Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Pc-antispyware Infection


  • This topic is locked This topic is locked
9 replies to this topic

#1 Sonny Martin

Sonny Martin

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:16 AM

Posted 02 April 2008 - 01:56 AM

After finding my computer infected with PC-Antispyware I did some research and followed some instructions to remove it. I first ran AVG Antispyware and cleaned what it found. Then I ran Combofix and Hijackthis.

When I came to this site to post my Hijackthis log I followed the instructions first and did each of the steps. Just before running McAfee Avert Stinger I ran SmithfraudFix first both in safe mode.

I then ran a new Hijackthis and the log follows.

I also have noticed a strange program trying to access the internet and have blocked it with the firewall. It is: C:\Documents and Settings\All Users\Application Data\hujwdmrq\jyfqzypu.exe

Thanking anyone who helps in advance,
Sonny

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:56:17 PM, on 4/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
C:\Program Files\CA\eTrust Antivirus\InoRT.exe
C:\Program Files\CA\eTrust Antivirus\InoTask.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\All Users\Application Data\hujwdmrq\jyfqzypu.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\DAP\DAP.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe
C:\Program Files\HP\HP UT\bin\hppusg.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Windows Live\Family Safety\fssui.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\yhclincf.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Nuance\NaturallySpeaking9\Program\natspeak.exe
C:\Documents and Settings\Sonny\Desktop\HiJackThis_v2.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Sonny\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live OneCare Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ToolBoxFX] "C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe" /enum:on /alerts:on /notifications:on /systrayIcon:on /fl:on /fr:on /appData:on
O4 - HKLM\..\Run: [HPUsageTracking] "C:\Program Files\HP\HP UT\bin\hppusg.exe" "C:\Program Files\HP\HP UT\"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fssui.exe" -autorun
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [wsogjtja] C:\WINDOWS\system32\yhclincf.exe
O4 - HKLM\..\Policies\Explorer\Run: [vnK7NKawyJ] C:\Documents and Settings\All Users\Application Data\hujwdmrq\jyfqzypu.exe
O4 - Startup: Dragon NaturallySpeaking.lnk = C:\Program Files\Nuance\NaturallySpeaking9\Program\natspeak.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion&pf=laptop
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqnbk/downloads/sysinfo.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1205958766406
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe

--
End of file - 12853 bytes

BC AdBot (Login to Remove)

 


#2 Sonny Martin

Sonny Martin
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:16 AM

Posted 07 April 2008 - 02:20 PM

To anyone who provides me help,

Since my original post I have done a lot of research on the site and followed a number of procedures that were posted to help others with problems that I think were similar. I have rid myself of the main problems that brought me here but now would like to verify that there are no more to be dealt with.

The new HiJackThis log, following all of my own fixes is as follows. I also have logs from a number of other programs but will refrain from posting unless asked.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:18:44 PM, on 4/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\RogueRemover PRO\RogueRemoverPRO.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
C:\Program Files\CA\eTrust Antivirus\InoRT.exe
C:\Program Files\CA\eTrust Antivirus\InoTask.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlagent.EXE
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Office\OFFICE11\1033\msohelp.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Windows Live Toolbar\msn_sl.exe
C:\Documents and Settings\Sonny\Desktop\Utilities\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live OneCare Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck /autofix /autoclose /waitstart
O4 - HKCU\..\Run: [RogueMonitor] C:\Program Files\RogueRemover PRO\RogueRemoverPRO.exe /monitor
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion&pf=laptop
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/u...can_unicode.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqnbk/downloads/sysinfo.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1205958766406
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe

--
End of file - 9069 bytes

#3 Rawe

Rawe

  • Members
  • 2,363 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:12:16 PM

Posted 10 April 2008 - 12:43 PM

Hello and welcome to BleepingComputer. :thumbsup:

I apologize for the long delay to getting back to you.. The backlog is insane right now, the forums are extremely busy.

If you still need some help with this,

Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

Hi there, stranger!

#4 Sonny Martin

Sonny Martin
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:16 AM

Posted 10 April 2008 - 01:48 PM

Thanks for getting to me! I really appreciate the help & understand.

Here are the two files:
Deckard's System Scanner v20071014.68
Run by Sonny on 2008-04-10 11:37:09
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------



-- Last 5 Restore Point(s) --
12: 2008-04-10 18:21:56 UTC - RP12 - Deckard's System Scanner Restore Point
11: 2008-04-10 10:02:04 UTC - RP11 - Software Distribution Service 3.0
10: 2008-04-10 07:54:47 UTC - RP10 - System Checkpoint
9: 2008-04-09 07:26:12 UTC - RP9 - System Checkpoint
8: 2008-04-08 06:24:26 UTC - RP8 - System Checkpoint


-- First Restore Point --
1: 2008-04-02 06:20:54 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Sonny.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:39:10 AM, on 4/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
C:\Program Files\CA\eTrust Antivirus\InoRT.exe
C:\Program Files\CA\eTrust Antivirus\InoTask.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlagent.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\RogueRemover PRO\RogueRemoverPRO.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Sonny\Desktop\Utilities\dss.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
C:\DOCUME~1\Sonny\Desktop\UTILIT~1\Sonny.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live OneCare Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck /autofix /autoclose /waitstart
O4 - HKCU\..\Run: [RogueMonitor] C:\Program Files\RogueRemover PRO\RogueRemoverPRO.exe /monitor
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion&pf=laptop
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/u...can_unicode.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqnbk/downloads/sysinfo.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1205958766406
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe

--
End of file - 9422 bytes

-- HijackThis Fixed Entries (C:\DOCUME~1\Sonny\Desktop\UTILIT~1\backups\) ------

backup-20080403-135543-581 O4 - HKLM\..\Policies\Explorer\Run: [vnK7NKawyJ] C:\Documents and Settings\All Users\Application Data\hujwdmrq\jyfqzypu.exe
backup-20080403-141001-844 O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

-- File Associations -----------------------------------------------------------

.reg - regfile - shell\open\command - regedit.exe "%1" %*
.scr - scrfile - shell\open\command - "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 INO_FLPY - c:\windows\system32\drivers\ino_flpy.sys <Not Verified; Computer Associates; CA eTrust eTrust Antivirus/InoculateIT version 7.X/6.X/4.X>
R0 Teefer (Teefer for NT) - c:\windows\system32\drivers\teefer.sys <Not Verified; Sygate Technologies, Inc.; Sygate Teefer Driver>
R1 wpsdrvnt - c:\windows\system32\drivers\wpsdrvnt.sys <Not Verified; Sygate Technologies, Inc.; wpsdrvnt>
R2 INO_FLTR - c:\windows\system32\drivers\ino_fltr.sys <Not Verified; Computer Associates; CA eTrust Antivirus/InoculateIT version 7.X/6.X>
R2 sbbotdi - c:\program files\speedbit video accelerator\sbbotdi.sys <Not Verified; SpeedBit Ltd.; Speedbit TDI Driver>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>
R2 InoRPC (eTrust Antivirus RPC Server) - "c:\program files\ca\etrust antivirus\inorpc.exe" <Not Verified; Computer Associates International, Inc.; eTrust Antivirus>
R2 InoRT (eTrust Antivirus Realtime Server) - "c:\program files\ca\etrust antivirus\inort.exe" <Not Verified; Computer Associates International, Inc.; eTrust Antivirus>
R2 InoTask (eTrust Antivirus Job Server) - "c:\program files\ca\etrust antivirus\inotask.exe" <Not Verified; Computer Associates International, Inc.; eTrust Antivirus>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Intel® PRO/Wireless 3945ABG Network Connection
Device ID: PCI\VEN_8086&DEV_4222&SUBSYS_135B103C&REV_02\4&192AC53F&0&00E0
Manufacturer: Intel Corporation
Name: Intel® PRO/Wireless 3945ABG Network Connection
PNP Device ID: PCI\VEN_8086&DEV_4222&SUBSYS_135B103C&REV_02\4&192AC53F&0&00E0
Service: NETw4x32

Class GUID: {4D36E965-E325-11CE-BFC1-08002BE10318}
Description: CD-ROM Drive
Device ID: IDE\CDROMHL-DT-ST_DVDRAM_GSA-4084N_______________KQ09____\304B363534383545303320302020202020202020
Manufacturer: (Standard CD-ROM drives)
Name: HL-DT-ST DVDRAM GSA-4084N
PNP Device ID: IDE\CDROMHL-DT-ST_DVDRAM_GSA-4084N_______________KQ09____\304B363534383545303320302020202020202020
Service: cdrom


-- Scheduled Tasks -------------------------------------------------------------

2008-04-10 10:42:00 254 --a------ C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
2008-04-10 03:15:00 252 --a------ C:\WINDOWS\Tasks\Disc Defragmenter.job
2008-04-10 03:00:00 258 --a------ C:\WINDOWS\Tasks\Windows Update.job
2008-04-10 02:30:00 256 --a------ C:\WINDOWS\Tasks\Malwarebytes' Anti-Malware.job
2008-04-10 02:15:00 260 --a------ C:\WINDOWS\Tasks\Disk Cleanup.job
2008-04-10 02:00:00 298 --a------ C:\WINDOWS\Tasks\AVG Anti-Spyware.job
2008-04-10 01:55:00 264 --a------ C:\WINDOWS\Tasks\Check Web For Update.job
2008-04-03 19:45:02 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-03-10 and 2008-04-10 -----------------------------

2008-04-09 12:01:32 0 d-------- C:\Program Files\ieSpell
2008-04-08 16:55:48 0 d-------- C:\Documents and Settings\Sonny\Application Data\Canon
2008-04-07 09:47:53 0 dr-h----- C:\Documents and Settings\Sonny\Recent
2008-04-06 18:32:58 0 d-------- C:\Documents and Settings\Michael\Application Data\Grisoft
2008-04-04 03:49:37 0 d-------- C:\Documents and Settings\NetworkService\Desktop
2008-04-04 03:19:00 97 --a------ C:\WINDOWS\system32\mhncache.dat
2008-04-04 00:13:33 0 d-------- C:\Program Files\Tweaking Toolbox XP 2
2008-04-04 00:08:25 0 d-------- C:\Documents and Settings\Sonny\Application Data\Uniblue
2008-04-03 22:26:57 0 d-------- C:\!KillBox
2008-04-03 16:43:04 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-04-03 16:43:03 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-04-03 16:16:07 2013 -r-h----- C:\WINDOWS\system32\drivers\hosts
2008-04-03 16:16:03 0 d-------- C:\Program Files\RogueRemover PRO
2008-04-03 15:00:56 0 d-------- C:\Program Files\Common Files\Download Manager
2008-04-03 14:50:28 0 d-------- C:\Documents and Settings\Sonny\Application Data\Malwarebytes
2008-04-03 14:50:23 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-03 14:50:22 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-03 14:16:01 0 d-------- C:\WINDOWS\ERUNT
2008-04-02 10:42:21 0 d--h----- C:\WINDOWS\PIF
2008-04-01 23:29:25 0 dr------- C:\Documents and Settings\NetworkService\Favorites
2008-04-01 23:21:43 60496 --a------ C:\WINDOWS\system32\drivers\Teefer.sys <Not Verified; Sygate Technologies, Inc.; Sygate Teefer Driver>
2008-04-01 23:21:42 21075 --a------ C:\WINDOWS\system32\drivers\wpsdrvnt.sys <Not Verified; Sygate Technologies, Inc.; wpsdrvnt>
2008-04-01 23:21:37 0 d-------- C:\Program Files\Sygate
2008-04-01 22:13:29 5700 --a------ C:\WINDOWS\system32\tmp.reg
2008-04-01 22:12:49 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-04-01 22:12:49 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-04-01 22:12:49 86528 --a------ C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-04-01 22:12:49 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-04-01 22:12:49 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2008-04-01 22:12:49 82432 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-04-01 22:12:49 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-03-31 19:50:47 0 d-------- C:\Documents and Settings\Sonny\Application Data\HouseCall 6.6
2008-03-31 10:02:26 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-31 09:43:46 0 d-------- C:\Program Files\Lavasoft
2008-03-31 09:43:46 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-03-31 09:29:27 0 d-------- C:\Documents and Settings\Sonny\Application Data\Grisoft
2008-03-31 09:17:51 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-30 22:40:07 0 d-------- C:\cmdcons
2008-03-30 21:43:29 0 d-------- C:\Documents and Settings\Administrator\Application Data\Talkback
2008-03-30 21:42:23 0 d-------- C:\Documents and Settings\Administrator\Application Data\Mozilla
2008-03-30 21:24:04 68096 --a------ C:\WINDOWS\system32\zip.exe
2008-03-30 21:24:04 98816 --a------ C:\WINDOWS\system32\sed.exe
2008-03-30 21:24:04 80412 --a------ C:\WINDOWS\system32\grep.exe
2008-03-30 21:24:04 73728 --a------ C:\WINDOWS\system32\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-03-30 21:01:07 0 d-------- C:\Documents and Settings\Administrator\Application Data\Grisoft
2008-03-30 21:00:05 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-03-30 20:51:58 0 d-------- C:\Program Files\Microsoft Windows OneCare Live
2008-03-30 20:50:01 0 d-------- C:\Documents and Settings\Administrator\Application Data\Adobe
2008-03-30 20:38:53 0 d-------- C:\Documents and Settings\Administrator\Application Data\Apple Computer
2008-03-30 20:00:53 0 d-------- C:\Documents and Settings\Phillip\Application Data\Apple Computer
2008-03-30 13:08:38 0 d-------- C:\Documents and Settings\Phillip\Application Data\Adobe
2008-03-30 13:07:52 0 d-------- C:\Documents and Settings\All Users\Application Data\ytzdlesd
2008-03-30 13:06:51 0 d--h----- C:\Documents and Settings\Phillip\Templates
2008-03-30 13:06:51 0 dr------- C:\Documents and Settings\Phillip\Start Menu
2008-03-30 13:06:51 0 dr-h----- C:\Documents and Settings\Phillip\SendTo
2008-03-30 13:06:51 0 dr-h----- C:\Documents and Settings\Phillip\Recent
2008-03-30 13:06:51 0 d--h----- C:\Documents and Settings\Phillip\PrintHood
2008-03-30 13:06:51 2359296 --ah----- C:\Documents and Settings\Phillip\NTUSER.DAT
2008-03-30 13:06:51 0 d--h----- C:\Documents and Settings\Phillip\NetHood
2008-03-30 13:06:51 0 dr------- C:\Documents and Settings\Phillip\My Documents
2008-03-30 13:06:51 0 d--h----- C:\Documents and Settings\Phillip\Local Settings
2008-03-30 13:06:51 0 dr------- C:\Documents and Settings\Phillip\Favorites
2008-03-30 13:06:51 0 d-------- C:\Documents and Settings\Phillip\Desktop
2008-03-30 13:06:51 0 d--hs---- C:\Documents and Settings\Phillip\Cookies
2008-03-30 13:06:51 0 dr-h----- C:\Documents and Settings\Phillip\Application Data
2008-03-30 13:06:51 0 d---s---- C:\Documents and Settings\Phillip\Application Data\Microsoft
2008-03-30 13:06:51 0 d-------- C:\Documents and Settings\Phillip\Application Data\Macromedia
2008-03-30 13:06:51 0 d-------- C:\Documents and Settings\Phillip\Application Data\Intuit
2008-03-30 13:06:51 0 d-------- C:\Documents and Settings\Phillip\Application Data\Identities
2008-03-30 10:25:52 0 d-------- C:\Documents and Settings\Michael\Application Data\Apple Computer
2008-03-30 09:42:33 0 d-------- C:\Documents and Settings\Michael\Application Data\Windows Live Writer
2008-03-29 13:31:40 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-03-29 13:18:10 0 d--h----- C:\WINDOWS\system32\GroupPolicy
2008-03-29 12:30:59 0 d--hs---- C:\Documents and Settings\NetworkService\Temporary Internet Files
2008-03-29 12:30:59 0 d--hs---- C:\Documents and Settings\NetworkService\History
2008-03-27 17:30:33 0 d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-03-27 17:25:43 0 d-------- C:\Documents and Settings\Sonny\Contacts
2008-03-27 13:52:19 0 d-------- C:\Program Files\Windows Live Toolbar
2008-03-27 13:52:18 0 d-------- C:\Program Files\Windows Live Favorites
2008-03-27 13:33:46 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-03-27 13:33:43 0 d-------- C:\Program Files\Windows Live
2008-03-27 13:33:33 0 d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-03-25 08:44:16 95236 --ah----- C:\WINDOWS\system32\mlfcache.dat
2008-03-24 19:48:53 0 d-------- C:\Documents and Settings\Michael\Application Data\Adobe
2008-03-24 19:48:51 0 d-------- C:\Program Files\Vongo
2008-03-24 19:47:43 0 d--h----- C:\Documents and Settings\Michael\Templates
2008-03-24 19:47:43 0 dr------- C:\Documents and Settings\Michael\Start Menu
2008-03-24 19:47:43 0 dr-h----- C:\Documents and Settings\Michael\SendTo
2008-03-24 19:47:43 0 dr-h----- C:\Documents and Settings\Michael\Recent
2008-03-24 19:47:43 0 d--h----- C:\Documents and Settings\Michael\PrintHood
2008-03-24 19:47:43 2621440 --ah----- C:\Documents and Settings\Michael\NTUSER.DAT
2008-03-24 19:47:43 0 d--h----- C:\Documents and Settings\Michael\NetHood
2008-03-24 19:47:43 0 dr------- C:\Documents and Settings\Michael\My Documents
2008-03-24 19:47:43 0 d--h----- C:\Documents and Settings\Michael\Local Settings
2008-03-24 19:47:43 0 dr------- C:\Documents and Settings\Michael\Favorites
2008-03-24 19:47:43 0 d-------- C:\Documents and Settings\Michael\Desktop
2008-03-24 19:47:43 0 d--hs---- C:\Documents and Settings\Michael\Cookies
2008-03-24 19:47:43 0 dr-h----- C:\Documents and Settings\Michael\Application Data
2008-03-24 19:47:43 0 d---s---- C:\Documents and Settings\Michael\Application Data\Microsoft
2008-03-24 19:47:43 0 d-------- C:\Documents and Settings\Michael\Application Data\Macromedia
2008-03-24 19:47:43 0 d-------- C:\Documents and Settings\Michael\Application Data\Intuit
2008-03-24 19:47:43 0 d-------- C:\Documents and Settings\Michael\Application Data\Identities
2008-03-24 13:47:32 0 d-------- C:\Program Files\Safari
2008-03-24 11:59:36 0 d-------- C:\Documents and Settings\Sonny\Application Data\Apple Computer
2008-03-24 11:59:27 0 d-------- C:\Program Files\iPod
2008-03-24 11:59:23 0 d-------- C:\Program Files\iTunes
2008-03-24 11:59:14 0 d-------- C:\Program Files\Bonjour
2008-03-24 11:58:51 0 d-------- C:\Program Files\QuickTime
2008-03-24 11:58:50 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-03-24 11:58:39 0 d-------- C:\Program Files\Apple Software Update
2008-03-24 11:58:28 0 d-------- C:\Program Files\Common Files\Apple
2008-03-24 11:58:28 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-03-22 18:47:07 0 d-------- C:\WINDOWS\system32\Futuremark
2008-03-20 18:49:23 1754 --a------ C:\Documents and Settings\Sonny\Application Data\SAS7_000.DAT
2008-03-20 18:24:46 0 -rahs---- C:\MSDOS.SYS
2008-03-20 18:24:46 0 -rahs---- C:\IO.SYS
2008-03-20 13:24:56 0 d-------- C:\Documents and Settings\Sonny\Application Data\Talkback
2008-03-20 13:24:33 0 --a------ C:\WINDOWS\nsreg.dat
2008-03-20 13:24:30 0 d-------- C:\Documents and Settings\Sonny\Application Data\Mozilla
2008-03-20 12:52:40 0 d-------- C:\WINDOWS\Sun
2008-03-20 12:52:40 0 d-------- C:\Documents and Settings\Sonny\Application Data\Sun
2008-03-20 12:17:52 0 d-------- C:\Documents and Settings\Sonny\Application Data\Nuance
2008-03-20 12:10:16 0 d-------- C:\Documents and Settings\All Users\Application Data\ScanSoft
2008-03-20 12:09:59 0 d-------- C:\Documents and Settings\All Users\Application Data\Nuance
2008-03-20 12:09:47 0 d-------- C:\Program Files\Nuance
2008-03-20 12:09:44 0 d-------- C:\WINDOWS\speech
2008-03-20 11:53:17 0 d-------- C:\Program Files\Business Plan Pro
2008-03-20 11:42:49 0 d-------- C:\Documents and Settings\Sonny\Application Data\bppenu11
2008-03-20 11:42:21 0 d-------- C:\Documents and Settings\All Users\Application Data\IsolatedStorage
2008-03-20 10:21:26 0 d-------- C:\Documents and Settings\All Users\Application Data\SlySoft
2008-03-20 10:16:57 0 d-------- C:\Program Files\SlySoft
2008-03-20 10:14:17 0 d--hs---- C:\Documents and Settings\Sonny\UserData
2008-03-19 17:21:36 0 d-------- C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
2008-03-19 17:06:19 1602 -----n--- C:\WINDOWS\hppmdl03.dat
2008-03-19 17:06:19 130885 --a------ C:\WINDOWS\hppins03.dat
2008-03-19 16:48:50 0 d-------- C:\hp_CLJ2605_Full_Solution
2008-03-19 14:54:27 0 d-------- C:\Program Files\MSECache
2008-03-19 13:09:39 0 d-------- C:\Program Files\Microsoft ActiveSync
2008-03-19 13:09:25 0 d-------- C:\Program Files\Microsoft Works
2008-03-19 13:08:49 0 d-------- C:\Program Files\Microsoft.NET
2008-03-19 12:31:30 0 d-------- C:\Documents and Settings\All Users\Application Data\Ahead
2008-03-19 12:30:29 0 d-------- C:\WINDOWS\system32\LogFiles
2008-03-19 12:29:45 0 d-------- C:\Documents and Settings\Sonny\Application Data\ScanSoft
2008-03-19 12:29:45 0 d-------- C:\Documents and Settings\All Users\Application Data\SSScanWizard
2008-03-19 12:29:45 0 d-------- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
2008-03-19 10:44:22 0 d-------- C:\Program Files\Microsoft SQL Server
2008-03-19 10:42:02 0 d-------- C:\Program Files\Microsoft Visual Studio .NET 2003
2008-03-19 10:41:54 0 d-------- C:\Program Files\Common Files\Crystal Decisions
2008-03-19 10:41:47 0 d-------- C:\Program Files\Microsoft Small Business
2008-03-19 10:37:49 0 d-------- C:\Program Files\Microsoft Silverlight
2008-03-19 10:30:59 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-03-19 09:41:02 0 d-------- C:\Program Files\Common Files\L&H
2008-03-19 09:40:22 0 d-------- C:\WINDOWS\SHELLNEW
2008-03-19 09:36:28 0 d-------- C:\MSOCache
2008-03-19 09:17:43 4980736 --a------ C:\Documents and Settings\Sonny\ntuser.dat
2008-03-19 09:17:04 106496 -----n--- C:\WINDOWS\system32\TwnLib20.dll <Not Verified; Pegasus Software; TWNLIB20>
2008-03-19 09:17:04 38912 -----n--- C:\WINDOWS\system32\picn20.dll <Not Verified; Pegasus Imaging Corp.; PEGASUS>
2008-03-19 09:17:04 544768 -----n--- C:\WINDOWS\system32\imagx5.dll <Not Verified; Pegasus Software, LLC; ImagXpress>
2008-03-19 09:17:04 569344 -----n--- C:\WINDOWS\system32\imagr5.dll <Not Verified; Pegasus Software,LLC; ImagXpress>
2008-03-19 09:17:02 0 d-------- C:\Program Files\Common Files\Ahead
2008-03-19 09:16:57 0 d-------- C:\Program Files\Ahead
2008-03-19 09:09:14 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2008-03-19 09:09:08 0 d-------- C:\Program Files\Common Files\Adobe
2008-03-19 08:27:00 0 d-------- C:\Program Files\MSBuild
2008-03-19 08:24:06 0 d-------- C:\WINDOWS\system32\XPSViewer
2008-03-19 08:23:49 0 d-------- C:\Program Files\Reference Assemblies
2008-03-19 08:23:06 0 d-------- C:\a5d6c84f27014db395fbf7bca7d0
2008-03-19 08:23:01 0 d-------- C:\Program Files\MSXML 6.0
2008-03-19 08:21:35 0 d-------- C:\WINDOWS\system32\drivers\UMDF
2008-03-19 07:53:29 0 d-------- C:\Program Files\Common Files\LightScribe
2008-03-19 07:49:38 0 d-------- C:\Documents and Settings\All Users\Application Data\LightScribe
2008-03-19 07:44:01 0 d-------- C:\Program Files\Canon
2008-03-19 07:42:31 0 d-------- C:\Program Files\Common Files\ScanSoft Shared
2008-03-19 07:42:17 0 d-------- C:\Program Files\ScanSoft
2008-03-19 07:39:57 0 d--h----- C:\CanoScan
2008-03-19 07:25:33 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-03-19 07:09:44 0 d-------- C:\Program Files\CA
2008-03-19 07:01:45 0 d-------- C:\WINDOWS\network diagnostic
2008-03-18 23:55:21 0 d-------- C:\Program Files\MSXML 4.0
2008-03-18 23:43:00 1560576 --a------ C:\WINDOWS\system32\BttnCmns_64.dll <Not Verified; Hewlett-Packard Company; Q Menu>
2008-03-18 23:42:50 0 d-------- C:\Documents and Settings\Sonny\Application Data\InstallShield
2008-03-18 23:41:26 90112 -----n--- C:\WINDOWS\system32\hpqnt.dll <Not Verified; Hewlett-Packard Development Company, L.P.; hpqnt Dynamic Link Library>
2008-03-18 23:40:46 0 d-------- C:\Program Files\NetWaiting
2008-03-18 23:39:43 0 d-------- C:\Program Files\DIFX
2008-03-18 23:39:41 192512 --a------ C:\WINDOWS\VimicroCam.exe <Not Verified; Vimicro Corporation; Update from DirectX 9.0 Sample>
2008-03-18 23:39:41 0 d-------- C:\WINDOWS\CatRoot
2008-03-18 23:39:40 73728 --a------ C:\WINDOWS\VMInstNT.exe
2008-03-18 23:39:40 40960 --a------ C:\WINDOWS\VM303UninstNT.exe
2008-03-18 23:39:31 0 d-------- C:\Program Files\HP 1.3MP Webcam
2008-03-18 23:37:42 0 d-------- C:\Program Files\Intel
2008-03-18 23:33:35 0 d-------- C:\Program Files\SpeedBit Video Accelerator
2008-03-18 23:26:52 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-18 23:26:46 50688 --a------ C:\WINDOWS\system32\wbhelp2.dll <Not Verified; Stardock.Net, Inc; WindowBlinds for Win32 x86 machines>
2008-03-18 23:26:45 0 d-------- C:\Program Files\DAP
2008-03-18 23:01:02 0 d-------- C:\Documents and Settings\Sonny\Application Data\Adobe
2008-03-18 22:05:42 0 d-------- C:\WINDOWS\pss
2008-03-18 22:04:58 0 d--hs---- C:\WINDOWS\CSC
2008-03-18 22:03:37 0 d-------- C:\WINDOWS\system32\PreInstall
2008-03-18 21:53:31 0 d-------- C:\Documents and Settings\Sonny\Application Data\HP
2008-03-18 21:33:04 0 d-------- C:\WINDOWS\system32\appmgmt
2008-03-18 21:29:46 0 d-------- C:\Program Files\HP Pavilion Webcam Demo
2008-03-18 21:29:24 102400 --a------ C:\WINDOWS\HPWebcam.exe <Not Verified; ; HPWebcam>
2008-03-18 21:29:24 53248 --a------ C:\WINDOWS\csnp2uvc.dll <Not Verified; ; InstallUtil>
2008-03-18 21:26:10 0 d--hs---- C:\Documents and Settings\Sonny\Temporary Internet Files
2008-03-18 21:26:10 0 d--hs---- C:\Documents and Settings\Sonny\History
2008-03-18 21:24:37 0 d--h----- C:\Documents and Settings\Sonny\Templates
2008-03-18 21:24:37 0 dr------- C:\Documents and Settings\Sonny\Start Menu
2008-03-18 21:24:37 0 dr-h----- C:\Documents and Settings\Sonny\SendTo
2008-03-18 21:24:37 0 d--h----- C:\Documents and Settings\Sonny\PrintHood
2008-03-18 21:24:37 0 d--h----- C:\Documents and Settings\Sonny\NetHood
2008-03-18 21:24:37 0 dr------- C:\Documents and Settings\Sonny\My Documents
2008-03-18 21:24:37 0 d--h----- C:\Documents and Settings\Sonny\Local Settings
2008-03-18 21:24:37 0 dr------- C:\Documents and Settings\Sonny\Favorites
2008-03-18 21:24:37 0 d-------- C:\Documents and Settings\Sonny\Desktop
2008-03-18 21:24:37 0 d--hs---- C:\Documents and Settings\Sonny\Cookies
2008-03-18 21:24:37 0 dr-h----- C:\Documents and Settings\Sonny\Application Data
2008-03-18 21:24:37 0 d-------- C:\Documents and Settings\Sonny\Application Data\Macromedia
2008-03-18 21:24:37 0 d-------- C:\Documents and Settings\Sonny\Application Data\Intuit
2008-03-18 21:24:37 0 d-------- C:\Documents and Settings\Sonny\Application Data\Identities
2008-03-18 21:23:28 262144 --a------ C:\Documents and Settings\All Users\NTUSER.DAT
2008-03-18 21:23:21 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2008-03-18 21:23:20 0 d-------- C:\Documents and Settings\Default User\Application Data\Macromedia
2008-03-18 21:23:20 0 d-------- C:\Documents and Settings\Default User\Application Data\Intuit
2008-03-18 21:23:20 0 d-------- C:\Documents and Settings\Default User\Application Data\Identities
2008-03-18 21:22:31 0 d-------- C:\WINDOWS\Prefetch
2008-03-18 20:40:10 0 d--hs---- C:\System Volume Information


-- Find3M Report ---------------------------------------------------------------

2008-04-03 15:00:56 0 d-------- C:\Program Files\Common Files
2008-03-29 12:37:19 0 d-------- C:\Program Files\GemMaster
2008-03-26 17:00:13 0 d-------- C:\Program Files\Hewlett-Packard
2008-03-20 11:54:09 10750996 --a------ C:\Documents and Settings\Sonny\Application Data\bppenu11.log
2008-03-20 11:53:47 0 d-------- C:\Program Files\Common Files\Palo Alto Software
2008-03-19 17:22:44 0 d-------- C:\Program Files\HP
2008-03-19 12:30:40 0 d-------- C:\Program Files\Windows Media Connect 2
2008-03-19 12:25:31 0 d-------- C:\Program Files\CONEXANT
2008-03-19 07:44:01 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-03-19 00:00:13 0 d-------- C:\Program Files\Messenger
2008-03-18 23:38:09 0 d-------- C:\Program Files\HPQ
2008-03-18 22:04:45 0 d-------- C:\Program Files\Symantec
2008-03-18 22:04:45 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-03-18 21:40:58 0 d-------- C:\Program Files\Java
2008-03-18 20:56:36 0 d-------- C:\Program Files\Yahoo!
2008-03-18 20:56:33 0 d-------- C:\Program Files\Windows Plus
2008-03-18 20:56:30 0 d-------- C:\Program Files\Windows NT
2008-03-18 20:56:29 0 d-------- C:\Program Files\WildTangent
2008-03-18 20:56:21 0 d-------- C:\Program Files\Synaptics
2008-03-18 20:56:19 0 d-------- C:\Program Files\Sonic
2008-03-18 20:55:41 0 d-------- C:\Program Files\RGB
2008-03-18 20:55:41 0 d-------- C:\Program Files\Quickensetup
2008-03-18 20:55:29 0 d-------- C:\Program Files\Quicken
2008-03-18 20:53:54 0 d-------- C:\Program Files\Netscape
2008-03-18 20:53:39 0 d-------- C:\Program Files\muvee Technologies
2008-03-18 20:53:39 0 d-------- C:\Program Files\music_now
2008-03-18 20:53:38 0 d-------- C:\Program Files\MSN Gaming Zone
2008-03-18 20:53:36 0 d-------- C:\Program Files\Movie Maker
2008-03-18 20:53:03 0 d-------- C:\Program Files\Microsoft Office Trial Wizard
2008-03-18 20:52:28 0 d-------- C:\Program Files\microsoft frontpage
2008-03-18 20:52:04 0 d-------- C:\Program Files\HP Rhapsody
2008-03-18 20:51:57 0 d-------- C:\Program Files\HP Games
2008-03-18 20:47:32 0 d-------- C:\Program Files\EnglishOtto
2008-03-18 20:47:29 0 d-------- C:\Program Files\Encarta Online
2008-03-18 20:47:29 0 d-------- C:\Program Files\DivX
2008-03-18 20:47:28 0 d-------- C:\Program Files\Common Files\TiVo Shared
2008-03-18 20:47:04 0 d-------- C:\Program Files\Common Files\SureThing Shared
2008-03-18 20:47:03 0 d-------- C:\Program Files\Common Files\SpeechEngines
2008-03-18 20:47:03 0 d-------- C:\Program Files\Common Files\Sonic Shared
2008-03-18 20:46:59 0 d-------- C:\Program Files\Common Files\ODBC
2008-03-18 20:46:59 0 d-------- C:\Program Files\Common Files\muvee Technologies
2008-03-18 20:46:49 0 d-------- C:\Program Files\Common Files\MSSoap
2008-03-18 20:46:27 0 d-------- C:\Program Files\Common Files\Java
2008-03-18 20:46:27 0 d-------- C:\Program Files\Common Files\Intuit
2008-03-18 20:46:26 0 d-------- C:\Program Files\Common Files\InstallShield
2008-03-18 20:46:22 0 d-------- C:\Program Files\Common Files\HP
2008-02-01 11:11:10 586240 --a------ C:\WINDOWS\WLXPGSS.SCR <Not Verified; Microsoft Corporation; Windows Live Photo Gallery>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4f3ed5cd-0726-42a9-87f5-d13f3d2976ac}]
12/17/2007 11:12 AM 56360 --a------ C:\Program Files\Windows Live\Family Safety\fssbho.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsmqIntCert"="regsvr32 /s mqrt.dll" []
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [07/26/2006 10:44 PM C:\WINDOWS\system32\CHDAudPropShortcut.exe]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [07/19/2006 03:14 PM]
"RecGuard"="C:\Windows\SMINST\RecGuard.exe" [10/11/2005 10:23 AM]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [10/12/2005 01:30 PM]
"SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [09/14/2007 08:29 PM]
"Realtime Monitor"="C:\PROGRA~1\CA\ETRUST~1\realmon.exe" [04/06/2004 05:14 PM]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [04/10/2008 07:44 AM]
"SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [10/15/2004 07:40 PM]
"SpybotSnD"="C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" [01/28/2008 11:43 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RogueMonitor"="C:\Program Files\RogueRemover PRO\RogueRemoverPRO.exe" [02/24/2008 03:09 PM]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [01/28/2008 11:43 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Service Manager.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk
backup=C:\WINDOWS\pss\Service Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Sonny^Start Menu^Programs^StartUp^Dragon NaturallySpeaking.lnk]
path=C:\Documents and Settings\Sonny\Start Menu\Programs\StartUp\Dragon NaturallySpeaking.lnk
backup=C:\WINDOWS\pss\Dragon NaturallySpeaking.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cpqset]
C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadAccelerator]
"C:\Program Files\DAP\DAP.EXE" /STARTUP

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fssui]
"C:\Program Files\Windows Live\Family Safety\fssui.exe" -autorun

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
"C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
"C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /installquiet /nodetect

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Omnipage]
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl.exe]
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\QTTask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ToolBoxFX]
"C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe" /enum:on /alerts:on /notifications:on /systrayIcon:on /fl:on /fr:on /appData:on

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
C:\Program Files\Windows Media Player\WMPNSCFG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt hpqcxs08 hpqddsvc


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{02dd9d7d-f56b-11dc-8a4a-806d6172696f}]
AutoRun\command- F:\SETUP.EXE /AUTORUN
configure\command- F:\SETUP.EXE
install\command- F:\SETUP.EXE




-- Hosts -----------------------------------------------------------------------

127.0.0.1 .supercocklol.com
127.0.0.1 www..webloyalty.com
127.0.0.1 007guard.com
127.0.0.1 www.007guard.com
127.0.0.1 008i.com
127.0.0.1 008k.com
127.0.0.1 www.008k.com
127.0.0.1 00hq.com
127.0.0.1 www.00hq.com
127.0.0.1 010402.com

7456 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-04-10 11:40:06 ------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Core™2 CPU T5500 @ 1.66GHz
CPU 1: Intel® Core™2 CPU T5500 @ 1.66GHz
Percentage of Memory in Use: 28%
Physical Memory (total/avail): 2045.98 MiB / 1454.95 MiB
Pagefile Memory (total/avail): 3937.37 MiB / 3437.2 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1918.91 MiB

A: is Removable (FAT)
C: is Fixed (NTFS) - 62.01 GiB total, 17.1 GiB free.
D: is Fixed (NTFS) - 74.53 GiB total, 32.94 GiB free.
E: is Fixed (FAT32) - 11.48 GiB total, 1.17 GiB free.
F: is Removable (FAT)

\\.\PHYSICALDRIVE0 - ST98823AS - 74.53 GiB - 3 partitions
\PARTITION0 (bootable) - Installable File System - 62.01 GiB - C:
\PARTITION1 - Unknown - 11.51 GiB - E:
\PARTITION2 - Unknown - 1027.6 MiB

\\.\PHYSICALDRIVE1 - ST98823AS - 74.53 GiB - 1 partition
\PARTITION0 - Installable File System - 74.53 GiB - D:

\\.\PHYSICALDRIVE2 - - 7.84 MiB - partitions
\PARTITION0 - MS-DOS V4 Huge - 238.45 MiB



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.

FW: Sygate Personal Firewall v4.6 (Sygate Technologies, Inc.)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\WINDOWS\\system32\\mqsvc.exe"="C:\\WINDOWS\\system32\\mqsvc.exe:*:Enabled:Message Queuing"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
""=""
"C:\\Program Files\\Vongo\\VongoService.exe"="C:\\Program Files\\Vongo\\VongoService.exe:*:enabled:VongoService"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\WINDOWS\\system32\\mqsvc.exe"="C:\\WINDOWS\\system32\\mqsvc.exe:*:Enabled:Message Queuing"
"C:\\Program Files\\SpeedBit Video Accelerator\\VideoAccelerator.exe"="C:\\Program Files\\SpeedBit Video Accelerator\\VideoAccelerator.exe:*:Enabled:VideoAccelerator"
"C:\\Program Files\\SpeedBit Video Accelerator\\VideoAcceleratorEngine.exe"="C:\\Program Files\\SpeedBit Video Accelerator\\VideoAcceleratorEngine.exe:*:Enabled:VideoAcceleratorService"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\DAP\\DAP.exe"="C:\\Program Files\\DAP\\DAP.exe:*:Enabled:Download Accelerator Plus (DAP)"
"C:\\hp_CLJ2605_Full_Solution\\setup\\hppniprint01.exe"="C:\\hp_CLJ2605_Full_Solution\\setup\\hppniprint01.exe:*:Enabled:hppniprint01.exe"
"C:\\hp_CLJ2605_Full_Solution\\setup\\hppniprint64.exe"="C:\\hp_CLJ2605_Full_Solution\\setup\\hppniprint64.exe:*:Enabled:hppniprint64.exe"
"C:\\hp_CLJ2605_Full_Solution\\setup\\hppnicifs01.exe"="C:\\hp_CLJ2605_Full_Solution\\setup\\hppnicifs01.exe:*:Enabled:hppnicifs01.exe"
"C:\\hp_CLJ2605_Full_Solution\\setup\\hpntwkexe.exe"="C:\\hp_CLJ2605_Full_Solution\\setup\\hpntwkexe.exe:*:Enabled:hpntwkexe.exe"
"C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS\\system32\\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Sonny\Application Data
AVENGINE=C:\PROGRA~1\CA\SHARED~1\SCANEN~1
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=HPPAVLNDV9035NR
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Sonny
INOCULAN=C:\PROGRA~1\CA\ETRUST~1
LOGONSERVER=\\HPPAVLNDV9035NR
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\PROGRA~1\CA\SHARED~1\SCANEN~1;C:\PROGRA~1\CA\ETRUST~1;C:\Program Files\Microsoft SQL Server\80\Tools\Binn;C:\Program Files\QuickTime\QTSystem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PCTYPE=PAVILION
PLATFORM=MCD
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 6, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f06
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
SESSIONNAME=Console
SonicCentral=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Sonny\LOCALS~1\Temp
TMP=C:\DOCUME~1\Sonny\LOCALS~1\Temp
USERDOMAIN=HPPAVLNDV9035NR
USERNAME=Sonny
USERPROFILE=C:\Documents and Settings\Sonny
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Sonny (admin)
Michael (admin)
Phillip (new local)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program Files\HP Games\Bejeweled 2 Deluxe\Uninstall.exe"
--> "C:\Program Files\HP Games\Bistro Stars\Uninstall.exe"
--> "C:\Program Files\HP Games\Blackhawk Striker 2\Uninstall.exe"
--> "C:\Program Files\HP Games\Blasterball 2 Remix\Uninstall.exe"
--> "C:\Program Files\HP Games\Blasterball 2 Revolution\Uninstall.exe"
--> "C:\Program Files\HP Games\Bookworm Deluxe\Uninstall.exe"
--> "C:\Program Files\HP Games\Bounce Symphony\Uninstall.exe"
--> "C:\Program Files\HP Games\Cake Mania\Uninstall.exe"
--> "C:\Program Files\HP Games\Chuzzle Deluxe\Uninstall.exe"
--> "C:\Program Files\HP Games\Diner Dash 2\Uninstall.exe"
--> "C:\Program Files\HP Games\Dora's Carnival Adventure\Uninstall.exe"
--> "C:\Program Files\HP Games\Family Feud\Uninstall.exe"
--> "C:\Program Files\HP Games\FATE\Uninstall.exe"
--> "C:\Program Files\HP Games\Garden Dreams\Uninstall.exe"
--> "C:\Program Files\HP Games\Insaniquarium Deluxe\Uninstall.exe"
--> "C:\Program Files\HP Games\JEOPARDY\Uninstall.exe"
--> "C:\Program Files\HP Games\Jewel Quest\Uninstall.exe"
--> "C:\Program Files\HP Games\LEGO Builder Bots\Uninstall.exe"
--> "C:\Program Files\HP Games\Mah Jong Quest\Uninstall.exe"
--> "C:\Program Files\HP Games\Mystery Case Files\Uninstall.exe"
--> "C:\Program Files\HP Games\Penguins!\Uninstall.exe"
--> "C:\Program Files\HP Games\Polar Bowler\Uninstall.exe"
--> "C:\Program Files\HP Games\Polar Golfer\Uninstall.exe"
--> "C:\Program Files\HP Games\SCRABBLE\Uninstall.exe"
--> "C:\Program Files\HP Games\Slingo Deluxe\Uninstall.exe"
--> "C:\Program Files\HP Games\Snowy Space Trip\Uninstall.exe"
--> "C:\Program Files\HP Games\SpongeBob SquarePants Krabby Quest\Uninstall.exe"
--> "C:\Program Files\HP Games\Super Granny\Uninstall.exe"
--> "C:\Program Files\HP Games\Tinos Fruit Stand\Uninstall.exe"
--> "C:\Program Files\HP Games\Tradewinds\Uninstall.exe"
--> "C:\Program Files\HP Games\Wheel of Fortune\Uninstall.exe"
--> "C:\Program Files\WildTangent\Apps\My HP Game Console\Uninstall.exe"
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{939F8208-C8CE-4AFF-B7BA-ACEB2E74A6CB}\Setup.exe"
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E47302B-8081-46D3-9FEA-BEB2E5F5C3EC}\setup.exe" -l0x9 anything
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
AnyDVD --> "C:\Program Files\SlySoft\AnyDVD\AnyDVD-uninst.exe" /D="C:\Program Files\SlySoft\AnyDVD"
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
Bonjour --> MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
Business Plan Pro 11.0 --> MsiExec.exe /X{636F1FCC-6A9C-46A3-BD35-F2446A281A0B}
CA eTrust Antivirus --> MsiExec.exe /X{99747F0D-D4F8-4877-9CA0-4AE96D963633}
Canon CanoScan Toolbox 4.1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BCE46757-7674-4416-BEDB-68205A60409E}\setup.exe" -l0x9 anything
Compatibility Pack for the 2007 Office system --> MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Conexant HD Audio --> C:\Program Files\CONEXANT\CNXT_HDAUDIO\HXFSETUP.EXE -U -IAt8VEN5a.inf
Customer Experience Enhancement --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{23012310-3E05-46A5-88A9-C6CBCABCAC79} /l1033
DivX --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
Download Accelerator Plus (DAP) --> C:\PROGRA~1\DAP\DAPREMOVE.EXE
Dragon NaturallySpeaking 9 --> MsiExec.exe /I{DDDD90B2-80F2-413A-8A8E-38C5076A7DBA}
getPlus®_ocx --> rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\inf\GETPLUSo.INF, DefaultUninstall
HDAUDIO Soft Data Fax Modem with SmartCP --> C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VENICE_HSF\UIU32m.exe -U -IwqcVen5m.inf
Highlight Viewer (Windows Live Toolbar) --> MsiExec.exe /X{A5C4AD72-25FE-4899-B6DF-6D8DF63C93CF}
HijackThis 2.0.2 --> "C:\Documents and Settings\Sonny\Desktop\Utilities\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
HouseCall 6.6 --> "C:\Documents and Settings\Sonny\Application Data\HouseCall 6.6\uninstaller.exe"
HP BatteryCheck 1.00 A7 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{69DAC00A-7665-4E9B-B441-093D40736429}\setup.exe" -l0x9 -removeonly uninst
HP Color LaserJet 2605 2.0 --> C:\Program Files\HP\Digital Imaging\{4E59AA98-3EF3-47A3-9DEA-6B37F00C901F}\setup\hpzscr01.exe -datfile hppscr02.dat -onestop -forcereboot
HP Customer Participation Program 8.0 --> C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Help and Support --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}\setup.exe" -l0x9 -removeonly
HP Imaging Device Functions 8.0 --> C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Pavilion Webcam --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}\Setup.exe" -l0x9 -u
HP Pavilion Webcam Demo --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EC397D90-720E-426D-B381-0A10C6FD5A49}\setup.exe" -l0x9 -removeonly
HP Photosmart Premier Software 6.0 --> C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Product Detection --> MsiExec.exe /X{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}
HP Quick Launch Buttons 6.30 J1 --> C:\Program Files\InstallShield Installation Information\{34D2AB40-150D-475D-AE32-BD23FB5EE355}\Setup.exe -runfromtemp -l0x0009 -removeonly uninst
HP QuickPlay 2.3 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45D707E9-F3C4-11D9-A373-0050BAE317E1}\setup.exe" -uninstall
HP Rhapsody --> C:\PROGRA~1\HPRHAP~1\Unwise32.exe /A C:\PROGRA~1\HPRHAP~1\install.log
HP Solution Center 8.0 --> C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Update --> MsiExec.exe /X{8C6027FD-53DC-446D-BB75-CACD7028A134}
HP User Guides 0036 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C4180B60-0239-48DE-89EF-2CE4C3650A71}\Setup.exe" -l0x9 -removeonly
HP Webcam --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B2BC4969-2DE3-499A-9A3D-1B7C34ED12C3}\setup.exe" -l0x9 -removeonly
HP Wireless Assistant --> MsiExec.exe /I{CBAE4F50-9FC9-4557-AB36-9826DF3C103C}
ieSpell --> "C:\Program Files\ieSpell\uninst.exe"
Intel Matrix Storage Manager --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}\Setup.exe" -l0409 -INTELUNINST
Intel® PRO Network Connections Drivers --> Prounstl.exe
iTunes --> MsiExec.exe /I{80FD852F-5AAC-4129-B931-06AAFFA43138}
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Kaspersky Online Scanner --> C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
LightScribe System Software 1.12.33.2 --> MsiExec.exe /X{582287DA-0806-4AC0-BF19-C15E3A466034}
Macromedia Flash Player 8 --> C:\WINDOWS\system32\Macromed\Flash\UninstFl.exe
Macromedia Flash Player 8 --> MsiExec.exe /X{6815FCDD-401D-481E-BA88-31B4754C2B46}
Macromedia Shockwave Player --> MsiExec.exe /X{838A1BC9-95CA-4880-9BE3-2A7D23600A2B}
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Malwarebytes' RogueRemover PRO --> "C:\Program Files\RogueRemover PRO\unins000.exe"
Map Button (Windows Live Toolbar) --> MsiExec.exe /X{7745B7A9-F323-4BB9-9811-01BF57A028DA}
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 --> "C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft Office Outlook 2003 with Business Contact Manager Update --> MsiExec.exe /I{BA68600E-96D9-4E92-80F2-26B9681B5A63}
Microsoft Office Small Business Edition 2003 --> MsiExec.exe /I{91CA0409-6000-11D3-8CFE-0150048383C9}
Microsoft Silverlight --> MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU] --> MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft SQL Server Desktop Engine (MICROSOFTSMLBIZ) --> MsiExec.exe /X{E09B48B5-E141-427A-AB0C-D3605127224A}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Mozilla Firefox (2.0.0.13) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
muvee autoProducer 5.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB09F05F-85C6-4205-B28D-5BF071D276C3}\setup.exe" -l0x9
My HP Games --> "C:\Program Files\HP Games\Uninstall.exe"
NeroVision Express --> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
NetWaiting --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
Office 2003 Trial Assistant --> MsiExec.exe /I{47D2103B-FD51-4017-9C20-DD408B17D726}
OmniPage SE --> MsiExec.exe /I{6249C22D-E6A8-407B-BA8B-40298848ED94}
Otto --> "C:\Program Files\EnglishOtto\uninstallotto.exe"
Quicken 2006 --> MsiExec.exe /X{2818095F-FB6C-42C8-827E-0A406CC9AFF5}
QuickTime --> MsiExec.exe /I{BFD96B89-B769-4CD6-B11E-E79FFD46F067}
Safari --> MsiExec.exe /X{0AFC9710-5DD6-4C6A-BA52-91AE992B2C9D}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Smart Menus (Windows Live Toolbar) --> MsiExec.exe /X{F084395C-40FB-4DB3-981C-B51E74E1E83D}
Sonic Audio Module --> MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Sonic Copy Module --> MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Sonic Data Module --> MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Sonic Express Labeler --> MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Sonic MyDVD Plus --> MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
Sonic Update Manager --> MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
SonicAC3Encoder --> MsiExec.exe /I{52FBAE98-D389-4281-8C14-21B4046CCB4E}
SonicMPEGEncoder --> MsiExec.exe /I{B16AF568-A644-483C-A6DA-5028CD019C8C}
SpeedBit Video Accelerator --> C:\PROGRA~1\SPEEDB~1\UNWISE.EXE C:\PROGRA~1\SPEEDB~1\INSTALL.LOG
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Sygate Personal Firewall --> MsiExec.exe /I{F34D9A5F-484A-4E31-A9D3-908CB265B289}
Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
SyncToy --> MsiExec.exe /I{B5688129-7595-4E5B-9990-CEF981A31264}
TourSetup --> MsiExec.exe /I{A01FC76F-CC09-4658-9E37-5C2F635EE708}
Tweaking Toolbox XP --> "C:\Program Files\Tweaking Toolbox XP 2\unins000.exe"
Update Rollup 2 for Windows XP Media Center Edition 2005 -->
Vongo --> MsiExec.exe /I{DB7E00C9-6DEF-489A-8112-D8F81614F45A}
Windows Driver Package - usbvm326 (usbvm328) Image (10/12/2006 326.1.061012.25) --> C:\PROGRA~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\DPInst.exe /d /u C:\WINDOWS\system32\DRVSTORE\usbvm326_49CA82027FB353A22BAC4204862D30BB8A51CBB7\usbvm326.inf
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live Favorites for Windows Live Toolbar --> MsiExec.exe /X{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}
Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Mail --> MsiExec.exe /I{184E7118-0295-43C4-B72C-1D54AA75AAF7}
Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live OneCare Family Safety --> MsiExec.exe /X{3403CB31-D7C1-43F4-9D2F-579758C0CF09}
Windows Live Photo Gallery --> MsiExec.exe /X{2D4F6BE3-6FEF-4FE9-9D01-1406B220D08C}
Windows Live Sign-in Assistant --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Live Toolbar --> "C:\Program Files\Windows Live Toolbar\UnInstall.exe" {D5A145FC-D00C-4F1A-9119-EB4D9D659750}
Windows Live Toolbar --> MsiExec.exe /X{D5A145FC-D00C-4F1A-9119-EB4D9D659750}
Windows Live Toolbar Extension (Windows Live Toolbar) --> MsiExec.exe /X{341201D4-4F61-4ADB-987E-9CCE4D83A58D}
Windows Live Writer --> MsiExec.exe /X{9176251A-4CC1-4DDB-B343-B487195EB397}
Windows Media Connect --> "C:\WINDOWS\$NtUninstallWMCSetup$\spuninst\spuninst.exe"
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Presentation Foundation --> MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows XP Media Center Edition 2005 KB925766 --> "C:\WINDOWS\$NtUninstallKB925766$\spuninst\spuninst.exe"
Wireless Home Network Setup --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{09D8492A-C8E2-421E-927D-46800FB327A3}\setup.exe" -l0x9 -removeonly
XML Paper Specification Shared Components Pack 1.0 -->


-- Application Event Log -------------------------------------------------------

Event Record #/Type1844 / Error
Event Submitted/Written: 04/10/2008 11:40:02 AM
Event ID/Source: 4126 / Ci
Event Description:
Cleaning up corrupt content index metadata on c:\system volume information\catalog.wci. Index will
be automatically restored by refiltering all documents.

Event Record #/Type1843 / Error
Event Submitted/Written: 04/10/2008 11:40:02 AM
Event ID/Source: 4124 / Ci
Event Description:
Content index on c:\system volume information\catalog.wci is corrupt. Please shutdown and restart
the Indexing Service (cisvc).

Event Record #/Type1842 / Warning
Event Submitted/Written: 04/10/2008 11:40:02 AM
Event ID/Source: 4132 / Ci
Event Description:
1 inconsistencies were detected in PropertyStore during recovery of catalog c:\system volume information\catalog.wci.

Event Record #/Type1835 / Warning
Event Submitted/Written: 04/10/2008 11:33:35 AM
Event ID/Source: 19011 / MSSQL$MICROSOFTSMLBIZ
Event Description:
(SpnRegister) : Error 1355

Event Record #/Type1677 / Warning
Event Submitted/Written: 04/10/2008 07:37:46 AM
Event ID/Source: 19011 / MSSQL$MICROSOFTSMLBIZ
Event Description:
(SpnRegister) : Error 1355



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type2749 / Error
Event Submitted/Written: 04/10/2008 11:30:20 AM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Event Record #/Type2748 / Error
Event Submitted/Written: 04/10/2008 11:26:32 AM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Event Record #/Type2747 / Error
Event Submitted/Written: 04/10/2008 11:26:32 AM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Event Record #/Type2744 / Error
Event Submitted/Written: 04/10/2008 11:26:06 AM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
AVG Anti-Spyware Driver
ElbyCDIO
Fips
intelppm

Event Record #/Type2743 / Error
Event Submitted/Written: 04/10/2008 11:26:06 AM
Event ID/Source: 7001 / Service Control Manager
Event Description:
The Message Queuing Triggers service depends on the Message Queuing service which failed to start because of the following error:
%%1068



-- End of Deckard's System Scanner: finished at 2008-04-10 11:40:06 ------------

#5 Rawe

Rawe

  • Members
  • 2,363 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:12:16 PM

Posted 10 April 2008 - 02:02 PM

The log is looking pretty good. :thumbsup:

Let's check a bit further.

Please copy the following text in the quotebox below to a blank notepad file. Make sure the filetype is set to "All Files" and save it as delete.bat on your desktop.

@echo off

RD /s /q "C:\Documents and Settings\All Users\Application Data\hujwdmrq"
del delete.bat
exit

Now double-click on the delete.bat on your desktop -- a window will popup and close, this is normal.

------

Please download Malwarebytes' Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Double-click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • If you have trouble with the update process, please download the latest updates here.
  • Double-click the mbam-rules.exe file on your desktop and let it update the application.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to restart. (see extra note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Please copy and paste the entire report in your next reply. :blink:
Extra note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
Hi there, stranger!

#6 Sonny Martin

Sonny Martin
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:16 AM

Posted 10 April 2008 - 03:59 PM

Here we go:
Malwarebytes' Anti-Malware 1.11
Database version: 610

Scan type: Quick Scan
Objects scanned: 34407
Time elapsed: 4 minute(s), 25 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#7 Rawe

Rawe

  • Members
  • 2,363 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:12:16 PM

Posted 10 April 2008 - 04:05 PM

Does everything seem to be running fine? :thumbsup:
Hi there, stranger!

#8 Sonny Martin

Sonny Martin
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:16 AM

Posted 10 April 2008 - 05:49 PM

It does, thank you very much!

Do you have any suggestions of preventative steps that can be taken to keep these things from getting into my computer? I use a Netgear ProSafe VPN Firewall to provide hardware protection and now I've installed Sygate for a software Firewall. Ive also installed and run CA Antivirus, AVG Anti-Spyware, Spybot, and RogueRemover Pro. Are these worth the resources and/or are there better choices?

Are there any settings in Windows XP Professional or any of the other software that you are aware would enhance the sfety of the computer?

Thanking you in advance,
Sonny

#9 Rawe

Rawe

  • Members
  • 2,363 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:12:16 PM

Posted 11 April 2008 - 02:02 AM

Uninstall the following version of Java just clear up some memory.. You already have 6.0 update 5. :thumbsup:

Start -> Run -> Add/Remove Programs list:

J2SE Runtime Environment 5.0 Update 6

Please download OTCleanIt and save it to desktop.
  • Double-click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to reboot during the cleanup, select YES.
  • The tool will delete itself once it finishes, if not delete it by yourself.
Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.

Stand Up and Be Counted ---> Malware Complaints <--- where you can make difference!

The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware.

Here's some tips for future to prevent spyware:

Detect and Remove Programs:Prevention Programs:
  • Comodo BOClean <= Stop identity thieves from getting personal information. Instantly detects well over 1,000,000 unique, variant and repack malware in total. And it's free.
  • SpywareBlaster <= SpywareBlaster will prevent spyware from being installed. Detailed installation guide provided.
  • MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well known adsites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer.
Other necessary Programs:
  • More Secure Browser <= Internet Explorer is not the most secure and best browser. There are safer and better alternatives available. I recommend Firefox.
And also see TonyKlein's good advice:
So how did I get infected in the first place?
Hi there, stranger!

#10 Rawe

Rawe

  • Members
  • 2,363 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:12:16 PM

Posted 14 April 2008 - 02:52 PM

Since this issue appears to be resolved, this topic has been closed. :thumbsup:
Should another issue arise, feel free to start a new topic.
Hi there, stranger!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users