[email protected][1].txt detected: Trace.TrackingCookie.valueclick!A2 C:\Documents and Settings\Owner\Cookies\[email protected][2].txt detected: Trace.TrackingCookie.zedo!A2 E:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP432\A0061978.exe detected: Adware.Win32.SearchIt.t!A2 Scanned Files: 368146 Traces: 642944 Cookies: 195 Processes: 41 Found Files: 1 Traces: 3 Cookies: 22 Processes: 0 Registry keys: 0 Scan end: 10/4/2009 12:09:59 AM Scan time: 2:22:31 Looking better yet? Computer is running allot faster and no signs of problems..Thanks...
  3. Downloaded ComboFix and ran, it did have to install 'Windows Recovery Console'. Here are the logs you wanted: ComboFix log: ComboFix 09-10-01.05 - Owner 10/02/2009 19:53.1.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.638.302 [GMT -4:00] Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\recycler\S-1-5-21-1123796451-2654254777-2988347196-1003 c:\windows\Installer\1324b.msi c:\windows\system32\AutoRun.inf E:\Autorun.inf F:\Autorun.inf . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED} -------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226EE} ((((((((((((((((((((((((( Files Created from 2009-09-03 to 2009-10-03 ))))))))))))))))))))))))))))))) . 2009-10-02 03:59 . 2009-10-02 03:59 -------- d-----w- c:\program files\regcure 2009-10-02 03:51 . 2009-10-02 03:51 -------- d-----w- c:\program files\ExplorerXP 2009-10-02 03:48 . 2009-10-02 09:31 -------- d-----w- c:\program files\a-squared HiJackFree 2009-10-02 03:27 . 2005-01-14 06:41 11254 ----a-w- c:\windows\system32\locate.com 2009-10-02 03:27 . 2009-10-02 03:27 -------- d-----w- C:\ISeeYouXP 2009-10-01 05:35 . 2009-03-30 14:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys 2009-10-01 05:35 . 2009-02-13 16:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys 2009-10-01 05:35 . 2009-02-13 16:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys 2009-10-01 05:35 . 2009-10-01 05:35 -------- d-----w- c:\program files\Avira 2009-10-01 05:35 . 2009-10-01 05:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira 2009-10-01 04:37 . 2009-10-01 04:37 -------- d-----w- c:\program files\Alwil Software 2009-09-30 07:37 . 2009-10-02 06:53 -------- d-----w- c:\program files\a-squared Free 2009-09-30 07:06 . 2009-09-30 07:06 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes 2009-09-30 07:06 . 2009-09-30 07:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-09-30 05:22 . 2009-09-30 05:24 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\ShippingAssistant 2009-09-22 03:21 . 2009-10-02 21:29 -------- d-----w- c:\documents and settings\Owner\Application Data\HPAppData 2009-09-22 03:06 . 2009-09-22 03:07 -------- dc-h--w- c:\windows\ie8 2009-09-21 11:24 . 2009-09-21 11:25 664 ----a-w- c:\windows\system32\d3d9caps.dat 2009-09-21 08:42 . 2009-09-21 08:42 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com 2009-09-21 08:42 . 2009-09-21 08:42 -------- d-----w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com 2009-09-21 05:03 . 2009-10-02 02:44 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2009-09-21 05:02 . 2009-10-01 09:45 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools 2009-09-20 23:58 . 2009-09-20 23:58 552 ----a-w- c:\windows\system32\d3d8caps.dat 2009-09-20 22:04 . 2009-07-28 20:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2009-09-20 08:04 . 2003-03-18 21:20 1060864 ----a-w- c:\windows\system32\MFC71.dll 2009-09-20 00:20 . 2009-10-02 03:06 0 ----a-w- c:\windows\win32k.sys 2009-09-08 21:26 . 2009-06-21 21:44 153088 -c----w- c:\windows\system32\dllcache\triedit.dll 2009-09-08 21:26 . 2009-06-22 06:44 726528 -c--a-w- c:\windows\system32\dllcache\jscript.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-10-02 08:42 . 2008-09-14 09:02 -------- d-----w- c:\documents and settings\Owner\Application Data\OpenOffice.org2 2009-09-30 03:34 . 2009-08-05 04:05 -------- d-----w- c:\program files\Tekin HotWire 2009-09-22 03:19 . 2008-09-13 08:32 -------- d-----w- c:\program files\HP 2009-09-22 03:02 . 2008-09-13 06:50 -------- d-----w- c:\program files\Google 2009-09-21 06:08 . 2008-09-15 18:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft 2009-09-18 02:01 . 2008-09-13 09:31 -------- d-----w- c:\program files\eMule 2009-09-06 01:31 . 2008-09-13 08:22 298680 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-09-01 05:44 . 2009-09-01 05:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2009-09-01 05:43 . 2008-09-13 07:00 -------- d-----w- c:\program files\Microsoft Works 2009-09-01 05:41 . 2009-09-01 05:41 -------- d-----w- c:\program files\Microsoft.NET 2009-08-05 09:01 . 2008-09-13 05:30 204800 ----a-w- c:\windows\system32\mswebdvd.dll 2009-08-05 04:02 . 2008-09-13 06:56 -------- d-----w- c:\program files\Java 2009-07-25 09:23 . 2008-12-12 22:33 411368 ----a-w- c:\windows\system32\deploytk.dll 2009-07-23 20:33 . 2008-09-13 08:28 141206 ----a-w- c:\windows\hpoins14.dat 2009-07-17 19:01 . 2008-09-13 05:24 58880 ----a-w- c:\windows\system32\atl.dll 2009-07-13 14:08 . 2008-09-13 05:32 286720 ----a-w- c:\windows\system32\wmpdxm.dll 2006-05-03 10:06 . 2009-01-07 05:06 163328 --sh--r- c:\windows\system32\flvDX.dll 2007-02-21 11:47 . 2009-01-07 05:06 31232 --sh--r- c:\windows\system32\msfDX.dll 2008-03-16 13:30 . 2009-01-07 05:06 216064 --sh--r- c:\windows\system32\nbDX.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 32768] "readericon"="c:\program files\Digital Media Reader\readericon45G.exe" [2005-12-10 139264] "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-04-05 16120832] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Power2GoExpress"="NA" [X] c:\documents and settings\All Users\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\eMule\\emule.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\MSN Messenger\\livecall.exe"= "c:\\Program Files\\Macromedia\\Dreamweaver MX 2004\\Dreamweaver.exe"= "c:\\Program Files\\Java\\jre6\\bin\\java.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [10/1/2009 1:35 AM 108289] R2 WUSB54GSv2SVC;WUSB54GSv2SVC;c:\program files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe [9/13/2008 5:13 AM 41025] R3 Mach2;Mach2 Pulseing Service;c:\windows\system32\drivers\Mach2.sys [9/13/2008 4:59 AM 99936] R3 XIRLINK;IBM PC Camera;c:\windows\system32\drivers\C-itNT.sys [9/13/2008 4:22 AM 587588] S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?] S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?] S1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys --> c:\program files\SUPERAntiSpyware\SASKUTIL.sys [?] S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; [x] S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\TfNetMon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?] --- Other Services/Drivers In Memory --- *NewlyCreated* - GTNDIS5 [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP . Contents of the 'Scheduled Tasks' folder 2009-09-11 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34] 2009-10-03 c:\windows\Tasks\regcure program check.job - c:\program files\RegCure\RegCure.exe [2009-10-02 03:59] 2009-10-02 c:\windows\Tasks\regcure.job - c:\program files\RegCure\RegCure.exe [2009-10-02 03:59] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.diggitydesigns.com/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Connection Wizard,ShellNext = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&Br=EM&Loc=ENG_US&Sys=DTP&M=W3502 uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} - hxxp://activex.camfrogweb.com/advanced/2.0.2.23/cfweb_activex.camfrogweb.com-advanced-2.0.2.23_instmodule.exe . - - - - ORPHANS REMOVED - - - - HKCU-Run-updateMgr - c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe HKCU-Run-SUPERAntiSpyware - c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe HKLM-Run-Easy Dock - (no file) Notify-avgrsstarter - avgrsstx.dll ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-10-02 20:04 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(632) c:\windows\system32\Ati2evxx.dll - - - - - - - > 'explorer.exe'(1748) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\ati2evxx.exe c:\windows\system32\ati2evxx.exe c:\program files\a-squared Free\a2service.exe c:\program files\Avira\AntiVir Desktop\avguard.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS c:\windows\system32\wdfmgr.exe c:\program files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54GSv2.exe c:\program files\iPod\bin\iPodService.exe c:\program files\HP\Digital Imaging\bin\hpqste08.exe c:\windows\system32\wscntfy.exe . ************************************************************************** . Completion time: 2009-10-03 20:11 - machine was rebooted ComboFix-quarantined-files.txt 2009-10-03 00:11 Pre-Run: 32,491,945,984 bytes free Post-Run: 38,337,343,488 bytes free WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect 192 --- E O F --- 2009-10-02 19:08 A-Squared log: a-squared Free - Version 4.5 Last update: 10/2/2009 8:22:13 PM Scan settings: Scan type: Deep Scan Objects: Memory, Traces, Cookies, C:\, D:\, E:\, F:\ Scan archives: On Heuristics: Off ADS Scan: On Scan start: 10/2/2009 8:22:44 PM Value: HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Emule --> Order detected: Trace.Registry.Emule 5.0!A2 Value: HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Emule --> Order detected: Trace.Registry.Emule 5.0!A2 Key: HKEY_USERS\.DEFAULT\software\PopRock\ detected: Trace.Registry.FraudPack!A2 Key: HKEY_USERS\S-1-5-18\software\PopRock\ detected: Trace.Registry.FraudPack!A2 c:\program files\regcure\ detected: Trace.Directory.RegCure!A2 c:\documents and settings\all users\start menu\programs\regcure\ detected: Trace.Directory.RegCure!A2 c:\documents and settings\owner\start menu\programs\regcure\ detected: Trace.Directory.RegCure!A2 c:\windows\tasks\regcure.job detected: Trace.File.RegCure!A2 c:\windows\tasks\regcure program check.job detected: Trace.File.RegCure!A2 Key: HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Uninstall\RegCure detected: Trace.Registry.RegCure!A2 Key: HKEY_LOCAL_MACHINE\software\RegCure detected: Trace.Registry.RegCure!A2 c:\documents and settings\owner\application data\microsoft\internet explorer\quick launch\emule.lnk detected: Trace.File.Emule 5.0!A2 C:\Documents and Settings\Owner\Cookies\[email protected][1].txt detected: Trace.TrackingCookie.atdmt!A2 C:\Documents and Settings\Owner\Cookies\[email protected][1].txt detected: Trace.TrackingCookie.doubleclick!A2 E:\i386\Apps\App17981\comps\toolbar\toolbr.exe detected: Adware.Win32.SearchIt.t!A2 Scanned Files: 358394 Traces: 642944 Cookies: 30 Processes: 42 Found Files: 1 Traces: 12 Cookies: 2 Processes: 0 Registry keys: 0 Scan end: 10/2/2009 10:37:16 PM Scan time: 2:14:32
  4. Hey Lynx, I wanted to let you know that I did do this process before I started this topic: Open notepad Copy and Paste the below lines of code to notepad: @echo offcopy C:\WINDOWS\system32\logevent.dll c:\logevent.dllcopy C:\WINDOWS\ServicePackFiles\i386\dumprep.exe c:\dumprep.exeGo to File > save as and name the file fixes.bat, change the Save as type to all files and save it to your Desktop. Double-click on fixes.bat to execute it. ----------------------------------------------------------- Download Avenger from here and unzip to your desktop. •Run Avenger •Read the prompt that appears, and press OK •Copy & paste the following text in Input script Box: Files to move:C:\logevent.dll | C:\WINDOWS\SYSTEM32\eventlog.dllC:\dumprep.exe | C:\WINDOWS\SYSTEM32\dumprep.exeThen click "Execute". •You will be presented with 2 confirmation prompts. Select yes on each. Your system will reboot. Note: It is possible that Avenger will reboot your system TWICE. •Upon reboot, a command prompt window will appear on your screen for a few seconds, and then Avenger's log will open. Please paste that log here in your next post. ----------------------------------------------------------- Go to start > run and copy and paste the following command in the field: "%userprofile%\desktop\win32kdiag.exe" -f -r This should restore permissions on locked files and remove mountpoints. After I did the A2 full scan this time none of the viruses showed up, but Im still not sure that I got rid of everything so I am posting the mentioned logs below- A2 SCAN: a-squared Free - Version 4.5 Last update: 10/1/2009 11:52:55 PM Scan settings: Scan type: Deep Scan Objects: Memory, Traces, Cookies, C:\, D:\, E:\, F:\ Scan archives: On Heuristics: Off ADS Scan: On Scan start: 10/2/2009 12:08:04 AM Value: HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Emule --> Order detected: Trace.Registry.Emule 5.0!A2 Value: HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Emule --> Order detected: Trace.Registry.Emule 5.0!A2 c:\windows\tasks\{7b02ef0b-a410-4938-8480-9ba26420a627}.job detected: Trace.File.FraudPack!A2 c:\windows\tasks\{bb65b0fb-5712-401b-b616-e69ac55e2757}.job detected: Trace.File.FraudPack!A2 Key: HKEY_USERS\.DEFAULT\software\NordBull\ detected: Trace.Registry.FraudPack!A2 Key: HKEY_USERS\S-1-5-18\software\NordBull\ detected: Trace.Registry.FraudPack!A2 Key: HKEY_USERS\.DEFAULT\software\PopRock\ detected: Trace.Registry.FraudPack!A2 Key: HKEY_USERS\S-1-5-18\software\PopRock\ detected: Trace.Registry.FraudPack!A2 c:\program files\regcure\ detected: Trace.Directory.RegCure!A2 c:\documents and settings\all users\start menu\programs\regcure\ detected: Trace.Directory.RegCure!A2 c:\documents and settings\owner\start menu\programs\regcure\ detected: Trace.Directory.RegCure!A2 c:\windows\tasks\regcure.job detected: Trace.File.RegCure!A2 c:\windows\tasks\regcure program check.job detected: Trace.File.RegCure!A2 Key: HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Uninstall\RegCure detected: Trace.Registry.RegCure!A2 Key: HKEY_LOCAL_MACHINE\software\RegCure detected: Trace.Registry.RegCure!A2 c:\documents and settings\owner\application data\microsoft\internet explorer\quick launch\emule.lnk detected: Trace.File.Emule 5.0!A2 E:\i386\Apps\App17981\comps\toolbar\toolbr.exe detected: Adware.Win32.SearchIt.t!A2 Scanned Files: 374128 Traces: 647767 Cookies: 6 Processes: 44 Found Files: 1 Traces: 16 Cookies: 0 Processes: 0 Registry keys: 0 Scan end: 10/2/2009 2:53:44 AM Scan time: 2:45:40 ISeeYouXP SCAN: ************************************************************************************ ISeeYouXP v2.0 Beta 14 ISeeYouXP v1.3.0-v2.0 Beta 14 Copyright - ShadowPuterDude ISeeYouXP v1.2.9 and earlier Copyright - PhilliePhan ------------------------------------------------------------------------------------ **** PLEASE NOTE THAT MOST (if not ALL) OF THE ITEMS BELOW ARE NOT BADDIES! **** **** PLEASE CONSULT A KNOWLEDGEABLE PERSON BEFORE TAKING ANY ACTION. **** ************************************************************************************ Windows/Browser/Java Versions: Microsoft Windows XP Home Edition Version: 5.1.2600 Service Pack: 3.0 Windows Directory: C:\WINDOWS Internet Explorer Version: 8.0.6001.18702 Build: 86001 Language: English (United States) Path: C:\Program Files\Internet Explorer Boot State: Normal boot Scan done at 5:25:00.00, Fri 10/02/2009 ------------------------------------------------------------------------------------ ISeeYouXP installation folder and files "C:\ISeeYouXP\" bootst~1.vbs May 28 2007 359 "bootstate.vbs" change.log Jun 8 2008 5012 "change.log" chodefix.bat Apr 18 2007 5387 "chodefix.bat" fixchode.reg Apr 18 2007 528 "fixChode.reg" fixexp~1.bat Feb 24 2007 487 "FixExplorerPolicies.bat" getunk~1.bat Aug 12 2006 1478 "GetUnKeys.bat" grep.exe Dec 24 2004 160768 "grep.exe" hideit.bat Oct 17 2007 1072 "HideIT.bat" ieinfo.vbs May 28 2007 514 "ieinfo.vbs" iesecu~1.bat Oct 28 2007 72 "IESecurityZones.bat" iesecu~1.vbs Nov 8 2007 2399 "IESecurityZones.vbs" iseeyo~1.bat Jun 8 2008 211377 "ISeeYouXP.bat" libico~1.dll Mar 16 2004 898048 "libiconv2.dll" libintl3.dll Oct 9 2004 101888 "libintl3.dll" locate.com Jan 14 2005 11254 "locate.com" md5sum.exe Aug 5 2007 49152 "md5sum.exe" msconf~1.bat Feb 24 2007 578 "MSConfigFix.bat" osinfo.vbs May 28 2007 598 "osinfo.vbs" pcbutts.txt Mar 25 2007 5167 "PCBUTTS.TXT" pcre.dll Nov 14 2004 183313 "pcre.dll" pv.exe Mar 3 2006 73728 "pv.exe" regedi~1.bat Mar 30 2007 650 "RegEditFix.bat" regfix.bat Apr 18 2007 145 "Regfix.bat" servic~1.vbs May 28 2007 672 "servicesinfo.vbs" showit.bat Oct 17 2007 1013 "ShowIT.bat" swreg.exe Apr 5 2007 139776 "swreg.exe" system~1.bat Feb 28 2007 369 "SystemRestoreFix.bat" taskmg~1.bat Feb 24 2007 288 "TaskMgrFix.bat" 28 items found: 28 files, 0 directories. Total of file sizes: 1,856,092 bytes 1.77 M 3 Dir(s) 32,693,329,920 bytes free ------------------------------------------------------------------------------------ System Environment Variables ALLUSERSPROFILE=C:\Documents and Settings\All Users APPDATA=C:\Documents and Settings\Owner\Application Data CLASSPATH=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip CLIENTNAME=Console CommonProgramFiles=C:\Program Files\Common Files COMPUTERNAME=BARNCOMP2 ComSpec=C:\WINDOWS\system32\cmd.exe errcode=0 FP_NO_HOST_CHECK=NO HOMEDRIVE=C: HOMEPATH=\Documents and Settings\Owner LOGONSERVER=\\BARNCOMP2 NUMBER_OF_PROCESSORS=1 OS=Windows_NT Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\QuickTime\QTSystem\;%NpmLib% PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH PROCESSOR_ARCHITECTURE=x86 PROCESSOR_IDENTIFIER=x86 Family 15 Model 6 Stepping 4, GenuineIntel PROCESSOR_LEVEL=15 PROCESSOR_REVISION=0604 ProgramFiles=C:\Program Files PROMPT=$P$G QTJAVA=C:\Program Files\Java\jre6\lib\ext\QTJava.zip SESSIONNAME=Console SystemDrive=C: SystemRoot=C:\WINDOWS TEMP=C:\DOCUME~1\Owner\LOCALS~1\Temp TMP=C:\DOCUME~1\Owner\LOCALS~1\Temp USERDOMAIN=BARNCOMP2 USERNAME=Owner USERPROFILE=C:\Documents and Settings\Owner windir=C:\WINDOWS ------------------------------------------------------------------------------------ Showing any Pocket Killbox backup files No matches found. ------------------------------------------------------------------------------------ Displaying BOOT.INI: [boot loader] default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect ------------------------------------------------------------------------------------ Displaying SYSTEM.INI: ; for 16-bit app support [drivers] wave=mmdrv.dll timer=timer.drv [mci] [driver32] [386enh] woafont=dosapp.FON EGA80WOA.FON=EGA80WOA.FON EGA40WOA.FON=EGA40WOA.FON CGA80WOA.FON=CGA80WOA.FON CGA40WOA.FON=CGA40WOA.FON [TTFontDimenCacheDBCS] 0 4=2 4 0 5=3 5 0 6=4 6 0 7=4 7 0 8=5 8 0 9=5 9 0 10=6 10 0 11=7 11 0 12=7 12 0 13=8 13 0 14=8 14 0 15=9 15 0 16=10 16 0 18=11 18 0 20=12 20 0 22=13 22 ------------------------------------------------------------------------------------ Displaying WIN.INI: ; for 16-bit app support [fonts] [extensions] [mci extensions] [files] [MCI Extensions.BAK] aif=MPEGVideo aifc=MPEGVideo aiff=MPEGVideo asf=MPEGVideo asx=MPEGVideo au=MPEGVideo m1v=MPEGVideo m3u=MPEGVideo mp2=MPEGVideo mp2v=MPEGVideo mp3=MPEGVideo mpa=MPEGVideo mpe=MPEGVideo mpeg=MPEGVideo mpg=MPEGVideo mpv2=MPEGVideo snd=MPEGVideo wax=MPEGVideo wm=MPEGVideo wma=MPEGVideo wmv=MPEGVideo wmx=MPEGVideo wpl=MPEGVideo wvx=MPEGVideo [status] State=Running [Readiris] Scanner32=Twaino38,22 [AMV Video Convert Tool] DIR=C:\Documents and Settings\Owner\Desktop\ [Cucusoft AVI to DVD VCD SVCD MPEG Converter (Pro Version)] left=415 top=29 batch=0 editFilters=0 ------------------------------------------------------------------------------------ Displaying AUTOEXEC.BAT: ------------------------------------------------------------------------------------ Displaying CONFIG.SYS: ------------------------------------------------------------------------------------ Displaying Running Processes: PROCESS PID PRIO PATH smss.exe 364 Normal C:\WINDOWS\System32\smss.exe csrss.exe 588 Normal C:\WINDOWS\system32\csrss.exe winlogon.exe 616 High C:\WINDOWS\system32\winlogon.exe services.exe 660 Normal C:\WINDOWS\system32\services.exe lsass.exe 672 Normal C:\WINDOWS\system32\lsass.exe Ati2evxx.exe 840 Normal C:\WINDOWS\system32\Ati2evxx.exe svchost.exe 856 Normal C:\WINDOWS\system32\svchost.exe svchost.exe 924 Normal C:\WINDOWS\system32\svchost.exe svchost.exe 1020 Normal C:\WINDOWS\System32\svchost.exe svchost.exe 1092 Normal C:\WINDOWS\system32\svchost.exe svchost.exe 1228 Normal C:\WINDOWS\system32\svchost.exe Ati2evxx.exe 1500 Normal C:\WINDOWS\system32\Ati2evxx.exe Explorer.EXE 1600 Normal C:\WINDOWS\Explorer.EXE spoolsv.exe 1704 Normal C:\WINDOWS\system32\spoolsv.exe sched.exe 1752 Normal C:\Program Files\Avira\AntiVir Desktop\sched.exe svchost.exe 1804 Normal C:\WINDOWS\system32\svchost.exe a2service.exe 1868 Normal C:\Program Files\a-squared Free\a2service.exe avguard.exe 2020 Normal C:\Program Files\Avira\AntiVir Desktop\avguard.exe AppleMobileDeviceService.exe 96 Normal C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe mDNSResponder.exe 184 Normal C:\Program Files\Bonjour\mDNSResponder.exe svchost.exe 352 Normal C:\WINDOWS\system32\svchost.exe jqs.exe 460 Idle C:\Program Files\Java\jre6\bin\jqs.exe svchost.exe 396 Normal C:\WINDOWS\System32\svchost.exe svchost.exe 980 Normal C:\WINDOWS\System32\svchost.exe PRISMXL.SYS 1056 Normal C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS PDVDServ.exe 1088 Normal C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe svchost.exe 1132 Normal C:\WINDOWS\system32\svchost.exe readericon45G.exe 1356 Idle C:\Program Files\Digital Media Reader\readericon45G.exe wdfmgr.exe 1412 Normal C:\WINDOWS\system32\wdfmgr.exe RTHDCPL.EXE 1420 Normal C:\WINDOWS\RTHDCPL.EXE WLService.exe 1512 Normal C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe WUSB54GSv2.exe 1152 High C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54GSv2.exe iTunesHelper.exe 208 Normal C:\Program Files\iTunes\iTunesHelper.exe jusched.exe 728 Normal C:\Program Files\Java\jre6\bin\jusched.exe avgnt.exe 864 Normal C:\Program Files\Avira\AntiVir Desktop\avgnt.exe ctfmon.exe 1392 Normal C:\WINDOWS\system32\ctfmon.exe hpqtra08.exe 1760 Normal C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe iPodService.exe 2668 Normal C:\Program Files\iPod\bin\iPodService.exe alg.exe 2712 Normal C:\WINDOWS\System32\alg.exe hpqSTE08.exe 2468 Normal C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe iexplore.exe 1108 Normal C:\Program Files\Internet Explorer\iexplore.exe iexplore.exe 1532 Normal C:\Program Files\Internet Explorer\iexplore.exe hpswp_clipbook.exe 2972 Normal C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe cmd.exe 3588 Normal C:\WINDOWS\system32\cmd.exe ntvdm.exe 2908 Normal C:\WINDOWS\system32\ntvdm.exe wmiprvse.exe 1156 Normal C:\WINDOWS\system32\wbem\wmiprvse.exe pv.exe 3776 Normal C:\ISEEYO~1\pv.exe ------------------------------------------------------------------------------------ Displaying Windows Services: Name: a2free Display Name: a-squared Free Service Description: Scans the PC for unwanted software and provides protection from malicious code Path Name: "C:\Program Files\a-squared Free\a2service.exe" Start Mode: Auto State: Running Name: Alerter Display Name: Alerter Description: Notifies selected users and computers of administrative alerts. If the service is stopped, programs that use administrative alerts will not receive them. If this service is disabled, any services that explicitly depend on it will fail to start. Path Name: C:\WINDOWS\system32\svchost.exe -k LocalService Start Mode: Disabled State: Stopped Name: ALG Display Name: Application Layer Gateway Service Description: Provides support for 3rd party protocol plug-ins for Internet Connection Sharing and the Windows Firewall. Path Name: C:\WINDOWS\System32\alg.exe Start Mode: Manual State: Running Name: AntiVirSchedulerService Display Name: Avira AntiVir Scheduler Description: Service to schedule Avira AntiVir Personal - Free Antivirus jobs and updates. Path Name: "C:\Program Files\Avira\AntiVir Desktop\sched.exe" Start Mode: Auto State: Running Name: AntiVirService Display Name: Avira AntiVir Guard Description: Offers permanent protection against viruses and malware with the AntiVir search engine. Path Name: "C:\Program Files\Avira\AntiVir Desktop\avguard.exe" Start Mode: Auto State: Running Name: Apple Mobile Device Display Name: Apple Mobile Device Description: Provides the interface to Apple mobile devices. Path Name: "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe" Start Mode: Auto State: Running Name: AppMgmt Display Name: Application Management Description: Provides software installation services such as Assign, Publish, and Remove. Path Name: C:\WINDOWS\system32\svchost.exe -k netsvcs Start Mode: Manual State: Stopped Name: aspnet_state Display Name: ASP.NET State Service Description: Provides support for out-of-process session states for ASP.NET. If this service is stopped, out-of-process requests will not be processed. If this service is disabled, any services that explicitly depend on it will fail to start. Path Name: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe Start Mode: Manual State: Stopped Name: Ati HotKey Poller Display Name: Ati HotKey Poller Description: Path Name: C:\WINDOWS\system32\Ati2evxx.exe Start Mode: Auto State: Running Name: ATI Smart Display Name: ATI Smart Description: Path Name: C:\WINDOWS\system32\ati2sgag.exe Start Mode: Auto State: Stopped Name: AudioSrv Display Name: Windows Audio Description: Manages audio devices for Windows-based programs. If this service is stopped, audio devices and effects will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start. Path Name: C:\WINDOWS\System32\svchost.exe -k netsvcs Start Mode: Auto State: Running Name: BITS Display Name: Background Intelligent Transfer Service Description: Transfers files in the background using idle network bandwidth. If the service is stopped, features such as Windows Update, and MSN Explorer will be unable to automatically download programs and other information. If this service is disabled, any services that explicitly depend on it may fail to transfer files if they do not have a fail safe mechanism to transfer files directly through IE in case BITS has been disabled. Path Name: C:\WINDOWS\system32\svchost.exe -k netsvcs Start Mode: Manual State: Stopped Name: Bonjour Service Display Name: Bonjour Service Description: Bonjour allows applications like iTunes and Safari to advertise and discover services on the local network. Having Bonjour running enables you to connect to hardware devices like Apple TV and software services like iTunes sharing and AirTunes. If you disable Bonjour, any network service that explicitly depends on it will fail to start. Path Name: "C:\Program Files\Bonjour\mDNSResponder.exe" Start Mode: Auto State: Running Name: Browser Display Name: Computer Browser Description: Maintains an updated list of computers on the network and supplies this list to computers designated as browsers. If this service is stopped, this list will not be updated or maintained. If this service is disabled, any services that explicitly depend on it will fail to start. Path Name: C:\WINDOWS\system32\svchost.exe -k netsvcs Start Mode: Auto State: Stopped Name: CiSvc Display Name: Indexing Service Description: Indexes contents and properties of files on local and remote computers; provides rapid access to files through flexible querying language. Path Name: C:\WINDOWS\system32\cisvc.exe Start Mode: Manual State: Stopped Name: ClipSrv Display Name: ClipBook Description: Enables ClipBook Viewer to store information and share it with remote computers. If the service is stopped, ClipBook Viewer will not be able to share information with remote computers. If this service is disabled, any services that explicitly depend on it will fail to start. Path Name: C:\WINDOWS\system32\clipsrv.exe Start Mode: Disabled State: Stopped Name: clr_optimization_v2.0.50727_32 Display Name: .NET Runtime Optimization Service v2.0.50727_X86 Description: Microsoft .NET Framework NGEN Path Name: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe Start Mode: Manual State: Stopped Name: COMSysApp Display Name: COM+ System Application Description: Manages the configuration and tracking of Component Object Model (COM)+-based components. If the service is stopped, most COM+-based components will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start. Path Name: C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} Start Mode: Manual State: Stopped Name: CryptSvc Display Name: Cryptographic Services Description: Provides three management services: Catalog Database Service, which confirms the signatures of Windows files; Protected Root Service, which adds and removes Trusted Root Certification Authority certificates from this computer; and Key Service, which helps enroll this computer for certificates. If this service is stopped, these management services will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start. Path Name: C:\WINDOWS\system32\svchost.exe -k netsvcs Start Mode: Auto State: Running Name: DcomLaunch Display Name: DCOM Server Process Launcher Description: Provides launch functionality for DCOM services. Path Name: C:\WINDOWS\system32\svchost -k DcomLaunch Start Mode: Auto State: Running Name: Dhcp Display Name: DHCP Client Description: Manages network configuration by registering and updating IP addresses and DNS names. Path Name: C:\WINDOWS\system32\svchost.exe -k netsvcs Start Mode: Auto State: Running Name: dmadmin Display Name: Logical Disk Manager Administrative Service Description: Configures hard disk drives and volumes. The service only runs for configuration processes and then stops. Path Name: C:\WINDOWS\System32\dmadmin.exe /com Start Mode: Manual State: Stopped Name: dmserver Display Name: Logical Disk Manager Description: Detects and monitors new hard disk drives and sends disk volume information to Logical Disk Manager Administrative Service for configuration. If this service is stopped, dynamic disk status and configuration information may become out of date. If this service is disabled, any services that explicitly depend on it will fail to start. Path Name: C:\WINDOWS\System32\svchost.exe -k netsvcs Start Mode: Manual State: Stopped Name: Dnscache Display Name: DNS Client Description: Resolves and caches Domain Name System (DNS) names for this computer. If this service is stopped, this computer will not be able to resolve DNS names and locate Active Directory domain controllers. If this service is disabled, any services that explicitly depend on it will fail to start. Path Name: C:\WINDOWS\system32\svchost.exe -k NetworkService Start Mode: Auto State: Running Name: Dot3svc Display Name: Wired AutoConfig Description: This service performs IEEE 802.1X authentication on Ethernet interfaces Path Name: C:\WINDOWS\System32\svchost.exe -k dot3svc Start Mode: Manual State: Stopped Name: EapHost Display Name: Extensible Authentication Protocol Service Description: Provides windows clients Extensible Authentication Protocol Service Path Name: C:\WINDOWS\System32\svchost.exe -k eapsvcs Start Mode: Manual State: Stopped Name: ERSvc Display Name: Error Reporting Service Description: Allows error reporting for services and applictions running in non-standard environments. Path Name: C:\WINDOWS\System32\svchost.exe -k netsvcs Start Mode: Auto State: Running Name: Eventlog Display Name: Event Log Description: Enables event log messages issued by Windows-based programs and components to be viewed in Event Viewer. This service cannot be stopped. Path Name: C:\WINDOWS\system32\services.exe Start Mode: Auto State: Running Name: EventSystem Display Name: COM+ Event System Description: Supports System Event Notification Service (SENS), which provides automatic distribution of events to subscribing Component Object Model (COM) components. If the service is stopped, SENS will close and will not be able to provide logon and logoff notifications. If this service is disabled, any services that explicitly depend on it will fail to start. Path Name: C:\WINDOWS\system32\svchost.exe -k netsvcs Start Mode: Manual State: Running Name: FastUserSwitchingCompatibility Display Name: Fast User Switching Compatibility Description: Provides management for applications that require assistance in a multiple user environment. Path Name: C:\WINDOWS\System32\svchost.exe -k netsvcs Start Mode: Manual State: Running Name: FLEXnet Licensing Service Display Name: FLEXnet Licensing Service Description: This service performs licensing functions on behalf of FLEXnet enabled products. Path Name: "C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe" Start Mode: Manual State: Stopped Name: FontCache3.0.0.0 Display Name: Windows Presentation Foundation Font Cache 3.0.0.0 Description: Optimizes performance of Windows Presentation Foundation (WPF) applications by caching commonly used font data. WPF applications will start this service if it is not already running. It can be disabled, though doing so will degrade the performance of WPF applications. Path Name: c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe Start Mode: Manual State: Stopped Name: getPlus(R) Helper Display Name: getPlus(R) Helper Description: Path Name: C:\Program Files\NOS\bin\getPlus_HelperSvc.exe Start Mode: Manual State: Stopped Name: helpsvc Display Name: Help and Support Description: Enables Help and Support Center to run on this computer. If this service is stopped, Help and Support Center will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. Path Name: C:\WINDOWS\System32\svchost.exe -k netsvcs Start Mode: Auto State: Running Name: HidServ Display Name: Human Interface Device Access Description: Enables generic input access to Human Interface Devices (HID), which activates and maintains the use of predefined hot buttons on keyboards, remote controls, and other multimedia devices. If this service is stopped, hot buttons controlled by this service will no longer function. If this service is disabled, any services that explicitly depend on it will fail to start. Path Name: C:\WINDOWS\System32\svchost.exe -k netsvcs Start Mode: Disabled State: Stopped Name: hkmsvc Display Name: Health Key and Certificate Management Service Description: Manages health certificates and keys (used by NAP) Path Name: C:\WINDOWS\System32\svchost.exe -k netsvcs Start Mode: Manual State: Stopped Name: hpqcxs08 Display Name: hpqcxs08 Description: Path Name: C:\WINDOWS\system32\svchost.exe -k hpdevmgmt Start Mode: Manual State: Running Name: hpqddsvc Display Name: HP CUE DeviceDiscovery Service Description: This service detects and monitors CUE devices on the system. Path Name: C:\WINDOWS\system32\svchost.exe -k hpdevmgmt Start Mode: Auto State: Running Name: HTTPFilter Display Name: HTTP SSL Description: This service implements the secure hypertext transfer protocol (HTTPS) for the HTTP service, using the Secure Socket Layer (SSL). If this service is disabled, any services that explicitly depend on it will fail to start. Path Name: C:\WINDOWS\System32\svchost.exe -k HTTPFilter Start Mode: Manual State: Stopped Name: idsvc Display Name: Windows CardSpace Description: Securely enables the creation, management, and disclosure of digital identities. Path Name: "C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe" Start Mode: Manual State: Stopped Name: ImapiService Display Name: IMAPI CD-Burning COM Service Description: Manages CD recording using Image Mastering Applications Programming Interface (IMAPI). If this service is stopped, this computer will be unable to record CDs. If this service is disabled, any services that explicitly depend on it will fail to start. Path Name: C:\WINDOWS\system32\imapi.exe Start Mode: Manual State: Stopped Name: iPod Service Display Name: iPod Service Description: iPod hardware management services Path Name: "C:\Program Files\iPod\bin\iPodService.exe" Start Mode: Manual State: Running Name: JavaQuickStarterService Display Name: Java Quick Starter Description: Prefetches JRE files for faster startup of Java applets and applications Path Name: "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf" Start Mode: Auto State: Running Name: lanmanserver Display Name: Server Description: Supports file, print, and named-pipe sharing over the network for this computer. If this service is stopped, these functions will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. Path Name: C:\WINDOWS\system32\svchost.exe -k netsvcs Start Mode: Auto State: Running Name: lanmanworkstation Display Name: Workstation Description: Creates and maintains client network connections to remote servers. If this service is stopped, these connections will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. Path Name: C:\WINDOWS\system32\svchost.exe -k netsvcs Start Mode: Auto State: Running Name: Lavasoft Ad-Aware Service Display Name: Lavasoft Ad-Aware Service Description: Ad-Aware Service Path Name: Start Mode: Auto State: Stopped Name: LmHosts Display Name: TCP/IP NetBIOS Helper Description: Enables support for NetBIOS over TCP/IP (NetBT) service and NetBIOS name resolution. Path Name: C:\WINDOWS\system32\svchost.exe -k LocalService Start Mode: Auto State: Running Name: Macromedia Licensing Service Display Name: Macromedia Licensing Service Description: Provides authentication services for Macromedia applications. Path Name: "C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe" Start Mode: Manual State: Stopped Name: Messenger Display Name: Messenger Description: Transmits net send and Alerter service messages between clients and servers. This service is not related to Windows Messenger. If this service is stopped, Alerter messages will not be transmitted. If this service is disabled, any services that explicitly depend on it will fail to start. Path Name: C:\WINDOWS\system32\svchost.exe -k netsvcs Start Mode: Disabled State: Stopped Name: mnmsrvc Display Name: NetMeeting Remote Desktop Sharing Description: Enables an authorized user to access this computer remotely by using NetMeeting over a corporate intranet. If this service is stopped, remote desktop sharing will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. Path Name: C:\WINDOWS\system32\mnmsrvc.exe Start Mode: Manual State: Stopped Name: MSDTC Display Name: Distributed Transaction Coordinator Description: Coordinates transactions that span multiple resource managers, such as databases, message queues, and file systems. If this service is stopped, these transactions will not occur. If this service is disabled, any services that explicitly depend on it will fail to start. Path Name: C:\WINDOWS\system32\msdtc.exe Start Mode: Manual State: Stopped Name: MSIServer Display Name: Windows Installer Description: Adds, modifies, and removes applications provided as a Windows Installer (*.msi) package. If this service is disabled, any services that explicitly depend on it will fail to start. Path Name: C:\WINDOWS\system32\msiexec.exe /V Start Mode: Manual State: Stopped Name: napagent Display Name: Network Access Protection Agent Description: Allows windows clients to participate in Network Access Protection Path Name: C:\WINDOWS\System32\svchost.exe -k netsvcs Start Mode: Manual State: Stopped Name: Net Driver HPZ12 Display Name: Net Driver HPZ12 Description: Path Name: C:\WINDOWS\System32\svchost.exe -k HPZ12 Start Mode: Auto State: Running Name: NetDDE Display Name: Network DDE Description: Provides network transport and security for Dynamic Data Exchange (DDE) for programs running on the same computer or on different computers. If this service is stopped, DDE transport and security will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. Path Name: C:\WINDOWS\system32\netdde.exe Start Mode: Disabled State: Stopped Name: NetDDEdsdm Display Name: Network DDE DSDM Description: Manages Dynamic Data Exchange (DDE) network shares. If this service is stopped, DDE network shares will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. Path Name: C:\WINDOWS\system32\netdde.exe Start Mode: Disabled State: Stopped Name: Netlogon Display Name: Net Logon Description: Supports pass-through authentication of account logon events for computers in a domain. Path Name: C:\WINDOWS\system32\lsass.exe Start Mode: Manual State: Stopped Name: Netman Display Name: Network Connections Description: Manages objects in the Network and Dial-Up Connections folder, in which you can view both local area network and remote connections. Path Name: C:\WINDOWS\System32\svchost.exe -k netsvcs Start Mode: Manual State: Running Name: NetTcpPortSharing Display Name: Net.Tcp Port Sharing Service Description: Provides ability to share TCP ports over the net.tcp protocol. Path Name: "C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe" Start Mode: Disabled State: Stopped Name: Nla Display Name: Network Location Awareness (NLA) Description: Collects and stores network configuration and location information, and notifies applications when this information changes. Path Name: C:\WINDOWS\system32\svchost.exe -k netsvcs Start Mode: Manual State: Running Name: NtLmSsp Display Name: NT LM Security Support Provider Description: Provides security to remote procedure call (RPC) programs that use transports other than named pipes. Path Name: C:\WINDOWS\system32\lsass.exe Start Mode: Manual State: Stopped Name: NtmsSvc Display Name: Removable Storage Description: Path Name: C:\WINDOWS\system32\svchost.exe -k netsvcs Start Mode: Manual State: Stopped Name: odserv Display Name: Microsoft Office Diagnostics Service Description: Run portions of Microsoft Office Diagnostics. Path Name: "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE" Start Mode: Manual State: Stopped Name: ose Display Name: Office Source Engine Description: Saves installation files used for updates and repairs and is required for the downloading of Setup updates and Watson error reports. Path Name: "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE" Start Mode: Manual State: Stopped Name: PlugPlay Display Name: Plug and Play Description: Enables a computer to recognize and adapt to hardware changes with little or no user input. Stopping or disabling this service will result in system instability. Path Name: C:\WINDOWS\system32\services.exe Start Mode: Auto State: Running Name: Pml Driver HPZ12 Display Name: Pml Driver HPZ12 Description: Path Name: C:\WINDOWS\System32\svchost.exe -k HPZ12 Start Mode: Auto State: Running Name: PolicyAgent Display Name: IPSEC Services Description: Manages IP security policy and starts the ISAKMP/Oakley (IKE) and the IP security driver. Path Name: C:\WINDOWS\system32\lsass.exe Start Mode: Auto State: Running Name: PrismXL Display Name: PrismXL Description: Path Name: C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS Start Mode: Auto State: Running Name: ProtectedStorage Display Name: Protected Storage Description: Provides protected storage for sensitive data, such as private keys, to prevent access by unauthorized services, processes, or users. Path Name: C:\WINDOWS\system32\lsass.exe Start Mode: Auto State: Running Name: RasAuto Display Name: Remote Access Auto Connection Manager Description: Creates a connection to a remote network whenever a program references a remote DNS or NetBIOS name or address. Path Name: C:\WINDOWS\system32\svchost.exe -k netsvcs Start Mode: Manual State: Stopped Name: RasMan Display Name: Remote Access Connection Manager Description: Creates a network connection. Path Name: C:\WINDOWS\system32\svchost.exe -k netsvcs Start Mode: Manual State: Running Name: RDSessMgr Display Name: Remote Desktop Help Session Manager Description: Manages and controls Remote Assistance. If this service is stopped, Remote Assistance will be unavailable. Before stopping this service, see the Dependencies tab of the Properties dialog box. Path Name: C:\WINDOWS\system32\sessmgr.exe Start Mode: Manual State: Stopped Name: RemoteAccess Display Name: Routing and Remote Access Description: Offers routing services to businesses in local area and wide area network environments. Path Name: C:\WINDOWS\system32\svchost.exe -k netsvcs Start Mode: Disabled State: Stopped Name: RpcLocator Display Name: Remote Procedure Call (RPC) Locator Description: Manages the RPC name service database. Path Name: C:\WINDOWS\system32\locator.exe Start Mode: Manual State: Stopped Name: RpcSs Display Name: Remote Procedure Call (RPC) Description: Provides the endpoint mapper and other miscellaneous RPC services. Path Name: C:\WINDOWS\system32\svchost -k rpcss Start Mode: Auto State: Running Name: RSVP Display Name: QoS RSVP Description: Provides network signaling and local traffic control setup functionality for QoS-aware programs and control applets. Path Name: C:\WINDOWS\system32\rsvp.exe Start Mode: Manual State: Stopped Name: SamSs Display Name: Security Accounts Manager Description: Stores security information for local user accounts. Path Name: C:\WINDOWS\system32\lsass.exe Start Mode: Auto State: Running Name: SCardSvr Display Name: Smart Card Description: Manages access to smart cards read by this computer. If this service is stopped, this computer will be unable to read smart cards. If this service is disabled, any services that explicitly depend on it will fail to start. Path Name: C:\WINDOWS\System32\SCardSvr.exe Start Mode: Manual State: Stopped Name: Schedule Display Name: Task Scheduler Description: Enables a user to configure and schedule automated tasks on this computer. If this service is stopped, these tasks will not be run at their scheduled times. If this service is disabled, any services that explicitly depend on it will fail to start. Path Name: C:\WINDOWS\System32\svchost.exe -k netsvcs Start Mode: Auto State: Running Name: seclogon Display Name: Secondary Logon Description: Enables starting processes under alternate credentials. If this service is stopped, this type of logon access will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. Path Name: C:\WINDOWS\System32\svchost.exe -k netsvcs Start Mode: Auto State: Running Name: SENS Display Name: System Event Notification Description: Tracks system events such as Windows logon, network, and power events. Notifies COM+ Event System subscribers of these events. Path Name: C:\WINDOWS\system32\svchost.exe -k netsvcs Start Mode: Auto State: Running Name: SharedAccess Display Name: Windows Firewall/Internet Connection Sharing (ICS) Description: Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. Path Name: C:\WINDOWS\system32\svchost.exe -k netsvcs Start Mode: Auto State: Running Name: ShellHWDetection Display Name: Shell Hardware Detection Description: Provides notifications for AutoPlay hardware events. Path Name: C:\WINDOWS\System32\svchost.exe -k netsvcs Start Mode: Auto State: Running Name: Spooler Display Name: Print Spooler Description: Loads files to memory for later printing. Path Name: C:\WINDOWS\system32\spoolsv.exe Start Mode: Auto State: Running Name: srservice Display Name: System Restore Service Description: Performs system restore functions. To stop service, turn off System Restore from the System Restore tab in My Computer->Properties Path Name: C:\WINDOWS\system32\svchost.exe -k netsvcs Start Mode: Auto State: Running Name: SSDPSRV Display Name: SSDP Discovery Service Description: Enables discovery of UPnP devices on your home network. Path Name: C:\WINDOWS\system32\svchost.exe -k LocalService Start Mode: Manual State: Running Name: stisvc Display Name: Windows Image Acquisition (WIA) Description: Provides image acquisition services for scanners and cameras. Path Name: C:\WINDOWS\system32\svchost.exe -k imgsvc Start Mode: Auto State: Running Name: SwPrv Display Name: MS Software Shadow Copy Provider Description: Manages software-based volume shadow copies taken by the Volume Shadow Copy service. If this service is stopped, software-based volume shadow copies cannot be managed. If this service is disabled, any services that explicitly depend on it will fail to start. Path Name: C:\WINDOWS\system32\dllhost.exe /Processid:{63C33B1B-E9A2-4399-8C21-F59FA31488FA} Start Mode: Manual State: Stopped Name: SysmonLog Display Name: Performance Logs and Alerts Description: Collects performance data from local or remote computers based on preconfigured schedule parameters, then writes the data to a log or triggers an alert. If this service is stopped, performance information will not be collected. If this service is disabled, any services that explicitly depend on it will fail to start. Path Name: C:\WINDOWS\system32\smlogsvc.exe Start Mode: Manual State: Stopped Name: TapiSrv Display Name: Telephony Description: Provides Telephony API (TAPI) support for programs that control telephony devices and IP based voice connections on the local computer and, through the LAN, on servers that are also running the service. Path Name: C:\WINDOWS\System32\svchost.exe -k netsvcs Start Mode: Manual State: Running Name: TermService Display Name: Terminal Services Description: Allows multiple users to be connected interactively to a machine as well as the display of desktops and applications to remote computers. The underpinning of Remote Desktop (including RD for Administrators), Fast User Switching, Remote Assistance, and Terminal Server. Path Name: C:\WINDOWS\System32\svchost -k DComLaunch Start Mode: Manual State: Running Name: Themes Display Name: Themes Description: Provides user experience theme management. Path Name: C:\WINDOWS\System32\svchost.exe -k netsvcs Start Mode: Auto State: Running Name: TrkWks Display Name: Distributed Link Tracking Client Description: Maintains links between NTFS files within a computer or across computers in a network domain. Path Name: C:\WINDOWS\system32\svchost.exe -k netsvcs Start Mode: Auto State: Running Name: UMWdf Display Name: Windows User Mode Driver Framework Description: Enables Windows user mode drivers. Path Name: C:\WINDOWS\system32\wdfmgr.exe Start Mode: Auto State: Running Name: upnphost Display Name: Universal Plug and Play Device Host Description: Provides support to host Universal Plug and Play devices. Path Name: C:\WINDOWS\system32\svchost.exe -k LocalService Start Mode: Manual State: Stopped Name: UPS Display Name: Uninterruptible Power Supply Description: Manages an uninterruptible power supply (UPS) connected to the computer. Path Name: C:\WINDOWS\System32\ups.exe Start Mode: Manual State: Stopped Name: usnjsvc Display Name: Messenger Sharing Folders USN Journal Reader service Description: Service installed by Messenger to enable sharing scenarios Path Name: "C:\Program Files\MSN Messenger\usnsvc.exe" Start Mode: Manual State: Stopped Name: VSS Display Name: Volume Shadow Copy Description: Manages and implements Volume Shadow Copies used for backup and other purposes. If this service is stopped, shadow copies will be unavailable for backup and the backup may fail. If this service is disabled, any services that explicitly depend on it will fail to start. Path Name: C:\WINDOWS\System32\vssvc.exe Start Mode: Manual State: Stopped Name: W32Time Display Name: Windows Time Description: Maintains date and time synchronization on all clients and servers in the network. If this service is stopped, date and time synchronization will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. Path Name: C:\WINDOWS\System32\svchost.exe -k netsvcs Start Mode: Auto State: Running Name: WebClient Display Name: WebClient Description: Enables Windows-based programs to create, access, and modify Internet-based files. If this service is stopped, these functions will not be available. If this service is disabled, any services that explicitly depend on it will fail to start. Path Name: C:\WINDOWS\system32\svchost.exe -k LocalService Start Mode: Auto State: Running Name: winmgmt Display Name: Windows Management Instrumentation Description: Provides a common interface and object model to access management information about operating system, devices, applications and services. If this service is stopped, most Windows-based software will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start. Path Name: C:\WINDOWS\system32\svchost.exe -k netsvcs Start Mode: Auto State: Running Name: WmdmPmSN Display Name: Portable Media Serial Number Service Description: Retrieves the serial number of any portable media player connected to this computer. If this service is stopped, protected content might not be down loaded to the device. Path Name: C:\WINDOWS\System32\svchost.exe -k netsvcs Start Mode: Manual State: Stopped Name: WmiApSrv Display Name: WMI Performance Adapter Description: Provides performance library information from WMI HiPerf providers. Path Name: C:\WINDOWS\system32\wbem\wmiapsrv.exe Start Mode: Manual State: Stopped Name: wscsvc Display Name: Security Center Description: Monitors system security settings and configurations. Path Name: C:\WINDOWS\System32\svchost.exe -k netsvcs Start Mode: Auto State: Running Name: wuauserv Display Name: Automatic Updates Description: Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. Path Name: C:\WINDOWS\system32\svchost.exe -k netsvcs Start Mode: Auto State: Running Name: WUSB54GSv2SVC Display Name: WUSB54GSv2SVC Description: Path Name: "C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe" "WUSB54GSv2.exe" Start Mode: Auto State: Running Name: WZCSVC Display Name: Wireless Zero Configuration Description: Provides automatic configuration for the 802.11 adapters Path Name: C:\WINDOWS\System32\svchost.exe -k netsvcs Start Mode: Auto State: Stopped Name: xmlprov Display Name: Network Provisioning Service Description: Manages XML configuration files on a domain basis for automatic network provisioning. Path Name: C:\WINDOWS\System32\svchost.exe -k netsvcs Start Mode: Manual State: Stopped ------------------------------------------------------------------------------------ Displaying LOG for Microsoft Windows Malicious Software Removal Tool: --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v2.2, September 2008 Started On Sat Sep 13 03:48:31 2008 Results Summary: ---------------- No infection found. Return code: 0 Microsoft Windows Malicious Software Removal Tool Finished On Sat Sep 13 03:49:18 2008 --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v2.2, September 2008 Started On Sat Sep 13 03:54:19 2008 Results Summary: ---------------- No infection found. Return code: 0 Microsoft Windows Malicious Software Removal Tool Finished On Sat Sep 13 03:54:57 2008 --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v2.3, October 2008 Started On Thu Oct 16 02:52:51 2008 Results Summary: ---------------- No infection found. Return code: 0 Microsoft Windows Malicious Software Removal Tool Finished On Thu Oct 16 02:54:07 2008 --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v2.4, November 2008 Started On Wed Nov 12 14:38:35 2008 Results Summary: ---------------- No infection found. Return code: 0 Microsoft Windows Malicious Software Removal Tool Finished On Wed Nov 12 14:40:01 2008 --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v2.5, December 2008 Started On Fri Dec 12 05:24:59 2008 Results Summary: ---------------- No infection found. Return code: 0 Microsoft Windows Malicious Software Removal Tool Finished On Fri Dec 12 05:26:24 2008 --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v2.6, January 2009 Started On Thu Jan 15 03:07:37 2009 Results Summary: ---------------- No infection found. Return code: 0 Microsoft Windows Malicious Software Removal Tool Finished On Thu Jan 15 03:09:48 2009 --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v2.7, February 2009 Started On Thu Feb 12 03:55:32 2009 Results Summary: ---------------- No infection found. Return code: 0 Microsoft Windows Malicious Software Removal Tool Finished On Thu Feb 12 03:57:00 2009 --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v2.8, March 2009 Started On Sun Mar 15 14:00:34 2009 Results Summary: ---------------- No infection found. Return code: 0 Microsoft Windows Malicious Software Removal Tool Finished On Sun Mar 15 14:02:12 2009 --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v2.9, April 2009 Started On Wed Apr 15 03:56:22 2009 Security policy adjusted. Engine requests reboot and try again, ignoring. Results Summary: ---------------- No infection found. Return code: 0 Microsoft Windows Malicious Software Removal Tool Finished On Wed Apr 15 03:57:53 2009 --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v2.10, May 2009 Started On Wed May 13 05:03:46 2009 WARNING: Security policy doesn't allow for all actions MSRT may require. Results Summary: ---------------- No infection found. Return code: 0 Microsoft Windows Malicious Software Removal Tool Finished On Wed May 13 05:05:16 2009 --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v2.11, June 2009 Started On Thu Jun 11 04:47:39 2009 WARNING: Security policy doesn't allow for all actions MSRT may require. Results Summary: ---------------- No infection found. Return code: 0 Microsoft Windows Malicious Software Removal Tool Finished On Thu Jun 11 04:49:23 2009 --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v2.11, June 2009 Started On Thu Jun 18 00:59:19 2009 WARNING: Security policy doesn't allow for all actions MSRT may require. Results Summary: ---------------- No infection found. Return code: 0 Microsoft Windows Malicious Software Removal Tool Finished On Thu Jun 18 01:00:53 2009 --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v2.12, July 2009 Started On Wed Jul 15 05:24:44 2009 WARNING: Security policy doesn't allow for all actions MSRT may require. Results Summary: ---------------- No infection found. Return code: 0 Microsoft Windows Malicious Software Removal Tool Finished On Wed Jul 15 05:26:12 2009 --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v2.13, August 2009 Started On Thu Aug 13 17:27:19 2009 WARNING: Security policy doesn't allow for all actions MSRT may require. Results Summary: ---------------- No infection found. Return code: 0 Microsoft Windows Malicious Software Removal Tool Finished On Thu Aug 13 17:28:49 2009 --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v2.14, September 2009 Started On Tue Sep 08 18:43:08 2009 WARNING: Security policy doesn't allow for all actions MSRT may require. Results Summary: ---------------- No infection found. Return code: 0 Microsoft Windows Malicious Software Removal Tool Finished On Tue Sep 08 18:45:07 2009 --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v2.14, September 2009 Started On Mon Sep 21 23:04:36 2009 WARNING: Security policy doesn't allow for all actions MSRT may require.---------------------------------------------------------------------------- Listing HKCU Explorer\Advanced//Hidden and SuperHidden Registry Keys if Hidden = 0 then Hidden Files and Folders are not shown if SuperHidden = 1 is the desired default value. if ShowSuperHidden = 0 then System Files are not shown if HideFileExt = 1 then File Extension are not shown We want their values to be (from top to bottom) 1,1,1,0 ---------------------------------------------------------------------------- HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\advanced Hidden REG_DWORD 1 (0x1) SuperHidden REG_DWORD 1 (0x1) ShowSuperHidden REG_DWORD 1 (0x1) HideFileExt REG_DWORD 0 (0x0) ************************************************************************************ Examining Select Windows Registry Keys ------------------------------------------------------------------------------------ -------------------------------------------------------------------------- Items Found in ZoneMap\Domains: -------------------------------------------------------------------------- HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\internet settings\zonemap\domains <NO NAME> REG_SZ HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\internet settings\zonemap\domains\msn.com ---------------------------------------------------------------------------- Current User ZoneMap ProtocolDefaults ---------------------------------------------------------------------------- HKEY_CURRENT_USER\software\microsoft\windows\currentversion\internet settings\zonemap\protocoldefaults <NO NAME> REG_SZ http REG_DWORD 3 (0x3) https REG_DWORD 3 (0x3) ftp REG_DWORD 3 (0x3) file REG_DWORD 3 (0x3) @ivt REG_DWORD 1 (0x1) shell REG_DWORD 0 (0x0) ---------------------------------------------------------------------------- Default URL Prefix Keys ---------------------------------------------------------------------------- HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\url HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\url\DefaultPrefix <NO NAME> REG_SZ http:// HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\url\Prefixes ftp REG_SZ ftp:// gopher REG_SZ gopher:// home REG_SZ http:// mosaic REG_SZ http:// www REG_SZ http:// -------------------------------------------------------------------------- Startup Items Disabled via MSCONFIG: -------------------------------------------------------------------------- -------------------------------------------------------------------------- Select AutoRun Registry Keys: -------------------------------------------------------------------------- HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run updateMgr REG_SZ C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0 ctfmon.exe REG_SZ C:\WINDOWS\system32\ctfmon.exe MsnMsgr REG_SZ "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background SUPERAntiSpyware REG_SZ C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run\AdobeUpdater Error: Key: software\microsoft\windows\currentversion\runonce does not exist! HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run RemoteControl REG_SZ "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" readericon REG_SZ C:\Program Files\Digital Media Reader\readericon45G.exe RTHDCPL REG_SZ RTHDCPL.EXE Alcmtr REG_SZ ALCMTR.EXE Recguard REG_EXPAND_SZ %WINDIR%\SMINST\RECGUARD.EXE Easy Dock REG_SZ Adobe Reader Speed Launcher REG_SZ "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" QuickTime Task REG_SZ "C:\Program Files\QuickTime\qttask.exe" -atboottime iTunesHelper REG_SZ "C:\Program Files\iTunes\iTunesHelper.exe" SunJavaUpdateSched REG_SZ "C:\Program Files\Java\jre6\bin\jusched.exe" avgnt REG_SZ "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonceex HKEY_USERS\.default\software\microsoft\windows\currentversion\run Power2GoExpress REG_SZ NA HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run Power2GoExpress REG_SZ NA Error: Key: s-1-5-19\software\microsoft\windows\currentversion\run does not exist! -------------------------------------------------------------------------- WinLogon Notify Registry Key: -------------------------------------------------------------------------- HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AtiExtEvent DLLName REG_SZ Ati2evxx.dll Asynchronous REG_DWORD 0 (0x0) Impersonate REG_DWORD 1 (0x1) Lock REG_SZ AtiLockEvent Logoff REG_SZ AtiLogoffEvent Logon REG_SZ AtiLogonEvent Disconnect REG_SZ AtiDisConnectEvent Reconnect REG_SZ AtiReConnectEvent Safe REG_DWORD 0 (0x0) Shutdown REG_SZ AtiShutdownEvent StartScreenSaver REG_SZ AtiStartScreenSaverEvent StartShell REG_SZ AtiStartShellEvent Startup REG_SZ AtiStartupEvent StopScreenSaver REG_SZ AtiStopScreenSaverEvent Unlock REG_SZ AtiUnLockEvent HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter DLLName REG_SZ avgrsstx.dll Startup REG_SZ AvgStartup HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\crypt32chain Asynchronous REG_DWORD 0 (0x0) Impersonate REG_DWORD 0 (0x0) DllName REG_EXPAND_SZ crypt32.dll Logoff REG_SZ ChainWlxLogoffEvent HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cryptnet Asynchronous REG_DWORD 0 (0x0) Impersonate REG_DWORD 0 (0x0) DllName REG_EXPAND_SZ cryptnet.dll Logoff REG_SZ CryptnetWlxLogoffEvent HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cscdll DLLName REG_SZ cscdll.dll Logon REG_SZ WinlogonLogonEvent Logoff REG_SZ WinlogonLogoffEvent ScreenSaver REG_SZ WinlogonScreenSaverEvent Startup REG_SZ WinlogonStartupEvent Shutdown REG_SZ WinlogonShutdownEvent StartShell REG_SZ WinlogonStartShellEvent Impersonate REG_DWORD 0 (0x0) Asynchronous REG_DWORD 1 (0x1) HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy Asynchronous REG_DWORD 1 (0x1) DllName REG_EXPAND_SZ %SystemRoot%\System32\dimsntfy.dll Startup REG_SZ WlDimsStartup Shutdown REG_SZ WlDimsShutdown Logon REG_SZ WlDimsLogon Logoff REG_SZ WlDimsLogoff StartShell REG_SZ WlDimsStartShell Lock REG_SZ WlDimsLock Unlock REG_SZ WlDimsUnlock HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ScCertProp DLLName REG_SZ wlnotify.dll Logon REG_SZ SCardStartCertProp Logoff REG_SZ SCardStopCertProp Lock REG_SZ SCardSuspendCertProp Unlock REG_SZ SCardResumeCertProp Enabled REG_DWORD 1 (0x1) Impersonate REG_DWORD 1 (0x1) Asynchronous REG_DWORD 1 (0x1) HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Schedule Asynchronous REG_DWORD 0 (0x0) DllName REG_EXPAND_SZ wlnotify.dll Impersonate REG_DWORD 0 (0x0) StartShell REG_SZ SchedStartShell Logoff REG_SZ SchedEventLogOff HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sclgntfy Logoff REG_SZ WLEventLogoff Impersonate REG_DWORD 0 (0x0) Asynchronous REG_DWORD 1 (0x1) DllName REG_EXPAND_SZ sclgntfy.dll HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SensLogn DLLName REG_SZ WlNotify.dll Lock REG_SZ SensLockEvent Logon REG_SZ SensLogonEvent Logoff REG_SZ SensLogoffEvent Safe REG_DWORD 1 (0x1) MaxWait REG_DWORD 600 (0x258) StartScreenSaver REG_SZ SensStartScreenSaverEvent StopScreenSaver REG_SZ SensStopScreenSaverEvent Startup REG_SZ SensStartupEvent Shutdown REG_SZ SensShutdownEvent StartShell REG_SZ SensStartShellEvent PostShell REG_SZ SensPostShellEvent Disconnect REG_SZ SensDisconnectEvent Reconnect REG_SZ SensReconnectEvent Unlock REG_SZ SensUnlockEvent Impersonate REG_DWORD 1 (0x1) Asynchronous REG_DWORD 1 (0x1) HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\termsrv Asynchronous REG_DWORD 0 (0x0) DllName REG_EXPAND_SZ wlnotify.dll Impersonate REG_DWORD 0 (0x0) Logoff REG_SZ TSEventLogoff Logon REG_SZ TSEventLogon PostShell REG_SZ TSEventPostShell Shutdown REG_SZ TSEventShutdown StartShell REG_SZ TSEventStartShell Startup REG_SZ TSEventStartup MaxWait REG_DWORD 600 (0x258) Reconnect REG_SZ TSEventReconnect Disconnect REG_SZ TSEventDisconnect HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wlballoon DLLName REG_SZ wlnotify.dll Logon REG_SZ RegisterTicketExpiredNotificationEvent Logoff REG_SZ UnregisterTicketExpiredNotificationEvent Impersonate REG_DWORD 1 (0x1) Asynchronous REG_DWORD 1 (0x1) -------------------------------------------------------------------------- Shared Task Scheduler Registry Items: -------------------------------------------------------------------------- HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler {438755C2-A8BA-11D1-B96B-00A0C90312E1} REG_SZ Browseui preloader {8C7461EF-2B13-11d2-BE35-3078302C2030} REG_SZ Component Categories cache daemon -------------------------------------------------------------------------- Scheduled Tasks: -------------------------------------------------------------------------- Volume in drive C has no label. Volume Serial Number is 18A2-DE4C Directory of C:\WINDOWS\tasks 10/01/2009 11:59 PM <DIR> . 10/01/2009 11:59 PM <DIR> .. 09/28/2009 12:07 AM 472 Ad-Aware Update (Weekly).job 09/11/2009 01:10 PM 284 AppleSoftwareUpdate.job 08/04/2004 03:00 PM 65 desktop.ini 10/01/2009 11:59 PM 438 regcure program check.job 10/01/2009 11:59 PM 372 regcure.job 10/01/2009 11:12 PM 6 SA.DAT 10/02/2009 05:00 AM 240 {7b02ef0b-a410-4938-8480-9ba26420a627}.job 10/02/2009 05:00 AM 278 {bb65b0fb-5712-401b-b616-e69ac55e2757}.job 8 File(s) 2,155 bytes Total Files Listed: 8 File(s) 2,155 bytes 2 Dir(s) 32,693,469,184 bytes free A C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job A C:\WINDOWS\tasks\AppleSoftwareUpdate.job HR C:\WINDOWS\tasks\desktop.ini A C:\WINDOWS\tasks\regcure program check.job A C:\WINDOWS\tasks\regcure.job A H C:\WINDOWS\tasks\SA.DAT A H C:\WINDOWS\tasks\{7b02ef0b-a410-4938-8480-9ba26420a627}.job A H C:\WINDOWS\tasks\{bb65b0fb-5712-401b-b616-e69ac55e2757}.job ---------------------------------------------------------------------------- ShellExecuteHooks Registry Keys ---------------------------------------------------------------------------- HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks {AEB6717E-7E19-11d0-97EE-00C04FD91972} REG_SZ ---------------------------------------------------------------------------- ShellServiceObjectDelayLoad Registry Keys ---------------------------------------------------------------------------- HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload PostBootReminder REG_SZ {7849596a-48ea-486e-8937-a2a3009f31a9} CDBurn REG_SZ {fbeb8a05-beee-4442-804e-409d6c4515e9} WebCheck REG_SZ {E6FB5E20-DE35-11CF-9C87-00AA005127ED} SysTray REG_SZ {35CEC8A3-2BE6-11D2-8773-92E220524153} ---------------------------------------------------------------------------- ModuleUsage Registry Keys: ---------------------------------------------------------------------------- HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\C:/WINDOWS/Downloaded Program Files/DownloadManagerV2.ocx .Owner REG_SZ {4871A87A-BFDD-4106-8153-FFDE2BAC2967} {4871A87A-BFDD-4106-8153-FFDE2BAC2967} REG_SZ HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\C:/WINDOWS/Downloaded Program Files/gp.ocx .Owner REG_SZ {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} REG_SZ HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\C:/WINDOWS/Downloaded Program Files/Manager.exe .Owner REG_SZ {4871A87A-BFDD-4106-8153-FFDE2BAC2967} {4871A87A-BFDD-4106-8153-FFDE2BAC2967} REG_SZ HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\C:/WINDOWS/Downloaded Program Files/PhotoUploader5.ocx .Owner REG_SZ {0CCA191D-13A6-4E29-B746-314DEE697D83} {0CCA191D-13A6-4E29-B746-314DEE697D83} REG_SZ HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\C:/WINDOWS/Downloaded Program Files/securelogin.ocx .Owner REG_SZ {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} REG_SZ HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\C:/WINDOWS/system32/atl.dll .Owner REG_SZ Unknown Owner {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} REG_SZ HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\C:/WINDOWS/system32/imlCID.dll .Owner REG_SZ {7DFDB8FD-B498-4958-B930-38021B94351D} {7DFDB8FD-B498-4958-B930-38021B94351D} REG_SZ HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\C:/WINDOWS/system32/unicows.dll .Owner REG_SZ {0CCA191D-13A6-4E29-B746-314DEE697D83} {0CCA191D-13A6-4E29-B746-314DEE697D83} REG_SZ ---------------------------------------------------------------------------- BHO Registry Keys: ---------------------------------------------------------------------------- HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{0347C33E-8762-4905-BF09-768834316C61} <NO NAME> REG_SZ HP Print Enhancer HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3} <NO NAME> REG_SZ AcroIEHelperStub NoExplorer REG_DWORD 1 (0x1) HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} <NO NAME> REG_SZ WormRadar.com IESiteBlocker.NavFilter HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{7E853D72-626A-48EC-A868-BA8D5E23E045} <NO NAME> REG_SZ HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} NoExplorer REG_DWORD 1 (0x1) HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C} <NO NAME> REG_SZ JQSIEStartDetectorImpl NoExplorer REG_DWORD 1 (0x1) HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{EAD3A971-6A23-4246-8691-C9244E858967} <NO NAME> REG_SZ HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} <NO NAME> REG_SZ HP Smart BHO Class NoExplorer REG_DWORD 1 (0x1) -------------------------------------------------------------------------- Select Policy Keys: -------------------------------------------------------------------------- HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer NoDriveTypeAutoRun REG_DWORD 145 (0x91) NoDriveAutoRun REG_BINARY 00000000 HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer HonorAutoRunSetting REG_DWORD 1 (0x1) HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system dontdisplaylastusername REG_DWORD 0 (0x0) legalnoticecaption REG_SZ legalnoticetext REG_SZ shutdownwithoutlogon REG_DWORD 1 (0x1) undockwithoutlogon REG_DWORD 1 (0x1) HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer NoDriveTypeAutoRun REG_DWORD 145 (0x91) HKEY_USERS\.default\software\microsoft\windows\currentversion\policies HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\Explorer HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer NoDriveTypeAutoRun REG_DWORD 145 (0x91) ************************************************************************************ Checking File System for suspicious Files -------------------------------------------------------------------------- Items in the Root Directory: -------------------------------------------------------------------------- Locating all files created in C:\ "C:\" 36A2AB~1 Aug 8 2009 "36a2aba22fd81d689909e7f9c405dd" audit_~1 Sep 13 2008 2 "AUDIT_INSTALL_IN_PROGRESS" autoexec.bat Aug 26 2004 0 "AUTOEXEC.BAT" AVENGER Oct 1 2009 "Avenger" avenger.txt Oct 1 2009 1300 "avenger.txt" avi_log.txt Dec 16 2008 2694 "avi_log.txt" boot.ini Jul 19 2005 201 "boot.ini" CONFIG.MSI Sep 13 2008 "Config.Msi" config.sys Aug 26 2004 0 "CONFIG.SYS" debug.log Dec 22 2008 105885 "debug.log" DOCUME~1 Aug 26 2004 "Documents and Settings" dvdlog.txt Dec 16 2008 2127 "dvdlog.txt" hiberfil.sys Oct 1 2009 668626944 "hiberfil.sys" io.sys Aug 26 2004 0 "IO.SYS" iph.ph Sep 13 2008 1112 "IPH.PH" ISEEYO~1 Oct 1 2009 "ISeeYouXP" MACH2 Sep 13 2008 "Mach2" msdos.sys Aug 26 2004 0 "MSDOS.SYS" MSOCACHE Sep 1 2009 "MSOCache" MYMUSI~1 Sep 13 2008 "My Music" MYBACK~1 Sep 13 2008 "My Backup -- 08-09-12 1046PM" ntdetect.com Aug 4 2004 47564 "NTDETECT.COM" ntldr Sep 13 2008 250048 "ntldr" pagefile.sys Oct 1 2009 1006632960 "pagefile.sys" player~1.txt Dec 4 2008 1280 "Player Loader_log.txt" PROGRA~1 Jul 19 2005 "Program Files" RECYCLER Sep 13 2008 "RECYCLER" reques~1 Sep 13 2008 0 "REQUEST_OEMRESET_ENDUSER" rhdsetup.log Sep 13 2008 499 "RHDSetup.log" sq13b0~1.sqm Oct 1 2009 244 "sqmnoopt12.sqm" sq13b4~1.sqm Oct 1 2009 244 "sqmnoopt13.sqm" sq13b8~1.sqm Sep 30 2009 244 "sqmnoopt10.sqm" sq13bc~1.sqm Oct 1 2009 244 "sqmnoopt11.sqm" sq23b0~1.sqm Sep 23 2009 244 "sqmnoopt16.sqm" sq23b4~1.sqm Sep 24 2009 244 "sqmnoopt17.sqm" sq23b8~1.sqm Oct 1 2009 244 "sqmnoopt14.sqm" sq23bc~1.sqm Sep 22 2009 244 "sqmnoopt15.sqm" sq2fa0~1.sqm Sep 30 2009 244 "sqmnoopt06.sqm" sq2fa4~1.sqm Sep 30 2009 244 "sqmnoopt07.sqm" sq2fa8~1.sqm Sep 30 2009 244 "sqmnoopt04.sqm" sq2fac~1.sqm Sep 30 2009 244 "sqmnoopt05.sqm" sq33b8~1.sqm Sep 25 2009 244 "sqmnoopt18.sqm" sq33bc~1.sqm Sep 25 2009 244 "sqmnoopt19.sqm" sq3fa8~1.sqm Sep 30 2009 244 "sqmnoopt08.sqm" sq3fac~1.sqm Sep 30 2009 244 "sqmnoopt09.sqm" sqa368~1.sqm Sep 30 2009 268 "sqmdata10.sqm" sqa378~1.sqm Oct 1 2009 268 "sqmdata14.sqm" sqa37a~1.sqm Sep 30 2009 268 "sqmdata04.sqm" sqa388~1.sqm Sep 25 2009 268 "sqmdata18.sqm" sqa38a~1.sqm Sep 30 2009 268 "sqmdata08.sqm" sqa768~1.sqm Oct 1 2009 268 "sqmdata11.sqm" sqa778~1.sqm Sep 22 2009 268 "sqmdata15.sqm" sqa77a~1.sqm Sep 30 2009 268 "sqmdata05.sqm" sqa788~1.sqm Sep 25 2009 268 "sqmdata19.sqm" sqa78a~1.sqm Sep 30 2009 268 "sqmdata09.sqm" sqab68~1.sqm Oct 1 2009 268 "sqmdata12.sqm" sqab78~1.sqm Sep 23 2009 268 "sqmdata16.sqm" sqab7a~1.sqm Sep 30 2009 268 "sqmdata06.sqm" sqaf68~1.sqm Oct 1 2009 268 "sqmdata13.sqm" sqaf78~1.sqm Sep 24 2009 268 "sqmdata17.sqm" sqaf7a~1.sqm Sep 30 2009 268 "sqmdata07.sqm" sqmdat~1.sqm Sep 26 2009 268 "sqmdata00.sqm" sqmdat~2.sqm Sep 27 2009 268 "sqmdata01.sqm" sqmdat~3.sqm Sep 28 2009 268 "sqmdata02.sqm" sqmdat~4.sqm Sep 29 2009 268 "sqmdata03.sqm" sqmnoo~1.sqm Sep 26 2009 244 "sqmnoopt00.sqm" sqmnoo~2.sqm Sep 27 2009 244 "sqmnoopt01.sqm" sqmnoo~3.sqm Sep 28 2009 244 "sqmnoopt02.sqm" sqmnoo~4.sqm Sep 29 2009 244 "sqmnoopt03.sqm" SYSTEM~1 Jul 19 2005 "System Recovery" SYSTEM~2 Sep 13 2008 "System Volume Information" TEMP Aug 28 2004 "TEMP" TEMPDVD Dec 16 2008 "TempDVD" user Sep 13 2008 2 "USER" video2~1.log Dec 16 2008 12087 "video2dvdpro.log" WINDOWS Aug 26 2004 "WINDOWS" 76 items found: 60 files (49 H/S), 16 directories (5 H/S). Total of file sizes: 1,675,694,945 bytes 1.56 G -------------------------------------------------------------------------- Items in the C:\TEMP Directory: -------------------------------------------------------------------------- Locating all files created in C:\TEMP "C:\TEMP\" debug.txt Dec 16 2008 193 "debug.txt" enhanc~1.txt Sep 29 2009 0 "EnhancedDataOutput.txt" 2 items found: 2 files, 0 directories. Total of file sizes: 193 bytes 0.19 K -------------------------------------------------------------------------- Locating all Backup files on C: -------------------------------------------------------------------------- Locating all *.BAK* files "C:\WINDOWS\" imsins.bak Sep 21 2009 1374 "imsins.BAK" "C:\Program Files\eMule\" downlo~1.bak Sep 16 2009 1034 "downloads.bak" "C:\Program Files\WinRAR\" winrar~1.bak Dec 26 2004 847360 "WinRAR.exe.bak" "C:\Documents and Settings\All Users\DRM\" drmv1.bak Sep 19 2009 4348 "DRMv1.bak" "C:\Program Files\eMule\config\" client~1.bak Jan 7 2009 531578 "clients.met.bak" "C:\Program Files\eMule\Temp\" 002par~1.bak Sep 18 2009 330 "002.part.met.bak" 009par~1.bak Sep 18 2009 341 "009.part.met.bak" 011par~1.bak Sep 18 2009 133 "011.part.met.bak" "C:\Program Files\regcure\Backup\" re14d7~1.bak Oct 1 2009 1157 "RegCureBak_July_09_09_03_08_06.bak" re1930~1.bak Oct 1 2009 3500 "RegCureBak_January_08_09_03_06_59.bak" re2cff~1.bak Oct 1 2009 608 "RegCureBak_February_12_09_03_05_25.bak" re7b58~1.bak Oct 1 2009 145 "RegCureBak_June_11_09_03_22_31.bak" re8511~1.bak Oct 1 2009 417 "RegCureBak_June_25_09_03_15_03.bak" re8b25~1.bak Oct 1 2009 791 "RegCureBak_June_18_09_03_16_18.bak" re8bca~1.bak Oct 1 2009 946 "RegCureBak_September_10_09_03_11_27.bak" re91ee~1.bak Oct 1 2009 818 "RegCureBak_November_09_08_00_00_37.bak" re9e1e~1.bak Oct 1 2009 1684 "RegCureBak_March_12_09_03_07_24.bak" rea918~1.bak Oct 1 2009 1800 "RegCureBak_November_13_08_03_48_53.bak" reaf10~1.bak Oct 1 2009 230 "RegCureBak_September_03_09_03_11_06.bak" rec62c~1.bak Oct 1 2009 136 "RegCureBak_March_05_09_03_05_00.bak" rec6c6~1.bak Oct 1 2009 3189 "RegCureBak_September_24_09_03_09_04.bak" red236~1.bak Oct 1 2009 388 "RegCureBak_March_26_09_03_09_57.bak" regcur~1.bak Oct 1 2009 264 "RegCureBak_April_23_09_03_12_50.bak" regcur~2.bak Oct 1 2009 153 "RegCureBak_August_20_09_05_13_46.bak" regcur~3.bak Oct 1 2009 580 "RegCureBak_December_11_08_03_09_38.bak" regcur~4.bak Oct 1 2009 6702 "RegCureBak_December_30_08_18_08_02.bak" "C:\WINDOWS\Debug\Setup\" updsh.bak Sep 13 2008 348522 "UpdSh.bak" "C:\WINDOWS\Debug\Setup\Backup\" hdaudi~1.bak Sep 13 2008 0 "HDAUDIO_Backup.bak" intppm~1.bak Sep 13 2008 4 "INTPPM_Backup.bak" "C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\" brndlog.bak Aug 26 2004 439 "brndlog.bak" "C:\Documents and Settings\Default User\Application Data\Microsoft\Internet Explorer\" brndlog.bak Aug 26 2004 439 "brndlog.bak" "C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\" brndlog.bak Aug 26 2004 439 "brndlog.bak" "C:\Documents and Settings\Owner\Desktop\Diggity Designs\emachine Files\" caster~1.bak Jul 27 2009 9971 "Caster_EX1_RearUpperDeck.bak" caster~2.bak Jul 27 2009 15708 "Caster_EX1_FrontUpperDeck.bak" tc5bat~1.bak Mar 19 2009 13930 "TC5 Battery Brace 500 over.bak" "C:\Documents and Settings\Owner\My Documents\My Music\License Backup\" drmv1key.bak Sep 19 2009 4348 "drmv1key.bak" drmv1lic.bak Sep 19 2009 20 "drmv1lic.bak" drmv2key.bak Sep 19 2009 400 "drmv2key.bak" drmv2lic.bak Sep 19 2009 0 "drmv2lic.bak" "C:\Program Files\Macromedia\Dreamweaver MX 2004\Configuration\Menus\" menus.bak Mar 1 2004 337224 "menus.bak" "C:\WINDOWS\pchealth\helpctr\Config\Cache\" person~1.bak Dec 16 2008 142762 "Personal_32_1033.dat.bak" "C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Cache\" mcsubdb.bak Sep 13 2008 953 "McSubDB.Bak" "C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\" opa12.bak Oct 17 2002 8200 "OPA12.BAK" "C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Internet Explorer\" brndlog.bak Jun 18 2009 7917 "brndlog.bak" "C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Internet Explorer\" brndlog.bak Aug 26 2004 439 "brndlog.bak" 45 items found: 45 files (4 H/S), 0 directories. Total of file sizes: 2,301,721 bytes 2.19 M -------------------------------------------------------------------------- Locating all copies of Internet Explorer on C: -------------------------------------------------------------------------- Locating all copies of Internet Explorer "C:\Program Files\Internet Explorer\" iexplore.exe Mar 8 2009 638816 "iexplore.exe" "C:\WINDOWS\$NtServicePackUninstall$\" iexplore.exe Aug 4 2004 93184 "iexplore.exe" "C:\WINDOWS\ie8\" iexplore.exe Apr 13 2008 93184 "iexplore.exe" "C:\WINDOWS\ServicePackFiles\i386\" iexplore.exe Apr 13 2008 93184 "iexplore.exe" "C:\WINDOWS\system32\dllcache\" iexplore.exe Mar 8 2009 638816 "iexplore.exe" "C:\WINDOWS\$hf_mig$\KB953838-IE7\SP2QFE\" iexplore.exe Jun 23 2008 625664 "iexplore.exe" "C:\WINDOWS\SoftwareDistribution\Download\b4e75dba041bc21ee94fbcfa88cb49de\SP2GDR\" iexplore.exe Jun 23 2008 625664 "iexplore.exe" "C:\WINDOWS\SoftwareDistribution\Download\b4e75dba041bc21ee94fbcfa88cb49de\SP2QFE\" iexplore.exe Jun 23 2008 625664 "iexplore.exe" 8 items found: 8 files, 0 directories. Total of file sizes: 3,434,176 bytes 3.27 M -------------------------------------------------------------------------- Locating all copies of beep.sy_ on C: -------------------------------------------------------------------------- Locating all copies of Internet Explorer "C:\WINDOWS\I386\" beep.sy_ Aug 4 2004 2123 "BEEP.SY_" 1 item found: 1 file, 0 directories. Total of file sizes: 2,123 bytes 2.07 K -------------------------------------------------------------------------- Locating all copies of beep.sys on C: -------------------------------------------------------------------------- Locating all copies of Internet Explorer "C:\WINDOWS\system32\dllcache\" beep.sys Aug 4 2004 4224 "beep.sys" "C:\WINDOWS\system32\drivers\" beep.sys Aug 4 2004 4224 "beep.sys" 2 items found: 2 files, 0 directories. Total of file sizes: 8,448 bytes 8.25 K -------------------------------------------------------------------------- Locating all copies of Windows Explorer on C: -------------------------------------------------------------------------- Locating all copies of Windows Explorer "C:\WINDOWS\" explorer.exe Apr 13 2008 1033728 "explorer.exe" "C:\WINDOWS\$NtServicePackUninstall$\" explorer.exe Aug 4 2004 1032192 "explorer.exe" "C:\WINDOWS\ServicePackFiles\i386\" explorer.exe Apr 13 2008 1033728 "explorer.exe" 3 items found: 3 files, 0 directories. Total of file sizes: 3,099,648 bytes 2.95 M -------------------------------------------------------------------------- Items in Document and Settings: -------------------------------------------------------------------------- Listing contents of C:\Documents and Settings "C:\Documents and Settings\" ADMINI~1 Sep 20 2009 "Administrator" ALLUSE~1 Aug 26 2004 "All Users" DEFAUL~1 Aug 26 2004 "Default User" LOCALS~1 Aug 26 2004 "LocalService" NETWOR~1 Aug 26 2004 "NetworkService" OWNER Aug 26 2004 "Owner" 6 items found: 0 files, 6 directories (3 H/S). -------------------------------------------------------------------------- Desktop Items: -------------------------------------------------------------------------- Locating all files created in C:\Documents and Settings\Owner\Desktop within the last 90 days. "C:\Documents and Settings\Owner\Desktop\" a2scan~1.txt Oct 2 2009 4302 "a2scan_091002-000804.txt" atf-cl~1.exe Oct 1 2009 50688 "ATF-Cleaner.exe" BEATLE~1 Sep 7 2009 "Beatles Remastered" ca7484~1.jpg Jul 17 2009 168281 "Caster_TopPlate_V2_1.jpg" ca8480~1.jpg Jul 17 2009 173272 "Caster_TopPlate_V2_4.jpg" ca8484~1.jpg Jul 17 2009 227017 "Caster_TopPlate_V2_5.jpg" ca8488~1.jpg Jul 17 2009 161514 "Caster_TopPlate_V2_2.jpg" ca848c~1.jpg Jul 17 2009 188496 "Caster_TopPlate_V2_3.jpg" explor~1.exe Oct 1 2009 420137 "explorerxpsetup.exe" explor~1.lnk Oct 1 2009 1580 "ExplorerXP.lnk" hudyof~1.pdf Jul 21 2009 3839736 "HUDY Off-road & Truggy Set-up Book.pdf" iseeyo~1.exe Oct 1 2009 1106604 "ISeeYouXP.exe" iseeyo~1.lnk Oct 2 2009 534 "ISeeYouXP.lnk" kidsco~1.odt Aug 26 2009 18399 "Kids Comp.odt" killbo~1.exe Oct 1 2009 93696 "KillBox-Beta.exe" protoc~1.odt Aug 18 2009 24622 "protocal_rootcanaledteeth.odt" shippi~1.odt Aug 3 2009 12343 "SHIPPING LABEL.odt" teeth.odt Aug 18 2009 37879 "TEETH.odt" teethi~1.odt Aug 15 2009 20247 "TeethInfo.odt" tekin-~1.pdf Jul 6 2009 570119 "Tekin-RS-setup-sheet-v1.pdf" tekin-~2.pdf Jul 6 2009 615852 "Tekin-RS-setup_DamonConverse_6.5Mod4wdBuggy.pdf" tekin-~3.pdf Jul 6 2009 615858 "Tekin-RS-setup_DamonConverse_13.5Truck.pdf" TEKINH~1 Aug 5 2009 "TekinHotWire_Beta3_30_RS_V200" ultra_ob.pdf Sep 13 2009 2689968 "ultra_ob.pdf" ultra_qr.pdf Sep 13 2009 831938 "ultra_qr.pdf" win32k~1.exe Oct 1 2009 47616 "Win32kDiag.exe" YO Oct 1 2009 "YO" 27 items found: 24 files, 3 directories. Total of file sizes: 11,920,698 bytes 11.37 M Locating all files created in C:\Documents and Settings\All Users\Desktop\ within the last 90 days. "C:\Documents and Settings\All Users\Desktop\" a-squa~1.lnk Sep 30 2009 648 "a-squared Free.lnk" a-squa~2.lnk Oct 1 2009 710 "a-squared HiJackFree.lnk" adober~1.lnk Aug 15 2009 1729 "Adobe Reader 9.lnk" aviraa~1.lnk Oct 1 2009 1707 "Avira AntiVir Control Center.lnk" emachi~1.lnk Jul 27 2009 670 "eMachineShop.lnk" itunes.lnk Sep 19 2009 2137 "iTunes.lnk" 6 items found: 6 files, 0 directories. Total of file sizes: 7,601 bytes 7.42 K -------------------------------------------------------------------------- Start Menu Items: -------------------------------------------------------------------------- Locating all files created inC:\Documents and Settings\Owner\Start Menu within the last 90 days. No matches found. Locating all files created in C:\Documents and Settings\Owner\Start Menu\Programs\Startup within the last 90 days. No matches found. Locating all files created in C:\Documents and Settings\All Users\Start Menu within the last 90 days. No matches found. Locating all files created in C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ within the last 90 days. No matches found. -------------------------------------------------------------------------- Application Data Items: -------------------------------------------------------------------------- Locating all files created in C:\Documents and Settings\Owner\Application Data\ within the last 90 days. "C:\Documents and Settings\Owner\Application Data\" HPAPPD~1 Sep 21 2009 "HPAppData" INSTAL~1 Jul 24 2009 "InstallShield" MALWAR~1 Sep 30 2009 "Malwarebytes" SUPERA~1.COM Sep 21 2009 "SUPERAntiSpyware.com" 4 items found: 0 files, 4 directories. Locating all files created in C:\Documents and Settings\Owner\Local Settings\Application Data\ within the last 90 days. "C:\Documents and Settings\Owner\Local Settings\Application Data\" CONDUIT Aug 31 2009 "Conduit" gdipfo~1.dat Sep 5 2009 298680 "GDIPFONTCACHEV1.DAT" iconca~1.db Oct 1 2009 6421590 "IconCache.db" MICROS~2 Sep 1 2009 "Microsoft Help" SHIPPI~1 Sep 30 2009 "ShippingAssistant" 5 items found: 2 files (1 H/S), 3 directories. Total of file sizes: 6,720,270 bytes 6.41 M Locating all files created in C:\Documents and Settings\All Users\Application Data\ within the last 90 days. "C:\Documents and Settings\All Users\Application Data\" AVIRA Oct 1 2009 "Avira" hpzins~1.log Jul 23 2009 1725 "hpzinstall.log" MALWAR~1 Sep 30 2009 "Malwarebytes" micros~1.bc Sep 30 2009 133 "Microsoft.SqlServer.Compact.351.32.bc" MICROS~2 Sep 1 2009 "Microsoft Help" PCTOOL~1 Sep 21 2009 "PC Tools" SUPERA~1.COM Sep 21 2009 "SUPERAntiSpyware.com" TEMP Sep 21 2009 "TEMP" 8 items found: 2 files, 6 directories. Total of file sizes: 1,858 bytes 1.81 K -------------------------------------------------------------------------- C:\Documents and Settings\Owner\Local Settings\TEMP: -------------------------------------------------------------------------- Locating all files created in C:\Documents and Settings\Owner\Local Settings\TEMP within the last 90 days. -------------------------------------------------------------------------- Items in Templates Folder: -------------------------------------------------------------------------- Locating all files created in C:\Documents and Settings\Owner\Templates "C:\Documents and Settings\Owner\Templates\" amipro.sam Aug 4 2004 4570 "amipro.sam" excel.xls Aug 4 2004 5632 "excel.xls" excel4.xls Aug 4 2004 1518 "excel4.xls" lotus.wk4 Aug 4 2004 2448 "lotus.wk4" powerpnt.ppt Aug 4 2004 12288 "powerpnt.ppt" presenta.shw Aug 4 2004 461 "presenta.shw" quattro.wb2 Aug 4 2004 4017 "quattro.wb2" sndrec.wav Aug 4 2004 58 "sndrec.wav" winword.doc Aug 4 2004 4608 "winword.doc" winword2.doc Aug 4 2004 1769 "winword2.doc" wordpfct.wpd Aug 4 2004 30 "wordpfct.wpd" wordpfct.wpg Aug 4 2004 57 "wordpfct.wpg" 12 items found: 12 files, 0 directories. Total of file sizes: 37,456 bytes 36.58 K -------------------------------------------------------------------------- Items in Program Files: -------------------------------------------------------------------------- Locating all files created in C:\Program Files\ within the last 90 days. "C:\Program Files\" A-SQUA~1 Sep 30 2009 "a-squared Free" A-SQUA~2 Oct 1 2009 "a-squared HiJackFree" ALWILS~1 Oct 1 2009 "Alwil Software" AVIRA Oct 1 2009 "Avira" EXPLOR~1 Oct 1 2009 "ExplorerXP" MICROS~1.NET Sep 1 2009 "Microsoft.NET" PAYPAL Jul 24 2009 "PayPal" REGCURE Oct 1 2009 "regcure" TEKINH~1 Aug 5 2009 "Tekin HotWire" 9 items found: 0 files, 9 directories. Locating all files created in C:\Program Files\Common Files\ within the last 90 days. "C:\Program Files\Common Files\" DESIGNER Sep 1 2009 "DESIGNER" 1 item found: 0 files, 1 directory. Locating all files created in C:\Program Files\Common Files\Microsoft Shared\Web Folders within the last 90 days. No matches found. -------------------------------------------------------------------------- Items in the Windows Directory: -------------------------------------------------------------------------- Locating all files created in C:\WINDOWS\ within the last 90 days. "C:\WINDOWS\" $N10EC~1 Aug 26 2009 "$NtUninstallKB970653-v3$" $N24DA~1 Jul 29 2009 "$NtUninstallKB972260$" $N38DC~2 Jul 15 2009 "$NtUninstallKB961371$" $N3945~1 Aug 13 2009 "$NtUninstallKB973540_WM9$" $N48C7~1 Sep 8 2009 "$NtUninstallKB968816_WM9$" $N50D6~2 Aug 13 2009 "$NtUninstallKB973354$" $N50D6~3 Sep 8 2009 "$NtUninstallKB971961$" $N54DA~1 Aug 13 2009 "$NtUninstallKB956744$" $N58B2~1 Jul 15 2009 "$NtUninstallKB971633$" $N60BA~1 Aug 13 2009 "$NtUninstallKB973815$" $N64D6~1 Sep 8 2009 "$NtUninstallKB956844$" $N68AC~1 Aug 9 2009 "$NtUninstallKB961118$" $N68C6~1 Jul 15 2009 "$NtUninstallKB973346$" $N78A6~1 Aug 13 2009 "$NtUninstallKB973507$" $N78C2~1 Aug 13 2009 "$NtUninstallKB971657$" $N78C6~1 Aug 13 2009 "$NtUninstallKB971557$" $N7CFC~1 Aug 15 2009 "$NtUninstallKB968389$" $N84C0~1 Aug 13 2009 "$NtUninstallKB960859$" $N88DA~1 Aug 13 2009 "$NtUninstallKB973869$" 0.log Oct 1 2009 0 "0.log" bootstat.dat Oct 1 2009 2048 "bootstat.dat" comsetup.log Oct 1 2009 228409 "comsetup.log" faxsetup.log Oct 1 2009 651030 "FaxSetup.log" hpoins14.dat Jul 23 2009 141206 "hpoins14.dat" ie4err~1.txt Aug 16 2009 1611 "IE4 Error Log.txt" IE8 Sep 21 2009 "ie8" ie8.log Sep 21 2009 171261 "ie8.log" ie8_main.log Sep 21 2009 125324 "ie8_main.log" iis6.log Oct 1 2009 99484 "iis6.log" imsins.bak Sep 21 2009 1374 "imsins.BAK" imsins.log Oct 1 2009 4566 "imsins.log" kb956744.log Aug 13 2009 8835 "KB956744.log" kb956844.log Sep 8 2009 6961 "KB956844.log" kb960859.log Aug 13 2009 13835 "KB960859.log" kb961118.log Aug 9 2009 4888 "KB961118.log" kb961371.log Jul 15 2009 14732 "KB961371.log" kb968389.log Aug 15 2009 19379 "KB968389.log" kb968816.log Sep 8 2009 6192 "KB968816.log" kb9706~1.log Aug 26 2009 4051 "KB970653-v3.log" kb971557.log Aug 13 2009 13258 "KB971557.log" kb971633.log Jul 15 2009 13853 "KB971633.log" kb971657.log Aug 13 2009 13754 "KB971657.log" kb971961.log Sep 8 2009 7370 "KB971961.log" kb9719~1.log Sep 22 2009 2819 "KB971961-IE8.log" kb972260.log Jul 29 2009 18037 "KB972260.log" kb9722~1.log Sep 22 2009 27685 "KB972260-IE8.log" kb973346.log Jul 15 2009 8661 "KB973346.log" kb973354.log Aug 13 2009 8428 "KB973354.log" kb973507.log Aug 13 2009 13561 "KB973507.log" kb973540.log Aug 13 2009 7664 "KB973540.log" kb973815.log Aug 13 2009 12418 "KB973815.log" kb973869.log Aug 13 2009 8293 "KB973869.log" kb9738~1.log Sep 21 2009 22392 "KB973874-IE8.log" msgsocm.log Oct 1 2009 39200 "msgsocm.log" ntbtlog.txt Sep 30 2009 1551904 "ntbtlog.txt" ntdtcs~1.log Oct 1 2009 141085 "ntdtcsetup.log" ocgen.log Oct 1 2009 364515 "ocgen.log" ocmsn.log Oct 1 2009 37946 "ocmsn.log" randseed.rnd Jul 28 2009 512 "randseed.rnd" schedlgu.txt Oct 1 2009 32156 "SchedLgU.Txt" setupapi.log Oct 1 2009 844170 "setupapi.log" SHELLNEW Sep 1 2009 "SHELLNEW" spupdsvc.log Sep 21 2009 57875 "spupdsvc.log" system.ini Oct 1 2009 455 "system.ini" tsoc.log Oct 1 2009 267353 "tsoc.log" updspapi.log Sep 21 2009 227396 "updspapi.log" wiadebug.log Oct 2 2009 211 "wiadebug.log" wiaservc.log Oct 1 2009 49 "wiaservc.log" win.ini Jul 23 2009 696 "win.ini" win32k.sys Oct 1 2009 0 "win32k.sys" window~1.log Oct 1 2009 1743050 "WindowsUpdate.log" wmsetup.log Aug 13 2009 67130 "wmsetup.log" yacs.log Sep 3 2009 12517 "yacs.log" 73 items found: 52 files (1 H/S), 21 directories (20 H/S). Total of file sizes: 7,071,599 bytes 6.74 M -------------------------------------------------------------------------- C:\WINDOWS\Downloaded Program Files: -------------------------------------------------------------------------- Locating all files created in C:\WINDOWS\Downloaded Program Files\ within the last 90 days. "C:\WINDOWS\Downloaded Program Files\" epuwal~1.dll Sep 18 2009 3170072 "EPUWALcontrol.dll" 1 item found: 1 file, 0 directories. Total of file sizes: 3,170,072 bytes 3.02 M -------------------------------------------------------------------------- C:\WINDOWS\PCHealth\HelpCtr\Binaries: -------------------------------------------------------------------------- Locating all files in C:\WINDOWS\PCHealth\HelpCtr\Binaries "C:\WINDOWS\pchealth\helpctr\binaries\" brpinfo.dll Aug 4 2004 21504 "brpinfo.dll" hcappres.dll Aug 4 2004 6656 "HCAppRes.dll" helpctr.exe Apr 13 2008 769024 "helpctr.exe" helphost.exe Aug 4 2004 99840 "HelpHost.exe" helpsvc.exe Apr 13 2008 744448 "helpsvc.exe" hscsp_p3.cab Dec 28 2006 290594 "hscsp_p3.cab" hscupd.exe Apr 13 2008 18432 "hscupd.exe" msconfig.exe Apr 13 2008 169984 "msconfig.exe" msinfo.dll Apr 13 2008 376832 "msinfo.dll" notiflag.exe Aug 4 2004 35328 "notiflag.exe" pchdt_p3.cab Aug 4 2004 2334260 "pchdt_p3.cab" pchshell.dll Apr 13 2008 102912 "pchshell.dll" pchsvc.dll Apr 13 2008 38400 "pchsvc.dll" 13 items found: 13 files, 0 directories. Total of file sizes: 5,008,214 bytes 4.77 M -------------------------------------------------------------------------- C:\WINDOWS\system: -------------------------------------------------------------------------- Locating all files created in C:\WINDOWS\system within the last 90 days. No matches found. -------------------------------------------------------------------------- C:\WINDOWS\system32: -------------------------------------------------------------------------- Locating all files created in C:\WINDOWS\system32 within the last 90 days. "C:\WINDOWS\system32\" atl.dll Jul 17 2009 58880 "atl.dll" config.nt Oct 1 2009 2577 "CONFIG.NT" d3d8caps.dat Sep 20 2009 552 "d3d8caps.dat" d3d9caps.dat Sep 21 2009 664 "d3d9caps.dat" deploytk.dll Jul 25 2009 411368 "deploytk.dll" fntcache.dat Sep 1 2009 1999368 "FNTCACHE.DAT" java.exe Jul 25 2009 145184 "java.exe" javacpl.cpl Jul 25 2009 73728 "javacpl.cpl" javaw.exe Jul 25 2009 145184 "javaw.exe" javaws.exe Jul 25 2009 149280 "javaws.exe" ju6480~1.log Aug 5 2009 3903 "jupdate-1.6.0_15-b03.log" mrt.exe Aug 28 2009 24689600 "MRT.exe" mswebdvd.dll Aug 5 2009 204800 "mswebdvd.dll" perfc009.dat Oct 1 2009 67516 "perfc009.dat" perfh009.dat Oct 1 2009 432686 "perfh009.dat" perfst~1.ini Oct 1 2009 508296 "PerfStringBackup.INI" shdocvw.dll Jul 18 2009 1509888 "shdocvw.dll" tzchange.exe Jul 14 2009 46080 "tzchange.exe" tzlog.log Aug 26 2009 436838 "TZLog.log" wmp.dll Jul 13 2009 5537792 "wmp.dll" wmpdxm.dll Jul 13 2009 286720 "wmpdxm.dll" wpa.dbl Sep 22 2009 1170 "wpa.dbl" 22 items found: 22 files, 0 directories. Total of file sizes: 36,712,074 bytes 35.01 M -------------------------------------------------------------------------- C:\WINDOWS\system32\com: -------------------------------------------------------------------------- Locating all files created in C:\WINDOWS\system32\com within the last 90 days. No matches found. -------------------------------------------------------------------------- C:\WINDOWS\system32\components: -------------------------------------------------------------------------- Locating all files created in C:\WINDOWS\system32\components within the last 90 days. No matches found. -------------------------------------------------------------------------- C:\WINDOWS\system32\drivers: -------------------------------------------------------------------------- Locating all files created in C:\WINDOWS\system32\drivers within the last 90 days. "C:\WINDOWS\system32\drivers\" avgntflt.sys Jul 28 2009 55656 "avgntflt.sys" 1 item found: 1 file, 0 directories. Total of file sizes: 55,656 bytes 54.35 K -------------------------------------------------------------------------- C:\WINDOWS\system32\drivers\etc: -------------------------------------------------------------------------- Locating all files created in C:\WINDOWS\system32\drivers\etc within the last 90 days. "C:\WINDOWS\system32\drivers\etc\" hosts Sep 21 2009 734 "hosts" 1 item found: 1 file, 0 directories. Total of file sizes: 734 bytes 0.71 K -------------------------------------------------------------------------- C:\WINDOWS\TEMP: -------------------------------------------------------------------------- Locating all files created in C:\WINDOWS\TEMP within the last 90 days. "C:\WINDOWS\Temp\" d0ec13~1.tmp Sep 24 2009 0 "d0ec13da-c287-4c0c-b0ec-731a5c229f70.tmp" d27f90~1.tmp Sep 29 2009 0 "d27f90c5-dd9d-4031-adac-89db18f70491.tmp" d83093~1.tmp Sep 29 2009 0 "d8309359-a78e-40d8-8791-e198ef1fe1d6.tmp" dd0960~1.tmp Sep 26 2009 0 "dd0960bb-b60b-4f8f-b94b-59126b43c031.tmp" dd_clw~1.txt Aug 8 2009 8739 "dd_clwireg.txt" dd_dep~1.txt Aug 8 2009 204253 "dd_depcheck_NETFX_EXP_35.txt" dd_dot~1.txt Aug 8 2009 275026 "dd_dotnetfx35install.txt" dd_dot~2.txt Aug 8 2009 2 "dd_dotnetfx35error.txt" dd_net~1.txt Aug 8 2009 19013754 "dd_NET_Framework20_Setup46C9.txt" dd_net~2.txt Aug 8 2009 4003162 "dd_NET_Framework30_Setup4ACA.txt" dd_net~3.txt Aug 8 2009 1441980 "dd_NET_Framework35_MSI4C3B.txt" dd_wcf~1.txt Aug 8 2009 4326 "dd_wcf_retCA6315.txt" dd_wcf~2.txt Aug 8 2009 4326 "dd_wcf_retCA299.txt" dd_xps.txt Aug 8 2009 21278 "dd_XPS.txt" de60c6~1.tmp Sep 30 2009 0 "de60c6c6-5f36-4946-8e5b-784799d43ca6.tmp" df00fb~1.tmp Sep 24 2009 0 "df00fbe1-dc53-4a9e-8677-997d26a07fe8.tmp" e0b7df~1.tmp Sep 29 2009 0 "e0b7df8b-8c29-40c0-84c0-e5978f30a088.tmp" e17b09~1.tmp Sep 26 2009 0 "e17b0942-2058-487d-9e90-ecae183a5f42.tmp" e21c2d~1.tmp Sep 24 2009 0 "e21c2def-3765-4b44-bb16-75f3187dbde6.tmp" e30127~1.tmp Sep 27 2009 0 "e30127e5-118a-45bf-8bba-a5edef8d3854.tmp" e36dc0~1.tmp Sep 23 2009 0 "e36dc020-6610-4fc8-ad3d-82c248930cc3.tmp" e3ff92~1.tmp Sep 26 2009 0 "e3ff9258-f7fa-4dbe-9088-8263c53bfa8b.tmp" e60262~1.tmp Sep 30 2009 0 "e602625c-9232-4b53-a453-d4572951f6de.tmp" e7653a~1.tmp Sep 30 2009 0 "e7653a3d-5d76-4298-8c6a-4c21e5c5d211.tmp" ed55e4~1.tmp Sep 30 2009 0 "ed55e452-6508-4753-b26e-5f10216e354a.tmp" f17213~1.tmp Sep 30 2009 0 "f1721333-74c0-41e0-ac22-21308cca4b89.tmp" f97a9b~1.tmp Sep 30 2009 0 "f97a9bb5-a413-4fc4-87f8-e9f9ce319435.tmp" fa9476~1.tmp Sep 30 2009 0 "fa947634-7820-4e51-868d-74fa6134d60c.tmp" fc799c~1.tmp Sep 30 2009 0 "fc799c93-fc84-42a6-a235-590235c29db5.tmp" fe81c5~1.tmp Sep 30 2009 0 "fe81c501-e36c-47d3-b3e6-47e67766e5f4.tmp" google~1.log Jul 23 2009 14526 "GoogleToolbarInstaller2.log" google~2.log Jul 23 2009 14304 "GoogleToolbarInstaller1.log" hpzids~4.log Aug 8 2009 383 "HPZIDS003.log" pe2d87~1.dat Jul 15 2009 16384 "Perflib_Perfdata_da4.dat" pe31da~1.dat Aug 9 2009 16384 "Perflib_Perfdata_d28.dat" pe7591~1.dat Oct 1 2009 16384 "Perflib_Perfdata_1cc.dat" peb0d0~1.dat Sep 20 2009 16384 "Perflib_Perfdata_720.dat" peb49b~1.dat Sep 21 2009 16384 "Perflib_Perfdata_6c0.dat" pec4e6~1.dat Sep 20 2009 16384 "Perflib_Perfdata_674.dat" pec8c6~1.dat Sep 20 2009 16384 "Perflib_Perfdata_604.dat" ped0e6~1.dat Sep 20 2009 16384 "Perflib_Perfdata_668.dat" ped8d6~1.dat Sep 21 2009 16384 "Perflib_Perfdata_648.dat" ped8e6~1.dat Sep 20 2009 16384 "Perflib_Perfdata_688.dat" perfli~4.dat Oct 1 2009 16384 "Perflib_Perfdata_6e4.dat" produc~1.log Jul 23 2009 353474 "ProductContextF4100.log" update~1.log Aug 8 2009 605 "update000.log" uxeven~1.txt Aug 8 2009 49796 "uxeventlog.txt" _AVAST4_ Sep 20 2009 "_avast4_" 48 items found: 47 files, 1 directory. Total of file sizes: 25,590,158 bytes 24.40 M ************************************************************************************ Checking for .COM files to Delete. They will only print if deleted! Locating .COM files in the C:\WINDOWS\System32 folder "C:\WINDOWS\system32\" chcp.com Aug 4 2004 7680 "chcp.com" command.com Aug 4 2004 50620 "command.com" diskcomp.com Aug 4 2004 9216 "diskcomp.com" diskcopy.com Aug 4 2004 7168 "diskcopy.com" edit.com Aug 4 2004 69886 "edit.com" format.com Apr 13 2008 29696 "format.com" graftabl.com Aug 4 2004 26112 "graftabl.com" graphics.com Aug 4 2004 19694 "graphics.com" kb16.com Aug 4 2004 14710 "kb16.com" loadfix.com Aug 4 2004 1131 "loadfix.com" locate.com Jan 14 2005 11254 "locate.com" mode.com Aug 4 2004 19456 "mode.com" more.com Apr 13 2008 16896 "more.com" tree.com Apr 13 2008 12800 "tree.com" win.com Aug 4 2004 18432 "win.com" 15 items found: 15 files, 0 directories. Total of file sizes: 314,751 bytes 307.37 K ************************************************************************************ Miscellaneous Malware Detections: ------------------------------------------------------------------------------------ **** Delfin Media {31EE3286-D785-4E3F-95FC-51D00FDABC01} NOT FOUND by this tool! **** **** SmitFraud {0BC9BC01-54D4-4CCE-2B7D-955164314CD4} NOT FOUND by this tool! **** **** SpywareStrike {C1A2FDA2-1A5B-2A8F-F3A2-B22DA1A3C41D} NOT FOUND by this tool! **** **** SpywareStrike {C1A2FDA2-2A5B-2C8A-F2A2-BA2DB3A2C31C} NOT FOUND by this tool! **** **** SpywareStrike {D81E2FC4-B0A2-11D3-21AC-07C04C21A18A} NOT FOUND by this tool! **** **** SpyAxe {A1D9D3F0-8C2A-9A1D-A376-2CACFB10AB72} NOT FOUND by this tool! **** **** SpyAxe {A2D9D3F0-8C2A-2A1D-A376-1BECFB10AB72} NOT FOUND by this tool! **** **** SpyAxe {A2D9D3F0-8C2A-2A1D-A376-1BECFB10AB72} NOT FOUND by this tool! **** **** SpyAxe {A2D9D3F0-8C2A-2A1D-A376-1BECFB10AB72} NOT FOUND by this tool! **** **** SpyAxe {A2C8F6B1-7C2A-3D1C-A3C6-A1FDA113B43F} NOT FOUND by this tool! **** **** SpyFalcon {A2C8F6B1-7C2A-3D1C-A3C6-A1FDA113B43F} NOT FOUND by this tool! **** **** SpyFalcon {C9FA1DC9-1FB3-C2A8-2F1A-DC1A33E7AF9D} NOT FOUND by this tool! **** **** SpyFalcon {CA14EE13-ED15-C4A2-17FF-DA4D15C1BC5E} NOT FOUND by this tool! **** **** SpyFalcon {35a88e51-b53d-43e9-b8a7-75d4c31b4676} NOT FOUND by this tool! **** **** SpyFalcon {64ba30a2-811a-4597-b0af-d551128be340} NOT FOUND by this tool! **** **** SpyFalcon {89aef01d-d237-49c7-84dc-4e1904c1fd31} NOT FOUND by this tool! **** **** SpyFalcon {e04408db-4812-4478-8d4d-e46edcffd3b6} NOT FOUND by this tool! **** **** SpyFalcon {336ec37f-54bf-4f13-8237-03f64fa591e7} NOT FOUND by this tool! **** **** SpyFalcon {5bc82bdb-bc03-4671-9a78-3ef2b68449de} NOT FOUND by this tool! **** **** SpyFalcon {24c60b9b-26b5-4201-9f7a-fb9219356ae9} NOT FOUND by this tool! **** **** SpyFalcon {a0c51615-738a-4542-801a-5af61614e182} NOT FOUND by this tool! **** **** SpyFalcon {70fbd528-2d3c-4a00-9b8c-bbf441e534be} NOT FOUND by this tool! **** **** SpyFalcon {a566f298-05a6-4b3d-b672-da7c27316430} NOT FOUND by this tool! **** **** SpyFalcon {f5947202-e9cb-4a72-88e7-22f2cbd2b124} NOT FOUND by this tool! **** **** SpyFalcon {5aaf6542-f4ba-4df4-873d-4902ecbe794c} NOT FOUND by this tool! **** **** SpyFalcon {3e4155b8-5a4a-4e95-83b2-ab032da9acbc} NOT FOUND by this tool! **** **** SpyFalcon {9952355f-fefb-4764-bcd7-a993d03dd7e2} NOT FOUND by this tool! **** **** SpyFalcon {55059d4f-a1ac-4837-ae07-4859101f598d} NOT FOUND by this tool! **** **** SpyFalcon {c3786a8d-6426-4c29-a23f-f36e47b31e0c} NOT FOUND by this tool! **** **** SpyLocked {25b7d2fd-4f71-46d1-801a-7de323e4ec82} NOT FOUND by this tool! **** **** SpyLocked {4233AC08-A2C4-4742-A0B4-83719613D62C} NOT FOUND by this tool! **** **** SpyLocked {716002DB-288C-4BF0-80CD-A467E78D8B55} NOT FOUND by this tool! **** **** SpyLocked {735E980D-45D2-4777-AF82-9923D3C8D3AE} NOT FOUND by this tool! **** **** SpyLocked {B23DC537-3E13-44C7-BF67-D8405EB377F7} NOT FOUND by this tool! **** **** SpyLocked {B292EC9F-A074-4115-8342-1F459702D8D2} NOT FOUND by this tool! **** **** SpyLocked {CECA6F2B-247B-4ECE-9B7A-D0135C8036FC} NOT FOUND by this tool! **** **** SpyLocked {DA3B49F6-8C54-4429-A275-21A86DCCA413} NOT FOUND by this tool! **** **** SpyLocked {EDE8BED5-92CF-4482-8F51-A01CD9B3EA37} NOT FOUND by this tool! **** **** SpyLocked {FA4FBF53-C766-4622-8011-A87A805EEBF0} NOT FOUND by this tool! **** **** SpywareLocked {0E4E5110-A772-4C4A-A7DC-137FE10ABD6E} NOT FOUND by this tool! **** **** SpywareLocked {07A582E8-BAE3-457D-9D29-2048DE45A369} NOT FOUND by this tool! **** **** SpywareLocked {3BAA1AD8-EE49-4772-BF0B-F55083E0F7AA} NOT FOUND by this tool! **** **** SpywareLocked {9D6FAC42-A7BE-4702-87EF-75D8DC14249E} NOT FOUND by this tool! **** **** SpywareLocked {ABEF791F-947E-4CDF-83C3-E72A240AFB67} NOT FOUND by this tool! **** **** SpywareLocked {BD0FC212-0A36-4232-83CC-2063FB9282E0} NOT FOUND by this tool! **** **** SpywareLocked {B0DED443-5E68-4001-A81B-0A0001621AB8} NOT FOUND by this tool! **** **** SpywareLocked {F38B1B2B-4976-46DD-9FE5-60FDE72F0B4D} NOT FOUND by this tool! **** **** SpywareQuake {0c7416f0-dd23-420f-97f5-aae352ea2bf1} NOT FOUND by this tool! **** **** SpywareQuake {E2CA7CD1-1AD9-F1C4-3D2A-DC1A33E7AF9D} NOT FOUND by this tool! **** **** SpywareQuake {AC1B4DA2-12FA-31F2-1A7D-CD2B14E6AD4E} NOT FOUND by this tool! **** **** SpywareQuake {CD5E2AC9-25CE-A1C5-D1E2-DC6B28A6ED5A} NOT FOUND by this tool! **** **** SpywareQuake {EA26CE12-DE64-A1C5-9A4F-FC1A64E6AC2E} NOT FOUND by this tool! **** **** SpywareQuake {e5b1e382-817e-4b74-8a96-ec78751e6acf} NOT FOUND by this tool! **** **** SpywareQuake {a0aa3e4b-31cb-4ea2-9049-22b7f5b65edb} NOT FOUND by this tool! **** **** SpywareQuake {cbb430e6-5b1b-474a-9d7e-160d4fe74bea} NOT FOUND by this tool! **** **** SpywareQuake {62eb0924-19d2-4226-b4b9-8ad1f70904c1} NOT FOUND by this tool! **** **** SpywareQuake {6c69e319-0d03-47da-997a-36586cbc53b3} NOT FOUND by this tool! **** **** SpywareQuake {aea3d2df-2b2c-4d7b-81a0-d975c6dc088e} NOT FOUND by this tool! **** **** SpywareSheriff {1C3B31AE-FD16-D2CE-43FF-DC4CD5C1BC5E} NOT FOUND by this tool! **** **** VirusBurster {9d635a36-6b3c-4146-8625-f3aaf507bbf8} NOT FOUND by this tool! **** **** TrustCleaner {24E27EA9-FCF3-444F-BD80-20543BA5D946} NOT FOUND by this tool! **** **** Troj/Small-ER {4F141CBA-1457-6CCA-03A7-7AA21B61EA0F} NOT FOUND by this tool! **** **** Troj/Spabot-E {429F4BB8-7BF7-4152-8011-3C6F9EB7E892} NOT FOUND by this tool! **** **** Troj/Dloader-OF {203B1C4D9-BC71-8916-38AD-9DEA5D213614} NOT FOUND by this tool! **** **** Troj/Crafted-A {0BC9BC01-54D4-4CCE-2B7D-955164314CD4} NOT FOUND by this tool! **** **** Troj/Agent-FG {2C1CD3D7-86AC-4068-93BC-A02304BB8C34} NOT FOUND by this tool! **** **** TX 4 BrowserAd adware {8e99f990-b75a-4568-b3c8-24cbc8cbbfc1} NOT FOUND by this tool! **** **** Trojan-Proxy.Win32.Small {87A3E824-A726-4CF4-8A66-6314B11BDA0C} NOT FOUND by this tool! **** **** Trojan-Downloader.Win32.Delf.ks {786C369D-409A-456f-A13C-971EADA850C6} NOT FOUND by this tool! **** **** W32/Almanahe.a Worm NOT FOUND by this tool! **** **** msctl32.dll SpamBot NOT FOUND by this tool! **** **** KeyLogger NOT FOUND by this tool! **** -------------------------------------------------------------------------- CHECKING FOR BOT-TYPE WORMS: -------------------------------------------------------------------------- **** W32/Sdbot Worm NOT FOUND by this tool! **** -------------------------------------------------------------------------- CHECKING FOR KNOWN ROOTKIT STEALTHING AGENTS: -------------------------------------------------------------------------- **** i386p.* Stealthing Agent NOT FOUND by this tool! **** **** ErrorSafe erssdd.* Stealthing Agent NOT FOUND by this tool! **** **** VUNDO DP.* Stealthing Agent NOT FOUND by this tool! **** **** Troj/NTRootK-BP main.* Stealthing Agent NOT FOUND by this tool! **** **** W32/Almanahe.sys RioDrvrs.* Stealthing Agent NOT FOUND by this tool! **** **** W32/Almanahe.sys DKIS6.* Stealthing Agent NOT FOUND by this tool! **** -------------------------------------------------------------------------- CHECKING FOR VISIBLE ROOTKIT-TYPE REGISTRY KEYS: -------------------------------------------------------------------------- **** Rustock.B trojan, PE386 rootkit NOT FOUND by this tool! **** **** Rustock.B trojan, huy32 rootkit NOT FOUND by this tool! **** **** Rustock.B trojan, lzx32 rootkit NOT FOUND by this tool! **** **** Rustock.B trojan, msguard rootkit NOT FOUND by this tool! **** **** Rustock.B trojan, xpdt.sy_ rootkit NOT FOUND by this tool! **** **** Rustock.B trojan, xpdt.sys rootkit NOT FOUND by this tool! **** **** CmdService adware NOT FOUND by this tool! **** **** Network_Monitor adware NOT FOUND by this tool! **** **** Trojan.Peacomm NOT FOUND by this tool! **** **** Trojan.Peacomm windev NOT FOUND by this tool! **** **** AVPE Haxdoor NOT FOUND by this tool! **** **** MEMLOW Haxdoor NOT FOUND by this tool! **** **** VDMT Haxdoor NOT FOUND by this tool! **** **** YCSVGA Haxdoor NOT FOUND by this tool! **** **** PPTP Haxdoor NOT FOUND by this tool! **** **** DVB Haxdoor NOT FOUND by this tool! **** **** YVBB Haxdoor NOT FOUND by this tool! **** **** YVPP Haxdoor NOT FOUND by this tool! **** **** NKGFS Haxdoor NOT FOUND by this tool! **** **** XMSK Haxdoor NOT FOUND by this tool! **** **** AVPX Haxdoor NOT FOUND by this tool! **** **** MMXF Haxdoor NOT FOUND by this tool! **** **** DP1112 Vundo Rootkit NOT FOUND by this tool! **** **** SYSBUS32 Rootkit Driver NOT FOUND by this tool! **** **** I386P Rootkit Driver NOT FOUND by this tool! **** **** ERSSDD Rootkit NOT FOUND by this tool! **** **** GencTurK RootKit NOT FOUND by this tool! **** **** Troj/NTRootK-BP RootKit NOT FOUND by this tool! **** **** W32/Almanahe.sys NOT FOUND by this tool! **** ************************************************************************************ Dumping HKLM Uninstall Programs list DisplayName REG_SZ 32 Bit HP CIO Components Installer DisplayName REG_SZ a-squared Free 4.5 DisplayName REG_SZ a-squared HiJackFree 3.1 DisplayName REG_SZ Adobe AIR DisplayName REG_SZ Adobe AIR DisplayName REG_SZ Adobe Anchor Service CS3 DisplayName REG_SZ Adobe Asset Services CS3 DisplayName REG_SZ Adobe Bridge CS3 DisplayName REG_SZ Adobe Bridge Start Meeting DisplayName REG_SZ Adobe Camera Raw 4.0 DisplayName REG_SZ Adobe CMaps DisplayName REG_SZ Adobe Color - Photoshop Specific DisplayName REG_SZ Adobe Color Common Settings DisplayName REG_SZ Adobe Color EU Extra Settings DisplayName REG_SZ Adobe Color JA Extra Settings DisplayName REG_SZ Adobe Color NA Recommended Settings DisplayName REG_SZ Adobe Default Language CS3 DisplayName REG_SZ Adobe Device Central CS3 DisplayName REG_SZ Adobe ExtendScript Toolkit 2 DisplayName REG_SZ Adobe Extension Manager CS3 DisplayName REG_SZ Adobe Fireworks CS3 DisplayName REG_SZ Adobe Fireworks CS3 DisplayName REG_SZ Adobe Flash Player 10 ActiveX DisplayName REG_SZ Adobe Fonts All DisplayName REG_SZ Adobe Help Viewer CS3 DisplayName REG_SZ Adobe Illustrator CS3 DisplayName REG_SZ Adobe Illustrator CS3 DisplayName REG_SZ Adobe Linguistics CS3 DisplayName REG_SZ Adobe PDF Library Files DisplayName REG_SZ Adobe Photoshop CS3 DisplayName REG_SZ Adobe Photoshop CS3 DisplayName REG_SZ Adobe Reader 9.1.3 DisplayName REG_SZ Adobe Setup DisplayName REG_SZ Adobe Setup DisplayName REG_SZ Adobe Setup DisplayName REG_SZ Adobe Stock Photos CS3 DisplayName REG_SZ Adobe Type Support DisplayName REG_SZ Adobe Update Manager CS3 DisplayName REG_SZ Adobe Version Cue CS3 Client DisplayName REG_SZ Adobe WinSoft Linguistics Plugin DisplayName REG_SZ Adobe XMP Panels CS3 DisplayName REG_SZ AIO_Scan DisplayName REG_SZ Apple Mobile Device Support DisplayName REG_SZ Apple Software Update DisplayName REG_SZ ATI Display Driver DisplayName REG_SZ AutoUpdate DisplayName REG_SZ Avira AntiVir Personal - Free Antivirus DisplayName REG_SZ BufferChm DisplayName REG_SZ Compatibility Pack for the 2007 Office system DisplayName REG_SZ Copy DisplayName REG_SZ Destination Component DisplayName REG_SZ DeviceDiscovery DisplayName REG_SZ DeviceManagementQFolder DisplayName REG_SZ Digital Media Reader DisplayName REG_SZ Digital Media Reader DisplayName REG_SZ DivX Codec DisplayName REG_SZ DJ_AIO_ProductContext DisplayName REG_SZ DJ_AIO_Software DisplayName REG_SZ DJ_AIO_Software_min DisplayName REG_SZ Dr.STIKA PLUS DisplayName REG_SZ DVD Solution DisplayName REG_SZ eMachineShop DisplayName REG_SZ eMule DisplayName REG_SZ ExplorerXP (remove only) DisplayName REG_SZ F4100 DisplayName REG_SZ F4100_doccd DisplayName REG_SZ F4100_Help DisplayName REG_SZ getPlus(R) for Adobe DisplayName REG_SZ High Definition Audio Driver Package - KB888111 DisplayName REG_SZ Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) DisplayName REG_SZ Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) DisplayName REG_SZ Hotfix for Windows XP (KB952287) DisplayName REG_SZ Hotfix for Windows XP (KB954550-v5) DisplayName REG_SZ Hotfix for Windows XP (KB961118) DisplayName REG_SZ Hotfix for Windows XP (KB970653-v3) DisplayName REG_SZ HP Deskjet All-In-One Software 9.0 DisplayName REG_SZ HP Imaging Device Functions 9.0 DisplayName REG_SZ HP Smart Web Printing DisplayName REG_SZ HP Smart Web Printing DisplayName REG_SZ iTunes DisplayName REG_SZ J2SE Runtime Environment 5.0 Update 2 DisplayName REG_SZ Java(TM) 6 Update 15 DisplayName REG_SZ Java(TM) 6 Update 4 DisplayName REG_SZ Java(TM) 6 Update 7 DisplayName REG_SZ Linksys Wireless-G USB Network Adapter DisplayName REG_SZ Mach2 Mach2Release 6.12N DisplayName REG_SZ Macromedia Dreamweaver MX 2004 DisplayName REG_SZ Macromedia Extension Manager DisplayName REG_SZ Microsoft .NET Framework 2.0 Service Pack 2 DisplayName REG_SZ Microsoft .NET Framework 3.0 Service Pack 2 DisplayName REG_SZ Microsoft .NET Framework 3.5 SP1 DisplayName REG_SZ Microsoft .NET Framework 3.5 SP1 DisplayName REG_SZ Microsoft Digital Image Library 9 - Blocker DisplayName REG_SZ Microsoft Digital Image Starter Edition 2006 DisplayName REG_SZ Microsoft Digital Image Starter Edition 2006 Editor DisplayName REG_SZ Microsoft Digital Image Starter Edition 2006 Library DisplayName REG_SZ Microsoft Internationalized Domain Names Mitigation APIs DisplayName REG_SZ Microsoft National Language Support Downlevel APIs DisplayName REG_SZ Microsoft Office Excel MUI (English) 2007 DisplayName REG_SZ Microsoft Office Home and Student 2007 DisplayName REG_SZ Microsoft Office Home and Student 2007 DisplayName REG_SZ Microsoft Office OneNote MUI (English) 2007 DisplayName REG_SZ Microsoft Office PowerPoint MUI (English) 2007 DisplayName REG_SZ Microsoft Office Proof (English) 2007 DisplayName REG_SZ Microsoft Office Proof (French) 2007 DisplayName REG_SZ Microsoft Office Proof (Spanish) 2007 DisplayName REG_SZ Microsoft Office Proofing (English) 2007 DisplayName REG_SZ Microsoft Office Shared MUI (English) 2007 DisplayName REG_SZ Microsoft Office Shared Setup Metadata MUI (English) 2007 DisplayName REG_SZ Microsoft Office Word MUI (English) 2007 DisplayName REG_SZ Microsoft Office Word Viewer 2003 DisplayName REG_SZ Microsoft Software Update for Web Folders (English) 12 DisplayName REG_SZ Microsoft Visual C++ 2005 Redistributable DisplayName REG_SZ Microsoft Visual C++ 2005 Redistributable DisplayName REG_SZ Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 DisplayName REG_SZ Microsoft Works DisplayName REG_SZ MP3 Player Utilities 4.00 DisplayName REG_SZ MSXML 4.0 SP2 (KB936181) DisplayName REG_SZ MSXML 4.0 SP2 (KB954430) DisplayName REG_SZ MSXML 6.0 Parser (KB925673) DisplayName REG_SZ OpenOffice.org 2.4 DisplayName REG_SZ PayPal Plug-In DisplayName REG_SZ PayPal Plug-In DisplayName REG_SZ PayPal Plug-In DisplayName REG_SZ PayPal Plug-In DisplayName REG_SZ PDF Settings DisplayName REG_SZ Power2Go 4.0 DisplayName REG_SZ PowerDVD DisplayName REG_SZ QuickTime DisplayName REG_SZ RealPlayer Basic DisplayName REG_SZ REALTEK GbE & FE Ethernet PCI NIC Driver DisplayName REG_SZ Realtek High Definition Audio Driver DisplayName REG_SZ Recovery Software Suite eMachines DisplayName REG_SZ RegCure 1.5.0.0 DisplayName REG_SZ Scan DisplayName REG_SZ Security Update for Step By Step Interactive Training (KB898458) DisplayName REG_SZ Security Update for Windows Media Player (KB911564) DisplayName REG_SZ Security Update for Windows Media Player (KB952069) DisplayName REG_SZ Security Update for Windows Media Player (KB968816) DisplayName REG_SZ Security Update for Windows Media Player (KB973540) DisplayName REG_SZ Security Update for Windows Media Player 10 (KB911565) DisplayName REG_SZ Security Update for Windows Media Player 10 (KB936782) DisplayName REG_SZ Security Update for Windows XP (KB923561) DisplayName REG_SZ Security Update for Windows XP (KB923689) DisplayName REG_SZ Security Update for Windows XP (KB938464) DisplayName REG_SZ Security Update for Windows XP (KB941569) DisplayName REG_SZ Security Update for Windows XP (KB946648) DisplayName REG_SZ Security Update for Windows XP (KB950762) DisplayName REG_SZ Security Update for Windows XP (KB950974) DisplayName REG_SZ Security Update for Windows XP (KB951066) DisplayName REG_SZ Security Update for Windows XP (KB951376-v2) DisplayName REG_SZ Security Update for Windows XP (KB951698) DisplayName REG_SZ Security Update for Windows XP (KB951748) DisplayName REG_SZ Security Update for Windows XP (KB952004) DisplayName REG_SZ Security Update for Windows XP (KB952954) DisplayName REG_SZ Security Update for Windows XP (KB953838) DisplayName REG_SZ Security Update for Windows XP (KB953839) DisplayName REG_SZ Security Update for Windows XP (KB954211) DisplayName REG_SZ Security Update for Windows XP (KB954459) DisplayName REG_SZ Security Update for Windows XP (KB954600) DisplayName REG_SZ Security Update for Windows XP (KB955069) DisplayName REG_SZ Security Update for Windows XP (KB956390) DisplayName REG_SZ Security Update for Windows XP (KB956391) DisplayName REG_SZ Security Update for Windows XP (KB956572) DisplayName REG_SZ Security Update for Windows XP (KB956744) DisplayName REG_SZ Security Update for Windows XP (KB956802) DisplayName REG_SZ Security Update for Windows XP (KB956803) DisplayName REG_SZ Security Update for Windows XP (KB956841) DisplayName REG_SZ Security Update for Windows XP (KB956844) DisplayName REG_SZ Security Update for Windows XP (KB957095) DisplayName REG_SZ Security Update for Windows XP (KB957097) DisplayName REG_SZ Security Update for Windows XP (KB958215) DisplayName REG_SZ Security Update for Windows XP (KB958644) DisplayName REG_SZ Security Update for Windows XP (KB958687) DisplayName REG_SZ Security Update for Windows XP (KB958690) DisplayName REG_SZ Security Update for Windows XP (KB959426) DisplayName REG_SZ Security Update for Windows XP (KB960225) DisplayName REG_SZ Security Update for Windows XP (KB960714) DisplayName REG_SZ Security Update for Windows XP (KB960715) DisplayName REG_SZ Security Update for Windows XP (KB960803) DisplayName REG_SZ Security Update for Windows XP (KB960859) DisplayName REG_SZ Security Update for Windows XP (KB961371) DisplayName REG_SZ Security Update for Windows XP (KB961373) DisplayName REG_SZ Security Update for Windows XP (KB961501) DisplayName REG_SZ Security Update for Windows XP (KB963027) DisplayName REG_SZ Security Update for Windows XP (KB968537) DisplayName REG_SZ Security Update for Windows XP (KB969897) DisplayName REG_SZ Security Update for Windows XP (KB969898) DisplayName REG_SZ Security Update for Windows XP (KB970238) DisplayName REG_SZ Security Update for Windows XP (KB971557) DisplayName REG_SZ Security Update for Windows XP (KB971633) DisplayName REG_SZ Security Update for Windows XP (KB971657) DisplayName REG_SZ Security Update for Windows XP (KB971961) DisplayName REG_SZ Security Update for Windows XP (KB972260) DisplayName REG_SZ Security Update for Windows XP (KB973346) DisplayName REG_SZ Security Update for Windows XP (KB973354) DisplayName REG_SZ Security Update for Windows XP (KB973507) DisplayName REG_SZ Security Update for Windows XP (KB973869) DisplayName REG_SZ Soft Data Fax Modem with SmartCP DisplayName REG_SZ Status DisplayName REG_SZ SUPER © Version 2009.bld.35 (Jan 5, 2009) DisplayName REG_SZ Tekin HotWire DisplayName REG_SZ Toolbox DisplayName REG_SZ TrayApp DisplayName REG_SZ UnloadSupport DisplayName REG_SZ Update for Microsoft .NET Framework 3.5 SP1 (KB963707) DisplayName REG_SZ Update for Windows XP (KB951072-v2) DisplayName REG_SZ Update for Windows XP (KB951978) DisplayName REG_SZ Update for Windows XP (KB955839) DisplayName REG_SZ Update for Windows XP (KB967715) DisplayName REG_SZ Update for Windows XP (KB968389) DisplayName REG_SZ Update for Windows XP (KB973815) DisplayName REG_SZ Viewpoint Media Player DisplayName REG_SZ Visual C++ 2008 x86 Runtime - (v9.0.30729) DisplayName REG_SZ Visual C++ 2008 x86 Runtime - v9.0.30729.01 DisplayName REG_SZ WebFldrs XP DisplayName REG_SZ WebReg DisplayName REG_SZ Winamp DisplayName REG_SZ WinAVIVideoConverter DisplayName REG_SZ Windows Backup Utility DisplayName REG_SZ Windows Genuine Advantage Validation Tool (KB892130) DisplayName REG_SZ Windows Genuine Advantage Validation Tool (KB892130) DisplayName REG_SZ Windows Internet Explorer 8 DisplayName REG_SZ Windows Live Messenger DisplayName REG_SZ Windows Media Format Runtime DisplayName REG_SZ Windows Media Player 10 DisplayName REG_SZ Windows Presentation Foundation DisplayName REG_SZ Windows XP Service Pack 3 DisplayName REG_SZ WinFF 0.45 DisplayName REG_SZ WinRAR archiver DisplayName REG_SZ XML Paper Specification Shared Components Pack 1.0 ParentDisplayName REG_SZ Microsoft .NET Framework 3.5 SP1 ParentDisplayName REG_SZ Microsoft .NET Framework 3.5 SP1 ParentDisplayName REG_SZ Microsoft .NET Framework 3.5 SP1 ParentDisplayName REG_SZ Microsoft Learning - Software Updates ParentDisplayName REG_SZ Visual C++ 9.0 ParentDisplayName REG_SZ Windows Updates ParentDisplayName REG_SZ Windows Updates ParentDisplayName REG_SZ Windows XP - Software Updates ParentDisplayName REG_SZ Windows XP - Software Updates ParentDisplayName REG_SZ Windows XP - Software Updates ParentDisplayName REG_SZ Windows XP - Software Updates ParentDisplayName REG_SZ Windows XP - Software Updates ParentDisplayName REG_SZ Windows XP - Software Updates ParentDisplayName REG_SZ Windows XP - Software Updates ParentDisplayName REG_SZ Windows XP - Software Updates ParentDisplayName REG_SZ Windows XP - Software Updates ParentDisplayName REG_SZ Windows XP - Software Updates ParentDisplayName REG_SZ Windows XP - Software Updates ParentDisplayName REG_SZ Windows XP - Software Updates ParentDisplayName REG_SZ Windows XP - Software Updates ParentDisplayName REG_SZ Windows XP - Software Updates ParentDisplayName REG_SZ Windows XP - Software Updates ParentDisplayName REG_SZ Windows XP - Software Updates ParentDisplayName REG_SZ Windows XP - Software Updates ParentDisplayName REG_SZ Windows XP - Software Updates ParentDisplayName REG_SZ Windows XP - Software Updates ParentDisplayName REG_SZ Windows XP - Software Updates ParentDisplayName REG_SZ Windows XP - Software Updates ParentDisplayName REG_SZ Windows XP - Software Updates ParentDisplayName REG_SZ Windows XP - Software Updates ParentDisplayName REG_SZ Windows XP - Software Updates ParentDisplayName REG_SZ Windows XP - Software Updates ParentDisplayName REG_SZ Windows XP - Software Updates ParentDisplayName REG_SZ Windows XP - Software Updates ParentDisplayName REG_SZ Windows XP - Software Updates ParentDisplayName REG_SZ Windows XP - Software Updates ParentDisplayName REG_SZ Windows XP - Software Updates ParentDisplayName REG_SZ Windows XP - Software Updates ParentDisplayName REG_SZ Windows XP - Software Updates ParentDisplayName REG_SZ Windows XP - Software Updates ParentDisplayName REG_SZ Windows XP - Software Updates ParentDisplayName REG_SZ Windows XP - Software Updates ParentDisplayName REG_SZ Windows XP - Software Updates ParentDisplayName REG_SZ Windows XP - Software Updates ParentDisplayName REG_SZ Windows XP - Software Updates ParentDisplayName REG_SZ Windows XP - Software Updates ParentDisplayName REG_SZ Windows XP - Software Updates ParentDisplayName REG_SZ Windows XP - Software Updates ParentDisplayName REG_SZ Windows XP - Software Updates ParentDisplayName REG_SZ Windows XP - Software Updates ParentDisplayName REG_SZ Windows XP - Software Updates ParentDisplayName REG_SZ Windows XP - Software Updates ParentDisplayName REG_SZ Windows XP - Software Updates ParentDisplayName REG_SZ Windows XP - Software Updates ParentDisplayName REG_SZ Windows XP - Software Updates ParentDisplayName REG_SZ Windows XP - Software Updates ParentDisplayName REG_SZ Windows XP - Software Updates ParentDisplayName REG_SZ Windows XP - Software Updates ParentDisplayName REG_SZ Windows XP - Software Updates ParentDisplayName REG_SZ Windows XP - Software Updates ParentDisplayName REG_SZ Windows XP - Software Updates ParentDisplayName REG_SZ Windows XP - Software Updates ParentDisplayName REG_SZ Windows XP - Software Updates ParentDisplayName REG_SZ Windows XP - Software Updates ParentDisplayName REG_SZ Windows XP - Software Updates ParentDisplayName REG_SZ Windows XP - Software Updates ParentDisplayName REG_SZ Windows XP - Software Updates ParentDisplayName REG_SZ Windows XP - Software Updates ParentDisplayName REG_SZ Windows XP - Software Updates ParentDisplayName REG_SZ Windows XP - Software Updates ParentDisplayName REG_SZ Windows XP - Software Updates ParentDisplayName REG_SZ Windows XP - Software Updates ##################################################################################################### -- All DONE! ~ ShadowPuterDude ~ HiJackFree SCAN: Logfile of HiJackFree v3.0 Scan saved at 5:32:46 AM, on 10/2/2009 Platform: Windows XP Service Pack 3 (Windows NT 5.1.2600) MSIE: Internet Explorer v 8.0 Service Pack 3 (8.0.6001.18702) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\a-squared Free\a2service.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Digital Media Reader\readericon45G.exe C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54GSv2.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\System32\alg.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe C:\Program Files\a-squared HiJackFree\a2hijackfree.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.diggitydesigns.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Links O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - O2 - BHO: - {7E853D72-626A-48EC-A868-BA8D5E23E045} - O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: OToolbarHelper Class - {EAD3A971-6A23-4246-8691-C9244E858967} - C:\Program Files\PayPal\PayPal Plug-In\PayPalHelper.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O3 - Toolbar: PayPal Plug-In - {DC0F2F93-27FA-4f84-ACAA-9416F90B9511} - C:\Program Files\PayPal\PayPal Plug-In\OToolbar.dll O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [readericon] C:\Program Files\Digital Media Reader\readericon45G.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [Easy Dock] O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0 O4 - HKLM\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKLM\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKLM\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O7 - Regedit - Enabled O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra "Tools" menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFBAR.ICO O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\Program Files\Real\RealPlayer\eb_inact.ico O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra "Tools" menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: SearchAssistant=http://www.google.com/ie O14 - IERESET.INF: START_PAGE_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome O14 - IERESET.INF: SEARCH_PAGE_URL="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch" O14 - IERESET.INF: MS_START_PAGE_URL="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome" O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab O16 - DPF: {7DFDB8FD-B498-4958-B930-38021B94351D} (imlUCID Class) - http://imlive.com/chatsource/ImlCID.cab O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://live.amsterdamlivexxx.com/cab/securelogin-devel.cab O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab O20 - Winlogon Notify: AtiExtEvent - C:\WINDOWS\System32\Ati2evxx.dll O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\ O20 - Winlogon Notify: dimsntfy - C:\WINDOWS\ O21 - ShellServiceObjectDelayLoad: PostBootReminder - O21 - ShellServiceObjectDelayLoad: CDBurn - O21 - ShellServiceObjectDelayLoad: WebCheck - O21 - ShellServiceObjectDelayLoad: SysTray - O22 - SharedTaskScheduler: Browseui preloader - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll O23 - Service: a-squared Free Service - C:\Program Files\a-squared Free\a2service.exe O23 - Service: Alerter - C:\WINDOWS\system32\svchost.exe O23 - Service: Application Layer Gateway Service - C:\WINDOWS\System32\alg.exe O23 - Service: Avira AntiVir Scheduler - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Apple Mobile Device - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Application Management - C:\WINDOWS\system32\svchost.exe O23 - Service: ASP.NET State Service - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe O23 - Service: ATI Smart - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Windows Audio - C:\WINDOWS\System32\svchost.exe O23 - Service: Background Intelligent Transfer Service - C:\WINDOWS\system32\svchost.exe O23 - Service: Bonjour Service - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Computer Browser - C:\WINDOWS\system32\svchost.exe O23 - Service: Indexing Service - C:\WINDOWS\system32\cisvc.exe O23 - Service: ClipBook - C:\WINDOWS\system32\clipsrv.exe O23 - Service: .NET Runtime Optimization Service v2.0.50727_X86 - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe O23 - Service: COM+ System Application - C:\WINDOWS\system32\dllhost.exe O23 - Service: Cryptographic Services - C:\WINDOWS\system32\svchost.exe O23 - Service: DCOM Server Process Launcher - C:\WINDOWS\system32\svchost O23 - Service: DHCP Client - C:\WINDOWS\system32\svchost.exe O23 - Service: Logical Disk Manager Administrative Service - C:\WINDOWS\System32\dmadmin.exe O23 - Service: Logical Disk Manager - C:\WINDOWS\System32\svchost.exe O23 - Service: DNS Client - C:\WINDOWS\system32\svchost.exe O23 - Service: Wired AutoConfig - C:\WINDOWS\System32\svchost.exe O23 - Service: Extensible Authentication Protocol Service - C:\WINDOWS\System32\svchost.exe O23 - Service: Error Reporting Service - C:\WINDOWS\System32\svchost.exe O23 - Service: Event Log - C:\WINDOWS\system32\services.exe O23 - Service: COM+ Event System - C:\WINDOWS\system32\svchost.exe O23 - Service: Fast User Switching Compatibility - C:\WINDOWS\System32\svchost.exe O23 - Service: FLEXnet Licensing Service - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Windows Presentation Foundation Font Cache 3.0.0.0 - c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe O23 - Service: getPlus(R) Helper - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe O23 - Service: Help and Support - C:\WINDOWS\System32\svchost.exe O23 - Service: Human Interface Device Access - C:\WINDOWS\System32\svchost.exe O23 - Service: Health Key and Certificate Management Service - C:\WINDOWS\System32\svchost.exe O23 - Service: hpqcxs08 - C:\WINDOWS\system32\svchost.exe O23 - Service: HP CUE DeviceDiscovery Service - C:\WINDOWS\system32\svchost.exe O23 - Service: HTTP SSL - C:\WINDOWS\System32\svchost.exe O23 - Service: Windows CardSpace - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe O23 - Service: IMAPI CD-Burning COM Service - C:\WINDOWS\system32\imapi.exe O23 - Service: iPod Service - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Server - C:\WINDOWS\system32\svchost.exe O23 - Service: Workstation - C:\WINDOWS\system32\svchost.exe O23 - Service: TCP/IP NetBIOS Helper - C:\WINDOWS\system32\svchost.exe O23 - Service: Macromedia Licensing Service - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: Messenger - C:\WINDOWS\system32\svchost.exe O23 - Service: NetMeeting Remote Desktop Sharing - C:\WINDOWS\system32\mnmsrvc.exe O23 - Service: Distributed Transaction Coordinator - C:\WINDOWS\system32\msdtc.exe O23 - Service: Windows Installer - C:\WINDOWS\system32\msiexec.exe O23 - Service: Network Access Protection Agent - C:\WINDOWS\System32\svchost.exe O23 - Service: Network DDE - C:\WINDOWS\system32\netdde.exe O23 - Service: Network DDE DSDM - C:\WINDOWS\system32\netdde.exe O23 - Service: Net Logon - C:\WINDOWS\system32\lsass.exe O23 - Service: Network Connections - C:\WINDOWS\System32\svchost.exe O23 - Service: Net.Tcp Port Sharing Service - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe O23 - Service: Network Location Awareness (NLA) - C:\WINDOWS\system32\svchost.exe O23 - Service: NT LM Security Support Provider - C:\WINDOWS\system32\lsass.exe O23 - Service: Removable Storage - C:\WINDOWS\system32\svchost.exe O23 - Service: Microsoft Office Diagnostics Service - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE O23 - Service: Office Source Engine - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE O23 - Service: Plug and Play - C:\WINDOWS\system32\services.exe O23 - Service: IPSEC Services - C:\WINDOWS\system32\lsass.exe O23 - Service: Protected Storage - C:\WINDOWS\system32\lsass.exe O23 - Service: Remote Access Auto Connection Manager - C:\WINDOWS\system32\svchost.exe O23 - Service: Remote Access Connection Manager - C:\WINDOWS\system32\svchost.exe O23 - Service: Remote Desktop Help Session Manager - C:\WINDOWS\system32\sessmgr.exe O23 - Service: Routing and Remote Access - C:\WINDOWS\system32\svchost.exe O23 - Service: Remote Procedure Call (RPC) Locator - C:\WINDOWS\system32\locator.exe O23 - Service: Remote Procedure Call (RPC) - C:\WINDOWS\system32\svchost O23 - Service: QoS RSVP - C:\WINDOWS\system32\rsvp.exe O23 - Service: Security Accounts Manager - C:\WINDOWS\system32\lsass.exe O23 - Service: Smart Card - C:\WINDOWS\System32\SCardSvr.exe O23 - Service: Task Scheduler - C:\WINDOWS\System32\svchost.exe O23 - Service: Secondary Logon - C:\WINDOWS\System32\svchost.exe O23 - Service: System Event Notification - C:\WINDOWS\system32\svchost.exe O23 - Service: Windows Firewall/Internet Connection Sharing (ICS) - C:\WINDOWS\system32\svchost.exe O23 - Service: Shell Hardware Detection - C:\WINDOWS\System32\svchost.exe O23 - Service: Print Spooler - C:\WINDOWS\system32\spoolsv.exe O23 - Service: System Restore Service - C:\WINDOWS\system32\svchost.exe O23 - Service: SSDP Discovery Service - C:\WINDOWS\system32\svchost.exe O23 - Service: Windows Image Acquisition (WIA) - C:\WINDOWS\system32\svchost.exe O23 - Service: MS Software Shadow Copy Provider - C:\WINDOWS\system32\dllhost.exe O23 - Service: Performance Logs and Alerts - C:\WINDOWS\system32\smlogsvc.exe O23 - Service: Telephony - C:\WINDOWS\System32\svchost.exe O23 - Service: Terminal Services - C:\WINDOWS\System32\svchost O23 - Service: Themes - C:\WINDOWS\System32\svchost.exe O23 - Service: Distributed Link Tracking Client - C:\WINDOWS\system32\svchost.exe O23 - Service: Windows User Mode Driver Framework - C:\WINDOWS\system32\wdfmgr.exe O23 - Service: Universal Plug and Play Device Host - C:\WINDOWS\system32\svchost.exe O23 - Service: Uninterruptible Power Supply - C:\WINDOWS\System32\ups.exe O23 - Service: Messenger Sharing Folders USN Journal Reader service - C:\Program Files\MSN Messenger\usnsvc.exe O23 - Service: Volume Shadow Copy - C:\WINDOWS\System32\vssvc.exe O23 - Service: Windows Time - C:\WINDOWS\System32\svchost.exe O23 - Service: WebClient - C:\WINDOWS\system32\svchost.exe O23 - Service: Windows Management Instrumentation - C:\WINDOWS\system32\svchost.exe O23 - Service: Portable Media Serial Number Service - C:\WINDOWS\System32\svchost.exe O23 - Service: WMI Performance Adapter - C:\WINDOWS\system32\wbem\wmiapsrv.exe O23 - Service: Security Center - C:\WINDOWS\System32\svchost.exe O23 - Service: Automatic Updates - C:\WINDOWS\system32\svchost.exe O23 - Service: WUSB54GSv2SVC - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe O23 - Service: Wireless Zero Configuration - C:\WINDOWS\System32\svchost.exe O23 - Service: Network Provisioning Service - C:\WINDOWS\System32\svchost.exe Let me know what you think.
  5. Lynx, Thanks for the fast reply, was acctually going over that right now. Will perform the preliminary steps and post them here as soon as I can. thanks....
  6. Hello, I had a problem with a virus or malware that took over most of all the anti-virus programs and malware/spyware programs. The virus or malware would not allow me to run or update most of the programs I used (i.e. Avira, AVG, Norman, SuperAntiSpyware, Avast, SpywareDoctor, Adaware, etc...) I found A-Squared free and have been able to install, update and run it. It finds a bunch of the Gen.Trojan!IK but at the end of the scan and when I try to quarantine them it will not allow me to. I have read some of the other posts about this virus but I do not want to do what you tell them to do incase I should follow a different approach? Can you help me out and lead me into the right direction? I have downloaded (A-Squared, ISeeYouXP, HiJackFree, Win32kDiag and Avenger) as you have posted to do in other topics. I am not sure the exact approach you would want me to take, so if you can kindly inform me in a little step by step that would be greatly appreciated!! Thanks.....