Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware Bell Infection


  • This topic is locked This topic is locked
12 replies to this topic

#1 kabergmann

kabergmann

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:42 PM

Posted 19 April 2008 - 11:31 AM

Let's try it again. (After reading some things)... ;)

I have a pop-up window that occurs anytime a page loads. I get the "error sound" and a window pops up telling me that I am infected with a virus and that I need to download software to remove it. It sends me a malware bell site and wants me to download a program. I fear that the program was downloaded and ran.

Here are the logs:

Deckard's System Scanner v20071014.68
Run by kbergmann on 2008-04-19 12:10:40
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
108: 2008-04-19 16:10:54 UTC - RP992 - Deckard's System Scanner Restore Point
107: 2008-04-19 12:35:10 UTC - RP991 - Configured InstallShield Restore Point
106: 2008-04-19 12:18:45 UTC - RP990 - Installed CA eTrust PestPatrol Anti-Spyware Corporate Edition
105: 2008-04-19 05:42:23 UTC - RP989 - System Checkpoint
104: 2008-04-18 02:09:34 UTC - RP988 - Installed Symantec Technical Support Web Controls


-- First Restore Point --
1: 2008-01-20 17:26:27 UTC - RP885 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as kbergmann.exe) -------------------------------------------

Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-04-19 12:17:11
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\UMDNJ\VPN Client\cvpnd.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Ahead\Nero\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Norton Save and Restore\Agent\VProSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\BrmfRsmg.exe
C:\WINDOWS\mixer.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\DIGStream\digstream.exe
C:\Program Files\ESPNRunTime\DIGServices.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norton Save and Restore\Agent\VProTray.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Plaxo\3.8.1.1\PlaxoHelper_en.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Microsoft ActiveSync\rapimgr.exe
C:\Program Files\BOINC\boincmgr.exe
C:\Program Files\Palm\HOTSYNC.EXE
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\BOINC\boinc.exe
C:\Program Files\BOINC\projects\setiathome.berkeley.edu\setiathome-5.15-kwsn-sse.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\PestPatrol\ppRemoteService.exe
C:\Program Files\Common Files\PestPatrol\PPMCActiveDetection.exe
C:\Program Files\BOINC\projects\einstein.phys.uwm.edu\einstein_S5R3_4.26_windows_intelx86.exe
C:\Program Files\a-squared HiJackFree\a-squared Free\a2service.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\kbergmann\Desktop\dss.exe
C:\Program Files\Trend Micro\HijackThis\kbergmann.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig?hl=en
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Comcast
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: PCTools - {F9C6EC65-2988-4896-976F-6EA66FAD9844} - C:\WINDOWS\konet32n.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [DIGServices] C:\Program Files\ESPNRunTime\DIGServices.exe /brand=ESPN /priority=0 /poll=24
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [tgcmd] C:\Program Files\Support.com\bin\tgcmd.exe /server /startmonitor /deaf
O4 - HKLM\..\Run: [SymLnch] C:\DOCUME~1\KBERGM~1\LOCALS~1\Temp\LnchStub.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Norton Save and Restore 2.0] "C:\Program Files\Norton Save and Restore\Agent\VProTray.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Ahead\Nero\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SpyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\3.8.1.1\PlaxoHelper_en.exe -a
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\RunOnce: [*SPRTRA] rundll32.exe "C:\PROGRA~1\COMMON~1\SYMANT~1\SUPPOR~1\tgctlcm.dll",JoinBackIssue
O4 - Startup: HotSync Manager.lnk = ?
O4 - Global Startup: BidSlayer.lnk = C:\Program Files\BidSlayer\bidslayer.exe
O4 - Global Startup: BOINC Manager.lnk = C:\Program Files\BOINC\boincmgr.exe
O4 - Global Startup: HOTSYNC.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Documents and Settings\All Users\Documents\My Pictures\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: &Highlight - C:\WINDOWS\WEB\highlight.htm
O8 - Extra context menu item: &Links List - C:\WINDOWS\WEB\urllist.htm
O8 - Extra context menu item: &Web Search - C:\WINDOWS\WEB\selsearch.htm
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: I&mages List - C:\WINDOWS\Web\imglist.htm
O8 - Extra context menu item: Open Frame in &New Window - C:\WINDOWS\WEB\frm2new.htm
O8 - Extra context menu item: Zoom &In - C:\WINDOWS\WEB\zoomin.htm
O8 - Extra context menu item: Zoom O&ut - C:\WINDOWS\WEB\zoomout.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.www.lowes.com (HKCU)
O15 - Trusted Zone: http://www.update.microsoft.com (HKCU)
O15 - Trusted Zone: *.www.parentviewwb.com (HKCU)
O15 - Trusted Zone: http://www.rainbowacademy.com (HKCU)
O15 - Trusted Zone: http://www.symantec.com (HKCU)
O15 - Trusted Zone: *.accessumd.umdnj.edu (HKCU)
O15 - Trusted Zone: http://pacsweb.umdnj.edu (HKCU)
O15 - Trusted Zone: http://soverahim.umdnj.edu (HKCU)
O15 - Trusted Zone: https://umdpacs.umdnj.edu (HKCU)
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.comcastsupport.com/sdcxuser/asp/tgctlsr.cab
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=67633
O16 - DPF: {086EA26E-CCE0-11D5-A801-00B0D0E4B6C3} (LinkInstallControl Class) - http://soverahim.umdnj.edu/himprod/soverainst.cab
O16 - DPF: {0DB074F0-617E-4EE9-912C-2965CF2AA5A4} (SentinelVE3D Class) - http://download.microsoft.com/download/0/f...tualEarth3D.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/u...can_unicode.cab
O16 - DPF: {16EA5913-C33B-11D5-A7F9-00B0D0E4B6C3} (LnkThirdPartyCabLoad Class) - http://soverahim.umdnj.edu/himprod/soveractl.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/0/5...heckControl.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/as...rl/LSSupCtl.cab
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://vaww.newjersey.med.va.gov/Citrix/IC...ca32/wficac.cab
O16 - DPF: {2FDA545F-81C8-11D3-934C-00C04FBF0F65} (PSWebActX Control) - http://pacsweb.umdnj.edu/downloads/psw98.cab
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc3.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab
O16 - DPF: {46CF8BCA-84A1-4437-847A-DC29496E01A5} (ISiteNonVisual Control 3.3) - http://v03pacs/iSite3_3.cab
O16 - DPF: {4B48D5DF-9021-45F7-A240-60304302A215} (Malicious Software Removal Tool) - http://download.microsoft.com/download/5/c.../WebCleaner.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1145907489077
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {69125F25-D7E6-4B3A-8C6A-087EF5F10455} (dcNowView.DC_NowView) - http://www.parentviewwb.com/NowViewDC.CAB
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1145913426250
O16 - DPF: {8613571C-30D2-4BD4-9710-3DFDBADE8190} (AMI Pictorial Control CWeb 2.1 SPa05) - https://umdpacs.umdnj.edu/amI/install/amiviewer.cab
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab
O16 - DPF: {A8B3A7FE-9C8D-4F15-9B01-8805BDF43B1B} (AMI Pictorial Control CWeb 2.1 SPa06) - https://umdpacs.umdnj.edu/amI/install/amiviewer.cab
O16 - DPF: {C09F02C3-0DEC-4C44-A098-E7D4437C750C} (AMS Sovera for HIM) - http://soverahim.umdnj.edu/himprod/soverahim.cab
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - https://disney.go.com/games/downloads/gamem...GameManager.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} () - https://www-secure.symantec.com/techsupp/as...rl/SymAData.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab
O18 - Protocol: lid - {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\system32\msvidctl.dll
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared HiJackFree\a-squared Free\a2service.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates International Inc. - C:\Program Files\CA\SharedComponents\CA_LIC\\lic98rmt.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\UMDNJ\VPN Client\cvpnd.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: Nero BackItUp Scheduler 3 - Unknown owner - C:\Program Files\Ahead\Nero\Nero\Nero8\Nero
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Norton Save and Restore - Symantec Corporation - C:\Program Files\Norton Save and Restore\Agent\VProSvc.exe
O23 - Service: PestPatrol Remote - Computer Associates International, Inc. - C:\Program Files\Common Files\PestPatrol\ppRemoteService.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe


--
End of file - 18834 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 PQNTDrv - c:\windows\system32\drivers\pqntdrv.sys <Not Verified; PowerQuest Corporation; PowerQuest product>
R2 MaVctrl - c:\windows\system32\drivers\mavc2k.sys <Not Verified; Mobile Action Technology Inc.; Handset Manager>
R3 AmdTools (AMD Special Tools Driver) - c:\windows\system32\drivers\amdtools.sys <Not Verified; AMD, Inc.; Special Tools Driver>

S1 SysTool (SysTool Overclocking Utility) - c:\windows\system32\drivers\systool.sys <Not Verified; ; Low-Level Driver>
S3 ADPTEHCD (Adaptec USB 2.0 Enhanced Host Controller Driver) - c:\windows\system32\drivers\asusehcd.sys <Not Verified; Asustek Company Inc.; Asustek USB 2.0 Driver Stack>
S3 ADPTHUBD (Adaptec USB 2.0 Hub Driver) - c:\windows\system32\drivers\asus2hub.sys <Not Verified; Asustek Company Inc.; Asustek USB 2.0 Driver Stack>
S3 AUSBD_FilterService (Adaptec USB 2.0 Port Enumeration Driver) - c:\windows\system32\drivers\asususbd.sys <Not Verified; Asustek Company Inc.; Asustek USB 2.0 Driver Stack>
S3 grmnusb - c:\windows\system32\drivers\grmnusb.sys <Not Verified; GARMIN Corp.; Garmin USB GPS>
S3 MA8032C - c:\windows\system32\drivers\ma8032c.sys <Not Verified; Mobile Action Technology Inc.; Handset Manager>
S3 MA8032M - c:\windows\system32\drivers\ma8032m.sys <Not Verified; Mobile Action Technology Inc.; Handset Manager>
S3 MA8032U - c:\windows\system32\drivers\ma8032u.sys <Not Verified; Mobile Action Technology Inc.; Handset Manager>
S3 mam4410c - c:\windows\system32\drivers\mam4410c.sys <Not Verified; Mobile Action Technology Inc.; Handset Manager>
S3 mam4410m - c:\windows\system32\drivers\mam4410m.sys <Not Verified; Mobile Action Technology Inc.; Handset Manager>
S3 mam4410u - c:\windows\system32\drivers\mam4410u.sys <Not Verified; Mobile Action Technology Inc.; Handset Manager>
S3 MaRdPnp - c:\windows\system32\drivers\mardp2k.sys <Not Verified; Mobile Action Technology Inc.; Handset Manager>
S3 PCANDIS5 (PCANDIS5 Protocol Driver) - d:\progra~1\eraseall\pcandis5.sys (file missing)
S3 qpartmgr - c:\docume~1\kbergm~1\locals~1\temp\qpartmgr.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 LogWatch (Event Log Watch) - "c:\program files\ca\sharedcomponents\ca_lic\logwatnt.exe" <Not Verified; Computer Associates; Computer Associates LogWatNT>
R2 Nero BackItUp Scheduler 3 - c:\program files\ahead\nero\nero\nero8\nero backitup\nbservice.exe
R2 PestPatrol Remote - "c:\program files\common files\pestpatrol\ppremoteservice.exe" <Not Verified; Computer Associates International, Inc.; eTrust PestPatrol Anti-Spyware Corporate Edition>
R2 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager>
R3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>

S3 CA_LIC_CLNT (CA License Client) - "c:\program files\ca\sharedcomponents\ca_lic\\lic98rmt.exe" <Not Verified; Computer Associates International Inc.; Lic98>
S3 KodakCCS (Kodak Camera Connection Software) - c:\windows\system32\drivers\kodakccs.exe (file missing)


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Cisco Systems VPN Adapter
Device ID: ROOT\NET\0000
Manufacturer: Cisco Systems
Name: Cisco Systems VPN Adapter
PNP Device ID: ROOT\NET\0000
Service: CVirtA


-- Scheduled Tasks -------------------------------------------------------------

2008-04-12 18:41:01 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2008-04-06 19:35:01 444 --a------ C:\WINDOWS\Tasks\EasyShare Registration Task.job


-- Files created between 2008-03-19 and 2008-04-19 -----------------------------

2008-04-19 11:47:35 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-04-19 11:47:34 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-04-19 11:47:33 0 d-------- C:\WINDOWS\LastGood
2008-04-19 09:34:10 0 d-------- C:\Program Files\Trend Micro
2008-04-19 08:25:36 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-19 08:19:44 0 d-------- C:\Program Files\Common Files\PestPatrol
2008-04-19 08:19:43 0 d-------- C:\Program Files\CA
2008-04-17 21:55:41 0 d-------- C:\Program Files\a-squared HiJackFree
2008-04-16 22:19:02 0 d-------- C:\Program Files\Enigma Software Group
2008-04-16 22:11:01 0 d-------- C:\Program Files\MalwareBell
2008-04-16 21:51:22 212480 --a------ C:\WINDOWS\konet32n.dll
2008-04-16 21:51:21 51 --a------ C:\smp.bat
2008-04-05 19:46:30 0 d-------- C:\Program Files\iPod
2008-04-05 19:46:22 0 d-------- C:\Program Files\iTunes
2008-04-05 19:44:00 0 d-------- C:\Program Files\QuickTime
2008-03-31 17:25:48 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX>
2008-03-31 17:25:48 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX>
2008-03-31 17:25:46 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-03-31 17:25:46 831488 --a------ C:\WINDOWS\system32\divx_xx0a.dll
2008-03-31 17:25:46 682496 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX>
2008-03-21 16:28:54 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-03-21 16:28:54 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-03-21 16:28:20 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll


-- Find3M Report ---------------------------------------------------------------

2008-04-19 12:18:28 0 d-------- C:\Program Files\BOINC
2008-04-19 08:41:03 0 d-------- C:\Program Files\BidSlayer
2008-04-19 08:40:25 184236 --a------ C:\logfile
2008-04-19 08:39:05 0 d-------- C:\Program Files\Plaxo
2008-04-19 08:20:05 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-19 08:19:44 0 d-------- C:\Program Files\Common Files
2008-04-17 22:15:03 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-04-14 05:52:54 0 d-------- C:\Documents and Settings\kbergmann\Application Data\ICAClient
2008-04-14 05:51:33 0 d-------- C:\Program Files\Norton 360
2008-04-10 04:55:35 0 d-------- C:\Program Files\DivX
2008-03-30 09:29:51 0 d-------- C:\Program Files\Safari
2008-03-21 16:30:08 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-03-20 05:28:36 0 d-------- C:\Program Files\Citrix
2008-03-16 22:40:21 0 d-------- C:\Program Files\Microsoft Silverlight
2008-03-16 21:42:43 0 d-------- C:\Documents and Settings\kbergmann\Application Data\Azureus
2008-03-10 20:53:41 0 d-------- C:\Program Files\Epocrates
2008-03-10 18:06:49 0 d-------- C:\Program Files\Java
2008-03-06 22:09:11 0 d-------- C:\Program Files\ACGME
2008-03-06 21:26:15 0 d-------- C:\Program Files\Azureus
2008-03-06 00:00:12 0 d-------- C:\Program Files\Common Files\SWF Studio
2008-03-05 23:37:53 2528 --a------ C:\Documents and Settings\kbergmann\Application Data\$_hpcst$.hpc
2008-03-05 23:36:24 0 d-------- C:\Program Files\Microsoft ActiveSync
2008-03-05 23:32:17 0 d-------- C:\Program Files\Palm
2008-02-23 10:43:44 0 d-------- C:\Program Files\AMD
2008-02-23 10:43:09 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-22 13:47:12 7168 --ahs---- C:\Program Files\Thumbs.db


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9C6EC65-2988-4896-976F-6EA66FAD9844}]
04/16/2008 09:51 PM 212480 --a------ C:\WINDOWS\konet32n.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"C-Media Mixer"="Mixer.exe" [10/15/2002 06:00 PM C:\WINDOWS\mixer.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]
"DIGStream"="C:\Program Files\DIGStream\digstream.exe" [10/31/2005 11:05 AM]
"DIGServices"="C:\Program Files\ESPNRunTime\DIGServices.exe" [10/31/2005 11:18 AM]
"itype"="C:\Program Files\Microsoft IntelliType Pro\itype.exe" [12/04/2005 04:38 PM]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [12/04/2005 04:39 PM]
"tgcmd"="C:\Program Files\Support.com\bin\tgcmd.exe" []
"SymLnch"="C:\DOCUME~1\KBERGM~1\LOCALS~1\Temp\LnchStub.exe" []
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [01/10/2007 01:59 AM]
"Norton Save and Restore 2.0"="C:\Program Files\Norton Save and Restore\Agent\VProTray.exe" [01/10/2008 05:43 AM]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [01/11/2008 07:54 PM]
"@"="" []
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [03/01/2007 03:57 PM]
"NBKeyScan"="C:\Program Files\Ahead\Nero\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [12/03/2007 03:21 PM]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [01/29/2008 06:38 PM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [03/28/2008 11:37 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [03/30/2008 10:36 AM]
"SpyHunter Security Suite"="C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BidSlayer"="" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 03:56 AM]
"PlaxoUpdate"="C:\Program Files\Plaxo\3.8.1.1\PlaxoHelper_en.exe" [02/11/2008 11:48 AM]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [11/07/2006 11:29 AM]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [11/13/2006 02:39 PM]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [10/18/2006 09:05 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"*SPRTRA"=rundll32.exe "C:\PROGRA~1\COMMON~1\SYMANT~1\SUPPOR~1\tgctlcm.dll",JoinBackIssue

C:\Documents and Settings\kbergmann\Start Menu\Programs\Startup\
HotSync Manager.lnk - C:\Program Files\Palm\HOTSYNC.EXE [8/9/2002 4:36:20 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
BidSlayer.lnk - C:\Program Files\BidSlayer\bidslayer.exe [4/27/2006 5:38:55 AM]
BOINC Manager.lnk - C:\Program Files\BOINC\boincmgr.exe [2/9/2007 11:40:58 AM]
HOTSYNC.lnk - C:\Program Files\Palm\HOTSYNC.EXE [8/9/2002 4:36:20 PM]
Kodak EasyShare software.lnk - C:\Documents and Settings\All Users\Documents\My Pictures\Kodak EasyShare software\bin\EasyShare.exe [9/19/2007 5:33:46 AM]
VPN Client.lnk - C:\WINDOWS\Installer\{3E5562ED-69AB-4CEC-91E2-64E18EC5ACC6}\Icon3E5562ED7.ico [3/6/2007 7:40:53 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoViewOnDrive"=0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

*Newly Created Service* - A2FREE
*Newly Created Service* - COMHOST
*Newly Created Service* - PESTPATROL_REMOTE
*Newly Created Service* - SYMANTEC_REMOTEASSIST



-- End of Deckard's System Scanner: finished at 2008-04-19 12:19:49 ------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Athlon™ MP 2800+
CPU 1: AMD Athlon™ MP 2800+
Percentage of Memory in Use: 27%
Physical Memory (total/avail): 3071.46 MiB / 2217.96 MiB
Pagefile Memory (total/avail): 4961.62 MiB / 4174.17 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1920.98 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 232.88 GiB total, 202.78 GiB free.
D: is CDROM (CDFS)
E: is Fixed (NTFS) - 233.76 GiB total, 92.8 GiB free.
F: is Fixed (NTFS) - 465.68 GiB total, 316.26 GiB free.
G: is Removable (FAT)

\\.\PHYSICALDRIVE0 - HDS72252 5VLAT80 SCSI Disk Device - 232.88 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 232.88 GiB - C:

\\.\PHYSICALDRIVE1 - Hitachi HDS722525VLA SCSI Disk Device - 233.76 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 233.76 GiB - E:

\\.\PHYSICALDRIVE2 - HDS72505 0KLA360 USB Device - 465.76 GiB - 1 partition
\PARTITION0 - Installable File System - 465.68 GiB - F:

\\.\PHYSICALDRIVE3 - Kingston DataTraveler 2.0 USB Device - 470.65 MiB - 1 partition
\PARTITION0 (bootable) - Win95 w/Extended Int 13 - 475.99 MiB - G:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

AntiVirusDisableNotify is set.
FirewallDisableNotify is set.

FW: Norton 360 v2007 (SYMANTEC Corporation)
AV: Norton 360 v2007 (SYMANTEC Corperation)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\\Program Files\\aim.exe"="C:\\Program Files\\aim.exe:*:Enabled:AOL Instant Messenger"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Common Files\\Symantec Shared\\NMain.exe"="C:\\Program Files\\Common Files\\Symantec Shared\\NMain.exe:*:Enabled:Norton SystemWorks"
"C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"="C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe:*:Enabled:Kodak Software Updater"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
"C:\\Documents and Settings\\kbergmann\\Local Settings\\Temp\\Temporary Directory 1 for Ozzfest[1].zip\\Ozzfest.exe"="C:\\Documents and Settings\\kbergmann\\Local Settings\\Temp\\Temporary Directory 1 for Ozzfest[1].zip\\Ozzfest.exe:*:Enabled:Ozzfest"
"C:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"="C:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe:*:Enabled:Nero Home"
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\\Program Files\\aim.exe"="C:\\Program Files\\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\Common Files\\AOL\\1153511677\\ee\\aolsoftware.exe"="C:\\Program Files\\Common Files\\AOL\\1153511677\\ee\\aolsoftware.exe:*:Enabled:AOL Services"
"C:\\Program Files\\Common Files\\AOL\\1153511677\\ee\\aim6.exe"="C:\\Program Files\\Common Files\\AOL\\1153511677\\ee\\aim6.exe:*:Enabled:AIM"
"C:\\Program Files\\Shoppers Hotline\\SHCC\\SHCC.exe"="C:\\Program Files\\Shoppers Hotline\\SHCC\\SHCC.exe:*:Enabled:Shoppers Hotline Control Center"
"C:\\Documents and Settings\\All Users\\Documents\\My Pictures\\Kodak EasyShare software\\bin\\EasyShare.exe"="C:\\Documents and Settings\\All Users\\Documents\\My Pictures\\Kodak EasyShare software\\bin\\EasyShare.exe:*:Enabled:EasyShare"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\eBahn\\jre\\1.3.1\\bin\\javaw.exe"="C:\\Program Files\\eBahn\\jre\\1.3.1\\bin\\javaw.exe:*:Enabled:javaw"
"C:\\Program Files\\AIM6\\aim6.exe"="C:\\Program Files\\AIM6\\aim6.exe:*:Enabled:AIM"
"C:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"="C:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe:*:Enabled:Nero ProductSetup"
"C:\\Documents and Settings\\kbergmann\\Local Settings\\Temp\\Nero Web\\SetupXu.exe"="C:\\Documents and Settings\\kbergmann\\Local Settings\\Temp\\Nero Web\\SetupXu.exe:*:Enabled:Nero ProductSetup"
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Program Files\\Real\\RealPlayer\\realplay.exe:*:Enabled:RealPlayer"
"E:\\My Documents\\My Pictures\\Kodak EasyShare software\\bin\\EasyShare.exe"="E:\\My Documents\\My Pictures\\Kodak EasyShare software\\bin\\EasyShare.exe:*:Enabled:EasyShare"
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\WINDOWS\\system32\\ftp.exe"="C:\\WINDOWS\\system32\\ftp.exe:*:Enabled:File Transfer Program"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\kbergmann\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=SERVER1
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\kbergmann
LOGONSERVER=\\SERVER1
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\PROGRA~1\FileNET\IDM;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\Support Tools\;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Common Files\Nero\Lib\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 10 Stepping 0, AuthenticAMD
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0a00
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\KBERGM~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\KBERGM~1\LOCALS~1\Temp
USERDOMAIN=SERVER1
USERNAME=kbergmann
USERPROFILE=C:\Documents and Settings\kbergmann
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

kbergmann (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Ahead\Nero\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
--> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
--> C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
--> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> C:\WINDOWS\UNRecode.exe /UNINSTALL
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{55251924-B51C-4E66-8199-5258672518C5}\Setup.exe" -u -uninst -fUninst.isu -c"C:\Program Files\Epocrates\EssentialsPPC\Win32\Win32_Dll\AupdUnInstall.dll"
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F445476A-42DE-11D4-80D0-00C04F2750A6}\Setup.exe" -u -uninst -fUninst.isu -c"C:\Program Files\Palm\Epocrates\Win32\Win32_Dll\AupdUnInstall.dll"
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
a-squared Free 3.5 --> "C:\Program Files\a-squared HiJackFree\a-squared Free\unins000.exe"
ACGMESync --> MsiExec.exe /I{3303746F-2AFB-4745-AE30-20516E91B260}
Adobe Acrobat 8.1.2 Standard --> msiexec /I {AC76BA86-1033-0000-BA7E-000000000003}
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Afaria Palm Conduit --> C:\WINDOWS\system32\regsvr32 /u /s "C:\Program Files\Palm\XeClientConduit.DLL"
AIM 6.0 --> C:\Program Files\AIM6\uninst.exe
Alphabet Express --> C:\WINDOWS\unvise32.exe C:\Program Files\sz8001\uninstal.log
AMD CPUInfo --> MsiExec.exe /X{9A27B530-AC8F-4C21-AA59-271FBFD9FE1F}
AOL Instant Messenger --> C:\Program Files\uninstll.exe -LOG= C:\Program Files\install.log -OEM=
AppCore --> MsiExec.exe /I{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Control Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
AV --> MsiExec.exe /I{F4DB525F-A986-4249-B98B-42A8066251CA}
Azureus Vuze --> C:\Program Files\Azureus\uninstall.exe
Bentley Publishers - eBahn --> C:\PROGRA~1 C:\Program Files\eBahn\install.log
BidSlayer 4.00.0004 --> C:\PROGRA~1\BIDSLA~1\Setup.exe /remove
BitPim 1.0.5 --> "C:\Program Files\BitPim\unins000.exe"
BOINC --> MsiExec.exe /I{3814C819-C8D0-4815-AE49-0FB0070B740A}
CA eTrust PestPatrol Anti-Spyware Corporate Edition --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\10\INTEL3~1\IDriver.exe /M{F97A9B59-EC48-4EFF-8BEA-EE7E7A3BF97D} /l1033
ccCommon --> MsiExec.exe /I{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}
CCScore --> MsiExec.exe /I{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}
Citrix ICA Web Client (Minimal Installation) --> RunDll32 ADVPACK.DLL,LaunchINFSection C:\WINDOWS\INF\wficac.inf,DefaultUninstall
Citrix Presentation Server Client --> MsiExec.exe /I{B2AE44CB-2AAB-4C08-A54B-D264BD604DA8}
Disney's Mickey Mouse Toddler --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Disney Interactive\Mickey Mouse Toddler\DeIsL1.isu" -c"C:\Program Files\Disney Interactive\Mickey Mouse Toddler\Saved Games\Uninst.dll
Disney Interactive Compatibility Update May 2002 --> C:\WINDOWS\system32\sdbinst.exe -u "C:\WINDOWS\AppPatch\Custom\{70af630e-2e1b-470f-b600-9ae48f0b94d0}.sdb"
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter --> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Dora Backpack --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D859D35F-E947-4F2A-8591-C76A4D116178}\Setup.exe" -l0x9 -uninst
Dora Fairytale Adventure --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AD298C10-EED0-4075-A9F1-4C8C93ACBD08}\setup.exe" -l0x9
eBahn - Audi A4, S4: 1996-2002 --> "C:\WINDOWS\eBahn\AUDI B5\uninstall.exe" "/U:C:\Program Files\eBahn\Uninstall\AUDI B5\uninstall.xml"
ePocrates Clinical Suite --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F445476A-42DE-11D4-80D0-00C04F2750A6}\Setup.exe" -u
Epocrates Essentials for Pocket PC --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{55251924-B51C-4E66-8199-5258672518C5}\Setup.exe" -u
ESPN RunTime --> C:\Program Files\ESPNRunTime\DIGSvcUninstall.exe /brand=ESPN
ESSBrwr --> MsiExec.exe /I{643EAE81-920C-4931-9F0B-4B343B225CA6}
ESSCDBK --> MsiExec.exe /I{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}
ESScore --> MsiExec.exe /I{42938595-0D83-404D-9F73-F8177FDD531A}
ESSgui --> MsiExec.exe /I{91517631-A9F3-4B7C-B482-43E0068FD55A}
ESSini --> MsiExec.exe /I{8E92D746-CD9F-4B90-9668-42B74C14F765}
ESSPCD --> MsiExec.exe /I{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}
ESSPDock --> MsiExec.exe /I{FCDB1C92-03C6-4C76-8625-371224256091}
ESSSONIC --> MsiExec.exe /I{073F22CE-9A5B-4A40-A604-C7270AC6BF34}
ESSTOOLS --> MsiExec.exe /I{8A502E38-29C9-49FA-BCFA-D727CA062589}
essvatgt --> MsiExec.exe /I{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}
FileNET Panagon Viewer 3.2 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\FileNET\IDM\UnView.isu" -c"C:\Program Files\FileNET\IDM\idmr.dll"
FTDI USB Serial Converter Drivers --> C:\WINDOWS\system32\ftdiunin.exe C:\WINDOWS\system32\ftdiun2k.ini
Garmin City Navigator North America 2008 --> MsiExec.exe /X{AA1542E6-D54D-4AB3-97E1-28DB4CEB4B90}
Garmin City Navigator North America NT 2008 --> MsiExec.exe /X{819F1E9F-38C9-4313-AF28-C7BC9A03933A}
Garmin MapInstall --> MsiExec.exe /X{984856E0-11D0-405F-9AE6-82676BA6CA1A}
Garmin WebUpdater --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2FD94FBC-07AE-475C-B522-BFE899B9048E}\setup.exe" -l0x9
GearDrvs --> MsiExec.exe /I{228F6876-A313-40A3-91C0-C3CBE6997D09}
Google Earth --> MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Format SDK (KB902344) --> "C:\WINDOWS\$NtUninstallKB902344$\spuninst\spuninst.exe"
InterVideo WinDVD --> "C:\Program Files\InstallShield Installation Information\{C1939820-A945-11D4-86F6-0001031E5712}\setup.exe" REMOVEALL
iQue - MapInstall and ContactLocation --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A7C9EE7F-AB00-47D6-98D5-01AE126C7355}\Setup.exe" -l0x9 AddRemove
iTunes --> MsiExec.exe /I{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}
J2SE Runtime Environment 5.0 Update 10 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
J2SE Runtime Environment 5.0 Update 11 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
J2SE Runtime Environment 5.0 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150030}
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
J2SE Runtime Environment 5.0 Update 9 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}
Java™ 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java™ SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
JumpStart Advanced Language Club --> C:\Program Files\Common Files\Knowledge Adventure\Uninstall\JSLangClubUn.exe
JumpStart Advanced Preschool --> C:\Program Files\Common Files\Knowledge Adventure\Uninstall\UnJSAPS.exe
JumpStart Art for Fun --> C:\Program Files\Common Files\Knowledge Adventure\Uninstall\JSArtfunUn.exe
Kaspersky Online Scanner --> C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
kgcbase --> MsiExec.exe /I{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}
Kodak EasyShare software --> C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_1e0002_182111e5\Setup.exe /APR-REMOVE
LG USB Modem driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C3ABE126-2BB2-4246-BFE1-6797679B3579}\Setup.exe" -l0x9 LG
LG VX8100 USB - Handset Manager V9.2 --> MsiExec.exe /I{A918DE8A-98C8-0920-0000-000000100023}
Libra 2.1.3 --> "C:\Program Files\Libra\unins000.exe"
LiveUpdate 3.2 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
LiveUpdate Notice (Symantec Corporation) --> MsiExec.exe /X{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}
Microsoft ActiveSync --> MsiExec.exe /I{99052DB7-9592-4522-A558-5417BBAD48EE}
Microsoft Base Smart Card Cryptographic Service Provider Package --> "C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internet Explorer 5 Web Accessories --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\IE5WA.inf, Uninstall
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{91110409-6000-11D3-8CFE-0150048383C9}
Microsoft Silverlight --> MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Nero 8 --> MsiExec.exe /X{5FCCD531-1B38-4A94-924C-127F722F1033}
neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
netbrdg --> MsiExec.exe /I{4537EA4B-F603-4181-89FB-2953FC695AB1}
Norton 360 --> MsiExec.exe /I{21829177-4DED-4209-AD08-490B3AC9C01A}
Norton 360 --> MsiExec.exe /I{2D617065-1C52-4240-B5BC-C0AE12157777}
Norton 360 --> MsiExec.exe /I{63A6E9A9-A190-46D4-9430-2DB28654AFD8}
Norton 360 --> MsiExec.exe /I{F413B69D-4AD6-42ab-AEA5-0548989FAD50}
Norton 360 (Symantec Corporation) --> "C:\Program Files\Common Files\Symantec Shared\SymSetup\{2D617065-1C52-4240-B5BC-C0AE12157777}_1_0_0_184\{2D617065-1C52-4240-B5BC-C0AE12157777}.exe" /X
Norton 360 Help --> MsiExec.exe /I{1CA941F1-5006-487E-9FD4-09F812A7D6B8}
Norton Confidential Browser Component --> MsiExec.exe /I{4843B611-8FCB-4428-8C23-31D0A5EAE164}
Norton Confidential Web Authentification Component --> MsiExec.exe /I{3074EB89-1BCA-4AEF-AFF4-EFB4634C1923}
Norton Confidential Web Protection Component --> MsiExec.exe /I{D353CC51-430D-4C6F-9B7E-52003DA1E05A}
Norton PartitionMagic 8.0 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{21DBBDD6-93A5-4326-9A04-C9A5C9148502}
Norton Save and Restore --> MsiExec.exe /X{B0255743-165B-4BD5-8DA8-37DFB993B201}
OfotoXMI --> MsiExec.exe /I{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}
Palm Desktop for Garmin iQue - ENU --> MsiExec.exe /X{3CDE3168-925F-417C-8EFB-CC93E2A23C34}
PCI Audio Driver --> cmuninst.exe
PerformanceTest v6.0 --> "C:\Program Files\Norton SystemWorks\PerformanceTest\unins000.exe"
Plaxo Toolbar for Outlook (with AIM Enhancements) --> C:\Program Files\Plaxo\3.8.1.1\uninstall_en.exe
PocketMirror 3.1.6 (Standard Edition) --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Palm\Chapura\PocketMirror\DeIsL1.isu" -cC:\PROGRA~1\Palm\Chapura\POCKET~1\UninstEx.dll
Princess Castle Party --> C:\PROGRA~1\Disney\DISNEY~1\PRINCE~1\UNWISE.EXE C:\PROGRA~1\Disney\DISNEY~1\PRINCE~1\INSTALL.LOG
Pro Bass Fishing 2003 --> C:\PROGRA~1\INFOGR~1\PROBAS~1\UNWISE.EXE C:\PROGRA~1\INFOGR~1\PROBAS~1\INSTALL.LOG
QuickTime --> MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
RapidShare Manager --> rundll32.exe dfshim.dll,ShArpMaintain RapidShareManager.application, Culture=neutral, PublicKeyToken=c14d24c3c9280019, processorArchitecture=msil
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Safari --> MsiExec.exe /I{0AFC9710-5DD6-4C6A-BA52-91AE992B2C9D}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
SFR --> MsiExec.exe /I{DB02F716-6275-42E9-B8D2-83BA2BF5100B}
SFR2 --> MsiExec.exe /I{A0AF08BA-3630-4505-BFB2-A41F3837B0D0}
SHASTA --> MsiExec.exe /I{605A4E39-613C-4A12-B56F-DEFBE6757237}
Shoppers' Hotline Control Center --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2405FEDD-9E40-4438-9765-A37A2B389E1A}\setup.exe" -l0x9 -removeonly
skin0001 --> MsiExec.exe /I{5316DFC9-CE99-4458-9AB3-E8726EDE0210}
SKINXSDK --> MsiExec.exe /I{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}
SPBBC 32bit --> MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
staticcr --> MsiExec.exe /I{8943CE61-53BD-475E-90E1-A580869E98A2}
SuppSoft --> MsiExec.exe /I{022DA2C3-81C7-4003-A6BC-1BB147B20097}
Symantec KB-DocID:2003093015493306 --> MsiExec.exe /I{08C5815C-2C6E-44f8-8748-0E61BC9AFB68}
Symantec Technical Support Controls --> MsiExec.exe /I{92B1B3CC-EC78-45B8-96D0-8B3F11495864}
Symantec Technical Support Web Controls --> MsiExec.exe /X{20C53FA2-4307-4671-A93F-9463B29DFCF1}
SymNet --> MsiExec.exe /I{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}
The Book of Pooh --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4C612230-5534-4DC3-B721-B802A83D55C3}\setup.exe" -l0x9 The Book of Pooh
TONKA TOWN --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{73C7AD71-747F-4CCF-BD37-E3AE7C532C99}\setup.exe" -l0x9
tooltips --> MsiExec.exe /I{E79987F0-0E34-42CC-B8FF-6C860AEEB26A}
UMDNJ VPN Client 4.0.2 (:thumbsup: --> MsiExec.exe /X{3E5562ED-69AB-4CEC-91E2-64E18EC5ACC6}
VCRedistSetup --> MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
Viewpoint Manager (Remove Only) --> C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgrInstaller.exe /u /k
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
Viewpoint Toolbar --> C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\Uninstaller.exe /u /k /url "http://www.viewpoint.com/pub/uninstallcompleted.html"
Virtual Earth 3D (Beta) --> MsiExec.exe /I{619B8475-0F48-41B7-A370-5147F7092989}
VPRINTOL --> MsiExec.exe /I{999D43F4-9709-4887-9B1A-83EBB15A8370}
WildTangent Web Driver --> C:\Program Files\WildTangent\Apps\CDA\CDAUninstall.exe
Windows Defender Signatures --> MsiExec.exe /I{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Media Connect --> "C:\WINDOWS\$NtUninstallWMCSetup$\spuninst\spuninst.exe"
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Format SDK Hotfix - KB891122 --> "C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe"
Windows Presentation Foundation --> MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Rights Management Client Backwards Compatibility SP2 --> MsiExec.exe /X{EC905264-BCFE-423B-9C42-C3A106266790}
Windows Rights Management Client with Service Pack 2 --> MsiExec.exe /X{BDCF27CA-BFC4-4F49-8D24-A925C9505AB8}
Windows Support Tools --> MsiExec.exe /I{8398B542-3CC4-44D9-83DF-696CCE70124B}
Winnie the Pooh Toddler Deluxe --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E1345DF2-1483-4805-81B5-AF910B5762B8}\setup.exe" -l0x9 Winnie the Pooh Toddler Deluxe
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
WIRELESS --> MsiExec.exe /I{F9593CFB-D836-49BC-BFF1-0E669A411D9F}
XML Paper Specification Shared Components Pack 1.0 -->


-- Application Event Log -------------------------------------------------------

Event Record #/Type46666 / Warning
Event Submitted/Written: 04/19/2008 08:35:48 AM
Event ID/Source: 101 / Automatic LiveUpdate Scheduler
Event Description:
Information Level: warning

Automatic LiveUpdate produced an unexpected exit code: -1073741502; advancing schedule...

Event Record #/Type46663 / Error
Event Submitted/Written: 04/19/2008 08:35:26 AM
Event ID/Source: 0 / pctsSvc.exe
Event Description:
The service process could not connect to the service controller

Event Record #/Type46655 / Error
Event Submitted/Written: 04/19/2008 08:18:01 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application PestPatrolv5Corp.exe, version 9.50.98.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type46654 / Warning
Event Submitted/Written: 04/19/2008 08:14:17 AM
Event ID/Source: 4354 / EventSystem
Event Description:
The COM+ Event System failed to fire the ConnectionLost method on subscription {A8EDB33C-55FF-4D5D-965A-27769CC279AD}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}. The subscriber returned HRESULT 80010105.

Event Record #/Type46554 / Error
Event Submitted/Written: 04/17/2008 07:00:27 PM
Event ID/Source: 100 / Norton Save and Restore
Event Description:
Error EC8F17B7: Cannot create recovery points for job: My Computer Backup. Error EC8F03ED: Cannot create the recovery point. Error E7D10026: Unable to get attributes for 'F:/Norton Backups/'. Error EBAB03F1: The system cannot find the path specified. Error ED800018: The image file 'F:\Norton Backups\C_Drive001.v2i' was not found.
Details: 0xE7D10026
Source: Norton Save & Restore



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type35655 / Error
Event Submitted/Written: 04/19/2008 09:13:15 AM
Event ID/Source: 10009 / DCOM
Event Description:
DCOM was unable to communicate with the computer NSLU2 using any of the configured
protocols.

Event Record #/Type35654 / Error
Event Submitted/Written: 04/19/2008 09:12:51 AM
Event ID/Source: 10009 / DCOM
Event Description:
DCOM was unable to communicate with the computer NSLU2 using any of the configured
protocols.

Event Record #/Type35651 / Error
Event Submitted/Written: 04/19/2008 08:46:27 AM
Event ID/Source: 10009 / DCOM
Event Description:
DCOM was unable to communicate with the computer NSLU2 using any of the configured
protocols.

Event Record #/Type35599 / Warning
Event Submitted/Written: 04/19/2008 08:14:19 AM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 00400586B6D0. The following
error occurred:
%%1223.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Event Record #/Type35550 / Error
Event Submitted/Written: 04/19/2008 01:12:51 AM
Event ID/Source: 7034 / Service Control Manager
Event Description:
The Machine Debug Manager service terminated unexpectedly. It has done this 1 time(s).



-- End of Deckard's System Scanner: finished at 2008-04-19 12:19:49 ------------


Thanks in advance.

Not trying to bump. so can use original post time.

Karl

BC AdBot (Login to Remove)

 


#2 kabergmann

kabergmann
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:42 PM

Posted 19 April 2008 - 12:23 PM

Here is the Kapernsky Scan results

Saturday, April 19, 2008 12:37:30 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 19/04/2008
Kaspersky Anti-Virus database records: 715414


Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target Critical Areas
C:\WINDOWS
C:\DOCUME~1\KBERGM~1\LOCALS~1\Temp\

Scan Statistics
Total number of scanned objects 22366
Number of viruses found 1
Number of infected objects 1
Number of suspicious objects 0
Duration of the scan process 00:31:13

Infected Object Name Virus Name Last Action
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\konet32n.dll Infected: not-virus:Hoax.Win32.Renos.bsf skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\EventCache\{BD971FBA-DFEB-438D-88AA-579C7CB47B58}.bin Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\config\ACEEvent.evt Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\Internet.evt Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\Temp\cc129.tmp Object is locked skipped

C:\WINDOWS\Temp\cc12A.tmp Object is locked skipped

C:\WINDOWS\Temp\cc12B.tmp Object is locked skipped

C:\WINDOWS\Temp\cc12C.tmp Object is locked skipped

C:\WINDOWS\Temp\JET4FD.tmp Object is locked skipped

C:\WINDOWS\Temp\JET58A.tmp Object is locked skipped

C:\WINDOWS\Temp\Perflib_Perfdata_6a8.dat Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

C:\DOCUME~1\KBERGM~1\LOCALS~1\Temp\Perflib_Perfdata_400.dat Object is locked skipped

C:\DOCUME~1\KBERGM~1\LOCALS~1\Temp\Perflib_Perfdata_fc8.dat Object is locked skipped

C:\DOCUME~1\KBERGM~1\LOCALS~1\Temp\WCESLog.log Object is locked skipped

Scan process completed.

#3 don77

don77

    Forum Regular


  • Members
  • 3,212 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Boston Mass
  • Local time:02:42 PM

Posted 19 April 2008 - 04:19 PM

Hello and welcome kabergmann

Please download SmitfraudFix

Double-click SmitfraudFix.exe
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm

#4 kabergmann

kabergmann
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:42 PM

Posted 19 April 2008 - 04:41 PM

I think that Kapersky fixed the issue. I just downloaded a trial version and it found the infection after a reboot. I guess Norton 360 is useless. I noticed that SAS has found over 600 tracking cookies, so there may still be something else in my computer. Anyhow, here is the file.

SmitFraudFix v2.315

Scan done at 17:37:06.42, Sat 04/19/2008
Run from C:\Documents and Settings\kbergmann\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared HiJackFree\a-squared Free\a2service.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\KAV70\avp.exe
C:\Program Files\UMDNJ\VPN Client\cvpnd.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Ahead\Nero\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Norton Save and Restore\Agent\VProSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\pestpatrol\ppRemoteService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\pestpatrol\PPMCActiveDetection.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\BRMFRSMG.EXE
C:\WINDOWS\Mixer.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\DIGStream\digstream.exe
C:\Program Files\ESPNRunTime\DIGServices.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Norton Save and Restore\Agent\VProTray.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\KAV70\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Plaxo\3.8.1.1\PlaxoHelper_en.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\BOINC\boincmgr.exe
C:\Program Files\BOINC\boinc.exe
C:\Program Files\BOINC\projects\setiathome.berkeley.edu\setiathome-5.15-kwsn-sse.exe
C:\Program Files\BOINC\projects\setiathome.berkeley.edu\setiathome-5.15-kwsn-sse.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Palm\HOTSYNC.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\cmd.exe

hosts


C:\


C:\WINDOWS


C:\WINDOWS\system


C:\WINDOWS\Web


C:\WINDOWS\system32


C:\WINDOWS\system32\LogFiles


C:\Documents and Settings\kbergmann


C:\Documents and Settings\kbergmann\Application Data


Start Menu


C:\DOCUME~1\KBERGM~1\FAVORI~1


Desktop


C:\Program Files

C:\Program Files\patcher.exe FOUND !

Corrupted keys


Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


VACFix
!!!Attention, following keys are not inevitably infected!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


Winlogon
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""


Rustock



DNS

Description: Realtek RTL8139 Family PCI Fast Ethernet NIC - Packet Scheduler Miniport
DNS Server Search Order: 68.87.64.146
DNS Server Search Order: 68.87.75.194

HKLM\SYSTEM\CCS\Services\Tcpip\..\{25D04B0C-BEAA-43BF-A237-0569A4C39977}: DhcpNameServer=68.87.64.146 68.87.75.194
HKLM\SYSTEM\CS1\Services\Tcpip\..\{25D04B0C-BEAA-43BF-A237-0569A4C39977}: DhcpNameServer=68.87.64.146 68.87.75.194
HKLM\SYSTEM\CS3\Services\Tcpip\..\{25D04B0C-BEAA-43BF-A237-0569A4C39977}: DhcpNameServer=68.87.64.146 68.87.75.194
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=68.87.64.146 68.87.75.194
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=68.87.64.146 68.87.75.194
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=68.87.64.146 68.87.75.194


Scanning for wininet.dll infection


End

Thanks,

Karl

#5 don77

don77

    Forum Regular


  • Members
  • 3,212 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Boston Mass
  • Local time:02:42 PM

Posted 19 April 2008 - 05:14 PM

You should print out these instructions, or copy them to a Notepad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

Please reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, a menu with options should appear;
  • Select the first option, to run Windows in Safe Mode, then press "Enter".
  • Choose your usual account.
Once in Safe Mode, double-click SmitfraudFix.exe
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart anyway into normal Windows. A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply along with a new HijackThis log.
The report can also be found at the root of the system drive, usually at C:\rapport.txt

Warning : running option #2 on a non infected computer will remove your Desktop background.

#6 kabergmann

kabergmann
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:42 PM

Posted 19 April 2008 - 05:56 PM

everything appears to be OK for now.

Thanks 4 everything.

Karl

#7 don77

don77

    Forum Regular


  • Members
  • 3,212 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Boston Mass
  • Local time:02:42 PM

Posted 19 April 2008 - 08:14 PM

could you post back the logs please so I can confirm everything is gone please

#8 kabergmann

kabergmann
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:42 PM

Posted 20 April 2008 - 08:44 AM

Sorry. I was in a hurry to get away from my computer yesterday.

here is the newest log

Deckard's System Scanner v20071014.68
Run by kbergmann on 2008-04-20 09:35:16
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as kbergmann.exe) -------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:35:23 AM, on 4/20/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared HiJackFree\a-squared Free\a2service.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\KAV70\avp.exe
C:\Program Files\UMDNJ\VPN Client\cvpnd.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Ahead\Nero\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Norton Save and Restore\Agent\VProSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\pestpatrol\ppRemoteService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\pestpatrol\PPMCActiveDetection.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\BRMFRSMG.EXE
C:\WINDOWS\Mixer.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\DIGStream\digstream.exe
C:\Program Files\ESPNRunTime\DIGServices.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Norton Save and Restore\Agent\VProTray.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\KAV70\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Plaxo\3.8.1.1\PlaxoHelper_en.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\BOINC\boincmgr.exe
C:\Program Files\BOINC\boinc.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Palm\HOTSYNC.EXE
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\BOINC\projects\setiathome.berkeley.edu\setiathome-5.15-kwsn-sse.exe
C:\Program Files\BOINC\projects\setiathome.berkeley.edu\setiathome-5.15-kwsn-sse.exe
C:\Documents and Settings\kbergmann\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\KBERGM~1.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [DIGServices] C:\Program Files\ESPNRunTime\DIGServices.exe /brand=ESPN /priority=0 /poll=24
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [tgcmd] C:\Program Files\Support.com\bin\tgcmd.exe /server /startmonitor /deaf
O4 - HKLM\..\Run: [SymLnch] C:\DOCUME~1\KBERGM~1\LOCALS~1\Temp\LnchStub.exe
O4 - HKLM\..\Run: [Norton Save and Restore 2.0] "C:\Program Files\Norton Save and Restore\Agent\VProTray.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Ahead\Nero\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SpyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\KAV70\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\3.8.1.1\PlaxoHelper_en.exe -a
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Global Startup: BOINC Manager.lnk = C:\Program Files\BOINC\boincmgr.exe
O4 - Global Startup: HOTSYNC.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Global Startup: Kodak EasyShare software.lnk = My Pictures\Kodak EasyShare software\bin\EasyShare.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Highlight - C:\WINDOWS\WEB\highlight.htm
O8 - Extra context menu item: &Links List - C:\WINDOWS\WEB\urllist.htm
O8 - Extra context menu item: &Web Search - C:\WINDOWS\WEB\selsearch.htm
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: I&mages List - C:\WINDOWS\Web\imglist.htm
O8 - Extra context menu item: Open Frame in &New Window - C:\WINDOWS\WEB\frm2new.htm
O8 - Extra context menu item: Zoom &In - C:\WINDOWS\WEB\zoomin.htm
O8 - Extra context menu item: Zoom O&ut - C:\WINDOWS\WEB\zoomout.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\KAV70\SCIEPlgn.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: www.lowes.com
O15 - Trusted Zone: www.parentviewwb.com
O15 - Trusted Zone: http://www.rainbowacademy.com
O15 - Trusted Zone: http://www.symantec.com
O15 - Trusted Zone: accessumd.umdnj.edu
O15 - Trusted Zone: http://pacsweb.umdnj.edu
O15 - Trusted Zone: http://soverahim.umdnj.edu
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.comcastsupport.com/sdcxuser/asp/tgctlsr.cab
O16 - DPF: {086EA26E-CCE0-11D5-A801-00B0D0E4B6C3} (LinkInstallControl Class) - http://soverahim.umdnj.edu/himprod/soverainst.cab
O16 - DPF: {16EA5913-C33B-11D5-A7F9-00B0D0E4B6C3} (LnkThirdPartyCabLoad Class) - http://soverahim.umdnj.edu/himprod/soveractl.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/as...rl/LSSupCtl.cab
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://vaww.newjersey.med.va.gov/Citrix/IC...ca32/wficac.cab
O16 - DPF: {2FDA545F-81C8-11D3-934C-00C04FBF0F65} (PSWebActX Control) - http://pacsweb.umdnj.edu/downloads/psw98.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab
O16 - DPF: {46CF8BCA-84A1-4437-847A-DC29496E01A5} (ISiteNonVisual Control 3.3) - http://v03pacs/iSite3_3.cab
O16 - DPF: {69125F25-D7E6-4B3A-8C6A-087EF5F10455} (dcNowView.DC_NowView) - http://www.parentviewwb.com/NowViewDC.CAB
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
O16 - DPF: {8613571C-30D2-4BD4-9710-3DFDBADE8190} (AMI Pictorial Control CWeb 2.1 SPa05) - https://umdpacs.umdnj.edu/amI/install/amiviewer.cab
O16 - DPF: {A8B3A7FE-9C8D-4F15-9B01-8805BDF43B1B} (AMI Pictorial Control CWeb 2.1 SPa06) - https://umdpacs.umdnj.edu/amI/install/amiviewer.cab
O16 - DPF: {C09F02C3-0DEC-4C44-A098-E7D4437C750C} (AMS Sovera for HIM) - http://soverahim.umdnj.edu/himprod/soverahim.cab
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - https://disney.go.com/games/downloads/gamem...GameManager.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - https://www-secure.symantec.com/techsupp/as...rl/SymAData.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared HiJackFree\a-squared Free\a2service.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\KAV70\avp.exe
O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates International Inc. - C:\Program Files\CA\SharedComponents\CA_LIC\\lic98rmt.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\UMDNJ\VPN Client\cvpnd.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Ahead\Nero\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Norton Save and Restore - Symantec Corporation - C:\Program Files\Norton Save and Restore\Agent\VProSvc.exe
O23 - Service: PestPatrol Remote - Computer Associates International, Inc. - C:\Program Files\Common Files\pestpatrol\ppRemoteService.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 15041 bytes

-- Files created between 2008-03-20 and 2008-04-20 -----------------------------

2008-04-19 17:37:21 4086 --a------ C:\WINDOWS\system32\tmp.reg
2008-04-19 17:01:20 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-04-19 17:01:06 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-04-19 17:01:06 0 d-------- C:\Documents and Settings\kbergmann\Application Data\SUPERAntiSpyware.com
2008-04-19 16:23:25 96645 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-04-19 16:23:25 87941 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-04-19 16:22:52 20512 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-04-19 16:22:52 5872416 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-04-19 16:08:44 0 d-------- C:\Program Files\KAV70
2008-04-19 15:39:35 0 d-------- C:\Documents and Settings\Administrator\Application Data\Apple Computer
2008-04-19 13:53:37 0 d-------- C:\Documents and Settings\Administrator\Application Data\Adobe
2008-04-19 13:52:56 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-04-19 13:52:56 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2008-04-19 13:52:56 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-04-19 13:52:56 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-04-19 13:52:55 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-04-19 13:52:55 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-04-19 13:52:55 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-04-19 13:52:55 0 d--h----- C:\Documents and Settings\Administrator\Recent
2008-04-19 13:52:55 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-04-19 13:52:55 1048576 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-04-19 13:52:55 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-04-19 13:52:55 0 d-------- C:\Documents and Settings\Administrator\My Documents
2008-04-19 13:52:55 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-04-19 13:52:55 0 d-------- C:\Documents and Settings\Administrator\Favorites
2008-04-19 13:51:41 0 d-------- C:\WINDOWS\CSC
2008-04-19 11:47:35 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-04-19 11:47:34 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-04-19 09:34:10 0 d-------- C:\Program Files\Trend Micro
2008-04-19 08:25:36 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-19 08:19:44 0 d-------- C:\Program Files\Common Files\PestPatrol
2008-04-19 08:19:43 0 d-------- C:\Program Files\CA
2008-04-17 21:55:41 0 d-------- C:\Program Files\a-squared HiJackFree
2008-04-16 22:19:02 0 d-------- C:\Program Files\Enigma Software Group
2008-04-16 21:51:21 51 --a------ C:\smp.bat
2008-04-05 19:46:30 0 d-------- C:\Program Files\iPod
2008-04-05 19:46:22 0 d-------- C:\Program Files\iTunes
2008-04-05 19:44:00 0 d-------- C:\Program Files\QuickTime
2008-03-31 17:25:48 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX>
2008-03-31 17:25:48 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX>
2008-03-31 17:25:46 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-03-31 17:25:46 831488 --a------ C:\WINDOWS\system32\divx_xx0a.dll
2008-03-31 17:25:46 682496 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX>
2008-03-21 16:28:54 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-03-21 16:28:54 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-03-21 16:28:20 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll


-- Find3M Report ---------------------------------------------------------------

2008-04-20 09:35:46 0 d-------- C:\Program Files\BOINC
2008-04-20 02:08:16 185452 --a------ C:\logfile
2008-04-20 02:06:23 0 d-------- C:\Program Files\Plaxo
2008-04-19 18:45:59 0 d-------- C:\Program Files\Safari
2008-04-19 18:43:24 0 d-------- C:\Program Files\Apple Software Update
2008-04-19 17:00:49 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-19 16:17:45 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-04-19 16:15:07 0 d-------- C:\Program Files\Norton 360
2008-04-19 16:14:55 0 d-------- C:\Program Files\Symantec
2008-04-19 16:14:19 0 d-------- C:\Program Files\Common Files
2008-04-19 13:39:52 0 d-------- C:\Program Files\BidSlayer
2008-04-19 08:20:05 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-14 05:52:54 0 d-------- C:\Documents and Settings\kbergmann\Application Data\ICAClient
2008-04-10 04:55:35 0 d-------- C:\Program Files\DivX
2008-03-21 16:30:08 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-03-20 05:28:36 0 d-------- C:\Program Files\Citrix
2008-03-16 22:40:21 0 d-------- C:\Program Files\Microsoft Silverlight
2008-03-16 21:42:43 0 d-------- C:\Documents and Settings\kbergmann\Application Data\Azureus
2008-03-10 20:53:41 0 d-------- C:\Program Files\Epocrates
2008-03-10 18:06:49 0 d-------- C:\Program Files\Java
2008-03-06 22:09:11 0 d-------- C:\Program Files\ACGME
2008-03-06 21:26:15 0 d-------- C:\Program Files\Azureus
2008-03-06 00:00:12 0 d-------- C:\Program Files\Common Files\SWF Studio
2008-03-05 23:37:53 2528 --a------ C:\Documents and Settings\kbergmann\Application Data\$_hpcst$.hpc
2008-03-05 23:36:24 0 d-------- C:\Program Files\Microsoft ActiveSync
2008-03-05 23:32:17 0 d-------- C:\Program Files\Palm
2008-02-23 10:43:44 0 d-------- C:\Program Files\AMD
2008-01-22 13:47:12 7168 --ahs---- C:\Program Files\Thumbs.db


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"C-Media Mixer"="Mixer.exe" [10/15/2002 06:00 PM C:\WINDOWS\mixer.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]
"DIGStream"="C:\Program Files\DIGStream\digstream.exe" [10/31/2005 11:05 AM]
"DIGServices"="C:\Program Files\ESPNRunTime\DIGServices.exe" [10/31/2005 11:18 AM]
"itype"="C:\Program Files\Microsoft IntelliType Pro\itype.exe" [12/04/2005 04:38 PM]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [12/04/2005 04:39 PM]
"tgcmd"="C:\Program Files\Support.com\bin\tgcmd.exe" []
"SymLnch"="C:\DOCUME~1\KBERGM~1\LOCALS~1\Temp\LnchStub.exe" []
"Norton Save and Restore 2.0"="C:\Program Files\Norton Save and Restore\Agent\VProTray.exe" [01/10/2008 05:43 AM]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [01/11/2008 07:54 PM]
"@"="" []
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [03/01/2007 03:57 PM]
"NBKeyScan"="C:\Program Files\Ahead\Nero\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [12/03/2007 03:21 PM]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [01/29/2008 06:38 PM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [03/28/2008 11:37 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [03/30/2008 10:36 AM]
"SpyHunter Security Suite"="C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe" []
"AVP"="C:\Program Files\KAV70\avp.exe" [02/08/2008 06:36 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BidSlayer"="" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 03:56 AM]
"PlaxoUpdate"="C:\Program Files\Plaxo\3.8.1.1\PlaxoHelper_en.exe" [02/11/2008 11:48 AM]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [11/07/2006 11:29 AM]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [11/13/2006 02:39 PM]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [10/18/2006 09:05 PM]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [02/29/2008 04:03 PM]

C:\Documents and Settings\kbergmann\Start Menu\Programs\Startup\
HotSync Manager.lnk - C:\Program Files\Palm\HOTSYNC.EXE [8/9/2002 4:36:20 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
BOINC Manager.lnk - C:\Program Files\BOINC\boincmgr.exe [2/9/2007 11:40:58 AM]
HOTSYNC.lnk - C:\Program Files\Palm\HOTSYNC.EXE [8/9/2002 4:36:20 PM]
Kodak EasyShare software.lnk - C:\Documents and Settings\All Users\Documents\My Pictures\Kodak EasyShare software\bin\EasyShare.exe [9/19/2007 5:33:46 AM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoViewOnDrive"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/2006 12:55 PM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 12:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"




-- End of Deckard's System Scanner: finished at 2008-04-20 09:37:31 ------------

#9 don77

don77

    Forum Regular


  • Members
  • 3,212 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Boston Mass
  • Local time:02:42 PM

Posted 20 April 2008 - 08:59 AM

Could you check in your C: for the rapport txt please and post it back here for me

I need to see the extra txt from DSS

Seems you have some program like SpyHunter Security Suite that may have been removed but didn't quite go quietly

click on Start, click on Run
copy and paste the following in bold in the open window and then click OK
"%userprofile%\desktop\dss.exe" /config
This will open up DSS configuration
click on Check All
click Scan
DSS will now run again when finished
Please post back both logs that open in notepad
Main txt and extra txt

#10 kabergmann

kabergmann
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:42 PM

Posted 20 April 2008 - 09:45 AM

The /config is not working. And DSS isn't making the extra.txt file

here is the Rapport.txt

mitFraudFix v2.315

Scan done at 18:29:58.78, Sat 04/19/2008
Run from C:\Documents and Settings\Administrator\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

Killing process


hosts


127.0.0.1 localhost

VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


Generic Renos Fix

GenericRenosFix by S!Ri


Deleting infected files

C:\Program Files\patcher.exe Deleted

IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{25D04B0C-BEAA-43BF-A237-0569A4C39977}: DhcpNameServer=68.87.64.146 68.87.75.194
HKLM\SYSTEM\CS1\Services\Tcpip\..\{25D04B0C-BEAA-43BF-A237-0569A4C39977}: DhcpNameServer=68.87.64.146 68.87.75.194
HKLM\SYSTEM\CS3\Services\Tcpip\..\{25D04B0C-BEAA-43BF-A237-0569A4C39977}: DhcpNameServer=68.87.64.146 68.87.75.194
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=68.87.64.146 68.87.75.194
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=68.87.64.146 68.87.75.194
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=68.87.64.146 68.87.75.194


Deleting Temp Files


Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


Registry Cleaning

Registry Cleaning done.

SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


End

#11 kabergmann

kabergmann
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:42 PM

Posted 20 April 2008 - 10:13 AM

I had to goto CMD and do it.

Here it is:

Deckard's System Scanner v20071014.68
Run by kbergmann on 2008-04-20 10:47:36
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
112: 2008-04-20 14:47:42 UTC - RP997 - Deckard's System Scanner Restore Point
111: 2008-04-20 13:47:32 UTC - RP996 - Configured CA eTrust PestPatrol Anti-Spyware Corporate Edition
110: 2008-04-19 21:09:41 UTC - RP995 - Software Distribution Service 3.0
109: 2008-04-19 21:01:05 UTC - RP994 - Installed SUPERAntiSpyware Free Edition
108: 2008-04-19 20:22:45 UTC - RP993 - Installed Kaspersky Anti-Virus 7.0.


-- First Restore Point --
1: 2008-01-21 18:26:17 UTC - RP886 - System Checkpoint


Performed disk cleanup.



-- HijackThis (run as kbergmann.exe) -------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:47:48 AM, on 4/20/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared HiJackFree\a-squared Free\a2service.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\KAV70\avp.exe
C:\Program Files\UMDNJ\VPN Client\cvpnd.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Ahead\Nero\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Norton Save and Restore\Agent\VProSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\BRMFRSMG.EXE
C:\WINDOWS\Mixer.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\DIGStream\digstream.exe
C:\Program Files\ESPNRunTime\DIGServices.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Norton Save and Restore\Agent\VProTray.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\KAV70\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Plaxo\3.8.1.1\PlaxoHelper_en.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\BOINC\boincmgr.exe
C:\Program Files\BOINC\boinc.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Palm\HOTSYNC.EXE
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Microsoft ActiveSync\WCESMgr.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\BOINC\projects\einstein.phys.uwm.edu\einstein_S5R3_4.26_windows_intelx86.exe
C:\Program Files\BOINC\projects\einstein.phys.uwm.edu\einstein_S5R3_4.26_windows_intelx86.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\notepad.exe
C:\WINDOWS\system32\ntvdm.exe
C:\WINDOWS\system32\cmd.exe
C:\DOCUME~1\KBERGM~1\DESKTOP\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\KBERGM~1.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [DIGServices] C:\Program Files\ESPNRunTime\DIGServices.exe /brand=ESPN /priority=0 /poll=24
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [tgcmd] C:\Program Files\Support.com\bin\tgcmd.exe /server /startmonitor /deaf
O4 - HKLM\..\Run: [SymLnch] C:\DOCUME~1\KBERGM~1\LOCALS~1\Temp\LnchStub.exe
O4 - HKLM\..\Run: [Norton Save and Restore 2.0] "C:\Program Files\Norton Save and Restore\Agent\VProTray.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Ahead\Nero\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SpyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\KAV70\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\3.8.1.1\PlaxoHelper_en.exe -a
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Global Startup: BOINC Manager.lnk = C:\Program Files\BOINC\boincmgr.exe
O4 - Global Startup: HOTSYNC.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Global Startup: Kodak EasyShare software.lnk = My Pictures\Kodak EasyShare software\bin\EasyShare.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Highlight - C:\WINDOWS\WEB\highlight.htm
O8 - Extra context menu item: &Links List - C:\WINDOWS\WEB\urllist.htm
O8 - Extra context menu item: &Web Search - C:\WINDOWS\WEB\selsearch.htm
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: I&mages List - C:\WINDOWS\Web\imglist.htm
O8 - Extra context menu item: Open Frame in &New Window - C:\WINDOWS\WEB\frm2new.htm
O8 - Extra context menu item: Zoom &In - C:\WINDOWS\WEB\zoomin.htm
O8 - Extra context menu item: Zoom O&ut - C:\WINDOWS\WEB\zoomout.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\KAV70\SCIEPlgn.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: www.lowes.com
O15 - Trusted Zone: www.parentviewwb.com
O15 - Trusted Zone: http://www.rainbowacademy.com
O15 - Trusted Zone: http://www.symantec.com
O15 - Trusted Zone: accessumd.umdnj.edu
O15 - Trusted Zone: http://pacsweb.umdnj.edu
O15 - Trusted Zone: http://soverahim.umdnj.edu
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.comcastsupport.com/sdcxuser/asp/tgctlsr.cab
O16 - DPF: {086EA26E-CCE0-11D5-A801-00B0D0E4B6C3} (LinkInstallControl Class) - http://soverahim.umdnj.edu/himprod/soverainst.cab
O16 - DPF: {16EA5913-C33B-11D5-A7F9-00B0D0E4B6C3} (LnkThirdPartyCabLoad Class) - http://soverahim.umdnj.edu/himprod/soveractl.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/as...rl/LSSupCtl.cab
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://vaww.newjersey.med.va.gov/Citrix/IC...ca32/wficac.cab
O16 - DPF: {2FDA545F-81C8-11D3-934C-00C04FBF0F65} (PSWebActX Control) - http://pacsweb.umdnj.edu/downloads/psw98.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab
O16 - DPF: {46CF8BCA-84A1-4437-847A-DC29496E01A5} (ISiteNonVisual Control 3.3) - http://v03pacs/iSite3_3.cab
O16 - DPF: {69125F25-D7E6-4B3A-8C6A-087EF5F10455} (dcNowView.DC_NowView) - http://www.parentviewwb.com/NowViewDC.CAB
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
O16 - DPF: {8613571C-30D2-4BD4-9710-3DFDBADE8190} (AMI Pictorial Control CWeb 2.1 SPa05) - https://umdpacs.umdnj.edu/amI/install/amiviewer.cab
O16 - DPF: {A8B3A7FE-9C8D-4F15-9B01-8805BDF43B1B} (AMI Pictorial Control CWeb 2.1 SPa06) - https://umdpacs.umdnj.edu/amI/install/amiviewer.cab
O16 - DPF: {C09F02C3-0DEC-4C44-A098-E7D4437C750C} (AMS Sovera for HIM) - http://soverahim.umdnj.edu/himprod/soverahim.cab
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - https://disney.go.com/games/downloads/gamem...GameManager.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - https://www-secure.symantec.com/techsupp/as...rl/SymAData.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared HiJackFree\a-squared Free\a2service.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\KAV70\avp.exe
O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates International Inc. - C:\Program Files\CA\SharedComponents\CA_LIC\\lic98rmt.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\UMDNJ\VPN Client\cvpnd.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Ahead\Nero\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Norton Save and Restore - Symantec Corporation - C:\Program Files\Norton Save and Restore\Agent\VProSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 15222 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 PQNTDrv - c:\windows\system32\drivers\pqntdrv.sys <Not Verified; PowerQuest Corporation; PowerQuest product>
R2 MaVctrl - c:\windows\system32\drivers\mavc2k.sys <Not Verified; Mobile Action Technology Inc.; Handset Manager>
R3 AmdTools (AMD Special Tools Driver) - c:\windows\system32\drivers\amdtools.sys <Not Verified; AMD, Inc.; Special Tools Driver>
R3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>

S1 SysTool (SysTool Overclocking Utility) - c:\windows\system32\drivers\systool.sys <Not Verified; ; Low-Level Driver>
S3 ADPTEHCD (Adaptec USB 2.0 Enhanced Host Controller Driver) - c:\windows\system32\drivers\asusehcd.sys <Not Verified; Asustek Company Inc.; Asustek USB 2.0 Driver Stack>
S3 ADPTHUBD (Adaptec USB 2.0 Hub Driver) - c:\windows\system32\drivers\asus2hub.sys <Not Verified; Asustek Company Inc.; Asustek USB 2.0 Driver Stack>
S3 AUSBD_FilterService (Adaptec USB 2.0 Port Enumeration Driver) - c:\windows\system32\drivers\asususbd.sys <Not Verified; Asustek Company Inc.; Asustek USB 2.0 Driver Stack>
S3 grmnusb - c:\windows\system32\drivers\grmnusb.sys <Not Verified; GARMIN Corp.; Garmin USB GPS>
S3 MA8032C - c:\windows\system32\drivers\ma8032c.sys <Not Verified; Mobile Action Technology Inc.; Handset Manager>
S3 MA8032M - c:\windows\system32\drivers\ma8032m.sys <Not Verified; Mobile Action Technology Inc.; Handset Manager>
S3 MA8032U - c:\windows\system32\drivers\ma8032u.sys <Not Verified; Mobile Action Technology Inc.; Handset Manager>
S3 mam4410c - c:\windows\system32\drivers\mam4410c.sys <Not Verified; Mobile Action Technology Inc.; Handset Manager>
S3 mam4410m - c:\windows\system32\drivers\mam4410m.sys <Not Verified; Mobile Action Technology Inc.; Handset Manager>
S3 mam4410u - c:\windows\system32\drivers\mam4410u.sys <Not Verified; Mobile Action Technology Inc.; Handset Manager>
S3 MaRdPnp - c:\windows\system32\drivers\mardp2k.sys <Not Verified; Mobile Action Technology Inc.; Handset Manager>
S3 PCANDIS5 (PCANDIS5 Protocol Driver) - d:\progra~1\eraseall\pcandis5.sys (file missing)
S3 qpartmgr - c:\docume~1\kbergm~1\locals~1\temp\qpartmgr.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 LogWatch (Event Log Watch) - "c:\program files\ca\sharedcomponents\ca_lic\logwatnt.exe" <Not Verified; Computer Associates; Computer Associates LogWatNT>
R2 Nero BackItUp Scheduler 3 - c:\program files\ahead\nero\nero\nero8\nero backitup\nbservice.exe
R2 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager>
R3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>

S2 CLTNetCnService (Symantec Lic NetConnect service) - "c:\program files\common files\symantec shared\ccsvchst.exe" /h cccommon (file missing)
S2 LiveUpdate Notice Ex (LiveUpdate Notice Service Ex) - "c:\program files\common files\symantec shared\ccsvchst.exe" /h cccommon (file missing)
S3 CA_LIC_CLNT (CA License Client) - "c:\program files\ca\sharedcomponents\ca_lic\\lic98rmt.exe" <Not Verified; Computer Associates International Inc.; Lic98>
S3 KodakCCS (Kodak Camera Connection Software) - c:\windows\system32\drivers\kodakccs.exe (file missing)


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Cisco Systems VPN Adapter
Device ID: ROOT\NET\0000
Manufacturer: Cisco Systems
Name: Cisco Systems VPN Adapter
PNP Device ID: ROOT\NET\0000
Service: CVirtA


-- Process Modules -------------------------------------------------------------

C:\WINDOWS\system32\winlogon.exe (pid 1100)
2007-04-19 12:41:36 294912 --a------ C:\Program Files\SUPERAntiSpyware\SASWINLO.dll <Not Verified; SUPERAntiSpyware.com; SUPERAntiSpyware WinLogon Processor>

C:\WINDOWS\explorer.exe (pid 1672)
2008-02-11 11:44:16 43073 --a------ C:\Program Files\Plaxo\3.8.1.1\plx_hook.dll <Not Verified; Plaxo, Inc.; Plaxo Integration for Windows Mail, Windows Live Mail, and Outlook Express>
2006-12-20 12:55:48 77824 --a------ C:\Program Files\SUPERAntiSpyware\SASSEH.DLL <Not Verified; SuperAdBlocker.com; SuperAntiSpyware>
2004-12-27 12:56:08 121344 --a------ C:\Program Files\WinRAR\RarExt.dll
2005-08-25 12:17:36 135168 --a------ C:\WINDOWS\system32\AacParse.ax
2008-03-24 15:45:56 630784 --a------ C:\WINDOWS\system32\divxdec.ax <Not Verified; DivX, Inc.; DivX Decoder Filter>
2007-02-27 11:39:26 61440 --a------ C:\Program Files\SUPERAntiSpyware\SASCTXMN.DLL <Not Verified; SUPERAntiSpyware.com; SUPERAntiSpyware Context Menu Extension>


-- Scheduled Tasks -------------------------------------------------------------

2008-04-19 18:43:30 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2008-04-06 19:35:01 444 --a------ C:\WINDOWS\Tasks\EasyShare Registration Task.job


-- Files created between 2008-03-20 and 2008-04-20 -----------------------------

2008-04-19 17:37:21 4086 --a------ C:\WINDOWS\system32\tmp.reg
2008-04-19 17:01:20 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-04-19 17:01:06 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-04-19 17:01:06 0 d-------- C:\Documents and Settings\kbergmann\Application Data\SUPERAntiSpyware.com
2008-04-19 16:23:25 96645 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-04-19 16:23:25 87941 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-04-19 16:22:52 32288 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-04-19 16:22:52 5976352 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-04-19 16:08:44 0 d-------- C:\Program Files\KAV70
2008-04-19 15:39:35 0 d-------- C:\Documents and Settings\Administrator\Application Data\Apple Computer
2008-04-19 13:53:37 0 d-------- C:\Documents and Settings\Administrator\Application Data\Adobe
2008-04-19 13:52:56 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-04-19 13:52:56 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2008-04-19 13:52:56 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-04-19 13:52:56 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-04-19 13:52:55 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-04-19 13:52:55 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-04-19 13:52:55 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-04-19 13:52:55 0 d--h----- C:\Documents and Settings\Administrator\Recent
2008-04-19 13:52:55 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-04-19 13:52:55 1048576 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-04-19 13:52:55 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-04-19 13:52:55 0 d-------- C:\Documents and Settings\Administrator\My Documents
2008-04-19 13:52:55 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-04-19 13:52:55 0 d-------- C:\Documents and Settings\Administrator\Favorites
2008-04-19 13:51:41 0 d-------- C:\WINDOWS\CSC
2008-04-19 11:47:35 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-04-19 11:47:34 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-04-19 09:34:10 0 d-------- C:\Program Files\Trend Micro
2008-04-19 08:25:36 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-19 08:19:44 0 d-------- C:\Program Files\Common Files\PestPatrol
2008-04-19 08:19:43 0 d-------- C:\Program Files\CA
2008-04-17 21:55:41 0 d-------- C:\Program Files\a-squared HiJackFree
2008-04-16 22:19:02 0 d-------- C:\Program Files\Enigma Software Group
2008-04-16 21:51:21 51 --a------ C:\smp.bat
2008-04-05 19:46:30 0 d-------- C:\Program Files\iPod
2008-04-05 19:46:22 0 d-------- C:\Program Files\iTunes
2008-04-05 19:44:00 0 d-------- C:\Program Files\QuickTime
2008-03-31 17:25:48 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX>
2008-03-31 17:25:48 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX>
2008-03-31 17:25:46 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-03-31 17:25:46 831488 --a------ C:\WINDOWS\system32\divx_xx0a.dll
2008-03-31 17:25:46 682496 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX>
2008-03-21 16:28:54 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-03-21 16:28:54 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-03-21 16:28:20 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll


-- Find3M Report ---------------------------------------------------------------

2008-04-20 10:47:55 0 d-------- C:\Program Files\BOINC
2008-04-20 09:50:20 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-20 02:08:16 185452 --a------ C:\logfile
2008-04-20 02:06:23 0 d-------- C:\Program Files\Plaxo
2008-04-19 18:45:59 0 d-------- C:\Program Files\Safari
2008-04-19 18:43:24 0 d-------- C:\Program Files\Apple Software Update
2008-04-19 17:00:49 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-19 16:17:45 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-04-19 16:15:07 0 d-------- C:\Program Files\Norton 360
2008-04-19 16:14:55 0 d-------- C:\Program Files\Symantec
2008-04-19 16:14:19 0 d-------- C:\Program Files\Common Files
2008-04-19 13:39:52 0 d-------- C:\Program Files\BidSlayer
2008-04-14 05:52:54 0 d-------- C:\Documents and Settings\kbergmann\Application Data\ICAClient
2008-04-10 04:55:35 0 d-------- C:\Program Files\DivX
2008-04-08 22:32:13 0 d-------- C:\Program Files\Internet Explorer
2008-03-21 16:30:08 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-03-20 05:28:36 0 d-------- C:\Program Files\Citrix
2008-03-16 22:40:21 0 d-------- C:\Program Files\Microsoft Silverlight
2008-03-16 21:42:43 0 d-------- C:\Documents and Settings\kbergmann\Application Data\Azureus
2008-03-10 20:53:41 0 d-------- C:\Program Files\Epocrates
2008-03-10 18:06:49 0 d-------- C:\Program Files\Java
2008-03-06 22:09:11 0 d-------- C:\Program Files\ACGME
2008-03-06 21:26:15 0 d-------- C:\Program Files\Azureus
2008-03-06 00:00:12 0 d-------- C:\Program Files\Common Files\SWF Studio
2008-03-05 23:49:21 0 d---s---- C:\Documents and Settings\kbergmann\Application Data\Microsoft
2008-03-05 23:37:53 2528 --a------ C:\Documents and Settings\kbergmann\Application Data\$_hpcst$.hpc
2008-03-05 23:36:24 0 d-------- C:\Program Files\Microsoft ActiveSync
2008-03-05 23:36:22 0 d-------- C:\Program Files\Common Files\Microsoft Shared
2008-03-05 23:32:17 0 d-------- C:\Program Files\Palm
2008-02-23 10:43:44 0 d-------- C:\Program Files\AMD
2008-01-22 13:47:12 7168 --ahs---- C:\Program Files\Thumbs.db


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"C-Media Mixer"="Mixer.exe" [10/15/2002 06:00 PM C:\WINDOWS\mixer.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]
"DIGStream"="C:\Program Files\DIGStream\digstream.exe" [10/31/2005 11:05 AM]
"DIGServices"="C:\Program Files\ESPNRunTime\DIGServices.exe" [10/31/2005 11:18 AM]
"itype"="C:\Program Files\Microsoft IntelliType Pro\itype.exe" [12/04/2005 04:38 PM]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [12/04/2005 04:39 PM]
"tgcmd"="C:\Program Files\Support.com\bin\tgcmd.exe" []
"SymLnch"="C:\DOCUME~1\KBERGM~1\LOCALS~1\Temp\LnchStub.exe" []
"Norton Save and Restore 2.0"="C:\Program Files\Norton Save and Restore\Agent\VProTray.exe" [01/10/2008 05:43 AM]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [01/11/2008 07:54 PM]
"@"="" []
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [03/01/2007 03:57 PM]
"NBKeyScan"="C:\Program Files\Ahead\Nero\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [12/03/2007 03:21 PM]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [01/29/2008 06:38 PM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [03/28/2008 11:37 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [03/30/2008 10:36 AM]
"SpyHunter Security Suite"="C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe" []
"AVP"="C:\Program Files\KAV70\avp.exe" [02/08/2008 06:36 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BidSlayer"="" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 03:56 AM]
"PlaxoUpdate"="C:\Program Files\Plaxo\3.8.1.1\PlaxoHelper_en.exe" [02/11/2008 11:48 AM]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [11/07/2006 11:29 AM]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [11/13/2006 02:39 PM]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [10/18/2006 09:05 PM]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [02/29/2008 04:03 PM]

C:\Documents and Settings\kbergmann\Start Menu\Programs\Startup\
HotSync Manager.lnk - C:\Program Files\Palm\HOTSYNC.EXE [8/9/2002 4:36:20 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
BOINC Manager.lnk - C:\Program Files\BOINC\boincmgr.exe [2/9/2007 11:40:58 AM]
HOTSYNC.lnk - C:\Program Files\Palm\HOTSYNC.EXE [8/9/2002 4:36:20 PM]
Kodak EasyShare software.lnk - C:\Documents and Settings\All Users\Documents\My Pictures\Kodak EasyShare software\bin\EasyShare.exe [9/19/2007 5:33:46 AM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoViewOnDrive"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/2006 12:55 PM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 12:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"




-- End of Deckard's System Scanner: finished at 2008-04-20 11:11:22 ------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Athlon™ MP 2800+
CPU 1: AMD Athlon™ MP 2800+
Percentage of Memory in Use: 36%
Physical Memory (total/avail): 3071.46 MiB / 1960.7 MiB
Pagefile Memory (total/avail): 4961.51 MiB / 3959.27 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1916.01 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 232.88 GiB total, 202.35 GiB free.
D: is CDROM (No Media)
E: is Fixed (NTFS) - 233.76 GiB total, 92.75 GiB free.
F: is Fixed (NTFS) - 465.68 GiB total, 316.25 GiB free.
G: is Removable (FAT)

\\.\PHYSICALDRIVE0 - HDS72252 5VLAT80 SCSI Disk Device - 232.88 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 232.88 GiB - C:

\\.\PHYSICALDRIVE1 - Hitachi HDS722525VLA SCSI Disk Device - 233.76 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 233.76 GiB - E:

\\.\PHYSICALDRIVE2 - HDS72505 0KLA360 USB Device - 465.76 GiB - 1 partition
\PARTITION0 - Installable File System - 465.68 GiB - F:

\\.\PHYSICALDRIVE3 - Kingston DataTraveler 2.0 USB Device - 470.65 MiB - 1 partition
\PARTITION0 (bootable) - Win95 w/Extended Int 13 - 475.99 MiB - G:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

AntiVirusDisableNotify is set.
FirewallDisableNotify is set.

AV: Kaspersky Anti-Virus v7.0.1.325 (Kaspersky Lab)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\\Program Files\\aim.exe"="C:\\Program Files\\aim.exe:*:Enabled:AOL Instant Messenger"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Common Files\\Symantec Shared\\NMain.exe"="C:\\Program Files\\Common Files\\Symantec Shared\\NMain.exe:*:Enabled:Norton SystemWorks"
"C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"="C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe:*:Enabled:Kodak Software Updater"
"C:\\Documents and Settings\\kbergmann\\Local Settings\\Temp\\Temporary Directory 1 for Ozzfest[1].zip\\Ozzfest.exe"="C:\\Documents and Settings\\kbergmann\\Local Settings\\Temp\\Temporary Directory 1 for Ozzfest[1].zip\\Ozzfest.exe:*:Enabled:Ozzfest"
"C:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"="C:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe:*:Enabled:Nero Home"
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\\Program Files\\aim.exe"="C:\\Program Files\\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\Common Files\\AOL\\1153511677\\ee\\aolsoftware.exe"="C:\\Program Files\\Common Files\\AOL\\1153511677\\ee\\aolsoftware.exe:*:Enabled:AOL Services"
"C:\\Program Files\\Common Files\\AOL\\1153511677\\ee\\aim6.exe"="C:\\Program Files\\Common Files\\AOL\\1153511677\\ee\\aim6.exe:*:Enabled:AIM"
"C:\\Program Files\\Shoppers Hotline\\SHCC\\SHCC.exe"="C:\\Program Files\\Shoppers Hotline\\SHCC\\SHCC.exe:*:Enabled:Shoppers Hotline Control Center"
"C:\\Documents and Settings\\All Users\\Documents\\My Pictures\\Kodak EasyShare software\\bin\\EasyShare.exe"="C:\\Documents and Settings\\All Users\\Documents\\My Pictures\\Kodak EasyShare software\\bin\\EasyShare.exe:*:Enabled:EasyShare"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\eBahn\\jre\\1.3.1\\bin\\javaw.exe"="C:\\Program Files\\eBahn\\jre\\1.3.1\\bin\\javaw.exe:*:Enabled:javaw"
"C:\\Program Files\\AIM6\\aim6.exe"="C:\\Program Files\\AIM6\\aim6.exe:*:Enabled:AIM"
"C:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"="C:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe:*:Enabled:Nero ProductSetup"
"C:\\Documents and Settings\\kbergmann\\Local Settings\\Temp\\Nero Web\\SetupXu.exe"="C:\\Documents and Settings\\kbergmann\\Local Settings\\Temp\\Nero Web\\SetupXu.exe:*:Enabled:Nero ProductSetup"
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Program Files\\Real\\RealPlayer\\realplay.exe:*:Enabled:RealPlayer"
"E:\\My Documents\\My Pictures\\Kodak EasyShare software\\bin\\EasyShare.exe"="E:\\My Documents\\My Pictures\\Kodak EasyShare software\\bin\\EasyShare.exe:*:Enabled:EasyShare"
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\WINDOWS\\system32\\ftp.exe"="C:\\WINDOWS\\system32\\ftp.exe:*:Enabled:File Transfer Program"
"C:\\Program Files\\KAV70\\setup.exe"="C:\\Program Files\\KAV70\\setup.exe:*:Enabled:Kaspersky Anti-Virus 7.0 Setup"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\DOCUME~1\ALLUSE~1
APPDATA=C:\DOCUME~1\KBERGM~1\APPLIC~1
BLASTER=A220 I5 D1 P330 T3
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
CLIENTNAME=Console
COMMONPROGRAMFILES=C:\PROGRA~1\COMMON~1
COMPUTERNAME=SERVER1
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\kbergmann
LOGONSERVER=\\SERVER1
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
PATH=C:\PROGRA~1\FileNET\IDM;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\PROGRA~1\ATITEC~1\ATICON~1;C:\PROGRA~1\SUPPOR~1\;C:\PROGRA~1\QUICKT~1\QTSystem\;C:\PROGRA~1\COMMON~1\Nero\Lib\;C:\PROGRA~1\COMMON~1\Nero\Lib\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 10 Stepping 0, AuthenticAMD
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0a00
PROGRAMFILES=C:\PROGRA~1
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
SESSIONNAME=Console
SYSTEMDRIVE=C:
SYSTEMROOT=C:\WINDOWS
TEMP=C:\WINDOWS\TEMP
TMP=C:\WINDOWS\TEMP
USERDOMAIN=SERVER1
USERNAME=kbergmann
USERPROFILE=C:\DOCUME~1\KBERGM~1


-- User Profiles ---------------------------------------------------------------

kbergmann (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Ahead\Nero\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
--> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
--> C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
--> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> C:\WINDOWS\UNRecode.exe /UNINSTALL
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{55251924-B51C-4E66-8199-5258672518C5}\Setup.exe" -u -uninst -fUninst.isu -c"C:\Program Files\Epocrates\EssentialsPPC\Win32\Win32_Dll\AupdUnInstall.dll"
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F445476A-42DE-11D4-80D0-00C04F2750A6}\Setup.exe" -u -uninst -fUninst.isu -c"C:\Program Files\Palm\Epocrates\Win32\Win32_Dll\AupdUnInstall.dll"
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
a-squared Free 3.5 --> "C:\Program Files\a-squared HiJackFree\a-squared Free\unins000.exe"
ACGMESync --> MsiExec.exe /I{3303746F-2AFB-4745-AE30-20516E91B260}
Adobe Acrobat 8.1.2 Standard --> msiexec /I {AC76BA86-1033-0000-BA7E-000000000003}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Afaria Palm Conduit --> C:\WINDOWS\system32\regsvr32 /u /s "C:\Program Files\Palm\XeClientConduit.DLL"
AIM 6.0 --> C:\Program Files\AIM6\uninst.exe
Alphabet Express --> C:\WINDOWS\unvise32.exe C:\Program Files\sz8001\uninstal.log
AMD CPUInfo --> MsiExec.exe /X{9A27B530-AC8F-4C21-AA59-271FBFD9FE1F}
AOL Instant Messenger --> C:\Program Files\uninstll.exe -LOG= C:\Program Files\install.log -OEM=
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Control Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Azureus Vuze --> C:\Program Files\Azureus\uninstall.exe
Bentley Publishers - eBahn --> C:\PROGRA~1 C:\Program Files\eBahn\install.log
BidSlayer 4.00.0004 --> C:\PROGRA~1\BIDSLA~1\Setup.exe /remove
BitPim 1.0.5 --> "C:\Program Files\BitPim\unins000.exe"
BOINC --> MsiExec.exe /I{3814C819-C8D0-4815-AE49-0FB0070B740A}
CCScore --> MsiExec.exe /I{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}
Citrix ICA Web Client (Minimal Installation) --> RunDll32 ADVPACK.DLL,LaunchINFSection C:\WINDOWS\INF\wficac.inf,DefaultUninstall
Citrix Presentation Server Client --> MsiExec.exe /I{B2AE44CB-2AAB-4C08-A54B-D264BD604DA8}
Disney's Mickey Mouse Toddler --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Disney Interactive\Mickey Mouse Toddler\DeIsL1.isu" -c"C:\Program Files\Disney Interactive\Mickey Mouse Toddler\Saved Games\Uninst.dll
Disney Interactive Compatibility Update May 2002 --> C:\WINDOWS\system32\sdbinst.exe -u "C:\WINDOWS\AppPatch\Custom\{70af630e-2e1b-470f-b600-9ae48f0b94d0}.sdb"
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter --> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Dora Backpack --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D859D35F-E947-4F2A-8591-C76A4D116178}\Setup.exe" -l0x9 -uninst
Dora Fairytale Adventure --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AD298C10-EED0-4075-A9F1-4C8C93ACBD08}\setup.exe" -l0x9
eBahn - Audi A4, S4: 1996-2002 --> "C:\WINDOWS\eBahn\AUDI B5\uninstall.exe" "/U:C:\Program Files\eBahn\Uninstall\AUDI B5\uninstall.xml"
ePocrates Clinical Suite --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F445476A-42DE-11D4-80D0-00C04F2750A6}\Setup.exe" -u
Epocrates Essentials for Pocket PC --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{55251924-B51C-4E66-8199-5258672518C5}\Setup.exe" -u
ESPN RunTime --> C:\Program Files\ESPNRunTime\DIGSvcUninstall.exe /brand=ESPN
ESSBrwr --> MsiExec.exe /I{643EAE81-920C-4931-9F0B-4B343B225CA6}
ESSCDBK --> MsiExec.exe /I{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}
ESScore --> MsiExec.exe /I{42938595-0D83-404D-9F73-F8177FDD531A}
ESSgui --> MsiExec.exe /I{91517631-A9F3-4B7C-B482-43E0068FD55A}
ESSini --> MsiExec.exe /I{8E92D746-CD9F-4B90-9668-42B74C14F765}
ESSPCD --> MsiExec.exe /I{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}
ESSPDock --> MsiExec.exe /I{FCDB1C92-03C6-4C76-8625-371224256091}
ESSSONIC --> MsiExec.exe /I{073F22CE-9A5B-4A40-A604-C7270AC6BF34}
ESSTOOLS --> MsiExec.exe /I{8A502E38-29C9-49FA-BCFA-D727CA062589}
essvatgt --> MsiExec.exe /I{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}
FileNET Panagon Viewer 3.2 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\FileNET\IDM\UnView.isu" -c"C:\Program Files\FileNET\IDM\idmr.dll"
FTDI USB Serial Converter Drivers --> C:\WINDOWS\system32\ftdiunin.exe C:\WINDOWS\system32\ftdiun2k.ini
Garmin City Navigator North America 2008 --> MsiExec.exe /X{AA1542E6-D54D-4AB3-97E1-28DB4CEB4B90}
Garmin City Navigator North America NT 2008 --> MsiExec.exe /X{819F1E9F-38C9-4313-AF28-C7BC9A03933A}
Garmin MapInstall --> MsiExec.exe /X{984856E0-11D0-405F-9AE6-82676BA6CA1A}
Garmin WebUpdater --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2FD94FBC-07AE-475C-B522-BFE899B9048E}\setup.exe" -l0x9
Google Earth --> MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Format SDK (KB902344) --> "C:\WINDOWS\$NtUninstallKB902344$\spuninst\spuninst.exe"
InterVideo WinDVD --> "C:\Program Files\InstallShield Installation Information\{C1939820-A945-11D4-86F6-0001031E5712}\setup.exe" REMOVEALL
iQue - MapInstall and ContactLocation --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A7C9EE7F-AB00-47D6-98D5-01AE126C7355}\Setup.exe" -l0x9 AddRemove
iTunes --> MsiExec.exe /I{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}
J2SE Runtime Environment 5.0 Update 10 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
J2SE Runtime Environment 5.0 Update 11 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
J2SE Runtime Environment 5.0 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150030}
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
J2SE Runtime Environment 5.0 Update 9 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}
Java™ 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java™ SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
JumpStart Advanced Language Club --> C:\Program Files\Common Files\Knowledge Adventure\Uninstall\JSLangClubUn.exe
JumpStart Advanced Preschool --> C:\Program Files\Common Files\Knowledge Adventure\Uninstall\UnJSAPS.exe
JumpStart Art for Fun --> C:\Program Files\Common Files\Knowledge Adventure\Uninstall\JSArtfunUn.exe
Kaspersky Anti-Virus 7.0 --> MsiExec.exe /I{4B9BB601-13E9-4042-A3BC-E7955BF4A98F}
Kaspersky Anti-Virus 7.0 --> MsiExec.exe /I{4B9BB601-13E9-4042-A3BC-E7955BF4A98F}
Kaspersky Online Scanner --> C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
kgcbase --> MsiExec.exe /I{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}
Kodak EasyShare software --> C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_1e0002_182111e5\Setup.exe /APR-REMOVE
LG USB Modem driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C3ABE126-2BB2-4246-BFE1-6797679B3579}\Setup.exe" -l0x9 LG
LG VX8100 USB - Handset Manager V9.2 --> MsiExec.exe /I{A918DE8A-98C8-0920-0000-000000100023}
Libra 2.1.3 --> "C:\Program Files\Libra\unins000.exe"
LiveUpdate 3.2 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
LiveUpdate Notice (Symantec Corporation) --> MsiExec.exe /X{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}
Microsoft ActiveSync --> MsiExec.exe /I{99052DB7-9592-4522-A558-5417BBAD48EE}
Microsoft Base Smart Card Cryptographic Service Provider Package --> "C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internet Explorer 5 Web Accessories --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\IE5WA.inf, Uninstall
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{91110409-6000-11D3-8CFE-0150048383C9}
Microsoft Silverlight --> MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Nero 8 --> MsiExec.exe /X{5FCCD531-1B38-4A94-924C-127F722F1033}
neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
netbrdg --> MsiExec.exe /I{4537EA4B-F603-4181-89FB-2953FC695AB1}
Norton 360 --> MsiExec.exe /I{63A6E9A9-A190-46D4-9430-2DB28654AFD8}
Norton PartitionMagic 8.0 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{21DBBDD6-93A5-4326-9A04-C9A5C9148502}
Norton Save and Restore --> MsiExec.exe /X{B0255743-165B-4BD5-8DA8-37DFB993B201}
OfotoXMI --> MsiExec.exe /I{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}
Palm Desktop for Garmin iQue - ENU --> MsiExec.exe /X{3CDE3168-925F-417C-8EFB-CC93E2A23C34}
PCI Audio Driver --> cmuninst.exe
PerformanceTest v6.0 --> "C:\Program Files\Norton SystemWorks\PerformanceTest\unins000.exe"
Plaxo Toolbar for Outlook (with AIM Enhancements) --> C:\Program Files\Plaxo\3.8.1.1\uninstall_en.exe
PocketMirror 3.1.6 (Standard Edition) --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Palm\Chapura\PocketMirror\DeIsL1.isu" -cC:\PROGRA~1\Palm\Chapura\POCKET~1\UninstEx.dll
Princess Castle Party --> C:\PROGRA~1\Disney\DISNEY~1\PRINCE~1\UNWISE.EXE C:\PROGRA~1\Disney\DISNEY~1\PRINCE~1\INSTALL.LOG
Pro Bass Fishing 2003 --> C:\PROGRA~1\INFOGR~1\PROBAS~1\UNWISE.EXE C:\PROGRA~1\INFOGR~1\PROBAS~1\INSTALL.LOG
QuickTime --> MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
RapidShare Manager --> rundll32.exe dfshim.dll,ShArpMaintain RapidShareManager.application, Culture=neutral, PublicKeyToken=c14d24c3c9280019, processorArchitecture=msil
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Safari --> MsiExec.exe /I{40589552-3892-409E-B92C-9F5032A4B2F0}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
SFR --> MsiExec.exe /I{DB02F716-6275-42E9-B8D2-83BA2BF5100B}
SFR2 --> MsiExec.exe /I{A0AF08BA-3630-4505-BFB2-A41F3837B0D0}
SHASTA --> MsiExec.exe /I{605A4E39-613C-4A12-B56F-DEFBE6757237}
Shoppers' Hotline Control Center --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2405FEDD-9E40-4438-9765-A37A2B389E1A}\setup.exe" -l0x9 -removeonly
skin0001 --> MsiExec.exe /I{5316DFC9-CE99-4458-9AB3-E8726EDE0210}
SKINXSDK --> MsiExec.exe /I{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}
staticcr --> MsiExec.exe /I{8943CE61-53BD-475E-90E1-A580869E98A2}
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Symantec KB-DocID:2003093015493306 --> MsiExec.exe /I{08C5815C-2C6E-44f8-8748-0E61BC9AFB68}
Symantec Technical Support Web Controls --> MsiExec.exe /X{20C53FA2-4307-4671-A93F-9463B29DFCF1}
The Book of Pooh --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4C612230-5534-4DC3-B721-B802A83D55C3}\setup.exe" -l0x9 The Book of Pooh
TONKA TOWN --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{73C7AD71-747F-4CCF-BD37-E3AE7C532C99}\setup.exe" -l0x9
tooltips --> MsiExec.exe /I{E79987F0-0E34-42CC-B8FF-6C860AEEB26A}
UMDNJ VPN Client 4.0.2 (:thumbsup: --> MsiExec.exe /X{3E5562ED-69AB-4CEC-91E2-64E18EC5ACC6}
VCRedistSetup --> MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
Viewpoint Manager (Remove Only) --> C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgrInstaller.exe /u /k
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
Virtual Earth 3D (Beta) --> MsiExec.exe /I{619B8475-0F48-41B7-A370-5147F7092989}
VPRINTOL --> MsiExec.exe /I{999D43F4-9709-4887-9B1A-83EBB15A8370}
WildTangent Web Driver --> C:\Program Files\WildTangent\Apps\CDA\CDAUninstall.exe
Windows Defender Signatures --> MsiExec.exe /I{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Media Connect --> "C:\WINDOWS\$NtUninstallWMCSetup$\spuninst\spuninst.exe"
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Format SDK Hotfix - KB891122 --> "C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe"
Windows Presentation Foundation --> MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Rights Management Client Backwards Compatibility SP2 --> MsiExec.exe /X{EC905264-BCFE-423B-9C42-C3A106266790}
Windows Rights Management Client with Service Pack 2 --> MsiExec.exe /X{BDCF27CA-BFC4-4F49-8D24-A925C9505AB8}
Windows Support Tools --> MsiExec.exe /I{8398B542-3CC4-44D9-83DF-696CCE70124B}
Winnie the Pooh Toddler Deluxe --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E1345DF2-1483-4805-81B5-AF910B5762B8}\setup.exe" -l0x9 Winnie the Pooh Toddler Deluxe
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
WIRELESS --> MsiExec.exe /I{F9593CFB-D836-49BC-BFF1-0E669A411D9F}
XML Paper Specification Shared Components Pack 1.0 -->


-- Application Event Log -------------------------------------------------------

Event Record #/Type46885 / Warning
Event Submitted/Written: 04/20/2008 00:37:41 AM
Event ID/Source: 101 / Automatic LiveUpdate Scheduler
Event Description:
Information Level: warning

Schedule has been paused too long (4 seconds); automatically re-enabling the schedule...

Event Record #/Type46884 / Warning
Event Submitted/Written: 04/19/2008 11:59:28 PM
Event ID/Source: 4354 / EventSystem
Event Description:
The COM+ Event System failed to fire the ConnectionLost method on subscription {A8EDB33C-55FF-4D5D-965A-27769CC279AD}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}. The subscriber returned HRESULT 80010105.

Event Record #/Type46883 / Warning
Event Submitted/Written: 04/19/2008 08:59:26 PM
Event ID/Source: 4354 / EventSystem
Event Description:
The COM+ Event System failed to fire the ConnectionLost method on subscription {A8EDB33C-55FF-4D5D-965A-27769CC279AD}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}. The subscriber returned HRESULT 80010105.

Event Record #/Type46882 / Warning
Event Submitted/Written: 04/19/2008 08:04:28 PM
Event ID/Source: 4354 / EventSystem
Event Description:
The COM+ Event System failed to fire the ConnectionLost method on subscription {A8EDB33C-55FF-4D5D-965A-27769CC279AD}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}. The subscriber returned HRESULT 80010105.

Event Record #/Type46881 / Warning
Event Submitted/Written: 04/19/2008 07:59:28 PM
Event ID/Source: 4354 / EventSystem
Event Description:
The COM+ Event System failed to fire the ConnectionLost method on subscription {A8EDB33C-55FF-4D5D-965A-27769CC279AD}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}. The subscriber returned HRESULT 80010105.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type35997 / Error
Event Submitted/Written: 04/20/2008 09:43:24 AM
Event ID/Source: 10010 / DCOM
Event Description:
The server {00020906-0000-0000-C000-000000000046} did not register with DCOM within the required timeout.

Event Record #/Type35996 / Error
Event Submitted/Written: 04/20/2008 09:33:22 AM
Event ID/Source: 10010 / DCOM
Event Description:
The server {00020906-0000-0000-C000-000000000046} did not register with DCOM within the required timeout.

Event Record #/Type35963 / Error
Event Submitted/Written: 04/19/2008 06:44:24 PM
Event ID/Source: 10010 / DCOM
Event Description:
The server {00020906-0000-0000-C000-000000000046} did not register with DCOM within the required timeout.

Event Record #/Type35941 / Error
Event Submitted/Written: 04/19/2008 06:36:27 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Event Record #/Type35940 / Error
Event Submitted/Written: 04/19/2008 06:32:07 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service MSIServer with arguments ""
in order to run the server:
{000C101C-0000-0000-C000-000000000046}



-- End of Deckard's System Scanner: finished at 2008-04-20 11:11:22 ------------

Thanks Don77,

Karl

#12 don77

don77

    Forum Regular


  • Members
  • 3,212 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Boston Mass
  • Local time:02:42 PM

Posted 20 April 2008 - 10:19 AM

Your very welcome :thumbsup:

Everything looks fine no more issues ?

#13 don77

don77

    Forum Regular


  • Members
  • 3,212 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Boston Mass
  • Local time:02:42 PM

Posted 11 May 2008 - 07:46 PM

This thread will now be closed.
If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you.
Include the address of this thread in your request.
If you should have a new issue, please start a new topic.
This applies only to the original topic starter.
Everyone else please begin a New Topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users