Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virtumonde Infection


  • This topic is locked This topic is locked
2 replies to this topic

#1 Butch88

Butch88

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Michigan USA
  • Local time:09:19 AM

Posted 20 May 2008 - 12:26 PM

Here are the results of my scans

Deckard's System Scanner v20071014.68
Run by Butch on 2009-01-19 13:11:09
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
8: 2009-01-19 18:11:16 UTC - RP8 - Deckard's System Scanner Restore Point
7: 2009-01-19 17:55:12 UTC - RP7 - Installed Java™ 6 Update 10
6: 2009-01-19 13:01:25 UTC - RP6 - Software Distribution Service 3.0
5: 2009-01-19 10:41:13 UTC - RP5 - Software Distribution Service 3.0
4: 2009-01-19 04:31:06 UTC - RP4 - Software Distribution Service 3.0


-- First Restore Point --
1: 2009-01-18 00:39:41 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Butch.exe) -----------------------------------------------

Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2009-01-19 13:12:36
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.5730.13)
Boot mode: Normal

Running processes:
D:\WINDOWS\system32\smss.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
D:\WINDOWS\system32\acs.exe
D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
D:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\alg.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\explorer.exe
D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
D:\Program Files\ATI Multimedia\main\atidtct.exe
D:\Program Files\Adobe\Acrobat 7.0\Distillr\AcroTray.exe
D:\Program Files\HP\HP Software Update\hpwuSchd2.exe
D:\WINDOWS\system32\rundll32.exe
D:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
D:\Program Files\Logitech\QuickCam\Quickcam.exe
D:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
D:\Program Files\Common Files\Symantec Shared\ccApp.exe
D:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\iTunes\iTunesHelper.exe
D:\WINDOWS\soundman.exe
D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
D:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
D:\Program Files\ATI Multimedia\RemCtrl\ATIRW.EXE
D:\Program Files\MSN Messenger\msnmsgr.exe
D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
D:\Program Files\Google\Google Updater\GoogleUpdater.exe
D:\WINDOWS\system32\rundll32.exe
D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
D:\Program Files\NETGEAR\WPN311\wlancfg5.exe
D:\Program Files\WinZip\WZQKPICK.EXE
D:\Program Files\iPod\bin\iPodService.exe
D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
D:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
D:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
D:\WINDOWS\system32\WISPTIS.EXE
D:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Java\jre6\bin\jqs.exe
D:\Documents and Settings\Butch\Local Settings\Temporary Internet Files\Content.IE5\6B9MQFFZ\dss[1].exe
D:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msnbc.msn.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsoft.com/access/autosearch.asp?p=%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.ati.com/online/registration
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {0575F57E-53D7-4F0B-8BEA-4158E9B81613} - D:\WINDOWS\system32\tuvTkIyX.dll (file missing)
O2 - BHO: (no name) - {0577337F-6498-4276-9DC6-487DC560F034} - D:\WINDOWS\system32\cbXNFvww.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - D:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\NppBHO.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {411E6B3A-5C6D-4578-8AF5-4407ABD72182} - D:\WINDOWS\system32\geBqrpOg.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5F3EF134-DCBD-429A-8584-88666CA6318E} - (no file)
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7CCB39D9-DD3E-4A07-8C72-793C54D3BA0B} - D:\WINDOWS\system32\byXolkIY.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {80570D0A-3567-4220-8FBD-5A3177D9868F} - D:\WINDOWS\system32\qoMgeDwv.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {936B8EA2-5436-404A-A3B3-3A9287171D1A} - D:\WINDOWS\system32\rqRHbcbB.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - D:\Program Files\Google\GoogleToolbar1.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - D:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {BE937D0B-F6F7-4B54-B70B-1148CB2DA811} - D:\WINDOWS\system32\byXOggeC.dll (file missing)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - D:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\UIBHO.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - D:\Program Files\Google\GoogleToolbar1.dll
O4 - HKLM\..\Run: [ATIPTA] D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATI DeviceDetect] D:\Program Files\ATI Multimedia\main\ATIDtct.EXE
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "D:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [HP Software Update] D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [googletalk] D:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [YSearchProtection] "D:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "D:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "D:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [OrderReminder] D:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
O4 - HKLM\..\Run: [ccApp] "D:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "D:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "D:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [StartCCC] "D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ATI Launchpad] "D:\Program Files\ATI Multimedia\main\launchpd.exe"
O4 - HKCU\..\Run: [ATI Remote Control] D:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Google Updater.lnk = D:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: NETGEAR WPN311 Smart Wizard.lnk = D:\Program Files\NETGEAR\WPN311\wlancfg5.exe
O4 - Global Startup: WinZip Quick Pick.lnk = D:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/u...can_unicode.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase9563.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1232122969375
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1175476592500
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobios/LOnline/install.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - D:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - D:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - D:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - D:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - D:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - D:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - D:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - D:\WINDOWS\system32\acs.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - D:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: LVCOMSer - Logitech Inc. - D:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - D:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - D:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Core LC - Unknown owner - D:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - D:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe


--
End of file - 15691 bytes

-- File Associations -----------------------------------------------------------

.reg - regfile - shell\open\command - regedit.exe "%1" %*
.scr - scrfile - shell\open\command - "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.2.0.3) - d:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.2.0.3>
R3 ATI Remote Wonder II - d:\windows\system32\drivers\atirwvd.sys <Not Verified; Jungo; WinDriver Device Driver>

S0 ahP53 - d:\windows\system32\drivers\ahp53.sys (file missing)
S0 bjQ07 - d:\windows\system32\drivers\bjq07.sys (file missing)
S0 bjQ18 - d:\windows\system32\drivers\bjq18.sys (file missing)
S0 clS53 - d:\windows\system32\drivers\cls53.sys (file missing)
S0 dmT75 - d:\windows\system32\drivers\dmt75.sys (file missing)
S0 emT75 - d:\windows\system32\drivers\emt75.sys (file missing)
S0 fmT20 - d:\windows\system32\drivers\fmt20.sys (file missing)
S0 Fmt42 - d:\windows\system32\drivers\fmt42.sys (file missing)
S0 fnV64 - d:\windows\system32\drivers\fnv64.sys (file missing)
S0 gnU86 - d:\windows\system32\drivers\gnu86.sys (file missing)
S0 hqX18 - d:\windows\system32\drivers\hqx18.sys (file missing)
S0 ipX86 - d:\windows\system32\drivers\ipx86.sys (file missing)
S0 iqX64 - d:\windows\system32\drivers\iqx64.sys (file missing)
S0 ksB42 - d:\windows\system32\drivers\ksb42.sys (file missing)
S0 ktC53 - d:\windows\system32\drivers\ktc53.sys (file missing)
S0 ltB86 - d:\windows\system32\drivers\ltb86.sys (file missing)
S0 muC20 - d:\windows\system32\drivers\muc20.sys (file missing)
S0 muC86 - d:\windows\system32\drivers\muc86.sys (file missing)
S0 mvD18 - d:\windows\system32\drivers\mvd18.sys (file missing)
S0 ovD43 - d:\windows\system32\drivers\ovd43.sys (file missing)
S0 oxG76 - d:\windows\system32\drivers\oxg76.sys (file missing)
S0 pxF10 - d:\windows\system32\drivers\pxf10.sys (file missing)
S0 pxF42 - d:\windows\system32\drivers\pxf42.sys (file missing)
S0 pxF75 - d:\windows\system32\drivers\pxf75.sys (file missing)
S0 pyG07 - d:\windows\system32\drivers\pyg07.sys (file missing)
S0 qaH64 - d:\windows\system32\drivers\qah64.sys (file missing)
S0 tcJ87 - d:\windows\system32\drivers\tcj87.sys (file missing)
S0 tcL31 - d:\windows\system32\drivers\tcl31.sys (file missing)
S0 udK33 - d:\windows\system32\drivers\udk33.sys (file missing)
S0 udK42 - d:\windows\system32\drivers\udk42.sys (file missing)
S0 veL20 - d:\windows\system32\drivers\vel20.sys (file missing)
S0 wfM53 - d:\windows\system32\drivers\wfm53.sys (file missing)
S0 wgN53 - d:\windows\system32\drivers\wgn53.sys (file missing)
S0 ygN86 - d:\windows\system32\drivers\ygn86.sys (file missing)
S0 yiQ20 - d:\windows\system32\drivers\yiq20.sys (file missing)
S3 BCM43XX (Linksys Wireless-G PCI Network Adapter Driver) - d:\windows\system32\drivers\bcmwl5.sys (file missing)
S3 catchme - d:\docume~1\butch\locals~1\temp\catchme.sys (file missing)
S3 GTNDIS5 (GTNDIS5 NDIS Protocol Driver) - d:\windows\system32\gtndis5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
S3 RT2500 (Linksys Wireless-G PCI Adapter Driver) - d:\windows\system32\drivers\rt2500.sys <Not Verified; Ralink Technology Inc.; RT2500 802.11g Wireless Adapters>
S3 ser2plms (Microsoft USB GPS driver) - d:\windows\system32\drivers\ser2plms.sys <Not Verified; Prolific Technology Inc.; Microsoft GPS Cable>
S3 SymIM (Symantec Network Security Intermediate Filter Service) - d:\windows\system32\drivers\symim.sys (file missing)
S3 SymIMMP - d:\windows\system32\drivers\symim.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 ACS (Atheros Configuration Service) - d:\windows\system32\acs.exe
R2 Apple Mobile Device - "d:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 JavaQuickStarterService (Java Quick Starter) - "d:\program files\java\jre6\bin\jqs.exe" -service -config "d:\program files\java\jre6\lib\deploy\jqs\jqs.conf" <Not Verified; Sun Microsystems, Inc.; Java™ Platform SE 6 U10>

S3 x10nets (X10 Device Network Service) - d:\progra~1\atimul~1\remctrl\x10nets.exe (file missing)


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: PCI Modem
Device ID: PCI\VEN_134D&DEV_2189&SUBSYS_1002134D&REV_04\4&1C88B56&0&00A4
Manufacturer:
Name: PCI Modem
PNP Device ID: PCI\VEN_134D&DEV_2189&SUBSYS_1002134D&REV_04\4&1C88B56&0&00A4
Service:


-- Scheduled Tasks -------------------------------------------------------------

2009-01-19 12:22:30 254 --a------ D:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
2009-01-17 11:30:19 406 --a------ D:\WINDOWS\Tasks\Pareto UNS.job


-- Files created between 2008-12-19 and 2009-01-19 -----------------------------

2009-01-19 13:07:48 0 d-------- D:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2009-01-19 13:07:47 0 d-------- D:\WINDOWS\system32\Kaspersky Lab
2009-01-19 12:49:40 0 d-------- D:\Documents and Settings\Butch\.SunDownloadManager
2009-01-19 07:25:50 0 d-------- D:\WINDOWS\LastGood
2009-01-18 11:49:50 0 d-------- D:\Documents and Settings\Butch\Application Data\Malwarebytes
2009-01-18 11:49:39 0 d-------- D:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-01-18 11:49:38 0 d-------- D:\Program Files\Malwarebytes' Anti-Malware
2009-01-18 07:40:54 0 d-------- D:\WINDOWS\ERUNT
2009-01-17 23:57:28 0 d-------- D:\Documents and Settings\Administrator.BUTCH-6CA0ED9CF\Favorites
2009-01-17 23:57:28 0 d-------- D:\Documents and Settings\Administrator.BUTCH-6CA0ED9CF\Desktop
2009-01-17 23:57:28 0 d--hs---- D:\Documents and Settings\Administrator.BUTCH-6CA0ED9CF\Cookies
2009-01-17 23:57:28 0 dr-h----- D:\Documents and Settings\Administrator.BUTCH-6CA0ED9CF\Application Data
2009-01-17 23:57:28 0 d---s---- D:\Documents and Settings\Administrator.BUTCH-6CA0ED9CF\Application Data\Microsoft
2009-01-17 23:57:28 0 d-------- D:\Documents and Settings\Administrator.BUTCH-6CA0ED9CF\Application Data\Macromedia
2009-01-17 23:57:28 0 d-------- D:\Documents and Settings\Administrator.BUTCH-6CA0ED9CF\Application Data\Apple Computer
2009-01-17 23:57:27 0 d--h----- D:\Documents and Settings\Administrator.BUTCH-6CA0ED9CF\Templates
2009-01-17 23:57:27 0 dr------- D:\Documents and Settings\Administrator.BUTCH-6CA0ED9CF\Start Menu
2009-01-17 23:57:27 0 dr-h----- D:\Documents and Settings\Administrator.BUTCH-6CA0ED9CF\SendTo
2009-01-17 23:57:27 0 d--h----- D:\Documents and Settings\Administrator.BUTCH-6CA0ED9CF\Recent
2009-01-17 23:57:27 0 d--h----- D:\Documents and Settings\Administrator.BUTCH-6CA0ED9CF\PrintHood
2009-01-17 23:57:27 0 d--h----- D:\Documents and Settings\Administrator.BUTCH-6CA0ED9CF\NetHood
2009-01-17 23:57:27 0 d-------- D:\Documents and Settings\Administrator.BUTCH-6CA0ED9CF\My Documents
2009-01-17 23:57:27 0 d--h----- D:\Documents and Settings\Administrator.BUTCH-6CA0ED9CF\Local Settings
2009-01-17 23:57:26 2097152 --ah----- D:\Documents and Settings\Administrator.BUTCH-6CA0ED9CF\NTUSER.DAT
2009-01-17 13:16:29 0 d-------- D:\VundoFix Backups
2009-01-17 12:22:21 0 d-------- D:\Program Files\Microsoft Windows OneCare Live
2009-01-17 11:40:15 0 d-------- D:\Program Files\Windows Live Safety Center
2009-01-17 11:30:07 0 d-------- D:\Documents and Settings\All Users\Application Data\ParetoLogic Anti-Spyware
2009-01-17 11:20:55 3012 --ahs---- D:\WINDOWS\system32\CeggOXyb.ini2
2009-01-17 08:34:21 1239843 --ahs---- D:\WINDOWS\system32\XyIkTvut.ini2
2009-01-17 00:33:07 1244727 --ahs---- D:\WINDOWS\system32\gOprqBeg.ini2
2009-01-16 23:40:56 0 --ahs---- D:\WINDOWS\system32\YIkloXyb.ini2
2009-01-16 17:26:07 0 d-------- D:\Program Files\Microsoft Silverlight
2009-01-16 16:10:07 1239908 --ahs---- D:\WINDOWS\system32\vwDegMoq.ini2
2009-01-16 12:22:38 5428 --a------ D:\WINDOWS\system32\tmp.reg
2009-01-16 12:14:31 1241682 --ahs---- D:\WINDOWS\system32\BbcbHRqr.ini2
2009-01-16 10:45:24 0 d-------- D:\WINDOWS\Prefetch
2009-01-16 10:35:21 0 d-------- D:\Program Files\Online Services
2009-01-16 00:24:41 0 --a------ D:\Program Files\uninstall.dat
2009-01-16 00:24:40 62910 --a------ D:\Program Files\Uninstall.exe <Not Verified; $PROGRAMNAME; $PROGRAMNAME>
2009-01-16 00:08:48 0 d-------- D:\Documents and Settings\Administrator\Cookies
2009-01-16 00:08:48 0 d-------- D:\Documents and Settings\Administrator\Application Data
2009-01-16 00:08:48 0 d-------- D:\Documents and Settings\Administrator\Application Data\Microsoft
2009-01-16 00:08:48 0 d-------- D:\Documents and Settings\Administrator\Application Data\Macromedia
2009-01-16 00:08:48 0 d-------- D:\Documents and Settings\Administrator\Application Data\Apple Computer
2009-01-16 00:08:47 0 d-------- D:\Documents and Settings\Administrator\Templates
2009-01-16 00:08:47 0 d-------- D:\Documents and Settings\Administrator\Local Settings
2009-01-16 00:08:46 262144 --ah----- D:\Documents and Settings\Administrator\NTUSER.DAT
2009-01-15 21:18:14 1575797 --ahs---- D:\WINDOWS\system32\xbpgwaup.ini2
2009-01-15 15:53:57 1242978 --ahs---- D:\WINDOWS\system32\bLlUEfhk.ini2
2009-01-15 08:51:24 0 d-------- D:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-14 23:10:32 229376 --a------ D:\Documents and Settings\LocalService\ntuser.dat
2009-01-14 23:10:32 5767168 --a------ D:\Documents and Settings\Butch\ntuser.dat
2009-01-14 23:10:22 3384 --ahs---- D:\WINDOWS\system32\wwvFNXbc.ini2


-- Find3M Report ---------------------------------------------------------------

2009-01-19 12:55:14 0 d-------- D:\Program Files\Java
2009-01-17 11:45:10 0 d-------- D:\Program Files\Common Files
2009-01-17 00:04:18 0 d-------- D:\Program Files\Real
2009-01-16 16:01:44 0 d-------- D:\Program Files\SmartFTP Client
2009-01-16 12:09:59 0 d-------- D:\Program Files\Common Files\Symantec Shared
2009-01-16 10:31:28 23348 --a------ D:\WINDOWS\system32\emptyregdb.dat
2009-01-14 10:19:15 0 d-------- D:\Program Files\Google


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0575F57E-53D7-4F0B-8BEA-4158E9B81613}]
D:\WINDOWS\system32\tuvTkIyX.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0577337F-6498-4276-9DC6-487DC560F034}]
D:\WINDOWS\system32\cbXNFvww.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{411E6B3A-5C6D-4578-8AF5-4407ABD72182}]
D:\WINDOWS\system32\geBqrpOg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5F3EF134-DCBD-429A-8584-88666CA6318E}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7CCB39D9-DD3E-4A07-8C72-793C54D3BA0B}]
D:\WINDOWS\system32\byXolkIY.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{80570D0A-3567-4220-8FBD-5A3177D9868F}]
D:\WINDOWS\system32\qoMgeDwv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{936B8EA2-5436-404A-A3B3-3A9287171D1A}]
D:\WINDOWS\system32\rqRHbcbB.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BE937D0B-F6F7-4B54-B70B-1148CB2DA811}]
D:\WINDOWS\system32\byXOggeC.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
01/19/2009 12:55 PM 34816 --a------ D:\Program Files\Java\jre6\bin\jp2ssv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
01/19/2009 12:55 PM 73728 --a------ D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [07/17/2004 09:10 PM]
"ATI DeviceDetect"="D:\Program Files\ATI Multimedia\main\ATIDtct.EXE" [06/15/2004 10:17 PM]
"Acrobat Assistant 7.0"="D:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [01/12/2006 07:52 PM]
"HP Software Update"="D:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [05/11/2005 10:12 PM]
"BluetoothAuthenticationAgent"="bthprops.cpl" [08/04/2004 07:00 AM D:\WINDOWS\system32\bthprops.cpl]
"googletalk"="D:\Program Files\Google\Google Talk\googletalk.exe" [01/01/2007 04:22 PM]
"KernelFaultCheck"="D:\WINDOWS\system32\dumprep 0 -k" []
"YSearchProtection"="D:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" []
"LogitechCommunicationsManager"="D:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [10/25/2007 05:33 PM]
"LogitechQuickCamRibbon"="D:\Program Files\Logitech\QuickCam\Quickcam.exe" [10/25/2007 05:37 PM]
"OrderReminder"="D:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe" [01/30/2006 11:00 AM]
"ccApp"="D:\Program Files\Common Files\Symantec Shared\ccApp.exe" [07/17/2007 08:54 PM]
"TkBellExe"="D:\Program Files\Common Files\Real\Update_OB\realsched.exe" [01/25/2008 06:41 PM]
"Symantec PIF AlertEng"="D:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [01/29/2008 05:38 PM]
"Adobe Reader Speed Launcher"="D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 09:16 PM]
"QuickTime Task"="D:\Program Files\QuickTime\qttask.exe" [03/28/2008 10:37 PM]
"iTunesHelper"="D:\Program Files\iTunes\iTunesHelper.exe" [03/30/2008 09:36 AM]
"SoundMan"="SOUNDMAN.EXE" [11/17/2006 04:42 AM D:\WINDOWS\soundman.exe]
"StartCCC"="D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [11/10/2006 11:35 AM]
"SunJavaUpdateSched"="D:\Program Files\Java\jre6\bin\jusched.exe" [01/19/2009 12:55 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATI Launchpad"="D:\Program Files\ATI Multimedia\main\launchpd.exe" [06/15/2004 10:22 PM]
"ATI Remote Control"="D:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe" [08/26/2004 11:51 PM]
"ctfmon.exe"="D:\WINDOWS\system32\ctfmon.exe" [08/04/2004 07:00 AM]
"MsnMsgr"="D:\Program Files\MSN Messenger\MsnMsgr.exe" [01/19/2007 12:54 PM]
"SpybotSD TeaTimer"="D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [01/28/2008 11:43 AM]

D:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - D:\WINDOWS\Installer\{AC76BA86-1033-0000-BA7E-100000000002}\SC_Acrobat.exe [3/21/2007 6:27:31 AM]
Google Updater.lnk - D:\Program Files\Google\Google Updater\GoogleUpdater.exe [3/24/2007 9:02:50 PM]
HP Digital Imaging Monitor.lnk - D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [5/11/2005 10:23:26 PM]
NETGEAR WPN311 Smart Wizard.lnk - D:\Program Files\NETGEAR\WPN311\wlancfg5.exe [12/4/2006 11:57:38 AM]
WinZip Quick Pick.lnk - D:\Program Files\WinZip\WZQKPICK.EXE [8/3/2007 11:10:00 AM]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ahP53.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\bjQ07.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\bjQ18.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\clS53.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmT75.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\emT75.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\fmT20.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Fmt42.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\fnV64.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\gnU86.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hqX18.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ipX86.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iqX64.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ksB42.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ktC53.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ltB86.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\muC20.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\muC86.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mvD18.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ovD43.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\oxG76.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\pxF10.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\pxF42.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\pxF75.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\pyG07.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\qaH64.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\raH74.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tcJ87.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tcL31.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\udK33.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\udK42.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\veL20.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wfM53.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wfN08.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wgN53.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ygN86.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\yiQ20.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ

*Newly Created Service* - JAVAQUICKSTARTERSERVICE



-- End of Deckard's System Scanner: finished at 2009-01-19 13:13:41 ------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Athlon™ 64 Processor 3000+
Percentage of Memory in Use: 63%
Physical Memory (total/avail): 766.48 MiB / 282.3 MiB
Pagefile Memory (total/avail): 1873.84 MiB / 1190.74 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1912.2 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 74.52 GiB total, 73.76 GiB free.
D: is Fixed (NTFS) - 298.09 GiB total, 276.43 GiB free.
E: is CDROM (CDFS)
F: is CDROM (CDFS)

\\.\PHYSICALDRIVE1 - MAXTOR STM3320620AS - 298.09 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 298.09 GiB - D:

\\.\PHYSICALDRIVE0 - ST380817AS - 74.53 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 74.52 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.

FW: Norton 360 v2007 (SYMANTEC Corporation)
AV: Norton 360 v2007 (SYMANTEC Corperation)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"D:\\Program Files\\MSN Messenger\\msnmsgr.exe"="D:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"D:\\Program Files\\MSN Messenger\\livecall.exe"="D:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"D:\\Program Files\\Google\\Google Talk\\googletalk.exe"="D:\\Program Files\\Google\\Google Talk\\googletalk.exe:*:Enabled:Google Talk"
"D:\\Program Files\\MSN Messenger\\msnmsgr.exe"="D:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"D:\\Program Files\\MSN Messenger\\livecall.exe"="D:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"D:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="D:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"D:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="D:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"D:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"="D:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"D:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"="D:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe:*:Enabled:hpqste08.exe"
"D:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"="D:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"D:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"="D:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe:*:Enabled:hposfx08.exe"
"D:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"="D:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe:*:Enabled:hposid01.exe"
"D:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"="D:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"D:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="D:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"D:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"="D:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"D:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"="D:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"D:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"="D:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"D:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"="D:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"D:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"="D:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe:*:Enabled:hpqdia.exe"
"D:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"="D:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe:*:Enabled:hpoews01.exe"
"D:\\Program Files\\TurboTax\\Deluxe 2006\\32bit\\ttax.exe"="D:\\Program Files\\TurboTax\\Deluxe 2006\\32bit\\ttax.exe:LocalSubNet:Enabled:TurboTax"
"D:\\Program Files\\TurboTax\\Deluxe 2006\\32bit\\updatemgr.exe"="D:\\Program Files\\TurboTax\\Deluxe 2006\\32bit\\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager"
"D:\\Program Files\\TurboTax\\Deluxe 2007\\32bit\\ttax.exe"="D:\\Program Files\\TurboTax\\Deluxe 2007\\32bit\\ttax.exe:LocalSubNet:Enabled:TurboTax"
"D:\\Program Files\\TurboTax\\Deluxe 2007\\32bit\\updatemgr.exe"="D:\\Program Files\\TurboTax\\Deluxe 2007\\32bit\\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager"
"D:\\Program Files\\LimeWire\\LimeWire.exe"="D:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"D:\\Program Files\\iTunes\\iTunes.exe"="D:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=D:\Documents and Settings\All Users
APPDATA=D:\Documents and Settings\Butch\Application Data
CLASSPATH=.;D:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
CommonProgramFiles=D:\Program Files\Common Files
COMPUTERNAME=BUTCH-6CA0ED9CF
ComSpec=D:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=D:
HOMEPATH=\Documents and Settings\Butch
LOGONSERVER=\\BUTCH-6CA0ED9CF
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=D:\Program Files\Internet Explorer;;D:\WINDOWS\system32;D:\WINDOWS;D:\WINDOWS\system32\WBEM;D:\Program Files\ATI Technologies\ATI Control Panel;D:\Program Files\ATI Technologies\ATI.ACE\Core-Static;D:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 47 Stepping 0, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=2f00
ProgramFiles=D:\Program Files
PROMPT=$P$G
QTJAVA=D:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=D:
SystemRoot=D:\WINDOWS
TEMP=D:\DOCUME~1\Butch\LOCALS~1\Temp
TMP=D:\DOCUME~1\Butch\LOCALS~1\Temp
USERDOMAIN=BUTCH-6CA0ED9CF
USERNAME=Butch
USERPROFILE=D:\Documents and Settings\Butch
windir=D:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Butch (admin)
Administrator.BUTCH-6CA0ED9CF (new local, admin)


-- Add/Remove Programs ---------------------------------------------------------

--> "D:\Program Files\Uninstall.exe"
--> D:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> MsiExec.exe /I{219B0DA4-8F1A-499D-8795-4A07C632521E}
--> MsiExec.exe /I{644B991F-B109-4360-9DA3-40CDAD13961C}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 D:\WINDOWS\INF\PCHealth.inf
Adobe Acrobat 7.0.9 Standard --> msiexec /I {AC76BA86-1033-0000-BA7E-100000000002}
Adobe Flash Player ActiveX --> D:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
AnswerWorks 4.0 Runtime - English --> RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}\setup.exe" -l0x9 -removeonly
AppCore --> MsiExec.exe /I{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
ATI - Software Uninstall Utility --> D:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI AVIVO Codecs --> MsiExec.exe /I{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}
ATI Catalyst Control Center --> RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x6c
ATI Control Panel --> RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Decoder --> D:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{EDE28287-D32C-415E-9C97-2BF9F9260150} /l1033
ATI Display Driver --> rundll32 D:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
ATI HYDRAVISION --> RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{083F79E4-6FE9-46FB-A6C6-4F8862742947}\setup.exe"
ATI Multimedia Center 9.01 --> D:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{8988F5D0-C83F-41F4-B41B-86031F9B37F5} /l1033
ATI Parental Control & Encoder --> MsiExec.exe /I{36CDA33B-909B-4719-97D1-C4B99309BDC7}
ATI Remote Wonder 2.5 --> D:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{8F36E44A-E6E7-41B7-B6F6-4637BF84EFA5} /l1033
AV --> MsiExec.exe /I{F4DB525F-A986-4249-B98B-42A8066251CA}
Avanquest update --> D:\Program Files\InstallShield Installation Information\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}\Setup.exe -runfromtemp -l0x0009 -removeonly
Catalyst Control Center - Branding --> MsiExec.exe /I{65C49E8C-2F21-4A3E-9399-EE18B7833F65}
ccCommon --> MsiExec.exe /I{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}
DAO --> D:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{C88E49AA-41C5-4420-A08D-BE1B6C5A3A74}
Free Games Offer, Desktop Shortcut --> MsiExec.exe /X{31DABA20-10A1-4746-9D9F-57955B8DFF66}
GalleryPlayer Images --> D:\WINDOWS\GalleryPlayer Images Uninstaller.exe
GearDrvs --> MsiExec.exe /I{206FD69B-F9FE-4164-81BD-D52552BC9C23}
Google Earth --> MsiExec.exe /I{97C0EA4A-1A0B-4C53-ACEB-49984DA79C90}
Google Talk (remove only) --> "D:\Program Files\Google\Google Talk\uninstall.exe"
Google Toolbar for Firefox --> MsiExec.exe /X{2CCBABCB-6427-4A55-B091-49864623C43F}
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "d:\program files\google\googletoolbar1.dll"
Google Updater --> "D:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
HijackThis 1.99.1 --> D:\Documents and Settings\Butch\Desktop\HijackThis.exe /uninstall
HP Driver Diagnostics --> MsiExec.exe /I{16BE87BC-69F5-4D36-8CF0-E1CB3ACD5ED3}
HP Extended Capabilities 5.3 --> D:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Imaging Device Functions 5.3 --> D:\Program Files\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat
HP OrderReminder --> "D:\Program Files\Hewlett-Packard\OrderReminder\uninstall\hpuninstaller.exe" hp_LaserJet_1018
HP Photosmart Essential --> MsiExec.exe /X{EB21A812-671B-4D08-B974-2A347F0D8F70}
HP PSC & OfficeJet 5.3.B --> "D:\Program Files\HP\Digital Imaging\{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}\setup\hpzscr01.exe" -datfile hposcr07.dat
HP Solution Center & Imaging Support Tools 5.3 --> D:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Update --> MsiExec.exe /X{8C6027FD-53DC-446D-BB75-CACD7028A134}
iTunes --> MsiExec.exe /I{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}
J2SE Runtime Environment 5.0 Update 12 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150120}
Java™ 6 Update 10 --> MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Kaspersky Online Scanner --> D:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
LaserJet 1018 --> D:\Program Files\Zenographics\{ABCDA9E1-1C7A-4465-A2F4-FF8C5A3B4AF4}\setup.exe -u "HPLJInstaller.dll=Hplj1018.inf"
LimeWire 4.16.6 --> "D:\Program Files\LimeWire\uninstall.exe"
LiveUpdate 3.2 (Symantec Corporation) --> "D:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
LiveUpdate Notice (Symantec Corporation) --> MsiExec.exe /X{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}
Logitech Audio Echo Cancellation Component --> MsiExec.exe /X{BEF726DD-4037-4214-8C6A-E625C02D2870}
Logitech Legacy USB Camera Driver Package --> "D:\Program Files\Common Files\LogiShrd\LogiDriverStore\legacyqcam\11.00.1217\LgDrvInst.exe" -remove -instdir"D:\Program Files\Common Files\LogiShrd\LogiDriverStore\legacyqcam\" -enumdelay=2000 -enabledifx -forcedelete -usbhubsfirst -forceremove -cumulativeremove -promptuninstall -arpregkey"legacyqcam_11.00" /clone_wait /hide_progress
Logitech QuickCam --> MsiExec.exe /X{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}
Logitech QuickCam Driver Package --> "D:\Program Files\Common Files\LogiShrd\LogiDriverStore\lvdrivers\11.50.1145\LgDrvInst.exe" -remove -instdir"D:\Program Files\Common Files\LogiShrd\LogiDriverStore\lvdrivers\" -enumdelay=2000 -enabledifx -forcedelete -usbhubsfirst -forceremove -cumulativeremove -promptuninstall -arpregkey"lvdrivers_11.50" /clone_wait /hide_progress
Malwarebytes' Anti-Malware --> "D:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft English TTS Engine --> MsiExec.exe /I{94824ADD-8F26-43D2-84DB-22E11F377E5E}
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Silverlight --> MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Streets & Trips 2007 with GPS Locator --> MsiExec.exe /I{C82185E8-C27B-4EF4-2007-4444BC2C2B6D}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Motorola Driver Installation --> MsiExec.exe /I{3324A5DC-C7F6-430A-ACC8-F251CD8F4FC7}
Motorola Phone Tools --> RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}\setup.exe" -l0x9 -removeonly
Mozilla Firefox (2.0.0.14) --> D:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
MVision --> MsiExec.exe /I{35725FBC-A136-4A46-9F29-091759D9BB93}
NETGEAR WPN311 Wireless Adapter --> D:\Program Files\InstallShield Installation Information\{AB938897-211A-4999-9749-236D2E8E464A}\setup.exe -runfromtemp -l0x0409
Norton 360 --> MsiExec.exe /I{21829177-4DED-4209-AD08-490B3AC9C01A}
Norton 360 --> MsiExec.exe /I{2D617065-1C52-4240-B5BC-C0AE12157777}
Norton 360 --> MsiExec.exe /I{63A6E9A9-A190-46D4-9430-2DB28654AFD8}
Norton 360 (Symantec Corporation) --> "D:\Program Files\Common Files\Symantec Shared\SymSetup\{2D617065-1C52-4240-B5BC-C0AE12157777}_1_3_0_24\{2D617065-1C52-4240-B5BC-C0AE12157777}.exe" /X
Norton 360 Help --> MsiExec.exe /I{1CA941F1-5006-487E-9FD4-09F812A7D6B8}
Norton Confidential Browser Component --> MsiExec.exe /I{4843B611-8FCB-4428-8C23-31D0A5EAE164}
Norton Confidential Web Authentification Component --> MsiExec.exe /I{3074EB89-1BCA-4AEF-AFF4-EFB4634C1923}
Norton Confidential Web Protection Component --> MsiExec.exe /I{D353CC51-430D-4C6F-9B7E-52003DA1E05A}
OpenOffice.org 2.2 --> MsiExec.exe /I{A1C8D94A-4303-4489-B585-4B6E6CD408CB}
PartyPoker --> "D:\Program Files\PartyGaming\PartyPoker\Uninstall.exe" "D:\Program Files\PartyGaming\PartyPoker\install.log"
Picasa 2 --> "D:\Program Files\Picasa2\Uninstall.exe"
Quicken 2007 --> MsiExec.exe /X{0D2E80C8-0875-43EB-9623-47118E2DFBCA}
QuickTime --> MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
RealPlayer --> D:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek AC'97 Audio --> RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\Setup.exe" -l0x9 -removeonly
Rhapsody Player Engine --> MsiExec.exe /I{22DE1881-9D24-4981-B5CC-EC7E9F2F4D52}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
SIM editor 4.0 --> D:\Program Files\SIM editor\uninst.exe
SPBBC 32bit --> MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
Spybot - Search & Destroy --> "D:\Program Files\Spybot - Search & Destroy\unins000.exe"
SuppSoft --> MsiExec.exe /I{022DA2C3-81C7-4003-A6BC-1BB147B20097}
Symantec Technical Support Controls --> MsiExec.exe /I{92B1B3CC-EC78-45B8-96D0-8B3F11495864}
Symantec Technical Support Web Controls --> MsiExec.exe /X{9743AF47-B746-4324-B4C4-512E67D04370}
SymNet --> MsiExec.exe /I{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}
The Weather Channel Desktop --> D:\Program Files\The Weather Channel FW\Desktop Weather\TheWeatherChannelCustomUninstall.exe
TTS Wrapper --> MsiExec.exe /I{97D0C0A1-7E64-4B05-A2EE-61D2CE23F154}
TurboTax Deluxe 2007 --> D:\Program Files\TurboTax\Deluxe 2007\TaxUnst.EXE "D:\Program Files\TurboTax\Deluxe 2007\Uninstall.log" -NoGui
TurboTax Deluxe Deduction Maximizer 2006 --> D:\Program Files\TurboTax\Deluxe 2006\TaxUnst.EXE "D:\Program Files\TurboTax\Deluxe 2006\Uninstall.log" -NoGui
TurboTax ItsDeductible 2006 --> MsiExec.exe /X{AFF1EA96-9C23-4249-B7D4-CD4B54D4582F}
TurboTax Premier 2005 --> D:\Program Files\TurboTax\Premier 2005\TaxUnst.EXE "D:\Program Files\TurboTax\Premier 2005\Uninstall.log" -NoGui
WexTech AnswerWorks --> RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{EA2BEBD6-87B9-41E5-95AC-7E4C165A9475}\SETUP.EXE" -l0x9 -eliminate
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Live Sign-in Assistant --> MsiExec.exe /I{49672EC2-171B-47B4-8CE7-50D7806360D7}
Windows Live Toolbar --> "D:\Program Files\Windows Live Toolbar\UnInstall.exe" {D5A145FC-D00C-4F1A-9119-EB4D9D659750}
Windows Live Toolbar --> MsiExec.exe /X{D5A145FC-D00C-4F1A-9119-EB4D9D659750}
Windows Media Encoder 9 Series --> msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Encoder 9 Series --> MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Format 11 runtime --> "D:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinZip 11.1 --> MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}
XML Paper Specification Shared Components Pack 1.0 -->


-- Application Event Log -------------------------------------------------------

Event Record #/Type1265 / Error
Event Submitted/Written: 01/19/2009 00:54:05 PM
Event ID/Source: 10005 / MsiInstaller
Event Description:
Product: Sun xVM VirtualBox -- This application only runs on 64 bits Windows systems. Please install the 32 bits version of VirtualBox.

Event Record #/Type1264 / Warning
Event Submitted/Written: 01/19/2009 07:51:29 AM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}', feature 'QuickCam' failed during request for component '{62BA7C13-20BB-41F7-A6A4-482632CE53D4}'

Event Record #/Type1263 / Warning
Event Submitted/Written: 01/19/2009 07:51:29 AM
Event ID/Source: 1004 / MsiInstaller
Event Description:
Detection of product '{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}', feature 'QuickCam', component '{B52C7B4D-F46F-438C-ADF2-05A138C57757}' failed. The resource 'HKEY_CURRENT_USER\Software\Logitech\InstallerKeys\QCDesktopShortcutKey' does not exist.

Event Record #/Type1262 / Warning
Event Submitted/Written: 01/19/2009 07:51:29 AM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}', feature 'QuickCam' failed during request for component '{62BA7C13-20BB-41F7-A6A4-482632CE53D4}'

Event Record #/Type1261 / Warning
Event Submitted/Written: 01/19/2009 07:51:29 AM
Event ID/Source: 1004 / MsiInstaller
Event Description:
Detection of product '{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}', feature 'QuickCam', component '{B52C7B4D-F46F-438C-ADF2-05A138C57757}' failed. The resource 'HKEY_CURRENT_USER\Software\Logitech\InstallerKeys\QCDesktopShortcutKey' does not exist.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type5763 / Warning
Event Submitted/Written: 01/19/2009 07:23:37 AM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 00184DED79EF. The following
error occurred:
%%1223.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Event Record #/Type5751 / Warning
Event Submitted/Written: 01/19/2009 07:23:27 AM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 00184DED79EF. The following
error occurred:
%%1223.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Event Record #/Type5750 / Warning
Event Submitted/Written: 01/19/2009 07:23:27 AM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 00184DED79EF. The following
error occurred:
%%1223.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Event Record #/Type5742 / Warning
Event Submitted/Written: 01/19/2009 07:23:24 AM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 00184DED79EF. The following
error occurred:
%%1223.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Event Record #/Type5740 / Error
Event Submitted/Written: 01/19/2009 07:22:59 AM / 01/19/2009 07:23:18 AM
Event ID/Source: 12294 / ati2mtag
Event Description:
CRT invalid display type



-- End of Deckard's System Scanner: finished at 2009-01-19 13:13:41 ------------

BC AdBot (Login to Remove)

 


#2 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:03:19 PM

Posted 22 May 2008 - 06:52 AM

Hello Butch88 and welcome to BleepingComputer,

1. * Clean your Cache and Cookies in IE:
  • Close all instances of Outlook Express and Internet Explorer
  • Go to Control Panel > Internet Options > General tab
  • Under Browsing History, click Delete.
  • Click Delete Files, Delete cookies and Delete history
  • Click Close below.
* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):
  • Go to Tools > Options.
  • Click Privacy in the menu..
  • Click the Clear now button below.. A new window will popup what to clear.
  • Select all and click the Clear button again.
  • Click OK to close the Options window
* Clean other Temporary files + Recycle bin
  • Go to start > run and type: cleanmgr and click ok.
  • Let it scan your system for files to remove.
  • Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.
  • Press OK to remove them.
2. Please download Malwarebytes' Anti-Malware from Here or Here

Doubleclick mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply along with a fresh HijackThis log.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

3. Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first.
The Windows Recovery Console will allow you to boot up into a special recovery mode, in case your computer has a problem after an attempted removal of malware. This allows us to help you .

In the event you already have Combofix, delete your current version and download the latest version as described in the tutorial.
It must be saved directly to your desktop.


Note: Make sure not to click ComboFix's window while it's running. That may cause it to stall or freeze.

Please post the log from ComboFix (can also be found as C:\ComboFix.txt) in your next reply. :thumbsup:

If you have any questions along the way, STOP and ask them before proceeding !!

Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference

#3 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:03:19 PM

Posted 19 June 2008 - 08:07 AM

Since there is no feedback anymore, I assume this issue is resolved ... so, this Topic is closed.
If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users