Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Old Trojans, New Problems


  • This topic is locked This topic is locked
2 replies to this topic

#1 EcdrAceofSpades

EcdrAceofSpades

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:09:53 AM

Posted 14 May 2008 - 12:45 PM

Hello to all, and hopefully you guys can help me with this.

A couple of years ago, I got a trojan in this computer (work computer). I believe it was "trojan vundo" if I'm not mistake. Back then one of my IT friends helped me get rid of it using HijackThis. I can use his help now so I'm hoping for some feedback from you.

I didn't really have a problem running with this computer, except for the fact that is slower than it was before. But lately I've been getting messages form IE about being redirected to a non encrypted page. Now not only I never use IE, I only use Firefox with the No Script add-on but also no IE page is displayed when that message is displayed and on the Task manager menu it shows IE running in the background in the processes section. I have run Hijack this and I found a couple of .dll files with the "file missing" tag on them. Now I ran DSS and I got other entries besides the ones I got from Hijack This, and one of them is an old threat I remember seeing a couple of years ago.

Here are the log files from DSS:

This is the main.txt


Deckard's System Scanner v20071014.68
Run by Owner on 2008-05-14 13:00:53
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
29: 2008-05-14 17:01:11 UTC - RP333 - Deckard's System Scanner Restore Point
28: 2008-05-14 16:25:09 UTC - RP332 - Installed AVG 8.0
27: 2008-04-16 16:17:16 UTC - RP331 - Installed Adobe Reader 8.1.2
26: 2008-04-14 23:49:52 UTC - RP330 - Software Distribution Service 3.0
25: 2008-04-14 16:24:56 UTC - RP329 - Installed DirectX


-- First Restore Point --
1: 2007-12-31 23:54:22 UTC - RP305 - Installed HP Deskjet 9800


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 448 MiB (512 MiB recommended).


-- HijackThis (run as Owner.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:04:05 PM, on 5/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\MSSQL7\binn\sqlservr.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Linksys\WUSB300N\WLService.exe
C:\Program Files\Linksys\WUSB300N\WUSB300N.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\HP DVD\Umbrella\DVDTray.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\winlogan.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\MSSQL7\Binn\sqlmangr.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\interMute\SpamSubtract\SpamSub.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\csrssc.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgfws8.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Desktop\dss.exe
C:\DOCUME~1\Owner\Desktop\HIJACK~1\Owner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.earthlink.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink.net/partner/more/msie...ton/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nyc.gov/html/dob/html/home/home.shtml
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qus10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: C:\WINDOWS\system32\jfiehayd.dll - {c5af49a2-94f3-42bd-f434-2604812c897d} - C:\WINDOWS\system32\jfiehayd.dll
O3 - Toolbar: Pop-Up Blocker - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - C:\Program Files\EarthLink TotalAccess\PnEL.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [DVDTray] "C:\Program Files\HP DVD\Umbrella\DVDTray.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [XboxStat] "c:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [jdgf894jrghoiiskd] C:\DOCUME~1\Owner\LOCALS~1\Temp\winlogan.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcPro7_0_9 -reboot 1
O4 - HKCU\..\Run: [jdgf894jrghoiiskd] C:\DOCUME~1\Owner\LOCALS~1\Temp\winlogan.exe
O4 - HKCU\..\Run: [Jnskdfmf9eldfd] C:\DOCUME~1\Owner\LOCALS~1\Temp\csrssc.exe
O4 - HKLM\..\Policies\Explorer\Run: [isamonitor.exe] C:\Program Files\VideosCodec\isamonitor.exe
O4 - HKLM\..\Policies\Explorer\Run: [pmsngr.exe] C:\Program Files\VideosCodec\pmsngr.exe
O4 - .DEFAULT Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe (User 'Default user')
O4 - .DEFAULT Startup: PowerReg Scheduler V3.exe (User 'Default user')
O4 - .DEFAULT Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSub.exe (User 'Default user')
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSub.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Service Manager.lnk = C:\MSSQL7\Binn\sqlmangr.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0eb0e74a-2a76-4ab3-a7fb-9bd8c29f7f75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/u...can_unicode.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: awvvv - C:\WINDOWS\system32\awvvv.dll (file missing)
O20 - Winlogon Notify: pcfpoypf - pcfpoypf.dll (file missing)
O22 - SharedTaskScheduler: jhsf8d984jief8dsfus98jkefn - {C5AF49A2-94F3-42BD-F434-2604812C897D} - C:\WINDOWS\system32\jfiehayd.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: MD Simple Burner Service (NetMDSB) - Sony Corporation - C:\Program Files\Sony\MD Simple Burner\NetMDSB.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: WUSB300NSvc - Unknown owner - C:\Program Files\Linksys\WUSB300N\WLService.exe

--
End of file - 11973 bytes

-- HijackThis Fixed Entries (C:\DOCUME~1\Owner\Desktop\HIJACK~1\backups\) ------

backup-20080507-192848-235 O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
backup-20080507-192848-419 O24 - Desktop Component 1: (no name) - file:///C:/DOCUME~1/Owner/LOCALS~1/Temp/msoclip1/01/clip_image002.gif
backup-20080507-192848-434 O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/Owner/LOCALS~1/Temp/msoclip1/01/clip_image001.jpg
backup-20080507-193421-103 O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
backup-20080507-193421-640 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
backup-20080507-193421-836 R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
backup-20080507-193422-226 O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
backup-20080507-193422-966 O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab
backup-20080507-193423-419 O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
backup-20080507-193423-887 O16 - DPF: {CD494133-94B9-4C47-B280-1AD0BC8FA9F1} (TempestVideoStream Control) - http://24.199.125.95:5006/TempestVideoStream.cab

-- File Associations -----------------------------------------------------------

.scr - AutoCADScriptFile - shell\open\command - "C:\WINDOWS\notepad.exe" "%1"


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 CdaC15BA - c:\windows\system32\drivers\cdac15ba.sys <Not Verified; Macrovision Europe Ltd; Security Windows NT>
R2 DVDAccss - c:\windows\system32\drivers\dvdaccss.sys <Not Verified; Apple Computer, Inc.; DVDAccss Driver>
R2 elagopro (GoProto Protocol Driver for LELA) - c:\windows\system32\drivers\elagopro.sys <Not Verified; Gteko Ltd.; Gteko Diagnostics Network Module>
R2 elaunidr (UniDriver for LELA) - c:\windows\system32\drivers\elaunidr.sys <Not Verified; Gteko Ltd.; Gteko Diagnostics>
R2 GenPort - c:\windows\system32\drivers\genport.sys <Not Verified; 3Dfx Interactive, Inc.; Voodoo Graphics® port mapper for Windows® NT>
R2 MapMem - c:\windows\system32\drivers\mapmem.sys <Not Verified; 3Dfx Interactive, Inc.; Voodoo Graphics® Memory mapper for Windows® NT>
R2 NTRemap - c:\windows\system32\drivers\ntremap.sys <Not Verified; 3Dfx Interactive, Inc.; Voodoo Graphics® Board remapper for Windows® NT>
R3 mcdbus (Driver for MagicISO SCSI Host Controller) - c:\windows\system32\drivers\mcdbus.sys <Not Verified; MagicISO, Inc.; MagicISO SCSI Host Controller>
R3 RT73 (Belkin USB Network Adapter) - c:\windows\system32\drivers\rt73.sys <Not Verified; Ralink Technology, Corp.; Ralink 802.11 Wireless Adapters>
R3 SunkFilt (Alcor Micro Corp - 9360) - c:\windows\system32\drivers\sunkfilt.sys <Not Verified; Alcor Micro Corp.; SunkFilt>

S1 InCDPass - c:\windows\system32\drivers\incdpass.sys (file missing)
S1 InCDRm (InCD Reader) - c:\windows\system32\drivers\incdrm.sys (file missing)
S2 Ca536av (DV 4500(Video)) - c:\windows\system32\drivers\ca536av.sys (file missing)
S2 portD (CMS PortIO Service) - c:\windows\system32\drivers\portd2k.sys (file missing)
S3 ApiMon - c:\windows\system32\drivers\apimon.sys (file missing)
S3 EagleNT - c:\windows\system32\drivers\eaglent.sys (file missing)
S3 FXDRV - e:\fxdrv.sys (file missing)
S3 ialm - c:\windows\system32\drivers\ialmnt5.sys <Not Verified; Intel Corporation; Intel Graphics Accelerator Drivers for Windows NT®>
S3 NCHSSVAD (SoundTap Recorder) - c:\windows\system32\drivers\nchssvad.sys <Not Verified; NCH Swift Sound; NCH Swift Sound Virtual Audio Device>
S3 SaiH0006 - c:\windows\system32\drivers\saih0006.sys <Not Verified; Saitek; Configuration Software>
S3 SaiMini - c:\windows\system32\drivers\saimini.sys <Not Verified; Saitek; Configuration Software>
S3 SaiNtBus - c:\windows\system32\drivers\saibus.sys <Not Verified; Saitek; Configuration Software>
S3 Sunkfiltp (HP && Alcor Micro Corp for Phison) - c:\windows\system32\drivers\sunkfiltp.sys (file missing)
S3 USBCamera (DV 4500(Still)) - c:\windows\system32\drivers\bulk536.sys (file missing)
S4 InCDFs (InCD File System) - c:\windows\system32\drivers\incdfs.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 C-DillaCdaC11BA - c:\windows\system32\drivers\cdac11ba.exe <Not Verified; Macrovision; SafeCast Windows NT>
R2 WUSB300NSvc - "c:\program files\linksys\wusb300n\wlservice.exe" "wusb300n.exe" <Not Verified; ; WLService>

S4 iPod Service - "c:\program files\ipod\bin\ipodservice.exe" (file missing)


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: NVIDIA nForce MCP Networking Controller
Device ID: PCI\VEN_10DE&DEV_0066&SUBSYS_80A71043&REV_A1\3&267A616A&1&20
Manufacturer: Nvidia
Name: NVIDIA nForce MCP Networking Controller
PNP Device ID: PCI\VEN_10DE&DEV_0066&SUBSYS_80A71043&REV_A1\3&267A616A&1&20
Service: NVENET


-- Files created between 2008-04-14 and 2008-05-14 -----------------------------

2008-05-14 12:59:34 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-14 12:59:31 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-05-14 12:29:22 0 d-------- C:\WINDOWS\system32\drivers\Avg
2008-05-14 12:25:13 0 d-------- C:\Program Files\AVG
2008-05-14 12:25:10 0 d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-05-14 11:18:11 0 d-------- C:\WINDOWS\LastGood
2008-05-07 13:45:54 4096 --a------ C:\dbfxcprd.exe
2008-05-07 13:45:10 0 d-------- C:\Program Files\Helper
2008-05-07 13:44:40 2 --a------ C:\1691277138
2008-05-07 13:44:37 10000 --a------ C:\WINDOWS\system32\jfiehayd.dll
2008-05-07 13:44:32 66048 --a------ C:\ryseedt.exe
2008-04-16 15:46:49 0 d-------- C:\Documents and Settings\Owner\Application Data\acccore
2008-04-14 12:31:43 0 d-------- C:\Program Files\Eidos Interactive
2008-04-14 12:25:09 0 d-------- C:\Program Files\Microsoft Xbox 360 Accessories


-- Find3M Report ---------------------------------------------------------------

2008-05-06 19:39:15 0 d-------- C:\Documents and Settings\Owner\Application Data\AdobeUM
2008-05-01 20:07:23 0 d-------- C:\Documents and Settings\Owner\Application Data\Azureus
2008-04-30 19:54:43 0 d-------- C:\Program Files\Azureus
2008-04-28 11:21:04 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-04-23 11:10:34 0 d-------- C:\Program Files\Norton 360
2008-04-16 12:17:55 0 d-------- C:\Program Files\Common Files\Adobe
2008-04-16 12:15:35 7315 --a------ C:\WINDOWS\mozver.dat
2008-04-08 15:31:26 0 d-------- C:\Program Files\Autodesk Architectural Desktop 2007
2008-04-08 15:29:49 0 d-------- C:\Program Files\Common Files\Autodesk Shared
2008-04-08 11:51:21 0 d-------- C:\Program Files\AnswerWorks 4.0
2008-04-08 11:48:02 0 d-------- C:\Documents and Settings\Owner\Application Data\Autodesk
2008-04-08 11:45:36 0 d-------- C:\Program Files\Autodesk
2008-04-01 14:12:31 0 d-------- C:\Program Files\Winamp
2008-03-31 11:17:52 124928 -r-hs---- C:\WINDOWS\system32\kavo0.dll


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c5af49a2-94f3-42bd-f434-2604812c897d}]
05/07/2008 01:44 PM 10000 --a------ C:\WINDOWS\system32\jfiehayd.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [05/07/1998 08:04 PM]
"HPHUPD05"="c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [08/21/2003 07:23 AM]
"HPHmon05"="C:\WINDOWS\System32\hphmon05.exe" [08/21/2003 07:15 AM]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [11/03/2003 08:50 PM]
"Sunkist2k"="C:\Program Files\Multimedia Card Reader\shwicon2k.exe" [10/29/2003 11:17 AM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [01/10/2007 01:59 AM]
"DVDTray"="C:\Program Files\HP DVD\Umbrella\DVDTray.exe" [07/23/2003 11:41 AM]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [01/29/2008 06:38 PM]
"XboxStat"="c:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" [09/26/2007 06:05 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 10:16 PM]
"jdgf894jrghoiiskd"="C:\DOCUME~1\Owner\LOCALS~1\Temp\winlogan.exe" []
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [05/14/2008 12:29 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 12:24 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 03:56 AM]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" [03/30/2006 05:45 PM]
"jdgf894jrghoiiskd"="C:\DOCUME~1\Owner\LOCALS~1\Temp\winlogan.exe" []
"Jnskdfmf9eldfd"="C:\DOCUME~1\Owner\LOCALS~1\Temp\csrssc.exe" []

C:\Documents and Settings\Owner\Start Menu\Programs\Startup\
MagicDisc.lnk - C:\Program Files\MagicDisc\MagicDisc.exe [3/12/2008 2:07:29 PM]
PowerReg Scheduler V3.exe [8/29/2005 6:15:54 PM]
spamsubtract.lnk - C:\Program Files\interMute\SpamSubtract\SpamSub.exe [1/27/2004 6:26:18 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [4/6/2005 8:34:10 PM]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [9/16/2003 4:19:24 PM]
Service Manager.lnk - C:\MSSQL7\Binn\sqlmangr.exe [7/1/2004 9:30:27 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"isamonitor.exe"=C:\Program Files\VideosCodec\isamonitor.exe
"pmsngr.exe"=C:\Program Files\VideosCodec\pmsngr.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoFolderOptions"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{C5AF49A2-94F3-42BD-F434-2604812C897D}"= C:\WINDOWS\system32\jfiehayd.dll [05/07/2008 01:44 PM 10000]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awvvv]
C:\WINDOWS\system32\awvvv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pcfpoypf]
pcfpoypf.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
backup=C:\WINDOWS\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=C:\WINDOWS\pss\America Online 9.0 Tray Icon.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Compaq Connections.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Compaq Connections.lnk
backup=C:\WINDOWS\pss\Compaq Connections.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^DVD@ccess.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DVD@ccess.lnk
backup=C:\WINDOWS\pss\DVD@ccess.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk
backup=C:\WINDOWS\pss\Quicken Scheduled Updates.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Organize.lnk]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Organize.lnk
backup=C:\WINDOWS\pss\Organize.lnkStartup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
"C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
AGRSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor]
ALCXMNTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E6TaskPanel]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" -winstart

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
C:\Program Files\Common Files\AOL\1137626999\ee\AOLSoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
C:\HP\KBD\KBD.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
%systemroot%\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent]
"C:\Program Files\Microsoft Money\System\mnyexpr.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /installquiet /keeploaded /nodetect

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlaxoUpdate]
C:\Program Files\Plaxo\2.5.10.21\PlaxoHelper.exe -a

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Profiler]
C:\Program Files\Saitek\Software\Profiler.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PS2]
C:\WINDOWS\system32\ps2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RecordNow!]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\REGSHAVE]
C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
"C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SaiSmart]
C:\Program Files\Saitek\Software\SaiSmart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SsAAD.exe]
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
"C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
"C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcPro7_0_8 -reboot 1

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
VTTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinFixer2005]
"C:\Program Files\WinFixer 2005\uwfx5.exe" /min

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPodService"=3 (0x3)
"TapiSrv"=3 (0x3)
"Schedule"=2 (0x2)
"helpsvc"=2 (0x2)
"Fax"=3 (0x3)
"ERSvc"=2 (0x2)
"iPod Service"=3 (0x3)
"Adobe LM Service"=3 (0x3)
"WMPNetworkSvc"=3 (0x3)
"usnjsvc"=3 (0x3)
"rpcapd"=3 (0x3)
"PACSPTISVR"=3 (0x3)
"FastUserSwitchingCompatibility"=3 (0x3)
"AVG Anti-Spyware Guard"=2 (0x2)
"AOL ACS"=2 (0x2)


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0f70e37e-710c-11dc-95b7-00173f0019a8}]
AutoRun\command- L:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{43a599cc-816d-11db-94ca-00173f0051c1}]
AutoRun\command- K:\Installer.exe

*Newly Created Service* - COMHOST



-- End of Deckard's System Scanner: finished at 2008-05-14 13:05:46 ------------



and this is the extra.txt:


Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Athlon™ XP 3200+
Percentage of Memory in Use: 75%
Physical Memory (total/avail): 447.36 MiB / 111.2 MiB
Pagefile Memory (total/avail): 1058.21 MiB / 528.75 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1929.15 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 182.16 GiB total, 149.42 GiB free.
D: is Fixed (FAT32) - 4.14 GiB total, 0.6 GiB free.
E: is CDROM (No Media)
F: is CDROM (No Media)
G: is Removable (No Media)
H: is Removable (No Media)
I: is Removable (No Media)
J: is Removable (No Media)
K: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - ST3200822A - 186.31 GiB - 2 partitions
\PARTITION0 - Unknown - 4.15 GiB - D:
\PARTITION1 (bootable) - Installable File System - 182.16 GiB - C:

\\.\PHYSICALDRIVE2 - Generic USB CF Reader USB Device

\\.\PHYSICALDRIVE4 - Generic USB MS Reader USB Device

\\.\PHYSICALDRIVE1 - Generic USB SD Reader USB Device

\\.\PHYSICALDRIVE3 - Generic USB SM Reader USB Device



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

AntiVirusDisableNotify is set.
FirewallDisableNotify is set.

FW: Norton 360 v2007 (SYMANTEC Corporation)
AV: AVG Internet Security v8.0 (AVG Technologies) Outdated
AV: Norton 360 v2007 (SYMANTEC Corperation)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:America Online 9.0"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"="C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe:*:Disabled:TaskPanl"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
"C:\\Program Files\\Ratajik Software\\StationRipper\\StationRipperConsole.exe"="C:\\Program Files\\Ratajik Software\\StationRipper\\StationRipperConsole.exe:*:Enabled:StationRipperConsole"
"C:\\WINDOWS\\system32\\fxsclnt.exe"="C:\\WINDOWS\\system32\\fxsclnt.exe:*:Enabled:Microsoft Fax Console"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Disabled:America Online 9.0"
"C:\\Program Files\\Lionhead Studios Ltd\\Black & White\\runblack.exe"="C:\\Program Files\\Lionhead Studios Ltd\\Black & White\\runblack.exe:*:Disabled:lh"
"C:\\Program Files\\interMute\\SpamSubtract\\SpamSub.exe"="C:\\Program Files\\interMute\\SpamSubtract\\SpamSub.exe:*:Enabled:SpamSubtract"
"C:\\Program Files\\Google\\Apps\\Updater\\UPDATER.EXE"="C:\\Program Files\\Google\\Apps\\Updater\\UPDATER.EXE:*:Disabled:SC3UpdaterMFC"
"C:\\Program Files\\StreamRipper32\\StreamRipper32.exe"="C:\\Program Files\\StreamRipper32\\StreamRipper32.exe:*:Enabled:SRipper"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Disabled:AOL Instant Messenger"
"C:\\StubInstaller.exe"="C:\\StubInstaller.exe:*:Disabled:LimeWire swarmed installer"
"C:\\Program Files\\Compaq Connections\\1940576\\Program\\BackWeb-1940576.exe"="C:\\Program Files\\Compaq Connections\\1940576\\Program\\BackWeb-1940576.exe:*:Disabled:BackWeb-1940576"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Disabled:Yahoo! FT Server"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Disabled:Yahoo! Messenger"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\Common Files\\AOL\\1137626999\\ee\\aolsoftware.exe"="C:\\Program Files\\Common Files\\AOL\\1137626999\\ee\\aolsoftware.exe:*:Enabled:AOL Services"
"C:\\Program Files\\Common Files\\AOL\\1137626999\\ee\\aim6.exe"="C:\\Program Files\\Common Files\\AOL\\1137626999\\ee\\aim6.exe:*:Enabled:AIM"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\AIM\\AIM Pro\\aimpro.exe"="C:\\Program Files\\AIM\\AIM Pro\\aimpro.exe:*:Enabled:AIM Pro"
"C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus"
"C:\\Program Files\\Autodesk Architectural Desktop 2007\\adskflex.exe"="C:\\Program Files\\Autodesk Architectural Desktop 2007\\adskflex.exe:*:Enabled:adskflex"
"C:\\Program Files\\Autodesk Architectural Desktop 2007\\lmgrd.exe"="C:\\Program Files\\Autodesk Architectural Desktop 2007\\lmgrd.exe:*:Enabled:lmgrd"
"C:\\Program Files\\Autodesk Architectural Desktop 2007\\lmtools.exe"="C:\\Program Files\\Autodesk Architectural Desktop 2007\\lmtools.exe:*:Enabled:lmtools"
"C:\\Program Files\\Autodesk Architectural Desktop 2007\\acad.exe"="C:\\Program Files\\Autodesk Architectural Desktop 2007\\acad.exe:*:Enabled:acad"
"C:\\Program Files\\uTorrent\\utorrent.exe"="C:\\Program Files\\uTorrent\\utorrent.exe:*:Disabled:µTorrent"
"C:\\Documents and Settings\\Owner\\Desktop\\utorrent.exe"="C:\\Documents and Settings\\Owner\\Desktop\\utorrent.exe:*:Disabled:µTorrent"
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"="C:\\Program Files\\AVG\\AVG8\\avgupd.exe:*:Enabled:avgupd.exe"
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"="C:\\Program Files\\AVG\\AVG8\\avgemc.exe:*:Enabled:avgemc.exe"
"C:\\Program Files\\AVG\\AVG8\\avgnsx.exe"="C:\\Program Files\\AVG\\AVG8\\avgnsx.exe:*:Enabled:avgnsx.exe"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Owner\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=COMPAQPRESARIO
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Owner
LOGONSERVER=\\COMPAQPRESARIO
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\PROGRA~1\MOZILL~1;C:\Program Files\Mozilla Firefox;C:\Documents and Settings\Owner\Desktop\HiJackThis;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;c:\Python22;C:\Program Files\Common Files\Autodesk Shared\;C:\MSSQL7\BINN;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\GTK\2.0\bin;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 10 Stepping 0, AuthenticAMD
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0a00
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
TMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
USERDOMAIN=COMPAQPRESARIO
USERNAME=Owner
USERPROFILE=C:\Documents and Settings\Owner
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Owner (admin)
Administrator (new local, admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
--> C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> C:\WINDOWS\System32\\MSIEXEC.EXE /I {09DA4F91-2A09-4232-AB8C-6BC740096DE3} REMOVE=UpdateMgrFeature
--> c:\WINDOWS\System32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
--> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
--> C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
--> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> C:\WINDOWS\UNRecode.exe /UNINSTALL
--> Dummy
--> RUNDLL32.EXE C:\WINDOWS\System32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2572
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
AC3Filter (remove only) --> C:\Program Files\AC3Filter\uninstall.exe
Adobe Acrobat 7.0.9 Professional --> msiexec /I {AC76BA86-1033-0000-7760-000000000002}
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Agere Systems PCI Soft Modem --> agrsmdel
AIM Pro --> MsiExec.exe /X{D3A04D2F-28C4-4D9C-8487-DAB75992AE09}
AOL Uninstaller (Choose which Products to Remove) --> C:\Program Files\Common Files\AOL\uninstaller.exe
AppCore --> MsiExec.exe /I{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
AutoCAD 2004 --> MsiExec.exe /I{5783F2D7-0201-0409-0002-0060B0CE6BBA}
Autodesk DWF Viewer --> C:\PROGRA~1\Autodesk\AUTODE~1\Setup.exe /remove /q0
AV --> MsiExec.exe /I{F4DB525F-A986-4249-B98B-42A8066251CA}
AVG 8.0 --> C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
Azureus Vuze --> C:\Program Files\Azureus\uninstall.exe
Blazon --> C:\Blazon\Setup.EXE /Clean
ccCommon --> MsiExec.exe /I{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter --> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DOB PC Filing --> C:\WINDOWS\uninst.exe -f"C:\Program Files\NYCDOB\DOB PC Filing\DeIsL1.isu" -c"C:\Program Files\NYCDOB\DOB PC Filing\_ISREG32.DLL"
Drivers Install For Linksys Easylink Advisor --> MsiExec.exe /I{A1960A82-DB70-474D-A86B-FA74466103C6}
DVD@ccess 2.0.3 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2B34414C-14FB-11D6-A329-0050045C24B2}\Setup.exe" -l0x9
EarthLink FastLane --> MsiExec.exe /X{50915408-4940-4C36-B4CC-0D9944FA4C59}
EarthLink TotalAccess 2003 --> C:\Program Files\EarthLink TotalAccess\uninstll.exe /UC:\Program Files\EarthLink TotalAccess\setupmisc.cfg
EAX™ Unified (SHELL) --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative Labs\EAX™ Unified (SHELL)\Uninst.isu"
GearDrvs --> MsiExec.exe /I{228F6876-A313-40A3-91C0-C3CBE6997D09}
Google Earth --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9 -removeonly
Google SketchUp 6 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{98736A65-3C79-49EC-B7E9-A3C77774B0E6}\setup.exe" -l0x9 -removeonly
Google SketchUp 6 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B3D8B2F8-3C2C-45BC-933E-8B60E78F6684}\setup.exe" -l0x9 -removeonly
Google Video Player --> "C:\Program Files\Google\Google Video Player\Uninstall.exe"
GTK+ 2.10.6 runtime environment --> "C:\Program Files\Common Files\GTK\2.0\setup\unins000.exe"
Hackman Hex Editor --> "C:\Program Files\Hackman\Uninstall.exe" "C:\Program Files\Hackman\install.log"
Handbrake 2.4.1 --> C:\Program Files\Handbrake\uninst.exe
HijackThis 2.0.2 --> "C:\Documents and Settings\Owner\Desktop\HiJackThis\HijackThis.exe" /uninstall
Hitman: Contracts --> C:\PROGRA~1\Eidos\HITMAN~1\UNWISE.EXE C:\PROGRA~1\Eidos\HITMAN~1\INSTALL.LOG
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
HP Deskjet 9800 --> msiexec /x{CE33EC58-5DFB-4560-9D33-1E7942E0554F}
HP Deskjet 9800 Series --> C:\Program Files\Hewlett-Packard\hp deskjet 9800 series\Installer\setup.exe /x
HP Deskjet Preloaded Printer Drivers --> MsiExec.exe /X{F419D20A-7719-4639-8E30-C073A040D878}
HP Image Zone 3.5 --> C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Photo & Imaging 3.5 - HP Devices --> C:\Program Files\HP\Digital Imaging\{15B9DC72-73F9-4d99-9E28-848D66DA8D99}\setup\hpzscr01.exe -datfile hpiscr01.dat
HP PSC & OfficeJet 3.0 --> "C:\Program Files\HP\Digital Imaging\{F38FA38A-7E5A-4209-88ED-4DE21CD20EEF}\setup\hpzscr01.exe" -datfile hposcr03.dat
HP Software Update --> MsiExec.exe /X{34957B51-9676-41CE-9E52-44AE91B73F1C}
IntelliMover Data Transfer Demo --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{14589F05-C658-4594-9429-D437BA688686}\Setup.exe" -l0x9
InterActual Player --> C:\Program Files\InterActual\InterActual Player\inuninst.exe
InterVideo WinDVD Creator 2 --> "C:\Program Files\InstallShield Installation Information\{2FCE4FC5-6930-40E7-A4F1-F862207424EF}\setup.exe" REMOVEALL
InterVideo WinDVD Player --> "C:\Program Files\InstallShield Installation Information\{98E8A2EF-4EAE-43B8-A172-74842B764777}\setup.exe" REMOVEALL
J2SE Runtime Environment 5.0 Update 10 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
J2SE Runtime Environment 5.0 Update 11 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
Java 2 Runtime Environment, SE v1.4.2_03 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030}
Java™ 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Kaspersky Online Scanner --> C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
LimeWire 4.14.8 --> "C:\Program Files\LimeWire\uninstall.exe"
Linksys Wireless-N USB Network Adapter WUSB300N --> C:\Program Files\InstallShield Installation Information\{DCD3471D-4DDA-4DC2-8B9F-A662D0C362AC}\setup.exe -runfromtemp -l0x0009 -removeonly
LiveUpdate 3.2 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
LiveUpdate Notice (Symantec Corporation) --> MsiExec.exe /X{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}
Macromedia Flash Player 8 --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\swflash.inf,DefaultUninstall,5
Macromedia Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Magic ISO Maker v5.4 (build 0256) --> C:\PROGRA~1\MagicISO\UNWISE.EXE C:\PROGRA~1\MagicISO\INSTALL.LOG
MagicDisc 2.6.93 --> C:\PROGRA~1\MAGICD~1\UNWISE.EXE C:\PROGRA~1\MAGICD~1\INSTALL.LOG
MD Simple Burner 2.0.04 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{47E09785-B2FB-11D5-B8EE-00B0D0D26B88}\Setup.exe" -l0x9 UNINSTALL
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Data Access Components KB870669 --> C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 --> "C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft Office 2000 Disc 2 --> MsiExec.exe /I{00040409-78E1-11D2-B60F-006097C998E7}
Microsoft Office 2000 Professional --> MsiExec.exe /I{00010409-78E1-11D2-B60F-006097C998E7}
Microsoft Office Standard Edition 2003 --> MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9}
Microsoft Text-to-Speech Engine 4.0 (English) --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msTTS.inf, Uninstall
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual J# .NET Redistributable Package 1.1 --> MsiExec.exe /X{1A655D51-1423-48A3-B748-8F5A0BE294C8}
Microsoft WinUsb 1.0 --> "C:\WINDOWS\$NtUninstallwinusb0100$\spuninst\spuninst.exe"
Microsoft Works 2000 --> MsiExec.exe /I{56364334-9530-11D2-BFFC-00C04FA329AA}
Microsoft Works 7.0 --> MsiExec.exe /I{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}
Microsoft Xbox 360 Accessories 1.1 --> MsiExec.exe /X{66F0AC35-4805-44BC-A3D4-347D4196F9B3}
Mozilla Firefox (2.0.0.10) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSDE --> C:\WINDOWS\IsUninst.exe -fC:\MSSQL7\Uninst.isu -c"C:\MSSQL7\sqlsun.dll" -msql70.mif
MSN Music Assistant --> rundll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msninst.inf,Uninstall
Multimedia Card Reader --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{EF9967D8-1999-4260-ACC2-86901AA36650}
Music Visualizer Library 1.4.00 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3B24B725-D81F-442D-8CE5-2AF05A4A4CC9}\Setup.exe" -l0x9
Native Instruments Traktor DJ Studio 3 --> C:\PROGRA~1\NATIVE~1\TRAKTO~1\UNWISE.EXE C:\PROGRA~1\NATIVE~1\TRAKTO~1\INSTALL.LOG
Nero 7 Demo --> MsiExec.exe /I{84B2CF01-194D-2284-B313-F2E0D78D1033}
Netscape Browser (remove only) --> "C:\Program Files\Netscape\Netscape Browser\NSUninst.exe"
Norton 360 --> MsiExec.exe /I{21829177-4DED-4209-AD08-490B3AC9C01A}
Norton 360 --> MsiExec.exe /I{2D617065-1C52-4240-B5BC-C0AE12157777}
Norton 360 --> MsiExec.exe /I{63A6E9A9-A190-46D4-9430-2DB28654AFD8}
Norton 360 (Symantec Corporation) --> "C:\Program Files\Common Files\Symantec Shared\SymSetup\{2D617065-1C52-4240-B5BC-C0AE12157777}_1_0_0_184\{2D617065-1C52-4240-B5BC-C0AE12157777}.exe" /X
Norton 360 Help --> MsiExec.exe /I{1CA941F1-5006-487E-9FD4-09F812A7D6B8}
Norton Confidential Browser Component --> MsiExec.exe /I{4843B611-8FCB-4428-8C23-31D0A5EAE164}
Norton Confidential Web Authentification Component --> MsiExec.exe /I{3074EB89-1BCA-4AEF-AFF4-EFB4634C1923}
Norton Confidential Web Protection Component --> MsiExec.exe /I{D353CC51-430D-4C6F-9B7E-52003DA1E05A}
NVIDIA Display Driver --> C:\WINDOWS\System32\nvudisp.exe Uninstall C:\WINDOWS\System32\nvdisp.nvu,NVIDIA Display Driver
NVIDIA Drivers --> C:\WINDOWS\system32\nvuaudio.exe UninstallGUI
NVIDIA Ethernet Driver --> C:\WINDOWS\System32\nvuenet.exe Uninstall C:\WINDOWS\System32\Nvenet.nvu,NVIDIA Ethernet Driver
NVIDIA GART Driver --> C:\WINDOWS\System32\nvugart.exe Uninstall C:\WINDOWS\System32\Nvgart.nvu,NVIDIA GART Driver
Oni --> C:\WINDOWS\unvise32.exe c:\program files\america online 9.0\cool\uninstal.log
OpenMG AAC Add-on Module 1.0.00 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1150\INTEL3~1\IDriver.exe /M{23BE930B-6AC4-4D0D-B5C3-03062A2BF2A3} UNINSTALL
OpenMG Limited Patch 4.5-06-05-12-01 --> C:\Program Files\Common Files\Sony Shared\OpenMG\HotFixes\HotFix4.5-06-05-12-01\HotFixSetup\setup.exe /u
OpenMG Secure Module 4.5.01 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1150\INTEL3~1\IDriver.exe /M{3633BA28-67CE-4AC8-A677-3406CA84C3D8} UNINSTALL
Photosmart 140,240,7200,7600,7700,7900 Series --> C:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\setup\hpzscr01.exe -datfile hphscr01.dat
PSP Video 9 2.25 --> C:\Program Files\Red Kawa\Video Converter\uninstaller.exe
Python 2.2 combined Win32 extensions --> C:\Python22\Lib\SITE-P~1\UNWISE~1.EXE C:\Python22\Lib\SITE-P~1\w32inst.log
Python 2.2.1 --> C:\Python22\UNWISE.EXE C:\Python22\INSTALL.LOG
QuickTime --> MsiExec.exe /I{BFD96B89-B769-4CD6-B11E-E79FFD46F067}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
RecordNow! --> MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
SafeCast Shared Components --> C:\Program Files\Common Files\Macrovision Shared\SafeCast\Install\CDAC13BA.EXE /uninstall
Safety Alerter 2006 --> C:\DOCUME~1\Owner\LOCALS~1\Temp\laf44C.tmp /del
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
SONAR 6 Producer Edition --> "C:\Program Files\Cakewalk\SONAR 6 Producer Edition\unins000.exe"
Sonic Update Manager --> MsiExec.exe /I{09DA4F91-2A09-4232-AB8C-6BC740096DE3}
SonicStage 4.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A0EB195B-5876-48E6-879D-33D4B2102610}\setup.exe" -l0x9 UNINSTALL -removeonly
SpamSubtract --> C:\PROGRA~1\INTERM~1\SPAMSU~1\UNWISE.EXE /U C:\PROGRA~1\INTERM~1\SPAMSU~1\INSTALL.LOG
SPBBC 32bit --> MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
StationRipper 2.71 --> C:\PROGRA~1\RATAJI~1\StationRipper\uninstall-StationRipper.exe
SuppSoft --> MsiExec.exe /I{022DA2C3-81C7-4003-A6BC-1BB147B20097}
Symantec Technical Support Controls --> MsiExec.exe /I{92B1B3CC-EC78-45B8-96D0-8B3F11495864}
SymNet --> MsiExec.exe /I{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}
The GIMP 2.2.13 --> "C:\Program Files\GIMP-2.0\unins000.exe"
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Visio® Network Equipment --> C:\WINDOWS\uninst.exe -f"C:\Program Files\Visio\DeIsL1.isu"
Winamp --> "C:\Program Files\Winamp\UninstWA.exe"
Windows Easy Transfer --> "C:\WINDOWS\$NtUninstallWETCable$\spuninst\spuninst.exe"
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type34947 / Error
Event Submitted/Written: 05/14/2008 11:15:46 AM
Event ID/Source: 1001 / SQLCTR70
Event Description:
Cannot open the Registry Key.

Event Record #/Type34887 / Error
Event Submitted/Written: 05/13/2008 11:17:13 AM
Event ID/Source: 1001 / SQLCTR70
Event Description:
Cannot open the Registry Key.

Event Record #/Type34859 / Error
Event Submitted/Written: 05/07/2008 07:38:04 PM
Event ID/Source: 1001 / SQLCTR70
Event Description:
Cannot open the Registry Key.

Event Record #/Type34794 / Error
Event Submitted/Written: 05/07/2008 11:17:25 AM
Event ID/Source: 1001 / SQLCTR70
Event Description:
Cannot open the Registry Key.

Event Record #/Type34761 / Error
Event Submitted/Written: 05/06/2008 06:55:38 PM
Event ID/Source: 1001 / SQLCTR70
Event Description:
Cannot open the Registry Key.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type166419 / Error
Event Submitted/Written: 05/14/2008 01:02:47 PM
Event ID/Source: 7001 / Service Control Manager
Event Description:
The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error:
%%1058

Event Record #/Type166418 / Error
Event Submitted/Written: 05/14/2008 01:02:47 PM
Event ID/Source: 7001 / Service Control Manager
Event Description:
The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error:
%%1058

Event Record #/Type166417 / Error
Event Submitted/Written: 05/14/2008 01:02:46 PM
Event ID/Source: 7001 / Service Control Manager
Event Description:
The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error:
%%1058

Event Record #/Type166416 / Error
Event Submitted/Written: 05/14/2008 01:02:46 PM
Event ID/Source: 7001 / Service Control Manager
Event Description:
The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error:
%%1058

Event Record #/Type166415 / Error
Event Submitted/Written: 05/14/2008 01:02:46 PM
Event ID/Source: 7001 / Service Control Manager
Event Description:
The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error:
%%1058



-- End of Deckard's System Scanner: finished at 2008-05-14 13:05:46 ------------



I hope I can get some help in this. I'm not the only one using this computer. But I am responsible for it since I work on it 95% of the time is on.

I really appreciate your feedback and your time.

BC AdBot (Login to Remove)

 


#2 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:08:53 AM

Posted 30 May 2008 - 10:42 PM

Hello EcdrAceofSpades,

Welcome to Bleeping Computer :)

Sorry about the delay.:thumbsup: If you still need help, please post a new HijackThis log to make sure nothing has changed, and I'll be happy to look at it for you.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#3 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:08:53 AM

Posted 15 June 2008 - 02:54 PM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users