 Quick Check To Be Sure Laptop Isn't Compromised Please?, Suspect ex installed keylogger - aol password used |
Welcome Guest ( Log In | Click here to Register a free account now! )
Register a free account to unlock additional features at BleepingComputer.com
Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
Forum Guidelines
Read this topic before posting a log. DO NOT post a ComboFix log unless requested to. Only members of the HijackThis Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log. When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc. Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.
  |
 Jul 24 2008, 02:20 PM
Post
#1
|
|
 Member  Group: HJT Sophomore Classmen Posts: 42 Joined: 3-January 06 Member No.: 48,404  |
Before running this I removed ms messenger, since I don't use it, and ran disk cleanup. AVG runs every day. After several failed attempts, I was able to run Kasperian online scanner, nothing found. This man is scary, and I'd sure appreciate any help. Thanks, Ronda Here's the two logs from DSS on my laptop. I'm trying to run Kasperian on my desktop as well, and will post as soon as I run everything through there. Deckard's System Scanner v20071014.68 Run by Ronda on 2008-07-24 15:03:17 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- Successfully created a Deckard's System Scanner Restore Point. -- Last 5 Restore Point(s) -- 67: 2008-07-24 19:03:26 UTC - RP162 - Deckard's System Scanner Restore Point 66: 2008-07-24 16:14:42 UTC - RP161 - Installed OpenOffice.org Installer 1.0 65: 2008-07-24 16:13:01 UTC - RP160 - Installed Java™ 6 Update 7 64: 2008-07-22 22:09:16 UTC - RP159 - Software Distribution Service 3.0 63: 2008-07-22 18:13:18 UTC - RP158 - System Checkpoint -- First Restore Point -- 1: 2008-04-26 04:59:07 UTC - RP96 - Installed QuickTime Backed up registry hives. Performed disk cleanup. -- HijackThis (run as Ronda.exe) ----------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 3:04:27 PM, on 7/24/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\WLTRAY.exe C:\WINDOWS\stsystra.exe C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe C:\Program Files\Dell\MediaDirect\PCMService.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Common Files\AOL\1196742412\ee\AOLSoftware.exe C:\Program Files\DellTPad\Apoint.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\DellTPad\ApMsgFwd.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\DellTPad\HidFind.exe C:\Program Files\DellTPad\Apntex.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE C:\Program Files\AOL 9.1\waol.exe C:\Program Files\AOL 9.1\shellmon.exe C:\Documents and Settings\Ronda\Desktop\dss.exe C:\DOCUME~1\Ronda\Desktop\Ronda.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/ O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe" O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1196742412\ee\AOLSoftware.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.1\AOL.EXE" -b O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user') O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted IP range: http://209.42.34.176 O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab O16 - DPF: {4BF2E7B7-69F4-4178-B669-257C7C8A4072} (WebCamX Control) - http://home.livideosecurity.com/WebCamX.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1196275044769 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1196275128660 O16 - DPF: {ADACAA8F-3595-47FE-9C31-9C7471B9BEC7} (OCXDownloadChecker Control) - http://webcam.geovision.com.tw/cab/OCXChecker_8198.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_...aploader_v6.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: avgrsstx.dll O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE -- End of file - 9062 bytes -- File Associations ----------------------------------------------------------- All associations okay. -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- S3 SMNDIS5 (SMNDIS5 NDIS Protocol Driver) - c:\program files\verizon wireless\vzaccess manager\smndis5.sys <Not Verified; Smith Micro Software, Inc.; QuickLink Wi-Fi> S3 UIUSys (Conexant Setup API) - c:\windows\system32\drivers\uiusys.sys (file missing) -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- S3 QBFCService (Intuit QuickBooks FCS) - "c:\program files\common files\intuit\quickbooks\fcs\intuit.quickbooks.fcs.exe" <Not Verified; Intuit Inc.; QuickBooks 2007> S3 stllssvr - "c:\program files\common files\surething shared\stllssvr.exe" <Not Verified; MicroVision Development, Inc.; SureThing CD Labeler> S4 QBCFMonitorService - "c:\program files\common files\intuit\quickbooks\qbcfmonitorservice.exe" <Not Verified; Intuit; QuickBooks for Windows> -- Device Manager: Disabled ---------------------------------------------------- No disabled devices found. -- Scheduled Tasks ------------------------------------------------------------- 2008-07-24 13:28:59 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job -- Files created between 2008-06-24 and 2008-07-24 ----------------------------- 2008-07-24 12:22:21 0 d-------- C:\WINDOWS\Sun 2008-07-24 12:22:21 0 d-------- C:\Documents and Settings\Ronda\Application Data\Sun 2008-07-24 12:14:43 0 d-------- C:\Program Files\Sun 2008-07-24 12:13:47 0 d-------- C:\Program Files\Java 2008-07-24 12:13:08 0 d-------- C:\Program Files\Common Files\Java 2008-07-05 00:45:04 0 d-------- C:\Program Files\Netflix -- Find3M Report --------------------------------------------------------------- 2008-07-24 12:13:08 0 d-------- C:\Program Files\Common Files 2008-07-23 22:20:41 0 d-------- C:\Program Files\Rts Ticketing 2008-07-17 15:18:05 27335 --a------ C:\WINDOWS\system32\nvModes.dat 2008-06-17 16:40:26 0 d-------- C:\Documents and Settings\Ronda\Application Data\Viewpoint 2008-06-14 16:50:22 0 d-------- C:\Documents and Settings\Ronda\Application Data\Smith Micro 2008-06-14 16:45:52 0 d-------- C:\Program Files\PANTECH 2008-06-14 16:44:48 0 d-------- C:\Program Files\Verizon Wireless 2008-06-13 12:17:42 0 d-------- C:\Program Files\EloTouchSystems 2008-06-09 17:50:36 328 --a------ C:\Documents and Settings\Ronda\Application Data\wklnhst.dat 2008-05-28 15:51:14 0 d-------- C:\Documents and Settings\Ronda\Application Data\Template 2008-05-25 02:10:05 0 d-------- C:\Program Files\AVG 2008-05-14 14:04:06 381459 --a------ C:\WINDOWS\system32\Instcodec.exe -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [05/11/2007 11:57 PM] "nwiz"="nwiz.exe" [05/11/2007 11:57 PM C:\WINDOWS\system32\nwiz.exe] "NVHotkey"="nvHotkey.dll" [05/11/2007 11:57 PM C:\WINDOWS\system32\nvhotkey.dll] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [05/11/2007 11:57 PM] "Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [03/16/2007 07:10 PM] "SigmatelSysTrayApp"="stsystra.exe" [05/06/2007 06:10 PM C:\WINDOWS\stsystra.exe] "@"="" [] "RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [11/05/2006 12:22 PM] "PDVDDXSrv"="C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [10/20/2006 06:23 PM] "PCMService"="C:\Program Files\Dell\MediaDirect\PCMService.exe" [04/16/2007 05:10 PM] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [11/03/2006 08:20 PM] "HostManager"="C:\Program Files\Common Files\AOL\1196742412\ee\AOLSoftware.exe" [05/25/2007 01:16 PM] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [03/28/2008 11:37 PM] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 11:16 PM] "Apoint"="C:\Program Files\DellTPad\Apoint.exe" [04/17/2007 07:31 PM] "AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [07/03/2008 02:32 PM] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [06/10/2008 04:27 AM] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [02/28/2006 08:00 AM] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [04/20/2008 01:26 AM] "AOL Fast Start"="C:\Program Files\AOL 9.1\AOL.exe" [10/27/2007 01:44 PM] [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [3/18/2008 9:41:30 PM] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "appinit_dlls"=avgrsstx.dll -- End of Deckard's System Scanner: finished at 2008-07-24 15:04:55 ------------ Deckard's System Scanner v20071014.68 Extra logfile - please post this as an attachment with your post. -------------------------------------------------------------------------------- -- System Information ---------------------------------------------------------- Microsoft Windows XP Professional (build 2600) SP 2.0 Architecture: X86; Language: English CPU 0: Intel® Core™2 Duo CPU T5270 @ 1.40GHz CPU 1: Intel® Core™2 Duo CPU T5270 @ 1.40GHz Percentage of Memory in Use: 27% Physical Memory (total/avail): 2046.11 MiB / 1483.83 MiB Pagefile Memory (total/avail): 5985 MiB / 5523.51 MiB Virtual Memory (total/avail): 2047.88 MiB / 1931.37 MiB C: is Fixed (NTFS) - 230.3 GiB total, 210.77 GiB free. D: is CDROM (No Media) \\.\PHYSICALDRIVE0 - WDC WD2500BEVS-75UST0 - 232.88 GiB - 3 partitions \PARTITION0 - Unknown - 78.41 MiB \PARTITION1 (bootable) - Installable File System - 230.3 GiB - C: \PARTITION2 - Extended w/Extended Int 13 - 2.5 GiB -- Security Center ------------------------------------------------------------- AUOptions is scheduled to auto-install. Windows Internal Firewall is enabled. FirstRunDisabled is set. AV: AVG Anti-Virus Free v8.0 (AVG Technologies) [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe" "C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe" "C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe" "C:\\Program Files\\Common Files\\aol\\acs\\AOLDial.exe"="C:\\Program Files\\Common Files\\aol\\acs\\AOLDial.exe:*:Enabled:AOL Connectivity Service Dialer" "C:\\Program Files\\Common Files\\aol\\acs\\AOLacsd.exe"="C:\\Program Files\\Common Files\\aol\\acs\\AOLacsd.exe:*:Enabled:AOL Connectivity Service" "C:\\Program Files\\Common Files\\aol\\1196742412\\ee\\aolsoftware.exe"="C:\\Program Files\\Common Files\\aol\\1196742412\\ee\\aolsoftware.exe:*:Enabled:AOL Shared Components" "C:\\Program Files\\AOL 9.1\\waol.exe"="C:\\Program Files\\AOL 9.1\\waol.exe:*:Enabled:AOL" "C:\\Program Files\\Common Files\\aol\\TopSpeed\\3.0\\aoltpsd3.exe"="C:\\Program Files\\Common Files\\aol\\TopSpeed\\3.0\\aoltpsd3.exe:*:Enabled:AOL TopSpeed" "C:\\Program Files\\Common Files\\aol\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\aol\\Loader\\aolload.exe:*:Enabled:AOL Loader" "C:\\Program Files\\Common Files\\aol\\System Information\\sinf.exe"="C:\\Program Files\\Common Files\\aol\\System Information\\sinf.exe:*:Enabled:AOL System Information" "C:\\Program Files\\Intuit\\QuickBooks 2007\\QBDBMgrN.exe"="C:\\Program Files\\Intuit\\QuickBooks 2007\\QBDBMgrN.exe:*:Enabled:QuickBooks 2007 Data Manager" "C:\\Program Files\\Rts Ticketing\\rtsfile.exe"="C:\\Program Files\\Rts Ticketing\\rtsfile.exe:*:Enabled:rtsfile" "C:\\Program Files\\AVG\\AVG8\\avgupd.exe"="C:\\Program Files\\AVG\\AVG8\\avgupd.exe:*:Enabled:avgupd.exe" "C:\\Program Files\\AVG\\AVG8\\avgemc.exe"="C:\\Program Files\\AVG\\AVG8\\avgemc.exe:*:Enabled:avgemc.exe" "C:\\Program Files\\Dell\\MediaDirect\\PCMService.exe"="C:\\Program Files\\Dell\\MediaDirect\\PCMService.exe:*:Disabled:CyberLink PowerCinema Resident Program" "C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Disabled:Microsoft Office OneNote" "C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"="C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe:*:Disabled:@xpsp3res.dll,-20000" "C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019" "C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer" -- Environment Variables ------------------------------------------------------- ALLUSERSPROFILE=C:\Documents and Settings\All Users APPDATA=C:\Documents and Settings\Ronda\Application Data CLASSPATH=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip CommonProgramFiles=C:\Program Files\Common Files COMPUTERNAME=HAPPY ComSpec=C:\WINDOWS\system32\cmd.exe FP_NO_HOST_CHECK=NO HOMEDRIVE=C: HOMEPATH=\Documents and Settings\Ronda LOGONSERVER=\\HAPPY NUMBER_OF_PROCESSORS=2 OS=Windows_NT Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\;C:\Program Files\QuickTime\QTSystem\ PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH PROCESSOR_ARCHITECTURE=x86 PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 13, GenuineIntel PROCESSOR_LEVEL=6 PROCESSOR_REVISION=0f0d ProgramFiles=C:\Program Files PROMPT=$P$G QTJAVA=C:\Program Files\QuickTime\QTSystem\QTJava.zip RoxioCentral=C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\ SESSIONNAME=Console SystemDrive=C: SystemRoot=C:\WINDOWS TEMP=C:\DOCUME~1\Ronda\LOCALS~1\Temp TMP=C:\DOCUME~1\Ronda\LOCALS~1\Temp USERDOMAIN=HAPPY USERNAME=Ronda USERPROFILE=C:\Documents and Settings\Ronda windir=C:\WINDOWS -- User Profiles --------------------------------------------------------------- Ronda (admin) Administrator (new local, admin) -- Add/Remove Programs --------------------------------------------------------- --> MsiExec.exe /I{71EEA108-09C9-4D81-8FA2-D48C70681242} --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742) --> MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7} Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003} Adobe Reader 8.1.2 Security Update 1 (KB403742) --> AOL Uninstaller (Choose which Products to Remove) --> C:\Program Files\Common Files\AOL\uninstaller.exe Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4} AVG Free 8.0 --> C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL Broadcom 440x 10/100 Integrated Controller --> MsiExec.exe /X{612B9183-67A9-4B44-9877-2F059E35B86A} Conexant HDA D330 MDC V.92 Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F\HXFSETUP.EXE -U -Idel000f5.inf Dell Touchpad --> C:\Program Files\DellTPad\Uninstap.exe ADDREMOVE Dell Wireless WLAN Card --> "C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Program Files\Dell\Dell Wireless WLAN Card" Digital Line Detect --> C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe -runfromtemp -l0x0009 -removeonly GeoVision ADPCM --> C:\WINDOWS\system32\rundll32.exe setupapi,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\GeoADPCM.inf GeoVision H264 --> C:\WINDOWS\system32\rundll32.exe setupapi,InstallHinfSection Remove_GX264 132 C:\WINDOWS\INF\G264.inf GeoVision JPEG --> C:\WINDOWS\system32\rundll32.exe setupapi,InstallHinfSection Remove_GXJPG 132 C:\WINDOWS\INF\GJPG.inf GeoVision MPEG2 --> C:\WINDOWS\system32\rundll32.exe setupapi,InstallHinfSection Remove_GXGM20 132 C:\WINDOWS\INF\GM20.inf GeoVision MPEG4 --> C:\WINDOWS\system32\rundll32.exe setupapi,InstallHinfSection Remove_GeoCodec 132 C:\WINDOWS\INF\GEOX.inf GeoVision MPEG4 ASP --> C:\WINDOWS\system32\rundll32.exe setupapi,InstallHinfSection Remove_GXAMP4 132 C:\WINDOWS\INF\GMP4.inf GeoVision MPEG4 AVC --> C:\WINDOWS\system32\rundll32.exe setupapi,InstallHinfSection Remove_GXAVC 132 C:\WINDOWS\INF\GAVC.inf GeoVision RemoteView System --> C:\WINDOWS\uninst.exe -fC:\RemoteView\DeIsL1.isu Google Earth --> MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72} Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29} Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll" High Definition Audio Driver Package - KB888111 --> "C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe" HijackThis 2.0.2 --> "C:\DOCUME~1\Ronda\LOCALS~1\Temp\Temporary Directory 1 for HiJackThis.zip\HijackThis.exe" /uninstall Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe" Java™ 6 Update 7 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070} MediaDirect --> C:\Program Files\InstallShield Installation Information\{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}\Setup.exe -runfromtemp -l0x0009 -cluninstall Microsoft Base Smart Card Cryptographic Service Provider Package --> "C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe" Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe" Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE} Microsoft Office Home and Student 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL Microsoft Office Home and Student 2007 --> MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE} Microsoft Office OneNote MUI (English) 2007 --> MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE} Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE} Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE} Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE} Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE} Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE} Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE} Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE} Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE} Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe" Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Microsoft Works --> MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1} Move Networks Media Player for Internet Explorer --> C:\Documents and Settings\Ronda\Application Data\Move Networks\ie_bin\Uninst.exe MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E} Netflix Movie Viewer --> MsiExec.exe /X{BCE72AED-3332-4863-9567-C5DCB9052CA2} NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI OpenOffice.org Installer 1.0 --> MsiExec.exe /X{0D499481-22C6-4B25-8AC2-6D3F6C885FB9} OutlookAddinSetup --> MsiExec.exe /I{9BDEF074-020E-458D-ADC5-8FF68E0C9B56} PANTECH PC USB Modem Software --> C:\Program Files\PANTECH\PANTECH USB Modem\PTDMUninstall.exe PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{281ECE39-F043-492B-8337-F2E546B5604A}\Setup.exe" -l0x9 -cluninstall QuickBooks Pro 2007 --> msiexec.exe /I {71EEA108-09C9-4D81-8FA2-D48C70681242} UNIQUE_NAME="pro" QBFULLNAME="QuickBooks Pro 2007" ADDREMOVE=1 QuickBooks Product Listing Service --> MsiExec.exe /I{054C3038-FFAC-446D-9682-E25891DC2E05} QuickTime --> MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD} Remote Playback Client --> C:\WINDOWS\uninst.exe -fC:\RemotePlayback\DeIsL1.isu Roxio Creator Audio --> MsiExec.exe /I{83FFCFC7-88C6-41c6-8752-958A45325C82} Roxio Creator Copy --> MsiExec.exe /I{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048} Roxio Creator Data --> MsiExec.exe /I{0D397393-9B50-4c52-84D5-77E344289F87} Roxio Creator DE --> MsiExec.exe /I{C8B0680B-CDAE-4809-9F91-387B6DE00F7C} Roxio Creator Tools --> MsiExec.exe /I{0394CDC8-FABD-4ed8-B104-03393876DFDF} Roxio Express Labeler --> MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA} Roxio MyDVD DE --> MsiExec.exe /I{D639085F-4B6E-4105-9F37-A0DBB023E2FB} Rts Ticketing 7.0 --> C:\PROGRA~1\RTSTIC~1\UNWISE.EXE C:\PROGRA~1\RTSTIC~1\INSTALL-7-0.LOG Security Update for Excel 2007 (KB946974) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {85E83E2E-AF9B-439B-B4F9-EB9B7EF6A00E} Security Update for Microsoft Office system 2007 (KB951808) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00} Security Update for Microsoft Office Word 2007 (KB950113) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9} Security Update for Office 2007 (KB934062) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {305D509B-F194-4638-9F0F-D9E4C05F9D33} Security Update for Office 2007 (KB947801) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {02B5A17B-01BE-4BA6-95F1-1CBB46EBC76E} Security Update for the 2007 Microsoft Office System (KB936960) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5E5BD655-7AA9-47F9-BB6D-A1D8CE29AC86} Security Update for Visio 2007 (KB947590) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {6BAD036C-261F-4BEF-96CF-C20678D07A41} Sonic Activation Module --> MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0} SupportSoft Assisted Service --> MsiExec.exe /I{5A3F6A80-7913-475E-8B96-477A952CFA43} Uninstall AOL Emergency Connect Utility 1.0 --> C:\Program Files\Common Files\AOL\ECU\uninst.exe Update for Office 2007 (KB932080) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {EDC9CA29-6BC1-471C-828C-7A36109005D7} Update for Office 2007 (KB934391) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {B3091818-7C56-4C45-BE7D-CA23027A5EA5} Update for Office 2007 (KB946691) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278} Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u VZAccess Manager --> C:\PROGRA~1\VERIZO~1\VZACCE~1\UNWISE.EXE C:\PROGRA~1\VERIZO~1\VZACCE~1\INSTALL.LOG Windows Communication Foundation --> MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333} Windows Defender --> MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401} Windows Driver Package - Ricoh Company (rimsptsk) hdc (11/14/2006 6.00.01.04) --> C:\PROGRA~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\DPInst.exe /us C:\PROGRA~1\DIFX\UninstallScripts\4569969E1360D2854474C661EF9B4D54F143EB16 Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe" Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe" Windows Media Format SDK Hotfix - KB891122 --> "C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe" Windows Presentation Foundation --> MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840} Windows Workflow Foundation --> MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD} XML Paper Specification Shared Components Pack 1.0 --> -- Application Event Log ------------------------------------------------------- Event Record #/Type3076 / Warning Event Submitted/Written: 07/24/2008 01:26:15 PM Event ID/Source: 4356 / EventSystem Event Description: The COM+ Event System failed to create an instance of the subscriber partition:{41E90F3E-56C1-4633-81C3-6E8BAC8BDD70}!new:{58FC39EB-9DBD-4EA7-B7B4-9404CC6ACFAB}. CoGetObject returned HRESULT 8000401A. Event Record #/Type3053 / Error Event Submitted/Written: 07/24/2008 11:10:15 AM Event ID/Source: 1001 / Application Error Event Description: Fault bucket 796268107. The Wep key exchange did not result in a secure connection setup after 802.1x authentication. The current setting has been marked as failed and the Wireless connection will be disconnected. Event Record #/Type3052 / Error Event Submitted/Written: 07/24/2008 11:10:06 AM Event ID/Source: 1000 / Application Error Event Description: Faulting application iexplore.exe, version 7.0.6000.16674, faulting module quicktime.qts, version 7.4.5.67, fault address 0x00151844. Processing media-specific event for [iexplore.exe!ws!] Event Record #/Type3003 / Error Event Submitted/Written: 07/21/2008 00:09:47 PM Event ID/Source: 1002 / Application Hang Event Description: Hanging application iexplore.exe, version 7.0.6000.16674, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Event Record #/Type2969 / Error Event Submitted/Written: 07/19/2008 01:35:44 AM Event ID/Source: 5000 / MPSampleSubmission Event Description: EventType mptelemetry, P1 80240016, P2 begininstall, P3 install, P4 1.1.1593.0, P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender, P8 NIL, P9 mptelemetry0, P10 mptelemetry1. -- Security Event Log ---------------------------------------------------------- No Errors/Warnings found. -- System Event Log ------------------------------------------------------------ Event Record #/Type15954 / Warning Event Submitted/Written: 07/24/2008 03:04:42 PM Event ID/Source: 3004 / WinDefend Event Description: %HAPPY27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %HAPPY27 can't undo changes that you allow. For more information please see the following: %HAPPY275 Scan ID: {F9FAF0C4-1656-4596-B715-B6F6E1239C5A} User: HAPPY\Ronda Name: %HAPPY271 ID: %HAPPY272 Severity: 1.1.1593.05 Category: 1.1.1593.06 Path Found: %HAPPY276 Alert Type: %HAPPY278 Detection Type: 1.1.1593.02 Event Record #/Type15953 / Warning Event Submitted/Written: 07/24/2008 03:04:42 PM Event ID/Source: 3004 / WinDefend Event Description: %HAPPY27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %HAPPY27 can't undo changes that you allow. For more information please see the following: %HAPPY275 Scan ID: {B6AEE043-B353-4508-A08A-3788F53B0576} User: HAPPY\Ronda Name: %HAPPY271 ID: %HAPPY272 Severity: 1.1.1593.05 Category: 1.1.1593.06 Path Found: %HAPPY276 Alert Type: %HAPPY278 Detection Type: 1.1.1593.02 Event Record #/Type15952 / Warning Event Submitted/Written: 07/24/2008 03:04:42 PM Event ID/Source: 3004 / WinDefend Event Description: %HAPPY27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %HAPPY27 can't undo changes that you allow. For more information please see the following: %HAPPY275 Scan ID: {128601D5-AB9B-4D36-A644-ABF3774CD345} User: HAPPY\Ronda Name: %HAPPY271 ID: %HAPPY272 Severity: 1.1.1593.05 Category: 1.1.1593.06 Path Found: %HAPPY276 Alert Type: %HAPPY278 Detection Type: 1.1.1593.02 Event Record #/Type15951 / Warning Event Submitted/Written: 07/24/2008 03:04:42 PM Event ID/Source: 3004 / WinDefend Event Description: %HAPPY27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %HAPPY27 can't undo changes that you allow. For more information please see the following: %HAPPY275 Scan ID: {B0D426AA-D496-4C48-8A42-9FE59522A594} User: HAPPY\Ronda Name: %HAPPY271 ID: %HAPPY272 Severity: 1.1.1593.05 Category: 1.1.1593.06 Path Found: %HAPPY276 Alert Type: %HAPPY278 Detection Type: 1.1.1593.02 Event Record #/Type15950 / Warning Event Submitted/Written: 07/24/2008 03:04:42 PM Event ID/Source: 3004 / WinDefend Event Description: %HAPPY27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %HAPPY27 can't undo changes that you allow. For more information please see the following: %HAPPY275 Scan ID: {D2ED0FDA-5990-4D6C-AFC9-C57D0268A82C} User: HAPPY\Ronda Name: %HAPPY271 ID: %HAPPY272 Severity: 1.1.1593.05 Category: 1.1.1593.06 Path Found: %HAPPY276 Alert Type: %HAPPY278 Detection Type: 1.1.1593.02 -- End of Deckard's System Scanner: finished at 2008-07-24 15:04:55 ------------ Thank you! Ronda -------------------- Blessed are the curious, for they shall have many adventures! - Lovelle Drachman
Only the curious will learn and only the resolute overcome the obstacles to learning - Eugene Wilson I make a difference. What do you make? - Taylor Mali |
 |
 
|
|
Jul 25 2008, 02:53 PM
Post
#2
|
|
|
Member Group: HJT Sophomore Classmen Posts: 42 Joined: 3-January 06 Member No.: 48,404 |
Here's the scans from my desktop. Sorry it took so long for me to get them up. Before running Kaspersky, I ran disk cleanup, but it didn't seem bad. Here's the Kaspersky report: -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7 REPORT Friday, July 25, 2008 Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600) Kaspersky Online Scanner 7 version: 7.0.25.0 Program database last update: Thursday, July 24, 2008 19:35:30 Records in database: 1004185 -------------------------------------------------------------------------------- Scan settings: Scan using the following database: extended Scan archives: yes Scan mail databases: yes Scan area - My Computer: A:\ C:\ D:\ E:\ F:\ G:\ Scan statistics: Files scanned: 150914 Threat name: 1 Infected objects: 2 Suspicious objects: 0 Duration of the scan: 02:19:47 File name / Threat name / Threats count C:\Documents and Settings\All Users\Application Data\AOL Downloads\lpitunes_setupSTUS\comps\toolbar\toolbr.exe Infected: not-a-virus:AdWare.Win32.SearchIt.t 1 C:\Documents and Settings\All Users\Application Data\AOL Downloads\lpkw_setupSTUS\comps\toolbar\toolbr.exe Infected: not-a-virus:AdWare.Win32.SearchIt.t 1 The selected area was scanned. Here's the DSS Main.txt file: Deckard's System Scanner v20071014.68 Run by Administrator on 2008-07-25 13:35:27 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- Successfully created a Deckard's System Scanner Restore Point. -- Last 5 Restore Point(s) -- 95: 2008-07-25 17:35:35 UTC - RP475 - Deckard's System Scanner Restore Point 94: 2008-07-25 16:00:36 UTC - RP474 - Software Distribution Service 3.0 93: 2008-07-25 15:00:59 UTC - RP473 - Software Distribution Service 3.0 92: 2008-07-24 17:44:38 UTC - RP472 - Installed Java™ 6 Update 7 91: 2008-07-24 14:36:22 UTC - RP471 - Software Distribution Service 3.0 -- First Restore Point -- 1: 2008-04-26 16:00:25 UTC - RP381 - Software Distribution Service 3.0 Backed up registry hives. Performed disk cleanup. -- HijackThis Clone ------------------------------------------------------------ Emulating logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2008-07-25 13:43:08 Platform: Windows XP Service Pack 2 (5.01.2600) MSIE: Internet Explorer (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINNT\system32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINNT\system32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINNT\system32\LEXBCES.EXE C:\WINNT\system32\spoolsv.exe C:\WINNT\system32\LEXPPS.EXE C:\WINNT\explorer.exe C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe C:\Program Files\AVG\AVG8\avgwdsvc.exe C:\WINNT\system32\svchost.exe C:\WINNT\wanmpsvc.exe C:\WINNT\GWMDMMSG.exe C:\Program Files\Common Files\AOL\1101775136\EE\aolsoftware.exe C:\WINNT\system32\hkcmd.exe C:\WINNT\system32\igfxpers.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe C:\Program Files\AVG\AVG8\avgrsx.exe C:\Program Files\Verizon\McciTrayApp.exe C:\Program Files\Lexmark X6100 Series\lxbfbmon.exe C:\Program Files\AVG\AVG8\avgtray.exe C:\Program Files\Ahead\InCD\InCD.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\AVG\AVG8\avgemc.exe C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe C:\Program Files\NETGEAR\WG111 Configuration Utility\WG111CFG.exe C:\Documents and Settings\Administrator\Desktop\dss.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://wapp.verizon.net/bookmarks/bmredir....p;bm=ho_central R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-8CB0-AB60BB9AAE22} - C:\PROGRA~1\VOL_TO~1\VOL_TO~1.DLL (file missing) O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file) O3 - Toolbar: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-8CB0-AB60BB9AAE22} - C:\PROGRA~1\VOL_TO~1\VOL_TO~1.DLL (file missing) O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1101775136\ee\AOLSoftware.exe O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe O4 - HKLM\..\Run: [igfxtray] C:\WINNT\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINNT\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINNT\system32\igfxpers.exe O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [Lexmark X6100 Series] "C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user') O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe O4 - Global Startup: Smart Wizard Wireless Settings.lnk = C:\Program Files\NETGEAR\WG111 Configuration Utility\WG111CFG.exe O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE10\EXCEL.EXE/3000 O9 - Extra button: (no name) - CmdMapping - (file missing) O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (file missing) O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\network diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\network diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: https://www.amazon.com (HKCU) O15 - Trusted Zone: https://cibng.ibanking-services.com (HKCU) O15 - Trusted Zone: https://webbankingforbusiness.mandtbank.com (HKCU) O15 - Trusted Zone: http://office.microsoft.com (HKCU) O15 - Trusted Zone: http://content.nejm.org (HKCU) O15 - Trusted Zone: https://www.paypal.com (HKCU) O15 - Trusted Zone: http://www.paypal.com (HKCU) O15 - Trusted Zone: https://www.taxsimple.com (HKCU) O15 - Trusted Zone: https://login.yahoo.com (HKCU) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/3/9...heckControl.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?3471565977390 O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1175141639906 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {AAD32D2E-02C8-11D7-81B3-0050FC352236} () - http://kcusa.dvrsite.net:82/activeX/DvrActiveXSetup.exe O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/get/shock...ash/swflash.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_...aploader_v6.cab O16 - DPF: {E87A4CD6-BA5F-4552-BC4F-8EC240A2755C} (WebRecClient Control) - http://207.201.213.140/webrec.cab O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL O18 - Protocol: lid - {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINNT\system32\msvidctl.dll O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL O20 - AppInit_DLLs: C:\WINNT\system32\wmfhotfix.dll,avgrsstx.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG8\avgemc.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG8\avgwdsvc.exe O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE O23 - Service: PictureTaker - Unknown owner - c:\fixit\pt\PCTKRNT.SYS O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\hpzipm12.exe O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINNT\wanmpsvc.exe -- End of file - 10685 bytes -- File Associations ----------------------------------------------------------- All associations okay. -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R2 ASCTRM - c:\winnt\system32\drivers\asctrm.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver> R2 MDC8021X (AEGIS Protocol (IEEE 802.1x) v2.3.1.9) - c:\winnt\system32\drivers\mdc8021x.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 2.3.1.9> R3 PCANDIS5 (PCANDIS5 Protocol Driver) - c:\winnt\system32\pcandis5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows> S3 EL90XBC (3Com EtherLink XL 90XB/C Adapter Driver) - c:\winnt\system32\drivers\el90xbc5.sys (file missing) S3 iscFlash - c:\winnt\system32\drivers\iscflash.sys (file missing) S3 MREMPR5 (MREMPR5 NDIS Protocol Driver) - c:\program files\common files\motive\mrempr5.sys <Not Verified; Motive, Inc.; Motive Rawether for Windows> S3 MRENDIS5 (MRENDIS5 NDIS Protocol Driver) - c:\program files\common files\motive\mrendis5.sys <Not Verified; Motive, Inc.; Motive Rawether for Windows> S3 PCDRDRV (Pcdr Helper Driver) - c:\atf\qctest\pcdoc\pcdrdrv.sys (file missing) S3 PcdrNt - c:\winnt\system32\drivers\pcdrnt.sys <Not Verified; PC-Doctor Inc.; PC-Doctor NT 3.0> S3 USBFVNETA (NETGEAR MA101 USB Adapter) - c:\winnt\system32\drivers\ma101andxp.sys <Not Verified; ATMEL; USB Wireless Network Adapter> -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- S3 QBFCService (Intuit QuickBooks FCS) - "c:\program files\common files\intuit\quickbooks\fcs\intuit.quickbooks.fcs.exe" <Not Verified; Intuit Inc.; QuickBooks 2007> S4 PictureTaker - c:\fixit\pt\pctkrnt.sys (file missing) S4 QBCFMonitorService - "c:\program files\common files\intuit\quickbooks\qbcfmonitorservice.exe" <Not Verified; Intuit; QuickBooks for Windows> -- Device Manager: Disabled ---------------------------------------------------- Class GUID: {4D36E96F-E325-11CE-BFC1-08002BE10318} Description: PS/2 Compatible Mouse Device ID: ACPI\PNP0F13\4&369939D9&0 Manufacturer: Microsoft Name: PS/2 Compatible Mouse PNP Device ID: ACPI\PNP0F13\4&369939D9&0 Service: i8042prt Class GUID: {4D36E96B-E325-11CE-BFC1-08002BE10318} Description: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard Device ID: ACPI\PNP0303\4&369939D9&0 Manufacturer: (Standard keyboards) Name: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard PNP Device ID: ACPI\PNP0303\4&369939D9&0 Service: i8042prt -- Scheduled Tasks ------------------------------------------------------------- 2008-07-25 11:01:14 330 --ah----- C:\WINNT\Tasks\MP Scheduled Scan.job 2008-07-25 01:13:00 268 --a------ C:\WINNT\Tasks\Disk Cleanup.job 2008-07-24 22:38:00 316 --a------ C:\WINNT\Tasks\Ad-Aware SE Personal.job -- Files created between 2008-06-25 and 2008-07-25 ----------------------------- 2080-01-03 23:48:10 0 d------c- C:\WINNT\system32\DRVSTORE 2080-01-03 23:48:10 0 d-------- C:\Program Files\Broadcom 2080-01-03 23:41:06 0 d-------- C:\swsetup 2080-01-03 23:40:19 0 d-------- C:\Program Files\Intel 2080-01-03 23:04:37 0 d-------- C:\WINNT\Prefetch 2080-01-03 22:56:58 0 d-------- C:\Program Files\Online Services 2008-07-24 14:45:09 0 d-------- C:\WINNT\Sun 2008-07-24 14:45:08 0 d-------- C:\Documents and Settings\Administrator\Application Data\Sun 2008-07-24 13:45:31 0 d-------- C:\Program Files\Java 2008-07-24 13:44:45 0 d-------- C:\Program Files\Common Files\Java 2008-07-24 10:31:14 114688 --a------ C:\Fport.exe -- Find3M Report --------------------------------------------------------------- 2080-01-03 22:55:52 23720 --a------ C:\WINNT\system32\emptyregdb.dat 2008-07-24 13:44:45 0 d-------- C:\Program Files\Common Files 2008-07-02 11:44:59 0 d-------- C:\Program Files\Rts Ticketing 2008-06-24 18:11:46 0 d-------- C:\Program Files\AOL 9.0 2008-06-12 11:37:08 0 d-------- C:\Documents and Settings\Administrator\Application Data\Ahead 2008-06-12 11:22:32 0 d-------- C:\Program Files\Ahead 2008-06-12 11:22:12 0 d-------- C:\Program Files\Common Files\Ahead 2008-06-01 12:25:30 0 d-------- C:\Program Files\vol_toolbar 2008-06-01 12:17:36 0 d-------- C:\Program Files\AVG -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4E7BD74F-2B8D-469E-8CB0-AB60BB9AAE22}] C:\PROGRA~1\VOL_TO~1\VOL_TO~1.DLL [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{4E7BD74F-2B8D-469E-8CB0-AB60BB9AAE22}"= C:\PROGRA~1\VOL_TO~1\VOL_TO~1.DLL [ ] [-HKEY_CLASSES_ROOT\CLSID\{4E7BD74F-2B8D-469E-8CB0-AB60BB9AAE22}] [HKEY_CLASSES_ROOT\vol_toolbar.VOL_TOOLBAR] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "GWMDMMSG"="GWMDMMSG.exe" [05/06/2002 08:12 PM C:\WINNT\GWMDMMSG.exe] "HostManager"="C:\Program Files\Common Files\AOL\1101775136\ee\AOLSoftware.exe" [09/25/2006 08:52 PM] "AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [10/23/2006 08:50 AM] "igfxtray"="C:\WINNT\system32\igfxtray.exe" [09/20/2005 11:35 AM] "igfxhkcmd"="C:\WINNT\system32\hkcmd.exe" [09/20/2005 11:32 AM] "igfxpers"="C:\WINNT\system32\igfxpers.exe" [09/20/2005 11:36 AM] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [11/03/2006 07:20 PM] "Lexmark X6100 Series"="C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe" [09/23/2003 02:01 AM] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [11/29/2004 08:41 PM] "Verizon_McciTrayApp"="C:\Program Files\Verizon\McciTrayApp.exe" [06/06/2007 07:52 PM] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 11:16 PM] "AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [07/03/2008 11:18 AM] "NeroFilterCheck"="C:\WINNT\system32\NeroCheck.exe" [07/09/2001 11:50 AM] "InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [07/07/2004 07:44 AM] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [06/10/2008 04:27 AM] [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [3/18/2008 9:41:30 PM] Smart Wizard Wireless Settings.lnk - C:\Program Files\NETGEAR\WG111 Configuration Utility\WG111CFG.exe [5/25/2005 9:07:11 PM] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableRegistryTools"=0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "appinit_dlls"=C:\WINNT\system32\wmfhotfix.dll,avgrsstx.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] @="Volume shadow copy" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk backup=C:\WINNT\pss\Adobe Gamma Loader.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=C:\WINNT\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 8.0 Tray Icon.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 8.0 Tray Icon.lnk backup=C:\WINNT\pss\America Online 8.0 Tray Icon.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online Tray Icon.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online Tray Icon.lnk backup=C:\WINNT\pss\America Online Tray Icon.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Desktop 16.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Desktop 16.lnk backup=C:\WINNT\pss\Desktop 16.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP OfficeJet T Series Startup.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP OfficeJet T Series Startup.lnk backup=C:\WINNT\pss\HP OfficeJet T Series Startup.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks 2002 Delivery Agent.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks 2002 Delivery Agent.lnk backup=C:\WINNT\pss\QuickBooks 2002 Delivery Agent.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Arma] C:\Documents and Settings\Administrator\Application Data\swol.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GWMDMMSG] GWMDMMSG.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager] C:\Program Files\Common Files\AOL\1101775136\EE\AOLHostManager.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds] C:\WINNT\System32\hkcmd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray] C:\WINNT\System32\igfxtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lxghnaj] C:\WINNT\System32\gdsblcc.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSConfig] C:\WINNT\ServicePackFiles\i386\ronda.exe /auto [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Smartexplorer Popup Killer] SMARTEXPLORER.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpyBlocs] C:\PROGRA~1\SpyBlocs\SpyBlocs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "PictureTaker"=3 (0x3) -- Hosts ----------------------------------------------------------------------- 127.0.0.1 babe.the-killer.bz 127.0.0.1 www.babe.the-killer.bz 127.0.0.1 babe.k-lined.com 127.0.0.1 www.babe.k-lined.com 127.0.0.1 did.i-used.cc 127.0.0.1 www.did.i-used.cc 127.0.0.1 coolwwwsearch.com 127.0.0.1 www.coolwwwsearch.com 127.0.0.1 coolwebsearch.com 127.0.0.1 www.coolwebsearch.com 6540 more entries in hosts file. -- End of Deckard's System Scanner: finished at 2008-07-25 13:43:55 ------------ Deckard's System Scanner v20071014.68 Extra logfile - please post this as an attachment with your post. -------------------------------------------------------------------------------- -- System Information ---------------------------------------------------------- Microsoft Windows XP Professional (build 2600) SP 2.0 Architecture: X86; Language: English CPU 0: Intel® Pentium® 4 CPU 2.60GHz Percentage of Memory in Use: 43% Physical Memory (total/avail): 1527.48 MiB / 863.02 MiB Pagefile Memory (total/avail): 2148.93 MiB / 1736.48 MiB Virtual Memory (total/avail): 2047.88 MiB / 1924.32 MiB A: is Removable (No Media) C: is Fixed (NTFS) - 78.13 GiB total, 56.79 GiB free. D: is Fixed (NTFS) - 111.79 GiB total, 105.88 GiB free. E: is Fixed (NTFS) - 74.53 GiB total, 74.46 GiB free. F: is CDROM (No Media) G: is CDROM (No Media) \\.\PHYSICALDRIVE0 - Maxtor 6L200P0 - 189.92 GiB - 2 partitions \PARTITION0 (bootable) - Installable File System - 78.13 GiB - C: \PARTITION1 - Installable File System - 111.79 GiB - D: \\.\PHYSICALDRIVE1 - - 74.53 GiB - 1 partition \PARTITION0 - Installable File System - 74.53 GiB - E: -- Security Center ------------------------------------------------------------- AUOptions is scheduled to auto-install. Windows Internal Firewall is enabled. FirstRunDisabled is set. AV: AVG Anti-Virus Free v8.0 (AVG Technologies) [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\America Online 9.0a\\waol.exe"="C:\\Program Files\\America Online 9.0a\\waol.exe:*:Enabled:America Online 9.0a" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\Common Files\\Desktop 16\\TotalWX.exe"="C:\\Program Files\\Common Files\\Desktop 16\\TotalWX.exe:*:Disabled:TotalWX" "C:\\Program Files\\America Online 9.0a\\waol.exe"="C:\\Program Files\\America Online 9.0a\\waol.exe:*:Enabled:America Online 9.0a" "C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Application Loader" "C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL" "C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL" "C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:AOL" "C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"="C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe:*:Enabled:AOLTsMon" "C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"="C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe:*:Enabled:AOLTopSpeed" "C:\\Program Files\\Common Files\\AOL\\1101775136\\EE\\AOLServiceHost.exe"="C:\\Program Files\\Common Files\\AOL\\1101775136\\EE\\AOLServiceHost.exe:*:Enabled:AOL" "C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"="C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe:*:Enabled:AOL" "C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe"="C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe:*:Enabled:AOL" "C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe"="C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe:*:Enabled:AOL" "C:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"="C:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe:*:Enabled:AOL" "C:\\WINNT\\system32\\mshta.exe"="C:\\WINNT\\system32\\mshta.exe:*:Enabled:Microsoft ® HTML Application host" "C:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"="C:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe:*:Enabled:HP Software Update Client" "C:\\Program Files\\Intuit\\QuickBooks Pro\\QBDBMgrN.exe"="C:\\Program Files\\Intuit\\QuickBooks Pro\\QBDBMgrN.exe:*:Enabled:QuickBooks 2006 Data Manager" "C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe:*:Enabled:avginet.exe" "C:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe:*:Enabled:avgamsvr.exe" "C:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe:*:Enabled:avgcc.exe" "C:\\Program Files\\Rts Ticketing\\rtsfile.exe"="C:\\Program Files\\Rts Ticketing\\rtsfile.exe:*:Disabled:rtsfile" "C:\\WINNT\\Network Diagnostic\\xpnetdiag.exe"="C:\\WINNT\\Network Diagnostic\\xpnetdiag.exe:*:Disabled:@xpsp3res.dll,-20000" "C:\\Program Files\\Common Files\\AOL\\1101775136\\EE\\aolsoftware.exe"="C:\\Program Files\\Common Files\\AOL\\1101775136\\EE\\aolsoftware.exe:*:Enabled:AOL Shared Components" "C:\\Program Files\\AOL 9.0\\waol.exe"="C:\\Program Files\\AOL 9.0\\waol.exe:*:Enabled:AOL" "C:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"="C:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe:*:Enabled:AOL TopSpeed" "C:\\Program Files\\AVG\\AVG8\\avgupd.exe"="C:\\Program Files\\AVG\\AVG8\\avgupd.exe:*:Enabled:avgupd.exe" "C:\\Program Files\\AVG\\AVG8\\avgemc.exe"="C:\\Program Files\\AVG\\AVG8\\avgemc.exe:*:Enabled:avgemc.exe" -- Environment Variables ------------------------------------------------------- ALLUSERSPROFILE=C:\Documents and Settings\All Users APPDATA=C:\Documents and Settings\Administrator\Application Data ASLOGDIR=C:\Program Files\Intuit\QuickBooks Pro\ CLIENTNAME=Console COLLECTIONID=COL8143 CommonProgramFiles=C:\Program Files\Common Files COMPUTERNAME=RONDEE ComSpec=C:\WINNT\system32\cmd.exe FP_NO_HOST_CHECK=NO HMSERVER=https://wwss1pro.cce.hp.com/wuss/servlet/WUSSServlet HOMEDRIVE=C: HOMEPATH=\Documents and Settings\Administrator ITEMID=dj-22741-15 LANG=1033 LOGONSERVER=\\RONDEE NUMBER_OF_PROCESSORS=1 OS=Windows_NT OSVER=winXPP Path=C:\WINNT\system32;C:\WINNT;C:\WINNT\system32\WBEM;C:\Program Files\PC-Doctor for Windows\services;C:\Program Files\Common Files\GTK\2.0\bin;C:\Program Files\Intel\DMIX PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH PROCESSOR_ARCHITECTURE=x86 PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 9, GenuineIntel PROCESSOR_LEVEL=15 PROCESSOR_REVISION=0209 ProgramFiles=C:\Program Files PROMPT=$P$G SESSIONID=1114352321879htx6931b1f800:103cd8489e9:-5d90 SESSIONNAME=Console SWUTVER=1.0.22.20030804 SystemDrive=C: SystemRoot=C:\WINNT TEMP=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp TIMEOUT=0 TMP=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp TOOLPATH=/C:\Program%20Files\HP\HP%20Software%20Update\install.htm UPDATEDIR=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\rad59220.tmp USERDOMAIN=RONDEE USERNAME=Administrator USERPROFILE=C:\Documents and Settings\Administrator VERSION=3.0.5.001 windir=C:\WINNT -- User Profiles --------------------------------------------------------------- Administrator (admin) Guest (guest) -- Add/Remove Programs --------------------------------------------------------- --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL --> C:\WINNT\IsUninst.exe -fC:\WINNT\orun32.isu --> C:\WINNT\NuNInst.exe /UNINSTALL --> MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095} --> MsiExec.exe /I{71EEA108-09C9-4D81-8FA2-D48C70681242} --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINNT\INF\PCHealth.inf ABBYY FineReader 5.0 Sprint Plus --> MsiExec.exe /X{D1696920-9794-4BBC-8A30-7A88763DE5A2} Ad-Aware 2007 --> MsiExec.exe /X{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF} Adobe Flash Player 9 ActiveX --> C:\WINNT\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete Adobe Flash Player ActiveX --> C:\WINNT\system32\Macromed\Flash\uninstall_activeX.exe Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003} AOL Uninstaller (Choose which Products to Remove) --> C:\Program Files\Common Files\AOL\uninstaller.exe AOL You've Got Pictures Screensaver --> C:\Program Files\Common Files\AOL\Screensaver\uninst_ygpss.exe AVG Free 8.0 --> C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL Broadcom Management Programs --> MsiExec.exe /I{FB64BF25-3593-4E4E-AA85-84AEF1D1475F} Broadcom NetXtreme Ethernet Controller --> MsiExec.exe /X{7E369B27-13E2-41A5-9879-358EE1C8B5AD} Do More 5.0 --> MsiExec.exe /I{75C023EC-64A0-44F7-9D99-C6F6E21EB6F0} eVision MEGApro --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3BB33680-2F53-11D6-BC84-00D0B7E10CD1}\SETUP.EXE" GeoVision H264 --> C:\WINNT\system32\rundll32.exe setupapi,InstallHinfSection Remove_GX264 132 C:\WINNT\INF\G264.inf GeoVision MPEG2 --> C:\WINNT\system32\rundll32.exe setupapi,InstallHinfSection Remove_GXGM20 132 C:\WINNT\INF\GM20.inf GeoVision MPEG4 --> C:\WINNT\system32\rundll32.exe setupapi,InstallHinfSection Remove_GeoCodec 132 C:\WINNT\INF\GEOX.inf GeoVision MPEG4 ASP --> C:\WINNT\system32\rundll32.exe setupapi,InstallHinfSection Remove_GXAMP4 132 C:\WINNT\INF\GMP4.inf GeoVision RemoteView System --> C:\WINNT\uninst.exe -fC:\RemoteView\DeIsL1.isu getPlus®_ocx --> rundll32.exe advpack.dll,LaunchINFSection C:\WINNT\inf\GETPLUSo.INF, DefaultUninstall GTK+ 2.10.6-1 runtime environment --> "C:\Program Files\Common Files\GTK\2.0\setup\unins000.exe" GTW V.92 Voicemodem --> C:\WINNT\GWMDMU.exe verbose HelpSpot --> MsiExec.exe /I{F1FBF021-B965-42D3-BF63-D7A121B5490D} Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINNT\$NtUninstallKB929399$\spuninst\spuninst.exe" HP Product Detection --> MsiExec.exe /I{CAE7D1D9-3794-4169-B4DD-964ADBC534EE} Intel® Extreme Graphics 2 Driver --> RUNDLL32.EXE C:\WINNT\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2572 Intel® PRO Network Connections --> MsiExec.exe /I{111A3D14-7596-43B0-92BA-418435C90672} Java™ 6 Update 7 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070} Lexmark X6100 Series --> C:\WINNT\system32\spool\drivers\w32x86\3\LXBFUN5C.EXE -dLexmark X6100 Series LiveReg (Symantec Corporation) --> C:\Program Files\Common Files\Symantec Shared\LiveReg\VCSETUP.EXE /REMOVE LiveUpdate 2.6 (Symantec Corporation) --> C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U MA101 USB Adapter Configuration Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B46834CC-141E-11D5-A76F-0030AB007078}\SetUp.EXE" Microsoft Base Smart Card Cryptographic Service Provider Package --> "C:\WINNT\$NtUninstallbasecsp$\spuninst\spuninst.exe" Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINNT\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe" Microsoft Data Access Components KB870669 --> C:\WINNT\muninst.exe C:\WINNT\INF\KB870669.inf Microsoft Office XP Media Content --> MsiExec.exe /I{90300409-6000-11D3-8CFE-0050048383C9} Microsoft Office XP Professional --> MsiExec.exe /I{91110409-6000-11D3-8CFE-0050048383C9} Microsoft Publisher 2002 --> MsiExec.exe /I{91190409-6000-11D3-8CFE-0050048383C9} Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINNT\$NtUninstallWudf01000$\spuninst\spuninst.exe" Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Mozilla Firefox (2.0.0.1) --> C:\Program Files\Mozilla Firefox\uninstall\uninst.exe Mozilla Thunderbird (2.0.0.9) --> C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E} Nero Suite --> C:\Program Files\Common Files\Ahead\Uninstall\Setup.exe /uninstall NETGEAR WG111 Software --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{21B9CC18-8AB7-402F-B343-CD2127FC3CFC}\SETUP.EXE" -uninst overland - |