Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware/virus? Not Sure. Help Appreciated.


  • Please log in to reply
7 replies to this topic

#1 BrazeDog

BrazeDog

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:12 PM

Posted 06 March 2008 - 01:02 AM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:50:28 AM, on 3/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\WINDOWS\system32\rpcnet.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Dell\QuickSet\QuickSet.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\OEM02Mon.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\McAfee\MSK\MskAgent.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\DELL\DELL Webcam Manager\DellWMgr.exe
C:\Program Files\DellAutomatedPCTuneUp\PTAgnt.exe
C:\Program Files\Steam\Steam.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\3M\PsnLite.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\PROGRA~1\3M\PSNGive.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\WINDOWS\OEM02Mon.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] "C:\PROGRA~1\SYMANT~1\VPTray.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [DELL Webcam Manager] "C:\Program Files\DELL\DELL Webcam Manager\DellWMgr.exe" /s
O4 - HKCU\..\Run: [DellAutomatedPCTuneUp] "C:\Program Files\DellAutomatedPCTuneUp\PTAgnt.exe" /startup
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PsnLite.exe
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab
O16 - DPF: {700EF03F-A472-4D26-8ACB-300F4D04FD96} (Recovery ActiveX Control Module) - https://www.lojackforlaptops.com/ctmweb/testoc.cab
O20 - AppInit_DLLs: cru629.dat
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: DellAMBrokerService - Unknown owner - C:\Program Files\DellAutomatedPCTuneUp\brkrsvc.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPBOID.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pharos Systems ComTaskMaster - Pharos Systems International - C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Remote Procedure Call (RPC) Net (rpcnet) - Absolute Software Corp. - C:\WINDOWS\system32\rpcnet.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 15845 bytes


Programs always go to not responding, virtual memory is said to be low, the commit charge on the task manager is almost always maxed out, always gives me error messages that there is not enough memory to open up a program when literally no other programs are on, slow boot/restart times, etc. Any help would be appreciated. If any other info would be helpful, just let me know.

BC AdBot (Login to Remove)

 


#2 random/random

random/random

  • Malware Response Team
  • 2,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:12 AM

Posted 11 March 2008 - 04:50 PM

Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.
  • Close all applications and windows.
  • Double-click on dss.exe to run it, and follow the prompts.
  • When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt<-this one will be minimized
  • Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt and the extra.txt to your post. in your reply


#3 BrazeDog

BrazeDog
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:12 PM

Posted 11 March 2008 - 09:47 PM

Main.TXT

Deckard's System Scanner v20071014.68
Run by Robert on 2008-03-11 22:39:19
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
52: 2008-03-12 02:39:41 UTC - RP78 - Deckard's System Scanner Restore Point
51: 2008-03-12 02:09:12 UTC - RP77 - Software Distribution Service 3.0
50: 2008-03-11 22:55:17 UTC - RP76 - System Checkpoint
49: 2008-03-11 16:21:28 UTC - RP75 - Restore Operation
48: 2008-03-10 23:13:51 UTC - RP74 - Restore Operation


-- First Restore Point --
1: 2008-02-29 00:11:36 UTC - RP27 - New Installation


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Robert.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:41:20 PM, on 3/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Dell\QuickSet\QuickSet.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\OEM02Mon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\DELL\DELL Webcam Manager\DellWMgr.exe
C:\Program Files\DellAutomatedPCTuneUp\PTAgnt.exe
C:\Program Files\Steam\Steam.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\WINDOWS\system32\rpcnet.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\Documents and Settings\Robert\Desktop\dss.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Robert.exe

O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\WINDOWS\OEM02Mon.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] "C:\PROGRA~1\SYMANT~1\VPTray.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe -expressboot
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [DELL Webcam Manager] "C:\Program Files\DELL\DELL Webcam Manager\DellWMgr.exe" /s
O4 - HKCU\..\Run: [DellAutomatedPCTuneUp] "C:\Program Files\DellAutomatedPCTuneUp\PTAgnt.exe" /startup
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [HijackThis startup scan] C:\Program Files\Trend Micro\HijackThis\HijackThis.exe /startupscan
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab
O16 - DPF: {700EF03F-A472-4D26-8ACB-300F4D04FD96} (Recovery ActiveX Control Module) - https://www.lojackforlaptops.com/ctmweb/testoc.cab
O20 - AppInit_DLLs: cru629.dat
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: DellAMBrokerService - Unknown owner - C:\Program Files\DellAutomatedPCTuneUp\brkrsvc.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPBOID.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pharos Systems ComTaskMaster - Pharos Systems International - C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Remote Procedure Call (RPC) Net (rpcnet) - Absolute Software Corp. - C:\WINDOWS\system32\rpcnet.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 14731 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080308-134521-557 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
backup-20080308-134521-640 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
backup-20080308-134810-585 O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PsnLite.exe
backup-20080308-135116-721 O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
backup-20080308-135420-213 O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
backup-20080308-135502-712 O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
backup-20080308-141400-704 O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 APPDRV - c:\windows\system32\drivers\appdrv.sys <Not Verified; Dell Inc; Application Driver>
R3 DSproct - c:\program files\dellsupport\gtaction\triggers\dsproct.sys <Not Verified; Gteko Ltd.; processt>
R3 PTproct - c:\program files\dellautomatedpctuneup\gtaction\triggers\ptproct.sys <Not Verified; Gteko Ltd.; processt>

S3 UIUSys (Conexant Setup API) - c:\windows\system32\drivers\uiusys.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>
R2 Pharos Systems ComTaskMaster - "c:\progra~1\pharos~1\core\ctskmstr.exe" <Not Verified; Pharos Systems International; PHAROS>
R2 rpcnet (Remote Procedure Call (RPC) Net) - c:\windows\system32\rpcnet.exe <Not Verified; Absolute Software Corp.; Installation/Management Application>
R2 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager>

S3 DSBrokerService - "c:\program files\dellsupport\brkrsvc.exe" <Not Verified; ; Gteko BrkrSvc Application>
S3 stllssvr - "c:\program files\common files\surething shared\stllssvr.exe" <Not Verified; MicroVision Development, Inc.; SureThing CD Labeler>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-03-04 10:07:01 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2008-03-02 14:55:32 352 --a------ C:\WINDOWS\Tasks\McDefragTask.job
2008-03-02 14:55:31 354 --a------ C:\WINDOWS\Tasks\McQcTask.job


-- Files created between 2008-02-11 and 2008-03-11 -----------------------------

2008-03-11 22:42:49 0 d-------- C:\1035e3dd7d225d0215
2008-03-11 12:14:33 0 d-------- C:\Documents and Settings\Robert\.housecall6.6
2008-03-11 12:13:56 0 d-------- C:\WINDOWS\Sun
2008-03-10 00:40:31 106 --a------ C:\delete.bat
2008-03-09 18:02:19 0 d-------- C:\Documents and Settings\LocalService\Application Data\Identities
2008-03-09 13:26:47 0 d-------- C:\Documents and Settings\Robert\Application Data\WinPatrol
2008-03-09 13:26:36 0 d-------- C:\Program Files\BillP Studios
2008-03-08 19:24:12 0 dr------- C:\Documents and Settings\LocalService\Favorites
2008-03-05 09:45:47 0 d-------- C:\Documents and Settings\Default User\Application Data\Apple Computer
2008-03-05 08:56:20 0 dr-h----- C:\$VAULT$.AVG
2008-03-04 04:33:49 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-03-03 23:31:23 0 d-------- C:\Mp3 Output
2008-03-03 23:31:20 765952 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-03-03 23:31:20 4762112 --a------ C:\WINDOWS\system32\NCMedia.dll
2008-03-03 23:31:20 383238 --a------ C:\WINDOWS\system32\libmp3lame-0.dll
2008-03-03 23:31:19 0 d-------- C:\Program Files\FLV to MP3
2008-03-03 21:59:30 0 d-------- C:\Documents and Settings\Robert\Application Data\Ruckus Network
2008-03-03 21:48:36 0 d-------- C:\Documents and Settings\Robert\Application Data\AVG7
2008-03-03 21:48:03 0 d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-03-03 21:47:12 0 d-------- C:\Documents and Settings\All Users\Application Data\avg7
2008-03-03 18:11:51 0 d-------- C:\Program Files\Symantec
2008-03-03 18:07:41 0 d-------- C:\Program Files\Symantec AntiVirus
2008-03-03 18:07:41 0 d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-03-03 17:59:12 0 d-------- C:\Documents and Settings\Robert\Application Data\Grisoft
2008-03-03 14:18:11 0 d-------- C:\Documents and Settings\Robert\Application Data\Ahead
2008-03-03 14:17:35 0 d-------- C:\Documents and Settings\All Users\Application Data\CyberLink
2008-03-03 14:06:40 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-03-03 12:19:44 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-03-03 12:19:17 0 d-------- C:\Program Files\Common Files\Download Manager
2008-03-03 12:16:55 0 d-------- C:\Documents and Settings\Robert\Application Data\Uniblue
2008-03-03 12:05:28 0 dr-h----- C:\Documents and Settings\Robert\Recent
2008-03-03 00:43:53 0 d-------- C:\Program Files\Sun
2008-03-03 00:39:59 0 d-------- C:\Program Files\Java
2008-03-03 00:30:23 0 d-------- C:\Program Files\Common Files\Java
2008-03-03 00:28:52 0 d-------- C:\Documents and Settings\Robert\Application Data\Sun
2008-03-03 00:14:33 0 d-------- C:\Documents and Settings\Robert\Application Data\Malwarebytes
2008-03-03 00:14:25 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-03-03 00:05:06 0 d-------- C:\WINDOWS\pss
2008-03-03 00:02:20 0 d-------- C:\Program Files\Enigma Software Group
2008-03-02 14:57:40 143360 --a------ C:\WINDOWS\system32\dunzip32.dll <Not Verified; Inner Media, Inc.; DynaZIP-32 Multi-Threading UnZIP DLL>
2008-03-02 14:55:14 0 d-------- C:\Program Files\McAfee.com
2008-03-02 14:55:10 0 d-------- C:\Program Files\Common Files\McAfee
2008-03-02 14:54:53 0 d-------- C:\Program Files\McAfee
2008-03-02 14:54:06 0 d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2008-03-02 14:37:43 0 d-------- C:\Program Files\Trend Micro
2008-03-02 14:36:44 0 d-------- C:\Documents and Settings\LocalService\Application Data\Roxio
2008-03-02 14:36:35 0 d-------- C:\Documents and Settings\Robert\Application Data\Roxio
2008-03-02 14:28:20 0 d-------- C:\Documents and Settings\All Users\Application Data\InstallShield
2008-03-02 14:27:15 0 d-------- C:\Program Files\Common Files\SureThing Shared
2008-03-02 14:27:05 0 d-------- C:\WINDOWS\system32\DLA
2008-03-02 14:24:53 0 d-------- C:\Documents and Settings\All Users\Application Data\Roxio
2008-03-02 14:24:46 0 d-------- C:\Program Files\Common Files\Roxio Shared
2008-03-02 14:23:34 0 d-------- C:\Program Files\Roxio
2008-03-02 14:21:08 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-02 14:20:56 0 d-------- C:\Program Files\SpywareBlaster
2008-03-02 12:52:54 0 d-------- C:\Documents and Settings\All Users\Application Data\HP
2008-03-02 12:51:35 0 d-------- C:\Program Files\Common Files\Sonic Shared
2008-03-02 12:51:35 0 d-------- C:\Documents and Settings\All Users\Application Data\Sonic
2008-03-02 12:50:45 0 d-------- C:\Program Files\Common Files\HP
2008-03-02 12:48:44 0 d-------- C:\Program Files\Hewlett-Packard
2008-03-02 12:47:36 0 d-------- C:\WINDOWS\system32\URTTemp
2008-03-02 12:46:27 0 d-------- C:\Program Files\Common Files\Hewlett-Packard
2008-03-02 12:38:32 10752 --a------ C:\WINDOWS\system32\PSSCD722.DLL <Not Verified; Pharos Systems International; PHAROS>
2008-03-02 12:25:57 5389 -----n--- C:\WINDOWS\hpomdl06.dat
2008-03-02 12:25:57 88398 --a------ C:\WINDOWS\hpoins06.dat
2008-02-29 19:49:27 0 d-------- C:\Documents and Settings\All Users\Application Data\Intel
2008-02-29 19:47:20 0 d-------- C:\Documents and Settings\Robert\Application Data\Intel
2008-02-29 19:18:16 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-29 19:16:47 10752 --a------ C:\WINDOWS\system32\PSS42561.DLL <Not Verified; Pharos Systems International; PHAROS>
2008-02-29 19:14:46 0 d-------- C:\Program Files\HP
2008-02-29 19:11:25 0 d-------- C:\Documents and Settings\Robert\Application Data\HP
2008-02-29 19:09:02 0 d-------- C:\WINDOWS\InCD
2008-02-29 19:06:06 155648 --a------ C:\WINDOWS\system32\NeroCheck.exe <Not Verified; Ahead Software Gmbh; Ahead Software Gmbh NeroCheck>
2008-02-29 19:04:53 0 d-------- C:\Documents and Settings\All Users\Application Data\Ahead
2008-02-29 19:04:51 364544 -----n--- C:\WINDOWS\system32\TwnLib4.dll <Not Verified; Pegasus Imaging Corp.; TwnLib4>
2008-02-29 19:04:51 106496 --a------ C:\WINDOWS\system32\TwnLib20.dll <Not Verified; Pegasus Software; TWNLIB20>
2008-02-29 19:04:51 471040 -----n--- C:\WINDOWS\system32\ImagXRA7.dll <Not Verified; Pegasus Imaging Corp.; ImagXpress7>
2008-02-29 19:04:51 262144 -----n--- C:\WINDOWS\system32\ImagXR7.dll <Not Verified; Pegasus Imaging Corp.; ImagXpress7>
2008-02-29 19:04:51 1568768 -----n--- C:\WINDOWS\system32\ImagX7.dll <Not Verified; Pegasus Imaging Corp.; ImagXpress7>
2008-02-29 19:04:50 38912 -----n--- C:\WINDOWS\system32\picn20.dll <Not Verified; Pegasus Imaging Corp.; PEGASUS>
2008-02-29 19:04:49 0 d-------- C:\Program Files\Common Files\Ahead
2008-02-29 19:04:44 0 d-------- C:\Program Files\Ahead
2008-02-29 18:59:51 0 d-------- C:\Program Files\WinISO
2008-02-29 18:57:53 0 d-------- C:\Program Files\Datel
2008-02-29 18:57:46 0 d-------- C:\Documents and Settings\Robert\Application Data\acccore
2008-02-29 18:56:18 0 d-------- C:\Program Files\Photo Viewer
2008-02-29 18:42:42 0 d-------- C:\Program Files\CyberLink
2008-02-29 18:37:32 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-29 18:35:43 10752 --a------ C:\WINDOWS\system32\PSS38EF9.DLL <Not Verified; Pharos Systems International; PHAROS>
2008-02-29 18:34:31 0 d-------- C:\Program Files\Microsoft Works
2008-02-29 18:32:30 0 d-------- C:\WINDOWS\SHELLNEW
2008-02-29 18:32:11 0 d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-02-29 18:15:26 0 dr-h----- C:\MSOCache
2008-02-28 22:20:36 0 d-------- C:\Program Files\MSXML 4.0
2008-02-28 21:51:44 0 d-------- C:\Program Files\Ruckus Player
2008-02-28 21:36:04 0 d-------- C:\Program Files\Windows Media Connect 2
2008-02-28 21:35:01 0 d-------- C:\WINDOWS\system32\LogFiles
2008-02-28 21:35:01 0 d-------- C:\WINDOWS\system32\drivers\UMDF
2008-02-28 21:19:05 19437 --a------ C:\WINDOWS\waqe.scr
2008-02-28 21:19:05 11233 --a------ C:\Program Files\Common Files\godasobyc.bat
2008-02-28 21:19:05 17121 --a------ C:\Program Files\Common Files\evezohul.reg
2008-02-28 21:19:05 18824 --a------ C:\Documents and Settings\Robert\Application Data\ygiz.com
2008-02-28 21:14:39 0 d-------- C:\Program Files\Common Files\xing shared
2008-02-28 21:14:30 0 d-------- C:\Program Files\Real
2008-02-28 21:14:28 0 d-------- C:\Program Files\Common Files\Real
2008-02-28 21:14:28 0 d-------- C:\Documents and Settings\Robert\Application Data\Real
2008-02-28 20:59:02 0 d-------- C:\Program Files\Music Rescue
2008-02-28 20:58:45 0 d-------- C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-02-28 20:58:44 0 d-------- C:\Program Files\DVD Shrink
2008-02-28 20:58:27 0 d-------- C:\Documents and Settings\Robert\Application Data\Apple Computer
2008-02-28 20:58:16 0 d-------- C:\Program Files\iPod
2008-02-28 20:58:09 0 d-------- C:\Program Files\iTunes
2008-02-28 20:58:01 0 d-------- C:\Documents and Settings\Robert\Application Data\3M
2008-02-28 20:57:59 0 d-------- C:\Program Files\Bonjour
2008-02-28 20:57:39 0 d-------- C:\Program Files\DVDFab HD Decrypter 4
2008-02-28 20:57:25 0 d-------- C:\Program Files\QuickTime
2008-02-28 20:57:24 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-02-28 20:57:18 0 d-------- C:\Program Files\3M
2008-02-28 20:57:10 0 d-------- C:\Program Files\Apple Software Update
2008-02-28 20:56:41 0 d-------- C:\Program Files\Common Files\Apple
2008-02-28 20:56:41 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-02-28 20:55:27 0 d-------- C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
2008-02-28 20:54:39 82432 --a------ C:\WINDOWS\system32\msxml4r.dll <Not Verified; Microsoft Corporation; Microsoft® MSXML 4.0 SP1>
2008-02-28 20:54:38 109568 --a------ C:\WINDOWS\system32\MadCHook.dll <Not Verified; www.madshi.net; madCHook>
2008-02-28 20:54:35 10752 --a------ C:\WINDOWS\system32\PSS130F3.DLL <Not Verified; Pharos Systems International; PHAROS>
2008-02-28 20:54:35 10752 --a------ C:\WINDOWS\system32\PSS130F2.DLL <Not Verified; Pharos Systems International; PHAROS>
2008-02-28 20:54:35 10752 --a------ C:\WINDOWS\system32\PSS130F1.DLL <Not Verified; Pharos Systems International; PHAROS>
2008-02-28 20:54:35 10752 --a------ C:\WINDOWS\system32\PSS130F0.DLL <Not Verified; Pharos Systems International; PHAROS>
2008-02-28 20:54:35 10752 --a------ C:\WINDOWS\system32\PSS130EE.DLL <Not Verified; Pharos Systems International; PHAROS>
2008-02-28 20:54:35 10752 --a------ C:\WINDOWS\system32\PSS130ED.DLL <Not Verified; Pharos Systems International; PHAROS>
2008-02-28 20:54:34 10752 --a------ C:\WINDOWS\system32\PSS130E8.DLL <Not Verified; Pharos Systems International; PHAROS>
2008-02-28 20:54:34 10752 --a------ C:\WINDOWS\system32\PSS130E7.DLL <Not Verified; Pharos Systems International; PHAROS>
2008-02-28 20:54:34 10752 --a------ C:\WINDOWS\system32\PSS130E6.DLL <Not Verified; Pharos Systems International; PHAROS>
2008-02-28 20:54:34 462848 --a------ C:\WINDOWS\system32\PSP130E6.DLL <Not Verified; Pharos Systems International; PHAROS>
2008-02-28 20:54:32 258048 --a------ C:\WINDOWS\system32\PSR130C1.DLL <Not Verified; Pharos Systems International; PHAROS>
2008-02-28 20:54:28 0 d-------- C:\Program Files\PharosSystems
2008-02-28 20:54:24 0 d-------- C:\Program Files\Pharos
2008-02-28 20:54:08 0 d-------- C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-02-28 20:54:08 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2008-02-28 20:54:07 0 d-------- C:\Program Files\Viewpoint
2008-02-28 20:54:07 0 d-------- C:\Program Files\Audacity
2008-02-28 20:53:59 0 d-------- C:\Program Files\Common Files\Adobe
2008-02-28 20:53:57 0 d-------- C:\Documents and Settings\All Users\Application Data\AOL
2008-02-28 20:53:57 0 d-------- C:\Documents and Settings\All Users\Application Data\AOL OCP
2008-02-28 20:53:42 0 d-------- C:\Program Files\Common Files\AOL
2008-02-28 20:53:33 0 d-------- C:\Program Files\AIM6
2008-02-28 20:53:24 0 d-------- C:\Program Files\Steam
2008-02-28 20:52:37 0 d-------- C:\Documents and Settings\Robert\Application Data\Macromedia
2008-02-28 20:52:37 0 d-------- C:\Documents and Settings\Robert\Application Data\Adobe
2008-02-28 20:52:34 1158 --a------ C:\WINDOWS\mozver.dat
2008-02-28 20:41:48 11358 --a------ C:\WINDOWS\system32\safahiz.dat
2008-02-28 20:41:48 11324 --a------ C:\WINDOWS\sufu.reg
2008-02-28 20:41:48 13208 --a------ C:\Program Files\Common Files\kogididy.exe
2008-02-28 20:41:48 14665 --a------ C:\Program Files\Common Files\jici.exe
2008-02-28 20:41:48 13351 --a------ C:\Documents and Settings\Robert\Application Data\edisojatol.exe
2008-02-28 20:41:48 16773 --a------ C:\Documents and Settings\Robert\Application Data\apopab.com
2008-02-28 20:41:48 12981 --a------ C:\Documents and Settings\All Users\Application Data\ecilise.bin
2008-02-28 20:41:47 13057 --a------ C:\WINDOWS\vijavyhat.sys
2008-02-28 20:41:47 17495 --a------ C:\WINDOWS\system32\ydicyry.vbs
2008-02-28 20:41:47 13277 --a------ C:\WINDOWS\system32\ewumilirid.exe
2008-02-28 20:41:47 13493 --a------ C:\WINDOWS\system32\adevizyre.exe
2008-02-28 20:41:47 13468 --a------ C:\Documents and Settings\Robert\Application Data\acef.bin
2008-02-28 20:41:47 17409 --a------ C:\Documents and Settings\All Users\Application Data\ojyqit.pif
2008-02-28 20:36:55 0 d-------- C:\Program Files\Lavasoft
2008-02-28 20:36:55 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-28 20:35:33 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-28 20:15:43 0 d-------- C:\Documents and Settings\Robert\Application Data\Thunderbird
2008-02-28 20:15:33 0 d-------- C:\Program Files\Mozilla Thunderbird
2008-02-28 20:15:09 16061 --a------ C:\WINDOWS\usopyl.reg
2008-02-28 20:15:09 11709 --a------ C:\WINDOWS\uqynagen.dll
2008-02-28 20:15:09 18904 --a------ C:\WINDOWS\system32\zusorilah.pif
2008-02-28 20:15:09 16180 --a------ C:\WINDOWS\system32\usimyt.com
2008-02-28 20:15:09 12275 --a------ C:\WINDOWS\poluqa.scr
2008-02-28 20:15:09 10743 --a------ C:\WINDOWS\ixohajixo.exe
2008-02-28 20:15:09 12316 --a------ C:\Program Files\Common Files\yhotoh.reg
2008-02-28 20:15:09 17460 --a------ C:\Program Files\Common Files\udotur.vbs
2008-02-28 20:15:09 16188 --a------ C:\Program Files\Common Files\riwequzo.reg
2008-02-28 20:15:03 0 d-------- C:\Documents and Settings\Robert\Application Data\Talkback
2008-02-28 20:14:47 0 --a------ C:\WINDOWS\nsreg.dat
2008-02-28 20:14:45 0 d-------- C:\Documents and Settings\Robert\Application Data\Mozilla
2008-02-28 20:09:45 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-02-28 18:41:23 0 d-------- C:\WINDOWS\network diagnostic
2008-02-28 18:39:27 0 d-------- C:\Program Files\MSXML 6.0
2008-02-28 18:30:46 67110 --a------ C:\WINDOWS\system32\nvModes.dat
2008-02-28 18:27:07 0 d-------- C:\WINDOWS\system32\PreInstall
2008-02-28 18:27:00 0 d-------- C:\temp
2008-02-28 18:25:40 0 d-------- C:\Program Files\DellAutomatedPCTuneUp
2008-02-28 18:24:31 0 d-------- C:\Program Files\SigmaTel
2008-02-28 18:23:00 0 d-------- C:\WINDOWS\nview
2008-02-28 18:22:00 1626112 --a------ C:\WINDOWS\system32\nwiz.exe
2008-02-28 18:22:00 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll
2008-02-28 18:22:00 1703936 --a------ C:\WINDOWS\system32\nvwdmcpl.dll
2008-02-28 18:21:59 466944 --a------ C:\WINDOWS\system32\nvshell.dll
2008-02-28 18:21:59 1474560 --a------ C:\WINDOWS\system32\nview.dll
2008-02-28 18:21:59 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe
2008-02-28 18:21:57 442368 --a------ C:\WINDOWS\system32\nvappbar.exe
2008-02-28 18:21:56 425984 --a------ C:\WINDOWS\system32\keystone.exe
2008-02-28 18:20:51 0 d--h----- C:\WINDOWS\$hf_mig$
2008-02-28 18:11:47 0 d-------- C:\Program Files\Synaptics
2008-02-28 18:08:07 0 d-------- C:\Documents and Settings\Robert\Bluetooth Software
2008-02-28 18:07:26 0 d-------- C:\Program Files\WIDCOMM
2008-02-28 18:05:36 666 --a------ C:\WINDOWS\speed.reg
2008-02-28 18:04:30 16128 --a------ C:\WINDOWS\system32\drivers\APPDRV.SYS <Not Verified; Dell Inc; Application Driver>
2008-02-28 18:04:03 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-02-28 18:04:02 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-02-28 18:04:00 0 d-------- C:\Program Files\SystemRequirementsLab
2008-02-28 18:02:22 76 -r-hs---- C:\WINDOWS\CT4CET.bin
2008-02-28 18:02:05 0 d-------- C:\Program Files\Common Files\Reallusion
2008-02-28 18:01:50 0 d-------- C:\Program Files\Common Files\Creative
2008-02-28 18:01:39 0 d-------- C:\Program Files\Creative Live! Cam
2008-02-28 18:01:34 0 d-------- C:\Documents and Settings\Robert\Application Data\GTek
2008-02-28 18:01:26 0 d-------- C:\Program Files\Creative
2008-02-28 17:59:32 0 d-------- C:\Program Files\DellSupport
2008-02-28 17:59:32 0 d-------- C:\Documents and Settings\All Users\Application Data\Gtek
2008-02-28 17:58:47 47104 --a------ C:\WINDOWS\system32\rpcnet.dll <Not Verified; Absolute Software Corp.; Installation/Management Application>
2008-02-28 17:58:23 47104 --a------ C:\WINDOWS\system32\rpcnet.exe <Not Verified; Absolute Software Corp.; Installation/Management Application>
2008-02-28 17:58:18 0 d-------- C:\WINDOWS\system32\ReinstallBackups
2008-02-28 17:55:11 770048 --a------ C:\WINDOWS\system32\BCMLogon.dll <Not Verified; Dell Inc.; Wireless Network Logon Provider>
2008-02-28 17:55:10 33664 --a------ C:\WINDOWS\system32\drivers\BCMWLNPF.SYS <Not Verified; CACE Technologies; WinPcap Netgroup Packet Filter Driver>
2008-02-28 17:55:09 20480 --a------ C:\WINDOWS\system32\WLTRYSVC.EXE
2008-02-28 17:55:09 1392640 --a------ C:\WINDOWS\system32\WLTRAY.EXE <Not Verified; Dell Inc.; Dell Wireless WLAN Card Wireless Network Tray Applet>
2008-02-28 17:55:09 2129920 --a------ C:\WINDOWS\system32\WLBCGCBPRO731.DLL <Not Verified; BCGSoft Ltd; BCGControlBar Professional Dynamic Link Library>
2008-02-28 17:55:09 86016 --a------ C:\WINDOWS\system32\preflib.dll
2008-02-28 17:55:09 253952 --a------ C:\WINDOWS\system32\bcmwlu00.exe <Not Verified; Dell Inc.; Dell Wireless WLAN Card Uninstaller>
2008-02-28 17:55:09 1253376 --a------ C:\WINDOWS\system32\BCMWLTRY.EXE <Not Verified; Dell Inc.; Dell Wireless WLAN Card Wireless Network Controller>
2008-02-28 17:55:09 69632 --a------ C:\WINDOWS\system32\bcmwlpkt.dll <Not Verified; CACE Technologies; WinPcap low level packet library>
2008-02-28 17:55:09 757760 --a------ C:\WINDOWS\system32\bcm1xsup.dll
2008-02-28 17:55:08 0 d-------- C:\Program Files\Dell
2008-02-28 17:54:55 0 d-------- C:\Program Files\Common Files\InstallShield
2008-02-28 17:54:51 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2008-02-28 17:53:59 0 d-------- C:\WINDOWS\Downloaded Installations
2008-02-28 17:53:03 0 d-------- C:\Program Files\Broadcom
2008-02-28 17:52:26 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-02-28 17:52:22 0 d-------- C:\Program Files\Digital Line Detect
2008-02-28 17:52:15 0 d-------- C:\Documents and Settings\Robert\Application Data\InstallShield
2008-02-28 17:51:39 0 d-------- C:\Program Files\Modem Diagnostic Tool
2008-02-28 17:51:34 0 d-------- C:\Program Files\CONEXANT
2008-02-28 17:50:10 0 d-------- C:\Program Files\DIFX
2008-02-28 17:49:36 0 d------c- C:\WINDOWS\system32\DRVSTORE
2008-02-28 17:49:29 0 d-------- C:\Program Files\Intel
2008-02-28 17:48:38 0 d-------- C:\Intel
2008-02-28 17:47:15 0 d-------- C:\Dell
2008-02-28 17:42:40 0 d-------- C:\Documents and Settings\Robert\Application Data\Identities
2008-02-28 17:42:32 0 d--h----- C:\Documents and Settings\Robert\Templates
2008-02-28 17:42:32 0 dr------- C:\Documents and Settings\Robert\Start Menu
2008-02-28 17:42:32 0 dr-h----- C:\Documents and Settings\Robert\SendTo
2008-02-28 17:42:32 0 d--h----- C:\Documents and Settings\Robert\PrintHood
2008-02-28 17:42:32 4718592 --ah----- C:\Documents and Settings\Robert\NTUSER.DAT
2008-02-28 17:42:32 0 d--h----- C:\Documents and Settings\Robert\NetHood
2008-02-28 17:42:32 0 dr------- C:\Documents and Settings\Robert\My Documents
2008-02-28 17:42:32 0 d--h----- C:\Documents and Settings\Robert\Local Settings
2008-02-28 17:42:32 0 dr------- C:\Documents and Settings\Robert\Favorites
2008-02-28 17:42:32 0 d-------- C:\Documents and Settings\Robert\Desktop
2008-02-28 17:42:32 0 d--hs---- C:\Documents and Settings\Robert\Cookies
2008-02-28 17:42:32 0 dr-h----- C:\Documents and Settings\Robert\Application Data
2008-02-28 17:41:45 0 d-------- C:\WINDOWS\SoftwareDistribution
2008-02-28 17:41:43 17408 --a------ C:\WINDOWS\system32\rpcnetp.dll
2008-02-28 17:41:43 0 d---s---- C:\WINDOWS\system32\Microsoft
2008-02-28 17:41:43 0 d-------- C:\WINDOWS\Prefetch
2008-02-28 17:41:42 262144 --ah----- C:\Documents and Settings\LocalService\NTUSER.DAT
2008-02-28 17:41:42 0 d--h----- C:\Documents and Settings\LocalService\Local Settings
2008-02-28 17:41:42 0 d--hs---- C:\Documents and Settings\LocalService\Cookies
2008-02-28 17:41:42 0 d-------- C:\Documents and Settings\LocalService\Application Data
2008-02-28 17:41:42 0 d---s---- C:\Documents and Settings\LocalService\Application Data\Microsoft
2008-02-28 17:41:22 262144 --ah----- C:\Documents and Settings\NetworkService\NTUSER.DAT
2008-02-28 17:41:22 0 d--h----- C:\Documents and Settings\NetworkService\Local Settings
2008-02-28 17:41:22 0 d--hs---- C:\Documents and Settings\NetworkService\Cookies
2008-02-28 17:41:22 0 d-------- C:\Documents and Settings\NetworkService\Application Data
2008-02-28 17:41:22 0 d---s---- C:\Documents and Settings\NetworkService\Application Data\Microsoft
2008-02-28 17:38:08 0 d-------- C:\WINDOWS\system32\xircom
2008-02-28 17:38:08 0 d-------- C:\Program Files\microsoft frontpage
2008-02-28 17:38:06 225280 ---h----- C:\Documents and Settings\Default User\NTUSER.DAT
2008-02-28 17:38:00 0 -rahs---- C:\MSDOS.SYS
2008-02-28 17:38:00 0 -rahs---- C:\IO.SYS
2008-02-28 17:38:00 0 --a------ C:\CONFIG.SYS
2008-02-28 17:38:00 0 --a------ C:\AUTOEXEC.BAT
2008-02-28 17:37:15 0 d--hs---- C:\Documents and Settings\All Users\DRM
2008-02-28 17:37:08 0 dr------- C:\WINDOWS\Offline Web Pages
2008-02-28 17:37:08 0 d---s---- C:\WINDOWS\Downloaded Program Files
2008-02-28 17:36:57 0 d--h----- C:\Program Files\WindowsUpdate
2008-02-28 17:36:39 0 d-------- C:\WINDOWS\system32\DirectX
2008-02-28 17:36:00 0 d---s---- C:\WINDOWS\Tasks
2008-02-28 17:35:58 0 d-------- C:\Program Files\Common Files\MSSoap
2008-02-28 17:35:54 0 d-------- C:\WINDOWS\srchasst
2008-02-28 17:35:53 0 d-------- C:\WINDOWS\system32\Macromed
2008-02-28 17:35:44 0 d-------- C:\Program Files\Movie Maker
2008-02-28 17:35:35 0 d-------- C:\WINDOWS\system32\Restore
2008-02-28 17:35:13 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-02-28 17:34:57 0 d-------- C:\WINDOWS\Registration
2008-02-28 17:34:32 0 d-------- C:\Program Files\Online Services
2008-02-28 17:34:24 0 d-------- C:\Program Files\Messenger
2008-02-28 17:34:20 0 d-------- C:\Program Files\MSN Gaming Zone
2008-02-28 17:33:35 0 d-------- C:\Program Files\Windows NT
2008-02-28 17:33:32 0 d-------- C:\WINDOWS\system32\MsDtc
2008-02-28 17:33:30 0 d-------- C:\WINDOWS\system32\Com
2008-02-28 12:18:24 0 d--hs---- C:\WINDOWS\Installer
2008-02-28 12:18:23 0 d-------- C:\Program Files\Common Files\ODBC
2008-02-28 12:18:20 0 d-------- C:\Program Files\Common Files\SpeechEngines
2008-02-28 12:18:19 0 dr------- C:\Program Files
2008-02-28 12:18:19 0 d-------- C:\Program Files\Common Files
2008-02-28 12:17:51 0 d--h----- C:\Documents and Settings\Default User\Templates
2008-02-28 12:17:51 0 dr------- C:\Documents and Settings\Default User\Start Menu
2008-02-28 12:17:51 0 dr-h----- C:\Documents and Settings\Default User\SendTo
2008-02-28 12:17:51 0 d--h----- C:\Documents and Settings\Default User\Recent
2008-02-28 12:17:51 0 d--h----- C:\Documents and Settings\Default User\PrintHood
2008-02-28 12:17:51 0 d--h----- C:\Documents and Settings\Default User\NetHood
2008-02-28 12:17:51 0 d-------- C:\Documents and Settings\Default User\My Documents
2008-02-28 12:17:51 0 dr-h----- C:\Documents and Settings\Default User\Local Settings
2008-02-28 12:17:51 0 d-------- C:\Documents and Settings\Default User\Favorites
2008-02-28 12:17:51 0 d-------- C:\Documents and Settings\Default User\Desktop
2008-02-28 12:17:51 0 d---s---- C:\Documents and Settings\Default User\Cookies
2008-02-28 12:17:51 0 d--h----- C:\Documents and Settings\All Users\Templates
2008-02-28 12:17:51 0 dr------- C:\Documents and Settings\All Users\Start Menu
2008-02-28 12:17:51 0 d-------- C:\Documents and Settings\All Users\Favorites
2008-02-28 12:17:51 0 dr------- C:\Documents and Settings\All Users\Documents
2008-02-28 12:17:51 0 d-------- C:\Documents and Settings\All Users\Desktop
2008-02-28 12:17:39 0 d-------- C:\WINDOWS\system32\CatRoot2
2008-02-28 12:17:39 0 d-------- C:\WINDOWS\system32\CatRoot
2008-02-28 12:17:34 0 dr-h----- C:\Documents and Settings\Default User\Application Data
2008-02-28 12:17:34 0 d---s---- C:\Documents and Settings\Default User\Application Data\Microsoft
2008-02-28 12:17:34 0 dr-h----- C:\Documents and Settings\All Users\Application Data
2008-02-28 12:17:34 0 d---s---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-02-28 12:17:07 0 d--hs---- C:\System Volume Information
2008-02-28 12:17:07 0 d-------- C:\Documents and Settings
2008-02-28 12:17:03 17408 --a------ C:\WINDOWS\system32\rpcnetp.exe
2008-02-28 12:08:32 0 d-------- C:\WINDOWS
2008-02-28 12:08:32 0 d-------- C:\WINDOWS\WinSxS
2008-02-28 12:08:32 0 dr------- C:\WINDOWS\Web
2008-02-28 12:08:32 0 d-------- C:\WINDOWS\twain_32
2008-02-28 12:08:32 0 d-------- C:\WINDOWS\system32
2008-02-28 12:08:32 0 d-------- C:\WINDOWS\system32\wins
2008-02-28 12:08:32 0 d-------- C:\WINDOWS\system32\wbem
2008-02-28 12:08:32 0 d-------- C:\WINDOWS\system32\usmt
2008-02-28 12:08:32 0 d-------- C:\WINDOWS\system32\spool
2008-02-28 12:08:32 0 d-------- C:\WINDOWS\system32\ShellExt
2008-02-28 12:08:32 0 d-------- C:\WINDOWS\system32\Setup
2008-02-28 12:08:32 0 d-------- C:\WINDOWS\system32\ras
2008-02-28 12:08:32 0 d-------- C:\WINDOWS\system32\oobe
2008-02-28 12:08:32 0 d-------- C:\WINDOWS\system32\npp
2008-02-28 12:08:32 0 d-------- C:\WINDOWS\system32\mui
2008-02-28 12:08:32 0 d-------- C:\WINDOWS\system32\inetsrv
2008-02-28 12:08:32 0 d-------- C:\WINDOWS\system32\IME
2008-02-28 12:08:32 0 d-------- C:\WINDOWS\system32\icsxml
2008-02-28 12:08:32 0 d-------- C:\WINDOWS\system32\ias
2008-02-28 12:08:32 0 d-------- C:\WINDOWS\system32\export
2008-02-28 12:08:32 0 d-------- C:\WINDOWS\system32\drivers
2008-02-28 12:08:32 0 d-------- C:\WINDOWS\system32\drivers\etc
2008-02-28 12:08:32 0 d-------- C:\WINDOWS\system32\drivers\disdn
2008-02-28 12:08:32 0 dr-hs--c- C:\WINDOWS\system32\dllcache
2008-02-28 12:08:32 0 d-------- C:\WINDOWS\system32\dhcp
2008-02-28 12:08:32 0 d-------- C:\WINDOWS\system32\config
2008-02-28 12:08:32 0 d-------- C:\WINDOWS\system32\3com_dmi
2008-02-28 12:08:32 0 d-------- C:\WINDOWS\system32\3076
2008-02-28 12:08:32 0 d-------- C:\WINDOWS\system32\2052
2008-02-28 12:08:32 0 d-------- C:\WINDOWS\system32\1054
2008-02-28 12:08:32 0 d-------- C:\WINDOWS\system32\1042
2008-02-28 12:08:32 0 d-------- C:\WINDOWS\system32\1041
2008-02-28 12:08:32 0 d-------- C:\WINDOWS\system32\1037
2008-02-28 12:08:32 0 d-------- C:\WINDOWS\system32\1033
2008-02-28 12:08:32 0 d-------- C:\WINDOWS\system32\1031
2008-02-28 12:08:32 0 d-------- C:\WINDOWS\system32\1028
2008-02-28 12:08:32 0 d-------- C:\WINDOWS\system32\1025
2008-02-28 12:08:32 0 d-------- C:\WINDOWS\system
2008-02-28 12:08:32 0 d-------- C:\WINDOWS\security
2008-02-28 12:08:32 0 d-------- C:\WINDOWS\Resources
2008-02-28 12:08:32 0 d-------- C:\WINDOWS\repair
2008-02-28 12:08:32 0 d-------- C:\WINDOWS\Provisioning
2008-02-28 12:08:32 0 d-------- C:\WINDOWS\PeerNet
2008-02-28 12:08:32 0 d-------- C:\WINDOWS\pchealth
2008-02-28 12:08:32 0 d-------- C:\WINDOWS\mui
2008-02-28 12:08:32 0 d-------- C:\WINDOWS\msapps
2008-02-28 12:08:32 0 d-------- C:\WINDOWS\msagent
2008-02-28 12:08:32 0 d-------- C:\WINDOWS\Media
2008-02-28 12:08:32 0 d-------- C:\WINDOWS\java
2008-02-28 12:08:32 0 d--h----- C:\WINDOWS\inf
2008-02-28 12:08:32 0 d-------- C:\WINDOWS\ime
2008-02-28 12:08:32 0 d-------- C:\WINDOWS\Help
2008-02-28 12:08:32 0 dr--s---- C:\WINDOWS\Fonts
2008-02-28 12:08:32 0 d-------- C:\WINDOWS\Driver Cache
2008-02-28 12:08:32 0 d-------- C:\WINDOWS\Debug
2008-02-28 12:08:32 0 d-------- C:\WINDOWS\Cursors
2008-02-28 12:08:32 0 d-------- C:\WINDOWS\Connection Wizard
2008-02-28 12:08:32 0 d-------- C:\WINDOWS\Config
2008-02-28 12:08:32 0 d-------- C:\WINDOWS\AppPatch
2008-02-28 12:08:32 0 d-------- C:\WINDOWS\addins


-- Find3M Report ---------------------------------------------------------------

2008-03-03 16:26:01 353 --a------ C:\Documents and Settings\Robert\Application Data\HelpFilesUpdatePatch_PRINTHELPWRAPPER.log
2008-03-03 16:25:56 0 --a------ C:\Documents and Settings\Robert\Application Data\HelpFilesUpdatePatch_HELPFILEREPLACE.log
2008-03-03 16:24:04 2799 --a------ C:\Documents and Settings\Robert\Application Data\PatchUpdate_InstantShareJPG.log
2008-03-03 16:22:55 3600 --a------ C:\Documents and Settings\Robert\Application Data\PatchUpdate_IZClosingDiscError.log
2008-03-03 16:21:24 33073 --a------ C:\Documents and Settings\Robert\Application Data\Update_HP_RedboxHprblog_HPSU.log
2008-03-03 16:18:32 139264 --a------ C:\WINDOWS\system32\hpzjrd01.dll <Not Verified; Hewlett Packard; Hewlett Packard Rediscovery Library>
2008-02-29 12:36:36 394304 --a------ C:\Documents and Settings\Robert\Application Data\com.kennettnet.MusicRescueProfiles.plist
2008-02-29 12:36:32 3301 --a------ C:\Documents and Settings\Robert\Application Data\com.kennettnet.MusicRescue.plist
2008-02-28 21:19:05 11193 --a------ C:\Program Files\Common Files\tasecy.inf
2008-02-28 20:41:48 16528 --a------ C:\Documents and Settings\Robert\Application Data\oryleved.ban
2008-02-28 20:41:47 16646 --a------ C:\Documents and Settings\Robert\Application Data\rimuk.ban
2008-02-28 20:41:47 13479 --a------ C:\Documents and Settings\Robert\Application Data\ohav._dl
2008-02-28 20:41:47 15058 --a------ C:\Documents and Settings\Robert\Application Data\kyqiqycyqa.lib
2008-02-28 20:41:47 19566 --a------ C:\Documents and Settings\Robert\Application Data\icoxefyqo.dl
2008-02-28 20:15:09 11854 --a------ C:\Program Files\Common Files\onukegynyg._dl
2008-02-28 20:15:09 19274 --a------ C:\Program Files\Common Files\aguwa.dl
2008-02-28 12:17:51 62 --ahs---- C:\Documents and Settings\Robert\Application Data\desktop.ini


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{377C180E-6F0E-4D4C-980F-F45BD3D40CF4}]
09/19/2007 06:15 AM 329032 --a------ c:\PROGRA~1\mcafee\msk\mcapbho.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [10/08/2007 03:18 PM]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [03/16/2007 07:10 PM]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\QuickSet.exe" [07/03/2007 02:57 PM]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [10/26/2007 03:14 PM]
"OEM02Mon.exe"="C:\WINDOWS\OEM02Mon.exe" [05/10/2007 02:01 AM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [11/17/2007 04:03 AM]
"nwiz"="nwiz.exe" [11/17/2007 04:03 AM C:\WINDOWS\system32\nwiz.exe]
"NVHotkey"="nvHotkey.dll" [11/17/2007 04:03 AM C:\WINDOWS\system32\nvhotkey.dll]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [11/17/2007 04:03 AM]
"SigmatelSysTrayApp"="C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [05/10/2007 11:22 AM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 11:16 PM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [02/01/2008 12:13 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [02/19/2008 02:10 PM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [02/28/2008 09:14 PM]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [11/02/2004 09:24 PM]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [07/09/2001 12:50 PM]
"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [08/26/2004 10:01 PM]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [06/11/2007 05:25 AM]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [05/12/2005 12:12 AM]
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [11/05/2006 12:22 PM]
"RoxioDragToDisc"="C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe" [08/17/2006 10:00 AM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [05/29/2007 08:33 PM]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [06/06/2007 05:25 PM]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [03/03/2008 09:51 PM]
"WinPatrol"="C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe" [01/27/2008 01:38 AM]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [08/03/2007 10:33 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [03/15/2007 01:09 PM]
"DELL Webcam Manager"="C:\Program Files\DELL\DELL Webcam Manager\DellWMgr.exe" [06/07/2007 12:14 PM]
"DellAutomatedPCTuneUp"="C:\Program Files\DellAutomatedPCTuneUp\PTAgnt.exe" [10/11/2007 10:49 AM]
"Steam"="C:\Program Files\Steam\Steam.exe" [02/28/2008 08:53 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 08:00 AM]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [01/28/2008 12:43 PM]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [01/03/2008 12:15 PM]
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [09/22/2004 05:10 PM]
"HijackThis startup scan"="C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" [03/02/2008 10:45 PM]

C:\Documents and Settings\Robert\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [10/26/2006 9:24:54 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [5/17/2007 4:43:18 PM]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2/28/2008 5:52:26 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=cru629.dat

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{129c225c-e646-11dc-94db-93b6d1739fab}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480




-- Hosts -----------------------------------------------------------------------

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

8002 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-03-11 22:44:28 ------------











Extra.TXT

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Core™2 Duo CPU T7500 @ 2.20GHz
CPU 1: Intel® Core™2 Duo CPU T7500 @ 2.20GHz
Percentage of Memory in Use: 47%
Physical Memory (total/avail): 2045.97 MiB / 1072.08 MiB
Pagefile Memory (total/avail): 3938.9 MiB / 3006.48 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1925.83 MiB

C: is Fixed (NTFS) - 136.45 GiB total, 92.31 GiB free.
D: is Fixed (NTFS) - 2.5 GiB total, 2.48 GiB free.
E: is Fixed (NTFS) - 10 GiB total, 8.66 GiB free.
F: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - Hitachi HTS722016K9A300 - 149.05 GiB - 4 partitions
\PARTITION0 - Unknown - 101.94 MiB
\PARTITION1 - Installable File System - 10 GiB - E:
\PARTITION2 (bootable) - Installable File System - 136.45 GiB - C:
\PARTITION3 - Extended w/Extended Int 13 - 2.5 GiB - D:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.
AntiVirusDisableNotify is set.
FirewallDisableNotify is set.
UpdatesDisableNotify is set.

FW: McAfee Personal Firewall v (McAfee)
AV: AVG 7.5.518 v7.5.518 (Grisoft)
AV: McAfee VirusScan v (McAfee)
AV: Symantec AntiVirus Corporate Edition v10.1.6.6010 (Symantec Corporation)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\PharosSystems\\Core\\CTskMstr.exe"="C:\\Program Files\\PharosSystems\\Core\\CTskMstr.exe:*:Enabled:Pharos Com Task Master "
"C:\\WINDOWS\\SYSTEM32\\ctmweb.exe"="C:\\WINDOWS\\SYSTEM32\\ctmweb.exe:*:Enabled:ctmweb Computrace Installation/Management Application"
"%ProgramFiles%\\Symantec AntiVirus\\Rtvscan.exe"="%ProgramFiles%\\Symantec AntiVirus\\Rtvscan.exe:152.2.0.0/255.255.0.0,152.19.0.0/255.255.0.0,152.23.0.0/255.255.0.0:Enabled:Symantec Antivirus"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\PharosSystems\\Core\\CTskMstr.exe"="C:\\Program Files\\PharosSystems\\Core\\CTskMstr.exe:*:Enabled:Pharos Com Task Master "
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe:*:Enabled:hposid01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe:*:Enabled:hpoews01.exe"
"%ProgramFiles%\\Symantec AntiVirus\\Rtvscan.exe"="%ProgramFiles%\\Symantec AntiVirus\\Rtvscan.exe:152.2.0.0/255.255.0.0,152.19.0.0/255.255.0.0,152.23.0.0/255.255.0.0:Enabled:Symantec Antivirus"
"C:\\Program Files\\GRISOFT\\AVG7\\avginet.exe"="C:\\Program Files\\GRISOFT\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\GRISOFT\\AVG7\\avgamsvr.exe"="C:\\Program Files\\GRISOFT\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\GRISOFT\\AVG7\\avgcc.exe"="C:\\Program Files\\GRISOFT\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\Program Files\\GRISOFT\\AVG7\\avgemc.exe"="C:\\Program Files\\GRISOFT\\AVG7\\avgemc.exe:*:Enabled:avgemc.exe"
"C:\\Program Files\\Ruckus Player\\Ruckus.exe"="C:\\Program Files\\Ruckus Player\\Ruckus.exe:*:Enabled:Ruckus"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"="C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe:*:Enabled:McAfee Network Agent"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Robert\Application Data
CLASSPATH=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=ROBERTLAPTOP
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Robert
LOGONSERVER=\\ROBERTLAPTOP
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\PharosSystems\OutputManagement;C:\Program Files\PharosSystems\Core;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 10, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f0a
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\QuickTime\QTSystem\QTJava.zip
RoxioCentral=C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Robert\LOCALS~1\Temp
TMP=C:\DOCUME~1\Robert\LOCALS~1\Temp
USERDOMAIN=ROBERTLAPTOP
USERNAME=Robert
USERPROFILE=C:\Documents and Settings\Robert
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Robert (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\PROGRA~1\RUCKUS~1\UNWISE.EXE /a C:\PROGRA~1\RUCKUS~1\INSTALL.LOG
--> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\WINDOWS\NuNInst.exe /UNINSTALL
--> C:\WINDOWS\unmrw.exe /UNINSTALL
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> C:\WINDOWS\UNNMP.exe /UNINSTALL
--> C:\WINDOWS\UNNVEContent.exe /UNINSTALL
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88564CEF-20A5-4EF2-A05F-309F2EBA9B06}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1A5BA3E-9ABF-4037-820B-6151022B8ACB}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D5BA7C09-E523-478C-9C37-A1D86C76383E}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F6366726-BA44-4D6A-8ECE-476E2E616AD1}\setup.exe" -l0x9
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Action Replay XBOX 1.42 --> "C:\Program Files\Datel\Action Replay XBOX\unins000.exe"
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player 9 ActiveX --> MsiExec.exe /X{685A56F8-75B6-44AD-B3DA-FB0A3266B47C}
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Advanced Audio FX Engine --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88564CEF-20A5-4EF2-A05F-309F2EBA9B06}\setup.exe" -l0x9 /remove
Advanced Video FX Engine --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D5BA7C09-E523-478C-9C37-A1D86C76383E}\setup.exe" -l0x9 /remove
AIM 6 --> C:\Program Files\AIM6\uninst.exe
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
Audacity 1.2.6 --> "C:\Program Files\Audacity\unins000.exe"
AVG 7.5 --> C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL
AVG Anti-Rootkit Free --> C:\Program Files\GRISOFT\AVG Anti-Rootkit Free\Uninstall.exe
AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
Bonjour --> MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
Broadcom 440x 10/100 Integrated Controller --> MsiExec.exe /X{612B9183-67A9-4B44-9877-2F059E35B86A}
Broadcom Management Programs --> MsiExec.exe /I{C99C0593-3B48-41D9-B42F-6E035B320449}
Conexant HDA D330 MDC V.92 Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F\HXFSETUP.EXE -U -Idel000f5.inf
Counter-Strike --> "C:\Program Files\Steam\steam.exe" steam://uninstall/10
Counter-Strike: Source --> "C:\Program Files\Steam\steam.exe" steam://uninstall/240
Day of Defeat --> "C:\Program Files\Steam\steam.exe" steam://uninstall/30
Day of Defeat: Source --> "C:\Program Files\Steam\steam.exe" steam://uninstall/300
Deathmatch Classic --> "C:\Program Files\Steam\steam.exe" steam://uninstall/40
Dell Automated PC TuneUp --> MsiExec.exe /X{FE34691C-4298-4667-9758-D7F534DD0B94}
Dell Touchpad --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
DELL Webcam Center --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1A5BA3E-9ABF-4037-820B-6151022B8ACB}\setup.exe" -l0x9 /remove
DELL Webcam Manager --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F6366726-BA44-4D6A-8ECE-476E2E616AD1}\setup.exe" -l0x9 /remove
Dell Wireless WLAN Card --> "C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Program Files\Dell\Dell Wireless WLAN Card"
DellSupport --> MsiExec.exe /X{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}
Digital Line Detect --> C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\Setup.exe -runfromtemp -l0x0009 -removeonly
DVD Shrink 3.2 --> "C:\Program Files\DVD Shrink\unins000.exe"
DVDFab HD Decrypter 4.0.6.2 --> "C:\Program Files\DVDFab HD Decrypter 4\unins000.exe"
Freez FLV to MP3 Converter --> "C:\Program Files\FLV to MP3\unins000.exe"
Half-Life 2: Deathmatch --> "C:\Program Files\Steam\steam.exe" steam://uninstall/320
Half-Life 2: Lost Coast --> "C:\Program Files\Steam\steam.exe" steam://uninstall/340
Half-Life: Blue Shift --> "C:\Program Files\Steam\steam.exe" steam://uninstall/130
High Definition Audio Driver Package - KB888111 --> "C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
HP Document Viewer 5.3 --> C:\Program Files\HP\Digital Imaging\DocumentViewer\hpzscr01.exe -datfile hpqbud04.dat
HP Extended Capabilities 5.3 --> C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Image Zone 5.3 --> C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Imaging Device Functions 5.3 --> C:\Program Files\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat
HP PSC & OfficeJet 5.3.A --> "C:\Program Files\HP\Digital Imaging\{3E386744-10FA-44b2-98C9-DF7A270DECB3}\setup\hpzscr01.exe" -datfile hposcr06.dat
HP Software Update --> MsiExec.exe /X{15EE79F4-4ED1-4267-9B0F-351009325D7D}
HP Solution Center & Imaging Support Tools 5.3 --> C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
iTunes --> MsiExec.exe /I{80FD852F-5AAC-4129-B931-06AAFFA43138}
Java DB 10.3.1.4 --> MsiExec.exe /X{CD49361E-3FE6-457E-90A1-9C59E29B5D02}
Java™ 6 Update 4 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160040}
Java™ SE Development Kit 6 Update 4 --> MsiExec.exe /I{32A3A4F4-B792-11D6-A78A-00B0D0160040}
Laptop Integrated Webcam Driver (1.04.01.1011) --> C:\WINDOWS\CtDrvIns.exe -uninstall -script OEM002.uns -plugin OEM02Pin.dll -pluginres OEM02Pin.crl -nodisconprompt -langid 0x0409
Live! Cam Avatar Creator --> C:\Program Files\InstallShield Installation Information\{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}\setup.exe -runfromtemp -l0x0009 -removeonly /remove
Live! Cam Avatar v1.0 --> C:\Program Files\InstallShield Installation Information\{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}\setup.exe -runfromtemp -l0x0009 -removeonly /remove
LiveUpdate 3.1 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
McAfee SecurityCenter --> C:\Program Files\McAfee\MSC\mcuninst.exe
mCore --> MsiExec.exe /I{E81667C6-2856-46D6-ABEA-6A2F42166779}
mDriver --> MsiExec.exe /I{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}
mHlpDell --> MsiExec.exe /I{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Home and Student 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007 --> MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007 --> MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
mIWA --> MsiExec.exe /I{3E9D596A-61D4-4239-BD19-2DB984D2A16F}
mLogView --> MsiExec.exe /I{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}
mMHouse --> MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
Modem Diagnostic Tool --> MsiExec.exe /I{F63A3748-B93D-4360-9AD4-B064481A5C7B}
Mozilla Firefox (2.0.0.12) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (2.0.0.12) --> C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe
mPfMgr --> MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
mPfWiz --> MsiExec.exe /I{90B0D222-8C21-4B35-9262-53B042F18AF9}
mProSafe --> MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Music Rescue 3.1.6 --> "C:\Program Files\Music Rescue\unins000.exe"
mWlsSafe --> MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
mZConfig --> MsiExec.exe /I{94658027-9F16-4509-BBD7-A59FE57C3023}
Nero Suite --> C:\Program Files\Common Files\Ahead\Uninstall\setup.exe /uninstall
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
Opposing Force --> "C:\Program Files\Steam\steam.exe" steam://uninstall/50
Pharos --> C:\PROGRA~1\Pharos\bin\Local.EXE
Photo Viewer 2.3 --> "C:\Program Files\Photo Viewer\uninstall.exe"
Post-it® Software Notes Lite --> "C:\Program Files\3M\Uninstall.exe" -Prog"C:\Program Files\3M\PsnLite.exe" -INI"C:\Program Files\3M\uninst.ini"
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
QuickSet --> C:\Program Files\InstallShield Installation Information\{C5074CC4-0E26-4716-A307-960272A90040}\setup.exe -runfromtemp -l0x0009 APPDRVNT4 -removeonly
QuickTime --> MsiExec.exe /I{BFD96B89-B769-4CD6-B11E-E79FFD46F067}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Rhapsody Player Engine --> MsiExec.exe /I{22DE1881-9D24-4981-B5CC-EC7E9F2F4D52}
Ricochet --> "C:\Program Files\Steam\steam.exe" steam://uninstall/60
Roxio Creator Audio --> MsiExec.exe /I{83FFCFC7-88C6-41c6-8752-958A45325C82}
Roxio Creator Copy --> MsiExec.exe /I{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}
Roxio Creator Data --> MsiExec.exe /I{0D397393-9B50-4c52-84D5-77E344289F87}
Roxio Creator DE --> MsiExec.exe /I{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
Roxio Creator Tools --> MsiExec.exe /I{0394CDC8-FABD-4ed8-B104-03393876DFDF}
Roxio Drag-to-Disc --> MsiExec.exe /I{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}
Roxio Express Labeler --> MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Roxio MyDVD DE --> MsiExec.exe /I{D639085F-4B6E-4105-9F37-A0DBB023E2FB}
Roxio Update Manager --> MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Ruckus Player --> C:\PROGRA~1\RUCKUS~1\UNWISE.EXE C:\PROGRA~1\RUCKUS~1\INSTALL.LOG
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Office 2007 (KB947801) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {02B5A17B-01BE-4BA6-95F1-1CBB46EBC76E}
SigmaTel Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x9 -remove -removeonly
Sonic Activation Module --> MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SpywareBlaster 4.0 --> "C:\Program Files\SpywareBlaster\unins000.exe"
Steam --> MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
Symantec AntiVirus --> MsiExec.exe /I{50E125D1-88E5-48CE-80AE-98EC9698E639}
System Requirements Lab --> C:\Program Files\SystemRequirementsLab\Uninstall.exe
Team Fortress Classic --> "C:\Program Files\Steam\steam.exe" steam://uninstall/20
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
WIDCOMM Bluetooth Software --> MsiExec.exe /X{84814E6B-2581-46EC-926A-823BD1C670F6}
Windows Driver Package - Ricoh Company (rimsptsk) hdc (11/14/2006 6.00.01.04) --> C:\PROGRA~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\dpinst.exe /us C:\PROGRA~1\DIFX\UninstallScripts\4569969E1360D2854474C661EF9B4D54F143EB16
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinISO 5.3 --> "C:\Program Files\WinISO\unins000.exe"
WinPatrol 2007 --> C:\PROGRA~1\BILLPS~1\WINPAT~1\Setup.exe /remove /q0
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
XChange 360 --> "C:\Program Files\Datel\XChange 360\unins000.exe"


-- Application Event Log -------------------------------------------------------

Event Record #/Type7028 / Error
Event Submitted/Written: 03/11/2008 10:40:40 PM
Event ID/Source: 5051 / McLogEvent
Event Description:
A thread in process C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe took longer than 90000 ms to complete a request.

The process will be terminated.
Thread id : 3416 (0xd58)

Thread address : 0x7C90EB94

Thread message :

Build VSCORE.14.0.0.349 / 5200.2160
Object being scanned = \Device\HarddiskVolume3\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\APTemp\APQ19.tmp
by C:\Program Files\Symantec AntiVirus\Rtvscan.exe
4(0)(0)
4(0)(0)
7200(0)(0)
7595(0)(0)
7005(0)(0)
7004(0)(0)
5006(0)(0)
5004(0)(0)

Event Record #/Type7007 / Warning
Event Submitted/Written: 03/11/2008 10:08:41 PM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Event Record #/Type7005 / Error
Event Submitted/Written: 03/11/2008 06:30:51 PM
Event ID/Source: 5051 / McLogEvent
Event Description:
A thread in process C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe took longer than 90000 ms to complete a request.

The process will be terminated.
Thread id : 3840 (0xf00)

Thread address : 0x7C90EB94

Thread message :
Object being scanned = \Device\HarddiskVolume3\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\APTemp\APQE.tmp
by C:\Program Files\Symantec AntiVirus\Rtvscan.exe
4(0)(0)
4(0)(0)
7200(0)(0)
7595(0)(0)
7005(0)(0)
7004(0)(0)
5006(0)(0)
5004(0)(0)

Event Record #/Type7004 / Error
Event Submitted/Written: 03/11/2008 06:30:51 PM
Event ID/Source: 5051 / McLogEvent
Event Description:
A thread in process C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe took longer than 90000 ms to complete a request.

The process will be terminated.
Thread id : 3396 (0xd44)

Thread address : 0x7C90EB94

Thread message :

Build VSCORE.14.0.0.349 / 5200.2160
Object being scanned = \Device\HarddiskVolume3\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\APTemp\APQC.tmp
by C:\Program Files\Symantec AntiVirus\Rtvscan.exe
4(0)(0)
4(0)(0)
7200(0)(0)
7595(0)(0)
7005(0)(0)
7004(0)(0)
5006(0)(0)
5004(0)(0)

Event Record #/Type6985 / Error
Event Submitted/Written: 03/10/2008 11:27:16 PM
Event ID/Source: 5051 / McLogEvent
Event Description:
A thread in process C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe took longer than 90000 ms to complete a request.

The process will be terminated.
Thread id : 3732 (0xe94)

Thread address : 0x7C90EB94

Thread message :

Build VSCORE.14.0.0.349 / 5200.2160
Object being scanned = \Device\HarddiskVolume3\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\APTemp\APQB.tmp
by C:\Program Files\Symantec AntiVirus\Rtvscan.exe
4(0)(0)
4(0)(0)
7200(0)(0)
7595(0)(0)
7005(0)(0)
7004(0)(0)
5006(0)(0)
5004(0)(0)



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type7131 / Error
Event Submitted/Written: 03/11/2008 10:42:07 PM
Event ID/Source: 7011 / Service Control Manager
Event Description:
Timeout (30000 milliseconds) waiting for a transaction response from the McShield service.

Event Record #/Type7099 / Warning
Event Submitted/Written: 03/11/2008 09:48:36 PM
Event ID/Source: 8021 / BROWSER
Event Description:
The browser was unable to retrieve a list of servers from the browser master \\DCGH0BC1 on the network \Device\NetBT_Tcpip_{63247ECA-1DAE-4352-B60A-7E5422A02013}.
The data is the error code.

Event Record #/Type7069 / Warning
Event Submitted/Written: 03/11/2008 06:27:44 PM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 0013E869ACD5. The following
error occurred:
%%121.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Event Record #/Type7063 / Error
Event Submitted/Written: 03/11/2008 01:20:23 PM
Event ID/Source: 8032 / BROWSER
Event Description:
The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{63247ECA-1DAE-4352-B60A-7E5422A02013}.
The backup browser is stopping.

Event Record #/Type7062 / Warning
Event Submitted/Written: 03/11/2008 01:18:57 PM
Event ID/Source: 8021 / BROWSER
Event Description:
The browser was unable to retrieve a list of servers from the browser master \\MYPC on the network \Device\NetBT_Tcpip_{63247ECA-1DAE-4352-B60A-7E5422A02013}.
The data is the error code.



-- End of Deckard's System Scanner: finished at 2008-03-11 22:44:28 ------------

#4 random/random

random/random

  • Malware Response Team
  • 2,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:12 AM

Posted 12 March 2008 - 02:16 PM

  • Go to Start > My Computer
  • Go to Tools > Folder Options
  • Click on the View tab
  • Untick the following:
    • Hide extensions for known file types
    • Hide protected operating system files (Recommended)
  • You will get a message warning you about showing protected operating system files, click Yes
  • Make sure this option is selected:
    • Show hidden files and folders
  • Click Apply and then click OK
Run HijackThis
Click on do a system scan only
Place a checkmark next to these lines(if still present)

O20 - AppInit_DLLs: cru629.dat

Then close all windows except HijackThis and click Fix Checked

Restart

Use windows explorer to find and delete these files:

C:\WINDOWS\system32\zusorilah.pif
C:\WINDOWS\system32\ydicyry.vbs
C:\WINDOWS\system32\usimyt.com
C:\WINDOWS\system32\safahiz.dat
C:\WINDOWS\system32\ewumilirid.exe
C:\WINDOWS\system32\adevizyre.exe
C:\WINDOWS\system32\cru629.dat
C:\WINDOWS\waqe.scr
C:\WINDOWS\vijavyhat.sys
C:\WINDOWS\usopyl.reg
C:\WINDOWS\uqynagen.dll
C:\WINDOWS\sufu.reg
C:\WINDOWS\poluqa.scr
C:\WINDOWS\ixohajixo.exe
C:\Program Files\Common Files\yhotoh.reg
C:\Program Files\Common Files\udotur.vbs
C:\Program Files\Common Files\riwequzo.reg
C:\Program Files\Common Files\kogididy.exe
C:\Program Files\Common Files\jici.exe
C:\Program Files\Common Files\godasobyc.bat
C:\Program Files\Common Files\evezohul.reg
C:\Documents and Settings\Robert\Application Data\apopab.com
C:\Documents and Settings\Robert\Application Data\edisojatol.exe
C:\Documents and Settings\Robert\Application Data\acef.bin
C:\Documents and Settings\All Users\Application Data\ojyqit.pif
C:\Documents and Settings\All Users\Application Data\ecilise.bin

And this folder:

C:\Documents and Settings\Robert\Application Data\ygiz.com

As an example:
To delete C:\WINDOWS\system32\filetogo.bye
Double click the My Computer icon on your Desktop.
Double click on Local Disc (C:\)
Double click on the Windows folder,
Double click on the System 32 folder,
Right click on filetogo.bye and from the menu that appears, click on 'Delete'


Go to Start > Run... and copy/paste the text below into the Runbox:

"%userprofile%\desktop\dss.exe" /config

A window will open. Click on Check All, then click Scan!.

When it has finished, Deckard's System Scanner will open two Notepad files: main.txt and extra.txt- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply

#5 BrazeDog

BrazeDog
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:12 PM

Posted 12 March 2008 - 07:38 PM

Main

Deckard's System Scanner v20071014.68
Run by Robert on 2008-03-12 20:34:39
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
54: 2008-03-13 00:34:46 UTC - RP80 - Deckard's System Scanner Restore Point
53: 2008-03-12 02:42:47 UTC - RP79 - Software Distribution Service 3.0
52: 2008-03-12 02:39:41 UTC - RP78 - Deckard's System Scanner Restore Point
51: 2008-03-12 02:09:12 UTC - RP77 - Software Distribution Service 3.0
50: 2008-03-11 22:55:17 UTC - RP76 - System Checkpoint


-- First Restore Point --
1: 2008-02-29 00:11:36 UTC - RP27 - New Installation


Performed disk cleanup.



-- HijackThis (run as Robert.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:35:02 PM, on 3/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\WINDOWS\system32\rpcnet.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Dell\QuickSet\QuickSet.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\OEM02Mon.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\DELL\DELL Webcam Manager\DellWMgr.exe
C:\Program Files\DellAutomatedPCTuneUp\PTAgnt.exe
C:\Program Files\Steam\Steam.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Documents and Settings\Robert\desktop\dss.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Robert.exe

O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\WINDOWS\OEM02Mon.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] "C:\PROGRA~1\SYMANT~1\VPTray.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe -expressboot
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [DELL Webcam Manager] "C:\Program Files\DELL\DELL Webcam Manager\DellWMgr.exe" /s
O4 - HKCU\..\Run: [DellAutomatedPCTuneUp] "C:\Program Files\DellAutomatedPCTuneUp\PTAgnt.exe" /startup
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab
O16 - DPF: {700EF03F-A472-4D26-8ACB-300F4D04FD96} (Recovery ActiveX Control Module) - https://www.lojackforlaptops.com/ctmweb/testoc.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: DellAMBrokerService - Unknown owner - C:\Program Files\DellAutomatedPCTuneUp\brkrsvc.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPBOID.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pharos Systems ComTaskMaster - Pharos Systems International - C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Remote Procedure Call (RPC) Net (rpcnet) - Absolute Software Corp. - C:\WINDOWS\system32\rpcnet.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 14460 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080308-134521-557 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
backup-20080308-134521-640 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
backup-20080308-134810-585 O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PsnLite.exe
backup-20080308-135116-721 O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
backup-20080308-135420-213 O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
backup-20080308-135502-712 O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
backup-20080308-141400-704 O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
backup-20080312-201251-474 O20 - AppInit_DLLs: cru629.dat

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 APPDRV - c:\windows\system32\drivers\appdrv.sys <Not Verified; Dell Inc; Application Driver>
R3 DSproct - c:\program files\dellsupport\gtaction\triggers\dsproct.sys <Not Verified; Gteko Ltd.; processt>
R3 PTproct - c:\program files\dellautomatedpctuneup\gtaction\triggers\ptproct.sys <Not Verified; Gteko Ltd.; processt>

S3 UIUSys (Conexant Setup API) - c:\windows\system32\drivers\uiusys.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>
R2 Pharos Systems ComTaskMaster - "c:\progra~1\pharos~1\core\ctskmstr.exe" <Not Verified; Pharos Systems International; PHAROS>
R2 rpcnet (Remote Procedure Call (RPC) Net) - c:\windows\system32\rpcnet.exe <Not Verified; Absolute Software Corp.; Installation/Management Application>
R2 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager>

S3 DSBrokerService - "c:\program files\dellsupport\brkrsvc.exe" <Not Verified; ; Gteko BrkrSvc Application>
S3 stllssvr - "c:\program files\common files\surething shared\stllssvr.exe" <Not Verified; MicroVision Development, Inc.; SureThing CD Labeler>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Process Modules -------------------------------------------------------------

C:\WINDOWS\system32\winlogon.exe (pid 900)
2007-10-08 15:11:52 208896 --a------ C:\WINDOWS\system32\NetProvCredMan.dll <Not Verified; Intel Corporation; NetProvCredMan Dynamic Link Library>
2007-03-16 19:10:48 770048 --a------ C:\WINDOWS\system32\BCMLogon.dll <Not Verified; Dell Inc.; Wireless Network Logon Provider>

C:\WINDOWS\system32\svchost.exe (pid 1224)
2007-07-24 16:17:08 147456 --a------ C:\Program Files\Bonjour\mdnsNSP.dll <Not Verified; Apple Inc.; Bonjour>

C:\WINDOWS\system32\svchost.exe (pid 1264)
2007-07-24 16:17:08 147456 --a------ C:\Program Files\Bonjour\mdnsNSP.dll <Not Verified; Apple Inc.; Bonjour>

C:\WINDOWS\explorer.exe (pid 136)
2006-10-12 23:15:42 167936 --a------ C:\Program Files\PharosSystems\Core\PrnTrack.dll <Not Verified; Pharos Systems International; PHAROS>
2006-10-12 23:15:42 109568 --a------ C:\WINDOWS\system32\MadCHook.dll <Not Verified; www.madshi.net; madCHook>
2007-05-17 15:17:38 45056 --a------ C:\WINDOWS\system32\BTNCopy.dll <Not Verified; Broadcom Corporation.; Bluetooth Software>
2007-10-08 15:11:52 208896 --a------ C:\WINDOWS\system32\NetProvCredMan.dll <Not Verified; Intel Corporation; NetProvCredMan Dynamic Link Library>
2007-05-17 15:33:10 73728 --a------ C:\WINDOWS\system32\BtMmHook.dll <Not Verified; Broadcom Corporation.; Bluetooth Software>
2007-05-17 15:31:18 40960 --a------ C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll
2007-07-03 14:56:56 98304 --a------ C:\Program Files\Dell\QuickSet\dadkeyb.dll
2003-05-15 15:43:24 119808 --a------ C:\Program Files\WinRAR\RarExt.dll
2007-07-24 16:17:08 147456 --a------ C:\Program Files\Bonjour\mdnsNSP.dll <Not Verified; Apple Inc.; Bonjour>
2006-12-22 13:28:14 271360 --a------ C:\WINDOWS\system32\mscoree.dll <Not Verified; Microsoft Corporation; Microsoft® .NET Framework>
2003-02-20 20:09:34 253952 --a------ C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\shfusion.dll <Not Verified; Microsoft Corporation; Microsoft .NET Framework>
2007-05-17 15:52:30 2842624 --a------ C:\WINDOWS\system32\btwicons.dll <Not Verified; ; btwicons Dynamic Link Library>

C:\WINDOWS\system32\rundll32.exe (pid 1532)
2006-10-12 23:15:42 167936 --a------ C:\Program Files\PharosSystems\Core\PrnTrack.dll <Not Verified; Pharos Systems International; PHAROS>
2006-10-12 23:15:42 109568 --a------ C:\WINDOWS\system32\MadCHook.dll <Not Verified; www.madshi.net; madCHook>

C:\WINDOWS\system32\rundll32.exe (pid 2528)
2006-10-12 23:15:42 167936 --a------ C:\Program Files\PharosSystems\Core\PrnTrack.dll <Not Verified; Pharos Systems International; PHAROS>
2006-10-12 23:15:42 109568 --a------ C:\WINDOWS\system32\MadCHook.dll <Not Verified; www.madshi.net; madCHook>


-- Scheduled Tasks -------------------------------------------------------------

2008-03-04 10:07:01 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2008-03-02 14:55:32 352 --a------ C:\WINDOWS\Tasks\McDefragTask.job
2008-03-02 14:55:31 354 --a------ C:\WINDOWS\Tasks\McQcTask.job


-- Files created between 2008-02-12 and 2008-03-12 -----------------------------

2008-03-11 12:14:33 0 d-------- C:\Documents and Settings\Robert\.housecall6.6
2008-03-11 12:13:56 0 d-------- C:\WINDOWS\Sun
2008-03-10 00:40:31 106 --a------ C:\delete.bat
2008-03-09 18:02:19 0 d-------- C:\Documents and Settings\LocalService\Application Data\Identities
2008-03-09 13:26:47 0 d-------- C:\Documents and Settings\Robert\Application Data\WinPatrol
2008-03-09 13:26:36 0 d-------- C:\Program Files\BillP Studios
2008-03-08 19:24:12 0 dr------- C:\Documents and Settings\LocalService\Favorites
2008-03-05 09:45:47 0 d-------- C:\Documents and Settings\Default User\Application Data\Apple Computer
2008-03-05 08:56:20 0 dr-h----- C:\$VAULT$.AVG
2008-03-04 04:33:49 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-03-03 23:31:23 0 d-------- C:\Mp3 Output
2008-03-03 23:31:20 765952 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-03-03 23:31:20 4762112 --a------ C:\WINDOWS\system32\NCMedia.dll
2008-03-03 23:31:20 383238 --a------ C:\WINDOWS\system32\libmp3lame-0.dll
2008-03-03 23:31:19 0 d-------- C:\Program Files\FLV to MP3
2008-03-03 21:59:30 0 d-------- C:\Documents and Settings\Robert\Application Data\Ruckus Network
2008-03-03 21:48:36 0 d-------- C:\Documents and Settings\Robert\Application Data\AVG7
2008-03-03 21:48:03 0 d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-03-03 21:47:12 0 d-------- C:\Documents and Settings\All Users\Application Data\avg7
2008-03-03 18:11:51 0 d-------- C:\Program Files\Symantec
2008-03-03 18:07:41 0 d-------- C:\Program Files\Symantec AntiVirus
2008-03-03 18:07:41 0 d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-03-03 17:59:12 0 d-------- C:\Documents and Settings\Robert\Application Data\Grisoft
2008-03-03 14:18:11 0 d-------- C:\Documents and Settings\Robert\Application Data\Ahead
2008-03-03 14:17:35 0 d-------- C:\Documents and Settings\All Users\Application Data\CyberLink
2008-03-03 14:06:40 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-03-03 12:19:44 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-03-03 12:19:17 0 d-------- C:\Program Files\Common Files\Download Manager
2008-03-03 12:16:55 0 d-------- C:\Documents and Settings\Robert\Application Data\Uniblue
2008-03-03 12:05:28 0 dr-h----- C:\Documents and Settings\Robert\Recent
2008-03-03 00:43:53 0 d-------- C:\Program Files\Sun
2008-03-03 00:39:59 0 d-------- C:\Program Files\Java
2008-03-03 00:30:23 0 d-------- C:\Program Files\Common Files\Java
2008-03-03 00:28:52 0 d-------- C:\Documents and Settings\Robert\Application Data\Sun
2008-03-03 00:14:33 0 d-------- C:\Documents and Settings\Robert\Application Data\Malwarebytes
2008-03-03 00:14:25 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-03-03 00:05:06 0 d-------- C:\WINDOWS\pss
2008-03-03 00:02:20 0 d-------- C:\Program Files\Enigma Software Group
2008-03-02 14:57:40 143360 --a------ C:\WINDOWS\system32\dunzip32.dll <Not Verified; Inner Media, Inc.; DynaZIP-32 Multi-Threading UnZIP DLL>
2008-03-02 14:55:14 0 d-------- C:\Program Files\McAfee.com
2008-03-02 14:55:10 0 d-------- C:\Program Files\Common Files\McAfee
2008-03-02 14:54:53 0 d-------- C:\Program Files\McAfee
2008-03-02 14:54:06 0 d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2008-03-02 14:37:43 0 d-------- C:\Program Files\Trend Micro
2008-03-02 14:36:44 0 d-------- C:\Documents and Settings\LocalService\Application Data\Roxio
2008-03-02 14:36:35 0 d-------- C:\Documents and Settings\Robert\Application Data\Roxio
2008-03-02 14:28:20 0 d-------- C:\Documents and Settings\All Users\Application Data\InstallShield
2008-03-02 14:27:15 0 d-------- C:\Program Files\Common Files\SureThing Shared
2008-03-02 14:27:05 0 d-------- C:\WINDOWS\system32\DLA
2008-03-02 14:24:53 0 d-------- C:\Documents and Settings\All Users\Application Data\Roxio
2008-03-02 14:24:46 0 d-------- C:\Program Files\Common Files\Roxio Shared
2008-03-02 14:23:34 0 d-------- C:\Program Files\Roxio
2008-03-02 14:21:08 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-02 14:20:56 0 d-------- C:\Program Files\SpywareBlaster
2008-03-02 12:52:54 0 d-------- C:\Documents and Settings\All Users\Application Data\HP
2008-03-02 12:51:35 0 d-------- C:\Program Files\Common Files\Sonic Shared
2008-03-02 12:51:35 0 d-------- C:\Documents and Settings\All Users\Application Data\Sonic
2008-03-02 12:50:45 0 d-------- C:\Program Files\Common Files\HP
2008-03-02 12:48:44 0 d-------- C:\Program Files\Hewlett-Packard
2008-03-02 12:47:36 0 d-------- C:\WINDOWS\system32\URTTemp
2008-03-02 12:46:27 0 d-------- C:\Program Files\Common Files\Hewlett-Packard
2008-03-02 12:38:32 10752 --a------ C:\WINDOWS\system32\PSSCD722.DLL <Not Verified; Pharos Systems International; PHAROS>
2008-03-02 12:25:57 5389 -----n--- C:\WINDOWS\hpomdl06.dat
2008-03-02 12:25:57 88398 --a------ C:\WINDOWS\hpoins06.dat
2008-02-29 19:49:27 0 d-------- C:\Documents and Settings\All Users\Application Data\Intel
2008-02-29 19:47:20 0 d-------- C:\Documents and Settings\Robert\Application Data\Intel
2008-02-29 19:18:16 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-29 19:16:47 10752 --a------ C:\WINDOWS\system32\PSS42561.DLL <Not Verified; Pharos Systems International; PHAROS>
2008-02-29 19:14:46 0 d-------- C:\Program Files\HP
2008-02-29 19:11:25 0 d-------- C:\Documents and Settings\Robert\Application Data\HP
2008-02-29 19:09:02 0 d-------- C:\WINDOWS\InCD
2008-02-29 19:06:06 155648 --a------ C:\WINDOWS\system32\NeroCheck.exe <Not Verified; Ahead Software Gmbh; Ahead Software Gmbh NeroCheck>
2008-02-29 19:04:53 0 d-------- C:\Documents and Settings\All Users\Application Data\Ahead
2008-02-29 19:04:51 364544 -----n--- C:\WINDOWS\system32\TwnLib4.dll <Not Verified; Pegasus Imaging Corp.; TwnLib4>
2008-02-29 19:04:51 106496 --a------ C:\WINDOWS\system32\TwnLib20.dll <Not Verified; Pegasus Software; TWNLIB20>
2008-02-29 19:04:51 471040 -----n--- C:\WINDOWS\system32\ImagXRA7.dll <Not Verified; Pegasus Imaging Corp.; ImagXpress7>
2008-02-29 19:04:51 262144 -----n--- C:\WINDOWS\system32\ImagXR7.dll <Not Verified; Pegasus Imaging Corp.; ImagXpress7>
2008-02-29 19:04:51 1568768 -----n--- C:\WINDOWS\system32\ImagX7.dll <Not Verified; Pegasus Imaging Corp.; ImagXpress7>
2008-02-29 19:04:50 38912 -----n--- C:\WINDOWS\system32\picn20.dll <Not Verified; Pegasus Imaging Corp.; PEGASUS>
2008-02-29 19:04:49 0 d-------- C:\Program Files\Common Files\Ahead
2008-02-29 19:04:44 0 d-------- C:\Program Files\Ahead
2008-02-29 18:59:51 0 d-------- C:\Program Files\WinISO
2008-02-29 18:57:53 0 d-------- C:\Program Files\Datel
2008-02-29 18:57:46 0 d-------- C:\Documents and Settings\Robert\Application Data\acccore
2008-02-29 18:56:18 0 d-------- C:\Program Files\Photo Viewer
2008-02-29 18:42:42 0 d-------- C:\Program Files\CyberLink
2008-02-29 18:37:32 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-29 18:35:43 10752 --a------ C:\WINDOWS\system32\PSS38EF9.DLL <Not Verified; Pharos Systems International; PHAROS>
2008-02-29 18:34:31 0 d-------- C:\Program Files\Microsoft Works
2008-02-29 18:32:30 0 d-------- C:\WINDOWS\SHELLNEW
2008-02-29 18:32:11 0 d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-02-29 18:15:26 0 dr-h----- C:\MSOCache
2008-02-28 22:20:36 0 d-------- C:\Program Files\MSXML 4.0
2008-02-28 21:51:44 0 d-------- C:\Program Files\Ruckus Player
2008-02-28 21:36:04 0 d-------- C:\Program Files\Windows Media Connect 2
2008-02-28 21:35:01 0 d-------- C:\WINDOWS\system32\LogFiles
2008-02-28 21:35:01 0 d-------- C:\WINDOWS\system32\drivers\UMDF
2008-02-28 21:14:39 0 d-------- C:\Program Files\Common Files\xing shared
2008-02-28 21:14:30 0 d-------- C:\Program Files\Real
2008-02-28 21:14:28 0 d-------- C:\Program Files\Common Files\Real
2008-02-28 21:14:28 0 d-------- C:\Documents and Settings\Robert\Application Data\Real
2008-02-28 20:59:02 0 d-------- C:\Program Files\Music Rescue
2008-02-28 20:58:45 0 d-------- C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-02-28 20:58:44 0 d-------- C:\Program Files\DVD Shrink
2008-02-28 20:58:27 0 d-------- C:\Documents and Settings\Robert\Application Data\Apple Computer
2008-02-28 20:58:16 0 d-------- C:\Program Files\iPod
2008-02-28 20:58:09 0 d-------- C:\Program Files\iTunes
2008-02-28 20:58:01 0 d-------- C:\Documents and Settings\Robert\Application Data\3M
2008-02-28 20:57:59 0 d-------- C:\Program Files\Bonjour
2008-02-28 20:57:39 0 d-------- C:\Program Files\DVDFab HD Decrypter 4
2008-02-28 20:57:25 0 d-------- C:\Program Files\QuickTime
2008-02-28 20:57:24 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-02-28 20:57:18 0 d-------- C:\Program Files\3M
2008-02-28 20:57:10 0 d-------- C:\Program Files\Apple Software Update
2008-02-28 20:56:41 0 d-------- C:\Program Files\Common Files\Apple
2008-02-28 20:56:41 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-02-28 20:55:27 0 d-------- C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
2008-02-28 20:54:39 82432 --a------ C:\WINDOWS\system32\msxml4r.dll <Not Verified; Microsoft Corporation; Microsoft® MSXML 4.0 SP1>
2008-02-28 20:54:38 109568 --a------ C:\WINDOWS\system32\MadCHook.dll <Not Verified; www.madshi.net; madCHook>
2008-02-28 20:54:35 10752 --a------ C:\WINDOWS\system32\PSS130F3.DLL <Not Verified; Pharos Systems International; PHAROS>
2008-02-28 20:54:35 10752 --a------ C:\WINDOWS\system32\PSS130F2.DLL <Not Verified; Pharos Systems International; PHAROS>
2008-02-28 20:54:35 10752 --a------ C:\WINDOWS\system32\PSS130F1.DLL <Not Verified; Pharos Systems International; PHAROS>
2008-02-28 20:54:35 10752 --a------ C:\WINDOWS\system32\PSS130F0.DLL <Not Verified; Pharos Systems International; PHAROS>
2008-02-28 20:54:35 10752 --a------ C:\WINDOWS\system32\PSS130EE.DLL <Not Verified; Pharos Systems International; PHAROS>
2008-02-28 20:54:35 10752 --a------ C:\WINDOWS\system32\PSS130ED.DLL <Not Verified; Pharos Systems International; PHAROS>
2008-02-28 20:54:34 10752 --a------ C:\WINDOWS\system32\PSS130E8.DLL <Not Verified; Pharos Systems International; PHAROS>
2008-02-28 20:54:34 10752 --a------ C:\WINDOWS\system32\PSS130E7.DLL <Not Verified; Pharos Systems International; PHAROS>
2008-02-28 20:54:34 10752 --a------ C:\WINDOWS\system32\PSS130E6.DLL <Not Verified; Pharos Systems International; PHAROS>
2008-02-28 20:54:34 462848 --a------ C:\WINDOWS\system32\PSP130E6.DLL <Not Verified; Pharos Systems International; PHAROS>
2008-02-28 20:54:32 258048 --a------ C:\WINDOWS\system32\PSR130C1.DLL <Not Verified; Pharos Systems International; PHAROS>
2008-02-28 20:54:28 0 d-------- C:\Program Files\PharosSystems
2008-02-28 20:54:24 0 d-------- C:\Program Files\Pharos
2008-02-28 20:54:08 0 d-------- C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-02-28 20:54:08 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2008-02-28 20:54:07 0 d-------- C:\Program Files\Viewpoint
2008-02-28 20:54:07 0 d-------- C:\Program Files\Audacity
2008-02-28 20:53:59 0 d-------- C:\Program Files\Common Files\Adobe
2008-02-28 20:53:57 0 d-------- C:\Documents and Settings\All Users\Application Data\AOL
2008-02-28 20:53:57 0 d-------- C:\Documents and Settings\All Users\Application Data\AOL OCP
2008-02-28 20:53:42 0 d-------- C:\Program Files\Common Files\AOL
2008-02-28 20:53:33 0 d-------- C:\Program Files\AIM6
2008-02-28 20:53:24 0 d-------- C:\Program Files\Steam
2008-02-28 20:52:37 0 d-------- C:\Documents and Settings\Robert\Application Data\Macromedia
2008-02-28 20:52:37 0 d-------- C:\Documents and Settings\Robert\Application Data\Adobe
2008-02-28 20:52:34 1158 --a------ C:\WINDOWS\mozver.dat
2008-02-28 20:36:55 0 d-------- C:\Program Files\Lavasoft
2008-02-28 20:36:55 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-28 20:35:33 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-28 20:15:43 0 d-------- C:\Documents and Settings\Robert\Application Data\Thunderbird
2008-02-28 20:15:33 0 d-------- C:\Program Files\Mozilla Thunderbird
2008-02-28 20:15:03 0 d-------- C:\Documents and Settings\Robert\Application Data\Talkback
2008-02-28 20:14:47 0 --a------ C:\WINDOWS\nsreg.dat
2008-02-28 20:14:45 0 d-------- C:\Documents and Settings\Robert\Application Data\Mozilla
2008-02-28 20:09:45 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-02-28 18:41:23 0 d-------- C:\WINDOWS\network diagnostic
2008-02-28 18:39:27 0 d-------- C:\Program Files\MSXML 6.0
2008-02-28 18:30:46 67110 --a------ C:\WINDOWS\system32\nvModes.dat
2008-02-28 18:27:07 0 d-------- C:\WINDOWS\system32\PreInstall
2008-02-28 18:27:00 0 d-------- C:\temp
2008-02-28 18:25:40 0 d-------- C:\Program Files\DellAutomatedPCTuneUp
2008-02-28 18:24:31 0 d-------- C:\Program Files\SigmaTel
2008-02-28 18:23:00 0 d-------- C:\WINDOWS\nview
2008-02-28 18:22:00 1626112 --a------ C:\WINDOWS\system32\nwiz.exe
2008-02-28 18:22:00 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll
2008-02-28 18:22:00 1703936 --a------ C:\WINDOWS\system32\nvwdmcpl.dll
2008-02-28 18:21:59 466944 --a------ C:\WINDOWS\system32\nvshell.dll
2008-02-28 18:21:59 1474560 --a------ C:\WINDOWS\system32\nview.dll
2008-02-28 18:21:59 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe
2008-02-28 18:21:57 442368 --a------ C:\WINDOWS\system32\nvappbar.exe
2008-02-28 18:21:56 425984 --a------ C:\WINDOWS\system32\keystone.exe
2008-02-28 18:20:51 0 d--h----- C:\WINDOWS\$hf_mig$
2008-02-28 18:11:47 0 d-------- C:\Program Files\Synaptics
2008-02-28 18:08:07 0 d-------- C:\Documents and Settings\Robert\Bluetooth Software
2008-02-28 18:07:26 0 d-------- C:\Program Files\WIDCOMM
2008-02-28 18:05:36 666 --a------ C:\WINDOWS\speed.reg
2008-02-28 18:04:30 16128 --a------ C:\WINDOWS\system32\drivers\APPDRV.SYS <Not Verified; Dell Inc; Application Driver>
2008-02-28 18:04:03 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-02-28 18:04:02 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-02-28 18:04:00 0 d-------- C:\Program Files\SystemRequirementsLab
2008-02-28 18:02:22 76 -r-hs---- C:\WINDOWS\CT4CET.bin
2008-02-28 18:02:05 0 d-------- C:\Program Files\Common Files\Reallusion
2008-02-28 18:01:50 0 d-------- C:\Program Files\Common Files\Creative
2008-02-28 18:01:39 0 d-------- C:\Program Files\Creative Live! Cam
2008-02-28 18:01:34 0 d-------- C:\Documents and Settings\Robert\Application Data\GTek
2008-02-28 18:01:26 0 d-------- C:\Program Files\Creative
2008-02-28 17:59:32 0 d-------- C:\Program Files\DellSupport
2008-02-28 17:59:32 0 d-------- C:\Documents and Settings\All Users\Application Data\Gtek
2008-02-28 17:58:47 47104 --a------ C:\WINDOWS\system32\rpcnet.dll <Not Verified; Absolute Software Corp.; Installation/Management Application>
2008-02-28 17:58:23 47104 --a------ C:\WINDOWS\system32\rpcnet.exe <Not Verified; Absolute Software Corp.; Installation/Management Application>
2008-02-28 17:58:18 0 d-------- C:\WINDOWS\system32\ReinstallBackups
2008-02-28 17:55:11 770048 --a------ C:\WINDOWS\system32\BCMLogon.dll <Not Verified; Dell Inc.; Wireless Network Logon Provider>
2008-02-28 17:55:10 33664 --a------ C:\WINDOWS\system32\drivers\BCMWLNPF.SYS <Not Verified; CACE Technologies; WinPcap Netgroup Packet Filter Driver>
2008-02-28 17:55:09 20480 --a------ C:\WINDOWS\system32\WLTRYSVC.EXE
2008-02-28 17:55:09 1392640 --a------ C:\WINDOWS\system32\WLTRAY.EXE <Not Verified; Dell Inc.; Dell Wireless WLAN Card Wireless Network Tray Applet>
2008-02-28 17:55:09 2129920 --a------ C:\WINDOWS\system32\WLBCGCBPRO731.DLL <Not Verified; BCGSoft Ltd; BCGControlBar Professional Dynamic Link Library>
2008-02-28 17:55:09 86016 --a------ C:\WINDOWS\system32\preflib.dll
2008-02-28 17:55:09 253952 --a------ C:\WINDOWS\system32\bcmwlu00.exe <Not Verified; Dell Inc.; Dell Wireless WLAN Card Uninstaller>
2008-02-28 17:55:09 1253376 --a------ C:\WINDOWS\system32\BCMWLTRY.EXE <Not Verified; Dell Inc.; Dell Wireless WLAN Card Wireless Network Controller>
2008-02-28 17:55:09 69632 --a------ C:\WINDOWS\system32\bcmwlpkt.dll <Not Verified; CACE Technologies; WinPcap low level packet library>
2008-02-28 17:55:09 757760 --a------ C:\WINDOWS\system32\bcm1xsup.dll
2008-02-28 17:55:08 0 d-------- C:\Program Files\Dell
2008-02-28 17:54:55 0 d-------- C:\Program Files\Common Files\InstallShield
2008-02-28 17:54:51 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2008-02-28 17:53:59 0 d-------- C:\WINDOWS\Downloaded Installations
2008-02-28 17:53:03 0 d-------- C:\Program Files\Broadcom
2008-02-28 17:52:26 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-02-28 17:52:22 0 d-------- C:\Program Files\Digital Line Detect
2008-02-28 17:52:15 0 d-------- C:\Documents and Settings\Robert\Application Data\InstallShield
2008-02-28 17:51:39 0 d-------- C:\Program Files\Modem Diagnostic Tool
2008-02-28 17:51:34 0 d-------- C:\Program Files\CONEXANT
2008-02-28 17:50:10 0 d-------- C:\Program Files\DIFX
2008-02-28 17:49:36 0 d------c- C:\WINDOWS\system32\DRVSTORE
2008-02-28 17:49:29 0 d-------- C:\Program Files\Intel
2008-02-28 17:48:38 0 d-------- C:\Intel
2008-02-28 17:47:15 0 d-------- C:\Dell
2008-02-28 17:42:40 0 d-------- C:\Documents and Settings\Robert\Application Data\Identities
2008-02-28 17:42:32 0 d--h----- C:\Documents and Settings\Robert\Templates
2008-02-28 17:42:32 0 dr------- C:\Documents and Settings\Robert\Start Menu
2008-02-28 17:42:32 0 dr-h----- C:\Documents and Settings\Robert\SendTo
2008-02-28 17:42:32 0 d--h----- C:\Documents and Settings\Robert\PrintHood
2008-02-28 17:42:32 4718592 --ah----- C:\Documents and Settings\Robert\NTUSER.DAT
2008-02-28 17:42:32 0 d--h----- C:\Documents and Settings\Robert\NetHood
2008-02-28 17:42:32 0 dr------- C:\Documents and Settings\Robert\My Documents
2008-02-28 17:42:32 0 d--h----- C:\Documents and Settings\Robert\Local Settings
2008-02-28 17:42:32 0 dr------- C:\Documents and Settings\Robert\Favorites
2008-02-28 17:42:32 0 d-------- C:\Documents and Settings\Robert\Desktop
2008-02-28 17:42:32 0 d--hs---- C:\Documents and Settings\Robert\Cookies
2008-02-28 17:42:32 0 dr-h----- C:\Documents and Settings\Robert\Application Data
2008-02-28 17:41:45 0 d-------- C:\WINDOWS\SoftwareDistribution
2008-02-28 17:41:43 17408 --a------ C:\WINDOWS\system32\rpcnetp.dll
2008-02-28 17:41:43 0 d---s---- C:\WINDOWS\system32\Microsoft
2008-02-28 17:41:43 0 d-------- C:\WINDOWS\Prefetch
2008-02-28 17:41:42 262144 --ah----- C:\Documents and Settings\LocalService\NTUSER.DAT
2008-02-28 17:41:42 0 d--h----- C:\Documents and Settings\LocalService\Local Settings
2008-02-28 17:41:42 0 d--hs---- C:\Documents and Settings\LocalService\Cookies
2008-02-28 17:41:42 0 d-------- C:\Documents and Settings\LocalService\Application Data
2008-02-28 17:41:42 0 d---s---- C:\Documents and Settings\LocalService\Application Data\Microsoft
2008-02-28 17:41:22 262144 --ah----- C:\Documents and Settings\NetworkService\NTUSER.DAT
2008-02-28 17:41:22 0 d--h----- C:\Documents and Settings\NetworkService\Local Settings
2008-02-28 17:41:22 0 d--hs---- C:\Documents and Settings\NetworkService\Cookies
2008-02-28 17:41:22 0 d-------- C:\Documents and Settings\NetworkService\Application Data
2008-02-28 17:41:22 0 d---s---- C:\Documents and Settings\NetworkService\Application Data\Microsoft
2008-02-28 17:38:08 0 d-------- C:\WINDOWS\system32\xircom
2008-02-28 17:38:08 0 d-------- C:\Program Files\microsoft frontpage
2008-02-28 17:38:06 225280 ---h----- C:\Documents and Settings\Default User\NTUSER.DAT
2008-02-28 17:38:00 0 -rahs---- C:\MSDOS.SYS
2008-02-28 17:38:00 0 -rahs---- C:\IO.SYS
2008-02-28 17:38:00 0 --a------ C:\CONFIG.SYS
2008-02-28 17:38:00 0 --a------ C:\AUTOEXEC.BAT
2008-02-28 17:37:15 0 d--hs---- C:\Documents and Settings\All Users\DRM
2008-02-28 17:37:08 0 dr------- C:\WINDOWS\Offline Web Pages
2008-02-28 17:37:08 0 d---s---- C:\WINDOWS\Downloaded Program Files
2008-02-28 17:36:57 0 d--h----- C:\Program Files\WindowsUpdate
2008-02-28 17:36:39 0 d-------- C:\WINDOWS\system32\DirectX
2008-02-28 17:36:00 0 d---s---- C:\WINDOWS\Tasks
2008-02-28 17:35:58 0 d-------- C:\Program Files\Common Files\MSSoap
2008-02-28 17:35:54 0 d-------- C:\WINDOWS\srchasst
2008-02-28 17:35:53 0 d-------- C:\WINDOWS\system32\Macromed
2008-02-28 17:35:44 0 d-------- C:\Program Files\Movie Maker
2008-02-28 17:35:35 0 d-------- C:\WINDOWS\system32\Restore
2008-02-28 17:35:13 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-02-28 17:34:57 0 d-------- C:\WINDOWS\Registration
2008-02-28 17:34:32 0 d-------- C:\Program Files\Online Services
2008-02-28 17:34:24 0 d-------- C:\Program Files\Messenger
2008-02-28 17:34:20 0 d-------- C:\Program Files\MSN Gaming Zone
2008-02-28 17:33:35 0 d-------- C:\Program Files\Windows NT
2008-02-28 17:33:32 0 d-------- C:\WINDOWS\system32\MsDtc
2008-02-28 17:33:30 0 d-------- C:\WINDOWS\system32\Com
2008-02-28 12:18:24 0 d--hs---- C:\WINDOWS\Installer
2008-02-28 12:18:23 0 d-------- C:\Program Files\Common Files\ODBC
2008-02-28 12:18:20 0 d-------- C:\Program Files\Common Files\SpeechEngines
2008-02-28 12:18:19 0 dr------- C:\Program Files
2008-02-28 12:18:19 0 d-------- C:\Program Files\Common Files
2008-02-28 12:17:51 0 d--h----- C:\Documents and Settings\Default User\Templates
2008-02-28 12:17:51 0 dr------- C:\Documents and Settings\Default User\Start Menu
2008-02-28 12:17:51 0 dr-h----- C:\Documents and Settings\Default User\SendTo
2008-02-28 12:17:51 0 d--h----- C:\Documents and Settings\Default User\Recent
2008-02-28 12:17:51 0 d--h----- C:\Documents and Settings\Default User\PrintHood
2008-02-28 12:17:51 0 d--h----- C:\Documents and Settings\Default User\NetHood
2008-02-28 12:17:51 0 d-------- C:\Documents and Settings\Default User\My Documents
2008-02-28 12:17:51 0 dr-h----- C:\Documents and Settings\Default User\Local Settings
2008-02-28 12:17:51 0 d-------- C:\Documents and Settings\Default User\Favorites
2008-02-28 12:17:51 0 d-------- C:\Documents and Settings\Default User\Desktop
2008-02-28 12:17:51 0 d---s---- C:\Documents and Settings\Default User\Cookies
2008-02-28 12:17:51 0 d--h----- C:\Documents and Settings\All Users\Templates
2008-02-28 12:17:51 0 dr------- C:\Documents and Settings\All Users\Start Menu
2008-02-28 12:17:51 0 d-------- C:\Documents and Settings\All Users\Favorites
2008-02-28 12:17:51 0 dr------- C:\Documents and Settings\All Users\Documents
2008-02-28 12:17:51 0 d-------- C:\Documents and Settings\All Users\Desktop
2008-02-28 12:17:39 0 d-------- C:\WINDOWS\system32\CatRoot2
2008-02-28 12:17:39 0 d-------- C:\WINDOWS\system32\CatRoot
2008-02-28 12:17:34 0 dr-h----- C:\Documents and Settings\Default User\Application Data
2008-02-28 12:17:34 0 d---s---- C:\Documents and Settings\Default User\Application Data\Microsoft
2008-02-28 12:17:34 0 dr-h----- C:\Documents and Settings\All Users\Application Data
2008-02-28 12:17:34 0 d---s---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-02-28 12:17:07 0 d--hs---- C:\System Volume Information
2008-02-28 12:17:07 0 d-------- C:\Documents and Settings
2008-02-28 12:17:03 17408 --a------ C:\WINDOWS\system32\rpcnetp.exe
2008-02-28 12:08:32 0 d-------- C:\WINDOWS
2008-02-28 12:08:32 0 d-------- C:\WINDOWS\WinSxS
2008-02-28 12:08:32 0 dr------- C:\WINDOWS\Web
2008-02-28 12:08:32 0 d-------- C:\WINDOWS\twain_32
2008-02-28 12:08:32 0 d-------- C:\WINDOWS\system32
2008-02-28 12:08:32 0 d-------- C:\WINDOWS\system32\wins
2008-02-28 12:08:32 0 d-------- C:\WINDOWS\system32\wbem
2008-02-28 12:08:32 0 d-------- C:\WINDOWS\system32\usmt
2008-02-28 12:08:32 0 d-------- C:\WINDOWS\system32\spool
2008-02-28 12:08:32 0 d-------- C:\WINDOWS\system32\ShellExt
2008-02-28 12:08:32 0 d-------- C:\WINDOWS\system32\Setup
2008-02-28 12:08:32 0 d-------- C:\WINDOWS\system32\ras
2008-02-28 12:08:32 0 d-------- C:\WINDOWS\system32\oobe
2008-02-28 12:08:32 0 d-------- C:\WINDOWS\system32\npp
2008-02-28 12:08:32 0 d-------- C:\WINDOWS\system32\mui
2008-02-28 12:08:32 0 d-------- C:\WINDOWS\system32\inetsrv
2008-02-28 12:08:32 0 d-------- C:\WINDOWS\system32\IME
2008-02-28 12:08:32 0 d-------- C:\WINDOWS\system32\icsxml
2008-02-28 12:08:32 0 d-------- C:\WINDOWS\system32\ias
2008-02-28 12:08:32 0 d-------- C:\WINDOWS\system32\export
2008-02-28 12:08:32 0 d-------- C:\WINDOWS\system32\drivers
2008-02-28 12:08:32 0 d-------- C:\WINDOWS\system32\drivers\etc
2008-02-28 12:08:32 0 d-------- C:\WINDOWS\system32\drivers\disdn
2008-02-28 12:08:32 0 dr-hs--c- C:\WINDOWS\system32\dllcache
2008-02-28 12:08:32 0 d-------- C:\WINDOWS\system32\dhcp
2008-02-28 12:08:32 0 d-------- C:\WINDOWS\system32\config
2008-02-28 12:08:32 0 d-------- C:\WINDOWS\system32\3com_dmi
2008-02-28 12:08:32 0 d-------- C:\WINDOWS\system32\3076
2008-02-28 12:08:32 0 d-------- C:\WINDOWS\system32\2052
2008-02-28 12:08:32 0 d-------- C:\WINDOWS\system32\1054
2008-02-28 12:08:32 0 d-------- C:\WINDOWS\system32\1042
2008-02-28 12:08:32 0 d-------- C:\WINDOWS\system32\1041
2008-02-28 12:08:32 0 d-------- C:\WINDOWS\system32\1037
2008-02-28 12:08:32 0 d-------- C:\WINDOWS\system32\1033
2008-02-28 12:08:32 0 d-------- C:\WINDOWS\system32\1031
2008-02-28 12:08:32 0 d-------- C:\WINDOWS\system32\1028
2008-02-28 12:08:32 0 d-------- C:\WINDOWS\system32\1025
2008-02-28 12:08:32 0 d-------- C:\WINDOWS\system
2008-02-28 12:08:32 0 d-------- C:\WINDOWS\security
2008-02-28 12:08:32 0 d-------- C:\WINDOWS\Resources
2008-02-28 12:08:32 0 d-------- C:\WINDOWS\repair
2008-02-28 12:08:32 0 d-------- C:\WINDOWS\Provisioning
2008-02-28 12:08:32 0 d-------- C:\WINDOWS\PeerNet
2008-02-28 12:08:32 0 d-------- C:\WINDOWS\pchealth
2008-02-28 12:08:32 0 d-------- C:\WINDOWS\mui
2008-02-28 12:08:32 0 d-------- C:\WINDOWS\msapps
2008-02-28 12:08:32 0 d-------- C:\WINDOWS\msagent
2008-02-28 12:08:32 0 d-------- C:\WINDOWS\Media
2008-02-28 12:08:32 0 d-------- C:\WINDOWS\java
2008-02-28 12:08:32 0 d--h----- C:\WINDOWS\inf
2008-02-28 12:08:32 0 d-------- C:\WINDOWS\ime
2008-02-28 12:08:32 0 d-------- C:\WINDOWS\Help
2008-02-28 12:08:32 0 dr--s---- C:\WINDOWS\Fonts
2008-02-28 12:08:32 0 d-------- C:\WINDOWS\Driver Cache
2008-02-28 12:08:32 0 d-------- C:\WINDOWS\Debug
2008-02-28 12:08:32 0 d-------- C:\WINDOWS\Cursors
2008-02-28 12:08:32 0 d-------- C:\WINDOWS\Connection Wizard
2008-02-28 12:08:32 0 d-------- C:\WINDOWS\Config
2008-02-28 12:08:32 0 d-------- C:\WINDOWS\AppPatch
2008-02-28 12:08:32 0 d-------- C:\WINDOWS\addins


-- Find3M Report ---------------------------------------------------------------

2008-03-03 16:26:01 353 --a------ C:\Documents and Settings\Robert\Application Data\HelpFilesUpdatePatch_PRINTHELPWRAPPER.log
2008-03-03 16:25:56 0 --a------ C:\Documents and Settings\Robert\Application Data\HelpFilesUpdatePatch_HELPFILEREPLACE.log
2008-03-03 16:24:04 2799 --a------ C:\Documents and Settings\Robert\Application Data\PatchUpdate_InstantShareJPG.log
2008-03-03 16:22:55 3600 --a------ C:\Documents and Settings\Robert\Application Data\PatchUpdate_IZClosingDiscError.log
2008-03-03 16:21:24 33073 --a------ C:\Documents and Settings\Robert\Application Data\Update_HP_RedboxHprblog_HPSU.log
2008-03-03 16:18:32 139264 --a------ C:\WINDOWS\system32\hpzjrd01.dll <Not Verified; Hewlett Packard; Hewlett Packard Rediscovery Library>
2008-02-29 12:36:36 394304 --a------ C:\Documents and Settings\Robert\Application Data\com.kennettnet.MusicRescueProfiles.plist
2008-02-29 12:36:32 3301 --a------ C:\Documents and Settings\Robert\Application Data\com.kennettnet.MusicRescue.plist
2008-02-28 21:19:05 11193 --a------ C:\Program Files\Common Files\tasecy.inf
2008-02-28 20:41:48 16528 --a------ C:\Documents and Settings\Robert\Application Data\oryleved.ban
2008-02-28 20:41:47 16646 --a------ C:\Documents and Settings\Robert\Application Data\rimuk.ban
2008-02-28 20:41:47 13479 --a------ C:\Documents and Settings\Robert\Application Data\ohav._dl
2008-02-28 20:41:47 15058 --a------ C:\Documents and Settings\Robert\Application Data\kyqiqycyqa.lib
2008-02-28 20:41:47 19566 --a------ C:\Documents and Settings\Robert\Application Data\icoxefyqo.dl
2008-02-28 20:15:09 11854 --a------ C:\Program Files\Common Files\onukegynyg._dl
2008-02-28 20:15:09 19274 --a------ C:\Program Files\Common Files\aguwa.dl
2008-02-28 12:17:51 62 --ahs---- C:\Documents and Settings\Robert\Application Data\desktop.ini


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{377C180E-6F0E-4D4C-980F-F45BD3D40CF4}]
09/19/2007 06:15 AM 329032 --a------ c:\PROGRA~1\mcafee\msk\mcapbho.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [10/08/2007 03:18 PM]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [03/16/2007 07:10 PM]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\QuickSet.exe" [07/03/2007 02:57 PM]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [10/26/2007 03:14 PM]
"OEM02Mon.exe"="C:\WINDOWS\OEM02Mon.exe" [05/10/2007 02:01 AM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [11/17/2007 04:03 AM]
"nwiz"="nwiz.exe" [11/17/2007 04:03 AM C:\WINDOWS\system32\nwiz.exe]
"NVHotkey"="nvHotkey.dll" [11/17/2007 04:03 AM C:\WINDOWS\system32\nvhotkey.dll]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [11/17/2007 04:03 AM]
"SigmatelSysTrayApp"="C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [05/10/2007 11:22 AM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 11:16 PM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [02/01/2008 12:13 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [02/19/2008 02:10 PM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [02/28/2008 09:14 PM]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [11/02/2004 09:24 PM]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [07/09/2001 12:50 PM]
"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [08/26/2004 10:01 PM]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [06/11/2007 05:25 AM]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [05/12/2005 12:12 AM]
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [11/05/2006 12:22 PM]
"RoxioDragToDisc"="C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe" [08/17/2006 10:00 AM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [05/29/2007 08:33 PM]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [06/06/2007 05:25 PM]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [03/03/2008 09:51 PM]
"WinPatrol"="C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe" [01/27/2008 01:38 AM]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [08/03/2007 10:33 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [03/15/2007 01:09 PM]
"DELL Webcam Manager"="C:\Program Files\DELL\DELL Webcam Manager\DellWMgr.exe" [06/07/2007 12:14 PM]
"DellAutomatedPCTuneUp"="C:\Program Files\DellAutomatedPCTuneUp\PTAgnt.exe" [10/11/2007 10:49 AM]
"Steam"="C:\Program Files\Steam\Steam.exe" [02/28/2008 08:53 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 08:00 AM]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [01/28/2008 12:43 PM]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [01/03/2008 12:15 PM]
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [09/22/2004 05:10 PM]

C:\Documents and Settings\Robert\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [10/26/2006 9:24:54 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [5/17/2007 4:43:18 PM]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2/28/2008 5:52:26 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{129c225c-e646-11dc-94db-93b6d1739fab}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480




-- Hosts -----------------------------------------------------------------------

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

8002 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-03-12 20:37:18 ------------



Extra

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Core™2 Duo CPU T7500 @ 2.20GHz
CPU 1: Intel® Core™2 Duo CPU T7500 @ 2.20GHz
Percentage of Memory in Use: 51%
Physical Memory (total/avail): 2045.97 MiB / 998.25 MiB
Pagefile Memory (total/avail): 3938.9 MiB / 2776.07 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1902.22 MiB

C: is Fixed (NTFS) - 136.45 GiB total, 92.2 GiB free.
D: is Fixed (NTFS) - 2.5 GiB total, 2.48 GiB free.
E: is Fixed (NTFS) - 10 GiB total, 8.66 GiB free.
F: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - Hitachi HTS722016K9A300 - 149.05 GiB - 4 partitions
\PARTITION0 - Unknown - 101.94 MiB
\PARTITION1 - Installable File System - 10 GiB - E:
\PARTITION2 (bootable) - Installable File System - 136.45 GiB - C:
\PARTITION3 - Extended w/Extended Int 13 - 2.5 GiB - D:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.
AntiVirusDisableNotify is set.
FirewallDisableNotify is set.
UpdatesDisableNotify is set.

FW: McAfee Personal Firewall v (McAfee)
AV: AVG 7.5.518 v7.5.518 (Grisoft)
AV: McAfee VirusScan v (McAfee)
AV: Symantec AntiVirus Corporate Edition v10.1.6.6010 (Symantec Corporation)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\PharosSystems\\Core\\CTskMstr.exe"="C:\\Program Files\\PharosSystems\\Core\\CTskMstr.exe:*:Enabled:Pharos Com Task Master "
"C:\\WINDOWS\\SYSTEM32\\ctmweb.exe"="C:\\WINDOWS\\SYSTEM32\\ctmweb.exe:*:Enabled:ctmweb Computrace Installation/Management Application"
"%ProgramFiles%\\Symantec AntiVirus\\Rtvscan.exe"="%ProgramFiles%\\Symantec AntiVirus\\Rtvscan.exe:152.2.0.0/255.255.0.0,152.19.0.0/255.255.0.0,152.23.0.0/255.255.0.0:Enabled:Symantec Antivirus"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\PharosSystems\\Core\\CTskMstr.exe"="C:\\Program Files\\PharosSystems\\Core\\CTskMstr.exe:*:Enabled:Pharos Com Task Master "
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe:*:Enabled:hposid01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe:*:Enabled:hpoews01.exe"
"%ProgramFiles%\\Symantec AntiVirus\\Rtvscan.exe"="%ProgramFiles%\\Symantec AntiVirus\\Rtvscan.exe:152.2.0.0/255.255.0.0,152.19.0.0/255.255.0.0,152.23.0.0/255.255.0.0:Enabled:Symantec Antivirus"
"C:\\Program Files\\GRISOFT\\AVG7\\avginet.exe"="C:\\Program Files\\GRISOFT\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\GRISOFT\\AVG7\\avgamsvr.exe"="C:\\Program Files\\GRISOFT\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\GRISOFT\\AVG7\\avgcc.exe"="C:\\Program Files\\GRISOFT\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\Program Files\\GRISOFT\\AVG7\\avgemc.exe"="C:\\Program Files\\GRISOFT\\AVG7\\avgemc.exe:*:Enabled:avgemc.exe"
"C:\\Program Files\\Ruckus Player\\Ruckus.exe"="C:\\Program Files\\Ruckus Player\\Ruckus.exe:*:Enabled:Ruckus"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"="C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe:*:Enabled:McAfee Network Agent"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Robert\Application Data
CLASSPATH=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=ROBERTLAPTOP
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Robert
LOGONSERVER=\\ROBERTLAPTOP
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\PharosSystems\OutputManagement;C:\Program Files\PharosSystems\Core;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 10, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f0a
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\QuickTime\QTSystem\QTJava.zip
RoxioCentral=C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Robert\LOCALS~1\Temp
TMP=C:\DOCUME~1\Robert\LOCALS~1\Temp
USERDOMAIN=ROBERTLAPTOP
USERNAME=Robert
USERPROFILE=C:\Documents and Settings\Robert
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Robert (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\PROGRA~1\RUCKUS~1\UNWISE.EXE /a C:\PROGRA~1\RUCKUS~1\INSTALL.LOG
--> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\WINDOWS\NuNInst.exe /UNINSTALL
--> C:\WINDOWS\unmrw.exe /UNINSTALL
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> C:\WINDOWS\UNNMP.exe /UNINSTALL
--> C:\WINDOWS\UNNVEContent.exe /UNINSTALL
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88564CEF-20A5-4EF2-A05F-309F2EBA9B06}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1A5BA3E-9ABF-4037-820B-6151022B8ACB}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D5BA7C09-E523-478C-9C37-A1D86C76383E}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F6366726-BA44-4D6A-8ECE-476E2E616AD1}\setup.exe" -l0x9
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Action Replay XBOX 1.42 --> "C:\Program Files\Datel\Action Replay XBOX\unins000.exe"
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Advanced Audio FX Engine --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88564CEF-20A5-4EF2-A05F-309F2EBA9B06}\setup.exe" -l0x9 /remove
Advanced Video FX Engine --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D5BA7C09-E523-478C-9C37-A1D86C76383E}\setup.exe" -l0x9 /remove
AIM 6 --> C:\Program Files\AIM6\uninst.exe
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
Audacity 1.2.6 --> "C:\Program Files\Audacity\unins000.exe"
AVG 7.5 --> C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL
AVG Anti-Rootkit Free --> C:\Program Files\GRISOFT\AVG Anti-Rootkit Free\Uninstall.exe
AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
Bonjour --> MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
Broadcom 440x 10/100 Integrated Controller --> MsiExec.exe /X{612B9183-67A9-4B44-9877-2F059E35B86A}
Broadcom Management Programs --> MsiExec.exe /I{C99C0593-3B48-41D9-B42F-6E035B320449}
Conexant HDA D330 MDC V.92 Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F\HXFSETUP.EXE -U -Idel000f5.inf
Counter-Strike --> "C:\Program Files\Steam\steam.exe" steam://uninstall/10
Counter-Strike: Source --> "C:\Program Files\Steam\steam.exe" steam://uninstall/240
Day of Defeat --> "C:\Program Files\Steam\steam.exe" steam://uninstall/30
Day of Defeat: Source --> "C:\Program Files\Steam\steam.exe" steam://uninstall/300
Deathmatch Classic --> "C:\Program Files\Steam\steam.exe" steam://uninstall/40
Dell Automated PC TuneUp --> MsiExec.exe /X{FE34691C-4298-4667-9758-D7F534DD0B94}
Dell Touchpad --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
DELL Webcam Center --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1A5BA3E-9ABF-4037-820B-6151022B8ACB}\setup.exe" -l0x9 /remove
DELL Webcam Manager --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F6366726-BA44-4D6A-8ECE-476E2E616AD1}\setup.exe" -l0x9 /remove
Dell Wireless WLAN Card --> "C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Program Files\Dell\Dell Wireless WLAN Card"
DellSupport --> MsiExec.exe /X{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}
Digital Line Detect --> C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\Setup.exe -runfromtemp -l0x0009 -removeonly
DVD Shrink 3.2 --> "C:\Program Files\DVD Shrink\unins000.exe"
DVDFab HD Decrypter 4.0.6.2 --> "C:\Program Files\DVDFab HD Decrypter 4\unins000.exe"
Freez FLV to MP3 Converter --> "C:\Program Files\FLV to MP3\unins000.exe"
Half-Life 2: Deathmatch --> "C:\Program Files\Steam\steam.exe" steam://uninstall/320
Half-Life 2: Lost Coast --> "C:\Program Files\Steam\steam.exe" steam://uninstall/340
Half-Life: Blue Shift --> "C:\Program Files\Steam\steam.exe" steam://uninstall/130
High Definition Audio Driver Package - KB888111 --> "C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
HP Document Viewer 5.3 --> C:\Program Files\HP\Digital Imaging\DocumentViewer\hpzscr01.exe -datfile hpqbud04.dat
HP Extended Capabilities 5.3 --> C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Image Zone 5.3 --> C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Imaging Device Functions 5.3 --> C:\Program Files\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat
HP PSC & OfficeJet 5.3.A --> "C:\Program Files\HP\Digital Imaging\{3E386744-10FA-44b2-98C9-DF7A270DECB3}\setup\hpzscr01.exe" -datfile hposcr06.dat
HP Software Update --> MsiExec.exe /X{15EE79F4-4ED1-4267-9B0F-351009325D7D}
HP Solution Center & Imaging Support Tools 5.3 --> C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
iTunes --> MsiExec.exe /I{80FD852F-5AAC-4129-B931-06AAFFA43138}
Java DB 10.3.1.4 --> MsiExec.exe /X{CD49361E-3FE6-457E-90A1-9C59E29B5D02}
Java™ 6 Update 4 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160040}
Java™ SE Development Kit 6 Update 4 --> MsiExec.exe /I{32A3A4F4-B792-11D6-A78A-00B0D0160040}
Laptop Integrated Webcam Driver (1.04.01.1011) --> C:\WINDOWS\CtDrvIns.exe -uninstall -script OEM002.uns -plugin OEM02Pin.dll -pluginres OEM02Pin.crl -nodisconprompt -langid 0x0409
Live! Cam Avatar Creator --> C:\Program Files\InstallShield Installation Information\{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}\setup.exe -runfromtemp -l0x0009 -removeonly /remove
Live! Cam Avatar v1.0 --> C:\Program Files\InstallShield Installation Information\{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}\setup.exe -runfromtemp -l0x0009 -removeonly /remove
LiveUpdate 3.1 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
McAfee SecurityCenter --> C:\Program Files\McAfee\MSC\mcuninst.exe
mCore --> MsiExec.exe /I{E81667C6-2856-46D6-ABEA-6A2F42166779}
mDriver --> MsiExec.exe /I{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}
mHlpDell --> MsiExec.exe /I{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Home and Student 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007 --> MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007 --> MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
mIWA --> MsiExec.exe /I{3E9D596A-61D4-4239-BD19-2DB984D2A16F}
mLogView --> MsiExec.exe /I{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}
mMHouse --> MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
Modem Diagnostic Tool --> MsiExec.exe /I{F63A3748-B93D-4360-9AD4-B064481A5C7B}
Mozilla Firefox (2.0.0.12) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (2.0.0.12) --> C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe
mPfMgr --> MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
mPfWiz --> MsiExec.exe /I{90B0D222-8C21-4B35-9262-53B042F18AF9}
mProSafe --> MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Music Rescue 3.1.6 --> "C:\Program Files\Music Rescue\unins000.exe"
mWlsSafe --> MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
mZConfig --> MsiExec.exe /I{94658027-9F16-4509-BBD7-A59FE57C3023}
Nero Suite --> C:\Program Files\Common Files\Ahead\Uninstall\setup.exe /uninstall
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
Opposing Force --> "C:\Program Files\Steam\steam.exe" steam://uninstall/50
Pharos --> C:\PROGRA~1\Pharos\bin\Local.EXE
Photo Viewer 2.3 --> "C:\Program Files\Photo Viewer\uninstall.exe"
Post-it® Software Notes Lite --> "C:\Program Files\3M\Uninstall.exe" -Prog"C:\Program Files\3M\PsnLite.exe" -INI"C:\Program Files\3M\uninst.ini"
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
QuickSet --> C:\Program Files\InstallShield Installation Information\{C5074CC4-0E26-4716-A307-960272A90040}\setup.exe -runfromtemp -l0x0009 APPDRVNT4 -removeonly
QuickTime --> MsiExec.exe /I{BFD96B89-B769-4CD6-B11E-E79FFD46F067}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Rhapsody Player Engine --> MsiExec.exe /I{22DE1881-9D24-4981-B5CC-EC7E9F2F4D52}
Ricochet --> "C:\Program Files\Steam\steam.exe" steam://uninstall/60
Roxio Creator Audio --> MsiExec.exe /I{83FFCFC7-88C6-41c6-8752-958A45325C82}
Roxio Creator Copy --> MsiExec.exe /I{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}
Roxio Creator Data --> MsiExec.exe /I{0D397393-9B50-4c52-84D5-77E344289F87}
Roxio Creator DE --> MsiExec.exe /I{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
Roxio Creator Tools --> MsiExec.exe /I{0394CDC8-FABD-4ed8-B104-03393876DFDF}
Roxio Drag-to-Disc --> MsiExec.exe /I{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}
Roxio Express Labeler --> MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Roxio MyDVD DE --> MsiExec.exe /I{D639085F-4B6E-4105-9F37-A0DBB023E2FB}
Roxio Update Manager --> MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Ruckus Player --> C:\PROGRA~1\RUCKUS~1\UNWISE.EXE C:\PROGRA~1\RUCKUS~1\INSTALL.LOG
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Office 2007 (KB947801) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {02B5A17B-01BE-4BA6-95F1-1CBB46EBC76E}
SigmaTel Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x9 -remove -removeonly
Sonic Activation Module --> MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SpywareBlaster 4.0 --> "C:\Program Files\SpywareBlaster\unins000.exe"
Steam --> MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
Symantec AntiVirus --> MsiExec.exe /I{50E125D1-88E5-48CE-80AE-98EC9698E639}
System Requirements Lab --> C:\Program Files\SystemRequirementsLab\Uninstall.exe
Team Fortress Classic --> "C:\Program Files\Steam\steam.exe" steam://uninstall/20
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
WIDCOMM Bluetooth Software --> MsiExec.exe /X{84814E6B-2581-46EC-926A-823BD1C670F6}
Windows Driver Package - Ricoh Company (rimsptsk) hdc (11/14/2006 6.00.01.04) --> C:\PROGRA~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\dpinst.exe /us C:\PROGRA~1\DIFX\UninstallScripts\4569969E1360D2854474C661EF9B4D54F143EB16
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinISO 5.3 --> "C:\Program Files\WinISO\unins000.exe"
WinPatrol 2007 --> C:\PROGRA~1\BILLPS~1\WINPAT~1\Setup.exe /remove /q0
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
XChange 360 --> "C:\Program Files\Datel\XChange 360\unins000.exe"


-- Application Event Log -------------------------------------------------------

Event Record #/Type7090 / Error
Event Submitted/Written: 03/12/2008 08:25:57 PM
Event ID/Source: 5051 / McLogEvent
Event Description:
A thread in process C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe took longer than 90000 ms to complete a request.

The process will be terminated.
Thread id : 3284 (0xcd4)

Thread address : 0x7C90EB94

Thread message :

Build VSCORE.14.0.0.349 / 5200.2160
Object being scanned = \Device\HarddiskVolume3\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\APTemp\APQ10.tmp
by C:\Program Files\Symantec AntiVirus\Rtvscan.exe
4(0)(0)
4(0)(0)
7200(0)(0)
7595(0)(0)
7005(0)(0)
7004(0)(0)
5006(0)(0)
5004(0)(0)

Event Record #/Type7071 / Error
Event Submitted/Written: 03/12/2008 06:17:18 PM
Event ID/Source: 5019 / McLogEvent
Event Description:
Exception in McShield.Exe!

Exception details follow :

VSCORE.14.0.0.349
Exception Code : 0XC0000005
Exception Address : 0X00408364
Exception Parameters : 2
Param 1 = 0X00000001
Param 2 = 0X00000014

More information :
ScanRequest : NTName is \Device\HarddiskVolume3\Program Files\Steam\appcache\8010_app.pkv.

Event Record #/Type7070 / Error
Event Submitted/Written: 03/12/2008 06:17:18 PM
Event ID/Source: 5051 / McLogEvent
Event Description:
A thread in process C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe took longer than 90000 ms to complete a request.

The process will be terminated.
Thread id : 2552 (0x9f8)

Thread address : 0x7C90EB94

Thread message :

Build VSCORE.14.0.0.349 / 5200.2160
Object being scanned = \Device\HarddiskVolume3\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\APTemp\APQF.tmp
by C:\Program Files\Symantec AntiVirus\Rtvscan.exe
4(0)(0)
4(0)(0)
7200(0)(0)
7595(0)(0)
7005(0)(0)
7004(0)(0)
5006(0)(0)
5004(0)(0)

Event Record #/Type7051 / Error
Event Submitted/Written: 03/12/2008 10:56:29 AM
Event ID/Source: 5051 / McLogEvent
Event Description:
A thread in process C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe took longer than 90000 ms to complete a request.

The process will be terminated.
Thread id : 3780 (0xec4)

Thread address : 0x7C90EB94

Thread message :

Build VSCORE.14.0.0.349 / 5200.2160
Object being scanned = \Device\HarddiskVolume3\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\APTemp\APQ7.tmp
by C:\Program Files\Symantec AntiVirus\Rtvscan.exe
4(0)(0)
4(0)(0)
7200(0)(0)
7595(0)(0)
7005(0)(0)
7004(0)(0)
5006(0)(0)
5004(0)(0)

Event Record #/Type7033 / Warning
Event Submitted/Written: 03/12/2008 10:52:36 AM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{50E125D1-88E5-48CE-80AE-98EC9698E639}', feature 'SAVUI' failed during request for component '{0ABF6425-272D-4795-9BD8-F2428110EC95}'



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type7320 / Error
Event Submitted/Written: 03/12/2008 08:35:39 PM
Event ID/Source: 7011 / Service Control Manager
Event Description:
Timeout (30000 milliseconds) waiting for a transaction response from the McShield service.

Event Record #/Type7295 / Warning
Event Submitted/Written: 03/12/2008 08:23:40 PM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 0013E869ACD5. The following
error occurred:
%%121.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Event Record #/Type7290 / Warning
Event Submitted/Written: 03/12/2008 08:10:07 PM
Event ID/Source: 256 / PlugPlayManager
Event Description:
Timed out sending notification of device interface change to window of "BCMWLTRY Windows Application"

Event Record #/Type7286 / Error
Event Submitted/Written: 03/12/2008 06:18:39 PM
Event ID/Source: 8032 / BROWSER
Event Description:
The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{63247ECA-1DAE-4352-B60A-7E5422A02013}.
The backup browser is stopping.

Event Record #/Type7278 / Warning
Event Submitted/Written: 03/12/2008 06:16:01 PM
Event ID/Source: 8021 / BROWSER
Event Description:
The browser was unable to retrieve a list of servers from the browser master \\IBMDEBBIE on the network \Device\NetBT_Tcpip_{63247ECA-1DAE-4352-B60A-7E5422A02013}.
The data is the error code.



-- End of Deckard's System Scanner: finished at 2008-03-12 20:37:18 ------------

#6 random/random

random/random

  • Malware Response Team
  • 2,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:12 AM

Posted 13 March 2008 - 08:10 AM

Use windows explorer to find and delete these files:

C:\Program Files\Common Files\tasecy.inf
C:\Documents and Settings\Robert\Application Data\oryleved.ban
C:\Documents and Settings\Robert\Application Data\rimuk.ban
C:\Documents and Settings\Robert\Application Data\ohav._dl
C:\Documents and Settings\Robert\Application Data\kyqiqycyqa.lib
C:\Documents and Settings\Robert\Application Data\icoxefyqo.dl
C:\Program Files\Common Files\onukegynyg._dl
C:\Program Files\Common Files\aguwa.dl

As an example:
To delete C:\WINDOWS\system32\filetogo.bye
Double click the My Computer icon on your Desktop.
Double click on Local Disc (C:\)
Double click on the Windows folder,
Double click on the System 32 folder,
Right click on filetogo.bye and from the menu that appears, click on 'Delete'


Go here to run an online scannner from ESET.
  • Note: You will need to use Internet explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked, and the option Scan unwanted applications is checked
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic, along with a new HijackThis log & a description of any remaining problems.


#7 BrazeDog

BrazeDog
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:12 PM

Posted 13 March 2008 - 10:41 PM

One problem is that as soon as I open up IE, it will freeze up. I can get it to close by right clicking on the taskbar and going to close, then having it come up with a Not responding message and an End Now option (I can't get the Task Manager to open usually, another problem, to shut it down). So I can't run that scanner that you want me to run. Still getting messages that the system is low on virtual memory, random freezes of programs, computer won't restart (have to hold down the power button on and off), I cannot run the laptop in safe mode (it goes blue screen when I try), and just overall lack of performance that the hardware of my laptop should deliver.

One issue is in the C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Antivirus Corporate Edition\7.5\APTemp folder. All of these files are not supposed to be there (they freeze up my AVG Anti-Virus, McAfee, AVG Anti-Spyware, and Ad-aware scans...it gets to one of the files in that folder and just stops on it...Symantec will recognize these as threats and goes through them, but doesn't get rid of them completely as they keep coming back) and I can't get rid of them. Here is my HJT log though.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:35:05 PM, on 3/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\WINDOWS\system32\rpcnet.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Dell\QuickSet\QuickSet.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\OEM02Mon.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\DELL\DELL Webcam Manager\DellWMgr.exe
C:\Program Files\DellAutomatedPCTuneUp\PTAgnt.exe
C:\Program Files\Steam\Steam.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\WINDOWS\OEM02Mon.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] "C:\PROGRA~1\SYMANT~1\VPTray.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe -expressboot
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [DELL Webcam Manager] "C:\Program Files\DELL\DELL Webcam Manager\DellWMgr.exe" /s
O4 - HKCU\..\Run: [DellAutomatedPCTuneUp] "C:\Program Files\DellAutomatedPCTuneUp\PTAgnt.exe" /startup
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab
O16 - DPF: {700EF03F-A472-4D26-8ACB-300F4D04FD96} (Recovery ActiveX Control Module) - https://www.lojackforlaptops.com/ctmweb/testoc.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: DellAMBrokerService - Unknown owner - C:\Program Files\DellAutomatedPCTuneUp\brkrsvc.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPBOID.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pharos Systems ComTaskMaster - Pharos Systems International - C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Remote Procedure Call (RPC) Net (rpcnet) - Absolute Software Corp. - C:\WINDOWS\system32\rpcnet.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 14673 bytes

#8 random/random

random/random

  • Malware Response Team
  • 2,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:12 AM

Posted 14 March 2008 - 01:33 PM

Download and run this tool to remove all symantec products from your PC: 'ftp://ftp.symantec.com/public/english_us_canada/removal_tools/Norton_Removal_Tool.exe

You've got two antivirus programs installed: AVG and McAfee.

You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC.

Please uninstall either AVG or McAfee antivirus

Let me know if the problems persist after this.

Edited by random/random, 14 March 2008 - 01:33 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users