[ Done ] HiJackThis Log

  • 17 Replies
  • 4525 Views
*

Offline AZScorpion

  • Bronze Member
  • 13
[ Done ] HiJackThis Log
« on: February 23, 2009, 01:35:29 PM »
Somehow somewhere Malware / Trojan has crept into my PC and (I supect) changed something in my registry...  When running IE I get random additional browsers opening up - sometimes tabbed - sometimes stand alone.  I believe it also did it to me once using Firefox and has even randomly popped open IE on it's own even when I wasn't initiating it (i.e. typing a Word document etc).

Here is the Log file from HJT.

If it helps, I'm running Windows XP and keep it updated, Comodo fire wall and ClamWin AV.  I also use CCleaner to keep things cleaned out as well as Spybot S&D.  Spybot isn't picking up anything...

Thanks in advance - this looks to be a great BBS!!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:22:35 PM, on 2/23/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\ArcSoft\Connection

Service\Bin\ACService.exe
C:\Program Files\Plaxo\3.18.0.14\PlaxoHelper_en.exe
C:\Program Files\Common Files\Apple\Mobile Device

Support\bin\AppleMobileDeviceService.exe
C:\Program

Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security

Center\SymWSC.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\ClamWin\bin\ClamTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\ArcSoft\Connection

Service\Bin\ACDaemon.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Documents and Settings\RON\n
C:\Documents and Settings\RON\n
C:\WINDOWS\system32\HPZipm12.exe
c:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet

Explorer\Main,Default_Page_URL = www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page

= www.google.com
R1 - HKLM\Software\Microsoft\Internet

Explorer\Main,Default_Page_URL =

http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet

Explorer\Main,Default_Search_URL =

http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page

= http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page

= http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet

Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} -

(no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-

B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0

\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {195e7c2b-7119-4ff1-9c54-dd44710bec5f} -

(no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-

206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: {d47eafdc-9915-0dbb-3eb4-0c71694c5ab5} - {5ba5c496-

17c0-4be3-bbd0-5199cdfae74d} - C:\WINDOWS\system32\toxyad.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-

001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-

CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-

B6FA-CE66B5AD205D} - C:\Program

Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: 0 - {F3C5D70B-79C7-4F42-0F95-113B33F5CE81} - (no

file)
O2 - BHO: (no name) - {F442D5CF-1904-4720-A73B-A29DFDF1457B} -

(no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F}

- c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program

Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [StartupDelayer] "C:\Program Files\r2

Studios\Startup Delayer\Startup Launcher GUI.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE

C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32

\dumprep 0 -k
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program

Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program

Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program

Files\Plaxo\3.18.0.14\PlaxoHelper_en.exe -a
O4 - HKCU\..\Run: [swg] C:\Program

Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PlaxoSysTray] C:\Program

Files\Plaxo\3.18.0.14\PlaxoSysTray.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot -

Search & Destroy\TeaTimer.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program

Files\Digital Line Detect\DLG.exe
O8 - Extra context menu item: E&xport to Microsoft Excel -

res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-

00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB

-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-

3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-

00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-

58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy

Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -

C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-

f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-

d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network

Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-

00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-

F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.ameritrade.com
O15 - Trusted Zone: http://advweb.countrywide.com
O15 - Trusted Zone: *.tdameritrade.com
O16 - DPF: {01020304-0506-0708-090A-0B0C0D0E0F08} -

http://messenger.yahoo.com/maintenance/patch.cab
O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall

Class) - https://www.plaxo.com/down/latest/PlaxoInstall.cab
O16 - DPF: {0AA2D4B3-27C3-42CB-B671-8B6CF97AE4FE} (TSAEButton

Class) -

https://www.cwinsider.com/cwi/frntd/advantedge/TSAEButn.cab
O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C}

(ICSScannerLight Class) -

http://download.zonelabs.com/bin/free/cm/ICSCM.cab
O16 - DPF: {2797548A-1E33-4717-A979-586A8539415F} (Cache Class)

- https://ioriginatea.countrywide.com/NXF/Bin/Accelerator.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} -

http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.

cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan

2.0 Installer Class) -

http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo

Upload Tool) -

http://by22fd.bay22.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl

Class) -

http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/

x86/client/wuweb_site.cab?1093132234886
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl

Class) -

http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x8

6/client/muweb_site.cab?1165802093625
O16 - DPF: {7114683A-020D-4D16-80FD-6ACE384B66DF} (FarPoint

Spread 7.0 (OLEDB)) -

https://ive.cwinsider.com:11002/fpspr70.cab
O16 - DPF: {7A162288-DE78-473C-A6BA-23FF17F768E9}

(AxWebInstaller Control) -

http://countrywide.interwise.com/countrywide/Application/EventE

ntry/AxWebInstaller.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} -

http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft

RDP Client Control (redist)) -

http://advweb.countrywide.com/supportfiles/msrdp.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly

Picture Upload Plugin) -

http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX

Control) - https://h17000.www1.hp.com/ewfrf-

JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave

Flash Object) -

http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swfl

ash.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll

C:\WINDOWS\system32\rugifuye.dll c:\windows\system32

\gapumefi.dll toxyad.dll
O20 - Winlogon Notify: ddcyy - C:\WINDOWS\system32\ddcyy.dll

(file missing)
O20 - Winlogon Notify: qomkjji - qomkjji.dll (file missing)
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-

E0B85DBDD6C4} - (no file)
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc.

- C:\Program Files\Common Files\ArcSoft\Connection

Service\Bin\ACService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program

Files\Common Files\Apple\Mobile Device

Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program

Files\Bonjour\mDNSResponder.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) -

Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: Google Updater Service (gusvc) - Google -

C:\Program Files\Google\Common\Google

Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) -

Macrovision Corporation - C:\Program Files\Common

Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program

Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International,

Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R)

Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA

Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32

\HPZipm12.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions -

C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions -

C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic

Solutions - C:\Program Files\Common Files\Roxio Shared\9.0

\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program

Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic

Solutions - C:\Program Files\Common Files\Roxio Shared\9.0

\SharedCOM\RoxWatch9.exe
O23 - Service: spkrmon - Unknown owner - C:\Program

Files\Analog Devices\SoundMAX\spkrmon.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation -

C:\Program Files\Common Files\Symantec Shared\Security

Center\SymWSC.exe

--
End of file - 11534 bytes
« Last Edit: February 25, 2009, 08:48:55 AM by bamajim »

*

Offline bamajim

  • Administrator
  • Platinum Member
  • 3116
Re: HiJackThis Log
« Reply #1 on: February 24, 2009, 07:42:33 AM »
AZScorpion

1. Go HERE and download File Lister.

Save it to your Desktop
Rt Click ->> Extract all ->> And extract it to your Desktop
Additional help on extracting zip files can be found HERE
Open the File Lister Folder.
Rt Click FileLister.vbe ->>Select Open Then Open to confirm.
As the program runs, it will appear that nothing is happening.
When the program is fnished it will produce a log for you C:\Files.txt

Copy and paste the contents of that log in your reply.

2008-2010
Rights cannot exist without morals

*

Offline AZScorpion

  • Bronze Member
  • 13
Re: [ In Progress ] HiJackThis Log
« Reply #2 on: February 24, 2009, 08:09:11 AM »
Ok - here's what it generated: (I had to break it up into multiple posts xince max ppost limit is 5k characters.


+++++++++++++++++++++++++++++++++
+ File Lister  Version 1.0.5
+
+  By bamajim / bamajim.com
+++++++++++++++++++++++++++++++++

Report ran on --->>>  2/24/2009 7:03:39 AM


====== Running Processes ======

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Plaxo\3.18.0.14\PlaxoHelper_en.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\ClamWin\bin\ClamTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Documents and Settings\RON\n
C:\Documents and Settings\RON\n
C:\WINDOWS\system32\HPZipm12.exe
c:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\WScript.exe

====== BHO's under HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects ======

BHO: (NO NAME) - {02478D38-C3F9-4efb-9B51-7695ECA05670} -

BHO: (NO NAME) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

BHO: (NO NAME) - {195e7c2b-7119-4ff1-9c54-dd44710bec5f} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

BHO: (NO NAME) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

BHO: {d47eafdc-9915-0dbb-3eb4-0c71694c5ab5} - {5ba5c496-17c0-4be3-bbd0-5199cdfae74d} - C:\WINDOWS\system32\toxyad.dll

BHO: (NO NAME) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll

BHO: (NO NAME) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

BHO: (NO NAME) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll

BHO: 0 - {F3C5D70B-79C7-4F42-0F95-113B33F5CE81} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll

BHO: (NO NAME) - {F442D5CF-1904-4720-A73B-A29DFDF1457B} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll

====== Values under HKLM\~\Run ======

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"dla"="C:\\WINDOWS\\system32\\dla\\tfswctrl.exe"
@=""
"COMODO Firewall Pro"="\"C:\\Program Files\\COMODO\\Firewall\\cfp.exe\" -h"
"StartupDelayer"="\"C:\\Program Files\\r2 Studios\\Startup Delayer\\Startup Launcher GUI.exe\""
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\
  65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\QTTask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"Logitech Utility"="Logi_MwX.Exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"


====== Values under HKCU\~\Run ======

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
@=""
"PlaxoUpdate"="C:\\Program Files\\Plaxo\\3.18.0.14\\PlaxoHelper_en.exe -a"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"PlaxoSysTray"="C:\\Program Files\\Plaxo\\3.18.0.14\\PlaxoSysTray.exe"
"SpybotSD TeaTimer"="C:\\Program Files\\Spybot - Search & Destroy\\TeaTimer.exe"


====== Folders and Files from "%\" and "%\Windows" Created Last 60 Days ======

2/24/2009 7:03:39 AM    3380    32    C:\Files.txt
2/21/2009 4:48:41 PM    4594    C:\WINDOWS\LastGood
2/21/2009 4:48:41 PM    4594    C:\WINDOWS\LastGood\system32
2/24/2009 1:32:00 AM    1981    32    C:\WINDOWS\WindowsUpdate.log
129024    38    C:\WINDOWS\SYSTEM32\kazerevi.dll
6456    34    C:\WINDOWS\SYSTEM32\patisoti
1/5/2009 4:18:52 PM    57344    32    C:\WINDOWS\SYSTEM32\QuickTime.qts
1/5/2009 4:18:52 PM    90112    32    C:\WINDOWS\SYSTEM32\QuickTimeVR.qtx
2/21/2009 7:31:48 AM    129024    38    C:\WINDOWS\SYSTEM32\toxyad.dll

====== Files under "\Administrator\Startup" Last 60 Days======



====== Files under "\All Users\Startup" Last 60 Days======




*

Offline AZScorpion

  • Bronze Member
  • 13
Re: [ In Progress ] HiJackThis Log
« Reply #3 on: February 24, 2009, 08:12:31 AM »
====== Folders under "\Program Files" Last 60 Days======

1/31/2009 7:53:04 AM    390521    C:\Program Files\Bonjour
1/31/2009 7:54:50 AM    88544477    C:\Program Files\iTunes
1/31/2009 7:54:50 AM    161119    C:\Program Files\iTunes\CD Configuration
1/31/2009 7:55:15 AM    70101047    C:\Program Files\iTunes\iTunes.Resources
1/31/2009 7:55:15 AM    3214129    C:\Program Files\iTunes\iTunes.Resources\da.lproj
1/31/2009 7:55:15 AM    46501    C:\Program Files\iTunes\iTunes.Resources\da.lproj\EQWindow.nib
1/31/2009 7:55:15 AM    28183    C:\Program Files\iTunes\iTunes.Resources\da.lproj\GradientWindow.nib
1/31/2009 7:55:16 AM    396518    C:\Program Files\iTunes\iTunes.Resources\da.lproj\iPodSettings.nib
1/31/2009 7:55:16 AM    10701    C:\Program Files\iTunes\iTunes.Resources\da.lproj\MusicStoreBar.nib
1/31/2009 7:55:16 AM    135616    C:\Program Files\iTunes\iTunes.Resources\da.lproj\Placards.nib
1/31/2009 7:55:17 AM    21957    C:\Program Files\iTunes\iTunes.Resources\da.lproj\Ringtone.nib
1/31/2009 7:55:17 AM    163531    C:\Program Files\iTunes\iTunes.Resources\da.lproj\SetupAssistant.nib
1/31/2009 7:55:17 AM    3661326    C:\Program Files\iTunes\iTunes.Resources\de.lproj
1/31/2009 7:55:17 AM    44230    C:\Program Files\iTunes\iTunes.Resources\de.lproj\EQWindow.nib
1/31/2009 7:55:17 AM    25849    C:\Program Files\iTunes\iTunes.Resources\de.lproj\GradientWindow.nib
1/31/2009 7:55:17 AM    353239    C:\Program Files\iTunes\iTunes.Resources\de.lproj\iPodSettings.nib
1/31/2009 7:55:18 AM    9186    C:\Program Files\iTunes\iTunes.Resources\de.lproj\MusicStoreBar.nib
1/31/2009 7:55:18 AM    134753    C:\Program Files\iTunes\iTunes.Resources\de.lproj\Placards.nib
1/31/2009 7:55:18 AM    21576    C:\Program Files\iTunes\iTunes.Resources\de.lproj\Ringtone.nib
1/31/2009 7:55:19 AM    147048    C:\Program Files\iTunes\iTunes.Resources\de.lproj\SetupAssistant.nib
1/31/2009 7:55:19 AM    3212776    C:\Program Files\iTunes\iTunes.Resources\en.lproj
1/31/2009 7:55:19 AM    46453    C:\Program Files\iTunes\iTunes.Resources\en.lproj\EQWindow.nib
1/31/2009 7:55:20 AM    27815    C:\Program Files\iTunes\iTunes.Resources\en.lproj\GradientWindow.nib
1/31/2009 7:55:20 AM    394241    C:\Program Files\iTunes\iTunes.Resources\en.lproj\iPodSettings.nib
1/31/2009 7:55:20 AM    10556    C:\Program Files\iTunes\iTunes.Resources\en.lproj\MusicStoreBar.nib
1/31/2009 7:55:20 AM    134480    C:\Program Files\iTunes\iTunes.Resources\en.lproj\Placards.nib
1/31/2009 7:55:21 AM    21460    C:\Program Files\iTunes\iTunes.Resources\en.lproj\Ringtone.nib
1/31/2009 7:55:21 AM    163198    C:\Program Files\iTunes\iTunes.Resources\en.lproj\SetupAssistant.nib
1/31/2009 7:55:21 AM    3463423    C:\Program Files\iTunes\iTunes.Resources\es.lproj
1/31/2009 7:55:21 AM    46562    C:\Program Files\iTunes\iTunes.Resources\es.lproj\EQWindow.nib
1/31/2009 7:55:21 AM    28186    C:\Program Files\iTunes\iTunes.Resources\es.lproj\GradientWindow.nib
1/31/2009 7:55:21 AM    398871    C:\Program Files\iTunes\iTunes.Resources\es.lproj\iPodSettings.nib
1/31/2009 7:55:21 AM    10704    C:\Program Files\iTunes\iTunes.Resources\es.lproj\MusicStoreBar.nib
1/31/2009 7:55:21 AM    135904    C:\Program Files\iTunes\iTunes.Resources\es.lproj\Placards.nib
1/31/2009 7:55:21 AM    21523    C:\Program Files\iTunes\iTunes.Resources\es.lproj\Ringtone.nib
1/31/2009 7:55:22 AM    164434    C:\Program Files\iTunes\iTunes.Resources\es.lproj\SetupAssistant.nib
1/31/2009 7:55:22 AM    3225976    C:\Program Files\iTunes\iTunes.Resources\fi.lproj
1/31/2009 7:55:22 AM    46543    C:\Program Files\iTunes\iTunes.Resources\fi.lproj\EQWindow.nib
1/31/2009 7:55:22 AM    28183    C:\Program Files\iTunes\iTunes.Resources\fi.lproj\GradientWindow.nib
1/31/2009 7:55:22 AM    397082    C:\Program Files\iTunes\iTunes.Resources\fi.lproj\iPodSettings.nib
1/31/2009 7:55:23 AM    10703    C:\Program Files\iTunes\iTunes.Resources\fi.lproj\MusicStoreBar.nib
1/31/2009 7:55:23 AM    135758    C:\Program Files\iTunes\iTunes.Resources\fi.lproj\Placards.nib
1/31/2009 7:55:23 AM    21522    C:\Program Files\iTunes\iTunes.Resources\fi.lproj\Ringtone.nib
1/31/2009 7:55:23 AM    163808    C:\Program Files\iTunes\iTunes.Resources\fi.lproj\SetupAssistant.nib
1/31/2009 7:55:23 AM    3567513    C:\Program Files\iTunes\iTunes.Resources\fr.lproj
1/31/2009 7:55:23 AM    46574    C:\Program Files\iTunes\iTunes.Resources\fr.lproj\EQWindow.nib
1/31/2009 7:55:23 AM    28189    C:\Program Files\iTunes\iTunes.Resources\fr.lproj\GradientWindow.nib
1/31/2009 7:55:24 AM    399178    C:\Program Files\iTunes\iTunes.Resources\fr.lproj\iPodSettings.nib
1/31/2009 7:55:24 AM    10703    C:\Program Files\iTunes\iTunes.Resources\fr.lproj\MusicStoreBar.nib
1/31/2009 7:55:24 AM    135952    C:\Program Files\iTunes\iTunes.Resources\fr.lproj\Placards.nib
1/31/2009 7:55:24 AM    21982    C:\Program Files\iTunes\iTunes.Resources\fr.lproj\Ringtone.nib
1/31/2009 7:55:24 AM    164848    C:\Program Files\iTunes\iTunes.Resources\fr.lproj\SetupAssistant.nib
1/31/2009 7:55:25 AM    3452721    C:\Program Files\iTunes\iTunes.Resources\it.lproj
1/31/2009 7:55:25 AM    46522    C:\Program Files\iTunes\iTunes.Resources\it.lproj\EQWindow.nib
1/31/2009 7:55:25 AM    28189    C:\Program Files\iTunes\iTunes.Resources\it.lproj\GradientWindow.nib
1/31/2009 7:55:25 AM    397825    C:\Program Files\iTunes\iTunes.Resources\it.lproj\iPodSettings.nib
1/31/2009 7:55:25 AM    10701    C:\Program Files\iTunes\iTunes.Resources\it.lproj\MusicStoreBar.nib
1/31/2009 7:55:25 AM    135772    C:\Program Files\iTunes\iTunes.Resources\it.lproj\Placards.nib
1/31/2009 7:55:25 AM    21973    C:\Program Files\iTunes\iTunes.Resources\it.lproj\Ringtone.nib
1/31/2009 7:55:25 AM    164005    C:\Program Files\iTunes\iTunes.Resources\it.lproj\SetupAssistant.nib
1/31/2009 7:55:25 AM    3180500    C:\Program Files\iTunes\iTunes.Resources\ja.lproj
1/31/2009 7:55:25 AM    46522    C:\Program Files\iTunes\iTunes.Resources\ja.lproj\EQWindow.nib
1/31/2009 7:55:25 AM    28210    C:\Program Files\iTunes\iTunes.Resources\ja.lproj\GradientWindow.nib
1/31/2009 7:55:25 AM    401488    C:\Program Files\iTunes\iTunes.Resources\ja.lproj\iPodSettings.nib
1/31/2009 7:55:26 AM    10702    C:\Program Files\iTunes\iTunes.Resources\ja.lproj\MusicStoreBar.nib
1/31/2009 7:55:26 AM    135951    C:\Program Files\iTunes\iTunes.Resources\ja.lproj\Placards.nib
1/31/2009 7:55:26 AM    21963    C:\Program Files\iTunes\iTunes.Resources\ja.lproj\Ringtone.nib
1/31/2009 7:55:27 AM    166258    C:\Program Files\iTunes\iTunes.Resources\ja.lproj\SetupAssistant.nib
1/31/2009 7:55:27 AM    4417679    C:\Program Files\iTunes\iTunes.Resources\ko.lproj
1/31/2009 7:55:27 AM    46324    C:\Program Files\iTunes\iTunes.Resources\ko.lproj\EQWindow.nib
1/31/2009 7:55:28 AM    27764    C:\Program Files\iTunes\iTunes.Resources\ko.lproj\GradientWindow.nib
1/31/2009 7:55:29 AM    395009    C:\Program Files\iTunes\iTunes.Resources\ko.lproj\iPodSettings.nib
1/31/2009 7:55:29 AM    10499    C:\Program Files\iTunes\iTunes.Resources\ko.lproj\MusicStoreBar.nib
1/31/2009 7:55:29 AM    134619    C:\Program Files\iTunes\iTunes.Resources\ko.lproj\Placards.nib
1/31/2009 7:55:29 AM    21478    C:\Program Files\iTunes\iTunes.Resources\ko.lproj\Ringtone.nib
1/31/2009 7:55:29 AM    161708    C:\Program Files\iTunes\iTunes.Resources\ko.lproj\SetupAssistant.nib
1/31/2009 7:55:29 AM    3301151    C:\Program Files\iTunes\iTunes.Resources\nb.lproj
1/31/2009 7:55:30 AM    46534    C:\Program Files\iTunes\iTunes.Resources\nb.lproj\EQWindow.nib
1/31/2009 7:55:30 AM    28180    C:\Program Files\iTunes\iTunes.Resources\nb.lproj\GradientWindow.nib
1/31/2009 7:55:30 AM    396953    C:\Program Files\iTunes\iTunes.Resources\nb.lproj\iPodSettings.nib
1/31/2009 7:55:30 AM    10701    C:\Program Files\iTunes\iTunes.Resources\nb.lproj\MusicStoreBar.nib
1/31/2009 7:55:30 AM    135644    C:\Program Files\iTunes\iTunes.Resources\nb.lproj\Placards.nib
1/31/2009 7:55:30 AM    21952    C:\Program Files\iTunes\iTunes.Resources\nb.lproj\Ringtone.nib
1/31/2009 7:55:30 AM    163583    C:\Program Files\iTunes\iTunes.Resources\nb.lproj\SetupAssistant.nib
1/31/2009 7:55:30 AM    3465055    C:\Program Files\iTunes\iTunes.Resources\nl.lproj
1/31/2009 7:55:30 AM    46458    C:\Program Files\iTunes\iTunes.Resources\nl.lproj\EQWindow.nib
1/31/2009 7:55:30 AM    28002    C:\Program Files\iTunes\iTunes.Resources\nl.lproj\GradientWindow.nib
1/31/2009 7:55:30 AM    337025    C:\Program Files\iTunes\iTunes.Resources\nl.lproj\iPodSettings.nib
1/31/2009 7:55:30 AM    10497    C:\Program Files\iTunes\iTunes.Resources\nl.lproj\MusicStoreBar.nib
1/31/2009 7:55:30 AM    135748    C:\Program Files\iTunes\iTunes.Resources\nl.lproj\Placards.nib
1/31/2009 7:55:30 AM    21908    C:\Program Files\iTunes\iTunes.Resources\nl.lproj\Ringtone.nib
1/31/2009 7:55:31 AM    149013    C:\Program Files\iTunes\iTunes.Resources\nl.lproj\SetupAssistant.nib
1/31/2009 7:55:31 AM    3409443    C:\Program Files\iTunes\iTunes.Resources\pl.lproj
1/31/2009 7:55:31 AM    46558    C:\Program Files\iTunes\iTunes.Resources\pl.lproj\EQWindow.nib
1/31/2009 7:55:31 AM    28177    C:\Program Files\iTunes\iTunes.Resources\pl.lproj\GradientWindow.nib
1/31/2009 7:55:31 AM    397735    C:\Program Files\iTunes\iTunes.Resources\pl.lproj\iPodSettings.nib
1/31/2009 7:55:32 AM    10701    C:\Program Files\iTunes\iTunes.Resources\pl.lproj\MusicStoreBar.nib
1/31/2009 7:55:32 AM    135669    C:\Program Files\iTunes\iTunes.Resources\pl.lproj\Placards.nib
1/31/2009 7:55:32 AM    21946    C:\Program Files\iTunes\iTunes.Resources\pl.lproj\Ringtone.nib
1/31/2009 7:55:32 AM    163644    C:\Program Files\iTunes\iTunes.Resources\pl.lproj\SetupAssistant.nib
1/31/2009 7:55:32 AM    3311212    C:\Program Files\iTunes\iTunes.Resources\pt.lproj
1/31/2009 7:55:32 AM    46548    C:\Program Files\iTunes\iTunes.Resources\pt.lproj\EQWindow.nib
1/31/2009 7:55:32 AM    28183    C:\Program Files\iTunes\iTunes.Resources\pt.lproj\GradientWindow.nib
1/31/2009 7:55:32 AM    397636    C:\Program Files\iTunes\iTunes.Resources\pt.lproj\iPodSettings.nib
1/31/2009 7:55:33 AM    10713    C:\Program Files\iTunes\iTunes.Resources\pt.lproj\MusicStoreBar.nib
1/31/2009 7:55:33 AM    135843    C:\Program Files\iTunes\iTunes.Resources\pt.lproj\Placards.nib
1/31/2009 7:55:33 AM    21553    C:\Program Files\iTunes\iTunes.Resources\pt.lproj\Ringtone.nib
1/31/2009 7:55:33 AM    164393    C:\Program Files\iTunes\iTunes.Resources\pt.lproj\SetupAssistant.nib
1/31/2009 7:55:33 AM    3441757    C:\Program Files\iTunes\iTunes.Resources\pt_PT.lproj
1/31/2009 7:55:33 AM    46555    C:\Program Files\iTunes\iTunes.Resources\pt_PT.lproj\EQWindow.nib
1/31/2009 7:55:33 AM    28183    C:\Program Files\iTunes\iTunes.Resources\pt_PT.lproj\GradientWindow.nib
1/31/2009 7:55:33 AM    397641    C:\Program Files\iTunes\iTunes.Resources\pt_PT.lproj\iPodSettings.nib
1/31/2009 7:55:33 AM    10708    C:\Program Files\iTunes\iTunes.Resources\pt_PT.lproj\MusicStoreBar.nib
1/31/2009 7:55:33 AM    135895    C:\Program Files\iTunes\iTunes.Resources\pt_PT.lproj\Placards.nib
1/31/2009 7:55:33 AM    22065    C:\Program Files\iTunes\iTunes.Resources\pt_PT.lproj\Ringtone.nib
1/31/2009 7:55:33 AM    164094    C:\Program Files\iTunes\iTunes.Resources\pt_PT.lproj\SetupAssistant.nib
1/31/2009 7:55:33 AM    4178484    C:\Program Files\iTunes\iTunes.Resources\ru.lproj
1/31/2009 7:55:33 AM    46947    C:\Program Files\iTunes\iTunes.Resources\ru.lproj\EQWindow.nib
1/31/2009 7:55:33 AM    28189    C:\Program Files\iTunes\iTunes.Resources\ru.lproj\GradientWindow.nib
1/31/2009 7:55:33 AM    405919    C:\Program Files\iTunes\iTunes.Resources\ru.lproj\iPodSettings.nib
1/31/2009 7:55:34 AM    10738    C:\Program Files\iTunes\iTunes.Resources\ru.lproj\MusicStoreBar.nib
1/31/2009 7:55:34 AM    136827    C:\Program Files\iTunes\iTunes.Resources\ru.lproj\Placards.nib
1/31/2009 7:55:34 AM    21648    C:\Program Files\iTunes\iTunes.Resources\ru.lproj\Ringtone.nib
1/31/2009 7:55:34 AM    168090    C:\Program Files\iTunes\iTunes.Resources\ru.lproj\SetupAssistant.nib
1/31/2009 7:55:34 AM    3269412    C:\Program Files\iTunes\iTunes.Resources\sv.lproj
1/31/2009 7:55:34 AM    46528    C:\Program Files\iTunes\iTunes.Resources\sv.lproj\EQWindow.nib
1/31/2009 7:55:34 AM    28189    C:\Program Files\iTunes\iTunes.Resources\sv.lproj\GradientWindow.nib
1/31/2009 7:55:35 AM    396514    C:\Program Files\iTunes\iTunes.Resources\sv.lproj\iPodSettings.nib
1/31/2009 7:55:36 AM    10707    C:\Program Files\iTunes\iTunes.Resources\sv.lproj\MusicStoreBar.nib
1/31/2009 7:55:36 AM    135670    C:\Program Files\iTunes\iTunes.Resources\sv.lproj\Placards.nib
1/31/2009 7:55:36 AM    21967    C:\Program Files\iTunes\iTunes.Resources\sv.lproj\Ringtone.nib
1/31/2009 7:55:37 AM    163505    C:\Program Files\iTunes\iTunes.Resources\sv.lproj\SetupAssistant.nib
1/31/2009 7:55:37 AM    3150319    C:\Program Files\iTunes\iTunes.Resources\zh_CN.lproj
1/31/2009 7:55:37 AM    47168    C:\Program Files\iTunes\iTunes.Resources\zh_CN.lproj\EQWindow.nib
1/31/2009 7:55:37 AM    28183    C:\Program Files\iTunes\iTunes.Resources\zh_CN.lproj\GradientWindow.nib
1/31/2009 7:55:37 AM    398286    C:\Program Files\iTunes\iTunes.Resources\zh_CN.lproj\iPodSettings.nib
1/31/2009 7:55:37 AM    10699    C:\Program Files\iTunes\iTunes.Resources\zh_CN.lproj\MusicStoreBar.nib
1/31/2009 7:55:37 AM    136713    C:\Program Files\iTunes\iTunes.Resources\zh_CN.lproj\Placards.nib
1/31/2009 7:55:37 AM    21922    C:\Program Files\iTunes\iTunes.Resources\zh_CN.lproj\Ringtone.nib
1/31/2009 7:55:37 AM    164201    C:\Program Files\iTunes\iTunes.Resources\zh_CN.lproj\SetupAssistant.nib
1/31/2009 7:55:37 AM    2808272    C:\Program Files\iTunes\iTunes.Resources\zh_TW.lproj
1/31/2009 7:55:37 AM    46547    C:\Program Files\iTunes\iTunes.Resources\zh_TW.lproj\EQWindow.nib
1/31/2009 7:55:37 AM    28183    C:\Program Files\iTunes\iTunes.Resources\zh_TW.lproj\GradientWindow.nib
1/31/2009 7:55:37 AM    398390    C:\Program Files\iTunes\iTunes.Resources\zh_TW.lproj\iPodSettings.nib
1/31/2009 7:55:38 AM    10699    C:\Program Files\iTunes\iTunes.Resources\zh_TW.lproj\MusicStoreBar.nib
1/31/2009 7:55:38 AM    136658    C:\Program Files\iTunes\iTunes.Resources\zh_TW.lproj\Placards.nib
1/31/2009 7:55:38 AM    21925    C:\Program Files\iTunes\iTunes.Resources\zh_TW.lproj\Ringtone.nib
1/31/2009 7:55:38 AM    164223    C:\Program Files\iTunes\iTunes.Resources\zh_TW.lproj\SetupAssistant.nib
1/31/2009 7:55:38 AM    825856    C:\Program Files\iTunes\iTunesHelper.Resources
1/31/2009 7:55:38 AM    43520    C:\Program Files\iTunes\iTunesHelper.Resources\da.lproj
1/31/2009 7:55:38 AM    43520    C:\Program Files\iTunes\iTunesHelper.Resources\de.lproj
1/31/2009 7:55:38 AM    43520    C:\Program Files\iTunes\iTunesHelper.Resources\en.lproj
1/31/2009 7:55:38 AM    43520    C:\Program Files\iTunes\iTunesHelper.Resources\es.lproj
1/31/2009 7:55:38 AM    43520    C:\Program Files\iTunes\iTunesHelper.Resources\fi.lproj
1/31/2009 7:55:38 AM    43520    C:\Program Files\iTunes\iTunesHelper.Resources\fr.lproj
1/31/2009 7:55:38 AM    43520    C:\Program Files\iTunes\iTunesHelper.Resources\it.lproj
1/31/2009 7:55:38 AM    43520    C:\Program Files\iTunes\iTunesHelper.Resources\ja.lproj
1/31/2009 7:55:38 AM    43520    C:\Program Files\iTunes\iTunesHelper.Resources\ko.lproj
1/31/2009 7:55:39 AM    43520    C:\Program Files\iTunes\iTunesHelper.Resources\nb.lproj
1/31/2009 7:55:39 AM    43520    C:\Program Files\iTunes\iTunesHelper.Resources\nl.lproj
1/31/2009 7:55:39 AM    43520    C:\Program Files\iTunes\iTunesHelper.Resources\pl.lproj
1/31/2009 7:55:39 AM    43520    C:\Program Files\iTunes\iTunesHelper.Resources\pt.lproj
1/31/2009 7:55:39 AM    43520    C:\Program Files\iTunes\iTunesHelper.Resources\pt_PT.lproj
1/31/2009 7:55:39 AM    43520    C:\Program Files\iTunes\iTunesHelper.Resources\ru.lproj
1/31/2009 7:55:39 AM    43520    C:\Program Files\iTunes\iTunesHelper.Resources\sv.lproj
1/31/2009 7:55:39 AM    43520    C:\Program Files\iTunes\iTunesHelper.Resources\zh_CN.lproj
1/31/2009 7:55:39 AM    43520    C:\Program Files\iTunes\iTunesHelper.Resources\zh_TW.lproj
1/31/2009 7:55:40 AM    903680    C:\Program Files\iTunes\iTunesMiniPlayer.Resources
1/31/2009 7:55:40 AM    43008    C:\Program Files\iTunes\iTunesMiniPlayer.Resources\da.lproj
1/31/2009 7:55:40 AM    43008    C:\Program Files\iTunes\iTunesMiniPlayer.Resources\de.lproj
1/31/2009 7:55:40 AM    43008    C:\Program Files\iTunes\iTunesMiniPlayer.Resources\en.lproj
1/31/2009 7:55:40 AM    43008    C:\Program Files\iTunes\iTunesMiniPlayer.Resources\es.lproj
1/31/2009 7:55:40 AM    43008    C:\Program Files\iTunes\iTunesMiniPlayer.Resources\fi.lproj
1/31/2009 7:55:40 AM    43008    C:\Program Files\iTunes\iTunesMiniPlayer.Resources\fr.lproj
1/31/2009 7:55:40 AM    43008    C:\Program Files\iTunes\iTunesMiniPlayer.Resources\it.lproj
1/31/2009 7:55:40 AM    43008    C:\Program Files\iTunes\iTunesMiniPlayer.Resources\ja.lproj
1/31/2009 7:55:40 AM    43008    C:\Program Files\iTunes\iTunesMiniPlayer.Resources\ko.lproj
1/31/2009 7:55:40 AM    43008    C:\Program Files\iTunes\iTunesMiniPlayer.Resources\nb.lproj
1/31/2009 7:55:40 AM    43008    C:\Program Files\iTunes\iTunesMiniPlayer.Resources\nl.lproj
1/31/2009 7:55:40 AM    43008    C:\Program Files\iTunes\iTunesMiniPlayer.Resources\pl.lproj
1/31/2009 7:55:40 AM    43008    C:\Program Files\iTunes\iTunesMiniPlayer.Resources\pt.lproj
1/31/2009 7:55:40 AM    43008    C:\Program Files\iTunes\iTunesMiniPlayer.Resources\pt_PT.lproj
1/31/2009 7:55:40 AM    43008    C:\Program Files\iTunes\iTunesMiniPlayer.Resources\ru.lproj
1/31/2009 7:55:40 AM    43008    C:\Program Files\iTunes\iTunesMiniPlayer.Resources\sv.lproj
1/31/2009 7:55:40 AM    43008    C:\Program Files\iTunes\iTunesMiniPlayer.Resources\zh_CN.lproj
1/31/2009 7:55:40 AM    43008    C:\Program Files\iTunes\iTunesMiniPlayer.Resources\zh_TW.lproj
1/31/2009 7:55:40 AM    69851    C:\Program Files\iTunes\Mozilla Plugins
1/31/2009 7:51:35 AM    77340556    C:\Program Files\QuickTime


*

Offline AZScorpion

  • Bronze Member
  • 13
Re: [ In Progress ] HiJackThis Log
« Reply #4 on: February 24, 2009, 08:16:27 AM »
1/31/2009 7:51:49 AM    2188288    C:\Program Files\QuickTime\PictureViewer.Resources
1/31/2009 7:51:49 AM    144384    C:\Program Files\QuickTime\PictureViewer.Resources\da.lproj
1/31/2009 7:51:49 AM    132608    C:\Program Files\QuickTime\PictureViewer.Resources\de.lproj
1/31/2009 7:51:50 AM    92160    C:\Program Files\QuickTime\PictureViewer.Resources\en.lproj
1/31/2009 7:51:50 AM    143872    C:\Program Files\QuickTime\PictureViewer.Resources\es.lproj
1/31/2009 7:51:50 AM    132096    C:\Program Files\QuickTime\PictureViewer.Resources\fi.lproj
1/31/2009 7:51:50 AM    141312    C:\Program Files\QuickTime\PictureViewer.Resources\fr.lproj
1/31/2009 7:51:50 AM    138240    C:\Program Files\QuickTime\PictureViewer.Resources\it.lproj
1/31/2009 7:51:50 AM    92672    C:\Program Files\QuickTime\PictureViewer.Resources\ja.lproj
1/31/2009 7:51:50 AM    92160    C:\Program Files\QuickTime\PictureViewer.Resources\ko.lproj
1/31/2009 7:51:50 AM    92672    C:\Program Files\QuickTime\PictureViewer.Resources\nb.lproj
1/31/2009 7:51:50 AM    134144    C:\Program Files\QuickTime\PictureViewer.Resources\nl.lproj
1/31/2009 7:51:51 AM    136192    C:\Program Files\QuickTime\PictureViewer.Resources\pl.lproj
1/31/2009 7:51:51 AM    139776    C:\Program Files\QuickTime\PictureViewer.Resources\pt_PT.lproj
1/31/2009 7:51:51 AM    92672    C:\Program Files\QuickTime\PictureViewer.Resources\ru.lproj
1/31/2009 7:51:51 AM    140800    C:\Program Files\QuickTime\PictureViewer.Resources\sv.lproj
1/31/2009 7:51:51 AM    128512    C:\Program Files\QuickTime\PictureViewer.Resources\zh_CN.lproj
1/31/2009 7:51:51 AM    124416    C:\Program Files\QuickTime\PictureViewer.Resources\zh_TW.lproj
1/31/2009 7:52:39 AM    1153482    C:\Program Files\QuickTime\Plugins
1/31/2009 7:51:38 AM    422427    C:\Program Files\QuickTime\PropertyPanels
1/31/2009 7:51:47 AM    55808    C:\Program Files\QuickTime\PropertyPanels\PanelHelperBase.Resources
1/31/2009 7:51:48 AM    3072    C:\Program Files\QuickTime\PropertyPanels\PanelHelperBase.Resources\da.lproj
1/31/2009 7:51:48 AM    3072    C:\Program Files\QuickTime\PropertyPanels\PanelHelperBase.Resources\de.lproj
1/31/2009 7:51:48 AM    3072    C:\Program Files\QuickTime\PropertyPanels\PanelHelperBase.Resources\en.lproj
1/31/2009 7:51:48 AM    3072    C:\Program Files\QuickTime\PropertyPanels\PanelHelperBase.Resources\es.lproj
1/31/2009 7:51:48 AM    3072    C:\Program Files\QuickTime\PropertyPanels\PanelHelperBase.Resources\fi.lproj
1/31/2009 7:51:48 AM    3072    C:\Program Files\QuickTime\PropertyPanels\PanelHelperBase.Resources\fr.lproj
1/31/2009 7:51:48 AM    3072    C:\Program Files\QuickTime\PropertyPanels\PanelHelperBase.Resources\it.lproj
1/31/2009 7:51:48 AM    3072    C:\Program Files\QuickTime\PropertyPanels\PanelHelperBase.Resources\ja.lproj
1/31/2009 7:51:48 AM    3072    C:\Program Files\QuickTime\PropertyPanels\PanelHelperBase.Resources\ko.lproj
1/31/2009 7:51:48 AM    3072    C:\Program Files\QuickTime\PropertyPanels\PanelHelperBase.Resources\nb.lproj
1/31/2009 7:51:48 AM    3072    C:\Program Files\QuickTime\PropertyPanels\PanelHelperBase.Resources\nl.lproj
1/31/2009 7:51:48 AM    3072    C:\Program Files\QuickTime\PropertyPanels\PanelHelperBase.Resources\pl.lproj
1/31/2009 7:51:49 AM    3072    C:\Program Files\QuickTime\PropertyPanels\PanelHelperBase.Resources\pt_PT.lproj
1/31/2009 7:51:49 AM    3072    C:\Program Files\QuickTime\PropertyPanels\PanelHelperBase.Resources\ru.lproj
1/31/2009 7:51:49 AM    3072    C:\Program Files\QuickTime\PropertyPanels\PanelHelperBase.Resources\sv.lproj
1/31/2009 7:51:49 AM    3072    C:\Program Files\QuickTime\PropertyPanels\PanelHelperBase.Resources\zh_CN.lproj
1/31/2009 7:51:49 AM    3072    C:\Program Files\QuickTime\PropertyPanels\PanelHelperBase.Resources\zh_TW.lproj
1/31/2009 7:51:51 AM    75264    C:\Program Files\QuickTime\PropertyPanels\PropPanelHelpers.Resources
1/31/2009 7:51:51 AM    4096    C:\Program Files\QuickTime\PropertyPanels\PropPanelHelpers.Resources\da.lproj
1/31/2009 7:51:51 AM    4096    C:\Program Files\QuickTime\PropertyPanels\PropPanelHelpers.Resources\de.lproj
1/31/2009 7:51:51 AM    4096    C:\Program Files\QuickTime\PropertyPanels\PropPanelHelpers.Resources\en.lproj
1/31/2009 7:51:51 AM    4608    C:\Program Files\QuickTime\PropertyPanels\PropPanelHelpers.Resources\es.lproj
1/31/2009 7:51:51 AM    4096    C:\Program Files\QuickTime\PropertyPanels\PropPanelHelpers.Resources\fi.lproj
1/31/2009 7:51:51 AM    4096    C:\Program Files\QuickTime\PropertyPanels\PropPanelHelpers.Resources\fr.lproj
1/31/2009 7:51:51 AM    4096    C:\Program Files\QuickTime\PropertyPanels\PropPanelHelpers.Resources\it.lproj
1/31/2009 7:51:51 AM    4096    C:\Program Files\QuickTime\PropertyPanels\PropPanelHelpers.Resources\ja.lproj
1/31/2009 7:51:51 AM    4096    C:\Program Files\QuickTime\PropertyPanels\PropPanelHelpers.Resources\ko.lproj
1/31/2009 7:51:51 AM    4096    C:\Program Files\QuickTime\PropertyPanels\PropPanelHelpers.Resources\nb.lproj
1/31/2009 7:51:51 AM    4096    C:\Program Files\QuickTime\PropertyPanels\PropPanelHelpers.Resources\nl.lproj
1/31/2009 7:51:51 AM    4096    C:\Program Files\QuickTime\PropertyPanels\PropPanelHelpers.Resources\pl.lproj
1/31/2009 7:51:51 AM    4608    C:\Program Files\QuickTime\PropertyPanels\PropPanelHelpers.Resources\pt_PT.lproj
1/31/2009 7:51:51 AM    4096    C:\Program Files\QuickTime\PropertyPanels\PropPanelHelpers.Resources\ru.lproj
1/31/2009 7:51:51 AM    4096    C:\Program Files\QuickTime\PropertyPanels\PropPanelHelpers.Resources\sv.lproj
1/31/2009 7:51:52 AM    4096    C:\Program Files\QuickTime\PropertyPanels\PropPanelHelpers.Resources\zh_CN.lproj
1/31/2009 7:51:52 AM    4096    C:\Program Files\QuickTime\PropertyPanels\PropPanelHelpers.Resources\zh_TW.lproj
1/31/2009 7:51:35 AM    0    C:\Program Files\QuickTime\QTComponents
1/31/2009 7:51:35 AM    60720142    C:\Program Files\QuickTime\QTSystem
1/31/2009 7:51:45 AM    55808    C:\Program Files\QuickTime\QTSystem\CoreVideo.Resources
1/31/2009 7:51:45 AM    3072    C:\Program Files\QuickTime\QTSystem\CoreVideo.Resources\da.lproj
1/31/2009 7:51:45 AM    3072    C:\Program Files\QuickTime\QTSystem\CoreVideo.Resources\de.lproj
1/31/2009 7:51:45 AM    3072    C:\Program Files\QuickTime\QTSystem\CoreVideo.Resources\en.lproj
1/31/2009 7:51:45 AM    3072    C:\Program Files\QuickTime\QTSystem\CoreVideo.Resources\es.lproj
1/31/2009 7:51:46 AM    3072    C:\Program Files\QuickTime\QTSystem\CoreVideo.Resources\fi.lproj
1/31/2009 7:51:46 AM    3072    C:\Program Files\QuickTime\QTSystem\CoreVideo.Resources\fr.lproj
1/31/2009 7:51:46 AM    3072    C:\Program Files\QuickTime\QTSystem\CoreVideo.Resources\it.lproj
1/31/2009 7:51:46 AM    3072    C:\Program Files\QuickTime\QTSystem\CoreVideo.Resources\ja.lproj
1/31/2009 7:51:46 AM    3072    C:\Program Files\QuickTime\QTSystem\CoreVideo.Resources\ko.lproj
1/31/2009 7:51:46 AM    3072    C:\Program Files\QuickTime\QTSystem\CoreVideo.Resources\nb.lproj
1/31/2009 7:51:46 AM    3072    C:\Program Files\QuickTime\QTSystem\CoreVideo.Resources\nl.lproj
1/31/2009 7:51:46 AM    3072    C:\Program Files\QuickTime\QTSystem\CoreVideo.Resources\pl.lproj
1/31/2009 7:51:46 AM    3072    C:\Program Files\QuickTime\QTSystem\CoreVideo.Resources\pt_PT.lproj
1/31/2009 7:51:47 AM    3072    C:\Program Files\QuickTime\QTSystem\CoreVideo.Resources\ru.lproj
1/31/2009 7:51:47 AM    3072    C:\Program Files\QuickTime\QTSystem\CoreVideo.Resources\sv.lproj
1/31/2009 7:51:47 AM    3072    C:\Program Files\QuickTime\QTSystem\CoreVideo.Resources\zh_CN.lproj
1/31/2009 7:51:47 AM    3072    C:\Program Files\QuickTime\QTSystem\CoreVideo.Resources\zh_TW.lproj
1/31/2009 7:51:52 AM    4381764    C:\Program Files\QuickTime\QTSystem\QuickTime.Resources
1/31/2009 7:51:52 AM    241152    C:\Program Files\QuickTime\QTSystem\QuickTime.Resources\da.lproj
1/31/2009 7:51:52 AM    246784    C:\Program Files\QuickTime\QTSystem\QuickTime.Resources\de.lproj
1/31/2009 7:51:52 AM    237568    C:\Program Files\QuickTime\QTSystem\QuickTime.Resources\en.lproj
1/31/2009 7:51:52 AM    244736    C:\Program Files\QuickTime\QTSystem\QuickTime.Resources\es.lproj
1/31/2009 7:51:52 AM    238080    C:\Program Files\QuickTime\QTSystem\QuickTime.Resources\fi.lproj
1/31/2009 7:51:52 AM    246784    C:\Program Files\QuickTime\QTSystem\QuickTime.Resources\fr.lproj
1/31/2009 7:51:52 AM    239104    C:\Program Files\QuickTime\QTSystem\QuickTime.Resources\it.lproj
1/31/2009 7:51:52 AM    238592    C:\Program Files\QuickTime\QTSystem\QuickTime.Resources\ja.lproj
1/31/2009 7:51:52 AM    236544    C:\Program Files\QuickTime\QTSystem\QuickTime.Resources\ko.lproj
1/31/2009 7:51:52 AM    253952    C:\Program Files\QuickTime\QTSystem\QuickTime.Resources\nb.lproj
1/31/2009 7:51:53 AM    244736    C:\Program Files\QuickTime\QTSystem\QuickTime.Resources\nl.lproj
1/31/2009 7:51:53 AM    240128    C:\Program Files\QuickTime\QTSystem\QuickTime.Resources\pl.lproj
1/31/2009 7:51:53 AM    241152    C:\Program Files\QuickTime\QTSystem\QuickTime.Resources\pt_PT.lproj
1/31/2009 7:51:53 AM    240128    C:\Program Files\QuickTime\QTSystem\QuickTime.Resources\ru.lproj
1/31/2009 7:51:53 AM    237568    C:\Program Files\QuickTime\QTSystem\QuickTime.Resources\sv.lproj
1/31/2009 7:51:53 AM    233984    C:\Program Files\QuickTime\QTSystem\QuickTime.Resources\zh_CN.lproj
1/31/2009 7:51:53 AM    230912    C:\Program Files\QuickTime\QTSystem\QuickTime.Resources\zh_TW.lproj
1/31/2009 7:51:53 AM    156672    C:\Program Files\QuickTime\QTSystem\QuickTime3GPP.Resources
1/31/2009 7:51:53 AM    8704    C:\Program Files\QuickTime\QTSystem\QuickTime3GPP.Resources\da.lproj
1/31/2009 7:51:53 AM    8704    C:\Program Files\QuickTime\QTSystem\QuickTime3GPP.Resources\de.lproj
1/31/2009 7:51:53 AM    8704    C:\Program Files\QuickTime\QTSystem\QuickTime3GPP.Resources\en.lproj
1/31/2009 7:51:53 AM    9216    C:\Program Files\QuickTime\QTSystem\QuickTime3GPP.Resources\es.lproj
1/31/2009 7:51:53 AM    8704    C:\Program Files\QuickTime\QTSystem\QuickTime3GPP.Resources\fi.lproj
1/31/2009 7:51:53 AM    9216    C:\Program Files\QuickTime\QTSystem\QuickTime3GPP.Resources\fr.lproj
1/31/2009 7:51:53 AM    9216    C:\Program Files\QuickTime\QTSystem\QuickTime3GPP.Resources\it.lproj
1/31/2009 7:51:53 AM    9216    C:\Program Files\QuickTime\QTSystem\QuickTime3GPP.Resources\ja.lproj
1/31/2009 7:51:53 AM    8704    C:\Program Files\QuickTime\QTSystem\QuickTime3GPP.Resources\ko.lproj
1/31/2009 7:51:53 AM    8704    C:\Program Files\QuickTime\QTSystem\QuickTime3GPP.Resources\nb.lproj
1/31/2009 7:51:53 AM    9216    C:\Program Files\QuickTime\QTSystem\QuickTime3GPP.Resources\nl.lproj
1/31/2009 7:51:53 AM    8704    C:\Program Files\QuickTime\QTSystem\QuickTime3GPP.Resources\pl.lproj
1/31/2009 7:51:53 AM    9216    C:\Program Files\QuickTime\QTSystem\QuickTime3GPP.Resources\pt_PT.lproj
1/31/2009 7:51:53 AM    8704    C:\Program Files\QuickTime\QTSystem\QuickTime3GPP.Resources\ru.lproj
1/31/2009 7:51:53 AM    8704    C:\Program Files\QuickTime\QTSystem\QuickTime3GPP.Resources\sv.lproj
1/31/2009 7:51:54 AM    8704    C:\Program Files\QuickTime\QTSystem\QuickTime3GPP.Resources\zh_CN.lproj
1/31/2009 7:51:54 AM    8704    C:\Program Files\QuickTime\QTSystem\QuickTime3GPP.Resources\zh_TW.lproj
1/31/2009 7:51:54 AM    293888    C:\Program Files\QuickTime\QTSystem\QuickTime3GPPAuthoring.Resources
1/31/2009 7:51:54 AM    17408    C:\Program Files\QuickTime\QTSystem\QuickTime3GPPAuthoring.Resources\da.lproj
1/31/2009 7:51:54 AM    16896    C:\Program Files\QuickTime\QTSystem\QuickTime3GPPAuthoring.Resources\de.lproj
1/31/2009 7:51:54 AM    16384    C:\Program Files\QuickTime\QTSystem\QuickTime3GPPAuthoring.Resources\en.lproj
1/31/2009 7:51:54 AM    17408    C:\Program Files\QuickTime\QTSystem\QuickTime3GPPAuthoring.Resources\es.lproj
1/31/2009 7:51:54 AM    16384    C:\Program Files\QuickTime\QTSystem\QuickTime3GPPAuthoring.Resources\fi.lproj
1/31/2009 7:51:54 AM    17408    C:\Program Files\QuickTime\QTSystem\QuickTime3GPPAuthoring.Resources\fr.lproj
1/31/2009 7:51:54 AM    17408    C:\Program Files\QuickTime\QTSystem\QuickTime3GPPAuthoring.Resources\it.lproj
1/31/2009 7:51:55 AM    17408    C:\Program Files\QuickTime\QTSystem\QuickTime3GPPAuthoring.Resources\ja.lproj
1/31/2009 7:51:55 AM    15360    C:\Program Files\QuickTime\QTSystem\QuickTime3GPPAuthoring.Resources\ko.lproj
1/31/2009 7:51:55 AM    16896    C:\Program Files\QuickTime\QTSystem\QuickTime3GPPAuthoring.Resources\nb.lproj
1/31/2009 7:51:55 AM    16896    C:\Program Files\QuickTime\QTSystem\QuickTime3GPPAuthoring.Resources\nl.lproj
1/31/2009 7:51:55 AM    17408    C:\Program Files\QuickTime\QTSystem\QuickTime3GPPAuthoring.Resources\pl.lproj
1/31/2009 7:51:55 AM    17408    C:\Program Files\QuickTime\QTSystem\QuickTime3GPPAuthoring.Resources\pt_PT.lproj
1/31/2009 7:51:55 AM    16896    C:\Program Files\QuickTime\QTSystem\QuickTime3GPPAuthoring.Resources\ru.lproj
1/31/2009 7:51:55 AM    16896    C:\Program Files\QuickTime\QTSystem\QuickTime3GPPAuthoring.Resources\sv.lproj
1/31/2009 7:51:55 AM    14848    C:\Program Files\QuickTime\QTSystem\QuickTime3GPPAuthoring.Resources\zh_CN.lproj
1/31/2009 7:51:55 AM    14848    C:\Program Files\QuickTime\QTSystem\QuickTime3GPPAuthoring.Resources\zh_TW.lproj
1/31/2009 7:51:55 AM    1381376    C:\Program Files\QuickTime\QTSystem\QuickTimeAudioSupport.Resources
1/31/2009 7:51:55 AM    79360    C:\Program Files\QuickTime\QTSystem\QuickTimeAudioSupport.Resources\da.lproj
1/31/2009 7:51:55 AM    79360    C:\Program Files\QuickTime\QTSystem\QuickTimeAudioSupport.Resources\de.lproj
1/31/2009 7:51:55 AM    79360    C:\Program Files\QuickTime\QTSystem\QuickTimeAudioSupport.Resources\en.lproj
1/31/2009 7:51:55 AM    84480    C:\Program Files\QuickTime\QTSystem\QuickTimeAudioSupport.Resources\es.lproj
1/31/2009 7:51:55 AM    79360    C:\Program Files\QuickTime\QTSystem\QuickTimeAudioSupport.Resources\fi.lproj
1/31/2009 7:51:55 AM    79872    C:\Program Files\QuickTime\QTSystem\QuickTimeAudioSupport.Resources\fr.lproj
1/31/2009 7:51:55 AM    83968    C:\Program Files\QuickTime\QTSystem\QuickTimeAudioSupport.Resources\it.lproj
1/31/2009 7:51:55 AM    79872    C:\Program Files\QuickTime\QTSystem\QuickTimeAudioSupport.Resources\ja.lproj

*

Offline AZScorpion

  • Bronze Member
  • 13
Re: [ In Progress ] HiJackThis Log
« Reply #5 on: February 24, 2009, 08:18:28 AM »
1/31/2009 7:51:55 AM    78848    C:\Program Files\QuickTime\QTSystem\QuickTimeAudioSupport.Resources\ko.lproj
1/31/2009 7:51:56 AM    79360    C:\Program Files\QuickTime\QTSystem\QuickTimeAudioSupport.Resources\nb.lproj
1/31/2009 7:51:56 AM    83968    C:\Program Files\QuickTime\QTSystem\QuickTimeAudioSupport.Resources\nl.lproj
1/31/2009 7:51:56 AM    83456    C:\Program Files\QuickTime\QTSystem\QuickTimeAudioSupport.Resources\pl.lproj
1/31/2009 7:51:56 AM    84480    C:\Program Files\QuickTime\QTSystem\QuickTimeAudioSupport.Resources\pt_PT.lproj
1/31/2009 7:51:56 AM    79360    C:\Program Files\QuickTime\QTSystem\QuickTimeAudioSupport.Resources\ru.lproj
1/31/2009 7:51:56 AM    79360    C:\Program Files\QuickTime\QTSystem\QuickTimeAudioSupport.Resources\sv.lproj
1/31/2009 7:51:56 AM    78336    C:\Program Files\QuickTime\QTSystem\QuickTimeAudioSupport.Resources\zh_CN.lproj
1/31/2009 7:51:56 AM    78848    C:\Program Files\QuickTime\QTSystem\QuickTimeAudioSupport.Resources\zh_TW.lproj
1/31/2009 7:51:57 AM    4045824    C:\Program Files\QuickTime\QTSystem\QuickTimeAuthoring.Resources
1/31/2009 7:51:57 AM    226816    C:\Program Files\QuickTime\QTSystem\QuickTimeAuthoring.Resources\da.lproj
1/31/2009 7:51:57 AM    226816    C:\Program Files\QuickTime\QTSystem\QuickTimeAuthoring.Resources\de.lproj
1/31/2009 7:51:57 AM    225792    C:\Program Files\QuickTime\QTSystem\QuickTimeAuthoring.Resources\en.lproj
1/31/2009 7:51:57 AM    227328    C:\Program Files\QuickTime\QTSystem\QuickTimeAuthoring.Resources\es.lproj
1/31/2009 7:51:57 AM    225792    C:\Program Files\QuickTime\QTSystem\QuickTimeAuthoring.Resources\fi.lproj
1/31/2009 7:51:57 AM    227328    C:\Program Files\QuickTime\QTSystem\QuickTimeAuthoring.Resources\fr.lproj
1/31/2009 7:51:57 AM    226816    C:\Program Files\QuickTime\QTSystem\QuickTimeAuthoring.Resources\it.lproj
1/31/2009 7:51:57 AM    226816    C:\Program Files\QuickTime\QTSystem\QuickTimeAuthoring.Resources\ja.lproj
1/31/2009 7:51:57 AM    224256    C:\Program Files\QuickTime\QTSystem\QuickTimeAuthoring.Resources\ko.lproj
1/31/2009 7:51:57 AM    226304    C:\Program Files\QuickTime\QTSystem\QuickTimeAuthoring.Resources\nb.lproj
1/31/2009 7:51:57 AM    227328    C:\Program Files\QuickTime\QTSystem\QuickTimeAuthoring.Resources\nl.lproj
1/31/2009 7:51:58 AM    227328    C:\Program Files\QuickTime\QTSystem\QuickTimeAuthoring.Resources\pl.lproj
1/31/2009 7:51:58 AM    227840    C:\Program Files\QuickTime\QTSystem\QuickTimeAuthoring.Resources\pt_PT.lproj
1/31/2009 7:51:58 AM    226304    C:\Program Files\QuickTime\QTSystem\QuickTimeAuthoring.Resources\ru.lproj
1/31/2009 7:51:58 AM    226304    C:\Program Files\QuickTime\QTSystem\QuickTimeAuthoring.Resources\sv.lproj
1/31/2009 7:51:58 AM    223232    C:\Program Files\QuickTime\QTSystem\QuickTimeAuthoring.Resources\zh_CN.lproj
1/31/2009 7:51:59 AM    223232    C:\Program Files\QuickTime\QTSystem\QuickTimeAuthoring.Resources\zh_TW.lproj
1/31/2009 7:51:59 AM    178688    C:\Program Files\QuickTime\QTSystem\QuickTimeCapture.Resources
1/31/2009 7:51:59 AM    10240    C:\Program Files\QuickTime\QTSystem\QuickTimeCapture.Resources\da.lproj
1/31/2009 7:51:59 AM    10240    C:\Program Files\QuickTime\QTSystem\QuickTimeCapture.Resources\de.lproj
1/31/2009 7:51:59 AM    9728    C:\Program Files\QuickTime\QTSystem\QuickTimeCapture.Resources\en.lproj
1/31/2009 7:51:59 AM    10240    C:\Program Files\QuickTime\QTSystem\QuickTimeCapture.Resources\es.lproj
1/31/2009 7:51:59 AM    10240    C:\Program Files\QuickTime\QTSystem\QuickTimeCapture.Resources\fi.lproj
1/31/2009 7:51:59 AM    10752    C:\Program Files\QuickTime\QTSystem\QuickTimeCapture.Resources\fr.lproj
1/31/2009 7:51:59 AM    10240    C:\Program Files\QuickTime\QTSystem\QuickTimeCapture.Resources\it.lproj
1/31/2009 7:51:59 AM    10240    C:\Program Files\QuickTime\QTSystem\QuickTimeCapture.Resources\ja.lproj
1/31/2009 7:51:59 AM    9728    C:\Program Files\QuickTime\QTSystem\QuickTimeCapture.Resources\ko.lproj
1/31/2009 7:51:59 AM    10240    C:\Program Files\QuickTime\QTSystem\QuickTimeCapture.Resources\nb.lproj
1/31/2009 7:51:59 AM    10240    C:\Program Files\QuickTime\QTSystem\QuickTimeCapture.Resources\nl.lproj
1/31/2009 7:51:59 AM    10240    C:\Program Files\QuickTime\QTSystem\QuickTimeCapture.Resources\pl.lproj
1/31/2009 7:51:59 AM    10240    C:\Program Files\QuickTime\QTSystem\QuickTimeCapture.Resources\pt_PT.lproj
1/31/2009 7:51:59 AM    10240    C:\Program Files\QuickTime\QTSystem\QuickTimeCapture.Resources\ru.lproj
1/31/2009 7:51:59 AM    10240    C:\Program Files\QuickTime\QTSystem\QuickTimeCapture.Resources\sv.lproj
1/31/2009 7:51:59 AM    9728    C:\Program Files\QuickTime\QTSystem\QuickTimeCapture.Resources\zh_CN.lproj
1/31/2009 7:52:00 AM    9728    C:\Program Files\QuickTime\QTSystem\QuickTimeCapture.Resources\zh_TW.lproj
1/31/2009 7:52:00 AM    1969152    C:\Program Files\QuickTime\QTSystem\QuickTimeEffects.Resources
1/31/2009 7:52:00 AM    115200    C:\Program Files\QuickTime\QTSystem\QuickTimeEffects.Resources\da.lproj
1/31/2009 7:52:00 AM    116736    C:\Program Files\QuickTime\QTSystem\QuickTimeEffects.Resources\de.lproj
1/31/2009 7:52:00 AM    114688    C:\Program Files\QuickTime\QTSystem\QuickTimeEffects.Resources\en.lproj
1/31/2009 7:52:00 AM    116224    C:\Program Files\QuickTime\QTSystem\QuickTimeEffects.Resources\es.lproj
1/31/2009 7:52:00 AM    114688    C:\Program Files\QuickTime\QTSystem\QuickTimeEffects.Resources\fi.lproj
1/31/2009 7:52:01 AM    116736    C:\Program Files\QuickTime\QTSystem\QuickTimeEffects.Resources\fr.lproj
1/31/2009 7:52:01 AM    116736    C:\Program Files\QuickTime\QTSystem\QuickTimeEffects.Resources\it.lproj
1/31/2009 7:52:01 AM    113152    C:\Program Files\QuickTime\QTSystem\QuickTimeEffects.Resources\ja.lproj
1/31/2009 7:52:01 AM    112640    C:\Program Files\QuickTime\QTSystem\QuickTimeEffects.Resources\ko.lproj
1/31/2009 7:52:01 AM    116224    C:\Program Files\QuickTime\QTSystem\QuickTimeEffects.Resources\nb.lproj
1/31/2009 7:52:01 AM    115712    C:\Program Files\QuickTime\QTSystem\QuickTimeEffects.Resources\nl.lproj
1/31/2009 7:52:01 AM    117248    C:\Program Files\QuickTime\QTSystem\QuickTimeEffects.Resources\pl.lproj
1/31/2009 7:52:01 AM    116736    C:\Program Files\QuickTime\QTSystem\QuickTimeEffects.Resources\pt_PT.lproj
1/31/2009 7:52:02 AM    115712    C:\Program Files\QuickTime\QTSystem\QuickTimeEffects.Resources\ru.lproj
1/31/2009 7:52:02 AM    115200    C:\Program Files\QuickTime\QTSystem\QuickTimeEffects.Resources\sv.lproj
1/31/2009 7:52:03 AM    110592    C:\Program Files\QuickTime\QTSystem\QuickTimeEffects.Resources\zh_CN.lproj
1/31/2009 7:52:03 AM    111104    C:\Program Files\QuickTime\QTSystem\QuickTimeEffects.Resources\zh_TW.lproj
1/31/2009 7:52:03 AM    476160    C:\Program Files\QuickTime\QTSystem\QuickTimeEssentials.Resources
1/31/2009 7:52:03 AM    13824    C:\Program Files\QuickTime\QTSystem\QuickTimeEssentials.Resources\da.lproj
1/31/2009 7:52:03 AM    13824    C:\Program Files\QuickTime\QTSystem\QuickTimeEssentials.Resources\de.lproj
1/31/2009 7:52:03 AM    13824    C:\Program Files\QuickTime\QTSystem\QuickTimeEssentials.Resources\en.lproj
1/31/2009 7:52:03 AM    13824    C:\Program Files\QuickTime\QTSystem\QuickTimeEssentials.Resources\es.lproj
1/31/2009 7:52:03 AM    13824    C:\Program Files\QuickTime\QTSystem\QuickTimeEssentials.Resources\fi.lproj
1/31/2009 7:52:03 AM    13824    C:\Program Files\QuickTime\QTSystem\QuickTimeEssentials.Resources\fr.lproj
1/31/2009 7:52:03 AM    13824    C:\Program Files\QuickTime\QTSystem\QuickTimeEssentials.Resources\it.lproj
1/31/2009 7:52:04 AM    13824    C:\Program Files\QuickTime\QTSystem\QuickTimeEssentials.Resources\ja.lproj
1/31/2009 7:52:04 AM    13312    C:\Program Files\QuickTime\QTSystem\QuickTimeEssentials.Resources\ko.lproj
1/31/2009 7:52:04 AM    13824    C:\Program Files\QuickTime\QTSystem\QuickTimeEssentials.Resources\nb.lproj
1/31/2009 7:52:04 AM    14336    C:\Program Files\QuickTime\QTSystem\QuickTimeEssentials.Resources\nl.lproj
1/31/2009 7:52:04 AM    13824    C:\Program Files\QuickTime\QTSystem\QuickTimeEssentials.Resources\pl.lproj
1/31/2009 7:52:04 AM    13824    C:\Program Files\QuickTime\QTSystem\QuickTimeEssentials.Resources\pt_PT.lproj
1/31/2009 7:52:04 AM    13824    C:\Program Files\QuickTime\QTSystem\QuickTimeEssentials.Resources\ru.lproj
1/31/2009 7:52:04 AM    13824    C:\Program Files\QuickTime\QTSystem\QuickTimeEssentials.Resources\sv.lproj
1/31/2009 7:52:04 AM    13312    C:\Program Files\QuickTime\QTSystem\QuickTimeEssentials.Resources\zh_CN.lproj
1/31/2009 7:52:04 AM    13312    C:\Program Files\QuickTime\QTSystem\QuickTimeEssentials.Resources\zh_TW.lproj
1/31/2009 7:52:04 AM    66560    C:\Program Files\QuickTime\QTSystem\QuickTimeH264.Resources
1/31/2009 7:52:04 AM    3584    C:\Program Files\QuickTime\QTSystem\QuickTimeH264.Resources\da.lproj
1/31/2009 7:52:04 AM    4096    C:\Program Files\QuickTime\QTSystem\QuickTimeH264.Resources\de.lproj
1/31/2009 7:52:04 AM    3584    C:\Program Files\QuickTime\QTSystem\QuickTimeH264.Resources\en.lproj
1/31/2009 7:52:04 AM    3584    C:\Program Files\QuickTime\QTSystem\QuickTimeH264.Resources\es.lproj
1/31/2009 7:52:04 AM    3584    C:\Program Files\QuickTime\QTSystem\QuickTimeH264.Resources\fi.lproj
1/31/2009 7:52:05 AM    3584    C:\Program Files\QuickTime\QTSystem\QuickTimeH264.Resources\fr.lproj
1/31/2009 7:52:05 AM    4096    C:\Program Files\QuickTime\QTSystem\QuickTimeH264.Resources\it.lproj
1/31/2009 7:52:05 AM    3584    C:\Program Files\QuickTime\QTSystem\QuickTimeH264.Resources\ja.lproj
1/31/2009 7:52:05 AM    3584    C:\Program Files\QuickTime\QTSystem\QuickTimeH264.Resources\ko.lproj
1/31/2009 7:52:05 AM    3584    C:\Program Files\QuickTime\QTSystem\QuickTimeH264.Resources\nb.lproj
1/31/2009 7:52:05 AM    4096    C:\Program Files\QuickTime\QTSystem\QuickTimeH264.Resources\nl.lproj
1/31/2009 7:52:05 AM    3584    C:\Program Files\QuickTime\QTSystem\QuickTimeH264.Resources\pl.lproj
1/31/2009 7:52:05 AM    3584    C:\Program Files\QuickTime\QTSystem\QuickTimeH264.Resources\pt_PT.lproj
1/31/2009 7:52:05 AM    3584    C:\Program Files\QuickTime\QTSystem\QuickTimeH264.Resources\ru.lproj
1/31/2009 7:52:05 AM    3584    C:\Program Files\QuickTime\QTSystem\QuickTimeH264.Resources\sv.lproj
1/31/2009 7:52:05 AM    3584    C:\Program Files\QuickTime\QTSystem\QuickTimeH264.Resources\zh_CN.lproj
1/31/2009 7:52:05 AM    3584    C:\Program Files\QuickTime\QTSystem\QuickTimeH264.Resources\zh_TW.lproj
1/31/2009 7:52:05 AM    388096    C:\Program Files\QuickTime\QTSystem\QuickTimeImage.Resources
1/31/2009 7:52:05 AM    22016    C:\Program Files\QuickTime\QTSystem\QuickTimeImage.Resources\da.lproj
1/31/2009 7:52:05 AM    22016    C:\Program Files\QuickTime\QTSystem\QuickTimeImage.Resources\de.lproj
1/31/2009 7:52:05 AM    21504    C:\Program Files\QuickTime\QTSystem\QuickTimeImage.Resources\en.lproj
1/31/2009 7:52:05 AM    22528    C:\Program Files\QuickTime\QTSystem\QuickTimeImage.Resources\es.lproj
1/31/2009 7:52:05 AM    21504    C:\Program Files\QuickTime\QTSystem\QuickTimeImage.Resources\fi.lproj
1/31/2009 7:52:06 AM    22016    C:\Program Files\QuickTime\QTSystem\QuickTimeImage.Resources\fr.lproj
1/31/2009 7:52:06 AM    22016    C:\Program Files\QuickTime\QTSystem\QuickTimeImage.Resources\it.lproj
1/31/2009 7:52:06 AM    21504    C:\Program Files\QuickTime\QTSystem\QuickTimeImage.Resources\ja.lproj
1/31/2009 7:52:06 AM    20992    C:\Program Files\QuickTime\QTSystem\QuickTimeImage.Resources\ko.lproj
1/31/2009 7:52:06 AM    22016    C:\Program Files\QuickTime\QTSystem\QuickTimeImage.Resources\nb.lproj
1/31/2009 7:52:06 AM    22528    C:\Program Files\QuickTime\QTSystem\QuickTimeImage.Resources\nl.lproj
1/31/2009 7:52:06 AM    22016    C:\Program Files\QuickTime\QTSystem\QuickTimeImage.Resources\pl.lproj
1/31/2009 7:52:06 AM    22528    C:\Program Files\QuickTime\QTSystem\QuickTimeImage.Resources\pt_PT.lproj
1/31/2009 7:52:06 AM    22016    C:\Program Files\QuickTime\QTSystem\QuickTimeImage.Resources\ru.lproj
1/31/2009 7:52:06 AM    21504    C:\Program Files\QuickTime\QTSystem\QuickTimeImage.Resources\sv.lproj
1/31/2009 7:52:06 AM    20480    C:\Program Files\QuickTime\QTSystem\QuickTimeImage.Resources\zh_CN.lproj
1/31/2009 7:52:06 AM    20480    C:\Program Files\QuickTime\QTSystem\QuickTimeImage.Resources\zh_TW.lproj
1/31/2009 7:52:06 AM    2745856    C:\Program Files\QuickTime\QTSystem\QuickTimeInternetExtras.Resources
1/31/2009 7:52:06 AM    160256    C:\Program Files\QuickTime\QTSystem\QuickTimeInternetExtras.Resources\da.lproj
1/31/2009 7:52:06 AM    160768    C:\Program Files\QuickTime\QTSystem\QuickTimeInternetExtras.Resources\de.lproj
1/31/2009 7:52:06 AM    160256    C:\Program Files\QuickTime\QTSystem\QuickTimeInternetExtras.Resources\en.lproj
1/31/2009 7:52:06 AM    160768    C:\Program Files\QuickTime\QTSystem\QuickTimeInternetExtras.Resources\es.lproj
1/31/2009 7:52:06 AM    160256    C:\Program Files\QuickTime\QTSystem\QuickTimeInternetExtras.Resources\fi.lproj
1/31/2009 7:52:06 AM    161280    C:\Program Files\QuickTime\QTSystem\QuickTimeInternetExtras.Resources\fr.lproj
1/31/2009 7:52:06 AM    160768    C:\Program Files\QuickTime\QTSystem\QuickTimeInternetExtras.Resources\it.lproj
1/31/2009 7:52:06 AM    160256    C:\Program Files\QuickTime\QTSystem\QuickTimeInternetExtras.Resources\ja.lproj
1/31/2009 7:52:06 AM    160256    C:\Program Files\QuickTime\QTSystem\QuickTimeInternetExtras.Resources\ko.lproj
1/31/2009 7:52:06 AM    160768    C:\Program Files\QuickTime\QTSystem\QuickTimeInternetExtras.Resources\nb.lproj
1/31/2009 7:52:06 AM    160768    C:\Program Files\QuickTime\QTSystem\QuickTimeInternetExtras.Resources\nl.lproj
1/31/2009 7:52:07 AM    160768    C:\Program Files\QuickTime\QTSystem\QuickTimeInternetExtras.Resources\pl.lproj
1/31/2009 7:52:07 AM    160768    C:\Program Files\QuickTime\QTSystem\QuickTimeInternetExtras.Resources\pt_PT.lproj
1/31/2009 7:52:07 AM    160256    C:\Program Files\QuickTime\QTSystem\QuickTimeInternetExtras.Resources\ru.lproj
1/31/2009 7:52:07 AM    160256    C:\Program Files\QuickTime\QTSystem\QuickTimeInternetExtras.Resources\sv.lproj
1/31/2009 7:52:07 AM    159744    C:\Program Files\QuickTime\QTSystem\QuickTimeInternetExtras.Resources\zh_CN.lproj
1/31/2009 7:52:07 AM    159744    C:\Program Files\QuickTime\QTSystem\QuickTimeInternetExtras.Resources\zh_TW.lproj
1/31/2009 7:52:08 AM    104960    C:\Program Files\QuickTime\QTSystem\QuickTimeMPEG.Resources
1/31/2009 7:52:08 AM    5632    C:\Program Files\QuickTime\QTSystem\QuickTimeMPEG.Resources\da.lproj
1/31/2009 7:52:08 AM    5632    C:\Program Files\QuickTime\QTSystem\QuickTimeMPEG.Resources\de.lproj
1/31/2009 7:52:08 AM    5632    C:\Program Files\QuickTime\QTSystem\QuickTimeMPEG.Resources\en.lproj
1/31/2009 7:52:08 AM    5632    C:\Program Files\QuickTime\QTSystem\QuickTimeMPEG.Resources\es.lproj
1/31/2009 7:52:08 AM    5632    C:\Program Files\QuickTime\QTSystem\QuickTimeMPEG.Resources\fi.lproj
1/31/2009 7:52:08 AM    5632    C:\Program Files\QuickTime\QTSystem\QuickTimeMPEG.Resources\fr.lproj
1/31/2009 7:52:08 AM    5632    C:\Program Files\QuickTime\QTSystem\QuickTimeMPEG.Resources\it.lproj
1/31/2009 7:52:08 AM    5632    C:\Program Files\QuickTime\QTSystem\QuickTimeMPEG.Resources\ja.lproj
1/31/2009 7:52:08 AM    5632    C:\Program Files\QuickTime\QTSystem\QuickTimeMPEG.Resources\ko.lproj
1/31/2009 7:52:08 AM    5632    C:\Program Files\QuickTime\QTSystem\QuickTimeMPEG.Resources\nb.lproj
1/31/2009 7:52:08 AM    5632    C:\Program Files\QuickTime\QTSystem\QuickTimeMPEG.Resources\nl.lproj
1/31/2009 7:52:08 AM    5632    C:\Program Files\QuickTime\QTSystem\QuickTimeMPEG.Resources\pl.lproj
1/31/2009 7:52:08 AM    5632    C:\Program Files\QuickTime\QTSystem\QuickTimeMPEG.Resources\pt_PT.lproj
1/31/2009 7:52:08 AM    5632    C:\Program Files\QuickTime\QTSystem\QuickTimeMPEG.Resources\ru.lproj
1/31/2009 7:52:08 AM    5632    C:\Program Files\QuickTime\QTSystem\QuickTimeMPEG.Resources\sv.lproj
1/31/2009 7:52:08 AM    5632    C:\Program Files\QuickTime\QTSystem\QuickTimeMPEG.Resources\zh_CN.lproj
1/31/2009 7:52:08 AM    5632    C:\Program Files\QuickTime\QTSystem\QuickTimeMPEG.Resources\zh_TW.lproj
1/31/2009 7:52:08 AM    103936    C:\Program Files\QuickTime\QTSystem\QuickTimeMPEG4.Resources
1/31/2009 7:52:09 AM    5632    C:\Program Files\QuickTime\QTSystem\QuickTimeMPEG4.Resources\da.lproj
1/31/2009 7:52:09 AM    6144    C:\Program Files\QuickTime\QTSystem\QuickTimeMPEG4.Resources\de.lproj
1/31/2009 7:52:09 AM    5632    C:\Program Files\QuickTime\QTSystem\QuickTimeMPEG4.Resources\en.lproj
1/31/2009 7:52:09 AM    6144    C:\Program Files\QuickTime\QTSystem\QuickTimeMPEG4.Resources\es.lproj
1/31/2009 7:52:09 AM    5632    C:\Program Files\QuickTime\QTSystem\QuickTimeMPEG4.Resources\fi.lproj
1/31/2009 7:52:09 AM    6144    C:\Program Files\QuickTime\QTSystem\QuickTimeMPEG4.Resources\fr.lproj
1/31/2009 7:52:09 AM    5632    C:\Program Files\QuickTime\QTSystem\QuickTimeMPEG4.Resources\it.lproj
1/31/2009 7:52:09 AM    6144    C:\Program Files\QuickTime\QTSystem\QuickTimeMPEG4.Resources\ja.lproj
1/31/2009 7:52:09 AM    6144    C:\Program Files\QuickTime\QTSystem\QuickTimeMPEG4.Resources\ko.lproj
1/31/2009 7:52:09 AM    5632    C:\Program Files\QuickTime\QTSystem\QuickTimeMPEG4.Resources\nb.lproj
1/31/2009 7:52:09 AM    5632    C:\Program Files\QuickTime\QTSystem\QuickTimeMPEG4.Resources\nl.lproj
1/31/2009 7:52:09 AM    6144    C:\Program Files\QuickTime\QTSystem\QuickTimeMPEG4.Resources\pl.lproj
1/31/2009 7:52:09 AM    5632    C:\Program Files\QuickTime\QTSystem\QuickTimeMPEG4.Resources\pt_PT.lproj
1/31/2009 7:52:09 AM    6144    C:\Program Files\QuickTime\QTSystem\QuickTimeMPEG4.Resources\ru.lproj
1/31/2009 7:52:09 AM    5632    C:\Program Files\QuickTime\QTSystem\QuickTimeMPEG4.Resources\sv.lproj
1/31/2009 7:52:09 AM    5632    C:\Program Files\QuickTime\QTSystem\QuickTimeMPEG4.Resources\zh_CN.lproj
1/31/2009 7:52:09 AM    5632    C:\Program Files\QuickTime\QTSystem\QuickTimeMPEG4.Resources\zh_TW.lproj
1/31/2009 7:52:09 AM    274944    C:\Program Files\QuickTime\QTSystem\QuickTimeMPEG4Authoring.Resources
1/31/2009 7:52:09 AM    15872    C:\Program Files\QuickTime\QTSystem\QuickTimeMPEG4Authoring.Resources\da.lproj
1/31/2009 7:52:09 AM    15360    C:\Program Files\QuickTime\QTSystem\QuickTimeMPEG4Authoring.Resources\de.lproj
1/31/2009 7:52:09 AM    14848    C:\Program Files\QuickTime\QTSystem\QuickTimeMPEG4Authoring.Resources\en.lproj
1/31/2009 7:52:09 AM    16384    C:\Program Files\QuickTime\QTSystem\QuickTimeMPEG4Authoring.Resources\es.lproj
1/31/2009 7:52:09 AM    15360    C:\Program Files\QuickTime\QTSystem\QuickTimeMPEG4Authoring.Resources\fi.lproj
1/31/2009 7:52:09 AM    15872    C:\Program Files\QuickTime\QTSystem\QuickTimeMPEG4Authoring.Resources\fr.lproj
1/31/2009 7:52:09 AM    15360    C:\Program Files\QuickTime\QTSystem\QuickTimeMPEG4Authoring.Resources\it.lproj
1/31/2009 7:52:09 AM    15872    C:\Program Files\QuickTime\QTSystem\QuickTimeMPEG4Authoring.Resources\ja.lproj

*

Offline AZScorpion

  • Bronze Member
  • 13
Re: [ In Progress ] HiJackThis Log
« Reply #6 on: February 24, 2009, 08:19:25 AM »
1/31/2009 7:52:09 AM    14336    C:\Program Files\QuickTime\QTSystem\QuickTimeMPEG4Authoring.Resources\ko.lproj
1/31/2009 7:52:09 AM    15360    C:\Program Files\QuickTime\QTSystem\QuickTimeMPEG4Authoring.Resources\nb.lproj
1/31/2009 7:52:09 AM    15360    C:\Program Files\QuickTime\QTSystem\QuickTimeMPEG4Authoring.Resources\nl.lproj
1/31/2009 7:52:09 AM    16384    C:\Program Files\QuickTime\QTSystem\QuickTimeMPEG4Authoring.Resources\pl.lproj
1/31/2009 7:52:09 AM    16384    C:\Program Files\QuickTime\QTSystem\QuickTimeMPEG4Authoring.Resources\pt_PT.lproj
1/31/2009 7:52:09 AM    15360    C:\Program Files\QuickTime\QTSystem\QuickTimeMPEG4Authoring.Resources\ru.lproj
1/31/2009 7:52:09 AM    15360    C:\Program Files\QuickTime\QTSystem\QuickTimeMPEG4Authoring.Resources\sv.lproj
1/31/2009 7:52:09 AM    13824    C:\Program Files\QuickTime\QTSystem\QuickTimeMPEG4Authoring.Resources\zh_CN.lproj
1/31/2009 7:52:09 AM    13824    C:\Program Files\QuickTime\QTSystem\QuickTimeMPEG4Authoring.Resources\zh_TW.lproj
1/31/2009 7:52:09 AM    720384    C:\Program Files\QuickTime\QTSystem\QuickTimeMusic.Resources
1/31/2009 7:52:09 AM    40448    C:\Program Files\QuickTime\QTSystem\QuickTimeMusic.Resources\da.lproj
1/31/2009 7:52:10 AM    40960    C:\Program Files\QuickTime\QTSystem\QuickTimeMusic.Resources\de.lproj
1/31/2009 7:52:10 AM    40448    C:\Program Files\QuickTime\QTSystem\QuickTimeMusic.Resources\en.lproj
1/31/2009 7:52:10 AM    40960    C:\Program Files\QuickTime\QTSystem\QuickTimeMusic.Resources\es.lproj
1/31/2009 7:52:10 AM    40960    C:\Program Files\QuickTime\QTSystem\QuickTimeMusic.Resources\fi.lproj
1/31/2009 7:52:10 AM    41472    C:\Program Files\QuickTime\QTSystem\QuickTimeMusic.Resources\fr.lproj
1/31/2009 7:52:10 AM    40960    C:\Program Files\QuickTime\QTSystem\QuickTimeMusic.Resources\it.lproj
1/31/2009 7:52:10 AM    40960    C:\Program Files\QuickTime\QTSystem\QuickTimeMusic.Resources\ja.lproj
1/31/2009 7:52:10 AM    39936    C:\Program Files\QuickTime\QTSystem\QuickTimeMusic.Resources\ko.lproj
1/31/2009 7:52:10 AM    40448    C:\Program Files\QuickTime\QTSystem\QuickTimeMusic.Resources\nb.lproj
1/31/2009 7:52:10 AM    40960    C:\Program Files\QuickTime\QTSystem\QuickTimeMusic.Resources\nl.lproj
1/31/2009 7:52:10 AM    42496    C:\Program Files\QuickTime\QTSystem\QuickTimeMusic.Resources\pl.lproj
1/31/2009 7:52:10 AM    41984    C:\Program Files\QuickTime\QTSystem\QuickTimeMusic.Resources\pt_PT.lproj
1/31/2009 7:52:10 AM    40960    C:\Program Files\QuickTime\QTSystem\QuickTimeMusic.Resources\ru.lproj
1/31/2009 7:52:10 AM    40448    C:\Program Files\QuickTime\QTSystem\QuickTimeMusic.Resources\sv.lproj
1/31/2009 7:52:10 AM    37888    C:\Program Files\QuickTime\QTSystem\QuickTimeMusic.Resources\zh_CN.lproj
1/31/2009 7:52:10 AM    37888    C:\Program Files\QuickTime\QTSystem\QuickTimeMusic.Resources\zh_TW.lproj
1/31/2009 7:52:11 AM    1921536    C:\Program Files\QuickTime\QTSystem\QuickTimeStreaming.Resources
1/31/2009 7:52:11 AM    111616    C:\Program Files\QuickTime\QTSystem\QuickTimeStreaming.Resources\da.lproj
1/31/2009 7:52:11 AM    111616    C:\Program Files\QuickTime\QTSystem\QuickTimeStreaming.Resources\de.lproj
1/31/2009 7:52:11 AM    111104    C:\Program Files\QuickTime\QTSystem\QuickTimeStreaming.Resources\en.lproj
1/31/2009 7:52:11 AM    112128    C:\Program Files\QuickTime\QTSystem\QuickTimeStreaming.Resources\es.lproj
1/31/2009 7:52:12 AM    111104    C:\Program Files\QuickTime\QTSystem\QuickTimeStreaming.Resources\fi.lproj
1/31/2009 7:52:12 AM    112128    C:\Program Files\QuickTime\QTSystem\QuickTimeStreaming.Resources\fr.lproj
1/31/2009 7:52:12 AM    111104    C:\Program Files\QuickTime\QTSystem\QuickTimeStreaming.Resources\it.lproj
1/31/2009 7:52:12 AM    111616    C:\Program Files\QuickTime\QTSystem\QuickTimeStreaming.Resources\ja.lproj
1/31/2009 7:52:12 AM    110592    C:\Program Files\QuickTime\QTSystem\QuickTimeStreaming.Resources\ko.lproj
1/31/2009 7:52:12 AM    111104    C:\Program Files\QuickTime\QTSystem\QuickTimeStreaming.Resources\nb.lproj
1/31/2009 7:52:12 AM    111104    C:\Program Files\QuickTime\QTSystem\QuickTimeStreaming.Resources\nl.lproj
1/31/2009 7:52:12 AM    112640    C:\Program Files\QuickTime\QTSystem\QuickTimeStreaming.Resources\pl.lproj
1/31/2009 7:52:12 AM    112128    C:\Program Files\QuickTime\QTSystem\QuickTimeStreaming.Resources\pt_PT.lproj
1/31/2009 7:52:12 AM    111616    C:\Program Files\QuickTime\QTSystem\QuickTimeStreaming.Resources\ru.lproj
1/31/2009 7:52:12 AM    111104    C:\Program Files\QuickTime\QTSystem\QuickTimeStreaming.Resources\sv.lproj
1/31/2009 7:52:12 AM    109568    C:\Program Files\QuickTime\QTSystem\QuickTimeStreaming.Resources\zh_CN.lproj
1/31/2009 7:52:12 AM    111104    C:\Program Files\QuickTime\QTSystem\QuickTimeStreaming.Resources\zh_TW.lproj
1/31/2009 7:52:13 AM    204800    C:\Program Files\QuickTime\QTSystem\QuickTimeStreamingAuthoring.Resources
1/31/2009 7:52:13 AM    11264    C:\Program Files\QuickTime\QTSystem\QuickTimeStreamingAuthoring.Resources\da.lproj
1/31/2009 7:52:13 AM    11264    C:\Program Files\QuickTime\QTSystem\QuickTimeStreamingAuthoring.Resources\de.lproj
1/31/2009 7:52:13 AM    11264    C:\Program Files\QuickTime\QTSystem\QuickTimeStreamingAuthoring.Resources\en.lproj
1/31/2009 7:52:13 AM    11776    C:\Program Files\QuickTime\QTSystem\QuickTimeStreamingAuthoring.Resources\es.lproj
1/31/2009 7:52:13 AM    11264    C:\Program Files\QuickTime\QTSystem\QuickTimeStreamingAuthoring.Resources\fi.lproj
1/31/2009 7:52:13 AM    11776    C:\Program Files\QuickTime\QTSystem\QuickTimeStreamingAuthoring.Resources\fr.lproj
1/31/2009 7:52:13 AM    12288    C:\Program Files\QuickTime\QTSystem\QuickTimeStreamingAuthoring.Resources\it.lproj
1/31/2009 7:52:13 AM    11264    C:\Program Files\QuickTime\QTSystem\QuickTimeStreamingAuthoring.Resources\ja.lproj
1/31/2009 7:52:14 AM    11264    C:\Program Files\QuickTime\QTSystem\QuickTimeStreamingAuthoring.Resources\ko.lproj
1/31/2009 7:52:14 AM    11264    C:\Program Files\QuickTime\QTSystem\QuickTimeStreamingAuthoring.Resources\nb.lproj
1/31/2009 7:52:14 AM    11264    C:\Program Files\QuickTime\QTSystem\QuickTimeStreamingAuthoring.Resources\nl.lproj
1/31/2009 7:52:14 AM    11776    C:\Program Files\QuickTime\QTSystem\QuickTimeStreamingAuthoring.Resources\pl.lproj
1/31/2009 7:52:14 AM    11776    C:\Program Files\QuickTime\QTSystem\QuickTimeStreamingAuthoring.Resources\pt_PT.lproj
1/31/2009 7:52:14 AM    11264    C:\Program Files\QuickTime\QTSystem\QuickTimeStreamingAuthoring.Resources\ru.lproj
1/31/2009 7:52:14 AM    11264    C:\Program Files\QuickTime\QTSystem\QuickTimeStreamingAuthoring.Resources\sv.lproj
1/31/2009 7:52:14 AM    10752    C:\Program Files\QuickTime\QTSystem\QuickTimeStreamingAuthoring.Resources\zh_CN.lproj
1/31/2009 7:52:14 AM    10752    C:\Program Files\QuickTime\QTSystem\QuickTimeStreamingAuthoring.Resources\zh_TW.lproj
1/31/2009 7:52:14 AM    83456    C:\Program Files\QuickTime\QTSystem\QuickTimeStreamingExtras.Resources
1/31/2009 7:52:14 AM    4608    C:\Program Files\QuickTime\QTSystem\QuickTimeStreamingExtras.Resources\da.lproj
1/31/2009 7:52:14 AM    4608    C:\Program Files\QuickTime\QTSystem\QuickTimeStreamingExtras.Resources\de.lproj
1/31/2009 7:52:14 AM    4608    C:\Program Files\QuickTime\QTSystem\QuickTimeStreamingExtras.Resources\en.lproj
1/31/2009 7:52:14 AM    4608    C:\Program Files\QuickTime\QTSystem\QuickTimeStreamingExtras.Resources\es.lproj
1/31/2009 7:52:14 AM    4608    C:\Program Files\QuickTime\QTSystem\QuickTimeStreamingExtras.Resources\fi.lproj
1/31/2009 7:52:14 AM    4608    C:\Program Files\QuickTime\QTSystem\QuickTimeStreamingExtras.Resources\fr.lproj
1/31/2009 7:52:14 AM    4608    C:\Program Files\QuickTime\QTSystem\QuickTimeStreamingExtras.Resources\it.lproj
1/31/2009 7:52:14 AM    4608    C:\Program Files\QuickTime\QTSystem\QuickTimeStreamingExtras.Resources\ja.lproj
1/31/2009 7:52:14 AM    4608    C:\Program Files\QuickTime\QTSystem\QuickTimeStreamingExtras.Resources\ko.lproj
1/31/2009 7:52:14 AM    4608    C:\Program Files\QuickTime\QTSystem\QuickTimeStreamingExtras.Resources\nb.lproj
1/31/2009 7:52:14 AM    4608    C:\Program Files\QuickTime\QTSystem\QuickTimeStreamingExtras.Resources\nl.lproj
1/31/2009 7:52:14 AM    4608    C:\Program Files\QuickTime\QTSystem\QuickTimeStreamingExtras.Resources\pl.lproj
1/31/2009 7:52:14 AM    4608    C:\Program Files\QuickTime\QTSystem\QuickTimeStreamingExtras.Resources\pt_PT.lproj
1/31/2009 7:52:14 AM    4608    C:\Program Files\QuickTime\QTSystem\QuickTimeStreamingExtras.Resources\ru.lproj
1/31/2009 7:52:14 AM    4608    C:\Program Files\QuickTime\QTSystem\QuickTimeStreamingExtras.Resources\sv.lproj
1/31/2009 7:52:14 AM    4608    C:\Program Files\QuickTime\QTSystem\QuickTimeStreamingExtras.Resources\zh_CN.lproj
1/31/2009 7:52:14 AM    4608    C:\Program Files\QuickTime\QTSystem\QuickTimeStreamingExtras.Resources\zh_TW.lproj
1/31/2009 7:52:14 AM    519168    C:\Program Files\QuickTime\QTSystem\QuickTimeVR.Resources
1/31/2009 7:52:14 AM    29696    C:\Program Files\QuickTime\QTSystem\QuickTimeVR.Resources\da.lproj
1/31/2009 7:52:14 AM    29184    C:\Program Files\QuickTime\QTSystem\QuickTimeVR.Resources\de.lproj
1/31/2009 7:52:14 AM    29184    C:\Program Files\QuickTime\QTSystem\QuickTimeVR.Resources\en.lproj
1/31/2009 7:52:14 AM    29696    C:\Program Files\QuickTime\QTSystem\QuickTimeVR.Resources\es.lproj
1/31/2009 7:52:14 AM    29184    C:\Program Files\QuickTime\QTSystem\QuickTimeVR.Resources\fi.lproj
1/31/2009 7:52:14 AM    29696    C:\Program Files\QuickTime\QTSystem\QuickTimeVR.Resources\fr.lproj
1/31/2009 7:52:14 AM    29696    C:\Program Files\QuickTime\QTSystem\QuickTimeVR.Resources\it.lproj
1/31/2009 7:52:14 AM    29696    C:\Program Files\QuickTime\QTSystem\QuickTimeVR.Resources\ja.lproj
1/31/2009 7:52:14 AM    29184    C:\Program Files\QuickTime\QTSystem\QuickTimeVR.Resources\ko.lproj
1/31/2009 7:52:15 AM    29184    C:\Program Files\QuickTime\QTSystem\QuickTimeVR.Resources\nb.lproj
1/31/2009 7:52:15 AM    29184    C:\Program Files\QuickTime\QTSystem\QuickTimeVR.Resources\nl.lproj
1/31/2009 7:52:15 AM    29696    C:\Program Files\QuickTime\QTSystem\QuickTimeVR.Resources\pl.lproj
1/31/2009 7:52:15 AM    29696    C:\Program Files\QuickTime\QTSystem\QuickTimeVR.Resources\pt_PT.lproj
1/31/2009 7:52:15 AM    29696    C:\Program Files\QuickTime\QTSystem\QuickTimeVR.Resources\ru.lproj
1/31/2009 7:52:15 AM    29184    C:\Program Files\QuickTime\QTSystem\QuickTimeVR.Resources\sv.lproj
1/31/2009 7:52:15 AM    29184    C:\Program Files\QuickTime\QTSystem\QuickTimeVR.Resources\zh_CN.lproj
1/31/2009 7:52:15 AM    29184    C:\Program Files\QuickTime\QTSystem\QuickTimeVR.Resources\zh_TW.lproj
1/31/2009 7:52:15 AM    99840    C:\Program Files\QuickTime\QTSystem\QuickTimeVRAuthoring.Resources
1/31/2009 7:52:15 AM    5632    C:\Program Files\QuickTime\QTSystem\QuickTimeVRAuthoring.Resources\da.lproj
1/31/2009 7:52:15 AM    5632    C:\Program Files\QuickTime\QTSystem\QuickTimeVRAuthoring.Resources\de.lproj
1/31/2009 7:52:15 AM    5632    C:\Program Files\QuickTime\QTSystem\QuickTimeVRAuthoring.Resources\en.lproj
1/31/2009 7:52:15 AM    5632    C:\Program Files\QuickTime\QTSystem\QuickTimeVRAuthoring.Resources\es.lproj
1/31/2009 7:52:15 AM    5632    C:\Program Files\QuickTime\QTSystem\QuickTimeVRAuthoring.Resources\fi.lproj
1/31/2009 7:52:15 AM    5632    C:\Program Files\QuickTime\QTSystem\QuickTimeVRAuthoring.Resources\fr.lproj
1/31/2009 7:52:15 AM    5632    C:\Program Files\QuickTime\QTSystem\QuickTimeVRAuthoring.Resources\it.lproj
1/31/2009 7:52:15 AM    5632    C:\Program Files\QuickTime\QTSystem\QuickTimeVRAuthoring.Resources\ja.lproj
1/31/2009 7:52:15 AM    5632    C:\Program Files\QuickTime\QTSystem\QuickTimeVRAuthoring.Resources\ko.lproj
1/31/2009 7:52:15 AM    5632    C:\Program Files\QuickTime\QTSystem\QuickTimeVRAuthoring.Resources\nb.lproj
1/31/2009 7:52:15 AM    5632    C:\Program Files\QuickTime\QTSystem\QuickTimeVRAuthoring.Resources\nl.lproj
1/31/2009 7:52:16 AM    5632    C:\Program Files\QuickTime\QTSystem\QuickTimeVRAuthoring.Resources\pl.lproj
1/31/2009 7:52:16 AM    5632    C:\Program Files\QuickTime\QTSystem\QuickTimeVRAuthoring.Resources\pt_PT.lproj
1/31/2009 7:52:16 AM    5632    C:\Program Files\QuickTime\QTSystem\QuickTimeVRAuthoring.Resources\ru.lproj
1/31/2009 7:52:16 AM    5632    C:\Program Files\QuickTime\QTSystem\QuickTimeVRAuthoring.Resources\sv.lproj
1/31/2009 7:52:16 AM    5632    C:\Program Files\QuickTime\QTSystem\QuickTimeVRAuthoring.Resources\zh_CN.lproj
1/31/2009 7:52:16 AM    5632    C:\Program Files\QuickTime\QTSystem\QuickTimeVRAuthoring.Resources\zh_TW.lproj
1/31/2009 7:52:16 AM    1402880    C:\Program Files\QuickTime\QTSystem\QuickTimeWebHelper.Resources
1/31/2009 7:52:16 AM    61440    C:\Program Files\QuickTime\QTSystem\QuickTimeWebHelper.Resources\da.lproj
1/31/2009 7:52:16 AM    61440    C:\Program Files\QuickTime\QTSystem\QuickTimeWebHelper.Resources\de.lproj
1/31/2009 7:52:17 AM    60928    C:\Program Files\QuickTime\QTSystem\QuickTimeWebHelper.Resources\en.lproj
1/31/2009 7:52:17 AM    61440    C:\Program Files\QuickTime\QTSystem\QuickTimeWebHelper.Resources\es.lproj
1/31/2009 7:52:17 AM    60928    C:\Program Files\QuickTime\QTSystem\QuickTimeWebHelper.Resources\fi.lproj
1/31/2009 7:52:17 AM    61440    C:\Program Files\QuickTime\QTSystem\QuickTimeWebHelper.Resources\fr.lproj
1/31/2009 7:52:17 AM    61440    C:\Program Files\QuickTime\QTSystem\QuickTimeWebHelper.Resources\it.lproj
1/31/2009 7:52:17 AM    60928    C:\Program Files\QuickTime\QTSystem\QuickTimeWebHelper.Resources\ja.lproj
1/31/2009 7:52:18 AM    61440    C:\Program Files\QuickTime\QTSystem\QuickTimeWebHelper.Resources\ko.lproj
1/31/2009 7:52:18 AM    61440    C:\Program Files\QuickTime\QTSystem\QuickTimeWebHelper.Resources\nb.lproj
1/31/2009 7:52:18 AM    61440    C:\Program Files\QuickTime\QTSystem\QuickTimeWebHelper.Resources\nl.lproj
1/31/2009 7:52:18 AM    61440    C:\Program Files\QuickTime\QTSystem\QuickTimeWebHelper.Resources\pl.lproj
1/31/2009 7:52:18 AM    61440    C:\Program Files\QuickTime\QTSystem\QuickTimeWebHelper.Resources\pt_PT.lproj
1/31/2009 7:52:18 AM    61440    C:\Program Files\QuickTime\QTSystem\QuickTimeWebHelper.Resources\ru.lproj
1/31/2009 7:52:18 AM    61440    C:\Program Files\QuickTime\QTSystem\QuickTimeWebHelper.Resources\sv.lproj
1/31/2009 7:52:18 AM    60416    C:\Program Files\QuickTime\QTSystem\QuickTimeWebHelper.Resources\zh_CN.lproj
1/31/2009 7:52:18 AM    60928    C:\Program Files\QuickTime\QTSystem\QuickTimeWebHelper.Resources\zh_TW.lproj
1/31/2009 7:52:10 AM    510464    C:\Program Files\QuickTime\QuickTimePlayer.Resources
1/31/2009 7:52:10 AM    9728    C:\Program Files\QuickTime\QuickTimePlayer.Resources\da.lproj
1/31/2009 7:52:10 AM    9728    C:\Program Files\QuickTime\QuickTimePlayer.Resources\de.lproj
1/31/2009 7:52:10 AM    9728    C:\Program Files\QuickTime\QuickTimePlayer.Resources\en.lproj
1/31/2009 7:52:10 AM    10240    C:\Program Files\QuickTime\QuickTimePlayer.Resources\es.lproj
1/31/2009 7:52:10 AM    9728    C:\Program Files\QuickTime\QuickTimePlayer.Resources\fi.lproj
1/31/2009 7:52:11 AM    10240    C:\Program Files\QuickTime\QuickTimePlayer.Resources\fr.lproj
1/31/2009 7:52:11 AM    10240    C:\Program Files\QuickTime\QuickTimePlayer.Resources\it.lproj
1/31/2009 7:52:11 AM    9728    C:\Program Files\QuickTime\QuickTimePlayer.Resources\ja.lproj
1/31/2009 7:52:11 AM    9728    C:\Program Files\QuickTime\QuickTimePlayer.Resources\ko.lproj
1/31/2009 7:52:11 AM    9728    C:\Program Files\QuickTime\QuickTimePlayer.Resources\nb.lproj
1/31/2009 7:52:11 AM    9728    C:\Program Files\QuickTime\QuickTimePlayer.Resources\nl.lproj
1/31/2009 7:52:11 AM    11264    C:\Program Files\QuickTime\QuickTimePlayer.Resources\pl.lproj
1/31/2009 7:52:11 AM    9728    C:\Program Files\QuickTime\QuickTimePlayer.Resources\pt_PT.lproj
1/31/2009 7:52:11 AM    9728    C:\Program Files\QuickTime\QuickTimePlayer.Resources\ru.lproj
1/31/2009 7:52:11 AM    10752    C:\Program Files\QuickTime\QuickTimePlayer.Resources\sv.lproj
1/31/2009 7:52:11 AM    17920    C:\Program Files\QuickTime\QuickTimePlayer.Resources\zh_CN.lproj
1/31/2009 7:52:11 AM    9728    C:\Program Files\QuickTime\QuickTimePlayer.Resources\zh_TW.lproj
2/23/2009 12:21:45 PM    419360    C:\Program Files\Trend Micro
2/23/2009 12:21:45 PM    419360    C:\Program Files\Trend Micro\HijackThis
2/18/2009 7:55:46 PM    270128    C:\Program Files\uTorrent
1/11/2009 8:42:26 PM    19045    C:\Program Files\Yahoo!
1/11/2009 8:42:26 PM    19045    C:\Program Files\Yahoo!\Messenger
1/11/2009 8:44:19 PM    592    C:\Program Files\Yahoo!\Messenger\Profiles
1/11/2009 8:44:59 PM    592    C:\Program Files\Yahoo!\Messenger\Profiles\r1guyaz

====== Files under "\System32\Drivers" Last 60 Days======


*

Offline AZScorpion

  • Bronze Member
  • 13
Re: [ In Progress ] HiJackThis Log
« Reply #7 on: February 24, 2009, 08:20:30 AM »
====== Files Deleted under "%Temp%" ======

C:\DOCUME~1\RON\LOCALS~1\Temp\ClamWin1.log
C:\DOCUME~1\RON\LOCALS~1\Temp\ClamWin_CheckVer_Info
C:\DOCUME~1\RON\LOCALS~1\Temp\ClamWin_CheckVer_Time
C:\DOCUME~1\RON\LOCALS~1\Temp\ClamWin_Scheduler_Info
C:\DOCUME~1\RON\LOCALS~1\Temp\ClamWin_Upadte_Time
C:\DOCUME~1\RON\LOCALS~1\Temp\Perflib_Perfdata_f14.dat
C:\DOCUME~1\RON\LOCALS~1\Temp\TMP1B5.tmp
C:\DOCUME~1\RON\LOCALS~1\Temp\TMP1B9.tmp
C:\DOCUME~1\RON\LOCALS~1\Temp\~DFCA06.tmp
C:\DOCUME~1\RON\LOCALS~1\Temp\~DFCA1D.tmp

10 Files deleted

====== Files and Folders under "All Users\Application Data" Last 60 Days======

1/31/2009 7:54:50 AM    510849    C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
1/31/2009 7:55:40 AM    510849    C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}\x86
1/31/2009 7:55:40 AM    122832    C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}\x86\x86

 ====== Possible Rootkit Scan (Note: Items listed here are not necessarily bad)======


====== Values under HKLM\Software\microsoft\shared tools\msconfig\startupreg ======

HKLM\Software\microsoft\shared tools\msconfig\startupreg\Dell AIO Printer A940


HKLM\Software\microsoft\shared tools\msconfig\startupreg\DVDSentry


HKLM\Software\microsoft\shared tools\msconfig\startupreg\HP Software Update


HKLM\Software\microsoft\shared tools\msconfig\startupreg\MsnMsgr


HKLM\Software\microsoft\shared tools\msconfig\startupreg\nwiz


HKLM\Software\microsoft\shared tools\msconfig\startupreg\PlaxoUpdate


HKLM\Software\microsoft\shared tools\msconfig\startupreg\QuickTime Task


====== Services ( Services that are Whitelisted are not shown) ======

 ArcSoft Connect Daemon (ACDaemon) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe  - Auto
 Alerter (Alerter) C:\WINDOWS\System32\svchost.exe -k LocalService  - Disabled
 Application Layer Gateway Service (ALG) C:\WINDOWS\System32\alg.exe  - Manual
 Apple Mobile Device (Apple Mobile Device) "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe"  - Auto
 Application Management (AppMgmt) C:\WINDOWS\system32\svchost.exe -k netsvcs  - Disabled
 ASP.NET State Service (aspnet_state) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe  - Manual
 Windows Audio (AudioSrv) C:\WINDOWS\System32\svchost.exe -k netsvcs  - Auto
 Background Intelligent Transfer Service (BITS) C:\WINDOWS\System32\svchost.exe -k netsvcs  - Auto
 Bonjour Service (Bonjour Service) "C:\Program Files\Bonjour\mDNSResponder.exe"  - Auto
 Computer Browser (Browser) C:\WINDOWS\System32\svchost.exe -k netsvcs  - Auto
 Indexing Service (CiSvc) C:\WINDOWS\system32\cisvc.exe  - Manual
 ClipBook (ClipSrv) C:\WINDOWS\system32\clipsrv.exe  - Disabled
 .NET Runtime Optimization Service v2.0.50727_X86 (clr_optimization_v2.0.50727_32) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe  - Manual
 COMODO Firewall Pro Helper Service (cmdAgent) "C:\Program Files\COMODO\Firewall\cmdagent.exe"  - Auto
 COM+ System Application (COMSysApp) C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}  - Manual
 Cryptographic Services (CryptSvc) C:\WINDOWS\system32\svchost.exe -k netsvcs  - Auto
 DCOM Server Process Launcher (DcomLaunch) C:\WINDOWS\system32\svchost -k DcomLaunch  - Auto
 DHCP Client (Dhcp) C:\WINDOWS\System32\svchost.exe -k netsvcs  - Auto
 Logical Disk Manager Administrative Service (dmadmin) C:\WINDOWS\System32\dmadmin.exe /com  - Manual
 Logical Disk Manager (dmserver) C:\WINDOWS\System32\svchost.exe -k netsvcs  - Manual
 DNS Client (Dnscache) C:\WINDOWS\System32\svchost.exe -k NetworkService  - Auto
 Wired AutoConfig (Dot3svc) C:\WINDOWS\System32\svchost.exe -k dot3svc  - Manual
 Extensible Authentication Protocol Service (EapHost) C:\WINDOWS\System32\svchost.exe -k eapsvcs  - Manual
 Error Reporting Service (ERSvc) C:\WINDOWS\System32\svchost.exe -k netsvcs  - Auto
 Event Log (Eventlog) C:\WINDOWS\system32\services.exe  - Auto
 COM+ Event System (EventSystem) C:\WINDOWS\System32\svchost.exe -k netsvcs  - Manual
 Fast User Switching Compatibility (FastUserSwitchingCompatibility) C:\WINDOWS\System32\svchost.exe -k netsvcs  - Manual
 Fax (Fax) C:\WINDOWS\system32\fxssvc.exe  - Auto
 Google Updater Service (gusvc) "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"  - Manual
 Help and Support (helpsvc) C:\WINDOWS\System32\svchost.exe -k netsvcs  - Auto
 HID Input Service (HidServ) C:\WINDOWS\System32\svchost.exe -k netsvcs  - Auto
 Health Key and Certificate Management Service (hkmsvc) C:\WINDOWS\System32\svchost.exe -k netsvcs  - Manual
 HTTP SSL (HTTPFilter) C:\WINDOWS\System32\svchost.exe -k HTTPFilter  - Manual
 InstallDriver Table Manager (IDriverT) "C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe"  - Manual
 IMAPI CD-Burning COM Service (ImapiService) C:\WINDOWS\System32\imapi.exe  - Manual
 iPod Service (iPod Service) "C:\Program Files\iPod\bin\iPodService.exe"  - Manual
 Server (lanmanserver) C:\WINDOWS\System32\svchost.exe -k netsvcs  - Auto
 Workstation (lanmanworkstation) C:\WINDOWS\System32\svchost.exe -k netsvcs  - Auto
 LexBce Server (LexBceS) C:\WINDOWS\system32\LEXBCES.EXE  - Auto
 TCP/IP NetBIOS Helper (LmHosts) C:\WINDOWS\System32\svchost.exe -k LocalService  - Auto
 Messenger (Messenger) C:\WINDOWS\System32\svchost.exe -k netsvcs  - Disabled
 NetMeeting Remote Desktop Sharing (mnmsrvc) C:\WINDOWS\System32\mnmsrvc.exe  - Manual
 Distributed Transaction Coordinator (MSDTC) C:\WINDOWS\System32\msdtc.exe  - Manual
 Windows Installer (MSIServer) C:\WINDOWS\system32\msiexec.exe /V  - Manual
 Network Access Protection Agent (napagent) C:\WINDOWS\System32\svchost.exe -k netsvcs  - Manual
 Network DDE (NetDDE) C:\WINDOWS\system32\netdde.exe  - Disabled
 Network DDE DSDM (NetDDEdsdm) C:\WINDOWS\system32\netdde.exe  - Disabled
 Net Logon (Netlogon) C:\WINDOWS\System32\lsass.exe  - Manual
 Network Connections (Netman) C:\WINDOWS\System32\svchost.exe -k netsvcs  - Manual
 Intel NCS NetService (NetSvc) C:\Program Files\Intel\NCS\Sync\NetSvc.exe  - Manual
 Network Location Awareness (NLA) (Nla) C:\WINDOWS\System32\svchost.exe -k netsvcs  - Manual
 NT LM Security Support Provider (NtLmSsp) C:\WINDOWS\System32\lsass.exe  - Manual
 Removable Storage (NtmsSvc) C:\WINDOWS\system32\svchost.exe -k netsvcs  - Manual
 NVIDIA Display Driver Service (NVSvc) C:\WINDOWS\system32\nvsvc32.exe  - Auto
 Office Source Engine (ose) "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"  - Manual
 Plug and Play (PlugPlay) C:\WINDOWS\system32\services.exe  - Auto
 Pml Driver HPZ12 (Pml Driver HPZ12) C:\WINDOWS\system32\HPZipm12.exe  - Manual
 IPSEC Services (PolicyAgent) C:\WINDOWS\System32\lsass.exe  - Auto
 Protected Storage (ProtectedStorage) C:\WINDOWS\system32\lsass.exe  - Auto
 Remote Access Auto Connection Manager (RasAuto) C:\WINDOWS\System32\svchost.exe -k netsvcs  - Manual
 Remote Access Connection Manager (RasMan) C:\WINDOWS\System32\svchost.exe -k netsvcs  - Manual
 Remote Desktop Help Session Manager (RDSessMgr) C:\WINDOWS\system32\sessmgr.exe  - Manual
 Routing and Remote Access (RemoteAccess) C:\WINDOWS\System32\svchost.exe -k netsvcs  - Disabled
 Roxio UPnP Renderer 9 (Roxio UPnP Renderer 9) "C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe"  - Manual
 Roxio Upnp Server 9 (Roxio Upnp Server 9) "C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe"  - Auto
 LiveShare P2P Server 9 (RoxLiveShare9) "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe"  - Auto
 RoxMediaDB9 (RoxMediaDB9) "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe"  - Manual
 Roxio Hard Drive Watcher 9 (RoxWatch9) "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe"  - Auto
 Remote Procedure Call (RPC) Locator (RpcLocator) C:\WINDOWS\System32\locator.exe  - Manual
 Remote Procedure Call (RPC) (RpcSs) C:\WINDOWS\system32\svchost -k rpcss  - Auto
 QoS RSVP (RSVP) C:\WINDOWS\System32\rsvp.exe  - Manual
 Security Accounts Manager (SamSs) C:\WINDOWS\system32\lsass.exe  - Auto
 Smart Card (SCardSvr) C:\WINDOWS\System32\SCardSvr.exe  - Manual
 Task Scheduler (Schedule) C:\WINDOWS\System32\svchost.exe -k netsvcs  - Auto
 Secondary Logon (seclogon) C:\WINDOWS\System32\svchost.exe -k netsvcs  - Auto
 System Event Notification (SENS) C:\WINDOWS\system32\svchost.exe -k netsvcs  - Auto
 Windows Firewall/Internet Connection Sharing (ICS) (SharedAccess) C:\WINDOWS\System32\svchost.exe -k netsvcs  - Auto
 Shell Hardware Detection (ShellHWDetection) C:\WINDOWS\System32\svchost.exe -k netsvcs  - Auto
 spkrmon (spkrmon) C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe  - Auto
 Print Spooler (Spooler) C:\WINDOWS\system32\spoolsv.exe  - Auto
 System Restore Service (srservice) C:\WINDOWS\System32\svchost.exe -k netsvcs  - Auto
 SSDP Discovery Service (SSDPSRV) C:\WINDOWS\System32\svchost.exe -k LocalService  - Manual
 Windows Image Acquisition (WIA) (stisvc) C:\WINDOWS\System32\svchost.exe -k imgsvc  - Auto
 MS Software Shadow Copy Provider (SwPrv) C:\WINDOWS\System32\dllhost.exe /Processid:{F79A1568-D6C5-4C69-A086-936CF52DBBE3}  - Manual
 SymWMI Service (SymWSC) C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe  - Auto
 Performance Logs and Alerts (SysmonLog) C:\WINDOWS\system32\smlogsvc.exe  - Manual
 Telephony (TapiSrv) C:\WINDOWS\System32\svchost.exe -k netsvcs  - Manual
 Terminal Services (TermService) C:\WINDOWS\System32\svchost -k DComLaunch  - Manual
 Themes (Themes) C:\WINDOWS\System32\svchost.exe -k netsvcs  - Auto
 Distributed Link Tracking Client (TrkWks) C:\WINDOWS\system32\svchost.exe -k netsvcs  - Auto
 Universal Plug and Play Device Host (upnphost) C:\WINDOWS\System32\svchost.exe -k LocalService  - Manual
 Uninterruptible Power Supply (UPS) C:\WINDOWS\System32\ups.exe  - Manual
 Volume Shadow Copy (VSS) C:\WINDOWS\System32\vssvc.exe  - Manual
 Windows Time (w32time) C:\WINDOWS\system32\svchost.exe -k netsvcs  - Auto
 WebClient (WebClient) C:\WINDOWS\System32\svchost.exe -k LocalService  - Auto
 Windows Defender (WinDefend) "C:\Program Files\Windows Defender\MsMpEng.exe"  - Auto
 Windows Management Instrumentation (winmgmt) C:\WINDOWS\system32\svchost.exe -k netsvcs  - Auto
 Portable Media Serial Number Service (WmdmPmSN) C:\WINDOWS\System32\svchost.exe -k netsvcs  - Manual
 WMI Performance Adapter (WmiApSrv) C:\WINDOWS\System32\wbem\wmiapsrv.exe  - Manual
 Windows Media Player Network Sharing Service (WMPNetworkSvc) "C:\Program Files\Windows Media Player\WMPNetwk.exe"  - Manual
 Security Center (wscsvc) C:\WINDOWS\System32\svchost.exe -k netsvcs  - Auto
 Automatic Updates (wuauserv) C:\WINDOWS\system32\svchost.exe -k netsvcs  - Disabled
 Windows Driver Foundation - User-mode Driver Framework (WudfSvc) C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup  - Manual
 Wireless Zero Configuration (WZCSVC) C:\WINDOWS\System32\svchost.exe -k netsvcs  - Auto
 Network Provisioning Service (xmlprov) C:\WINDOWS\System32\svchost.exe -k netsvcs  - Manual

====== Uninstall List From Registry ======

Panda ActiveScan 2.0
Adobe Flash Player 10 ActiveX
Adobe Flash Player Plugin
Adobe Photoshop 7.0
Adobe Shockwave Player
BlackBerry Desktop Software 4.3
CCleaner (remove only)
ClamWin Free Antivirus 0.94.1
Conexant D850 56K V.9x DFVc Modem
COMODO Firewall Pro
NOMAD Explorer
Creative Jukebox Driver
Dell AIO Printer A940
Dell Digital Jukebox Driver
ESPNMotion
GetASFStream
HijackThis 2.0.2
HP Image Zone 3.5
Microsoft Internationalized Domain Names Mitigation APIs
Windows Internet Explorer 7
iTunes
iPod for Windows 2006-01-10
iPod for Windows 2005-03-23
iTunes
iPod for Windows 2005-02-07
Microsoft Data Access Components KB870669
Windows Genuine Advantage Validation Tool (KB892130)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Hotfix for Windows Internet Explorer 7 (KB947864)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Ken Ward's Zipper 1.4000
LiveUpdate 2.5 (Symantec Corporation)
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 1.1
Mozilla (1.7.7)
Mozilla Firefox (3.0.6)
Microsoft Compression Client Pack 1.0 for Windows XP
MicroStaff WINASPI
Microsoft National Language Support Downlevel APIs
NVIDIA Drivers
Plaxo Toolbar for Windows
Intel(R) PRO Network Adapters and Drivers
RealPlayer
Scholastic's I SPY Junior
Scholastic's I SPY Junior Puppet Playhouse
Shockwave
Spybot - Search & Destroy 1.5.2.20
SpywareBlaster 4.1
Startup Delayer v2.3 (build 133)
Stellarium 0.9.1
Learn2 Player (Uninstall Only)
TurboTax Deluxe 2004
VIA Register Tool
Viewpoint Media Player
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Notifications (KB905474)
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver
WinZip Self-Extractor
Windows Media Format 11 runtime
Windows Media Player 11
Microsoft User-Mode Driver Framework Feature Pack 1.0
XviD MPEG-4 Video Codec
Logitech iTouch Software
Microsoft Encarta Encyclopedia Standard 2004
Sonic Update Manager
MSXML 6.0 Parser (KB933579)
BlackBerry v4.2.2 for the 8320 Series Wireless Handheld
Adobe Photoshop Album 2.0 Starter Edition
Dell Solution Center
Sonic DLA
Norton WMI Update
HP PSC & OfficeJet 3.5
ImageMixer for Sony
Image Resizer Powertoy for Windows XP
DocProc
Sonic MyDVD
QuickTime
PhotoGallery
Google Toolbar for Internet Explorer
Scan
SkinsHP1
5500_Help
Memories Disc Creator 2.0
Roxio Media Manager
HP Software Update
WebFldrs XP
Internet Explorer Default Page
ItsDeductible Express
MSXML 4.0 SP2 (KB927978)
HPSystemDiagnostics
iPod for Windows 2006-01-10
NetWaiting
Unload
Dell Support
ABBYY FineReader 5.0 Sprint
iPod for Windows 2005-03-23
AIOMinimal
Copy
ArcSoft Software Suite
Sony Screenblast Sound Forge 7.0a
Banctec Service Agreement
WordPerfect Office 11
Image Transfer
PrintScreen
Logitech MouseWare 9.79
Sony USB Driver
Fax
Dell Networking Guide
Apple Software Update
Java 2 Runtime Environment, SE v1.4.2
MSXML 4.0 SP2 Parser and SDK
Director
Microsoft Visual C++ 2005 Redistributable
InstantShare
iPod for Windows 2005-02-07
Modem Helper
TrayApp
MSXML 4.0 SP2 (KB954430)
QFolder
Bonjour
Microsoft Office Professional Edition 2003
Compatibility Pack for the 2007 Office system
Help and Support Customization
Sonic RecordNow!
Sonic Foundry Sound Forge 6.0b
DVDSentry
AiOSoftware
PHOTOfunSTUDIO -viewer-
CreativeProjects
Windows Defender
Intel(R) PROSet
Adobe Reader 7.1.0
AiO_Scan
Spybot - Search & Destroy
Microsoft .NET Framework 2.0 Service Pack 1
5500Trb
SkinsHP2
MSXML 4.0 SP2 (KB936181)
Microsoft .NET Framework 1.1
5500Tour
QuickProjects
Overland
Dell ResourceCD
Google Toolbar for Internet Explorer
BlackBerry Desktop Software 4.3
Readme
Digital Line Detect
WexTech AnswerWorks
Apple Mobile Device Support
SoundMAX
5500
FaxTools
iTunes
WebReg
Banctec Service Agreement
hpmdtab

======== Other Info ========

TOTAL PHYSICAL RAM: 536 MB


*

Offline bamajim

  • Administrator
  • Platinum Member
  • 3116
Re: [ In Progress ] HiJackThis Log
« Reply #8 on: February 24, 2009, 08:32:32 AM »
AZScorpion

1. Please download The Avenger by Swandog46 to your Desktop.
  • Click on Avenger.zip to open the file
  • Extract avenger.exe to your desktop

(How to extract (decompress) zipped or compressed files, help in the link here: )
[/list]
2. Copy all the text contained in the bold below to your Clipboard by highlighting it and pressing (Ctrl+C):


Files to Delete:
C:\WINDOWS\SYSTEM32\kazerevi.dll
C:\WINDOWS\SYSTEM32\toxyad.dll

Folders to Delete:
C:\WINDOWS\SYSTEM32\patisoti


Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Now, start The Avenger program by clicking on its icon on your desktop.
  • Select Load Script
  • Select Paste from Clipboard
  • The information should now appear in the Open window
  • Select Execute
  • Answer Yes When prompted "Are you sure you want to execute the current script?"
4. The Avenger will automatically do the following:
  • It will Restart your computer.
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avengerís actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
5. Please copy/paste the content of c:\avenger.txt into your reply along with a fresh HJT log


2008-2010
Rights cannot exist without morals

*

Offline AZScorpion

  • Bronze Member
  • 13
Re: [ In Progress ] HiJackThis Log
« Reply #9 on: February 24, 2009, 07:39:57 PM »
Ok - Thanks for the help so far.  Here's the Avenger Txt file:

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform:  Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File "C:\WINDOWS\SYSTEM32\kazerevi.dll" deleted successfully.
File "C:\WINDOWS\SYSTEM32\toxyad.dll" deleted successfully.

Error: "C:\WINDOWS\SYSTEM32\patisoti" is not a folder!  It may instead be a file.
Deletion of folder "C:\WINDOWS\SYSTEM32\patisoti" failed!
Status: 0xc0000103 (STATUS_NOT_A_DIRECTORY)
  --> use "Files to delete:" instead of "Folders to delete:" to delete an ordinary file


Completed script processing.

*******************

Finished!  Terminate.

*

Offline AZScorpion

  • Bronze Member
  • 13
Re: [ In Progress ] HiJackThis Log
« Reply #10 on: February 24, 2009, 07:41:41 PM »
And here's the new HJT file:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:40:58 PM, on 2/24/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\Program Files\r2 Studios\Startup Delayer\Startup Launcher GUI.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Plaxo\3.18.0.14\PlaxoHelper_en.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
c:\Program Files\Common Files\Dell\EUSW\Support.exe
c:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\ClamWin\bin\ClamTray.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Panasonic\PHOTOfunSTUDIO -viewer-\PhAutoRun.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {195e7c2b-7119-4ff1-9c54-dd44710bec5f} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: {d47eafdc-9915-0dbb-3eb4-0c71694c5ab5} - {5ba5c496-17c0-4be3-bbd0-5199cdfae74d} - C:\WINDOWS\system32\toxyad.dll (file missing)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: 0 - {F3C5D70B-79C7-4F42-0F95-113B33F5CE81} - (no file)
O2 - BHO: (no name) - {F442D5CF-1904-4720-A73B-A29DFDF1457B} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [StartupDelayer] "C:\Program Files\r2 Studios\Startup Delayer\Startup Launcher GUI.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\3.18.0.14\PlaxoHelper_en.exe -a
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PlaxoSysTray] C:\Program Files\Plaxo\3.18.0.14\PlaxoSysTray.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.ameritrade.com
O15 - Trusted Zone: http://advweb.countrywide.com
O15 - Trusted Zone: *.tdameritrade.com
O16 - DPF: {01020304-0506-0708-090A-0B0C0D0E0F08} - http://messenger.yahoo.com/maintenance/patch.cab
O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) - https://www.plaxo.com/down/latest/PlaxoInstall.cab
O16 - DPF: {0AA2D4B3-27C3-42CB-B671-8B6CF97AE4FE} (TSAEButton Class) - https://www.cwinsider.com/cwi/frntd/advantedge/TSAEButn.cab
O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) - http://download.zonelabs.com/bin/free/cm/ICSCM.cab
O16 - DPF: {2797548A-1E33-4717-A979-586A8539415F} (Cache Class) - https://ioriginatea.countrywide.com/NXF/Bin/Accelerator.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by22fd.bay22.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1093132234886
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1165802093625
O16 - DPF: {7114683A-020D-4D16-80FD-6ACE384B66DF} (FarPoint Spread 7.0 (OLEDB)) - https://ive.cwinsider.com:11002/fpspr70.cab
O16 - DPF: {7A162288-DE78-473C-A6BA-23FF17F768E9} (AxWebInstaller Control) - http://countrywide.interwise.com/countrywide/Application/EventEntry/AxWebInstaller.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - http://advweb.countrywide.com/supportfiles/msrdp.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll C:\WINDOWS\system32\rugifuye.dll c:\windows\system32\gapumefi.dll toxyad.dll
O20 - Winlogon Notify: ddcyy - C:\WINDOWS\system32\ddcyy.dll (file missing)
O20 - Winlogon Notify: qomkjji - qomkjji.dll (file missing)
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - (no file)
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: spkrmon - Unknown owner - C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

--
End of file - 11436 bytes

*

Offline bamajim

  • Administrator
  • Platinum Member
  • 3116
Re: [ In Progress ] HiJackThis Log
« Reply #11 on: February 25, 2009, 07:15:53 AM »
AZScorpion

1. We Need to temporarily disable SpyBotS&D Tea timer so it doesn't interfere with our fix

1) Run Spybot-S&D
2) Go to the Mode menu, and make sure "Advanced Mode" is selected
3) On the left hand side, choose Tools -> Resident
4) Uncheck "Resident TeaTimer" and OK any prompts
5) Restart your computer.

2. Rerun Hijackthis (scan only) and place checks beside the following entries

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {195e7c2b-7119-4ff1-9c54-dd44710bec5f} - (no file)
O2 - BHO: {d47eafdc-9915-0dbb-3eb4-0c71694c5ab5} - {5ba5c496-17c0-4be3-bbd0-5199cdfae74d} - C:\WINDOWS\system32\toxyad.dll (file missing)
O2 - BHO: 0 - {F3C5D70B-79C7-4F42-0F95-113B33F5CE81} - (no file)
O2 - BHO: (no name) - {F442D5CF-1904-4720-A73B-A29DFDF1457B} - (no file)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll C:\WINDOWS\system32\rugifuye.dll c:\windows\system32\gapumefi.dll toxyad.dll
O20 - Winlogon Notify: ddcyy - C:\WINDOWS\system32\ddcyy.dll (file missing)
O20 - Winlogon Notify: qomkjji - qomkjji.dll (file missing)
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - (no file)


Close all other open windows except Hijackthis and Select "Fix checked"

Close Hijackthis (Do Not Reboot Yet)

3. We Are going to use Avenger again

1. Rerun Avenger

2. Copy all the text contained in the bold below to your Clipboard by highlighting it and pressing (Ctrl+C):

Files to delete:
C:\WINDOWS\SYSTEM32\patisoti


Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Now, start The Avenger program by clicking on its icon on your desktop.
  • Select Load Script
  • Select Paste from Clipboard
  • The information should now appear in the Open window
  • Select Execute
  • Answer Yes When prompted "Are you sure you want to execute the current script?"
4. The Avenger will automatically do the following:
  • It will Restart your computer.
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avengerís actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
5. Please copy/paste the content of c:\avenger.txt into your reply along with a fresh HJT log

2008-2010
Rights cannot exist without morals

*

Offline AZScorpion

  • Bronze Member
  • 13
Re: [ In Progress ] HiJackThis Log
« Reply #12 on: February 25, 2009, 08:32:25 AM »
Good Morning - HEre's the new Avenger File:

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform:  Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File "C:\WINDOWS\SYSTEM32\patisoti" deleted successfully.

Completed script processing.

*******************

Finished!  Terminate.

*

Offline AZScorpion

  • Bronze Member
  • 13
Re: [ In Progress ] HiJackThis Log
« Reply #13 on: February 25, 2009, 08:33:38 AM »
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:33:15 AM, on 2/25/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\Program Files\r2 Studios\Startup Delayer\Startup Launcher GUI.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Plaxo\3.18.0.14\PlaxoHelper_en.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Dell\EUSW\Support.exe
c:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\ClamWin\bin\ClamTray.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Panasonic\PHOTOfunSTUDIO -viewer-\PhAutoRun.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [StartupDelayer] "C:\Program Files\r2 Studios\Startup Delayer\Startup Launcher GUI.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\3.18.0.14\PlaxoHelper_en.exe -a
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PlaxoSysTray] C:\Program Files\Plaxo\3.18.0.14\PlaxoSysTray.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.ameritrade.com
O15 - Trusted Zone: http://advweb.countrywide.com
O15 - Trusted Zone: *.tdameritrade.com
O16 - DPF: {01020304-0506-0708-090A-0B0C0D0E0F08} - http://messenger.yahoo.com/maintenance/patch.cab
O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) - https://www.plaxo.com/down/latest/PlaxoInstall.cab
O16 - DPF: {0AA2D4B3-27C3-42CB-B671-8B6CF97AE4FE} (TSAEButton Class) - https://www.cwinsider.com/cwi/frntd/advantedge/TSAEButn.cab
O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) - http://download.zonelabs.com/bin/free/cm/ICSCM.cab
O16 - DPF: {2797548A-1E33-4717-A979-586A8539415F} (Cache Class) - https://ioriginatea.countrywide.com/NXF/Bin/Accelerator.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by22fd.bay22.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1093132234886
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1165802093625
O16 - DPF: {7114683A-020D-4D16-80FD-6ACE384B66DF} (FarPoint Spread 7.0 (OLEDB)) - https://ive.cwinsider.com:11002/fpspr70.cab
O16 - DPF: {7A162288-DE78-473C-A6BA-23FF17F768E9} (AxWebInstaller Control) - http://countrywide.interwise.com/countrywide/Application/EventEntry/AxWebInstaller.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - http://advweb.countrywide.com/supportfiles/msrdp.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: spkrmon - Unknown owner - C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

--
End of file - 10478 bytes

*

Offline bamajim

  • Administrator
  • Platinum Member
  • 3116
Re: [ In Progress ] HiJackThis Log
« Reply #14 on: February 25, 2009, 08:35:52 AM »
AZScorpion

Good work. How is your PC running now?

2008-2010
Rights cannot exist without morals