Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Command /c Del "c:\program Files\netproject\scu.exe


  • This topic is locked This topic is locked
1 reply to this topic

#1 Larrymc

Larrymc

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:12:11 PM

Posted 01 May 2008 - 07:30 AM

Hi there, I am pretty sure I have picked something up. When I boot the pc up I keep on getting a message from spybot which is the message in the Topic description above. I deny the change each time. Any help on this matter would be greatly appreciated.
Deckard's System Scanner v20071014.68
Run by User on 2008-05-01 22:16:34
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as User.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:16:40 PM, on 5/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\User\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\User.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://picasa.google.com/help/welcome.html
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingB5855] command /c del "C:\Program Files\NetProject\scu.exe"
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user')
O4 - Startup: Product Registration.lnk = C:\Program Files\Common Files\LogiShared\eReg\SetPoint\eReg.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1178087435343
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 9186 bytes

-- Files created between 2008-04-01 and 2008-05-01 -----------------------------

2008-05-01 21:43:01 0 d-------- C:\Program Files\Trend Micro
2008-05-01 21:15:06 0 dr-h----- C:\Documents and Settings\User\Recent
2008-04-30 21:41:29 0 dr-h----- C:\Documents and Settings\Gail\Recent
2008-04-29 20:10:51 0 d-------- C:\Documents and Settings\Gail\Application Data\Macromedia
2008-04-29 19:57:24 0 d-------- C:\Documents and Settings\Gail\Application Data\Logitech
2008-04-29 19:57:22 0 d-------- C:\Documents and Settings\Gail\Application Data\ATI
2008-04-29 19:57:03 0 d-------- C:\Documents and Settings\Gail\Application Data\Identities
2008-04-29 19:56:49 0 d--h----- C:\Documents and Settings\Gail\Templates
2008-04-29 19:56:49 0 dr------- C:\Documents and Settings\Gail\Start Menu
2008-04-29 19:56:49 0 dr-h----- C:\Documents and Settings\Gail\SendTo
2008-04-29 19:56:49 0 d--h----- C:\Documents and Settings\Gail\PrintHood
2008-04-29 19:56:49 2359296 --ah----- C:\Documents and Settings\Gail\NTUSER.DAT
2008-04-29 19:56:49 0 d--h----- C:\Documents and Settings\Gail\NetHood
2008-04-29 19:56:49 0 dr------- C:\Documents and Settings\Gail\My Documents
2008-04-29 19:56:49 0 d--h----- C:\Documents and Settings\Gail\Local Settings
2008-04-29 19:56:49 0 dr------- C:\Documents and Settings\Gail\Favorites
2008-04-29 19:56:49 0 d-------- C:\Documents and Settings\Gail\Desktop
2008-04-29 19:56:49 0 d--hs---- C:\Documents and Settings\Gail\Cookies
2008-04-29 19:56:49 0 dr-h----- C:\Documents and Settings\Gail\Application Data
2008-04-29 19:56:49 0 d---s---- C:\Documents and Settings\Gail\Application Data\Microsoft
2008-04-25 00:40:22 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-04-25 00:39:49 0 d-------- C:\Program Files\Windows Live
2008-04-25 00:39:37 0 d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-04-24 23:06:33 0 d-------- C:\Program Files\MSBuild
2008-04-24 23:04:49 0 d-------- C:\WINDOWS\system32\XPSViewer
2008-04-24 23:04:15 0 d-------- C:\Program Files\Reference Assemblies
2008-04-24 23:03:02 0 d-------- C:\Program Files\MSXML 6.0
2008-04-24 23:02:26 0 d-------- C:\WINDOWS\network diagnostic
2008-04-24 21:45:55 19642400 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-04-24 21:44:06 0 d-------- C:\Program Files\ZoneAlarmSB
2008-04-24 21:42:48 0 d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-04-24 21:42:44 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-04-24 21:42:23 0 d-------- C:\WINDOWS\system32\ZoneLabs
2008-04-24 21:41:30 0 d-------- C:\WINDOWS\Internet Logs
2008-04-18 09:47:46 0 d-------- C:\Program Files\Microsoft Games
2008-04-18 08:28:25 0 d-------- C:\Program Files\Incomplete
2008-04-18 08:27:31 0 d-------- C:\Program Files\LimeWire
2008-04-17 17:27:43 0 d-------- C:\Documents and Settings\User\Application Data\Logitech
2008-04-17 17:27:35 0 d-------- C:\Documents and Settings\User\Application Data\Leadertech
2008-04-17 17:27:34 0 d-------- C:\Program Files\Common Files\LogiShared
2008-04-17 17:25:37 69632 --a------ C:\WINDOWS\system32\KemXML.dll <Not Verified; Logitech Inc.; Logitech SetPoint>
2008-04-17 17:25:37 110592 --a------ C:\WINDOWS\system32\KemWnd.dll <Not Verified; Logitech Inc.; Logitech SetPoint>
2008-04-17 17:25:37 135168 --a------ C:\WINDOWS\system32\KemUtil.dll <Not Verified; Logitech Inc.; Logitech SetPoint>
2008-04-17 17:25:37 163840 --a------ C:\WINDOWS\system32\kemutb.dll <Not Verified; Logitech Inc.; Logitech SetPoint>
2008-04-17 17:25:26 0 d-------- C:\Documents and Settings\All Users\Application Data\Logitech
2008-04-17 17:25:25 0 d-------- C:\Program Files\Logitech
2008-04-17 17:25:22 0 d-------- C:\Program Files\Common Files\Logitech
2008-04-17 17:25:13 0 d-------- C:\Documents and Settings\User\Application Data\InstallShield
2008-04-17 17:24:57 0 d-------- C:\Documents and Settings\All Users\Application Data\LogiShrd
2008-04-16 19:22:26 0 d-------- C:\Program Files\Pegasys Inc
2008-04-12 09:24:46 487479 --a------ C:\WINDOWS\system32\SkinMagic.dll <Not Verified; Appspeed Inc.; Appspeed SkinMagic Toolkit>
2008-04-12 09:24:46 719872 --a------ C:\WINDOWS\system32\devil.dll <Not Verified; Abysmal Software; Developer's Image Library (DevIL)>
2008-04-12 09:24:45 60273 --a------ C:\WINDOWS\system32\pthreadGC2.dll <Not Verified; Open Source Software community project; >
2008-04-12 09:24:45 313344 --a------ C:\WINDOWS\system32\avisynth.dll <Not Verified; The Public; Avisynth 2.5>
2008-04-12 09:24:44 0 d-------- C:\WINDOWS\system32\avsplugin
2008-04-12 09:24:44 7277568 --a------ C:\WINDOWS\system32\3gpcore.dll
2008-04-12 09:24:44 0 d-------- C:\Program Files\Smallvideosoft
2008-04-11 00:19:24 0 d-------- C:\Program Files\Lavasoft
2008-04-09 18:49:38 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-04-09 18:49:33 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-04-09 18:49:33 0 d-------- C:\Documents and Settings\User\Application Data\SUPERAntiSpyware.com
2008-04-08 22:55:26 0 d-------- C:\Documents and Settings\All Users\Application Data\Ahead
2008-04-08 19:26:52 0 d-------- C:\Documents and Settings\User\Application Data\Help
2008-04-07 20:16:27 0 d-------- C:\Documents and Settings\User\Application Data\Canon
2008-04-06 22:47:11 0 d-------- C:\Program Files\MSXML 4.0
2008-04-06 14:34:03 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-04-06 14:33:44 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-05 21:00:03 0 d-------- C:\Documents and Settings\All Users\Application Data\Nokia
2008-04-04 19:29:54 0 d-------- C:\Documents and Settings\User\Application Data\Nero
2008-04-04 18:57:56 0 d-------- C:\Documents and Settings\User\Application Data\Apple Computer
2008-04-04 18:40:51 0 d-------- C:\Program Files\IrfanView
2008-04-04 18:35:51 0 d-------- C:\Program Files\QuickTime
2008-04-04 18:35:50 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-04-04 18:35:40 0 d-------- C:\Program Files\Apple Software Update
2008-04-04 18:35:40 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-04-04 18:22:11 0 d-------- C:\Documents and Settings\User\Application Data\ArcSoft
2008-04-04 16:35:41 0 d-------- C:\Documents and Settings\User\Application Data\Nokia Multimedia Player
2008-04-04 16:18:44 0 d-------- C:\Documents and Settings\All Users\Application Data\PC Suite
2008-04-04 16:18:34 0 d-------- C:\Program Files\DIFX
2008-04-04 16:18:33 0 d-------- C:\Documents and Settings\User\Application Data\Nokia
2008-04-04 16:18:20 0 d-------- C:\Program Files\Common Files\PCSuite
2008-04-04 16:18:19 0 d-------- C:\Program Files\Common Files\Nokia
2008-04-04 16:18:11 0 d-------- C:\Documents and Settings\User\Application Data\PC Suite
2008-04-04 16:18:07 0 d-------- C:\Program Files\PC Connectivity Solution
2008-04-04 16:18:01 0 d------c- C:\WINDOWS\system32\DRVSTORE
2008-04-04 16:17:59 0 d-------- C:\Program Files\Nokia
2008-04-04 16:15:05 0 d-------- C:\Documents and Settings\All Users\Application Data\Installations
2008-04-03 18:34:52 0 d-------- C:\Documents and Settings\User\Application Data\Ahead
2008-04-03 18:33:40 0 d-------- C:\Program Files\Common Files\Ahead
2008-04-02 22:23:26 0 d-------- C:\Program Files\DVDFab HD Decrypter 4
2008-04-02 21:36:35 0 d-------- C:\WINDOWS\system32\appmgmt
2008-04-02 21:18:09 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-04-02 20:41:50 0 d-------- C:\Program Files\Common Files\Java
2008-04-02 20:16:08 0 d-------- C:\WINDOWS\Sun
2008-04-01 20:51:09 0 d-------- C:\Documents and Settings\User\Application Data\TomTom
2008-04-01 20:51:09 0 d-------- C:\Documents and Settings\User\Application Data\Mozilla
2008-04-01 20:44:18 0 d-------- C:\Program Files\TomTom HOME 2
2008-04-01 20:09:03 0 d-------- C:\Documents and Settings\User\Application Data\LimeWire
2008-04-01 19:22:59 0 d-------- C:\WINDOWS\SxsCaPendDel


-- Find3M Report ---------------------------------------------------------------

2008-04-25 00:40:22 0 d-------- C:\Program Files\Common Files
2008-04-18 09:59:08 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-04 20:05:42 0 d-------- C:\Documents and Settings\User\Application Data\Corel
2008-04-04 20:02:15 0 d-------- C:\Program Files\Corel
2008-04-03 18:33:40 0 d-------- C:\Program Files\Nero
2008-04-02 22:29:56 0 d-------- C:\Program Files\Java
2008-04-01 19:23:17 0 d-------- C:\Program Files\Common Files\Adobe
2008-04-01 17:00:50 0 d-------- C:\Documents and Settings\User\Application Data\Adobe
2008-03-31 20:37:47 0 d-------- C:\Program Files\Elaborate Bytes
2008-03-31 20:08:55 0 d-------- C:\Documents and Settings\User\Application Data\ScanSoft
2008-03-31 20:08:47 0 d-------- C:\Program Files\Common Files\ScanSoft Shared
2008-03-31 20:08:37 0 d-------- C:\Program Files\ScanSoft
2008-03-31 20:07:38 0 d-------- C:\Program Files\Canon
2008-03-31 20:07:17 0 d-------- C:\Program Files\ArcSoft
2008-03-31 19:48:08 0 d-------- C:\Program Files\DVD Decrypter
2008-03-31 17:29:35 0 d-------- C:\Documents and Settings\User\Application Data\CyberLink
2008-03-31 15:31:37 0 d-------- C:\Documents and Settings\User\Application Data\ShadowProtect IT
2008-03-28 23:17:18 0 d-------- C:\Program Files\Analog Devices
2008-03-28 23:15:48 0 d-------- C:\Program Files\Intel
2008-03-28 22:58:59 0 d-------- C:\Program Files\SlySoft
2008-03-28 22:58:30 0 d-------- C:\Documents and Settings\User\Application Data\Lavasoft
2008-03-28 16:01:58 0 d-------- C:\Program Files\StorageCraft
2008-03-28 12:01:50 0 d-------- C:\Documents and Settings\User\Application Data\ATI
2008-03-28 12:01:37 0 --a------ C:\WINDOWS\ativpsrm.bin
2008-03-28 11:57:39 0 d-------- C:\Program Files\ATI Technologies
2008-03-28 11:56:41 0 d-------- C:\Program Files\Common Files\InstallShield
2008-03-28 11:45:29 0 d-------- C:\Documents and Settings\User\Application Data\Macromedia
2008-02-25 20:05:00 593920 -----n--- C:\WINDOWS\system32\ati2sgag.exe <Not Verified; ; ATI Smart>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
04/24/2008 09:44 PM 262144 --a------ C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL [04/24/2008 09:44 PM 262144]

[-HKEY_CLASSES_ROOT\CLSID\{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [06/28/2006 01:54 AM C:\WINDOWS\RTHDCPL.EXE]
"SkyTel"="SkyTel.EXE" [05/16/2006 05:04 AM C:\WINDOWS\SkyTel.exe]
"Alcmtr"="ALCMTR.EXE" [05/03/2005 05:43 AM C:\WINDOWS\ALCMTR.EXE]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [05/02/2007 02:51 PM]
"PRONoMgr.exe"="C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe" [03/11/2003 03:24 PM]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [07/27/2004 12:48 PM]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [08/06/2004 07:27 AM]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [01/21/2008 11:17 AM]
"OpwareSE2"="C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [05/08/2003 11:00 AM]
"BluetoothAuthenticationAgent"="bthprops.cpl" [08/04/2004 12:56 AM C:\WINDOWS\system32\bthprops.cpl]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 09:16 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 03:25 AM]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [07/09/2001 09:50 AM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [03/28/2008 10:37 PM]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [04/11/2007 03:32 PM C:\WINDOWS\KHALMNPR.Exe]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [04/02/2008 09:07 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/14/2004 02:24 AM]
"TomTomHOME.exe"="C:\Program Files\TomTom HOME 2\HOMERunner.exe" [02/18/2008 08:58 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 12:56 AM]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" [10/28/2005 03:25 PM]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [01/28/2008 11:43 AM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"SpybotDeletingB5855"=command /c del "C:\Program Files\NetProject\scu.exe"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/2006 12:55 PM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 12:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ




-- End of Deckard's System Scanner: finished at 2008-05-01 22:17:26 ------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 3.00GHz
CPU 1: Intel® Pentium® 4 CPU 3.00GHz
Percentage of Memory in Use: 49%
Physical Memory (total/avail): 1023.48 MiB / 520.51 MiB
Pagefile Memory (total/avail): 1669.82 MiB / 1175.23 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1913.61 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 49.33 GiB total, 35.52 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)
F: is Fixed (NTFS) - 416.43 GiB total, 346.33 GiB free.

\\.\PHYSICALDRIVE0 - SAMSUNG HD501LJ - 465.76 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 49.33 GiB - C:
\PARTITION1 - Installable File System - 416.43 GiB - F:



-- Security Center -------------------------------------------------------------

AUOptions is disabled.
Windows Internal Firewall is disabled.

FW: ZoneAlarm Firewall v7.0.473.000 (Check Point, LTD.)
AV: ESET NOD32 antivirus system 2.70 v2.70 (ESET, spol. s r.o.)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS\\system32\\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"="C:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe:*:Enabled:AC3 audio (ac3)"
"C:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"="C:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe:*:Enabled:Nokia Software Updater"
"C:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"="C:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process "
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\User\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=I7050101A
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\User
LOGONSERVER=\\I7050101A
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Program Files\PC Connectivity Solution\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 3, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0403
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\User\LOCALS~1\Temp
TMP=C:\DOCUME~1\User\LOCALS~1\Temp
tvdumpflags=8
USERDOMAIN=I7050101A
USERNAME=User
USERPROFILE=C:\Documents and Settings\User
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

User (admin)
Gail


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
--> C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
--> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> C:\WINDOWS\UNRecode.exe /UNINSTALL
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
1Click DVD Copy 5.0.1.0 --> "C:\Program Files\LG Software Innovations\1Click DVD Copy 5\unins000.exe"
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player 9 ActiveX --> MsiExec.exe /X{685A56F8-75B6-44AD-B3DA-FB0A3266B47C}
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Age of Empires III --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
ArcSoft PhotoStudio 5.5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D95ED581-3C67-4BB4-AA50-DDCC6A97226D}\SETUP.EXE" -l0x9
ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x0
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
Canon MP Drivers 6.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3FF3DD04-F386-46B0-97FC-B86238B65487}\Setup.exe" -l0x9 -Uninstall
Canon MP Navigator 1.1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8653730A-683D-4C42-BB18-6471291D5DEA}\setup.exe" /SUUninstall
Canon ScanGear Starter --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{18A5DFF2-8A95-49F3-873F-743CB5549F3D}\setup.exe" -l0x9 anything
Canon Utilities Easy-PhotoPrint --> C:\Program Files\Canon\Easy-PhotoPrint\uninst.exe C:\Program Files\Canon\Easy-PhotoPrint\uninst.ini
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
CD-LabelPrint --> "C:\Program Files\Canon\CD-LabelPrint\Uninstal.exe" Canon.CDLabelPrint.Application
CDDRV_Installer --> MsiExec.exe /I{8CC990CD-87C8-475C-AC32-8A7984E2FCFA}
CloneDVD2 --> "C:\Program Files\Elaborate Bytes\CloneDVD2\CloneDVD2-uninst.exe" /D="C:\Program Files\Elaborate Bytes\CloneDVD2"
Corel Applications --> C:\WINDOWS\Corel\Uninst32.exe
CorelDRAW Graphics Suite 11 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{07A540AB-D785-11D5-8E89-0090275862A0}
DivX --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DVD Decrypter (Remove Only) --> "C:\Program Files\DVD Decrypter\uninstall.exe"
DVD Shrink 3.2 --> "C:\Program Files\DVD Shrink\unins000.exe"
DVDFab HD Decrypter 4.1.2.0 --> "C:\Program Files\DVDFab HD Decrypter 4\unins000.exe"
Easy-WebPrint --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Canon\Easy-WebPrint\Uninst.isu"
Freez 3GP Video Converter 2.0 --> "C:\Program Files\Smallvideosoft\Freez 3GP Video Converter\unins000.exe"
High Definition Audio Driver Package - KB888111 --> "C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Intel® PRO Network Adapters and Drivers --> Prounstl.exe
Intel® PROSet --> MsiExec.exe /I{A790BEB1-BCCF-4EC6-807B-5708B36E8A79}
IrfanView (remove only) --> C:\Program Files\IrfanView\iv_uninstall.exe
Java 2 Runtime Environment, SE v1.4.2_03 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030}
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
KhalInstallWrapper --> MsiExec.exe /I{56918C0C-0D87-4CA6-92BF-4975A43AC719}
LimeWire 4.16.6 --> "C:\Program Files\LimeWire\uninstall.exe"
Logitech Desktop Messenger --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\SETUP.EXE" -l0x9 UNINSTALL
Logitech Registration --> MsiExec.exe /I{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}
Logitech SetPoint --> C:\Program Files\InstallShield Installation Information\{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}\setup.exe -runfromtemp -l0x0009 -removeonly
Microsoft Base Smart Card Cryptographic Service Provider Package --> "C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 --> "C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.5 --> "C:\WINDOWS\$NtUninstallWudf01005$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
MSVC80_x86 --> MsiExec.exe /I{212748BB-0DA5-46DE-82A1-403736DC9F27}
MSXML 6.0 Parser --> MsiExec.exe /I{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}
Nero 7 Demo --> MsiExec.exe /I{84B2CF01-194D-2284-B313-F2E0D78D1033}
NOD32 antivirus system --> C:\Program Files\Eset\Setup\setup.exe /UNINSTALL
NOD32 FiX --> "C:\Program Files\Eset\unins000.exe"
Nokia Connectivity Cable Driver --> MsiExec.exe /X{0A3D3C54-2EC0-4D67-B265-FF17926E6D67}
Nokia PC Suite --> C:\Documents and Settings\All Users\Application Data\Installations\{29466F9C-7C6A-419C-B301-F440FAF78760}\Nokia_PC_Suite_rel_6_85_14_1_eng.exe
Nokia PC Suite --> MsiExec.exe /I{29466F9C-7C6A-419C-B301-F440FAF78760}
Nokia Software Updater --> MsiExec.exe /X{3741689E-584D-40C9-B011-373A0371846D}
OmniPage SE 2.0 --> MsiExec.exe /I{79D5997E-BF79-48BB-8B41-9BE59C15C2D7}
Paint.NET v2.63 --> MsiExec.exe /X{8B6FC947-8168-4086-915B-F71392823473}
PC Connectivity Solution --> MsiExec.exe /I{BA084E7C-8ABA-4670-BDE8-B85E689A5C1B}
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
QuickTime --> MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
Realtek High Definition Audio Driver --> RtlUpd.exe -r -m
SoundMAX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe" -l0x9 -removeonly
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
TMPGEnc DVD Author 1.6 --> MsiExec.exe /I{9CD89DD7-234A-4801-9D87-3DE352E146A0}
TomTom HOME --> C:\Program Files\TomTom HOME 2\Uninstall TomTom HOME.exe
VC_MergeModuleToMSI --> MsiExec.exe /I{900A92BA-19EF-4A34-86CF-7B6C85BDD971}
Windows Communication Foundation --> MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
Windows Driver Package - Nokia Modem (08/03/2007 6.84.0.2) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_1EB5F2E6F54A6BEDE9F436D1BA5D830FC71739BE\nokbtmdm.inf
Windows Driver Package - Nokia Modem (10/12/2007 3.6) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokia_blue_0A5D98F754C6588B2E3DDE89DDEF097075ADFFB7\nokia_bluetooth.inf
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Presentation Foundation --> MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Workflow Foundation --> MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
WinZip --> "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
XML Paper Specification Shared Components Pack 1.0 -->
ZoneAlarm --> C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe
ZoneAlarm Spy Blocker --> rundll32 C:\PROGRA~1\ZONEAL~1\bar\1.bin\SpyBlock.dll,O


-- Application Event Log -------------------------------------------------------

Event Record #/Type1443 / Error
Event Submitted/Written: 04/30/2008 05:12:08 PM
Event ID/Source: 1000 / Microsoft Office 11
Event Description:
Faulting application outlook.exe, version 11.0.8118.0, stamp 456628bf, faulting module msmapi32.dll, version 11.0.8002.0, stamp 4373069d, debug? 0, fault address 0x00002500.

Event Record #/Type1436 / Warning
Event Submitted/Written: 04/29/2008 08:17:41 PM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Event Record #/Type1434 / Warning
Event Submitted/Written: 04/29/2008 07:57:23 PM
Event ID/Source: 1004 / MsiInstaller
Event Description:
Detection of product '{90110409-6000-11D3-8CFE-0150048383C9}', feature 'OfficeUserData', component '{4A31E933-6F67-11D2-AAA2-00A0C90F57B0}' failed. The resource 'HKEY_CURRENT_USER\Software\ODBC\ODBC.INI\MS Access Database\' does not exist.

Event Record #/Type1396 / Warning
Event Submitted/Written: 04/24/2008 11:04:30 PM
Event ID/Source: 0 / System.ServiceModel.Install 3.0.0.0
Event Description:
HTTP namespace reservations are not installed.

Event Record #/Type1395 / Warning
Event Submitted/Written: 04/24/2008 11:04:27 PM
Event ID/Source: 0 / System.ServiceModel.Install 3.0.0.0
Event Description:
A TransportConfiguration node does not exists in the system.web section for protocol msmq.formatname in C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Config\web.config.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type5896 / Error
Event Submitted/Written: 05/01/2008 08:56:59 PM / 05/01/2008 08:57:26 PM
Event ID/Source: 12294 / ati2mtag
Event Description:
CRT invalid display type

Event Record #/Type5874 / Error
Event Submitted/Written: 05/01/2008 04:51:51 PM / 05/01/2008 04:52:18 PM
Event ID/Source: 12294 / ati2mtag
Event Description:
CRT invalid display type

Event Record #/Type5852 / Error
Event Submitted/Written: 05/01/2008 00:02:42 AM / 05/01/2008 00:03:06 AM
Event ID/Source: 12294 / ati2mtag
Event Description:
CRT invalid display type

Event Record #/Type5830 / Error
Event Submitted/Written: 04/30/2008 11:03:51 PM / 04/30/2008 11:04:15 PM
Event ID/Source: 12294 / ati2mtag
Event Description:
CRT invalid display type

Event Record #/Type5810 / Warning
Event Submitted/Written: 04/30/2008 10:16:59 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.



-- End of Deckard's System Scanner: finished at 2008-05-01 21:44:15 ------------

BC AdBot (Login to Remove)

 


m

#2 pskelley

pskelley

  • Staff Emeritus
  • 1,487 posts
  • OFFLINE
  •  
  • Local time:01:11 PM

Posted 16 May 2008 - 04:19 PM

Welcome to Bleeping Computer, please be sure you have read and followed the
Preparation Guide For Use Before Posting A Hijackthis Log, Instructions for receiving help in cleaning your computer http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/
All advice given is taken at your own risk.

I apologise for the wait, there are just more logs that the volunteers can get to as fast as they would like. If your issues is not resolved, post a new HijackThis log using Add Reply and I will take a look. If I do not hear from you in a couple of days, I will assume you no longer need help and close the topic.

Thanks for your patience.
pskelley
BleepingComputer
MS-MVP Windows Security 2007-08
Proud Member ASAP
UNITE Member 2006




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users