Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Not So Common Windows Explorer Error Is Driving Me Insane!


  • Please log in to reply
10 replies to this topic

#1 Pike

Pike

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:47 AM

Posted 16 July 2007 - 08:08 PM

My problem is with windows explorer. I have read many other forums about explorer errors, but none have the same symptoms as mine! Unlike other problems, mine ONLY occurs when I close a folder window. It doesnt matter how I close it, using either File=>Close or clicking the [X] close button I recive the message below;

'Windows Explorer has encountered a problem and needs to close. We are sorry for the inconvenience.'

==>Error Report data:
Error signature;
AppName: explorer.exe
AppVer: 6.0.2900.2180
ModName: Unknown
ModVer: 0.0.0.0
Offset: 02f1fb1c


>Also, while I am browsing files (clicking on icons and jumping around folder to folder) I noticed that all of my desktop Icons will dissapear and reload randomly. The longer I browse folders, the more it does this. Again, until I close that window and recive the 'Windows error" message again.

>After explorer.exe reloads MOST of the 'running programs' icons in the right hand side of the explorer bar dissapear and will not return even if I exit and reload the program themselves. The most irritaing of which is windows Task Manager.

>Sometimes, not all the time (60% of the time) I get a 'DrWatson Postmortem Debugger" error after the windows explorer error,but before explorer restarts. The computer then freezes until I manually end drwtsn.exe in taskmanager.

The data from this:
EventType: BEX
P1:drwtsn32.exe
P2:5.1.2600.0
P3:3b7d84a2
P4:dbghelp.dll
P5:5.1.2600.2180
P6:4110969a
P7:0001295d
P8:c0000409
P9:00000000


Programs that I run constantly to protect my computer:
*Please tell me if any of these are misleading and/or are pointless*
-BitDefender (anti-virus) w/real time protection and automatic scans
-AdsGone (popup blocker and realtime spyware protection)
-Ad-aware
-Keyscrabler (to encrypt all username/passwords typed into web logon prompts)
-Registry Mechanic (with daily reg scans)

At first I thought I could troubleshoot this myself and fix it by reading forums applying the knowledge gained there. Being a student persuing a degree in software design (windows application) I thought I could handle it... BUT this little problem opened my eyes!

>So I downloaded HijackThis and came here. I hope someone can show me the right next step !!

Here is the logfile from HijackThis:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 8:49:56 PM, on 7/16/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\program files\softwin\bitdefender8\bdnagent.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Documents and Settings\Amy Avery\Desktop\Everything\programs\security\HiJackThis_v2.exe
C:\WINDOWS\SYSTEM32\notepad.exe
C:\WINDOWS\explorer.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O1 - Hosts: 208.109.221.107 as.casalemedia.com
O1 - Hosts: 208.109.221.107 adserving.cpxinteractive.com
O1 - Hosts: 208.109.233.197 ad.yieldmanager.com
O1 - Hosts: 208.109.233.197 ad.doubleclick.net
O1 - Hosts: 208.109.221.107 altfarm.mediaplex.com # download.com
O1 - Hosts: 208.109.221.107 ad.n2434.doubleclick.net # download.com
O1 - Hosts: 208.109.221.107 mads.download.com # download.com
O1 - Hosts: 208.109.221.107 mads.cnet.com # download.com
O1 - Hosts: 208.109.221.107 mads.com.com
O1 - Hosts: 38.113.170.200 ads1.msn.com
O1 - Hosts: 38.113.170.200 ads.sup.com
O1 - Hosts: 38.113.174.32 dehp.myspace.com
O1 - Hosts: 38.113.174.32 demr.myspace.com
O1 - Hosts: 38.113.174.32 desk.myspace.com
O1 - Hosts: 38.113.174.32 delb.myspace.com
O1 - Hosts: 208.109.233.197 delb2.myspace.com
O1 - Hosts: 208.109.221.107 debr.myspace.com
O1 - Hosts: 38.113.174.32 view.atdmt.com
O1 - Hosts: 38.113.170.200 rad.msn.com
O1 - Hosts: 38.113.170.200 themis.geocities.yahoo.com
O2 - BHO: (no name) - AutorunsDisabled - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: QFX Software KeyScrambler - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files\KeyScrambler\keyscramblerIE.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\YAHOO!\common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender8\bdmcon.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "c:\program files\softwin\bitdefender8\bdnagent.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Quick Macros] "C:\Program Files\Quick Macros 2\qm.exe" S
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [Total Uninstall Agent] "C:\Program Files\Total Uninstall 4\TuAgent.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: AdsGone 2006.lnk = C:\Program Files\AdsGone\adsgone.exe
O4 - Global Startup: AT&T Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\YAHOO!\common\yiesrvc.dll
O9 - Extra button: (no name) - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\keyscramblerIE.dll
O9 - Extra 'Tools' menuitem: &KeyScrambler... - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\keyscramblerIE.dll
O9 - Extra button: (no name) - AutorunsDisabled - (no file) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: Win32 Classes -
O16 - DPF: {051D0E35-F4E3-4C8D-B411-AB0875F4C683} (Anark Client 4.0 ActiveX Control) - http://install.anark.com/client/version4/w...en/AMClient.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - http://img.member.yahoo.com/dl/atty/yinst_current.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1173917610055
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1173925610097
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jin...ows-i586-jc.cab
O16 - DPF: {CBD8B1CB-2F5F-415F-93E8-A297B33DCBB2} (CentrinoCheck Control) - http://entriq.vo.llnwd.net/o1/NBCUniversal...eck_1_0_0_5.cab
O16 - DPF: {CE7D2BF2-D173-4CE2-9DAF-15EA153B5B43} (MediaControl Class) - http://entriq.vo.llnwd.net/o1/NBCUniversal..._2_2_Silent.cab
O16 - DPF: {DE0FB644-C59B-46D1-B650-88BA945BC98F} (NBCUniversal Class) - http://entriq.vo.llnwd.net/o1/NBCUniversal...sal_1_0_0_7.cab
O18 - Protocol: AutorunsDisabled - (no CLSID) - (no file)
O20 - AppInit_DLLs:
O20 - Winlogon Notify: AutorunsDisabled - C:\WINDOWS\
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
O24 - Desktop Component AutorunsDisabled: (no name) - (no file)

--
End of file - 8228 bytes



Moved from the XP Forum. ~acklan~

Edited by acklan, 16 July 2007 - 08:28 PM.


BC AdBot (Login to Remove)

 


#2 Rorschach

Rorschach

  • Members
  • 523 posts
  • OFFLINE
  •  
  • Local time:07:47 AM

Posted 23 July 2007 - 04:58 PM

Hello Pike, sorry for the delay. I'm just looking over your log and will get back to you soon.

#3 Rorschach

Rorschach

  • Members
  • 523 posts
  • OFFLINE
  •  
  • Local time:07:47 AM

Posted 24 July 2007 - 03:14 PM

Hello Pike, my name is Rorschach and I'll be helping you with your problems.


Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.
Extra Note: When running DSS, some firewalls may warn that sigcheck.exe is trying to access the internet - please ensure that you allow sigcheck.exe permission to do so. Also, it may happen that your Antivirus flags DSS as suspicious. Please allow the Deckard's System Scanner to run and don't let your Antivirus delete it. (In this case, it may be better to temporary disable your Antivirus)



Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.


Download and Save Blacklight to your desktop (choose "I ACCEPT" then click "DOWNLOAD" on the website).

Double-click fsbl.exe then accept the agreement, click > "Scan" then > "Next".

You'll see a list of all items found. There will also be a log on your desktop with the name "fsbl.xxxxxxxxxxxxxx.log" (the xxxxxxxxxxxxxx stand for numbers).

Copy and paste this log in your next reply. Don't choose the rename option yet! I want to see the log first, because legitimate items can also be present there, such as "wbemtest.exe"


So in your next reply please post the following : the two DSS texts in full, the Kaspersky Webscanner report, and the Blacklight log.

#4 Pike

Pike
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:47 AM

Posted 28 July 2007 - 11:58 AM

Sorry for the delay, and thank you again for helping me!
Here are the logs-

Main.txt:

Deckard's System Scanner v20070711.54
Run by Amy Avery on 2007-07-27 at 23:31:22
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
13: 2007-07-28 03:31:27 UTC - RP453 - Deckard's System Scanner Restore Point
12: 2007-07-27 14:38:33 UTC - RP452 - System Checkpoint
11: 2007-07-26 13:52:04 UTC - RP451 - System Checkpoint
10: 2007-07-25 02:40:47 UTC - RP450 - System Checkpoint
9: 2007-07-23 17:24:12 UTC - RP449 - System Checkpoint


-- First Restore Point --
1: 2007-07-17 04:20:30 UTC - RP441 - System Checkpoint


Backed up registry hives.

Performed disk cleanup.


-- HijackThis (run as Amy Avery.exe) -------------------------------------------

Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------

Emulating logfile of HijackThis v1.99.1
Scan saved at 2007-07-27 23:39:28
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16473)

Running processes:
C:\WINDOWS\SYSTEM32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\SYSTEM32\services.exe
C:\WINDOWS\SYSTEM32\lsass.exe
C:\WINDOWS\SYSTEM32\svchost.exe
C:\WINDOWS\SYSTEM32\svchost.exe
C:\Program Files\Softwin\BitDefender8\bdnagent.exe
C:\Program Files\AdsGone\adsgone.EXE
C:\Program Files\IOGEAR\Bluetooth Software\BTTray.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\IOGEAR\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\SYSTEM32\svchost.exe
C:\WINDOWS\SYSTEM32\wuauclt.exe
C:\WINDOWS\SYSTEM32\taskmgr.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\SYSTEM32\LEXBCES.EXE
C:\WINDOWS\SYSTEM32\LEXPPS.EXE
C:\WINDOWS\SYSTEM32\spoolsv.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Amy Avery\Desktop\Everything\programs\security\cleaners\dss.exe
C:\Program Files\Trend Micro\HijackThis\Amy Avery.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
O2 - BHO: (no name) - AutorunsDisabled - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: QFX Software KeyScrambler - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender8\bdmcon.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "c:\program files\softwin\bitdefender8\bdnagent.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - Global Startup: AdsGone 2006.lnk = C:\Program Files\AdsGone\adsgone.exe
O4 - Global Startup: AT&T Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O4 - Global Startup: Bluetooth.lnk = C:\Program Files\IOGEAR\Bluetooth Software\BTTray.exe
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\IOGEAR\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - AutorunsDisabled - (file missing)
O9 - Extra 'Tools' menuitem: (no name) - AutorunsDisabled - (file missing)
O9 - Extra button: (no name) - CmdMapping - (file missing)
O9 - Extra 'Tools' menuitem: (no name) - CmdMapping - (file missing)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: (no name) - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll
O9 - Extra 'Tools' menuitem: (no name) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll
O9 - Extra button: (no name) - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O9 - Extra 'Tools' menuitem: &KeyScrambler... - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O9 - Extra button: (no name) - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\IOGEAR\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: (no name) - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\IOGEAR\Bluetooth Software\btsendto_ie.htm
O11 - Options Group: [TABS] Tabbed Browsing
O16 - DPF: {051D0E35-F4E3-4C8D-B411-AB0875F4C683} (Anark Client 4.0 ActiveX Control) - http://install.anark.com/client/version4/w...en/AMClient.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://fpdownload.macromedia.com/get/shock...director/sw.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - http://img.member.yahoo.com/dl/atty/yinst_current.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1173917610055
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1173925610097
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.6.0_01) - http://javadl-esd.sun.com/update/1.6.0/jin...ows-i586-jc.cab
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab
O16 - DPF: {CBD8B1CB-2F5F-415F-93E8-A297B33DCBB2} (CentrinoCheck Control) - http://entriq.vo.llnwd.net/o1/NBCUniversal...eck_1_0_0_5.cab
O16 - DPF: {CE7D2BF2-D173-4CE2-9DAF-15EA153B5B43} (MediaControl Class) - http://entriq.vo.llnwd.net/o1/NBCUniversal..._2_2_Silent.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/get/shock...ash/swflash.cab
O16 - DPF: {DE0FB644-C59B-46D1-B650-88BA945BC98F} (NBCUniversal Class) - http://entriq.vo.llnwd.net/o1/NBCUniversal...sal_1_0_0_7.cab
O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: AutorunsDisabled - C:\WINDOWS\system32\
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - "C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\IOGEAR\Bluetooth Software\bin\btwdins.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\SYSTEM32\ScsiAccess.EXE
O23 - Service: BitDefender Communicator (XCOMM) - Softwin - "C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service



-- File Associations -----------------------------------------------------------

.bat - batfile - DefaultIcon - C:\WINDOWS\SYSTEM32\SHELL32.DLL,-153
.com - comfile - DefaultIcon - C:\WINDOWS\SYSTEM32\SHELL32.DLL,2
.hlp - hlpfile - DefaultIcon - C:\WINDOWS\SYSTEM32\SHELL32.DLL,23
.ini - inifile - DefaultIcon - shell32.dll,-151
.reg - regfile - DefaultIcon - c:\windows\regedit.exe,1
.txt - txtfile - DefaultIcon - shell32.dll,-152


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 HWFProt (Hywave File Protector HWFProt) - c:\windows\system32\drivers\hwfprot.sys <Not Verified; HyWave Corporation; HyWave ™ 2003 for Windows NT/2K>
R1 ATITool (ATITool Overclocking Utility) - c:\windows\system32\drivers\atitool.sys <Not Verified; ; Low-Level Driver>
R1 cdrbsdrv - c:\windows\system32\drivers\cdrbsdrv.sys <Not Verified; B.H.A Corporation; B's Recorder GOLD7>
R1 mbmiodrvr - c:\windows\system32\mbmiodrvr.sys <Not Verified; cansoft@livewiredev.com; Windows ® 2000 DDK driver>
R2 BTSERIAL (Bluetooth Serial Driver) - c:\windows\system32\drivers\btserial.sys <Not Verified; Broadcom Corporation.; Bluetooth Software 5.1.0.1100>
R2 HWiNFO32 (HWiNFO32 Kernel Driver) - c:\program files\hwinfo32\hwinfo32.sys <Not Verified; REALiX™; HWiNFO32 Kernel Driver>
R3 SaiMini - c:\windows\system32\drivers\saimini.sys <Not Verified; Saitek; Configuration Software>
R3 SaiNtBus - c:\windows\system32\drivers\saibus.sys <Not Verified; Saitek; Configuration Software>

S3 btwhid - c:\windows\system32\drivers\btwhid.sys <Not Verified; Broadcom Corporation.; Bluetooth Software 5.1.0.1100>
S3 btwmodem (Bluetooth Modem) - c:\windows\system32\drivers\btwmodem.sys <Not Verified; Broadcom Corporation.; Bluetooth Software 5.1.0.1100>
S3 P2k (Motorola USB Device) - c:\windows\system32\drivers\p2k.sys <Not Verified; Motorola Inc; P2k Driver>
S3 qmphook (QM process triggers) - c:\program files\quick macros 2\qmphook.sys
S3 XBCD (XBCD Kernel Module) - c:\windows\system32\drivers\xbcd.sys <Not Verified; Redcl0ud; XBCD>
S4 ATWPKT - c:\windows\system32\drivers\atwpkt.sys (file missing)
S4 windrvNT - c:\windows\system32\windrvnt.sys


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S4 ScsiAccess - c:\windows\system32\scsiaccess.exe


-- Scheduled Tasks -------------------------------------------------------------

2007-07-11 12:04:42 252 --a------ C:\WINDOWS\Tasks\Disk Cleanup.job
2007-06-25 20:01:38 288 --a------ C:\WINDOWS\Tasks\unInstall iF-18 Carrier Strike Fighter.job
2007-06-25 20:01:32 454 --a------ C:\WINDOWS\Tasks\Tune-up Application Start.job
2007-06-25 20:01:30 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2007-06-27 and 2007-07-27 -----------------------------

2007-07-27 23:36:22 0 d-------- C:\Program Files\Trend Micro
2007-07-25 23:01:00 0 d-------- C:\Program Files\Typing Test TQ
2007-07-23 13:05:04 0 d-------- C:\WINDOWS\system32\CatRoot2
2007-07-20 19:14:42 0 d-------- C:\Documents and Settings\Amy Avery\Bluetooth Software
2007-07-20 19:08:32 0 d-------- C:\Program Files\IOGEAR
2007-07-16 15:26:23 0 d-------- C:\Documents and Settings\Amy Avery\Application Data\GameHouse
2007-07-16 15:26:10 0 d-------- C:\Program Files\GameHouse
2007-07-16 14:13:57 0 d-------- C:\Program Files\absolutist.com
2007-07-13 13:02:16 0 d-------- C:\Program Files\Quick Macros 2
2007-07-13 13:02:16 0 d-------- C:\Documents and Settings\All Users\Application Data\GinDi
2007-07-12 16:21:57 0 d-------- C:\Documents and Settings\Amy Avery\Application Data\gtopala
2007-07-12 09:16:11 90112 -----n--- C:\WINDOWS\SDUnInst.exe <Not Verified; Software Design; UnInstaller Utility for Windows>
2007-07-12 09:16:10 0 d-------- C:\Program Files\Software by Design
2007-07-11 18:39:08 0 d-------- C:\Documents and Settings\All Users\Application Data\Trymedia
2007-07-11 13:31:16 311808 --a------ C:\WINDOWS\system32\afeshell.dll
2007-07-11 13:31:16 0 d-------- C:\Program Files\Abacre File Encryptor
2007-07-11 13:04:12 306 --a------ C:\WINDOWS\system32\xtbaksm.dll
2007-07-11 12:00:21 0 dr-h----- C:\Documents and Settings\Amy Avery\Recent
2007-07-11 11:55:26 0 d-------- C:\Program Files\CCleaner
2007-07-10 16:28:53 0 d-------- C:\WINDOWS\ShellNew
2007-07-07 20:15:52 0 d-------- C:\Program Files\Eusing Free Registry Cleaner
2007-07-05 21:30:35 0 d-------- C:\Program Files\KeyScrambler
2007-07-04 03:05:57 122880 --a------ C:\WINDOWS\UnGins.exe
2007-07-04 03:05:57 0 d-------- C:\Program Files\BDASM v2.5 Full
2007-07-04 02:53:35 0 d-------- C:\Program Files\SilverAge Software
2007-07-04 01:52:50 22 --a------ C:\WINDOWS\system32\win07d10_va.bin
2007-07-04 01:52:09 126976 --a------ C:\WINDOWS\system32\lfkodak.dll <Not Verified; LEAD Technologies, Inc.; LEADTOOLS FlashPix library>
2007-07-04 01:52:09 393216 --a------ C:\WINDOWS\system32\lffpx7.dll <Not Verified; LEAD Technologies, Inc.; LEADTOOLS FlashPix library>
2007-07-04 01:52:08 65536 --a------ C:\WINDOWS\system32\lfsct14N.dll <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® EVAL DLL for Win32>
2007-07-04 01:52:07 974848 --a------ C:\WINDOWS\system32\LtDlgRes14n.dll
2007-07-04 01:52:06 81982 --a------ C:\WINDOWS\system32\NCSUtil.dll <Not Verified; Earth Resource Mapping; Earth Resource Mapping NCSUtil>
2007-07-04 01:52:06 41022 --a------ C:\WINDOWS\system32\NCSEcwC.dll <Not Verified; Earth Resource Mapping; Earth Resource Mapping NCSEcwC>
2007-07-04 01:52:06 188477 --a------ C:\WINDOWS\system32\NCSEcw.dll <Not Verified; Earth Resource Mapping; Earth Resource Mapping NCSEcw>
2007-07-04 01:52:06 53310 --a------ C:\WINDOWS\system32\NCScnet.dll <Not Verified; Earth Resource Mapping; Earth Resource Mapping NCScnet>
2007-07-04 01:33:24 0 d-------- C:\Program Files\IconCool Software
2007-07-04 01:04:38 0 d-------- C:\Documents and Settings\Amy Avery\Application Data\Vidalia
2007-07-04 01:04:38 0 d-------- C:\Documents and Settings\Amy Avery\Application Data\Tor
2007-07-04 01:04:37 0 d-------- C:\Program Files\Tor
2007-07-03 19:49:10 0 d-------- C:\Program Files\HoldemInspector2
2007-06-28 22:15:00 0 d-------- C:\Program Files\Fusion


-- Find3M Report ---------------------------------------------------------------

2007-07-21 11:04:06 352137 --a------ C:\swlist.reg
2007-07-11 13:04:14 306 --a------ C:\WINDOWS\system32\xtbaksm.dat
2007-06-25 20:27:50 0 d-------- C:\Program Files\MOVAVI
2007-06-25 20:27:32 0 d-------- C:\Program Files\EnhanceMovie 2.2
2007-06-25 19:51:32 0 d-------- C:\Program Files\HWiNFO32
2007-06-25 19:44:46 0 d-------- C:\Program Files\Motherboard Monitor 5
2007-06-25 14:05:52 0 d-------- C:\Program Files\AC3Filter
2007-06-25 13:52:26 522 --a------ C:\sccfg.sys
2007-06-21 17:37:48 0 d-------- C:\Program Files\ISS
2007-06-21 14:38:12 0 d-------- C:\Program Files\ID Security Suite
2007-06-18 20:06:44 0 d-------- C:\Program Files\Total Uninstall 4
2007-06-18 15:42:46 0 d-------- C:\Program Files\Test Tone Generator
2007-06-15 11:59:04 0 d-------- C:\Program Files\Sienzo
2007-06-15 11:26:38 0 d-------- C:\Documents and Settings\Amy Avery\Application Data\NCH Swift Sound
2007-06-15 11:26:20 0 d-------- C:\Program Files\NCH Swift Sound
2007-06-15 11:00:50 0 d-------- C:\Program Files\GuitarFX 3
2007-06-14 12:52:22 0 d-------- C:\Program Files\ffvfw
2007-06-10 15:20:20 284 --a------ C:\Documents and Settings\Amy Avery\Application Data\ViewerApp.dat
2007-06-10 14:29:54 0 d-------- C:\Program Files\DiskInternals
2007-06-08 14:06:22 2528 --a------ C:\Documents and Settings\Amy Avery\Application Data\$_hpcst$.hpc
2007-06-08 14:04:58 0 d-------- C:\Program Files\Microsoft ActiveSync
2007-06-07 11:05:08 0 d-------- C:\Documents and Settings\Amy Avery\Application Data\Aim
2007-06-06 14:40:58 0 d-------- C:\Program Files\Smart Install Maker
2007-06-01 12:08:32 0 d-------- C:\Program Files\Common Files\Oberon Media
2007-06-01 12:08:32 0 d-------- C:\Program Files\Comcast Play Games
2007-05-31 18:21:58 0 d-------- C:\Program Files\Telltale Texas Hold'Em
2007-05-31 18:21:46 0 d-------- C:\Program Files\ReflexiveArcade
2007-05-31 02:44:56 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2007-05-31 02:44:56 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2007-05-31 02:44:56 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2007-05-31 02:44:56 740442 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2007-05-20 13:33:06 35363 --a------ C:\WINDOWS\system32\windrvNT.sys
2007-05-16 16:30:58 539 --a------ C:\AutoExec.bat
2007-05-04 01:32:18 1 --a------ C:\WINDOWS\system32\SI.bin
2007-05-03 14:43:26 1156 --a------ C:\WINDOWS\mozver.dat


-- Registry Dump ---------------------------------------------------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{2B9F5787-88A5-4945-90E7-C4B18563BC5E} C:\Program Files\KeyScrambler\keyscramblerIE.dll
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} C:\PROGRA~1\YAHOO!\common\yiesrvc.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"BDMCon"="\"C:\\Program Files\\Softwin\\BitDefender8\\bdmcon.exe\""
"BDNewsAgent"="\"c:\\program files\\softwin\\bitdefender8\\bdnagent.exe\""
"UnlockerAssistant"="\"C:\\Program Files\\Unlocker\\UnlockerAssistant.exe\""
"Motive SmartBridge"="C:\\PROGRA~1\\SBCSEL~1\\SMARTB~1\\MotiveSB.exe"
"BJCFD"="C:\\Program Files\\BroadJump\\Client Foundation\\CFD.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run\AutorunsDisabled]
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"CDRAutoRun"=hex:00,00,00,00

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AutorunsDisabled

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ \0scecli\0\0


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"LoadPowerProfile"="Rundll32.exe powrprof.dll,LoadCurrentPwrScheme"
"POINTER"="point32.exe"
"RxMon"="C:\\Program Files\\Dell\\Resolution Assistant\\Common\\bin\\RxMon9x.exe"
"MadExe"="C:\\PROGRAM FILES\\DELL\\RESOLUTION ASSISTANT\\COMMON\\BIN\\LaunchRA.exe -boot"
"MotiveMonitor"="C:\\Program Files\\Motive\\motmon.exe"
"Daemon"="C:\\Program Files\\Microsoft Hardware\\Gaming Devices\\DAEMON32.EXE"
"LexStart"="Lexstart.exe"
"projselector"="\"c:\\Program Files\\Common Files\\Roxio Shared\\Project Selector\\projselector.exe\" -r"
"RoxioEngineUtility"="\"c:\\Program Files\\Common Files\\Roxio Shared\\System\\EngUtil.exe\""
"RoxioDragToDisc"="\"c:\\Program Files\\Roxio\\Easy CD Creator 6\\DragToDisc\\DrgToDsc.exe\""
"RoxioAudioCentral"="\"c:\\Program Files\\Roxio\\Easy CD Creator 6\\AudioCentral\\RxMon.exe\""
@=""
"StillImageMonitor"="C:\\WINDOWS\\SYSTEM32\\STIMON.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
"backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\READER~1.0\\Reader\\READER~1.EXE "
"item"="Adobe Reader Speed Launch"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
"backup"="C:\\WINDOWS\\pss\\Adobe Reader Synchronizer.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\READER~1.0\\Reader\\ADOBEC~1.EXE "
"item"="Adobe Reader Synchronizer"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
"backup"="C:\\WINDOWS\\pss\\America Online 9.0 Tray Icon.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\AMERIC~1.0C\\aoltray.exe -check"
"item"="America Online 9.0 Tray Icon"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online Tray Icon.lnk]
"backup"="C:\\WINDOWS\\pss\\America Online Tray Icon.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\AMERIC~1.0A\\aoltray.exe -check"
"item"="America Online Tray Icon"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AOL Companion.lnk]
"backup"="C:\\WINDOWS\\pss\\AOL Companion.lnkCommon Startup"
"location"="Common Startup"
"item"="AOL Companion"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^CoolAgent.lnk]
"backup"="C:\\WINDOWS\\pss\\CoolAgent.lnkCommon Startup"
"location"="Common Startup"
"item"="CoolAgent"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Corel Desktop Application Director.LNK]
"backup"="C:\\WINDOWS\\pss\\Corel Desktop Application Director.LNKCommon Startup"
"location"="Common Startup"
"command"="C:\\Corel\\Office7\\Dad7\\Quick.exe "
"item"="Corel Desktop Application Director"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HotSync Manager.LNK]
"backup"="C:\\WINDOWS\\pss\\HotSync Manager.LNKCommon Startup"
"location"="Common Startup"
"item"="HotSync Manager"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
"backup"="C:\\WINDOWS\\pss\\Kodak EasyShare software.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Kodak\\KODAKE~1\\bin\\EASYSH~1.EXE -h"
"item"="Kodak EasyShare software"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk]
"backup"="C:\\WINDOWS\\pss\\KODAK Software Updater.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Kodak\\KODAKS~1\\7288971\\Program\\BACKWE~1.EXE "
"item"="KODAK Software Updater"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
"backup"="C:\\WINDOWS\\pss\\Microsoft Office.lnkCommon Startup"
"location"="Common Startup"
"item"="Microsoft Office"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^pccmsi.lnk]
"backup"="C:\\WINDOWS\\pss\\pccmsi.lnkCommon Startup"
"location"="Common Startup"
"item"="pccmsi"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PerfectPrint.LNK]
"backup"="C:\\WINDOWS\\pss\\PerfectPrint.LNKCommon Startup"
"location"="Common Startup"
"command"="C:\\Corel\\Office7\\Shared\\PFit7\\Pfppop70.exe "
"item"="PerfectPrint"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PowerReg Scheduler.exe]
"backup"="C:\\WINDOWS\\pss\\PowerReg Scheduler.exeCommon Startup"
"location"="Common Startup"
"item"="PowerReg Scheduler"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Privoxy.lnk]
"backup"="C:\\WINDOWS\\pss\\Privoxy.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Tor\\Privoxy\\privoxy.exe "
"item"="Privoxy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks 2002 Delivery Agent.lnk]
"backup"="C:\\WINDOWS\\pss\\QuickBooks 2002 Delivery Agent.lnkCommon Startup"
"location"="Common Startup"
"item"="QuickBooks 2002 Delivery Agent"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Resolution Assistant.lnk]
"backup"="C:\\WINDOWS\\pss\\Resolution Assistant.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Dell\\RESOLU~1\\MOTIVE~1\\bin\\matcli.exe -boot"
"item"="Resolution Assistant"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Amy Avery^Start Menu^Programs^Startup^AdsGone.lnk]
"backup"="C:\\WINDOWS\\pss\\AdsGone.lnkStartup"
"location"="Startup"
"command"="C:\\PROGRA~1\\AdsGone\\adsgone.exe "
"item"="AdsGone"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Amy Avery^Start Menu^Programs^Startup^ID Firewall.lnk]
"backup"="C:\\WINDOWS\\pss\\ID Firewall.lnkStartup"
"location"="Startup"
"command"="C:\\PROGRA~1\\IDSECU~1\\IDFIRE~1\\IDFIRE~1.EXE "
"item"="ID Firewall"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Amy Avery^Start Menu^Programs^Startup^OpenOffice.org 2.1.lnk]
"backup"="C:\\WINDOWS\\pss\\OpenOffice.org 2.1.lnkStartup"
"location"="Startup"
"command"="C:\\PROGRA~1\\OPENOF~1.1\\program\\QUICKS~1.EXE "
"item"="OpenOffice.org 2.1"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Amy Avery^Start Menu^Programs^Startup^PowerReg Scheduler V3.exe]
"backup"="C:\\WINDOWS\\pss\\PowerReg Scheduler V3.exeStartup"
"location"="Startup"
"item"="PowerReg Scheduler V3"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKLM"
"command"=""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Spyware Protection]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AOLSP Scheduler"
"hkey"="HKLM"
"command"="\"C:\\PROGRA~1\\COMMON~1\\AOL\\AOLSPY~1\\AOLSP Scheduler.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AOLDial"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDNewsAgent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="bdnagent"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Softwin\\BitDefender8\\bdnagent.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BootService]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="xxyawx"
"hkey"="HKLM"
"command"="rundll32.exe \"C:\\WINDOWS\\xxyawx.dll\",realset"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="daemon"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Wcescomm"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Microsoft ActiveSync\\Wcescomm.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AOLHostManager"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common Files\\AOL\\1122346661\\EE\\AOLHostManager.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LFAgent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKLM"
"command"=""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MBM 5]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MBM5"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Motherboard Monitor 5\\MBM5.EXE\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msnmsgr"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBCUniversal Media Manager Tray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="EntriqMediaTray"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Entriq\\MediaSphere\\Bin\\EntriqMediaTray.exe\" /CustomId:NBCUniversal"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\projselector]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="projselector"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Roxio Shared\\Project Selector\\projselector.exe\" -r"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Quick Macros]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qm"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Quick Macros 2\\qm.exe\" S"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryOptimizer]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RegistryOptimizer"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Registry Optimizer 2007\\RegistryOptimizer.exe\" ShowError"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioAudioCentral]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RxMon"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Roxio\\Easy CD Creator 6\\AudioCentral\\RxMon.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DrgToDsc"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Roxio\\Easy CD Creator 6\\DragToDisc\\DrgToDsc.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioEngineUtility]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="EngUtil"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Roxio Shared\\System\\EngUtil.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Java\\jre1.6.0_01\\bin\\jusched.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="GoogleToolbarNotifier"
"hkey"="HKCU"
"command"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Total Uninstall]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Tu"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Total Uninstall 4\\Tu.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Total Uninstall Agent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="TuAgent"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Total Uninstall 4\\TuAgent.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vidalia]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="vidalia"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Tor\\Vidalia\\vidalia.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WatchDog]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="WatchDog"
"hkey"="HKLM"
"command"="C:\\Program Files\\mobile PhoneTools\\WatchDog.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wcmdmgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="wcmdmgrl"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\wt\\updater\\wcmdmgrl.exe -launch"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\XP Tools]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="xptools"
"hkey"="HKCU"
"command"="C:\\Program Files\\XP Tools\\xptools.exe /min"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="1"
"hkey"="HKCU"
"command"="1"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"KodakCCS"=dword:00000002
"Ati HotKey Poller"=dword:00000002
"AOL ACS"=dword:00000002
"ScsiAccess"=dword:00000002
"LexBceS"=dword:00000002

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0



-- End of Deckard's System Scanner: finished at 2007-07-27 at 23:40:47 ---------


extra.txt:

Deckard's System Scanner v20070711.54
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel Pentium III processor
Percentage of Memory in Use: 43%
Physical Memory (total/avail): 511.3 MiB / 288.01 MiB
Pagefile Memory (total/avail): 2981.95 MiB / 2767.62 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1950.51 MiB

A: is Removable (No Media)
C: is Fixed (FAT32) - 55.86 GiB total, 25.93 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)


-- Security Center -------------------------------------------------------------

AUOptions is set to notify before install.
Windows Internal Firewall is enabled.

AntivirusOverride is set.


[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\AdsGone\\adsgone.exe"="C:\\Program Files\\AdsGone\\adsgone.exe:*:Enabled:Popup Killer Spyware blocker powered by AdsGone"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus"
"C:\\Program Files\\iMesh Applications\\iMesh\\iMesh.exe"="C:\\Program Files\\iMesh Applications\\iMesh\\iMesh.exe:*:Enabled:iMesh"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL Connectivity Service"
"C:\\Program Files\\mIRC\\mirc.exe"="C:\\Program Files\\mIRC\\mirc.exe:*:Enabled:mIRC"
"C:\\Thriller\\Thriller\\mirc.exe"="C:\\Thriller\\Thriller\\mirc.exe:*:Enabled:mIRC"
"C:\\Program Files\\Aim\\aim.exe"="C:\\Program Files\\Aim\\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\\Program Files\\Sienzo\\DMM\\DMM.exe"="C:\\Program Files\\Sienzo\\DMM\\DMM.exe:*:Disabled:DMM"
"C:\\mcoinstall.exe"="C:\\mcoinstall.exe:*:Disabled:mcoinstall"
"C:\\Program Files\\NetMeeting\\conf.exe"="C:\\Program Files\\NetMeeting\\conf.exe:*:Disabled:Windows® NetMeeting®"
"C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\America Online 9.0c\\WAOL.EXE"="C:\\Program Files\\America Online 9.0c\\WAOL.EXE:*:Enabled:America Online 9.0c"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Amy Avery\Application Data
CLASSPATH=.;c:\COREL\OFFICE7\SHARED\BARISTA;c:\COREL\OFFICE7\SHARED\TRUEDOC;C:\Program Files\Java\jre1.5.0_03\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=GG2JD01
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Amy Avery
LD_LIBRARY_PATH=c:\COREL\OFFICE7\SHARED\TRUEDOC\BIN
LOGONSERVER=\\GG2JD01
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\WBEM;C:\PROGRA~1\DELL\RESOLU~1\COMMON\BIN;c:\COREL\OFFICE7\SHARED\TRUEDOC\BIN;C:\PROGRA~1\COMMON~1\ROXIOS~1\DLLSHA~1;C:\Program Files\QuickTime\QTSystem\;C:\PROGRA~1\DELL\RESOLU~1\COMMON\BIN;c:\windows\SYSTEM\WBEM;;c:\COREL\OFFICE7\SHARED\TRUEDOC\BIN;C:\PROGRA~1\COMMON~1\ROXIOS~1\DLLSHA~1;C:\PROGRA~1\COMMON~1\MUVEET~1\030625
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 8 Stepping 6, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0806
ProgramFiles=C:\Program Files
PROMPT=$p$g
PS5ROOT=c:\Program Files\Roxio\Easy CD Creator 6\PhotoSuite\
QTJAVA=C:\Program Files\Java\jre1.5.0_03\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\AMYAVE~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\AMYAVE~1\LOCALS~1\Temp
USERDOMAIN=GG2JD01
USERNAME=Amy Avery
USERPROFILE=C:\Documents and Settings\Amy Avery
winbootdir=C:\WINDOWS
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Amy Avery (admin)
Administrator (admin)
Guest (guest)


-- Add/Remove Programs ---------------------------------------------------------

--> "C:\PROGRA~1\OUTLOO~1\setup50.exe" /APP:WAB /CALLER:IE50 /UNINSTALL /PROMPT
--> C:\PROGRA~1\SBCSEL~1\CustomUninstall.exe SBC
--> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
--> MsiExec.exe /I{15BFECE8-A100-4861-B92B-1EFF76683C23}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Abacre File Encryptor v1.0 --> "C:\Program Files\Abacre File Encryptor\unins000.exe"
AC3Filter (remove only) --> C:\Program Files\AC3Filter\uninstall.exe
Ad-aware 6 Personal --> C:\PROGRA~1\LAVASOFT\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\LAVASOFT\AD-AWA~1\INSTALL.LOG
Ad-Aware SE Personal --> MsiExec.exe /X{78CC3BAB-DE2A-4FB4-8FBB-E4DADDC26747}
Adobe Acrobat 4.0, 5.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A80000000002}
Adobe Shockwave Player --> C:\WINDOWS\SYSTEM32\MACROMED\SHOCKW~2\UNWISE.EXE C:\WINDOWS\SYSTEM32\MACROMED\SHOCKW~2\Install.log
AdsGone Popup Killer Spyware Blocker by A1Tech.com --> "C:\Program Files\AdsGone\unins000.exe"
America Online (Choose which version to remove) --> C:\Program Files\Common Files\aolshare\Aolunins_us.exe
Anark Client 4 --> C:\Program Files\Anark\Anark Client 4\AMInstal.exe -uninstall
AOL Coach Version 2.0(Build:20041026.5 en) --> C:\Program Files\Common Files\AolCoach\en_en\AolCInUn.exe -lang=en_en -ext=UDP
AOL Connectivity Services --> "C:\Program Files\Common Files\AOL\ACS\AcsUninstall.exe" /c
AOL Deskbar --> "C:\Program Files\AOL Deskbar\UNWISE.EXE" /u "C:\Program Files\AOL Deskbar\INSTALL.LOG"
AOL Instant Messenger --> C:\PROGRAM FILES\AIM\uninstll.exe -LOG= C:\PROGRAM FILES\AIM\install.log -OEM=
AOL Spyware Protection --> C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\UNWISE.EXE C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\INSTALL.LOG
Apple Software Update --> MsiExec.exe /I{A260B422-70E1-41E2-957D-F76FA21266D5}
aspi --> MsiExec.exe /I{015E4B8A-29B5-4AE3-BD08-38220FADFF4C}
AT&T Self Support Tool --> C:\WINDOWS\Motive\SBC\MCCUninst.exe
AT&T Yahoo! Applications --> C:\PROGRA~1\YAHOO!\common\uninstall.exe
ATI Display Driver --> rundll32 C:\WINDOWS\System32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
ATITool Overclocking Utility --> "C:\Program Files\ATITool\Uninstall.exe"
Attune 2.3.2 --> MsiExec.exe /I{8F7C09A4-EBAE-11D3-A9AF-005004D2ECE4}
Azureus --> C:\Program Files\Azureus\Uninstall.exe
Billiard Master 2 --> C:\Program Files\Microsoft ActiveSync\Billiard Master 2\Uninstall.exe Billiard Master 2
BitDefender 8 Free Edition --> MsiExec.exe /I{8BFFDBAB-FD81-4137-A98E-A769C828080C}
Blender (remove only) --> "C:\Program Files\Blender Foundation\Blender\uninstall.exe"
BroadJump Client Foundation --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\BroadJump\Client Foundation\Uninst.isu" -c"C:\Program Files\BroadJump\Client Foundation\RmvBJCFD.dll" -b"CFD" -h"CFD" -a
Bubble Shooter Deluxe --> "C:\Program Files\absolutist.com\Bubble Shooter Deluxe\unins000.exe"
CCHelp --> MsiExec.exe /I{9D1CF8B6-17B3-4832-B062-2C2DD0B57B04}
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
CCScore --> MsiExec.exe /I{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}
Chuzzle Deluxe --> C:\PROGRA~1\GAMEHO~1\CHUZZL~1\UNWISE.EXE /U C:\PROGRA~1\GAMEHO~1\CHUZZL~1\INSTALL.LOG
Conexant HCF V.90 56K RTAD,Speakerphone PCI Modem --> infunist.exe VEN_14F1&DEV_1036&SUBSYS_020913E0
Corel Remove Program --> c:\Corel\Office7\AppMan\Setup\remove.exe
CR2 --> MsiExec.exe /I{432C3720-37BF-4BD7-8E49-F38E090246D0}
Dell AIO Printer A920 --> C:\WINDOWS\System32\spool\drivers\w32x86\3\DLBKUN5C.EXE -dDell AIO Printer A920
Dell Resolution Assistant --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Dell\Resolution Assistant\Uninst.isu" -c"C:\Program Files\Dell\Resolution Assistant\UninstDll.dll"
DellEPro Internet Service --> C:\PROGRA~1\DELLPR~1\UNWISE.EXE C:\PROGRA~1\DELLPR~1\INSTALL.LOG "DellEPro Internet Service"
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter --> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DLL Show --> C:\WINDOWS\SDUnInst.exe c:\program files\software by design\dllshow.uni
DMM Uninstall --> "C:\Program Files\Sienzo\DMM\Sienzo-DMM-uninstall.exe"
Easy CD & DVD Creator 6 --> MsiExec.exe /I{644F9DBE-CEDB-45AF-ACB8-E26692B74F62}
EnhanceMovie 2.2 --> C:\Program Files\EnhanceMovie 2.2\uninst.exe
Entriq MediaSphere 3.5.2.2 --> "C:\Program Files\Entriq\MediaSphere\unins000.exe"
ESSAdpt --> MsiExec.exe /I{D15E9DB5-6BEB-4534-901E-80C0A29BAB97}
ESSANUP --> MsiExec.exe /I{A6F18A67-B771-4191-8A33-36D2E742D6D9}
ESSBrwr --> MsiExec.exe /I{643EAE81-920C-4931-9F0B-4B343B225CA6}
ESSCAM --> MsiExec.exe /I{469730CC-78DF-4CD3-B286-562D459EA619}
ESSCDBK --> MsiExec.exe /I{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}
ESScore --> MsiExec.exe /I{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}
ESSgui --> MsiExec.exe /I{91517631-A9F3-4B7C-B482-43E0068FD55A}
ESShelp --> MsiExec.exe /I{87843A41-7808-4F2E-B13F-25C1E67CF2FD}
ESSini --> MsiExec.exe /I{8E92D746-CD9F-4B90-9668-42B74C14F765}
ESSPCD --> MsiExec.exe /I{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}
ESSTUTOR --> MsiExec.exe /I{CA60320D-6A16-49C8-A34F-84EEF4799567}
ESSvpaht --> MsiExec.exe /I{A5B3EB8A-4071-42F0-8E8E-7A8342AA8E69}
ESSvpot --> MsiExec.exe /I{48C82F7A-F100-4DAB-A310-8E18BF2159E1}
Eusing Free Registry Cleaner --> C:\PROGRA~1\EUSING~1\UNWISE.EXE C:\PROGRA~1\EUSING~1\INSTALL.LOG
FaxTools --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F45298E5-0083-426F-A668-1A2C5F04B8A0}\setup.exe" -l0x9 ControlPanel
Feel Blue Skin --> C:\Program Files\MSN Messenger\Feel Blue Skin Uninstall.exe
Folder Lock --> C:\Program Files\Folder Lock\Uninstall.exe
Fusion --> "C:\Program Files\Fusion\ReflexiveArcade\unins000.exe"
Google Earth --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9 -removeonly
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
Google Updater --> "C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
GuitarFX 3 --> C:\PROGRA~1\GUITAR~1\UNWISE.EXE C:\PROGRA~1\GUITAR~1\INSTALL.LOG
HighMAT Extension to Microsoft Windows XP CD Writing Wizard --> MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}
HijackThis 2.0.0 --> "C:\Documents and Settings\Amy Avery\Desktop\Everything\programs\security\HijackThis.exe" /uninstall
HWiNFO32 Version 1.74 --> "C:\Program Files\HWiNFO32\unins000.exe"
ID Firewall 1.2 --> "C:\Program Files\ID Security Suite\ID Firewall\unins000.exe"
iF/A-18 Carrier Strike Fighter --> C:\WINDOWS\IsUninst.exe -fC:\I-Magic\F18\Uninst.isu
ImageMixer VCD2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F8C6BABF-0837-4EA0-AD6C-8E5A392A7538}\setup.exe" -l0x9 UNINSTALL
iMesh --> C:\PROGRA~1\IMESHA~1\IMESH\UNWISE.EXE C:\PROGRA~1\IMESHA~1\IMESH\INSTALL.LOG
Intel Application Accelerator --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9984DF60-1C5B-11D3-ACA1-908A4FC10801}\Setup.exe" -INTELUNINST
Intel® PRO Ethernet Adapter and Software --> 8255xDel.exe
InterActual Player --> C:\Program Files\InterActual\InterActual Player\inuninst.exe
InterVideo WinDVD --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\InterVideo\WinDVD\Uninst.isu"
IOGEAR Bluetooth Software --> MsiExec.exe /X{3F4EC965-28EF-45C3-B063-04B25D4E9679}
Iomega Software --> C:\WINDOWS\uninst.exe -f"C:\Program Files\Iomega\Tools\DeIsL1.isu" -c"C:\Program Files\Iomega\Tools\Uninst.dll
J2SE Runtime Environment 5.0 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150030}
Java 2 Runtime Environment Standard Edition v1.3 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\JavaSoft\JRE\1.3\Uninst.isu"
Java 2 Runtime Environment, SE v1.4.2_04 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142040}
Java™ SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
KeyScrambler --> C:\Program Files\KeyScrambler\uninstall.exe
Kodak EasyShare software --> C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_3c0002_2a81e\Setup.exe /APR-REMOVE
KSU --> MsiExec.exe /I{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}
Learn2 Player (Uninstall Only) --> C:\Program Files\Learn2.com\StRunner\stuninst.exe
Lexmark Supplies Monitor --> C:\WINDOWS\SYSTEM32\lxsmunin.exe
LimeWire 4.12.11 --> "C:\Program Files\LimeWire\uninstall.exe"
LiveUpdate BVRP Software --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}\Setup.exe" -l0x9
Microsoft ActiveSync --> MsiExec.exe /I{99052DB7-9592-4522-A558-5417BBAD48EE}
Microsoft IntelliPoint --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Microsoft Hardware\Mouse\Uninst.isu" -c"C:\Program Files\Microsoft Hardware\Mouse\Uninstal.dll"
Microsoft Outlook 2002 --> MsiExec.exe /I{911A0409-6000-11D3-8CFE-0050048383C9}
Microsoft PowerPoint Viewer 97 --> C:\Program Files\PowerPoint Viewer\setup\setup.exe
Microsoft SideWinder game pad --> C:\Program Files\Microsoft Hardware\Gaming Devices\UNINSTAL.EXE
Microsoft Visual C# 2005 Express Edition - ENU --> C:\Program Files\Microsoft Visual Studio 8\Microsoft Visual C# 2005 Express Edition - ENU\setup.exe
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
mIRC --> "C:\Program Files\mIRC\mirc.exe" -uninstall
mobile PhoneTools --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F18E8A0F-BE99-4305-96A5-6C0FD9D7D999}\setup.exe" -l0x9
Modem Helper --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Modem Helper\Uninst.isu"
Motherboard Monitor 5 --> "C:\Program Files\Motherboard Monitor 5\unins000.exe"
Mozilla Firefox (2.0.0.4) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSN Messenger 7.5 --> MsiExec.exe /I{CEB3A11A-03EA-11DA-BFBD-00065BBDC0B5}
Mystery Case Files - Prime Suspects --> "C:\Program Files\Comcast Play Games\Mystery Case Files - Prime Suspects\Uninstall.exe" "C:\Program Files\Comcast Play Games\Mystery Case Files - Prime Suspects\install.log"
NBC Universal 1.0.0.7 --> "C:\Program Files\NBC Universal\MediaSphere\unins000.exe"
Notifier --> MsiExec.exe /I{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}
Online Hold'em Inspector 2.36d8 --> C:\Program Files\HoldemInspector2\uninst.exe
OpenOffice.org 2.1 --> MsiExec.exe /I{43983EB4-43DC-4C3D-9712-1EF592A31CA8}
OTtBP --> MsiExec.exe /I{F71760CD-0F8B-4DCC-B7B7-6B223CC3843C}
PartyBingo --> "C:\Program Files\PartyGaming\PartyBingo\Uninstall.exe" "C:\Program Files\PartyGaming\PartyBingo\install.log"
PartyCasino --> "C:\Program Files\PartyGaming\PartyCasino\Uninstall.exe" "C:\Program Files\PartyGaming\PartyCasino\install.log"
PartyPoker --> "C:\Program Files\PartyGaming\PartyPoker\Uninstall.exe" "C:\Program Files\PartyGaming\PartyPoker\install.log"
PCDLNCH --> MsiExec.exe /I{69BD6399-3D8F-45B7-81D9-819361F5101D}
Picture Package --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1E2F8AE3-3437-44E6-BB75-E95751D6B83F}\setup.exe" -l0x9 UNINSTALL
PrimeSuspects 1.0.0.0 --> C:/Program Files/Comcast Play Games\Mystery Case Files - Prime Suspects\Uninstall.exe
Privoxy 3.0.6 --> "C:\Program Files\Tor\Privoxy\privoxy_uninstall.exe"
Project64 1.6 --> MsiExec.exe /X{9559F7CA-5E34-4237-A2D9-D856464AD727}
Pure Networks Port Magic --> C:\Program Files\Pure Networks\Port Magic\PortAOL.exe -Uninstall -ShowUI
QML-Edit 2 --> MsiExec.exe /I{96349B99-2B01-11D6-A498-00C0CA17CB87}
Quick Macros 2 --> "C:\Program Files\Quick Macros 2\unins000.exe"
QuickTime --> MsiExec.exe /I{5E863175-E85D-44A6-8968-82507D34AE7F}
RealPlayer Basic --> C:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0
Registry Optimizer 2007 --> C:\WINDOWS\unvise32.exe C:\Program Files\Registry Optimizer 2007\uninstal.log
Remove on Reboot Shell Extension --> "C:\Program Files\Remove on Reboot\unins000.exe"
Saitek SST Programming Software --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{655EE3B7-0113-4C5E-B147-B82BA325643F}\setup.exe" AddRem
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
SFR --> MsiExec.exe /I{C354C9B6-A4E0-4BB0-A368-6DC6BCA0E314}
SFR2 --> MsiExec.exe /I{ABE068DF-8DC4-4947-ABFC-DD2B40850225}
Solution Center --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\ENGINE\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4B0ED720-87D3-11D4-A188-0050DA2DDF19}\SETUP.EXE"
Sonic Foundry ACID Music 3.0a --> MsiExec.exe /I{A2D88E8E-81CC-4D1B-84B9-67CB699394D8}
Sony USB Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}\Setup.exe" UNINSTALL
SoundMAXWDM --> C:\WINDOWS\SYSTEM\ADIOUT.BAT
Test Tone Generator 4.2 --> "C:\Program Files\Test Tone Generator\unins000.exe"
Text Workbench 5.0 --> "C:\Program Files\SilverAge Software\Tools\Text Workbench\unins000.exe"
Tor 0.1.2.14 --> "C:\Program Files\Tor\Tor\Uninstall.exe"
Total Uninstall 4.11 --> "C:\Program Files\Total Uninstall 4\unins000.exe"
Unlocker 1.8.5 --> C:\Program Files\Unlocker\uninst.exe
Vidalia 0.0.11 --> "C:\Program Files\Tor\Vidalia\uninstall.exe"
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
WildTangent Updater --> C:\WINDOWS\wt\updater\wcmdmgr.exe -uninstall wcmdmgr.exe
WildTangent Web Driver --> C:\WINDOWS\wt\updater\wcmdmgr.exe -uninstall wtwebdriver
Winamp (remove only) --> "C:\Program Files\Winamp\UninstWA.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
WinZip --> "C:\PROGRAM FILES\WINZIP\WINZIP32.EXE" /uninstall
XBCD 1.07 --> C:\Program Files\XBCD\uninst.exe
XP Tools Pro 6.96 --> "C:\Program Files\XP Tools\unins000.exe"
XviD 1.1 final uninstall --> "C:\Program Files\XviD\unins000.exe"


-- End of Deckard's System Scanner: finished at 2007-07-27 at 23:40:47 ---------




BLACKLIGHT LOG> It didnt find anything but here is the log:

07/27/07 23:58:38 [Info]: BlackLight Engine 1.0.64 initialized
07/27/07 23:58:38 [Info]: OS: 5.1 build 2600 (Service Pack 2)
07/27/07 23:58:39 [Note]: 7019 4
07/27/07 23:58:39 [Note]: 7005 0
07/27/07 23:58:47 [Note]: 7006 0
07/27/07 23:58:47 [Note]: 7011 2504
07/27/07 23:58:47 [Note]: 7026 0
07/27/07 23:58:48 [Note]: 7026 0
07/27/07 23:58:54 [Note]: FSRAW library version 1.7.1022
07/28/07 00:01:05 [Note]: 2000 1012
07/28/07 00:04:02 [Note]: 7007 0



Kaspersky Log:


-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Saturday, July 28, 2007 12:54:58 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.0
Kaspersky Anti-Virus database last update: 28/07/2007
Kaspersky Anti-Virus database records: 368933
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 79645
Number of viruses found: 2
Number of infected objects: 7
Number of suspicious objects: 0
Duration of the scan process: 01:42:52

Infected Object Name / Virus Name / Last Action
C:\WINDOWS\SYSTEM32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\SYSTEM32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\SYSTEM32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\SYSTEM32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\config\system.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\config\software.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\config\default.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\config\DEFAULT Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SECURITY Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SYSTEM Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SAM Object is locked skipped
C:\WINDOWS\SYSTEM32\config\Internet.evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\SYSTEM32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\SYSTEM32\h323log.txt Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\TEMP\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\WINDOWS\TEMP\Cookies\index.dat Object is locked skipped
C:\WINDOWS\TEMP\History\History.IE5\index.dat Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\Deckard\System Scanner\backup\DOCUME~1\AMYAVE~1\LOCALS~1\Temp\~DF3F11.tmp Object is locked skipped
C:\Deckard\System Scanner\backup\DOCUME~1\AMYAVE~1\LOCALS~1\Temp\~DF3F1A.tmp Object is locked skipped
C:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.621 skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\2.0\aolstdout.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\2.0\aolstderr.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\2.0\server.lock Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\2.0\cache.db Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat Object is locked skipped
C:\Documents and Settings\Amy Avery\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Amy Avery\Local Settings\Temp\WCESLog.log Object is locked skipped
C:\Documents and Settings\Amy Avery\Local Settings\Temp\~DF2137.tmp Object is locked skipped
C:\Documents and Settings\Amy Avery\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Amy Avery\Local Settings\History\History.IE5\MSHist012007072820070729\index.dat Object is locked skipped
C:\Documents and Settings\Amy Avery\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Amy Avery\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Amy Avery\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Amy Avery\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Amy Avery\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Amy Avery\Desktop\Everything\programs\internet\mirc621.exe/stream/data0008 Infected: not-a-virus:Client-IRC.Win32.mIRC.621 skipped
C:\Documents and Settings\Amy Avery\Desktop\Everything\programs\internet\mirc621.exe/stream Infected: not-a-virus:Client-IRC.Win32.mIRC.621 skipped
C:\Documents and Settings\Amy Avery\Desktop\Everything\programs\internet\mirc621.exe NSIS: infected - 2 skipped
C:\Documents and Settings\Amy Avery\Desktop\game\Dell AXIM\Absolutist_Bubble_Shooter_v1.0_for_Pocket_PC.zip/keygen.exe Infected: Trojan.Win32.Pakes.av skipped
C:\Documents and Settings\Amy Avery\Desktop\game\Dell AXIM\Absolutist_Bubble_Shooter_v1.0_for_Pocket_PC.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Amy Avery\Desktop\game\Dell AXIM\Absolutist_Bubble_Shooter_v1.0_for_Pocket_PC\keygen.exe Infected: Trojan.Win32.Pakes.av skipped
C:\Documents and Settings\Amy Avery\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Amy Avery\Application Data\$_hpcst$.hpc Object is locked skipped
C:\Documents and Settings\Amy Avery\ntuser.dat Object is locked skipped
C:\System Volume Information\_restore{F7B92754-E137-4237-8F45-A338683E220B}\RP453\change.log Object is locked skipped

Scan process completed.

#5 Rorschach

Rorschach

  • Members
  • 523 posts
  • OFFLINE
  •  
  • Local time:07:47 AM

Posted 29 July 2007 - 12:13 PM

Hello Pike

Can you tell me what is included in ID Security Suite? Does it include an anti-virus and firewall? You have Windows Firewall enabled, so if you also have a firewall from ID Security Suite running this can lead to conflicts and problems.

If so, then please disable Windows Firewall by doing the following :

1. Click Start, click Run, type Firewall.cpl, and then click OK.
2. On the General tab, click Off (not recommended), and then click OK.



I see you have Viewpoint Manager installed on your PC

Viewpoint Manager is considered as foistware instead of malware since it is installed without user's approval but doesn't spy or do anything "bad". This may change, read Viewpoint to Plunge Into Adware.
I recommend that you remove the Viewpoint products; however, decide for yourself. To uninstall the the Viewpoint components (Viewpoint, Viewpoint Manager, Viewpoint Media Player):
  • Click Start, point to Settings, and then click Control Panel.
  • In Control Panel, double-click Add or Remove Programs.
  • In Add or Remove Programs, highlight >>Viewpoint component<< , click Remove.
  • Do the same for each Viewpoint component.

You should also uninstall the following programs as they come bundled with adaware. So go to Start > Control Panel > Add or Remove Programs > Remove the following

WildTangent Updater
WildTangent Web Driver


You can read about Wildtangent here



Please delete this file in bold

C:\Documents and Settings\Amy Avery\Desktop\game\Dell AXIM\Absolutist_Bubble_Shooter_v1.0_for_Pocket_PC.zip/keygen.exe


Can you please tell me about this. Did you make this yourself?
C:\\Thriller\\Thriller\\mirc.exe



So in your next reply please post the following : the answer to my questions, tell me if you disabled Windows Firewall ok, and say how your PC is running now.

#6 Pike

Pike
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:47 AM

Posted 12 August 2007 - 09:07 AM

Sorry once again for the huge delay,.. my comp crashed totally. So I did a repair only to get back in and save my important files before I do a full clean install of windows. I removed viewpoint and all wildtangent programs and the ID suite since I no longer use this and nothing has changed.
I really feel like it is the C:\\Thriller\\Thriller\\mirc.exe that is causing the problem.
I did not make this and the only scanner that has ever picked it up is the Deckard's scanner. My 'BitDefender' antivirus has never detected it, nor has trend micro online scan...

I cannot find it manually (says the filename or path is invalid)

I am planning a new reinstall of windows later this week, but any information you can give me about this file or how to delete it would be great! Thanks for your patients.

Pike

#7 Rorschach

Rorschach

  • Members
  • 523 posts
  • OFFLINE
  •  
  • Local time:07:47 AM

Posted 12 August 2007 - 03:34 PM

Hello Pike

The file C:\\Thriller\\Thriller\\mirc.exe could be a backdoor server. We are always wary of mirc.exe when it isn't in it's proper folder. It's hard to tell if it's responsible for your problems though.


Please download OTMoveIt by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

    C:\\Thriller

  • Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
  • Click the red Moveit! button.
  • Close OTMoveIt
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Please "Copy" the results from the "Results" window (to the right) and then "Paste" them into your next reply on the forum.

Note : If a reboot was necessary or you needed to Exit before posting the log, you will find a copy of the log at the root of the drive where OTMoveIt is installed, usually at :
C:\_OTMoveIt\MovedFiles\********_******.log
(where "********_******" is the "date_time")

Click "Exit" to close OTMoveIt.



* Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
  • Double click the drweb-cureit.exe file and Allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, mark the drives that you want to scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow at the right, and the scan will start.
  • Click 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, in the menu, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.
  • Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web you saved previously in your next reply.
So in your next reply please post the following : the OTMoveIt results, the Dr. Web Cureit report, and tell me how your PC is running now.

#8 Pike

Pike
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:47 AM

Posted 15 August 2007 - 03:34 PM

OTMoveIt results:

File/Folder C:\\Thriller not found.

Created on 08/15/2007 13:10:05

**I dont understand why it didnt find it, the program that reported it last time didnt delete it, and I could not find it manually??



Dr. Web Cureit report:

adsgone.exe;c:\program files\adsgone;Probably BACKDOOR.Trojan;;

aoltsmon.dll;C:\Program Files\Common Files\AOL\TopSpeed\2.0;Probably DLOADER.Trojan;;

GTDownAO_106.ocx;C:\Program Files\Common Files\AolCoach\en_en;Adware.Gdown;;

InstallHelper.exe;C:\Program Files\Common Files\Motive;Probably MULDROP.Trojan;;

CFD.exe;C:\Program Files\BroadJump\Client Foundation\bak;Adware.Cfd;;

adsgone.EXE;C:\Program Files\AdsGone;Probably BACKDOOR.Trojan;;

GoogleUpdaterInstallMgr.exe;C:\Program Files\Google\Google Updater\2.1.886.21021;Probably DLOADER.Trojan;;

mirc.exe;C:\Program Files\mIRC;Program.mIRC.621;;
EntriqMediaServer.exe;C:\Program Files\Entriq\MediaSphere\Bin;Probably BACKDOOR.Trojan;;

HostsXpert.exe;C:\Documents and Settings\Amy Avery\Desktop\Everything\programs\security\HostsXpert\HostsXpert;Probably WIN.WORM.Virus;;

telltale_texas_hold'em.exe;C:\Documents and Settings\Amy Avery\Desktop\game\reflexive.arcade.telltale.texas.holdem;Tool.ASEye.2;;


I am going to reboot now and I will tell you how the computer is running. I will post shortly
Thank you!

#9 Pike

Pike
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:47 AM

Posted 15 August 2007 - 03:48 PM

w00t!!

It worked! >When I first opened a folder all desktop icons cleared and reloaded so I thought explorer.exe would still crash when I closed the folder but it didnt. Then when I opened another folder, the desktop icons did not go away at all. Looks like problem solved so far!

If it acts up within the next day or so again, is it better to PM you or just post here again?

#10 Pike

Pike
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:47 AM

Posted 16 August 2007 - 09:36 AM

Spoke too soon!
I havent changed anything on the system since yesterday and now closing the folders is making explorer.exe fail. Also all the Icons are dissapearing and re-apearing again.

Also I have booted my computer twice today, and each time, after the screen that shows that key board detected.. and all drives detected, it stops and says press delete key to continue. No warnings, or error messages, just press delete to continue...


example
============
Keyboard.............detected
Floppy...............detected
cd-rom..............detected
..
..
Press 'delete' key to continue.
============


The order is probably different but it has never done this before. Usually just boots to windows..
Bad BIOS? Any suggestions?

#11 Rorschach

Rorschach

  • Members
  • 523 posts
  • OFFLINE
  •  
  • Local time:07:47 AM

Posted 18 August 2007 - 11:23 AM

Hello Pike, your logs look fine, it doesn't seem to be a malware problem. They could probably help you better on the Windows XP forum.

A few things you need to do.


You now need to update your Java and remove your older versions.

Please follow these steps to remove older version Java components.

* Click Start > Control Panel.
* Click Add/Remove Programs.
* Check any item with Java Runtime Environment (JRE) in the name.
* Click the Remove or Change/Remove button.

Download the latest version of Java Runtime Environment (JRE), and install it to your computer from
here



Now we need to create a new System Restore point.

Click Start Menu > Run > type (or copy and paste)

%SystemRoot%\System32\restore\rstrui.exe

Press OK. Choose Create a Restore Point then click Next. Name it and click Create, when the confirmation screen shows the restore point has been created click Close.

Next goto Start Menu > Run > type

cleanmgr

Click OK, Disk Cleanup will open and start calculating the amount of space that can be freed, Once thats finished it will open the Disk Cleanup options screen, click the More Options tab then click Clean up on the system restore area and choose Yes at the confirmation window which will remove all the restore points except the one we just created.

To close Disk Cleanup and remove the Temporary Internet Files detected in the initial scan click OK then choose Yes on the confirmation window.


Below I have included a number of recommendations for how to protect your computer against malware infections.

* Keep Windows updated by regularly checking their website at :
http://windowsupdate.microsoft.com/
This will ensure your computer has always the latest security updates available installed on your computer.

* To reduce re-infection for malware in the future, I strongly recommend installing these free programs:
SpywareBlaster protects against bad ActiveX
IE-SPYAD puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all

* SpywareGuard offers realtime protection from spyware installation attempts.

* Take a good look at the following suggestions for malware prevention by reading Tony Klein’s article 'How Did I Get Infected In The First Place'
Here

Thank you for your patience, and performing all of the procedures requested.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users