Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infested Pc


  • This topic is locked This topic is locked
4 replies to this topic

#1 bigjosh33

bigjosh33

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:12 AM

Posted 07 April 2008 - 01:11 PM

I got a new pc last week and it's already got some malware on it. I've been running pc cillin trial that came with the dell. It's the same two or three popups everytime, about 5 min apart. Already tried adaware, superantivirus, and spybot, to no success. Any help would greatly appreciated. Here is my hijackthis file:Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:57:54 PM, on 4/7/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\ProgramData\rwphwqdk\ngryjgny.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Windows\system32\igfxsrvc.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [CollaborationHost] C:\Windows\system32\p2phost.exe -s
O4 - HKCU\..\Run: [vekdfrbq] C:\ProgramData\vekdfrbq\qlkpqdot.exe
O4 - HKCU\..\Run: [rwphwqdk] C:\ProgramData\rwphwqdk\ngryjgny.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {15589FA1-C456-11CE-BF01-00AA0055595A} - http://w4s2.work4sure.com/c/ge/w4sgeen9.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 7587 bytesDeckard's System Scanner v20071014.68
Run by josh on 2008-04-07 14:33:33
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- Last 5 Restore Point(s) --
12: 2008-04-07 14:52:57 UTC - RP45 - Scheduled Checkpoint
11: 2008-04-06 19:06:18 UTC - RP44 - Installed SUPERAntiSpyware Free Edition
10: 2008-04-06 14:38:11 UTC - RP43 - Installed WarRock
9: 2008-04-06 07:15:44 UTC - RP41 - Installed Ad-Aware 2007
8: 2008-04-05 04:33:41 UTC - RP40 - Scheduled Checkpoint


-- First Restore Point --
1: 2008-03-29 04:00:04 UTC - RP32 - Scheduled Checkpoint


Backed up registry hives.
Performed disk cleanup.

Percentage of Memory in Use: 78% (more than 75%).
Total Physical Memory: 1013 MiB (1024 MiB recommended).


-- HijackThis (run as josh.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:34:16 PM, on 4/7/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\ProgramData\rwphwqdk\ngryjgny.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Windows\system32\igfxsrvc.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Users\josh\Downloads\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\josh.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [CollaborationHost] C:\Windows\system32\p2phost.exe -s
O4 - HKCU\..\Run: [vekdfrbq] C:\ProgramData\vekdfrbq\qlkpqdot.exe
O4 - HKCU\..\Run: [rwphwqdk] C:\ProgramData\rwphwqdk\ngryjgny.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {15589FA1-C456-11CE-BF01-00AA0055595A} - http://w4s2.work4sure.com/c/ge/w4sgeen9.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 7771 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R3 pgfilter - \??\c:\program files\peerguardian2\pgfilter.sys
R3 SASENUM - \??\c:\program files\superantispyware\sasenum.sys


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S3 AresChatServer (Ares Chatroom server) - c:\program files\ares\chatserver.exe <Not Verified; Ares Development Group; Ares Chat Server>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Files created between 2008-03-07 and 2008-04-07 -----------------------------

2008-04-06 15:07:40 0 d-------- C:\Users\All Users\SUPERAntiSpyware.com
2008-04-06 15:07:06 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-04-06 14:55:54 0 d-------- C:\Users\All Users\Yahoo! Companion
2008-04-06 11:05:56 0 d-------- C:\Program Files\Yahoo!
2008-04-06 11:05:49 0 d-------- C:\Program Files\CCleaner
2008-04-06 11:01:58 0 d-------- C:\Users\All Users\rwphwqdk
2008-04-06 10:39:49 0 d-------- C:\Program Files\WarRock
2008-04-06 10:20:50 0 d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-04-06 03:16:29 0 d-------- C:\Users\All Users\Lavasoft
2008-04-06 03:16:29 0 d-------- C:\Program Files\Lavasoft
2008-04-05 17:59:59 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-05 14:14:05 0 d-------- C:\Users\josh\Desktopvirii
2008-04-05 14:14:05 4096 --a------ C:\Users\josh\DesktopFWebdEditor.exe
2008-04-05 14:14:05 4096 --a------ C:\Users\josh\Desktopfwebd.exe
2008-04-05 14:14:05 4096 --a------ C:\Users\josh\Desktopfilemanagerclient.exe
2008-04-05 14:13:55 0 d-------- C:\Users\All Users\ojqxmbun
2008-04-05 14:13:52 0 d-------- C:\Users\All Users\vekdfrbq
2008-04-03 14:32:55 0 d-------- C:\Program Files\DivX
2008-04-03 12:23:30 17408 --a------ C:\Windows\Shortcut.exe
2008-04-03 12:23:30 0 d-------- C:\Program Files\RAM Idle LE
2008-04-03 01:08:57 0 d-------- C:\Program Files\Common Files\Adobe
2008-03-30 20:20:45 0 d-------- C:\Windows\Simpsons Jeopardy!
2008-03-30 20:20:45 0 d-------- C:\Program Files\Simpsons Jeopardy!
2008-03-30 07:22:16 0 d-------- C:\Program Files\Ares
2008-03-29 21:18:45 0 d-------- C:\Program Files\Activision
2008-03-29 12:32:06 0 d-------- C:\Users\All Users\OrbNetworks
2008-03-29 12:32:02 0 d-------- C:\Program Files\Orb Networks
2008-03-28 11:25:09 0 d-------- C:\Program Files\Common Files\xing shared
2008-03-28 11:24:50 0 d-------- C:\Program Files\Real
2008-03-28 11:24:45 0 d-------- C:\Program Files\Common Files\Real
2008-03-28 11:20:52 0 d-------- C:\Users\All Users\Roxio
2008-03-27 00:28:55 0 d-------- C:\Program Files\uTorrent
2008-03-27 00:26:22 0 d-------- C:\Program Files\PeerGuardian2
2008-03-26 23:47:55 0 --a------ C:\Windows\nsreg.dat
2008-03-26 23:35:33 0 d-------- C:\Intel
2008-03-26 14:46:25 0 d-------- C:\Windows\system32\x64
2008-03-26 14:45:34 0 d-------- C:\MDT
2008-03-26 14:39:44 0 d-------- C:\Users\All Users\CyberLink
2008-03-26 14:23:01 0 dr------- C:\Users\josh\Searches
2008-03-26 14:22:50 0 dr------- C:\Users\josh\Contacts
2008-03-26 14:22:14 0 d--hs---- C:\Users\josh\Templates
2008-03-26 14:22:14 0 d--hs---- C:\Users\josh\Start Menu
2008-03-26 14:22:14 0 d--hs---- C:\Users\josh\SendTo
2008-03-26 14:22:14 0 d--hs---- C:\Users\josh\Recent
2008-03-26 14:22:14 0 d--hs---- C:\Users\josh\PrintHood
2008-03-26 14:22:14 0 d--hs---- C:\Users\josh\NetHood
2008-03-26 14:22:14 0 d--hs---- C:\Users\josh\My Documents
2008-03-26 14:22:14 0 d--hs---- C:\Users\josh\Local Settings
2008-03-26 14:22:14 0 d--hs---- C:\Users\josh\Cookies
2008-03-26 14:22:14 0 d--hs---- C:\Users\josh\Application Data
2008-03-26 14:22:13 0 dr------- C:\Users\josh\Videos
2008-03-26 14:22:13 0 dr------- C:\Users\josh\Saved Games
2008-03-26 14:22:13 0 dr------- C:\Users\josh\Pictures
2008-03-26 14:22:13 2097152 --ahs---- C:\Users\josh\NTUSER.DAT
2008-03-26 14:22:13 0 dr------- C:\Users\josh\Music
2008-03-26 14:22:13 0 dr------- C:\Users\josh\Links
2008-03-26 14:22:13 0 dr------- C:\Users\josh\Favorites
2008-03-26 14:22:13 0 dr------- C:\Users\josh\Downloads
2008-03-26 14:22:13 0 dr------- C:\Users\josh\Documents
2008-03-26 14:22:13 0 dr------- C:\Users\josh\Desktop
2008-03-26 14:22:13 0 d--h----- C:\Users\josh\AppData
2008-03-26 14:13:44 0 d--hs---- C:\Users\Default\Templates
2008-03-26 14:13:44 0 d--hs---- C:\Users\Default\Start Menu
2008-03-26 14:13:44 0 d--hs---- C:\Users\Default\SendTo
2008-03-26 14:13:44 0 d--hs---- C:\Users\Default\Recent
2008-03-26 14:13:44 0 d--hs---- C:\Users\Default\PrintHood
2008-03-26 14:13:44 0 d--hs---- C:\Users\Default\NetHood
2008-03-26 14:13:44 0 d--hs---- C:\Users\Default\My Documents
2008-03-26 14:13:44 0 d--hs---- C:\Users\Default\Local Settings
2008-03-26 14:13:44 0 d--hs---- C:\Users\Default\Cookies
2008-03-26 14:13:44 0 d--hs---- C:\Users\Default\Application Data
2008-03-26 14:13:44 0 d--hs---- C:\Users\All Users\Templates
2008-03-26 14:13:44 0 d--hs---- C:\Users\All Users\Start Menu
2008-03-26 14:13:44 0 d--hs---- C:\Users\All Users\Favorites
2008-03-26 14:13:44 0 d--hs---- C:\Users\All Users\Documents
2008-03-26 14:13:44 0 d--hs---- C:\Users\All Users\Desktop
2008-03-26 14:13:44 0 d--hs---- C:\Users\All Users\Application Data
2008-03-26 14:13:44 0 d--hs---- C:\Documents and Settings
2008-03-25 12:08:10 0 d-------- C:\Windows\Users
2008-03-25 12:05:12 0 d-------- C:\doctemp
2008-03-25 12:03:13 0 d-------- C:\Windows\system32\oem
2008-03-25 12:03:13 0 d-------- C:\Drivers
2008-03-25 12:03:13 0 d-------- C:\DELL
2008-03-25 04:51:23 0 d-------- C:\Program Files\EarthLink Setup
2008-03-25 04:50:39 0 d-------- C:\Program Files\AOL Install
2008-03-25 04:49:37 0 d-------- C:\Users\All Users\Uninstall
2008-03-25 04:49:32 0 d-------- C:\Program Files\Common Files\SureThing Shared
2008-03-25 04:48:44 0 d-------- C:\Users\All Users\Sonic
2008-03-25 04:48:31 0 d-------- C:\Program Files\Common Files\PX Storage Engine
2008-03-25 04:48:29 0 d-------- C:\Program Files\Common Files\Sonic Shared
2008-03-25 04:47:53 0 d-------- C:\Program Files\Common Files\Roxio Shared
2008-03-25 04:47:42 0 d-------- C:\Users\All Users\InstallShield
2008-03-25 04:47:39 0 d-------- C:\Program Files\Roxio
2008-03-25 04:46:19 0 d-------- C:\Program Files\Microsoft Works
2008-03-25 04:41:20 0 d-------- C:\Users\All Users\Trend Micro
2008-03-25 04:41:15 0 d-------- C:\Program Files\Trend Micro
2008-03-25 04:40:57 0 d-------- C:\Users\All Users\SupportSoft
2008-03-25 04:40:45 0 d-------- C:\Program Files\Dell Support Center
2008-03-25 04:40:44 0 d-------- C:\Program Files\Common Files\supportsoft
2008-03-25 04:39:51 0 d-------- C:\Users\All Users\Google
2008-03-25 04:39:49 0 d-------- C:\Program Files\Google
2008-03-25 04:39:48 0 d-------- C:\Program Files\Dell
2008-03-25 04:39:31 0 d-------- C:\Users\All Users\Adobe
2008-03-25 04:38:54 0 d-------- C:\Program Files\Dell DataSafe Online
2008-03-25 04:38:04 0 d-------- C:\Users\All Users\Dell
2008-03-25 04:37:47 0 d-------- C:\Program Files\CyberLink
2008-03-25 04:37:16 0 d-------- C:\Program Files\NetWaiting
2008-03-25 04:36:53 0 d-------- C:\Program Files\Digital Line Detect
2008-03-25 04:35:29 0 d-------- C:\Program Files\Intel
2008-03-25 04:35:23 0 d-------- C:\Windows\java
2008-03-25 04:35:23 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-03-25 04:35:22 0 d-------- C:\Program Files\Common Files\InstallShield
2008-03-25 04:34:34 0 d-------- C:\Program Files\Modem Diagnostic Tool
2008-03-25 04:33:41 0 d-------- C:\Program Files\Java
2008-03-25 04:33:41 0 d-------- C:\Program Files\Common Files\Java
2008-03-25 04:33:38 0 d--hs---- C:\Windows\Installer
2008-03-25 04:33:13 0 d-------- C:\Windows\system32\Macromed
2008-03-25 04:25:12 0 d-------- C:\Windows\SoftwareDistribution
2008-03-25 04:24:31 0 d-------- C:\Program Files\CONEXANT
2008-03-25 04:24:22 0 d-------- C:\Windows\system32\RTCOM
2008-03-25 04:23:10 0 d--hs---- C:\System Volume Information


-- Find3M Report ---------------------------------------------------------------

2008-04-06 15:07:06 0 d-------- C:\Users\josh\AppData\Roaming\SUPERAntiSpyware.com
2008-04-06 10:37:10 0 d-------- C:\Users\josh\AppData\Roaming\InstallShield
2008-04-05 17:59:59 0 d-------- C:\Program Files\Common Files
2008-04-03 14:30:53 0 d-------- C:\Users\josh\AppData\Roaming\uTorrent
2008-04-03 01:02:09 0 d-------- C:\Users\josh\AppData\Roaming\Adobe
2008-04-02 00:10:09 26340 --a------ C:\Users\josh\AppData\Roaming\UserTile.png
2008-04-02 00:09:36 0 d-------- C:\Users\josh\AppData\Roaming\PeerNetworking
2008-03-28 11:30:24 0 d-------- C:\Users\josh\AppData\Roaming\Real
2008-03-28 11:20:51 0 d-------- C:\Users\josh\AppData\Roaming\Roxio
2008-03-26 23:47:54 0 d-------- C:\Users\josh\AppData\Roaming\Mozilla
2008-03-26 23:30:47 0 d-------- C:\Program Files\Windows Mail
2008-03-26 14:39:55 0 d-------- C:\Users\josh\AppData\Roaming\CyberLink
2008-03-26 14:30:03 0 d-------- C:\Users\josh\AppData\Roaming\Macromedia
2008-03-26 14:29:54 0 d-------- C:\Users\josh\AppData\Roaming\Google
2008-03-26 14:22:53 0 d-------- C:\Users\josh\AppData\Roaming\Identities
2008-03-25 12:15:01 0 d-------- C:\Program Files\Windows Calendar
2008-03-25 12:11:57 0 d-------- C:\Program Files\Windows Defender
2008-03-25 12:11:00 0 d-------- C:\Program Files\Windows Sidebar
2008-03-25 04:25:21 174 --ahs---- C:\Program Files\desktop.ini
2008-02-20 22:05:44 3596288 --a------ C:\Windows\system32\qt-dx331.dll
2008-02-20 22:04:16 196608 --a------ C:\Windows\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-02-20 22:04:16 81920 --a------ C:\Windows\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-02-20 22:04:04 802816 --a------ C:\Windows\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-02-20 22:04:04 823296 --a------ C:\Windows\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2008-02-20 22:04:04 823296 --a------ C:\Windows\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2008-02-20 22:04:04 682496 --a------ C:\Windows\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2008-02-20 22:03:24 12288 --a------ C:\Windows\system32\DivXWMPExtType.dll


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [03/25/2008 12:11 PM]
"ECenter"="C:\Dell\E-Center\EULALauncher.exe" [01/18/2008 07:40 AM]
"RtHDVCpl"="RtHDVCpl.exe" [05/11/2007 09:26 AM C:\Windows\RtHDVCpl.exe]
"PDVDDXSrv"="C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [09/17/2007 12:56 PM]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [03/25/2008 04:39 AM]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [02/13/2008 08:21 PM]
"pccguide.exe"="C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe" [08/27/2007 05:21 AM]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [01/02/2008 05:07 PM]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [01/02/2008 05:06 PM]
"Persistence"="C:\Windows\system32\igfxpers.exe" [01/02/2008 05:07 PM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [03/28/2008 11:24 AM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 10:16 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="oobefldr.dll,ShowWelcomeCenter" []
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [11/02/2006 08:34 AM]
"CollaborationHost"="C:\Windows\system32\p2phost.exe" [11/02/2006 08:34 AM]
"vekdfrbq"="C:\ProgramData\vekdfrbq\qlkpqdot.exe" [04/05/2008 02:13 PM]
"rwphwqdk"="C:\ProgramData\rwphwqdk\ngryjgny.exe" [04/06/2008 11:01 AM]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [02/29/2008 04:03 PM]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [01/28/2008 11:43 AM]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [3/25/2008 4:37:12 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/2006 12:55 PM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 12:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalService nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE WebClient
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc wlansvc EMDMgmt TabletInputService WPDBusEnum
LocalServiceNoNetwork PLA DPS BFE mpssvc


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- End of Deckard's System Scanner: finished at 2008-04-07 14:35:15 ------------Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft® Windows Vista™ Home Basic (build 6000)
Architecture: X86; Language: English

CPU 0: Intel® Core™2 Quad CPU Q6600 @ 2.40GHz
Percentage of Memory in Use: 72%
Physical Memory (total/avail): 1012.56 MiB / 283.43 MiB
Pagefile Memory (total/avail): 2281.01 MiB / 1075.18 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1900.14 MiB

C: is Fixed (NTFS) - 222.78 GiB total, 172.53 GiB free.
D: is Fixed (NTFS) - 10 GiB total, 6.48 GiB free.
E: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - ST3250310AS ATA Device - 232.83 GiB - 3 partitions
\PARTITION0 - Unknown - 47.03 MiB
\PARTITION1 - Installable File System - 10 GiB - D:
\PARTITION2 (bootable) - Installable File System - 222.78 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FW: PC-cillin Internet Security - Firewall v14 (Trend Micro, Inc.)
AV: PC-cillin Internet Security - Virus Protection v14.70.1014 (Trend Micro, Inc.)
AS: PC-cillin Internet Security - Spyware Protection v14.70.1014 (Trend Micro, Inc.)
AS: Spybot - Search and Destroy v1.0.0.5 (Safer Networking Ltd.) Disabled
AS: Windows Defender v1.1.1505.0 (Microsoft Corporation) Disabled
AS: SUPERAntiSpyware v4, 0, 0, 1154 (SUPERAntiSpyware.com) Disabled

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\ProgramData
APPDATA=C:\Users\josh\AppData\Roaming
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=JOSH-PC
ComSpec=C:\Windows\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Users\josh
LOCALAPPDATA=C:\Users\josh\AppData\Local
LOGONSERVER=\\JOSH-PC
NUMBER_OF_PROCESSORS=4
OS=Windows_NT
Path=C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files\Intel\DMIX;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\10.0\DLLShared\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 11, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f0b
ProgramData=C:\ProgramData
ProgramFiles=C:\Program Files
PROMPT=$P$G
PUBLIC=C:\Users\Public
RoxioCentral=C:\Program Files\Common Files\Roxio Shared\10.0\Roxio Central36\
SystemDrive=C:
SystemRoot=C:\Windows
TEMP=C:\Users\josh\AppData\Local\Temp
TMP=C:\Users\josh\AppData\Local\Temp
USERDOMAIN=josh-PC
USERNAME=josh
USERPROFILE=C:\Users\josh
windir=C:\Windows


-- User Profiles ---------------------------------------------------------------

josh


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
--> MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}
--> MsiExec.exe /I{95D9B4D8-B091-4fab-80EA-313EB4B82FD6}
--> MsiExec.exe /I{EB997E90-5EB0-4eb5-90D0-90B1D2F0CA03}
µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player ActiveX --> C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
AOL Install --> MsiExec.exe /I{2357B8BC-88C9-4A72-818C-050CC4EB0778}
Ares 2.0.9 --> "C:\Program Files\Ares\uninstall.exe"
Browser Address Error Redirector --> MsiExec.exe /I{62230596-37E5-4618-A329-0D21F529A86F}
Call of Duty® 4 - Modern Warfare™ Demo --> C:\Program Files\InstallShield Installation Information\{6734CA10-8FB8-4C7F-B8C7-75317C617DC5}\setup.exe -runfromtemp -l0x0409
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
Compatibility Pack for the 2007 Office system --> MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Conexant D850 PCI V.92 Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1\HXFSETUP.EXE -U -IDel200fz.inf
Dell DataSafe Online --> MsiExec.exe /I{4D3C9F4B-4B7D-4E5D-99B9-0123AB0D51ED}
Dell Getting Started Guide --> MsiExec.exe /I{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}
Dell Support Center --> MsiExec.exe /X{E3BFEE55-39E2-4BE0-B966-89FE583822C1}
Digital Line Detect --> C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe -runfromtemp -l0x0009 -removeonly
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter --> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
EarthLink Setup Files --> MsiExec.exe /X{5E68BB65-4059-4FE5-AAC4-0CD1D79BBDE2}
Google Desktop --> C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Intel® Graphics Media Accelerator Driver --> C:\Windows\system32\igxpun.exe -uninstall
Intel® PRO Network Connections 12.1.11.0 --> MsiExec.exe /i{777CA40C-0206-4EF6-A0FC-618BF06BF8D0} ARPREMOVE=1
Intel® PRO Network Connections 12.1.11.0 --> MsiExec.exe /i{777CA40C-0206-4EF6-A0FC-618BF06BF8D0} ARPREMOVE=1
Internet Service Offers Launcher --> MsiExec.exe /I{CCFF1E13-77A2-4032-8B12-7566982A27DF}
Java™ SE Runtime Environment 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}
Microsoft Office PowerPoint Viewer 2007 (English) --> MsiExec.exe /X{95120000-00AF-0409-0000-0000000FF1CE}
Microsoft Works --> MsiExec.exe /I{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}
Modem Diagnostic Tool --> MsiExec.exe /I{F63A3748-B93D-4360-9AD4-B064481A5C7B}
Mozilla Firefox (2.0.0.13) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Music, Photos & Videos Launcher --> MsiExec.exe /I{D7769185-9A7C-48D4-8874-5388743A1DE2}
NetWaiting --> C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe -runfromtemp -l0x0009 -removeonly
Orb --> "C:\Program Files\Orb Networks\Orb\uninstall.exe"
PeerGuardian 2.0 --> "C:\Program Files\PeerGuardian2\unins000.exe"
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -l0x9 -cluninstall
Product Documentation Launcher --> MsiExec.exe /I{89CEAE14-DD0F-448E-9554-15781EC9DB24}
RAM Idle LE --> "C:\Program Files\RAM Idle LE\unins000.exe"
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek High Definition Audio Driver --> RtlUpd.exe -r -m
Roxio Creator Audio --> MsiExec.exe /I{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}
Roxio Creator Copy --> MsiExec.exe /I{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}
Roxio Creator Data --> MsiExec.exe /I{08E81ABD-79F7-49C2-881F-FD6CB0975693}
Roxio Creator DE --> C:\ProgramData\Uninstall\{09760D42-E223-42AD-8C3E-55B47D0DDAC3}\setup.exe /x {09760D42-E223-42AD-8C3E-55B47D0DDAC3}
Roxio Creator DE --> MsiExec.exe /I{ED439A64-F018-4DD4-8BA5-328D85AB09AB}
Roxio Creator Tools --> MsiExec.exe /I{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}
Roxio Express Labeler 3 --> MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Roxio Update Manager --> MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Simpsons Jeopardy! --> "C:\Windows\Simpsons Jeopardy!\uninstall.exe" "/U:C:\Program Files\Simpsons Jeopardy!\Uninstall\uninstall.xml"
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Trend Micro PC-cillin Internet Security --> C:\PROGRA~1\TRENDM~1\INTERN~1\remove.exe
Trend Micro PC-cillin Internet Security --> MsiExec.exe /X{EA8C73AA-3D75-44C9-87A2-8E945FC5FEE6}
User's Guides --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}\setup.exe"
WarRock --> C:\Program Files\InstallShield Installation Information\{00D15456-F679-4AD4-8BD2-56450D4C3F72}\setup.exe -runfromtemp -l0x0009 -removeonly
Windows Media Player Firefox Plugin --> MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
Yahoo! Install Manager --> C:\Windows\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Toolbar --> C:\PROGRA~1\Yahoo!\Common\unyt.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type549 / Error
Event Submitted/Written: 04/07/2008 09:58:02 AM
Event ID/Source: 78 / SideBySide
Event Description:
Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.312_none_10b2ee7b9bffc2c7.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.312_none_10b2ee7b9bffc2c7.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.312_none_10b2ee7b9bffc2c7.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.312_none_10b2ee7b9bffc2c7.manifest.
Component 2: C:\Program Files\Orb Networks\Orb\bin\Microsoft.VC80.CRT.MANIFEST.

Event Record #/Type547 / Success
Event Submitted/Written: 04/07/2008 09:57:41 AM
Event ID/Source: 5617 / WinMgmt
Event Description:


Event Record #/Type546 / Success
Event Submitted/Written: 04/07/2008 09:57:41 AM
Event ID/Source: 5615 / WinMgmt
Event Description:


Event Record #/Type543 / Success
Event Submitted/Written: 04/07/2008 09:57:30 AM
Event ID/Source: 902 / Software Licensing Service
Event Description:
The Software Licensing service has started.

Event Record #/Type529 / Error
Event Submitted/Written: 04/06/2008 09:21:30 PM
Event ID/Source: 78 / SideBySide
Event Description:
Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.312_none_10b2ee7b9bffc2c7.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.312_none_10b2ee7b9bffc2c7.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.312_none_10b2ee7b9bffc2c7.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.312_none_10b2ee7b9bffc2c7.manifest.
Component 2: C:\Program Files\Orb Networks\Orb\bin\Microsoft.VC80.CRT.MANIFEST.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type4026 / Warning
Event Submitted/Written: 04/07/2008 02:28:27 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type4025 / Warning
Event Submitted/Written: 04/07/2008 02:21:20 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type4015 / Error
Event Submitted/Written: 04/07/2008 11:57:29 AM
Event ID/Source: 1000 / Dhcp
Event Description:
Your computer has lost the lease to its IP address 192.168.2.24 on the Network Card with network address 001D09901F2B.

Event Record #/Type4014 / Warning
Event Submitted/Written: 04/07/2008 11:57:29 AM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 001D09901F2B. The following error occurred:
%%121. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

Event Record #/Type4013 / Warning
Event Submitted/Written: 04/07/2008 11:56:50 AM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 001D09901F2B. The following error occurred:
%%121. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

Edited by bigjosh33, 07 April 2008 - 01:39 PM.


BC AdBot (Login to Remove)

 


#2 jwbirdsong

jwbirdsong

    Slaher O' Spyware


  • Members
  • 232 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:12 AM

Posted 07 April 2008 - 08:08 PM

Download OTScanIt.exe to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.
  • Close any open browsers.
  • If your Real protection or Antivirus intervenes with OTScanIt, allow it to run.
  • Open the OTScanit folder and double-click on OTScanit.exe to start the program.(Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Leave all the setting to the default except as noted below
  • Check the box for Scan all user accounts
  • Under Additional Scans sections, check the following
  • Reg - BotCheck
  • File - Additional Folder Scan
[*]Now click the Run Scan button on the toolbar.
[*]The program will be scanning huge amounts of data so depending on your system it could take a long time to complete. Let it run unhindered until it finishes.
[*]When the scan is complete Notepad will open with the report file loaded in it.
[*]Save that notepad file
[/list]If the log is too large to post, use the ADDREPLY button, scroll down to the attachments section and attach the notepad file here.

#3 bigjosh33

bigjosh33
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:12 AM

Posted 07 April 2008 - 10:35 PM

thank u very much 4 the help.

Edited by bigjosh33, 07 April 2008 - 10:37 PM.


#4 bigjosh33

bigjosh33
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:12 AM

Posted 08 April 2008 - 10:12 PM

problem resolved

#5 jwbirdsong

jwbirdsong

    Slaher O' Spyware


  • Members
  • 232 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:12 AM

Posted 10 April 2008 - 07:57 AM

Well glad you were able to resolve it. Again sorry for the delay in response




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users