Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

The Infamous Conhook.d Has Hijacked Me (and Other Pests)


  • This topic is locked This topic is locked
2 replies to this topic

#1 beahuman

beahuman

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:08:40 PM

Posted 29 April 2008 - 01:05 PM

among other things.... Defender is finding win32/conhook.D. obviously it can't remove it so I've run HJT and the log file is below. I have other pests too, so if anyone can take a look at my log and check for the buggers I may not even be aware of, that would be great.

I mean, this sucker is taking over. Just the other day, ALL my file associations we're overthrown. In conjunction with Defender, I'm running PestPatrol and PP finds a couple of others like Reuterman and Darksma). I even tried Spyware Doctor. My idea is, if the vendor is listed as unknown for a file type, then they're shady, but I just switched over to Vista and haven't really familiarized myself with the registry and all the system files. I had XP pretty much memorized and could recognize anything that wasn't supposed to be there. Thanks in advance for the help

Also... below the HJT log is the Deckard's system main log and extra log

HJT log file:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:18:52 AM, on 4/29/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
C:\Windows\OEM02Mon.exe
C:\Windows\System32\WLTRAY.EXE
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\acrotray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Stanton\FinalScratch\ScratchAmpControl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Users\human\cftmon.exe
C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Extensis\Extensis Suitcase 11\Suitcase.exe
C:\Program Files\Dell\Dell WUSB\WQ_Tray2.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\UI0Detect.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {006248c9-b4b8-4d85-a261-8bff5ec7e7ea} - C:\Windows\system32\ssqRKdcA.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: {e4b97850-4794-26aa-e5b4-d3b1f5cf188c} - {c881fc5f-1b3d-4b5e-aa62-497405879b4e} - C:\Windows\system32\veeowmao.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ScratchAmp] C:\Program Files\Stanton\FinalScratch\ScratchAmpControl.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\vtUmMdeD.dll,#1
O4 - HKLM\..\Run: [autoload] C:\Users\human\cftmon.exe
O4 - HKLM\..\Run: [CaISSDT] "C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe"
O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe"
O4 - HKLM\..\Run: [74805e66] rundll32.exe "C:\Windows\system32\hqhigeeg.dll",b
O4 - HKLM\..\Run: [ntuser] C:\Windows\system32\drivers\spools.exe
O4 - HKLM\..\Run: [BM77b36dfa] Rundll32.exe "C:\Windows\system32\rslyrntk.dll",s
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [autoload] C:\Users\human\cftmon.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe"
O4 - HKCU\..\Run: [ntuser] C:\Windows\system32\drivers\spools.exe
O4 - HKUS\S-1-5-18\..\Run: [autoload] C:\Windows\system32\config\systemprofile\cftmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [autoload] C:\Windows\system32\config\systemprofile\cftmon.exe (User 'Default user')
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
O4 - Global Startup: Suitcase 11.0.lnk = ?
O4 - Global Startup: Ultrawideband Control Center.lnk = C:\Program Files\Dell\Dell WUSB\WQ_Tray2.exe
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O16 - DPF: {245338C3-BCA3-4A2C-A7B7-53345999A8E8} (WSpell ActiveX Spelling Checker V5.15) - http://managewect.worldnow.com/contentmgmt...ll/wspellam.cab
O16 - DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} (Cisco AnyConnect VPN Client Web Control) - https://vpn.raycommedia.com/CACHE/stc/1/binaries/vpnweb.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: AFinding Service (AFinding) - Unknown owner - C:\Windows\system32\afinding.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Raycom Media, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Raycom\VPN Client\cvpnd.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: perfmons Service (perfmons) - Unknown owner - C:\Windows\system32\perfs.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Routing Service (Routing) - Unknown owner - C:\Windows\system32\routing.exe
O23 - Service: Remote Procedure Call (RPC) Net (rpcnet) - Absolute Software Corp. - C:\Windows\system32\rpcnet.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Cisco AnyConnect VPN Agent (vpnagent) - Cisco Systems, Inc. - C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: WServing Service (WServing) - Unknown owner - C:\Windows\system32\wserving.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 12121 bytes

==================================================

DSS main log:


Deckard's System Scanner v20071014.68
Run by human on 2008-04-29 13:41:07
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as human.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:44:39 PM, on 4/29/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
C:\Windows\OEM02Mon.exe
C:\Windows\System32\WLTRAY.EXE
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\acrotray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Stanton\FinalScratch\ScratchAmpControl.exe
C:\Users\human\cftmon.exe
C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Extensis\Extensis Suitcase 11\Suitcase.exe
C:\Program Files\Dell\Dell WUSB\WQ_Tray2.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Users\human\Desktop\dss.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\rundll32.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\human.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {006248c9-b4b8-4d85-a261-8bff5ec7e7ea} - C:\Windows\system32\ssqRKdcA.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: {e4b97850-4794-26aa-e5b4-d3b1f5cf188c} - {c881fc5f-1b3d-4b5e-aa62-497405879b4e} - C:\Windows\system32\veeowmao.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ScratchAmp] C:\Program Files\Stanton\FinalScratch\ScratchAmpControl.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\vtUmMdeD.dll,#1
O4 - HKLM\..\Run: [autoload] C:\Users\human\cftmon.exe
O4 - HKLM\..\Run: [CaISSDT] "C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe"
O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe"
O4 - HKLM\..\Run: [74805e66] rundll32.exe "C:\Windows\system32\hqhigeeg.dll",b
O4 - HKLM\..\Run: [ntuser] C:\Windows\system32\drivers\spools.exe
O4 - HKLM\..\Run: [BM77b36dfa] Rundll32.exe "C:\Windows\system32\rslyrntk.dll",s
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [autoload] C:\Users\human\cftmon.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe"
O4 - HKCU\..\Run: [ntuser] C:\Windows\system32\drivers\spools.exe
O4 - HKUS\S-1-5-18\..\Run: [autoload] C:\Windows\system32\config\systemprofile\cftmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [autoload] C:\Windows\system32\config\systemprofile\cftmon.exe (User 'Default user')
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
O4 - Global Startup: Suitcase 11.0.lnk = ?
O4 - Global Startup: Ultrawideband Control Center.lnk = C:\Program Files\Dell\Dell WUSB\WQ_Tray2.exe
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O16 - DPF: {245338C3-BCA3-4A2C-A7B7-53345999A8E8} (WSpell ActiveX Spelling Checker V5.15) - http://managewect.worldnow.com/contentmgmt...ll/wspellam.cab
O16 - DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} (Cisco AnyConnect VPN Client Web Control) - https://vpn.raycommedia.com/CACHE/stc/1/binaries/vpnweb.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: AFinding Service (AFinding) - Unknown owner - C:\Windows\system32\afinding.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Raycom Media, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Raycom\VPN Client\cvpnd.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: perfmons Service (perfmons) - Unknown owner - C:\Windows\system32\perfs.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Routing Service (Routing) - Unknown owner - C:\Windows\system32\routing.exe
O23 - Service: Remote Procedure Call (RPC) Net (rpcnet) - Absolute Software Corp. - C:\Windows\system32\rpcnet.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Cisco AnyConnect VPN Agent (vpnagent) - Cisco Systems, Inc. - C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: WServing Service (WServing) - Unknown owner - C:\Windows\system32\wserving.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 12179 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080425-195949-202 O23 - Service: perfmons Service (perfmons) - Unknown owner - C:\Windows\system32\perfs.exe
backup-20080425-195949-292 O23 - Service: Routing Service (Routing) - Unknown owner - C:\Windows\system32\routing.exe
backup-20080425-195949-388 O23 - Service: AFinding Service (AFinding) - Unknown owner - C:\Windows\system32\afinding.exe
backup-20080425-195949-491 O23 - Service: WServing Service (WServing) - Unknown owner - C:\Windows\system32\wserving.exe
backup-20080425-195949-807 O13 - Gopher Prefix:
backup-20080425-195949-860 O2 - BHO: (no name) - {470A44D6-3753-4475-A6EA-1989CA4FFD46} - C:\Windows\system32\ssqRKdcA.dll
backup-20080425-195949-993 O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe

-- File Associations -----------------------------------------------------------

.exe - exefile - shell\open\command - unable to read value
.js - JSFile - DefaultIcon - "C:\Program Files\Macromedia\Dreamweaver 8\dreamweaver.exe",2


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

S3 fs2_1394 - c:\windows\system32\drivers\fs2_1394.sys <Not Verified; BridgeCo AG; BridgeCo 1394 Audio Drivers>
S3 fs2_avs - c:\windows\system32\drivers\fs2_avs.sys <Not Verified; BridgeCo AG; BridgeCo 1394 Audio Drivers>
S3 kwkxusb (Kyocera Wireless USB CDMA Modem Driver) - c:\windows\system32\drivers\kwusb2k.sys <Not Verified; CodeMachine Incorporated; USB CDMA Modem>
S3 NETw2v32 (Intel® PRO/Wireless 2200BG Network Connection Driver for Windows Vista) - c:\windows\system32\drivers\netw2v32.sys <Not Verified; Intel® Corporation; Intel® Wireless LAN Adapter>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Adobe Version Cue CS2 - "c:\program files\adobe\adobe version cue cs2\bin\versioncuecs2.exe" -win32service <Not Verified; Adobe Systems Incorporated; Adobe Version Cue CS2>
R2 AFinding (AFinding Service) - c:\windows\system32\afinding.exe
R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>
R2 perfmons (perfmons Service) - c:\windows\system32\perfs.exe
R2 RegSrvc (Intel® PROSet/Wireless Registry Service) - c:\program files\intel\wireless\bin\regsrvc.exe <Not Verified; Intel Corporation; Intel® PROSet/Wireless Registry Service>
R2 Routing (Routing Service) - c:\windows\system32\routing.exe
R2 rpcnet (Remote Procedure Call (RPC) Net) - c:\windows\system32\rpcnet.exe <Not Verified; Absolute Software Corp.; Installation/Management Application>
R2 winallert (Windows Alert Service) - c:\windows\system32\alertus.exe -srv <Not Verified; Microsoft Corporation; Microsoft® DRM>
R2 WServing (WServing Service) - c:\windows\system32\wserving.exe


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Cisco Systems VPN Adapter
Device ID: ROOT\NET\0000
Manufacturer: Cisco Systems
Name: Cisco Systems VPN Adapter
PNP Device ID: ROOT\NET\0000
Service: CVirtA

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows
Device ID: ROOT\NET\0001
Manufacturer: Cisco Systems
Name: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows
PNP Device ID: ROOT\NET\0001
Service: vpnva


-- Scheduled Tasks -------------------------------------------------------------

2008-04-22 20:47:07 418 --ah----- C:\Windows\Tasks\User_Feed_Synchronization-{EFF9BA89-864A-4E78-B9BE-661ACF28DC42}.job


-- Files created between 2008-03-29 and 2008-04-29 -----------------------------

2008-04-29 08:05:38 39936 --a------ C:\Windows\system32\vtUmMdeD.dll
2008-04-29 07:11:16 7168 --a------ C:\Windows\system32\drivers\spools.exe
2008-04-29 06:42:06 107072 --a------ C:\Windows\system32\veeowmao.dll
2008-04-29 06:36:48 104512 --a------ C:\Windows\system32\rslyrntk.dll
2008-04-29 06:36:13 10 --a------ C:\Windows\979085351
2008-04-29 06:36:02 514583 --ahs---- C:\Windows\system32\hOqppXbc.ini2
2008-04-29 06:35:52 280576 --a------ C:\Windows\system32\cbXppqOh.dll
2008-04-29 06:35:30 69632 --a------ C:\Windows\system32\alertus.exe <Not Verified; Microsoft Corporation; Microsoft® DRM>
2008-04-28 22:38:02 108608 --a------ C:\Windows\system32\jbgipovf.dll
2008-04-28 22:32:43 104000 --a------ C:\Windows\system32\itljglia.dll
2008-04-28 22:31:57 514583 --ahs---- C:\Windows\system32\hiPqtCfe.ini2
2008-04-28 22:31:47 281600 --a------ C:\Windows\system32\efCtqPih.dll
2008-04-28 21:03:27 95296 --a------ C:\Windows\system32\hqhigeeg.dll
2008-04-28 21:03:13 108608 --a------ C:\Windows\system32\orqkkchm.dll
2008-04-28 21:00:45 104000 --a------ C:\Windows\system32\nvtfghjr.dll
2008-04-28 20:34:59 0 d-------- C:\Program Files\uTorrent
2008-04-28 06:48:46 104000 --a------ C:\Windows\system32\ghanouae.dll
2008-04-28 06:48:06 514583 --ahs---- C:\Windows\system32\cfOWDJjl.ini2
2008-04-28 06:48:05 281600 --a------ C:\Windows\system32\ljJDWOfc.dll
2008-04-27 23:17:11 39 --a------ C:\Windows\system32\sfxzmtwbmail.dll
2008-04-27 23:17:11 56 --a------ C:\Windows\system32\sfxzmtforum.dll
2008-04-27 23:17:11 84 --a------ C:\Windows\system32\pfxzmtsmt.dll
2008-04-27 23:16:40 8704 --a------ C:\Windows\system32\sporder.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 22:07:28 107072 --a------ C:\Windows\system32\mompttdl.dll
2008-04-27 22:02:11 105024 --a------ C:\Windows\system32\hoowsyub.dll
2008-04-27 22:01:27 514583 --ahs---- C:\Windows\system32\VELmnVut.ini2
2008-04-27 22:01:25 281600 --a------ C:\Windows\system32\tuVnmLEV.dll
2008-04-27 15:29:59 0 d-------- C:\$WINDOWS.~LS
2008-04-27 15:25:47 0 d-------- C:\$UPGRADE.~OS
2008-04-27 15:25:13 0 d-------- C:\$WINDOWS.~BT
2008-04-26 19:28:27 0 d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-04-26 17:11:50 107072 --a------ C:\Windows\system32\scfdivcc.dll
2008-04-26 09:09:55 106048 --a------ C:\Windows\system32\nuwksjrm.dll
2008-04-26 09:09:16 514583 --ahs---- C:\Windows\system32\VyHklUvw.ini2
2008-04-26 09:09:14 283136 --a------ C:\Windows\system32\wvUlkHyV.dll
2008-04-25 20:38:28 96320 --a------ C:\Windows\system32\lwsxrjme.dll
2008-04-25 20:36:09 105536 --a------ C:\Windows\system32\polaldpv.dll
2008-04-25 20:32:10 105536 --a------ C:\Windows\system32\amvhixwo.dll
2008-04-25 18:48:32 107072 --a------ C:\Windows\system32\jpiweacm.dll
2008-04-25 18:48:24 105536 --a------ C:\Windows\system32\xcnaodli.dll
2008-04-25 18:33:48 38400 --a------ C:\Windows\system32\geBrpnKa.dll
2008-04-25 16:46:32 0 d-------- C:\Program Files\Trend Micro
2008-04-25 13:45:13 96320 --a------ C:\Windows\system32\ssrjltcv.dll
2008-04-24 21:21:58 2 -rahs---- C:\$drvmig$
2008-04-24 18:29:10 96320 --a------ C:\Windows\system32\rjuonyjg.dll
2008-04-24 18:28:31 416221 --ahs---- C:\Windows\system32\DccLVvut.ini2
2008-04-24 18:28:26 272384 --a------ C:\Windows\system32\tuvVLccD.dll
2008-04-24 15:15:31 0 d-------- C:\Users\All Users\CA
2008-04-24 15:15:24 0 d-------- C:\Program Files\Common Files\Scanner
2008-04-24 15:15:11 0 d-------- C:\Program Files\CA
2008-04-24 15:01:09 0 d-------- C:\Program Files\RegistryFix
2008-04-24 13:25:11 96320 --a------ C:\Windows\system32\yifgqmbv.dll
2008-04-24 12:52:42 96320 --a------ C:\Windows\system32\ojbfltbp.dll
2008-04-24 07:07:30 0 d-------- C:\Program Files\Lavasoft
2008-04-23 23:42:27 0 d-------- C:\Windows\iiri
2008-04-23 23:42:27 0 d-------- C:\Program Files\Common Files\iiri
2008-04-23 22:57:18 95808 --a------ C:\Windows\system32\aimqclav.dll
2008-04-23 22:57:00 0 d--hs---- C:\Windows\aHVtYW4
2008-04-23 22:56:39 416098 --ahs---- C:\Windows\system32\sYIiPXbc.ini2
2008-04-23 22:56:38 272384 --a------ C:\Windows\system32\cbXPiIYs.dll
2008-04-23 21:11:56 95808 --a------ C:\Windows\system32\fimssbko.dll
2008-04-23 21:11:18 416098 --ahs---- C:\Windows\system32\HghillUt.ini2
2008-04-23 21:11:16 272384 --a------ C:\Windows\system32\tUllihgH.dll
2008-04-23 20:50:29 0 d-------- C:\Program Files\JavaCore
2008-04-23 20:14:56 95808 --a------ C:\Windows\system32\yuhvewct.dll
2008-04-23 20:12:36 95808 --a------ C:\Windows\system32\fkbasjoo.dll
2008-04-23 18:57:18 95808 --a------ C:\Windows\system32\npecebtt.dll
2008-04-22 22:09:10 515451 --ahs---- C:\Windows\system32\AcdKRqss.ini2
2008-04-22 22:09:08 272384 --a------ C:\Windows\system32\ssqRKdcA.dll
2008-04-22 22:01:29 7168 --a------ C:\Users\human\cftmon.exe
2008-04-22 22:01:15 37376 --a------ C:\Windows\mrofinu1645.exe
2008-04-22 22:01:04 7168 --a------ C:\d.exe
2008-04-22 22:00:57 2 --a------ C:\1954569929
2008-04-22 22:00:56 67506 --a------ C:\Windows\fkjdfje.sys
2008-04-22 22:00:44 61952 --a------ C:\gkpaxt.exe
2008-04-22 22:00:43 13824 --a------ C:\ygnat.exe
2008-04-22 22:00:43 71168 --a------ C:\njhxmjb.exe
2008-04-22 21:38:58 0 d-------- C:\Users\All Users\XemiComputers
2008-04-22 21:34:21 2 --a------ C:\Windows\system32\krx240.dat
2008-04-22 21:33:53 0 d-------- C:\Program Files\Web Button Maker Deluxe
2008-04-22 21:28:06 0 d-------- C:\Users\human\Writing
2008-04-19 22:36:39 0 d-------- C:\Users\human\Incomplete
2008-04-17 20:41:27 0 d-------- C:\Program Files\SmartFTP Client
2008-04-17 20:40:28 0 d-------- C:\Program Files\SmartFTP Client 3.0 Setup Files
2008-04-17 07:21:59 0 d-------- C:\Users\human\album covers
2008-04-14 20:43:04 74240 --a------ C:\Windows\b156.exe
2008-04-14 18:47:50 0 d-------- C:\Program Files\iPod
2008-04-14 18:47:43 0 d-------- C:\Program Files\iTunes
2008-04-14 18:45:13 0 d-------- C:\Program Files\QuickTime
2008-04-14 14:08:18 46592 --a------ C:\Windows\b157.exe
2008-04-11 21:44:32 24576 --a------ C:\Windows\system32\drivers\fs2_avs.sys <Not Verified; BridgeCo AG; BridgeCo 1394 Audio Drivers>
2008-04-11 21:44:32 71936 --a------ C:\Windows\system32\drivers\fs2_1394.sys <Not Verified; BridgeCo AG; BridgeCo 1394 Audio Drivers>
2008-04-11 13:33:36 0 d-------- C:\Users\human\Music in Progress
2008-04-11 10:48:26 11264 --a------ C:\Windows\b138.exe
2008-04-10 18:35:32 169456 --ah----- C:\Windows\system32\mlfcache.dat
2008-04-08 19:53:38 264192 --a------ C:\Windows\system32\andt.sys
2008-04-08 19:33:56 68096 --a------ C:\Windows\b155.exe
2008-04-07 21:00:30 0 d-------- C:\Program Files\easetech
2008-04-06 22:39:40 0 d-------- C:\Windows\Sun
2008-04-06 15:03:44 0 d-------- C:\Users\human\Phone Pics
2008-04-06 14:37:09 0 d-------- C:\Program Files\Kyocera Wireless Corp
2008-04-05 18:11:17 41344 --a------ C:\Windows\system32\drivers\kwusb2k.sys <Not Verified; CodeMachine Incorporated; USB CDMA Modem>
2008-04-04 18:40:19 0 d-------- C:\Users\All Users\vsosdk
2008-04-04 13:31:06 0 d-------- C:\Program Files\Undelete
2008-04-03 22:40:50 0 --a------ C:\Windows\nsreg.dat
2008-04-03 18:56:28 233472 --a------ C:\Windows\system32\REX Shared Library.dll <Not Verified; Propellerhead Software AB; REX SDK>
2008-04-03 18:56:09 0 d-------- C:\Program Files\Ableton
2008-04-03 16:32:23 0 d-------- C:\Users\All Users\Roxio
2008-04-03 14:59:18 0 d-------- C:\Program Files\VistaCodecPack
2008-04-03 11:21:52 0 d-------- C:\Program Files\DivX
2008-04-03 06:41:42 69632 --a------ C:\Windows\298695 <Not Verified; Microsoft Corporation; Microsoft® DRM>
2008-04-03 03:01:41 0 d-------- C:\Program Files\MSXML 4.0
2008-04-03 01:14:43 0 d-------- C:\Users\human\api
2008-04-03 00:20:47 0 d-------- C:\Users\human\Traktor DJ Studio Music
2008-04-02 23:33:35 0 d-------- C:\Users\All Users\Cisco
2008-04-02 23:23:37 0 d-------- C:\Program Files\Common Files\Deterministic Networks
2008-04-02 23:23:28 0 d-------- C:\Program Files\Raycom
2008-04-02 22:23:03 0 d-a------ C:\Users\All Users\TEMP
2008-04-02 16:21:37 0 d-------- C:\Users\human\Program Files
2008-04-02 16:21:14 0 dr------- C:\Users\human\Links
2008-04-01 23:10:58 40 --a------ C:\Windows\system32\drmgs.sys
2008-04-01 22:19:41 0 d-------- C:\Program Files\Google
2008-04-01 22:07:06 0 d-------- C:\Program Files\LimeWire
2008-04-01 21:31:50 82432 --a------ C:\Windows\system32\msxml4r.dll <Not Verified; Microsoft Corporation; Microsoft® MSXML 4.0 SP1>
2008-04-01 20:54:52 0 d-------- C:\Windows\system32\URTTEMP
2008-04-01 19:27:07 0 d-------- C:\Users\All Users\Yahoo!
2008-04-01 19:23:36 0 d-------- C:\Program Files\Yahoo!
2008-04-01 19:13:08 0 d-------- C:\Program Files\BitTorrent
2008-04-01 19:05:13 0 d-------- C:\Program Files\DNA
2008-04-01 15:12:48 0 d-------- C:\Users\All Users\Uninstall
2008-04-01 15:12:41 0 d-------- C:\Program Files\Common Files\SureThing Shared
2008-04-01 14:59:18 0 d-------- C:\Users\All Users\Sonic
2008-04-01 14:59:05 0 d-------- C:\Program Files\Common Files\PX Storage Engine
2008-04-01 14:59:03 0 d-------- C:\Program Files\Common Files\Sonic Shared
2008-04-01 14:57:38 0 d-------- C:\Program Files\Common Files\Roxio Shared
2008-04-01 14:57:17 0 d-------- C:\Users\All Users\InstallShield
2008-04-01 14:57:05 0 d-------- C:\Program Files\Roxio
2008-03-31 20:28:12 0 d-------- C:\Users\human\Dell Webcam Center
2008-03-31 19:54:53 76 -r-hs---- C:\Windows\CT4CET.bin
2008-03-31 19:54:20 0 d-------- C:\Program Files\Common Files\Reallusion
2008-03-31 19:52:57 0 d-------- C:\Program Files\Creative
2008-03-31 19:35:46 102400 -ra------ C:\Windows\system32\DICoInst.dll <Not Verified; BridgeCo AG; BridgeCo 1394 Audio Drivers>
2008-03-31 19:35:38 0 d-------- C:\Program Files\Stanton
2008-03-31 19:31:56 0 d-------- C:\Program Files\Native Instruments
2008-03-31 19:17:38 0 d-------- C:\Users\All Users\TechSmith
2008-03-31 19:17:37 0 d-------- C:\Windows\system32\Flash
2008-03-31 19:16:53 0 d-------- C:\Program Files\TechSmith
2008-03-31 18:43:22 47104 --a------ C:\Windows\system32\rpcnet.dll <Not Verified; Absolute Software Corp.; Installation/Management Application>
2008-03-31 18:42:55 47104 --a------ C:\Windows\system32\rpcnet.exe <Not Verified; Absolute Software Corp.; Installation/Management Application>
2008-03-31 13:08:39 0 d-------- C:\Users\human\Torrents
2008-03-31 13:06:39 0 d-------- C:\Users\human\Desktop
2008-03-31 13:06:38 0 d-------- C:\Program Files\Xilisoft
2008-03-31 13:04:13 217127 --a------ C:\Windows\system32\drv43260.dll <Not Verified; RealNetworks, Inc.; RealVideo 9 (32-bit)>
2008-03-31 13:04:13 208935 --a------ C:\Windows\system32\drv33260.dll <Not Verified; RealNetworks, Inc.; RealVideo 8 (32-bit)>
2008-03-31 13:04:13 176165 --a------ C:\Windows\system32\drv23260.dll <Not Verified; RealNetworks, Inc.; RealVideo G2 (32-bit)>
2008-03-31 13:04:12 0 d-------- C:\Program Files\VSO
2008-03-31 13:00:06 0 d-------- C:\Users\human\Print Star
2008-03-31 12:59:33 0 d-------- C:\Users\human\HumanDesign
2008-03-31 12:25:49 0 d-------- C:\Users\All Users\Apple Computer
2008-03-31 12:25:08 0 d-------- C:\Program Files\Common Files\Apple
2008-03-31 12:24:07 0 d-------- C:\Program Files\Mozilla Thunderbird
2008-03-31 12:22:45 0 d-------- C:\Program Files\Safari
2008-03-31 12:22:26 0 d-------- C:\Program Files\Bonjour
2008-03-31 12:22:17 0 d-------- C:\Users\All Users\Apple
2008-03-31 12:22:17 0 d-------- C:\Program Files\Apple Software Update
2008-03-30 23:17:04 306688 --a------ C:\Windows\IsUninst.exe <Not Verified; InstallShield Software Corporation; InstallShield® unInstaller>
2008-03-30 23:16:53 0 d-------- C:\Program Files\Microsoft SQL Server
2008-03-30 23:12:25 0 d-------- C:\Users\All Users\Sony
2008-03-30 23:10:22 0 d-------- C:\Program Files\Vstplugins
2008-03-30 23:09:56 0 d-------- C:\Program Files\Sony
2008-03-30 23:08:47 0 d-------- C:\Program Files\Sony Setup
2008-03-30 22:43:46 0 d-------- C:\Program Files\Microsoft Works
2008-03-30 22:42:47 0 d-------- C:\Windows\PCHEALTH
2008-03-30 22:42:47 0 d-------- C:\Program Files\Microsoft.NET
2008-03-30 22:41:15 0 d-------- C:\Program Files\Microsoft Visual Studio 8
2008-03-30 22:40:19 0 d-------- C:\Users\All Users\Microsoft Help
2008-03-30 22:39:54 0 dr-h----- C:\MSOCache
2008-03-30 22:21:03 0 d-------- C:\Users\All Users\Extensis
2008-03-30 22:20:00 0 d-------- C:\Program Files\Extensis
2008-03-30 22:12:03 0 d-------- C:\Users\All Users\Macromedia
2008-03-30 22:12:02 0 d-------- C:\Windows\system32\Macromed
2008-03-30 22:11:36 0 d-------- C:\Program Files\Macromedia
2008-03-30 22:11:36 0 d-------- C:\Program Files\Common Files\Macromedia
2008-03-30 21:36:13 16384 --a------ C:\Windows\system32\FileOps.exe
2008-03-30 21:36:12 0 d-------- C:\Windows\system32\Adobe
2008-03-30 21:28:13 0 d-------- C:\Users\All Users\Adobe Systems
2008-03-30 21:23:11 0 d-------- C:\Program Files\Common Files\Adobe Systems Shared
2008-03-30 21:23:05 0 d-------- C:\Users\All Users\Adobe
2008-03-30 21:23:05 0 d-------- C:\Program Files\Common Files\Adobe
2008-03-29 07:18:53 12 --a------ C:\Windows\bthservsdp.dat
2008-03-29 07:16:57 0 d-------- C:\Windows\SoftwareDistribution
2008-03-29 07:15:53 17408 --a------ C:\Windows\system32\rpcnetp.dll
2008-03-29 07:15:49 0 d-------- C:\Windows\Debug
2008-03-29 07:14:20 0 d-------- C:\Windows\Prefetch
2008-03-29 07:14:03 17408 --a------ C:\Windows\system32\rpcnetp.exe
2008-03-29 07:14:03 0 d--hs---- C:\System Volume Information
2008-03-29 07:13:35 0 d-------- C:\Windows\Panther
2008-03-29 07:13:18 0 d--hs---- C:\Boot
2008-03-29 07:12:41 0 d-------- C:\Windows\system32\OEM
2008-03-29 07:12:41 36 -rah----- C:\Windows\DELL_VERSION
2008-03-29 04:59:01 0 d-------- C:\Windows\system32\ENU
2008-03-29 04:59:00 0 d-------- C:\Windows\system32\Lang
2008-03-29 04:55:08 0 d-------- C:\Users\human\Roaming
2008-03-29 04:55:08 0 d-------- C:\Users\Default\Roaming
2008-03-29 04:55:08 0 d-------- C:\Users\All Users\Roaming
2008-03-29 04:54:48 0 d-------- C:\Users\All Users\Intel
2008-03-29 04:49:06 0 d-------- C:\Windows\Downloaded Installations
2008-03-29 04:48:10 0 d-------- C:\Program Files\DellTPad
2008-03-29 04:46:08 0 d-------- C:\Program Files\Modem Diagnostic Tool
2008-03-29 04:44:29 0 d-------- C:\Program Files\Common Files\InstallShield
2008-03-29 04:39:24 0 d-------- C:\Program Files\Intel
2008-03-29 04:39:14 0 d-------- C:\Intel
2008-03-29 04:37:31 0 d-------- C:\Windows\system32\vmm32
2008-03-29 04:37:25 0 d-------- C:\Program Files\Marvell
2008-03-29 04:36:20 0 d-------- C:\Users\human\Bluetooth Software
2008-03-29 04:34:48 229376 --a------ C:\Windows\system32\BtwRSupport.dll <Not Verified; Broadcom Corporation.; Bluetooth Software 6.0.1.3100>
2008-03-29 04:34:39 0 d-------- C:\Windows\system32\es-MX
2008-03-29 04:34:39 0 d-------- C:\Windows\system32\es-AR
2008-03-29 04:34:37 0 d-------- C:\Program Files\WIDCOMM
2008-03-29 04:33:12 0 d-------- C:\Program Files\Cisco
2008-03-29 04:33:06 0 d-------- C:\Dell
2008-03-29 04:33:05 0 d-------- C:\Users\All Users\Dell
2008-03-29 04:32:40 987136 --a------ C:\Windows\system32\BCMLogon.dll <Not Verified; Dell Inc.; Wireless Network Logon Provider>
2008-03-29 04:32:39 2682880 --a------ C:\Windows\system32\vcredist_x86.exe <Not Verified; Microsoft Corporation; Microsoft Visual C++ 2005 Redistributable>
2008-03-29 04:32:39 416 --a------ C:\Windows\system32\vcredist_x86.bat
2008-03-29 04:32:39 1591 --a------ C:\Windows\system32\Uninst_EAPModules.bat
2008-03-29 04:32:39 278528 --a------ C:\Windows\system32\bcmwlu00.exe <Not Verified; Dell Inc.; Dell Wireless WLAN Card Uninstaller>
2008-03-29 04:32:38 24064 --a------ C:\Windows\system32\WLTRYSVC.EXE
2008-03-29 04:32:38 3444736 --a------ C:\Windows\system32\WLTRAY.EXE <Not Verified; Dell Inc.; Dell Wireless WLAN Card Wireless Network Tray Applet>
2008-03-29 04:32:38 2506752 --a------ C:\Windows\system32\BCMWLTRY.EXE <Not Verified; Dell Inc.; Dell Wireless WLAN Card Wireless Network Controller>
2008-03-29 04:32:38 54784 --a------ C:\Windows\system32\bcmwlrmt.dll
2008-03-29 04:32:38 3895296 --a------ C:\Windows\system32\bcmttls.dll <Not Verified; Dell Inc.; Dell Wireless EAP Provider EAP-TTLS>
2008-03-29 04:32:36 0 d--hs---- C:\Windows\Installer
2008-03-29 04:32:32 0 d-------- C:\Users\All Users\CyberLink
2008-03-29 04:32:31 22729 --a------ C:\newkey
2008-03-29 04:31:55 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-03-29 04:31:55 0 d-------- C:\Program Files\CyberLink
2008-03-29 04:31:54 0 d-------- C:\Program Files\Dell
2008-03-29 04:30:36 0 dr------- C:\Users\human\Searches
2008-03-29 04:30:26 0 dr------- C:\Users\human\Contacts
2008-03-29 04:30:22 0 d-------- C:\Program Files\CONEXANT
2008-03-29 04:30:21 0 dr------- C:\Users\human\Videos
2008-03-29 04:30:21 0 d--hs---- C:\Users\human\Templates
2008-03-29 04:30:21 0 d--hs---- C:\Users\human\Start Menu
2008-03-29 04:30:21 0 d--hs---- C:\Users\human\SendTo
2008-03-29 04:30:21 0 d--hs---- C:\Users\human\Recent
2008-03-29 04:30:21 0 d--hs---- C:\Users\human\PrintHood
2008-03-29 04:30:21 0 dr------- C:\Users\human\Pictures
2008-03-29 04:30:21 2359296 --ahs---- C:\Users\human\ntuser.dat
2008-03-29 04:30:21 0 d--hs---- C:\Users\human\NetHood
2008-03-29 04:30:21 0 d--hs---- C:\Users\human\My Documents
2008-03-29 04:30:21 0 dr------- C:\Users\human\Music
2008-03-29 04:30:21 0 d--hs---- C:\Users\human\Local Settings
2008-03-29 04:30:21 0 dr------- C:\Users\human\Favorites
2008-03-29 04:30:21 0 dr------- C:\Users\human\Downloads
2008-03-29 04:30:21 0 dr------- C:\Users\human\Documents
2008-03-29 04:30:21 0 d--hs---- C:\Users\human\Cookies
2008-03-29 04:30:21 0 d--hs---- C:\Users\human\Application Data
2008-03-29 04:30:21 0 d--h----- C:\Users\human\AppData
2008-03-29 04:28:16 0 d-------- C:\Program Files\SigmaTel
2008-03-29 04:26:07 0 d-------- C:\Program Files\Java
2008-03-29 04:26:06 0 d-------- C:\Program Files\Common Files\Java


-- Find3M Report ---------------------------------------------------------------

2008-04-29 13:36:47 0 d-------- C:\Users\human\AppData\Roaming\BitTorrent
2008-04-29 13:36:26 0 d-------- C:\Users\human\AppData\Roaming\DNA
2008-04-27 22:34:31 0 d-------- C:\Users\human\AppData\Roaming\Vso
2008-04-25 19:00:46 0 d-------- C:\Program Files\Common Files
2008-04-25 00:41:01 0 d-------- C:\Users\human\AppData\Roaming\LimeWire
2008-04-24 07:07:54 0 d-------- C:\Users\human\AppData\Roaming\Lavasoft
2008-04-22 21:34:19 0 d-------- C:\Users\human\AppData\Roaming\Kristanix Software
2008-04-21 10:52:04 0 d-------- C:\Users\human\AppData\Roaming\U3
2008-04-20 18:18:07 0 d-------- C:\Users\human\AppData\Roaming\Adobe
2008-04-17 20:42:03 0 d-------- C:\Users\human\AppData\Roaming\SmartFTP
2008-04-09 22:20:24 0 d-------- C:\Program Files\Windows Mail
2008-04-03 22:40:44 0 d-------- C:\Users\human\AppData\Roaming\Mozilla
2008-04-03 18:56:40 0 d-------- C:\Users\human\AppData\Roaming\Ableton
2008-04-03 16:32:22 0 d-------- C:\Users\human\AppData\Roaming\Roxio
2008-04-03 16:03:48 0 d-------- C:\Users\human\AppData\Roaming\DivX
2008-04-03 00:19:52 0 d-------- C:\Users\human\AppData\Roaming\AdobeUM
2008-04-02 16:20:02 174 --ahs---- C:\Program Files\desktop.ini
2008-04-02 06:29:24 0 d-------- C:\Program Files\Windows Calendar
2008-04-02 06:29:20 0 d-------- C:\Program Files\Windows Defender
2008-04-02 06:29:17 0 d-------- C:\Program Files\Windows Sidebar
2008-04-01 21:25:12 0 d-------- C:\Users\human\AppData\Roaming\Sony
2008-04-01 21:24:18 0 d-------- C:\Users\human\AppData\Roaming\Publish Providers
2008-04-01 18:41:21 0 d-------- C:\Users\human\AppData\Roaming\Macromedia
2008-03-31 20:28:09 0 d-------- C:\Users\human\AppData\Roaming\Creative
2008-03-31 18:41:58 0 d-------- C:\Users\human\AppData\Roaming\Apple Computer
2008-03-31 13:15:09 0 d-------- C:\Users\human\AppData\Roaming\CyberLink
2008-03-31 13:04:37 34 --a------ C:\Users\human\AppData\Roaming\pcouffin.log
2008-03-31 13:04:16 7887 --a------ C:\Users\human\AppData\Roaming\pcouffin.cat
2008-03-31 13:00:15 0 d-------- C:\Users\human\AppData\Roaming\Thunderbird
2008-03-30 22:43:38 0 d-------- C:\Program Files\MSBuild
2008-03-30 22:33:25 0 d-------- C:\Users\human\AppData\Roaming\WinRAR
2008-03-30 22:25:15 0 d-------- C:\Users\human\AppData\Roaming\Extensis
2008-03-29 04:55:10 0 d-------- C:\Users\human\AppData\Roaming\Intel
2008-03-29 04:37:01 0 d-------- C:\Users\human\AppData\Roaming\TMP
2008-03-29 04:31:51 0 d-------- C:\Users\human\AppData\Roaming\InstallShield
2008-03-29 04:30:28 0 d-------- C:\Users\human\AppData\Roaming\Identities
2008-03-15 13:07:02 7680 --a------ C:\Windows\system32\ff_vfw.dll
2008-03-14 13:22:54 368640 --a------ C:\Windows\system32\ReWire.dll <Not Verified; Propellerhead Software AB; ReWire>
2008-03-06 18:29:44 966656 --a------ C:\Windows\system32\VSFilter.dll <Not Verified; Gabest; VSFilter>
2008-03-04 15:32:27 105984 --a------ C:\Windows\b152.exe


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{006248c9-b4b8-4d85-a261-8bff5ec7e7ea}]
04/22/2008 10:09 PM 272384 --a------ C:\Windows\system32\ssqRKdcA.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c881fc5f-1b3d-4b5e-aa62-497405879b4e}]
04/29/2008 06:42 AM 107072 --a------ C:\Windows\system32\veeowmao.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [04/02/2008 04:59 AM]
"PCMService"="C:\Program Files\Dell\MediaDirect\PCMService.exe" [11/01/2007 03:39 PM]
"Apoint"="C:\Program Files\DellTPad\Apoint.exe" [07/02/2007 01:29 PM]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [07/24/2007 06:02 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0\bin\jusched.exe" [03/29/2008 04:26 AM]
"SigmatelSysTrayApp"="C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe" [09/13/2007 03:44 PM]
"OEM02Mon.exe"="C:\Windows\OEM02Mon.exe" [05/10/2007 01:01 AM]
"Broadcom Wireless Manager UI"="C:\Windows\system32\WLTRAY.exe" [12/08/2007 02:34 PM]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [12/13/2007 08:24 AM C:\Windows\System32\igfxtray.exe]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [12/13/2007 08:24 AM]
"Persistence"="C:\Windows\system32\igfxpers.exe" [12/13/2007 08:24 AM]
"Adobe Version Cue CS2"="C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" [04/04/2005 06:58 PM]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe" [01/12/2006 08:52 PM]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [10/27/2006 12:47 AM]
"DELL Webcam Manager"="C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" [07/27/2007 04:43 PM C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [04/01/2008 10:19 PM]
"ScratchAmp"="C:\Program Files\Stanton\FinalScratch\ScratchAmpControl.exe" [11/18/2004 06:51 AM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [03/28/2008 11:37 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [03/30/2008 10:36 AM]
"MSServer"="C:\Windows\system32\vtUmMdeD.dll" [04/22/2008 10:00 PM]
"autoload"="C:\Users\human\cftmon.exe" [04/22/2008 10:01 PM]
"CaISSDT"="C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe" [04/21/2006 02:42 PM]
"eTrustPPAP"="C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe" [04/24/2008 06:31 PM]
"74805e66"="C:\Windows\system32\hqhigeeg.dll" [04/28/2008 09:03 PM]
"ntuser"="C:\Windows\system32\drivers\spools.exe" [04/22/2008 10:01 PM]
"BM77b36dfa"="C:\Windows\system32\rslyrntk.dll" [04/29/2008 06:36 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [04/10/2008 10:25 PM]
"autoload"="C:\Users\human\cftmon.exe" [04/22/2008 10:01 PM]
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" [03/24/2008 07:25 PM C:\Program Files\BitTorrent\bittorrent.exe]
"ntuser"="C:\Windows\system32\drivers\spools.exe" [04/22/2008 10:01 PM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"autoload"=C:\Windows\system32\config\systemprofile\cftmon.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - C:\Windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [3/30/2008 9:46:47 PM]
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [3/16/2005 8:16:50 PM]
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [11/3/2006 5:55:50 PM]
QuickSet.lnk - C:\Program Files\Dell\QuickSet\quickset.exe [9/7/2007 4:27:08 PM]
Suitcase 11.0.lnk - C:\Windows\Installer\{7451C9B5-3E10-4E59-AD37-AB7438D84288}\_01D57C9244869186542E24.exe [3/30/2008 10:20:09 PM]
Ultrawideband Control Center.lnk - C:\Program Files\Dell\Dell WUSB\WQ_Tray2.exe [8/4/2007 6:52:32 PM]
VPN Client.lnk - C:\Windows\Installer\{CCBAA1F7-E5E1-48B2-9ED9-A79C6A37CE78}\Icon3E5562ED7.ico [4/2/2008 11:25:53 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)
"EnableLUA"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{F50B3F5E-856E-4757-9BB1-B35D46CA7719}"= C:\Windows\system32\vtUmMdeD.dll [04/22/2008 10:00 PM 39936]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\Windows\system32\ssqRKdcA

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum
bthsvcs BthServ


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
AutoRun\command- G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f72239d4-0235-11dd-8122-001e4ce873c0}]
autorun\command- F:\podcastready.exe


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- End of Deckard's System Scanner: finished at 2008-04-29 13:47:22 ------------


==========================================================

DSS Extra log


Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft® Windows Vista™ Home Premium (build 6000)
Architecture: X86; Language: English

CPU 0: Intel® Pentium® Dual CPU T2330 @ 1.60GHz
Percentage of Memory in Use: 54%
Physical Memory (total/avail): 2037.43 MiB / 929.81 MiB
Pagefile Memory (total/avail): 4285.14 MiB / 2836.39 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1930.94 MiB

C: is Fixed (NTFS) - 207.01 GiB total, 155.15 GiB free.
D: is Fixed (Unformatted) - 0 GiB total, 0 GiB free.
E: is CDROM (No Media)
I: is Removable (FAT)

\\.\PHYSICALDRIVE0 - WDC WD2500BEVS-75UST0 - 232.88 GiB - 4 partitions
\PARTITION0 - Unknown - 47.03 MiB
\PARTITION1 (bootable) - Installable File System - 207.01 GiB - C:
\PARTITION2 - Extended w/Extended Int 13 - 25.83 GiB - D:

\\.\PHYSICALDRIVE1 - SanDisk U3 Titanium USB Device - 1953.22 MiB - 1 partition
\PARTITION0 (bootable) - Win95 w/Extended Int 13 - 1959.79 MiB - I:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

AS: Windows Defender v1.1.1505.0 (Microsoft Corporation)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\ProgramData
APPDATA=C:\Users\human\AppData\Roaming
CLASSPATH=.;C:\Program Files\Java\jre1.6.0\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=HUMAN-PC
ComSpec=C:\Windows\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Users\human
LOCALAPPDATA=C:\Users\human\AppData\Local
LOGONSERVER=\\HUMAN-PC
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files\Microsoft SQL Server\80\Tools\Binn\;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\10.0\DLLShared\;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 13, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f0d
ProgramData=C:\ProgramData
ProgramFiles=C:\Program Files
PROMPT=$P$G
PUBLIC=C:\Users\Public
QTJAVA=C:\Program Files\Java\jre1.6.0\lib\ext\QTJava.zip
RoxioCentral=C:\Program Files\Common Files\Roxio Shared\10.0\Roxio Central36\
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\Windows
TEMP=C:\Users\human\AppData\Local\Temp
TMP=C:\Users\human\AppData\Local\Temp
USERDOMAIN=human-PC
USERNAME=human
USERPROFILE=C:\Users\human
windir=C:\Windows


-- User Profiles ---------------------------------------------------------------

human (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
--> msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
--> msiexec /i {46548E80-0409-0000-7E8A-45000F855001}
--> msiexec /I {B2F5D08C-7E79-4FCD-AAF4-57AD35FF0601}
--> msiexec /I{7F4C8163-F259-49A0-A018-2857A90578BC}
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1A5BA3E-9ABF-4037-820B-6151022B8ACB}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F6366726-BA44-4D6A-8ECE-476E2E616AD1}\setup.exe" -l0x9
µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
Ad-Aware SE Professional --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe After Effects 7.0 --> msiexec /I {DD362256-A7A2-4524-9457-213DDC2AFC2A}
Adobe Bridge 1.0 --> MsiExec.exe /I{AE3D38A6-13B1-40B3-9423-D1FA9982FB6A}
Adobe Common File Installer --> MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5102}
Adobe Creative Suite 2 --> C:\PROGRA~1\INSTAL~1\{0134A~1\setup.exe /relaunched/rootloc=g:\applications\adobe creative suite 2\adobe cs2\adobe creative suite 2.0/lang=0409
Adobe ExtendScript Toolkit 1.0 --> MsiExec.exe /I{B74D4E10-0000-0000-0000-EDED00000102}
Adobe Flash Player ActiveX --> C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Help Center 2.0 --> MsiExec.exe /I{8FFC924C-ED06-44CB-8867-3CA778ECE903}
Adobe Shockwave Player 11 --> C:\Windows\system32\adobe\SHOCKW~1\UNWISE.EXE C:\Windows\system32\Adobe\SHOCKW~1\Install.log
Adobe Stock Photos 1.0 --> MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
Adobe Stock Photos 1.0 --> MsiExec.exe /I{786C5747-1437-443D-B06E-79A00FE45110}
Adobe SVG Viewer 3.0 --> C:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Install.log
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
BitTorrent --> "C:\Program Files\BitTorrent\BitTorrent.exe" /UNINSTALL
Bonjour --> MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
CA eTrust PestPatrol Anti-Spyware --> "C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\cauninst.exe" /u
Camtasia Studio 4 --> MsiExec.exe /I{950A8D14-C48E-4508-B377-1EA45A18FA3D}
Cisco AnyConnect VPN Client --> MsiExec.exe /I{065717D4-B980-434B-B778-0F14FBDB4AC3}
Cisco EAP-FAST Module --> MsiExec.exe /I{BF53252E-4AB2-4C7F-A0FD-6100755745E3}
Cisco LEAP Module --> MsiExec.exe /I{76F9CF97-FC4B-4E20-B363-D127C888448F}
Cisco PEAP Module --> MsiExec.exe /I{4E5386F5-C0F6-4532-A54A-374865AEAB71}
Conexant HDA D330 MDC V.92 Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F\HXFSETUP.EXE -U -Idel000fz.inf
ConvertXtoDVD 2.2.3.258h --> "C:\Program Files\VSO\ConvertXtoDVD\unins000.exe"
Dell Resource CD --> MsiExec.exe /X{42929F0F-CE14-47AF-9FC7-FF297A603021}
Dell Touchpad --> C:\Program Files\DellTPad\Uninstap.exe ADDREMOVE
Dell Webcam Center --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1A5BA3E-9ABF-4037-820B-6151022B8ACB}\setup.exe" -l0x9 /remove
Dell Webcam Manager --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F6366726-BA44-4D6A-8ECE-476E2E616AD1}\setup.exe" -l0x9 /remove
Dell Wireless WLAN Card --> "C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Program Files\Dell\Dell Wireless WLAN Card"
Dell WUSB --> MsiExec.exe /X{86B5E5AF-3D50-4979-9C81-687C1B3C586D}
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter --> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DNA --> "C:\Program Files\DNA\btdna.exe" /UNINSTALL
Ease Audio Converter 3.70 --> "C:\Program Files\easetech\EaseAudioConverter\unins000.exe"
Extensis Suitcase 11.0.1 --> MsiExec.exe /X{7451C9B5-3E10-4E59-AD37-AB7438D84288}
Google Desktop --> C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Intel® Graphics Media Accelerator Driver --> C:\Windows\system32\igxpun.exe -uninstall
Intel® PROSet/Wireless Software --> C:\Windows\Installer\iProInst.exe
Intel® Matrix Storage Manager --> C:\Windows\system32\imsmudlg.exe -uninstall
iTunes --> MsiExec.exe /I{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}
Java™ SE Runtime Environment 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}
KPD --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{E703D31B-7C36-4A8A-9FFB-63F0A61A7A71}
Laptop Integrated Webcam Driver (1.03.02.0719) --> C:\Windows\CtDrvIns.exe -uninstall -script OEM002.uns -plugin OEM02Pin.dll -pluginres OEM02Pin.crl -nodisconprompt -langid 0x0409
LimeWire PRO 4.17.1 --> "C:\Program Files\LimeWire\uninstall.exe"
Live 7.0.3 --> C:\PROGRA~1\Ableton\LIVE70~1.3\Install\UNWISE.EXE C:\PROGRA~1\Ableton\LIVE70~1.3\Install\INSTALL.LOG
Live! Cam Avatar Creator --> C:\Program Files\InstallShield Installation Information\{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}\setup.exe -runfromtemp -l0x0009 -removeonly /remove
Live! Cam Avatar v1.0 --> C:\Program Files\InstallShield Installation Information\{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}\setup.exe -runfromtemp -l0x0009 -removeonly /remove
Macromedia Dreamweaver 8 --> MsiExec.exe /I{0837A661-FEC3-48B3-876C-91E7D32048A9}
Macromedia Extension Manager --> MsiExec.exe /I{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}
Marvell Miniport Driver --> MsiExec.exe /X{C950420B-4182-49EA-850A-A6A2ABF06C6B}
mCore --> MsiExec.exe /I{F5D7FAB5-A1FD-4DD3-983E-4155B09D7102}
mDriver --> MsiExec.exe /I{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}
MediaDirect --> C:\Program Files\InstallShield Installation Information\{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}\Setup.exe -runfromtemp -l0x0009 -cluninstall
mHelp --> MsiExec.exe /I{8C6BB412-D3A8-4AAE-A01B-35B681789D68}
Microsoft .NET Framework 1.1 --> msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1 --> MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1 Hotfix (KB929729) --> "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\M929729\M929729Uninstall.msp"
Microsoft Office Access MUI (English) 2007 --> MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007 --> MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007 --> MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007 --> MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007 --> MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007 --> MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007 --> MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR) --> MsiExec.exe /X{E09B48B5-E141-427A-AB0C-D3605127224A}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
mMHouse --> MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
Modem Diagnostic Tool --> MsiExec.exe /I{F63A3748-B93D-4360-9AD4-B064481A5C7B}
Mozilla Firefox (2.0.0.14) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
mPfMgr --> MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
MSXML 4.0 SP2 (KB936181) --> MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833) --> MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
mWMI --> MsiExec.exe /I{63DB9CCD-2B56-4217-9A3D-507AC78320CA}
Native Instruments Service Center --> C:\PROGRA~1\NATIVE~1\SERVIC~1\UNWISE.EXE C:\PROGRA~1\NATIVE~1\SERVIC~1\INSTALL.LOG
Native Instruments Traktor DJ Studio v3.0.2.098 --> C:\PROGRA~1\NATIVE~1\TRAKTO~2\UNWISE.EXE C:\PROGRA~1\NATIVE~1\TRAKTO~2\INSTALL.LOG
Native Instruments Traktor FS 2 --> C:\PROGRA~1\NATIVE~1\TRAKTO~1\UNWISE.EXE C:\PROGRA~1\NATIVE~1\TRAKTO~1\INSTALL.LOG
OutlookAddinSetup --> MsiExec.exe /I{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}
QuickSet --> MsiExec.exe /I{C4972073-2BFE-475D-8441-564EA97DA161}
QuickTime --> MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
Raycom VPN Client --> MsiExec.exe /X{CCBAA1F7-E5E1-48B2-9ED9-A79C6A37CE78}
RegistryFix v6.2 --> "C:\Program Files\RegistryFix\unins000.exe"
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{59F6A514-9813-47A3-948C-8A155460CC2A}\Setup.exe" -l0x9 anything
Roxio Creator Audio --> MsiExec.exe /I{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}
Roxio Creator Copy --> MsiExec.exe /I{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}
Roxio Creator Data --> MsiExec.exe /I{08E81ABD-79F7-49C2-881F-FD6CB0975693}
Roxio Creator DE --> C:\ProgramData\Uninstall\{09760D42-E223-42AD-8C3E-55B47D0DDAC3}\setup.exe /x {09760D42-E223-42AD-8C3E-55B47D0DDAC3}
Roxio Creator DE --> MsiExec.exe /I{ED439A64-F018-4DD4-8BA5-328D85AB09AB}
Roxio Creator Tools --> MsiExec.exe /I{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}
Roxio Express Labeler 3 --> MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Roxio Update Manager --> MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Safari --> MsiExec.exe /X{0AFC9710-5DD6-4C6A-BA52-91AE992B2C9D}
SigmaTel Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x9 -remove -removeonly
SmartFTP Client --> MsiExec.exe /I{6F23C1A3-9F62-470C-BD12-B83F04E67865}
SmartFTP Client 3.0 Setup Files (remove only) --> C:\Program Files\SmartFTP Client 3.0 Setup Files\uninst-sftp.exe
Sony ACID Pro 6.0 --> MsiExec.exe /X{87DABCF7-2C38-4996-8FBE-053CA6536168}
Sony CD Architect 5.2 --> MsiExec.exe /X{9B10CE2B-4450-46C5-95F7-CBA0C5D4BE73}
Sony Media Manager 2.2 --> MsiExec.exe /X{C9E129BC-27D3-436E-BAAC-4CE81E0962F1}
Sony Sound Forge 8.0d --> MsiExec.exe /X{5636E517-8100-4E2A-B69E-2B16AFFA2360}
Sony Vegas 7.0 --> MsiExec.exe /X{96965E6C-41DB-4E0A-BC65-D92381D51D2A}
Stanton ScratchAmp Driver (V1.00) --> C:\Program Files\Stanton\FinalScratch\uninst.exe Software\Stanton\1394AudioDriver_FinalScratch\Setup
Suite Specific --> MsiExec.exe /I{C49DAA9C-5BA8-459A-8244-E57B69DF0F04}
Video Converter 3 --> C:\Program Files\Xilisoft\Video Converter 3\Uninstall.exe
Vista Codec Package --> MsiExec.exe /I{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}
Web Button Maker Deluxe --> C:\Program Files\Web Button Maker Deluxe\uninstall.exe
WIDCOMM Bluetooth Software 6.0.1.3100 --> MsiExec.exe /X{A13E07E1-A423-44FB-9DEE-B24C75C1BAF2}
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG


-- Application Event Log -------------------------------------------------------

Event Record #/Type6114 / Error
Event Submitted/Written: 04/29/2008 01:46:09 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application findstr.exe, version 6.0.6000.16386, time stamp 0x4549ad0e, faulting module ntdll.dll, version 6.0.6000.16386, time stamp 0x4549bdc9, exception code 0xc0000005, fault offset 0x0006ffdb,
process id 0x16fc, application start time 0xfindstr.exe0.

Event Record #/Type6113 / Error
Event Submitted/Written: 04/29/2008 01:45:50 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application findstr.exe, version 6.0.6000.16386, time stamp 0x4549ad0e, faulting module ntdll.dll, version 6.0.6000.16386, time stamp 0x4549bdc9, exception code 0xc0000005, fault offset 0x0006ffdb,
process id 0xdd4, application start time 0xfindstr.exe0.

Event Record #/Type6112 / Error
Event Submitted/Written: 04/29/2008 01:45:28 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application findstr.exe, version 6.0.6000.16386, time stamp 0x4549ad0e, faulting module ntdll.dll, version 6.0.6000.16386, time stamp 0x4549bdc9, exception code 0xc0000005, fault offset 0x0006ffdb,
process id 0x1360, application start time 0xfindstr.exe0.

Event Record #/Type6102 / Error
Event Submitted/Written: 04/29/2008 00:09:09 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application Explorer.EXE, version 6.0.6000.16549, time stamp 0x46d230c5, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0xbabbb8ba,
process id 0x758, application start time 0xExplorer.EXE0.

Event Record #/Type6099 / Warning
Event Submitted/Written: 04/29/2008 00:08:37 PM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}', feature 'iTunes' failed during request for component '{E8A1D3E2-F5D3-4B24-AB93-52F7E602A235}'



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type209198 / Warning
Event Submitted/Written: 04/29/2008 01:44:52 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%human-PC27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %human-PC27 can't undo changes that you allow.

For more information please see the following:
%human-PC275

Scan ID: {0E4529D8-E90E-4035-AA35-1D625455B149}

User: human-PC\human

Name: %human-PC271

ID: %human-PC272

Severity ID: %human-PC273

Category ID: %human-PC274

Path Found: %human-PC276

Alert Type: %human-PC278

Detection Type: 1.1.1505.02

Event Record #/Type209197 / Warning
Event Submitted/Written: 04/29/2008 01:44:52 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%human-PC27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %human-PC27 can't undo changes that you allow.

For more information please see the following:
%human-PC275

Scan ID: {1B41C117-5ECC-4FE6-B597-9E917FAC48B7}

User: human-PC\human

Name: %human-PC271

ID: %human-PC272

Severity ID: %human-PC273

Category ID: %human-PC274

Path Found: %human-PC276

Alert Type: %human-PC278

Detection Type: 1.1.1505.02

Event Record #/Type209191 / Warning
Event Submitted/Written: 04/29/2008 01:26:01 PM
Event ID/Source: 243 / Win32k
Event Description:
A desktop heap allocation failed.

Event Record #/Type209181 / Error
Event Submitted/Written: 04/29/2008 08:40:03 AM
Event ID/Source: 7000 / Service Control Manager
Event Description:
bcm42rly%%2

Event Record #/Type209180 / Error
Event Submitted/Written: 04/29/2008 08:40:02 AM
Event ID/Source: 7000 / Service Control Manager
Event Description:
bcm42rly%%2



-- End of Deckard's System Scanner: finished at 2008-04-29 13:47:22 ------------

BC AdBot (Login to Remove)

 


#2 ken545

ken545

    Malware Response Team


  • Malware Response Team
  • 1,685 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Space Coast of Florida
  • Local time:08:40 PM

Posted 14 May 2008 - 05:24 PM

Hello beahuman

Welcome to the Bleeping Computer Malware Removal Forum, sorry about the delay, but the amount of people posting with infected computers is through the roof and sometimes we can't get to logs as fast as we would like to. If you have not resolved your issue and still need assistance, post a new HJT log please as your system may have changed since your original post.

You have some nasty nasty stuff on this computer, one being a trojan downloader that downloads more of this garbage while your online, so out of posting here I strongly urge you to stay off the internet until we give you the all clear sign.

Ken

mvp_host.pngConsumer Security 2007-2008-2009-2010-2011-2012-2013-2014



donate.gif Please consider a donation to help me keep up my fight against malware.

 

Just a reminder that threads will be closed if no response in 3 days


#3 ken545

ken545

    Malware Response Team


  • Malware Response Team
  • 1,685 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Space Coast of Florida
  • Local time:08:40 PM

Posted 31 May 2008 - 09:56 PM

Due to inactivity, this thread will now be closed. If you need this topic reopened, please contact a Staff member. Include the address of this thread in your request. This applies only to the original topic starter. Should you have a new issue, please start a New Topic.

mvp_host.pngConsumer Security 2007-2008-2009-2010-2011-2012-2013-2014



donate.gif Please consider a donation to help me keep up my fight against malware.

 

Just a reminder that threads will be closed if no response in 3 days





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users