Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Popups And Weird Dll Error On Bootup


  • Please log in to reply
1 reply to this topic

#1 abryenton82

abryenton82

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:26 PM

Posted 16 May 2008 - 10:36 PM

Hey guys,

Lately i've been getting a soaring amount of popups while doing stuff on my PC. I booted into safemode and ran my McAfee and Maleware Bytes. Both programs picked up stuff, so I proceeded to delete them and reboot.

Now i'm getting some weird .DLL error when I boot up and the popups are less frequent but I am still getting them.

Any help would be appreciated. My DSS & Hijackthis log is posted below.

Thanks in advance!

Aaron

Deckard's System Scanner v20071014.68
Run by Nitro on 2008-05-17 00:31:00
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

System Restore is disabled; attempting to re-enable...success.


-- Last 1 Restore Point(s) --
1: 2008-05-17 03:31:04 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Nitro.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:33:01 AM, on 5/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
M:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\VirusScan\McShield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Documents and Settings\Nitro\Local Settings\Temporary Internet Files\Content.IE5\ILZCWWU5\dss[1].exe
C:\HJT\Nitro.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.forceunleashed.org/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: {493dae39-38cd-7b6a-cc54-3a2a7192160f} - {f0612917-a2a3-45cc-a6b7-dc8393ead394} - C:\WINDOWS\system32\dwsxleot.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - M:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "M:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [9080733a] rundll32.exe "C:\WINDOWS\system32\hslagqnt.dll",b
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DriverUpdaterPro] C:\Program Files\XPC Tools\Driver Updater Pro\DriverUpdaterPro.exe -t
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = M:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: Append to existing PDF - res://M:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://M:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://M:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://M:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://M:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://M:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://M:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://M:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://plugin.driveragent.com/files/driveragent.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe

--
End of file - 11416 bytes

-- File Associations -----------------------------------------------------------

.js - jsfile - DefaultIcon - "M:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe",7
.js - jsfile - shell\open\command - "M:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe","%1"
.reg - regfile - shell\open\command - regedit.exe "%1" %*
.scr - scrfile - shell\open\command - "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>
R3 NVR0Dev - c:\windows\nvoclock.sys <Not Verified; NVidia Corp.; NVidia System Utility Driver>
R3 pcouffin (VSO Software pcouffin) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>

S3 TVICHW32 - c:\windows\system32\drivers\tvichw32.sys <Not Verified; EnTech Taiwan; TVicHW32 Generic Device Driver for Windows 95/98/ME/NT/2000/2003/XP/XP64>
S3 UIUSys (Conexant Setup API) - c:\windows\system32\drivers\uiusys.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Bonjour Service (##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##) - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Computer, Inc.; Bonjour>
R2 Nero BackItUp Scheduler 3 - c:\program files\nero\nero8\nero backitup\nbservice.exe
R2 nTuneService (nTune Service) - c:\program files\nvidia corporation\ntune\ntuneservice.exe /startservice <Not Verified; NVIDIA; NVIDIA nTune>
R3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: eHome Infrared Transceiver
Device ID: USB\VID_1784&PID_0006\TS000AZY
Manufacturer:
Name: eHome Infrared Transceiver
PNP Device ID: USB\VID_1784&PID_0006\TS000AZY
Service:


-- Scheduled Tasks -------------------------------------------------------------

2008-05-15 01:07:21 340 --a------ C:\WINDOWS\Tasks\McDefragTask.job
2008-05-01 01:17:02 332 --a------ C:\WINDOWS\Tasks\McQcTask.job


-- Files created between 2008-04-17 and 2008-05-17 -----------------------------

2008-05-17 00:24:27 0 d-------- C:\HJT
2008-05-17 00:16:31 0 d-------- C:\Program Files\Microsoft Works
2008-05-17 00:16:21 0 d-------- C:\Program Files\MSBuild
2008-05-17 00:15:16 0 d-------- C:\Program Files\Microsoft.NET
2008-05-17 00:13:16 0 d-------- C:\Program Files\Microsoft Visual Studio 8
2008-05-17 00:12:31 0 d-------- C:\WINDOWS\SHELLNEW
2008-05-17 00:12:11 0 d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-05-17 00:11:51 0 dr-h----- C:\MSOCache
2008-05-16 03:57:10 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-05-15 20:53:45 0 d-------- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2008-05-15 19:53:12 0 d-------- C:\Documents and Settings\All Users\Application Data\PC Drivers Headquarters
2008-05-15 19:49:56 0 d-------- C:\Program Files\PC Drivers HeadQuarters
2008-05-15 19:37:30 2048 --a------ C:\WINDOWS\system32\yualryip.exe
2008-05-15 19:37:04 133120 --a------ C:\WINDOWS\system32\dwsxleot.dll
2008-05-15 19:33:31 1160 --a------ C:\WINDOWS\mozver.dat
2008-05-15 15:28:18 0 d-------- C:\Documents and Settings\Administrator\Application Data\Mozilla
2008-05-15 15:21:51 0 d-------- C:\Documents and Settings\Administrator\Application Data\Nero
2008-05-15 15:21:27 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-05-15 15:21:27 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-05-15 15:21:27 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-05-15 15:21:27 0 d--h----- C:\Documents and Settings\Administrator\Recent
2008-05-15 15:21:27 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-05-15 15:21:27 786432 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-05-15 15:21:27 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-05-15 15:21:27 0 d-------- C:\Documents and Settings\Administrator\My Documents
2008-05-15 15:21:27 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-05-15 15:21:27 0 d-------- C:\Documents and Settings\Administrator\Favorites
2008-05-15 15:21:27 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-05-15 15:21:27 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2008-05-15 15:21:27 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-05-15 15:21:27 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-05-15 01:52:46 0 d-------- C:\WINDOWS\Application Data
2008-05-15 00:16:41 326368 --a------ C:\amt1
2008-05-15 00:14:35 520192 --a------ C:\WINDOWS\system32\wscma2u.exe <Not Verified; YAMAHA CORPORATION; WSC-MA2 (UTF-8)>
2008-05-15 00:14:35 278528 --a------ C:\WINDOWS\system32\ammpp.dll
2008-05-15 00:14:35 65536 --a------ C:\WINDOWS\system32\a1.dll
2008-05-15 00:14:34 0 d-------- C:\Program Files\AnMing
2008-05-15 00:08:08 102400 --a------ C:\WINDOWS\system32\cwsmaf40.dll
2008-05-15 00:08:08 511488 --a------ C:\WINDOWS\system32\cwmdtl50a.dll
2008-05-15 00:08:08 0 d-------- C:\Program Files\Coding Workshop Ringtone Converter
2008-05-14 22:35:11 0 d-------- C:\WINDOWS\system32\appmgmt
2008-05-12 20:02:11 0 d-------- C:\Documents and Settings\Nitro\Application Data\CSOdessa
2008-05-12 20:01:24 0 d-------- C:\Program Files\CS Odessa
2008-05-11 15:22:19 0 d-------- C:\WINDOWS\system32\QuickTime
2008-05-11 15:22:12 0 d-------- C:\Documents and Settings\All Users\Application Data\TechSmith
2008-05-11 15:22:02 0 d-------- C:\Program Files\Common Files\TechSmith Shared
2008-05-11 15:21:59 0 d-------- C:\Program Files\TechSmith
2008-05-10 21:57:23 0 d-------- C:\Program Files\EDraw Max
2008-05-10 20:29:16 0 d-------- C:\WINDOWS\system32\URTTemp
2008-05-10 20:26:17 0 d-------- C:\Program Files\GameHouse
2008-05-10 19:42:51 0 d-------- C:\Program Files\IGC
2008-05-10 18:52:53 0 d-------- C:\Documents and Settings\Nitro\Application Data\Apple Computer
2008-05-10 18:50:52 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-05-10 18:50:40 0 d-------- C:\Program Files\Apple Software Update
2008-05-10 18:50:40 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-05-10 17:13:23 0 d-------- C:\Documents and Settings\Nitro\Application Data\DivX
2008-05-10 17:12:49 0 d-------- C:\Program Files\DivX
2008-05-09 00:04:01 0 d-------- C:\Program Files\IMSI
2008-05-08 23:58:49 0 d-------- C:\Program Files\MagicISO
2008-05-08 20:55:39 0 d-------- C:\Program Files\eToro
2008-05-08 20:08:27 669184 --a------ C:\WINDOWS\system32\pbsvc.exe
2008-05-08 19:50:18 0 d-------- C:\WINDOWS\system32\LogFiles
2008-05-06 22:15:14 0 --a------ C:\WINDOWS\nsreg.dat
2008-05-06 22:15:11 0 d-------- C:\Documents and Settings\Nitro\Application Data\Mozilla
2008-05-01 21:22:13 0 d--hs---- C:\WINDOWS\ftpcache
2008-04-30 23:39:48 0 d-------- C:\Documents and Settings\Nitro\Application Data\HP
2008-04-30 23:26:38 0 d-------- C:\Documents and Settings\All Users\Application Data\HP
2008-04-30 23:25:05 0 d-------- C:\Program Files\Common Files\HP
2008-04-30 23:23:30 0 d-------- C:\Program Files\Hewlett-Packard
2008-04-30 23:23:05 0 d-------- C:\Program Files\Common Files\Hewlett-Packard
2008-04-30 23:18:57 117132 --a------ C:\WINDOWS\hpoins11.dat
2008-04-30 22:58:17 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-30 22:43:48 306688 --a------ C:\WINDOWS\IsUninst.exe <Not Verified; InstallShield Software Corporation; InstallShield® unInstaller>
2008-04-30 00:54:01 0 d-------- C:\Documents and Settings\Nitro\Application Data\Microsoft Games
2008-04-28 23:51:06 0 d-------- C:\Documents and Settings\Nitro\System
2008-04-28 23:51:06 0 d-------- C:\Documents and Settings\Nitro\Application Data\SmartDraw
2008-04-28 23:38:31 0 d-------- C:\Program Files\SmartDraw 2008
2008-04-26 19:54:36 0 d-------- C:\Program Files\Common Files\Control Panels
2008-04-26 19:51:51 0 d-------- C:\Documents and Settings\All Users\Application Data\ALM
2008-04-26 19:44:52 0 d-------- C:\Program Files\QuickTime
2008-04-26 19:37:30 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2008-04-26 19:33:46 0 d-------- C:\Program Files\Bonjour
2008-04-26 19:23:37 0 d-------- C:\Program Files\Common Files\Macrovision Shared
2008-04-25 19:40:43 0 d-------- C:\Program Files\VID_0E8F&PID_0003
2008-04-25 18:43:36 0 d-------- C:\Program Files\Notepad++
2008-04-25 18:43:36 0 d-------- C:\Documents and Settings\Nitro\Application Data\Notepad++
2008-04-25 18:01:00 0 d-------- C:\Documents and Settings\Nitro\Contacts
2008-04-25 17:51:23 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-04-25 17:51:17 0 d-------- C:\Program Files\Windows Live
2008-04-25 17:51:10 0 d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-04-24 23:16:55 0 d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-04-24 22:57:08 0 d-------- C:\Program Files\Common Files\Adobe
2008-04-24 20:10:02 0 d-------- C:\Program Files\Microsoft Plus!
2008-04-24 19:25:01 0 d-------- C:\Documents and Settings\Nitro\Application Data\Malwarebytes
2008-04-24 19:24:57 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-24 13:22:41 100416 -----n--- C:\WINDOWS\system32\vornqloi.dll
2008-04-24 01:31:24 0 d-------- C:\Documents and Settings\All Users\Application Data\vsosdk
2008-04-23 21:27:13 0 d-------- C:\Documents and Settings\Nitro\Application Data\Nero
2008-04-23 21:24:41 0 d-------- C:\Program Files\Nero
2008-04-23 21:24:41 0 d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-04-23 21:24:40 0 d-------- C:\Program Files\Common Files\Nero
2008-04-23 19:51:50 0 d-------- C:\Program Files\Trend Micro
2008-04-23 19:20:55 0 d-------- C:\Documents and Settings\LocalService\Desktop
2008-04-23 19:20:55 0 d-------- C:\Documents and Settings\LocalService\Application Data\SiteAdvisor
2008-04-23 19:20:53 0 d-------- C:\Program Files\SiteAdvisor
2008-04-23 19:20:53 0 d-------- C:\Documents and Settings\Nitro\Application Data\SiteAdvisor
2008-04-23 19:20:53 0 d-------- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-04-23 19:19:42 0 d-------- C:\Program Files\McAfee.com
2008-04-23 19:19:39 0 d-------- C:\Program Files\Common Files\McAfee
2008-04-23 19:19:37 0 d-------- C:\Program Files\McAfee
2008-04-23 19:14:48 0 d-------- C:\WINDOWS\RegisteredPackages
2008-04-23 19:11:21 0 d-------- C:\Program Files\Winamp
2008-04-23 19:11:21 0 d-------- C:\Documents and Settings\Nitro\Application Data\Winamp
2008-04-23 19:07:50 47360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
2008-04-23 19:07:50 47360 --a------ C:\Documents and Settings\Nitro\Application Data\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
2008-04-23 19:07:49 0 d-------- C:\Documents and Settings\Nitro\Application Data\Vso
2008-04-23 19:07:47 217127 --a------ C:\WINDOWS\system32\drv43260.dll <Not Verified; RealNetworks, Inc.; RealVideo 9 (32-bit)>
2008-04-23 19:07:47 208935 --a------ C:\WINDOWS\system32\drv33260.dll <Not Verified; RealNetworks, Inc.; RealVideo 8 (32-bit)>
2008-04-23 19:07:47 176165 --a------ C:\WINDOWS\system32\drv23260.dll <Not Verified; RealNetworks, Inc.; RealVideo G2 (32-bit)>
2008-04-23 19:07:46 0 d-------- C:\Program Files\VSO
2008-04-23 18:52:02 0 d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2008-04-23 18:49:04 0 d-------- C:\Program Files\PowerISO
2008-04-23 18:48:08 0 d-------- C:\Documents and Settings\Nitro\Application Data\WinRAR
2008-04-23 10:52:49 97856 -----n--- C:\WINDOWS\system32\sgxtvvjh.dll
2008-04-23 01:47:53 0 d-------- C:\Documents and Settings\Nitro\Application Data\GlobalSCAPE
2008-04-23 01:47:46 0 d-------- C:\Program Files\GlobalSCAPE
2008-04-23 01:20:02 0 d-------- C:\swsetup
2008-04-23 01:00:36 0 d-------- C:\Program Files\CONEXANT
2008-04-23 00:55:23 393216 --a------ C:\WINDOWS\system32\hcwsnbd9.dll <Not Verified; Snowbound Software Corporation (www.Snowbnd.com); SnowBound RasterMaster for NT/W2000>
2008-04-23 00:55:23 0 d-------- C:\Program Files\WinTV
2008-04-22 23:47:27 0 d-------- C:\Program Files\DIFX
2008-04-22 23:47:25 0 d------c- C:\WINDOWS\system32\DRVSTORE
2008-04-22 23:42:03 0 d-------- C:\Program Files\NVIDIA Corporation
2008-04-22 23:41:19 1428 --a------ C:\WINDOWS\system32\drivers\nvphy.bin
2008-04-22 23:35:48 0 d-------- C:\WINDOWS\network diagnostic
2008-04-22 22:53:29 97792 --a------ C:\WINDOWS\system32\LGUICOM.DLL <Not Verified; Logitech Inc.; MouseWare>
2008-04-22 22:53:29 104960 --a------ C:\WINDOWS\system32\COMNCTR.DLL <Not Verified; Logitech Inc.; MouseWare>
2008-04-22 22:53:29 0 d-------- C:\Program Files\Common Files\Logitech
2008-04-22 22:53:28 0 d-------- C:\Program Files\Logitech
2008-04-22 22:51:05 110602 --a------ C:\WINDOWS\system32\xcdsfx32.bin
2008-04-22 22:51:05 0 d-------- C:\Program Files\Driver Magician
2008-04-22 22:31:40 0 d-------- C:\Documents and Settings\All Users\Application Data\WinZip
2008-04-22 22:05:24 0 d-------- C:\WINDOWS\system32\ReinstallBackups
2008-04-22 22:05:02 0 d-------- C:\Documents and Settings\Nitro\Application Data\InstallShield
2008-04-22 22:03:55 0 d-------- C:\NVIDIA
2008-04-22 20:25:17 0 d-------- C:\Program Files\uTorrent
2008-04-22 20:25:11 0 d-------- C:\Documents and Settings\Nitro\Application Data\uTorrent
2008-04-22 19:36:29 23600 --a------ C:\WINDOWS\system32\drivers\TVICHW32.SYS <Not Verified; EnTech Taiwan; TVicHW32 Generic Device Driver for Windows 95/98/ME/NT/2000/2003/XP/XP64>
2008-04-22 19:33:09 0 d-------- C:\Documents and Settings\Nitro\Application Data\Macromedia
2008-04-22 19:33:09 0 d-------- C:\Documents and Settings\Nitro\Application Data\Adobe
2008-04-22 19:27:56 0 d-------- C:\Program Files\XPC Tools
2008-04-22 19:04:03 0 d-------- C:\Program Files\HP
2008-04-22 19:04:01 0 d-------- C:\WINDOWS\Downloaded Installations
2008-04-22 18:49:42 0 d-------- C:\WINDOWS\pss
2008-04-22 18:48:51 0 d-------- C:\WINDOWS\system32\Lang
2008-04-22 18:46:57 0 d-------- C:\WINDOWS\system32\PreInstall
2008-04-22 18:46:56 0 d--h----- C:\WINDOWS\$hf_mig$
2008-04-22 18:46:36 0 d-------- C:\WINDOWS\nview
2008-04-22 18:43:57 49152 --a------ C:\WINDOWS\system32\ChCfg.exe
2008-04-22 18:43:49 0 d-------- C:\WINDOWS\system32\RTCOM
2008-04-22 18:43:22 0 d-------- C:\Program Files\Realtek
2008-04-22 18:42:39 520192 --a------ C:\WINDOWS\RtlExUpd.dll <Not Verified; Realtek Semiconductor Corp.; RtlExUpd Dynamic Link Library>
2008-04-22 18:41:03 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2008-04-22 18:37:47 0 d-------- C:\Documents and Settings\LocalService\Start Menu
2008-04-22 18:37:16 0 d-------- C:\WINDOWS\SoftwareDistribution
2008-04-22 18:37:14 0 d---s---- C:\WINDOWS\system32\Microsoft
2008-04-22 18:37:14 0 d-------- C:\WINDOWS\Prefetch
2008-04-22 18:33:12 0 d-------- C:\WINDOWS\provisioning
2008-04-22 18:33:12 0 d-------- C:\WINDOWS\peernet
2008-04-22 18:32:31 0 d-------- C:\WINDOWS\ServicePackFiles
2008-04-22 18:31:15 0 d-------- C:\WINDOWS\EHome
2008-04-22 18:19:04 0 d-------- C:\WUTemp
2008-04-22 18:16:27 0 d-------- C:\Documents and Settings\Nitro\Application Data\Google
2008-04-22 18:16:12 0 d-------- C:\Documents and Settings\All Users\Application Data\Google
2008-04-22 18:15:19 0 d-------- C:\Program Files\Google
2008-04-22 18:15:19 0 d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-04-22 18:11:29 315392 --a------ C:\WINDOWS\HideWin.exe <Not Verified; Realtek Semiconductor Corp.; HD Audio Hide windows program>
2008-04-22 18:07:16 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-22 18:06:13 0 d-------- C:\Program Files\Common Files\InstallShield
2008-04-22 06:01:46 0 d--hs---- C:\WINDOWS\Installer
2008-04-22 06:01:44 0 d-------- C:\Documents and Settings\Nitro\Application Data\Identities
2008-04-22 06:01:37 0 d--h----- C:\Documents and Settings\Nitro\Templates
2008-04-22 06:01:37 0 dr------- C:\Documents and Settings\Nitro\Start Menu
2008-04-22 06:01:37 0 dr-h----- C:\Documents and Settings\Nitro\SendTo
2008-04-22 06:01:37 0 dr-h----- C:\Documents and Settings\Nitro\Recent
2008-04-22 06:01:37 0 d--h----- C:\Documents and Settings\Nitro\PrintHood
2008-04-22 06:01:37 3670016 --ah----- C:\Documents and Settings\Nitro\NTUSER.DAT
2008-04-22 06:01:37 0 d--h----- C:\Documents and Settings\Nitro\NetHood
2008-04-22 06:01:37 0 dr------- C:\Documents and Settings\Nitro\My Documents
2008-04-22 06:01:37 0 d--h----- C:\Documents and Settings\Nitro\Local Settings
2008-04-22 06:01:37 0 dr------- C:\Documents and Settings\Nitro\Favorites
2008-04-22 06:01:37 0 d-------- C:\Documents and Settings\Nitro\Desktop
2008-04-22 06:01:37 0 d--hs---- C:\Documents and Settings\Nitro\Cookies
2008-04-22 06:01:37 0 dr-h----- C:\Documents and Settings\Nitro\Application Data
2008-04-22 06:00:57 0 d--hs---- C:\System Volume Information
2008-04-22 06:00:56 233472 --ah----- C:\Documents and Settings\LocalService\NTUSER.DAT
2008-04-22 06:00:56 0 d--h----- C:\Documents and Settings\LocalService\Local Settings
2008-04-22 06:00:56 0 d--hs---- C:\Documents and Settings\LocalService\Cookies
2008-04-22 06:00:56 0 d-------- C:\Documents and Settings\LocalService\Application Data
2008-04-22 06:00:56 0 d---s---- C:\Documents and Settings\LocalService\Application Data\Microsoft
2008-04-22 06:00:55 262144 --ah----- C:\Documents and Settings\NetworkService\NTUSER.DAT
2008-04-22 06:00:55 0 d--h----- C:\Documents and Settings\NetworkService\Local Settings
2008-04-22 06:00:55 0 d--hs---- C:\Documents and Settings\NetworkService\Cookies
2008-04-22 06:00:55 0 d-------- C:\Documents and Settings\NetworkService\Application Data
2008-04-22 06:00:55 0 d---s---- C:\Documents and Settings\NetworkService\Application Data\Microsoft
2008-04-22 05:58:36 0 d-------- C:\WINDOWS\system32\xircom
2008-04-22 05:58:36 0 d-------- C:\Program Files\microsoft frontpage
2008-04-22 05:58:28 233472 ---h----- C:\Documents and Settings\Default User\NTUSER.DAT
2008-04-22 05:58:26 0 -rahs---- C:\MSDOS.SYS
2008-04-22 05:58:26 0 -rahs---- C:\IO.SYS
2008-04-22 05:58:26 0 --a------ C:\CONFIG.SYS
2008-04-22 05:58:26 0 --a------ C:\AUTOEXEC.BAT
2008-04-22 05:57:54 0 d--hs---- C:\Documents and Settings\All Users\DRM
2008-04-22 05:57:50 0 dr------- C:\WINDOWS\Offline Web Pages
2008-04-22 05:57:50 0 d---s---- C:\WINDOWS\Downloaded Program Files
2008-04-22 05:57:36 0 d-------- C:\WINDOWS\srchasst
2008-04-22 05:57:30 0 d-------- C:\WINDOWS\system32\Macromed
2008-04-22 05:57:30 0 d-------- C:\WINDOWS\system32\DirectX
2008-04-22 05:57:20 0 d-------- C:\Program Files\Movie Maker
2008-04-22 05:56:57 0 d-------- C:\WINDOWS\system32\Restore
2008-04-22 05:56:53 0 d-------- C:\WINDOWS\PCHEALTH
2008-04-22 05:56:48 0 d---s---- C:\WINDOWS\Tasks
2008-04-22 05:56:45 0 d-------- C:\Program Files\Common Files\MSSoap
2008-04-22 05:56:26 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-04-22 05:56:17 0 d-------- C:\WINDOWS\Registration
2008-04-22 05:56:13 0 d--h----- C:\Program Files\WindowsUpdate
2008-04-22 05:56:13 0 d-------- C:\Program Files\Online Services
2008-04-22 05:56:09 0 d-------- C:\Program Files\Messenger
2008-04-22 05:56:01 0 d-------- C:\Program Files\MSN Gaming Zone
2008-04-22 05:55:52 0 d-------- C:\Program Files\Windows NT
2008-04-22 05:55:42 0 d-------- C:\WINDOWS\system32\MsDtc
2008-04-22 05:55:40 0 d-------- C:\WINDOWS\system32\Com
2008-04-21 22:51:18 0 d-------- C:\Program Files\Common Files\ODBC
2008-04-21 22:51:16 0 d-------- C:\Program Files\Common Files\SpeechEngines
2008-04-21 22:51:15 0 d-------- C:\Program Files
2008-04-21 22:51:15 0 d-------- C:\Program Files\Common Files
2008-04-21 22:50:58 0 d--h----- C:\Documents and Settings\All Users\Templates
2008-04-21 22:50:58 0 d-------- C:\Documents and Settings\All Users\Favorites
2008-04-21 22:50:58 0 dr------- C:\Documents and Settings\All Users\Documents
2008-04-21 22:50:57 0 d--h----- C:\Documents and Settings\Default User\Templates
2008-04-21 22:50:57 0 dr------- C:\Documents and Settings\Default User\Start Menu
2008-04-21 22:50:57 0 dr-h----- C:\Documents and Settings\Default User\SendTo
2008-04-21 22:50:57 0 d--h----- C:\Documents and Settings\Default User\Recent
2008-04-21 22:50:57 0 d--h----- C:\Documents and Settings\Default User\PrintHood
2008-04-21 22:50:57 0 d--h----- C:\Documents and Settings\Default User\NetHood
2008-04-21 22:50:57 0 d-------- C:\Documents and Settings\Default User\My Documents
2008-04-21 22:50:57 0 dr-h----- C:\Documents and Settings\Default User\Local Settings
2008-04-21 22:50:57 0 d-------- C:\Documents and Settings\Default User\Favorites
2008-04-21 22:50:57 0 d-------- C:\Documents and Settings\Default User\Desktop
2008-04-21 22:50:57 0 d---s---- C:\Documents and Settings\Default User\Cookies
2008-04-21 22:50:57 0 dr------- C:\Documents and Settings\All Users\Start Menu
2008-04-21 22:50:57 0 d-------- C:\Documents and Settings\All Users\Desktop
2008-04-21 22:50:49 0 d-------- C:\WINDOWS\system32\CatRoot2
2008-04-21 22:50:49 0 d-------- C:\WINDOWS\system32\CatRoot
2008-04-21 22:50:44 0 dr-h----- C:\Documents and Settings\Default User\Application Data
2008-04-21 22:50:44 0 d---s---- C:\Documents and Settings\Default User\Application Data\Microsoft
2008-04-21 22:50:44 0 dr-h----- C:\Documents and Settings\All Users\Application Data
2008-04-21 22:50:44 0 d---s---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-04-21 22:49:00 0 d-------- C:\Documents and Settings
2008-04-21 22:38:08 0 d-------- C:\WINDOWS
2008-04-21 22:38:08 0 d-------- C:\WINDOWS\WinSxS
2008-04-21 22:38:08 0 dr------- C:\WINDOWS\Web
2008-04-21 22:38:08 0 d-------- C:\WINDOWS\twain_32
2008-04-21 22:38:08 0 d-------- C:\WINDOWS\system32
2008-04-21 22:38:08 0 d-------- C:\WINDOWS\system32\wins
2008-04-21 22:38:08 0 d-------- C:\WINDOWS\system32\wbem
2008-04-21 22:38:08 0 d-------- C:\WINDOWS\system32\usmt
2008-04-21 22:38:08 0 d-------- C:\WINDOWS\system32\spool
2008-04-21 22:38:08 0 d-------- C:\WINDOWS\system32\ShellExt
2008-04-21 22:38:08 0 d-------- C:\WINDOWS\system32\Setup
2008-04-21 22:38:08 0 d-------- C:\WINDOWS\system32\ras
2008-04-21 22:38:08 0 d-------- C:\WINDOWS\system32\oobe
2008-04-21 22:38:08 0 d-------- C:\WINDOWS\system32\npp
2008-04-21 22:38:08 0 d-------- C:\WINDOWS\system32\mui
2008-04-21 22:38:08 0 d-------- C:\WINDOWS\system32\inetsrv
2008-04-21 22:38:08 0 d-------- C:\WINDOWS\system32\IME
2008-04-21 22:38:08 0 d-------- C:\WINDOWS\system32\icsxml
2008-04-21 22:38:08 0 d-------- C:\WINDOWS\system32\ias
2008-04-21 22:38:08 0 d-------- C:\WINDOWS\system32\export
2008-04-21 22:38:08 0 d-------- C:\WINDOWS\system32\drivers
2008-04-21 22:38:08 0 d-------- C:\WINDOWS\system32\drivers\etc
2008-04-21 22:38:08 0 d-------- C:\WINDOWS\system32\drivers\disdn
2008-04-21 22:38:08 0 dr-hs--c- C:\WINDOWS\system32\dllcache
2008-04-21 22:38:08 0 d-------- C:\WINDOWS\system32\dhcp
2008-04-21 22:38:08 0 d-------- C:\WINDOWS\system32\config
2008-04-21 22:38:08 0 d-------- C:\WINDOWS\system32\3com_dmi
2008-04-21 22:38:08 0 d-------- C:\WINDOWS\system32\3076
2008-04-21 22:38:08 0 d-------- C:\WINDOWS\system32\2052
2008-04-21 22:38:08 0 d-------- C:\WINDOWS\system32\1054
2008-04-21 22:38:08 0 d-------- C:\WINDOWS\system32\1042
2008-04-21 22:38:08 0 d-------- C:\WINDOWS\system32\1041
2008-04-21 22:38:08 0 d-------- C:\WINDOWS\system32\1037
2008-04-21 22:38:08 0 d-------- C:\WINDOWS\system32\1033
2008-04-21 22:38:08 0 d-------- C:\WINDOWS\system32\1031
2008-04-21 22:38:08 0 d-------- C:\WINDOWS\system32\1028
2008-04-21 22:38:08 0 d-------- C:\WINDOWS\system32\1025
2008-04-21 22:38:08 0 d-------- C:\WINDOWS\system
2008-04-21 22:38:08 0 d-------- C:\WINDOWS\security
2008-04-21 22:38:08 0 d-------- C:\WINDOWS\Resources
2008-04-21 22:38:08 0 d-------- C:\WINDOWS\repair
2008-04-21 22:38:08 0 d-------- C:\WINDOWS\mui
2008-04-21 22:38:08 0 d-------- C:\WINDOWS\msapps
2008-04-21 22:38:08 0 d-------- C:\WINDOWS\msagent
2008-04-21 22:38:08 0 d-------- C:\WINDOWS\Media
2008-04-21 22:38:08 0 d-------- C:\WINDOWS\java
2008-04-21 22:38:08 0 d--h----- C:\WINDOWS\inf
2008-04-21 22:38:08 0 d-------- C:\WINDOWS\ime
2008-04-21 22:38:08 0 d-------- C:\WINDOWS\Help
2008-04-21 22:38:08 0 dr--s---- C:\WINDOWS\Fonts
2008-04-21 22:38:08 0 d-------- C:\WINDOWS\Driver Cache
2008-04-21 22:38:08 0 d-------- C:\WINDOWS\Debug
2008-04-21 22:38:08 0 d-------- C:\WINDOWS\Cursors
2008-04-21 22:38:08 0 d-------- C:\WINDOWS\Connection Wizard
2008-04-21 22:38:08 0 d-------- C:\WINDOWS\Config
2008-04-21 22:38:08 0 d-------- C:\WINDOWS\AppPatch
2008-04-21 22:38:08 0 d-------- C:\WINDOWS\addins


-- Find3M Report ---------------------------------------------------------------

2008-04-23 19:07:51 34 --a------ C:\Documents and Settings\Nitro\Application Data\pcouffin.log
2008-04-23 19:07:50 1144 --a------ C:\Documents and Settings\Nitro\Application Data\pcouffin.inf
2008-04-23 19:07:50 7887 --a------ C:\Documents and Settings\Nitro\Application Data\pcouffin.cat
2008-04-21 22:50:57 62 --ahs---- C:\Documents and Settings\Nitro\Application Data\desktop.ini


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f0612917-a2a3-45cc-a6b7-dc8393ead394}]
05/15/2008 07:37 PM 133120 --a------ C:\WINDOWS\system32\dwsxleot.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [03/26/2008 04:14 PM C:\WINDOWS\RTHDCPL.exe]
"Alcmtr"="ALCMTR.EXE" [05/03/2005 06:43 PM C:\WINDOWS\Alcmtr.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [12/05/2007 01:41 AM]
"nwiz"="nwiz.exe" [12/05/2007 01:41 AM C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [12/05/2007 01:41 AM]
"Logitech Utility"="Logi_MwX.Exe" [12/17/2003 09:50 AM C:\WINDOWS\LOGI_MWX.EXE]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [04/09/2007 09:23 AM]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [03/27/2008 03:35 AM]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [11/01/2007 07:12 PM]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6253\SiteAdv.exe" [08/24/2007 06:57 PM]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [03/01/2007 02:57 PM]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [12/03/2007 02:21 PM]
"zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [11/23/2002 02:15 AM]
"Acrobat Assistant 8.0"="M:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [10/22/2006 11:24 PM]
"@"="" []
"Adobe_ID0EYTHM"="C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" [03/20/2007 04:40 PM]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [02/19/2006 02:41 AM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [01/31/2008 11:13 PM]
"9080733a"="C:\WINDOWS\system32\hslagqnt.dll" []
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [10/27/2006 12:47 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [04/22/2008 06:15 PM]
"DriverUpdaterPro"="C:\Program Files\XPC Tools\Driver Updater Pro\DriverUpdaterPro.exe" []
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [12/13/2007 07:10 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 12:56 AM]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [10/18/2007 11:34 AM]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 01:24 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000003}\_SC_Acrobat.exe [4/26/2008 7:44:04 PM]
Adobe Acrobat Synchronizer.lnk - M:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [10/23/2006 12:01:50 AM]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2/19/2006 4:21:22 AM]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [4/25/2008 7:38:39 PM]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Google Updater.lnk
backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{34f45fc2-100e-11dd-8465-806d6172696f}]
AutoRun\command- D:\SETUP.EXE
configure\command- D:\SETUP.EXE
install\command- D:\SETUP.EXE




-- End of Deckard's System Scanner: finished at 2008-05-17 00:34:06 ------------


Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Athlon™ 64 X2 Dual Core Processor 5000+
CPU 1: AMD Athlon™ 64 X2 Dual Core Processor 5000+
Percentage of Memory in Use: 43%
Physical Memory (total/avail): 2046.48 MiB / 1152.06 MiB
Pagefile Memory (total/avail): 3939.34 MiB / 3223.6 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1900.99 MiB

C: is Fixed (NTFS) - 50.55 GiB total, 27.69 GiB free.
D: is CDROM (CDFS)
E: is CDROM (No Media)
F: is Removable (No Media)
G: is Removable (No Media)
H: is Removable (No Media)
I: is Removable (No Media)
J: is CDROM (No Media)
K: is Fixed (NTFS) - 170.86 GiB total, 142.44 GiB free.
L: is Fixed (NTFS) - 53.55 GiB total, 43.67 GiB free.
M: is Fixed (NTFS) - 97.66 GiB total, 79.04 GiB free.
N: is CDROM (No Media)
Q: is Removable (FAT32)

\\.\PHYSICALDRIVE0 - ST3400820AS - 372.61 GiB - 4 partitions
\PARTITION0 (bootable) - Installable File System - 50.55 GiB - C:
\PARTITION1 - Extended w/Extended Int 13 - 322.06 GiB - K: - L: - M:

\\.\PHYSICALDRIVE3 - Generic USB CF Reader USB Device

\\.\PHYSICALDRIVE5 - Generic USB MS Reader USB Device

\\.\PHYSICALDRIVE2 - Generic USB SD Reader USB Device

\\.\PHYSICALDRIVE4 - Generic USB SM Reader USB Device

\\.\PHYSICALDRIVE1 - PNY USB 2.0 FD USB Device - 7.68 GiB - 1 partition
\PARTITION0 - Unknown - 7.69 GiB - Q:



-- Security Center -------------------------------------------------------------

AUOptions is disabled.
Windows Internal Firewall is disabled.

AntiVirusDisableNotify is set.
FirewallDisableNotify is set.

FW: McAfee Personal Firewall v (McAfee)
AV: McAfee VirusScan v (McAfee)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"="C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe:*:Enabled:McAfee Network Agent"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"="C:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe:*:Enabled:Adobe Version Cue CS3 Server"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe:*:Enabled:hposid01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"M:\\Program Files\\crysis\\Bin32\\Crysis.exe"="M:\\Program Files\\crysis\\Bin32\\Crysis.exe:*:Enabled:Crysis_32"
"M:\\Program Files\\crysis\\Bin32\\CrysisDedicatedServer.exe"="M:\\Program Files\\crysis\\Bin32\\CrysisDedicatedServer.exe:*:Enabled:CrysisDedicatedServer_32"
"C:\\WINDOWS\\system32\\PnkBstrA.exe"="C:\\WINDOWS\\system32\\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\\WINDOWS\\system32\\PnkBstrB.exe"="C:\\WINDOWS\\system32\\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\\WINDOWS\\PCHEALTH\\HELPCTR\\Binaries\\helpctr.exe"="C:\\WINDOWS\\PCHEALTH\\HELPCTR\\Binaries\\helpctr.exe:*:Enabled:Remote Assistance - Windows Messenger and Voice"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Nitro\Application Data
CLASSPATH=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=AARON
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Nitro
LOGONSERVER=\\AARON
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Program Files\Internet Explorer;;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;%PIXIEHOME%\bin;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\IMSI\FloorPlan 3D v11\Program
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 67 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=4302
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\QuickTime\QTSystem\QTJava.zip
SESSIONNAME=Console
SHADERS=%PIXIEHOME%\shaders
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Nitro\LOCALS~1\Temp
TMP=C:\DOCUME~1\Nitro\LOCALS~1\Temp
USERDOMAIN=AARON
USERNAME=Nitro
USERPROFILE=C:\Documents and Settings\Nitro
windir=C:\WINDOWS
__COMPAT_LAYER=EnableNXShowUI


-- User Profiles ---------------------------------------------------------------

Nitro (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
--> C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
--> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> C:\WINDOWS\UNRecode.exe /UNINSTALL
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
Add or Remove Adobe Creative Suite 3 Design Premium --> C:\Program Files\Common Files\Adobe\Installers\c14ac4070fd9614ffe63f4bb533db2c\Setup.exe
Adobe Anchor Service CS3 --> MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3 --> MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3 --> MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting --> MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe BridgeTalk Plugin CS3 --> MsiExec.exe /I{B7F560B3-6EFF-4026-A982-843895A41149}
Adobe Camera Raw 4.0 --> MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps --> MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific --> MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings --> MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
Adobe Color EU Extra Settings --> MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings --> MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings --> MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Creative Suite 3 Design Premium --> MsiExec.exe /I{D1C18EDD-571A-4BDD-BE7B-1DD86027D7FF}
Adobe Default Language CS3 --> MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3 --> MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe Dreamweaver CS3 --> MsiExec.exe /I{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}
Adobe ExtendScript Toolkit 2 --> MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}
Adobe Extension Manager CS3 --> MsiExec.exe /I{BE5F3842-8309-4754-92D5-83E02E6077A3}
Adobe Flash CS3 --> MsiExec.exe /I{6B52140A-F189-4945-BFFC-DB3F00B8C589}
Adobe Flash Player 9 ActiveX --> MsiExec.exe /X{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}
Adobe Flash Player 9 Plugin --> MsiExec.exe /X{88D422DB-E9C7-4E16-9D80-2999F4FD6AD9}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Video Encoder --> MsiExec.exe /I{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}
Adobe Fonts All --> MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3 --> MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Illustrator CS3 --> MsiExec.exe /I{F08E8D2E-F132-4742-9C87-D5FF223A016A}
Adobe InDesign CS3 --> MsiExec.exe /I{CB3F8375-B600-4B9F-83C9-238ED1E583FD}
Adobe InDesign CS3 Icon Handler --> MsiExec.exe /I{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}
Adobe Linguistics CS3 --> MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe MotionPicture Color Files --> MsiExec.exe /I{6B708481-748A-4EB4-97C1-CD386244FF77}
Adobe PDF Library Files --> MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3 --> MsiExec.exe /I{0046FA01-C5B9-4985-BACB-398DC480FC05}
Adobe Setup --> MsiExec.exe /I{09E2111C-16B1-4DDF-BF0D-F994C9A12350}
Adobe SING CS3 --> MsiExec.exe /I{B671CBFD-4109-4D35-9252-3062D3CCB7B2}
Adobe Stock Photos CS3 --> MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support --> MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3 --> MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client --> MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe Version Cue CS3 Server --> MsiExec.exe /I{1D58229F-C505-45CA-8223-F35F3A34B963}
Adobe WAS CS3 --> MsiExec.exe /I{C5BD220A-EFE8-48A5-B70E-9503D535FACE}
Adobe WinSoft Linguistics Plugin --> MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3 --> MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
AHV content for Acrobat and Flash --> MsiExec.exe /I{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
Camtasia Studio 5 --> MsiExec.exe /I{7EADB65C-70E8-4C94-AD0A-221462D41A85}
ConvertXtoDVD 2.2.3.258 --> "C:\Program Files\VSO\ConvertXtoDVD\unins000.exe"
Crysis® --> MsiExec.exe /I{000E79B7-E725-4F01-870A-C12942B7F8E4}
CuteFTP 8 Professional --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{91F34319-08DE-457A-99C0-0BCDFAC145B9}\Setup.exe" -l0x9
Data Fax SoftModem with SmartCP --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1\HXFSETUP.EXE -U -IAsu200Ck.inf
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
Driver Detective --> C:\Program Files\InstallShield Installation Information\{621C02EA-AAFF-4026-A903-165D59529A16}\setup.exe -runfromtemp -l0x0409
Driver Magician 3.28 --> "C:\Program Files\Driver Magician\unins000.exe"
DriverAgent Plugin for Netscape by TouchStone Software --> RunDll32.exe advpack.dll,LaunchINFSection driveragent_np.inf,TVICHW32Remove
eToro --> C:\PROGRA~1\eToro\UNWISE.EXE C:\PROGRA~1\eToro\INSTALL.LOG
FloorPlan 3D v11 --> MsiExec.exe /I{8E7A41FE-5026-4224-9D7E-2DA3F0B41270}
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
Google Updater --> "C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
Hauppauge WinTV --> C:\PROGRA~1\WinTV\UNTV6.EXE C:\PROGRA~1\WinTV\WINTV6.LOG
High Definition Audio Driver Package - KB888111 --> "C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HP Customer Participation Program 7.0 --> C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Imaging Device Functions 7.0 --> C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart Essential --> MsiExec.exe /X{6994491D-D491-48F1-AE1F-E179C1FFFC2F}
HP Photosmart, Officejet and Deskjet 7.0.A --> C:\Program Files\HP\Digital Imaging\{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}\setup\hpzscr01.exe -datfile hposcr11.dat
HP Product Detection --> MsiExec.exe /X{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}
HP Software Update --> MsiExec.exe /X{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}
HP Solution Center 7.0 --> C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
Logitech Desktop Messenger --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\setup.exe" -l0x9 UNINSTALL
Logitech iTouch Software --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{036AA4D4-6D32-11D4-9875-00105ACE7734}\setup.exe" -l0x9 UNINSTALL
Logitech MouseWare 9.79.1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5809E7CF-4DCF-11D4-9875-00105ACE7734}\Setup.exe" -l0x9 -l0009 UNINSTALL
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
McAfee SecurityCenter --> C:\Program Files\McAfee\MSC\mcuninst.exe
Microsoft Games for Windows - LIVE Redistributable --> MsiExec.exe /X{20DEB77C-21D6-4D22-BB47-233E47613D57}
Microsoft Office Access MUI (English) 2007 --> MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007 --> MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007 --> MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007 --> MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007 --> MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007 --> MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007 --> MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Plus! for Windows XP --> MsiExec.exe /I{EEC2DAFD-5558-40AC-8E9C-5005C8F810E8}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (2.0.0.14) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MP3 To Ringtone Gold 3.50 --> "C:\Program Files\AnMing\unins000.exe"
MSXML4 Parser --> MsiExec.exe /I{01501EBA-EC35-4F9F-8889-3BE346E5DA13}
Nero 8 --> MsiExec.exe /X{5FCCD531-1B38-4A94-924C-127F722F1033}
neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Notepad++ --> C:\Program Files\Notepad++\uninstall.exe
NVIDIA Drivers --> C:\WINDOWS\system32\NVUNINST.EXE UninstallGUI
NVIDIA nTune --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF} /l1033
OCR Software by I.R.I.S 7.0 --> C:\Program Files\HP\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat
PC DUAL SHOCK --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0700\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D313CA09-D5D4-4B3D-B4D0-20F2289BCD01}\setup.exe" -l0x9
PDF Settings --> MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
PowerISO --> "C:\Program Files\PowerISO\uninstall.exe"
PunkBuster Services --> C:\WINDOWS\system32\pbsvc.exe -u
QuickTime --> MsiExec.exe /I{BFD96B89-B769-4CD6-B11E-E79FFD46F067}
Realtek High Definition Audio Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
Super TextTwist --> C:\PROGRA~1\GAMEHO~1\TEXTTW~1\UNWISE.EXE /U C:\PROGRA~1\GAMEHO~1\TEXTTW~1\INSTALL.LOG
VCRedistSetup --> MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
Winamp --> "C:\Program Files\Winamp\UninstWA.exe"
Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0) --> C:\PROGRA~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\DPInst.exe /d /u C:\WINDOWS\system32\DRVSTORE\amdk8_C074F64CC74B03BC354BB5DC973CCF768D5A7194\amdk8.inf
Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Sign-in Assistant --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
WinZip 11.1 --> MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}


-- Application Event Log -------------------------------------------------------

Event Record #/Type1114 / Error
Event Submitted/Written: 05/17/2008 00:18:04 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application hpqtra08.exe, version 70.0.170.0, faulting module msvcrt.dll, version 7.0.2600.2180, fault address 0x000378c0.
Processing media-specific event for [hpqtra08.exe!ws!]

Event Record #/Type1113 / Warning
Event Submitted/Written: 05/17/2008 00:16:34 AM
Event ID/Source: 63 / WinMgmt
Event Description:
A provider, OffProv12, has been registered in the WMI namespace, Root\MSAPPS12, to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Event Record #/Type1094 / Error
Event Submitted/Written: 05/16/2008 09:24:36 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application iexplore.exe, version 7.0.6000.16640, faulting module quicktime.qts, version 7.4.1.14, fault address 0x00151354.
Processing media-specific event for [iexplore.exe!ws!]

Event Record #/Type1086 / Error
Event Submitted/Written: 05/16/2008 03:18:34 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application nero.exe, version 8.2.8.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type1085 / Error
Event Submitted/Written: 05/16/2008 03:18:20 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application nero.exe, version 8.2.8.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type7370 / Error
Event Submitted/Written: 05/15/2008 09:04:57 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service McShield with arguments ""
in order to run the server:
{DC7EF8E1-824F-4110-AB43-1604DA9B4F40}

Event Record #/Type7331 / Error
Event Submitted/Written: 05/15/2008 07:14:59 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Event Record #/Type7307 / Warning
Event Submitted/Written: 05/14/2008 09:54:53 PM
Event ID/Source: 257 / PlugPlayManager
Event Description:
Timed out sending notification of target device change to window of "WndClass_CWinDrivesNotifyerHelperWindow"

Event Record #/Type7294 / Warning
Event Submitted/Written: 05/14/2008 09:53:53 PM
Event ID/Source: 257 / PlugPlayManager
Event Description:
Timed out sending notification of target device change to window of "WndClass_CWinDrivesNotifyerHelperWindow"

Event Record #/Type7289 / Warning
Event Submitted/Written: 05/14/2008 09:53:23 PM
Event ID/Source: 257 / PlugPlayManager
Event Description:
Timed out sending notification of target device change to window of "WndClass_CWinDrivesNotifyerHelperWindow"



-- End of Deckard's System Scanner: finished at 2008-05-17 00:34:06 ------------

BC AdBot (Login to Remove)

 


m

#2 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:03:26 PM

Posted 18 May 2008 - 10:17 PM

Hello abryenton82 and welcome to BC. Let's see what we can find. Please follow the steps below in order:

Before running a new scan let's clean out the temporary folders.

Download ATF Cleaner to your Desktop.
  • Double-click ATF-Cleaner.exe to run the program.
  • Click Select All found at the bottom of the list.
  • Click the Empty Selected button.
If you use Firefox browser, do this also:
  • Click Firefox at the top and choose Select All from the list.
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser, do this also:
  • Click Opera at the top and choose Select All from the list.
  • Close ALL Internet browsers (very important).
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

Now download OTScanIt.exe to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Open the OTScanIt folder and double-click on OTScanIt.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
  • In the Drivers section click on Non-Microsoft.
  • Under Additional Scans click the checkboxes in front of the following items to select them:
    • Reg - BotCheck
      File - Additional Folder Scans
  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
  • Save the file to your desktop or other location where you can find it back.
Use the Add Reply button and attach the file in your next post (do not try to copy/paste it into the post).

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users