Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need Help! Had Virtumunde...


  • This topic is locked This topic is locked
8 replies to this topic

#1 dc.redwings19

dc.redwings19

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tennessee
  • Local time:10:20 AM

Posted 04 June 2008 - 11:37 AM

I have installed and ran ESET, Kaspersky, Spybot, AdAware at some point or another and still seem to be getting issues. Please help. I currently run Comodo Firewall and Spybot and Kaspersky (trial).

Here is the log of DSS/HiJackThis.

Deckard's System Scanner v20071014.68
Run by DHHCOUTCHER on 2008-06-04 11:17:38
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- Last 2 Restore Point(s) --
2: 2008-06-04 15:38:06 UTC - RP857 - Installed Kaspersky Anti-Virus 7.0.
1: 2008-06-04 15:14:07 UTC - RP856 - Removed ESET NOD32 Antivirus


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as DHHCOUTCHER.exe) -----------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:28:59 AM, on 6/4/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\vVX6000.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\SiteAdvisor\6261\SiteAdv.exe
C:\Program Files\TrojanHunter 5.0\THGuard.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Comodo\CBOClean\BOC426.EXE
C:\Program Files\Comodo\Firewall\cfp.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Users\DHHCOUTCHER\Desktop\dss.exe
C:\PROGRA~1\Trend Micro\HijackThis\DHHCOUTCHER.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=4061212
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=4061212
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O2 - BHO: (no name) - {2178018A-2E1D-460F-89FB-77E03F7F8045} - (no file)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {F20E45CD-8009-424B-8905-61E7247A9FAA} - (no file)
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - (no file)
O4 - HKLM\..\Run: [VX6000] C:\Windows\vVX6000.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe"
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 5.0\THGuard.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [BOC-426] C:\PROGRA~1\Comodo\CBOClean\BOC426.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\byXNdbcD.dll,#1
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\RunServices: [SSDPSRV] C:\Windows\system32\ssdpsrv.exe
O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network Diagnostic\xpnetdiag.exe
O15 - Trusted Zone: *.easysite.com
O15 - Trusted Zone: http://*.easysite.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/u...can_unicode.cab
O16 - DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} (Scanner.SysScanner) - http://i.dell.com/images/global/js/scanner/SysProExe.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.costcophotocenter.com/CostcoActivia.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A8CD5839-C7B2-4B24-93C2-A1CB654103EE}: NameServer = 68.87.68.162,68.87.74.162
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - (no file)
O20 - AppInit_DLLs: C:\Windows\system32\guard32.dll,C:\PROGRA~1\Kaspersky Lab\Kaspersky Anti-Virus 7.0\r3hook.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: BOCore - COMODO - C:\Program Files\Comodo\CBOClean\BOCORE.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\Windows\system32\CTsvcCDA.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c8c19bbf455014) (gupdate1c8c19bbf455014) - Google Inc. - C:\Program Files\Google\Update\1.1.27.3\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: Process Monitor (LVPrcSrv) - Unknown owner - (no file)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
O23 - Service: XobniService - Xobni Corporation - C:\Program Files\Xobni\XobniService.exe

--
End of file - 11081 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\Trend Micro\HijackThis\backups\) ------

backup-20080603-161655-453 O2 - BHO: (no name) - {2178018A-2E1D-460F-89FB-77E03F7F8045} - C:\Windows\system32\cbXPGXpp.dll
backup-20080603-161655-826 O2 - BHO: {49216d8b-a7f8-114a-e5c4-0e4d96e8ad3f} - {f3da8e69-d4e0-4c5e-a411-8f7ab8d61294} - C:\Windows\system32\ruhtpiqp.dll
backup-20080603-161655-880 O2 - BHO: (no name) - {166BCB27-FCFD-4588-9BDB-44FC6A02EF35} - C:\Windows\system32\yayyATlk.dll
backup-20080603-161803-807 O2 - BHO: (no name) - {2178018A-2E1D-460F-89FB-77E03F7F8045} - C:\Windows\system32\cbXPGXpp.dll
backup-20080603-161832-508 O2 - BHO: (no name) - {2178018A-2E1D-460F-89FB-77E03F7F8045} - C:\Windows\system32\cbXPGXpp.dll
backup-20080603-161931-393 O13 - Gopher Prefix:

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 hnmwrlspkt (HomeNet Manager Wireless Protocol) - c:\windows\system32\drivers\hnm_wrls_pkt.sys <Not Verified; SingleClick Systems; Wireless Protocol Driver>
R2 Packet (Auto Internet Protocol) - c:\windows\system32\drivers\packet.sys <Not Verified; SingleClick Systems; Auto IP Protocol Driver>
R2 wsppkt (Wireless Security Protocol) - c:\windows\system32\drivers\wsp_pkt.sys <Not Verified; SingleClick Systems; Wireless Security Protocol Driver>

S3 mcdbus (Driver for MagicISO SCSI Host Controller) - c:\windows\system32\drivers\mcdbus.sys <Not Verified; MagicISO, Inc.; MagicISO SCSI Host Controller>
S4 dac2w2k - c:\windows\system32\drivers\dac2w2k.sys <Not Verified; Mylex Corporation; Mylex Disk Array Controller Driver>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 AdobeActiveFileMonitor5.0 (Adobe Active File Monitor V5) - c:\program files\adobe\photoshop elements 5.0\photoshopelementsfileagent.exe
R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Creative Labs Licensing Service - "c:\program files\common files\creative labs shared\service\creativelicensing.exe" <Not Verified; Creative Labs; Creative Labs Licensing Service>
R2 STacSV (SigmaTel Audio Service) - c:\program files\sigmatel\c-major audio\wdm\stacsv.exe <Not Verified; SigmaTel, Inc.; C-Major Audio>
R2 XobniService - "c:\program files\xobni\xobniservice.exe" <Not Verified; Xobni Corporation; XobniService>

S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>
S3 stllssvr -


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-06-04 11:25:14 430 --ah----- C:\Windows\Tasks\User_Feed_Synchronization-{41AC7302-F952-4C5C-AA0A-F1B88B60DAE1}.job
2008-06-04 11:09:18 450 --a------ C:\Windows\Tasks\RegCure Program Check.job
2008-06-04 11:09:16 340 --a------ C:\Windows\Tasks\GoogleUpdateTask.job
2008-05-10 08:36:45 384 --a------ C:\Windows\Tasks\RegCure.job


-- Files created between 2008-05-04 and 2008-06-04 -----------------------------

2008-06-04 10:55:57 91700 --a------ C:\Windows\system32\drivers\klin.dat
2008-06-04 10:55:57 85860 --a------ C:\Windows\system32\drivers\klick.dat
2008-06-04 10:40:49 9797664 --ahs---- C:\Windows\system32\drivers\fidbox.dat
2008-06-04 10:40:48 0 d-------- C:\Program Files\Kaspersky Lab
2008-06-04 10:36:58 0 d-------- C:\kav
2008-06-04 09:25:08 126976 --a------ C:\Windows\system32\atixsovx.dll
2008-06-04 09:06:03 116736 --a------ C:\Windows\system32\bbclcoxk.dll
2008-06-04 09:00:43 126976 --a------ C:\Windows\system32\yncyigxe.dll
2008-06-04 09:00:02 746095 --ahs---- C:\Windows\system32\SsuvCfhk.ini2
2008-06-04 09:00:00 371712 -----n--- C:\Windows\system32\khfCvusS.dll
2008-06-04 08:54:55 58368 --a------ C:\Windows\system32\byXNdbcD.dll
2008-06-03 23:42:46 0 d-------- C:\Windows\system32\Kaspersky Lab
2008-06-03 22:38:37 115200 --a------ C:\Windows\system32\hdnyrgfk.dll
2008-06-03 22:30:30 133120 --a------ C:\Windows\system32\mlkmhjfr.dll
2008-06-03 22:23:31 133120 --a------ C:\Windows\system32\mtlwrxel.dll
2008-06-03 21:28:34 133120 --a------ C:\Windows\system32\asmtobmj.dll
2008-06-03 20:52:40 0 d-------- C:\Users\DHHCOUTCHER\Pavark
2008-06-03 20:44:25 1520122 ---hs---- C:\Windows\system32\isbdhgcn.ini2
2008-06-03 20:44:08 115200 --a------ C:\Windows\system32\ncghdbsi.dll
2008-06-03 20:25:07 0 d-------- C:\Program Files\Comodo
2008-06-03 19:56:07 742137 --ahs---- C:\Windows\system32\OpsAKUvw.ini2
2008-06-03 17:13:47 133120 --a------ C:\Windows\system32\kcbvqblg.dll
2008-06-03 17:13:44 115200 -----n--- C:\Windows\system32\tjaauojo.dll
2008-06-03 17:11:04 0 d-------- C:\Program Files\TrojanHunter 5.0
2008-06-03 14:48:15 294 ---hs---- C:\Windows\system32\ujhitnyl.ini2
2008-06-03 13:04:13 0 d-------- C:\Windows\Little Farm
2008-06-03 13:04:13 0 d-------- C:\Program Files\Little Farm
2008-06-03 10:51:09 133120 --a------ C:\Windows\system32\yedmqshi.dll
2008-06-03 10:03:57 737264 --ahs---- C:\Windows\system32\ppXGPXbc.ini2
2008-06-02 10:24:12 132096 --a------ C:\Windows\system32\eopnwrgy.dll
2008-06-02 08:00:34 132096 --a------ C:\Windows\system32\nvxnagud.dll
2008-06-01 11:55:23 0 d-------- C:\Program Files\Lavasoft
2008-05-30 11:23:49 125440 --a------ C:\Windows\system32\cbtpvaws.dll
2008-05-30 10:20:33 134144 --a------ C:\Windows\system32\sjwvlcks.dll
2008-05-30 08:39:05 125440 --a------ C:\Windows\system32\ebfismij.dll
2008-05-29 15:45:05 0 d-------- C:\Program Files\BitDefender
2008-05-29 15:43:26 0 d-------- C:\Program Files\Common Files\BitDefender
2008-05-29 15:37:45 345 --ahs---- C:\Windows\system32\QBaKUwEg.ini2
2008-05-29 14:59:31 0 d-------- C:\Program Files\TweakNow RegCleaner Professional
2008-05-26 09:30:24 0 d-------- C:\Program Files\Stardock
2008-05-26 09:25:54 2560 --a------ C:\Windows\_MSRSTRT.EXE
2008-05-26 07:43:55 0 d-------- C:\Program Files\MagicISO
2008-05-24 19:49:23 0 d-------- C:\Program Files\BurnAware Free Edition
2008-05-22 16:37:17 0 d-------- C:\Program Files\ODF
2008-05-20 12:29:21 0 d-------- C:\Program Files\ebay
2008-05-20 12:20:01 0 d-------- C:\Program Files\Mozilla Firefox3
2008-05-20 11:02:18 0 d-------- C:\Program Files\Yahoo!
2008-05-19 17:34:35 0 d-------- C:\Program Files\Common Files\Stardock
2008-05-13 10:49:03 0 d-------- C:\Program Files\Hewlett-Packard
2008-05-13 10:48:38 0 d-------- C:\Program Files\Common Files\HP
2008-05-13 10:45:26 148932 --a------ C:\Windows\hpoins19.dat
2008-05-13 10:45:06 26952 --a------ C:\Windows\hpomdl19.dat
2008-05-13 07:38:19 0 d-------- C:\Program Files\DExposE2
2008-05-10 00:28:31 0 d-------- C:\Program Files\VideoLAN
2008-05-10 00:22:24 0 d-------- C:\Program Files\RegCure
2008-05-10 00:06:55 0 d-------- C:\Windows\RegCure
2008-05-09 17:37:24 0 d-------- C:\Program Files\Common Files\xing shared
2008-05-07 10:42:51 0 d-------- C:\Program Files\Xobni
2008-05-07 10:34:00 0 d-------- C:\Program Files\VistaCodecPack
2008-05-06 14:09:05 0 d-------- C:\Program Files\Starfield
2008-05-04 12:28:00 7680 --a------ C:\Windows\system32\ff_vfw.dll


-- Find3M Report ---------------------------------------------------------------

2008-06-04 09:31:17 0 d-------- C:\Users\DHHCOUTCHER\AppData\Roaming\WinPatrol
2008-06-04 08:25:21 0 d-------- C:\Users\DHHCOUTCHER\AppData\Roaming\uTorrent
2008-06-03 20:39:28 0 d-------- C:\Users\DHHCOUTCHER\AppData\Roaming\Comodo
2008-06-03 20:17:09 0 d-------- C:\Program Files\Java
2008-06-03 19:48:39 0 d-------- C:\Users\DHHCOUTCHER\AppData\Roaming\TrojanHunter
2008-06-01 11:54:18 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-29 15:43:26 0 d-------- C:\Program Files\Common Files
2008-05-29 14:59:06 0 d-------- C:\Program Files\TweakNow RegCleaner Std
2008-05-29 09:53:52 0 d-------- C:\Program Files\Google
2008-05-27 15:48:52 0 d-------- C:\Users\DHHCOUTCHER\AppData\Roaming\Image Zone Express
2008-05-25 23:11:29 92 --a------ C:\Users\DHHCOUTCHER\AppData\Roaming\burnaware.ini
2008-05-23 14:44:46 0 d-------- C:\Users\DHHCOUTCHER\AppData\Roaming\SiteAdvisor
2008-05-23 08:38:04 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-23 08:38:03 0 d-------- C:\Users\DHHCOUTCHER\AppData\Roaming\COWON
2008-05-22 08:11:12 0 d-------- C:\Program Files\SiteAdvisor
2008-05-20 12:29:25 0 d-------- C:\Users\DHHCOUTCHER\AppData\Roaming\com.ebay.sandimas.public-beta.AA1EEF5552BF52051F68E7EAF27E23FA6449A65C.1
2008-05-20 11:15:26 0 d-------- C:\Users\DHHCOUTCHER\AppData\Roaming\Yahoo!
2008-05-19 16:26:14 0 d-------- C:\Program Files\Common Files\Logishrd
2008-05-18 15:22:28 0 d-------- C:\Users\DHHCOUTCHER\AppData\Roaming\Adobe
2008-05-15 17:57:02 0 d-------- C:\Users\DHHCOUTCHER\AppData\Roaming\U3
2008-05-14 08:13:05 0 d-------- C:\Program Files\Windows Mail
2008-05-13 10:51:55 0 d-------- C:\Program Files\HP
2008-05-10 00:29:13 0 d-------- C:\Users\DHHCOUTCHER\AppData\Roaming\vlc
2008-05-09 17:37:16 0 d-------- C:\Program Files\Common Files\Real
2008-05-09 13:06:46 0 d-------- C:\Users\DHHCOUTCHER\AppData\Roaming\Vso
2008-05-09 13:04:47 0 d-------- C:\Program Files\AviSynth 2.5
2008-05-03 16:24:44 0 d-------- C:\Program Files\AGEIA Technologies
2008-05-03 16:03:20 0 d-------- C:\Program Files\Ubisoft
2008-05-02 17:45:49 0 d-------- C:\Program Files\TuneUp Utilities 2008
2008-05-02 17:10:51 0 d-------- C:\Program Files\Electronic Arts
2008-05-02 17:08:19 540 --a------ C:\Users\DHHCOUTCHER\AppData\Roaming\AutoGK.ini
2008-05-02 12:20:10 0 d-------- C:\Program Files\WarRock
2008-05-02 11:34:03 0 d-------- C:\Program Files\Mozilla Thunderbird
2008-05-02 11:19:44 0 d-------- C:\Program Files\AMP
2008-05-02 11:19:39 0 d-------- C:\Program Files\Common Files\Adobe AIR
2008-04-25 21:19:41 0 d-------- C:\Program Files\Neat Image
2008-04-22 11:49:44 0 d-------- C:\Program Files\uTorrent
2008-04-22 11:02:07 0 d-------- C:\Program Files\ASAP Utilities
2008-04-22 11:02:03 0 d-------- C:\Users\DHHCOUTCHER\AppData\Roaming\ASAP Utilities
2008-04-18 08:31:58 0 d-------- C:\Users\DHHCOUTCHER\AppData\Roaming\Markzware
2008-04-17 11:05:26 187176 --ah----- C:\Windows\system32\mlfcache.dat
2008-04-17 09:57:43 0 d-------- C:\Program Files\Apple Software Update
2008-04-15 08:06:04 0 d-------- C:\Program Files\AutoGK
2008-04-15 08:06:01 43698 --a------ C:\Windows\system32\xvid-uninstall.exe
2008-04-12 07:41:20 180224 --a------ C:\Windows\system32\xvidvfw.dll
2008-04-12 07:30:20 765952 --a------ C:\Windows\system32\xvidcore.dll
2008-04-08 13:00:48 737280 --a------ C:\Windows\iun6002.exe <Not Verified; Indigo Rose Corporation; Setup Factory 6.0 Runtime Module>
2008-04-08 09:48:23 0 d-------- C:\Users\DHHCOUTCHER\AppData\Roaming\Move Networks
2008-04-07 12:25:43 0 d-------- C:\Program Files\LameFE
2008-04-07 10:13:18 0 d-------- C:\Program Files\iTunes
2008-04-07 09:48:57 0 d-------- C:\Program Files\RGB
2008-04-07 09:41:12 0 d-------- C:\Program Files\VS Revo Group
2008-04-04 10:07:05 0 d-------- C:\Program Files\Recuva
2008-04-04 10:06:50 0 d-------- C:\Program Files\Defraggler
2008-04-04 09:52:53 0 d-------- C:\Program Files\iPod
2008-04-04 09:51:03 0 d-------- C:\Program Files\QuickTime
2008-04-01 10:56:28 34 --a------ C:\Users\DHHCOUTCHER\AppData\Roaming\pcouffin.log
2008-04-01 10:56:24 7887 --a------ C:\Users\DHHCOUTCHER\AppData\Roaming\pcouffin.cat
2008-04-01 10:53:57 668 --a------ C:\Users\DHHCOUTCHER\AppData\Roaming\vso_ts_preview.xml
2008-03-21 10:43:24 28161 --a------ C:\Users\DHHCOUTCHER\AppData\Roaming\Comma Separated Values (Windows).ADR
2008-03-06 18:29:44 966656 --a------ C:\Windows\system32\VSFilter.dll <Not Verified; Gabest; VSFilter>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2178018A-2E1D-460F-89FB-77E03F7F8045}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F20E45CD-8009-424B-8905-61E7247A9FAA}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VX6000"="C:\Windows\vVX6000.exe" [04/10/2007 02:46 PM]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [11/22/2006 09:20 PM]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [02/29/2008 03:12 AM C:\Windows\KHALMNPR.Exe]
"LifeCam"="C:\Program Files\Microsoft LifeCam\LifeExp.exe" [05/17/2007 02:45 PM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [03/28/2008 11:37 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [03/30/2008 10:36 AM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [05/09/2008 05:36 PM]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [12/10/2006 09:52 PM]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6261\SiteAdv.exe" [12/19/2006 09:37 PM]
"THGuard"="C:\Program Files\TrojanHunter 5.0\THGuard.exe" [02/08/2008 11:22 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [03/25/2008 04:28 AM]
"BOC-426"="C:\PROGRA~1\Comodo\CBOClean\BOC426.exe" [04/10/2008 11:08 AM]
"COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\cfp.exe" [06/03/2008 10:36 PM]
"MSServer"="C:\Windows\system32\byXNdbcD.dll" []
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [02/08/2008 06:36 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [01/31/2007 07:37 PM]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [11/10/2006 03:35 PM]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [01/28/2008 11:43 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"Spybot - Search & Destroy"="C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"SSDPSRV"=C:\Windows\system32\ssdpsrv.exe

C:\Users\DHHCOUTCHER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe [5/26/2008 9:30:25 AM]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [1/2/2007 9:40:10 PM]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [9/12/2007 10:57:36 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)
"EnableLUA"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoLowDiskSpaceChecks"=1 (0x1)
"NoToolbarCustomize"=0 (0x0)
"NoFileMenu"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"= C:\Windows\system32\guard32.dll,C:\PROGRA~1\Kaspersky Lab\Kaspersky Anti-Virus 7.0\r3hook.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\Windows\system32\khfCvusS

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Digital Line Detect.lnk]
backup=C:\Windows\pss\Digital Line Detect.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^DHHCOUTCHER^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^DING!.lnk]
backup=C:\Windows\pss\DING!.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HIDDaemon]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HIDPATCH]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ModemOnHold]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminator]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VoiceCenter]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SightSpeed"=C:\Program Files\SightSpeed\SightSpeed.exe -minimized
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe
"ehTray.exe"=C:\Windows\ehome\ehTray.exe
"<NO NAME>"=

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"PCMService"="C:\Program Files\Dell\MediaDirect\PCMService.exe"
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum
WudfServiceGroup WUDFSvc
HPZ12 Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt hpqcxs08 hpqddsvc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

*Newly Created Service* - KL1

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static]
msiexec /fums {537DCF03-71F2-E659-C402-516AE3F1003F} /qb

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- Hosts -----------------------------------------------------------------------

127.0.0.1 update.bitdefender.com127.0.0.1 update.bitdefender.com127.0.0.1 update.bitdefender.com
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com

8555 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-06-04 11:30:00 ------------



Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft® Windows Vista™ Home Premium (build 6000)
Architecture: X86; Language: English

CPU 0: Intel® Core™2 CPU T7200 @ 2.00GHz
Percentage of Memory in Use: 38%
Physical Memory (total/avail): 2045.82 MiB / 1259.07 MiB
Pagefile Memory (total/avail): 5031.87 MiB / 3995.14 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1918.13 MiB

C: is Fixed (NTFS) - 67.83 GiB total, 18.47 GiB free.
D: is CDROM (No Media)
F: is Fixed (NTFS) - 298.09 GiB total, 121.1 GiB free.

\\.\PHYSICALDRIVE0 - Hitachi HTS721080G9SA00 ATA Device - 74.53 GiB - 4 partitions
\PARTITION0 - Unknown - 47.03 MiB
\PARTITION1 (bootable) - Installable File System - 67.83 GiB - C:
\PARTITION2 - Extended w/Extended Int 13 - 2047.35 MiB
\PARTITION3 - Unknown - 4.64 GiB

\\.\PHYSICALDRIVE1 - WDC WD32 00JB-00KFA0 USB Device - 298.09 GiB - 1 partition
\PARTITION0 - Installable File System - 298.09 GiB - F:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FW: COMODO Firewall Pro v3.0 (COMODO)
AV: ESET NOD32 Antivirus 3.0 v3.0 (ESET, spol. s r. o.)
AV: Kaspersky Anti-Virus v7.0.1.325 (Kaspersky Lab) Disabled
AS: ESET NOD32 Antivirus 3.0 v3.0 (ESET, spol. s r. o.)
AS: Avira AntiVir PersonalEdition v 7.0.0.50
(Avira GmbH)
AS: Spybot - Search and Destroy v1.0.0.5 (Safer Networking Ltd.)
AS: AVG Anti-Spyware v7, 5, 1, 43 (GRISOFT s.r.o.)
AS: Windows Defender v1.1.1505.0 (Microsoft Corporation)
AS: Kaspersky Anti-Virus v7.0.1.325 (Kaspersky Lab) Disabled

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Dell Network Assistant\\ezi_hnm2.exe"="C:\\Program Files\\Dell Network Assistant\\ezi_hnm2.exe:*:Enabled:Dell Network Assistant"
"C:\\Program Files\\Dell\\MediaDirect\\PCMService.exe"="C:\\Program Files\\Dell\\MediaDirect\\PCMService.exe:*:Enabled:CyberLink PowerCinema Resident Program"
"C:\\Program Files\\Electronic Arts\\Battlefield 2142\\BF2142.exe"="C:\\Program Files\\Electronic Arts\\Battlefield 2142\\BF2142.exe:*:Enabled:Battlefield 2"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"="C:\\Program Files\\Microsoft LifeCam\\LifeCam.exe:*:Enabled:LifeCam.exe"
"C:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"="C:\\Program Files\\Microsoft LifeCam\\LifeExp.exe:*:Enabled:LifeExp.exe"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\ProgramData
APPDATA=C:\Users\DHHCOUTCHER\AppData\Roaming
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_04\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=HNDLAPTOP
ComSpec=C:\Windows\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Users\DHHCOUTCHER
LOCALAPPDATA=C:\Users\DHHCOUTCHER\AppData\Local
LOGONSERVER=\\HNDLAPTOP
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files\Microsoft SQL Server\80\Tools\Binn\;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 6, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f06
ProgramData=C:\ProgramData
ProgramFiles=C:\Program Files
PROMPT=$P$G
PUBLIC=C:\Users\Public
QTJAVA=C:\Program Files\Java\jre1.6.0_04\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\Windows
TEMP=C:\Users\DHHCOU~1\AppData\Local\Temp
TMP=C:\Users\DHHCOU~1\AppData\Local\Temp
USERDOMAIN=HNDLAPTOP
USERNAME=DHHCOUTCHER
USERPROFILE=C:\Users\DHHCOUTCHER
windir=C:\Windows


-- User Profiles ---------------------------------------------------------------

DHHCOUTCHER (admin)
Administrator (new local)


-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program Files\Creative Installation Information\CREATIVE_MEDIASOURCE_U\Setup.exe" /remove /l0x0009
--> "C:\Program Files\Creative Installation Information\CTCMSGO\Setup.exe" /remove /l0x0009
--> "C:\Program Files\Creative Installation Information\E-CENTER_NET_CONTENT_U\Setup.exe" /remove /l0x0009
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> MsiExec /X{95FC26FB-19FD-4A96-BBB1-B1062E8648F5}
--> MsiExec.exe /I{C4CBAD7E-DF4A-4FEC-AC17-8BC709AFB844}
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2670895A-4E6C-4450-B868-7B7DB80A3357}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2670895A-4E6C-4450-B868-7B7DB80A3357}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5EEE551B-7692-4D68-91BF-DAD745243AFB}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AA9944C8-7D34-475E-8C90-2788685B2C47}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AA9944C8-7D34-475E-8C90-2788685B2C47}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AAEF329E-F353-46C9-933D-24A571986093}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AAEF329E-F353-46C9-933D-24A571986093}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AC406C89-7668-46AE-8EFE-75D199C055AB}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AC406C89-7668-46AE-8EFE-75D199C055AB}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FBFF2411-D066-4D24-BCE0-893086009E1B}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FBFF2411-D066-4D24-BCE0-893086009E1B}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FCCDA302-32D9-4AE7-A094-4BE677554F26}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FCCDA302-32D9-4AE7-A094-4BE677554F26}\setup.exe" -l0x9 /remove
µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
32 Bit HP CIO Components Installer --> MsiExec.exe /I{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}
Ad-Aware --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe AIR --> C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR --> MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F}
Adobe Anchor Service CS3 --> MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3 --> MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3 --> MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting --> MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0 --> MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps --> MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific --> MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings --> C:\Program Files\Common Files\Adobe\Installers\6c8e2cb4fd241c55406016127a6ab2e\Setup.exe
Adobe Color Common Settings --> MsiExec.exe /I{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}
Adobe Color EU Extra Settings --> MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings --> MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings --> MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Default Language CS3 --> MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3 --> MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe ExtendScript Toolkit 2 --> C:\Program Files\Common Files\Adobe\Installers\3e054d2218e7aa282c2369d939e58ff\Setup.exe
Adobe ExtendScript Toolkit 2 --> MsiExec.exe /I{77D2A9D3-5800-43E3-B274-87841BC87DB2}
Adobe Flash Player ActiveX --> C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Fonts All --> MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Center 2.1 --> MsiExec.exe /I{25569723-DC5A-4467-A639-79535BF01B71}
Adobe Help Viewer CS3 --> MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Linguistics CS3 --> MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe Media Player --> C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe -uninstall com.adobe.amp 4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
Adobe Media Player --> MsiExec.exe /I{1EBB57D4-63FF-87CC-A0F0-D73982CF6008}
Adobe PDF Library Files --> MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3 --> C:\Program Files\Common Files\Adobe\Installers\2ac78060bc5856b0c1cf873bb919b58\Setup.exe
Adobe Photoshop CS3 --> MsiExec.exe /I{0046FA01-C5B9-4985-BACB-398DC480FC05}
Adobe Photoshop Elements 5.0 --> msiexec /I {A7B609FB-83D8-4FC3-8477-1BC65ECFE85B}
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Setup --> MsiExec.exe /I{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}
Adobe Setup --> MsiExec.exe /I{8AE03988-8C8C-40EE-BDC7-76781BEF1B1D}
Adobe Setup --> MsiExec.exe /I{D1BB4446-AE9C-4256-9A7F-4D46604D2462}
Adobe Shockwave Player --> C:\Windows\System32\Adobe\Shockwave 11\UNWISE.EXE C:\Windows\System32\Adobe\Shockwave 11\Install.log
Adobe Stock Photos CS3 --> MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support --> MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3 --> MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client --> MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin --> MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3 --> MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
AGEIA PhysX v7.11.13 --> MsiExec.exe /X{95FC26FB-19FD-4A96-BBB1-B1062E8648F5}
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
ASAP Utilities --> "C:\Program Files\ASAP Utilities\unins000.exe"
Auto Gordian Knot 2.45 --> C:\Program Files\AutoGK\uninst.exe
AutoMz Ultimate Tweaker --> C:\Program Files\AutoMz\uninstall.exe
Battlefield 2142 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ED50ECE9-EC54-4C05-B5ED-EE4741A9F2EC}\setup.exe" -l0x9 -removeonly
BOClean --> C:\Windows\UNBOC.EXE
Broadcom Management Programs --> MsiExec.exe /I{26E1BFB0-E87E-4696-9F89-B467F01F81E5}
BurnAware Free Edition 1.3.1 --> "C:\Program Files\BurnAware Free Edition\unins000.exe"
Business Contact Manager for Outlook 2007 SP1 --> "C:\Program Files\Microsoft Small Business\Business Contact Manager\SetupBootstrap\Setup.exe" /remove {B32C4059-6E7A-41EF-AD20-56DF1872B923}
Business Contact Manager for Outlook 2007 SP1 --> MsiExec.exe /X{B32C4059-6E7A-41EF-AD20-56DF1872B923}
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
CDDRV_Installer --> MsiExec.exe /I{0C826C5B-B131-423A-A229-C71B3CACCD6A}
COMODO Firewall Pro --> C:\Program Files\COMODO\Firewall\cfpconfg.exe -u
Conexant HDA D110 MDC V.92 Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3\HXFSETUP.EXE -U -IDellHDAz.inf
ConvertXtoDVD 2.2.3.258 --> "C:\Program Files\VSO\ConvertXtoDVD\unins000.exe"
Creative Audio Pack --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5EEE551B-7692-4D68-91BF-DAD745243AFB}\setup.exe" -l0x9 /remove
Creative MediaSource 5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}\Setup.exe" -l0x9 /remove
Defraggler (remove only) --> "C:\Program Files\Defraggler\uninst.exe"
Digital Line Detect --> C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\Setup.exe -runfromtemp -l0x0009 -removeonly
DING! --> MsiExec.exe /X{84031A18-BA9A-4156-A74F-E05B52DDFCE2}
eBay Desktop --> C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe -uninstall com.ebay.sandimas.public-beta AA1EEF5552BF52051F68E7EAF27E23FA6449A65C.1
eBay Desktop --> MsiExec.exe /I{DAF07210-9F74-4247-1A18-AA2F0AA8D65F}
ExtractNow --> "C:\Program Files\ExtractNow\unins000.exe"
Google Earth --> MsiExec.exe /I{97C0EA4A-1A0B-4C53-ACEB-49984DA79C90}
Google Earth Plugin --> MsiExec.exe /I{B10C92AE-2C2B-11DD-97B5-005056806466}
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
Google Update --> MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HP Customer Participation Program 8.0 --> C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Imaging Device Functions 8.0 --> C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP OCR Software 8.0 --> C:\Program Files\HP\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat
HP Photosmart Essential --> MsiExec.exe /X{EB21A812-671B-4D08-B974-2A347F0D8F70}
HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B --> C:\Program Files\HP\Digital Imaging\{C916D86C-AB76-49c7-B0E4-A946E0FD9BC2}\setup\hpzscr01.exe -datfile hposcr19.dat -onestop -showdisconnect -forcereboot
HP Solution Center 8.0 --> C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Update --> MsiExec.exe /X{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}
HPSSupply --> MsiExec.exe /X{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}
iTunes --> MsiExec.exe /I{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}
Java™ 6 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160060}
Kaspersky Anti-Virus 7.0 --> MsiExec.exe /I{4B9BB601-13E9-4042-A3BC-E7955BF4A98F}
Kaspersky Anti-Virus 7.0 --> MsiExec.exe /I{4B9BB601-13E9-4042-A3BC-E7955BF4A98F}
Kaspersky Online Scanner --> C:\Windows\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
KhalInstallWrapper --> MsiExec.exe /I{3101CB58-3482-4D21-AF1A-7057FC935355}
Little Farm --> "C:\Windows\Little Farm\uninstall.exe" "/U:C:\Program Files\Little Farm\Uninstall\uninstall.xml"
Logitech SetPoint --> C:\Program Files\InstallShield Installation Information\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}\setup.exe -runfromtemp -l0x0009 -removeonly
Lost Via Domus --> "C:\Program Files\InstallShield Installation Information\{2702B8FC-6003-4AC6-ADBC-EC65746D800A}\setup.exe" -runfromtemp -l0x0009 -removeonly
McAfee SiteAdvisor --> C:\Program Files\SiteAdvisor\6261\uninstall.exe
MediaDirect --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}\Setup.exe" -l0x9 -cluninstall
Microsoft LifeCam --> MsiExec.exe /X{63AFACBC-4795-4A1B-8037-5085DC03FC54}
Microsoft Office 2003 Web Components --> MsiExec.exe /I{90A40409-6000-11D3-8CFE-0150048383C9}
Microsoft Office 2007 Primary Interop Assemblies --> MsiExec.exe /X{50120000-1105-0000-0000-0000000FF1CE}
Microsoft Office 2007 Recent Documents Gadget --> MsiExec.exe /X{90120000-008A-0409-0000-0000000FF1CE}
Microsoft Office Access MUI (English) 2007 --> MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Accounting 2007 --> "C:\Program Files\Microsoft Small Business\Small Business Accounting 2007\SetupBootstrap\Setup.exe" /remove {B0717D5A-1976-482B-9ADF-F19631A541A4}
Microsoft Office Accounting 2007 --> MsiExec.exe /X{B0717D5A-1976-482B-9ADF-F19631A541A4}
Microsoft Office Accounting ADP Payroll Addin --> MsiExec.exe /I{5FA793A6-0071-42C1-9355-8F69A428C44F}
Microsoft Office Accounting Equifax Addin --> MsiExec.exe /X{8C711818-076E-475C-B95B-DF11CD9D8DBE}
Microsoft Office Accounting Fixed Asset Manager --> MsiExec.exe /X{46614A49-222A-48EF-87A9-BFD603E608E1}
Microsoft Office Accounting PayPal Addin --> MsiExec.exe /X{353D20CC-719B-4A60-AD33-D03F88C10330}
Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Live Meeting 2005 --> MsiExec.exe /I{4E951F0A-C53B-4AD6-A6DA-0D0A009073A9}
Microsoft Office Outlook MUI (English) 2007 --> MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Professional 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROR /dll OSETUP.DLL
Microsoft Office Professional 2007 --> MsiExec.exe /X{91120000-0014-0000-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007 --> MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Small Business Connectivity Components --> MsiExec.exe /X{A939D341-5A04-4E0A-BB55-3E65B386432D}
Microsoft Office Word 2007 Step by Step --> MsiExec.exe /X{D08A5F08-52E0-44BA-97E0-827A2D504199}
Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Plus! Digital Media Edition Installer --> MsiExec.exe /X{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}
Microsoft Plus! Photo Story 2 LE --> MsiExec.exe /X{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}
Microsoft Save as PDF Add-in for 2007 Microsoft Office programs --> MsiExec.exe /X{90120000-00B0-0409-0000-0000000FF1CE}
Microsoft Silverlight --> MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Modem Helper --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
Move Networks Media Player for Internet Explorer --> C:\Users\DHHCOUTCHER\AppData\Roaming\Move Networks\ie_bin\Uninst.exe
Mozilla Firefox (3.0) --> C:\Program Files\Mozilla Firefox3\uninstall\helper.exe
Mozilla Thunderbird (2.0.0.14) --> C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe
MSXML 4.0 SP2 (KB927978) --> MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181) --> MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833) --> MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML 6.0 Parser (KB927977) --> MsiExec.exe /I{5A710547-B58E-488B-828D-CA9A25A0533C}
Neat Image v5 Demo (with plug-in) --> "C:\Program Files\Neat Image\unins000.exe"
ObjectDock Plus --> C:\PROGRA~1\Stardock\ObjectDock\objectdock.exe /uninstall
ODF Add-in for Microsoft Excel --> MsiExec.exe /I{BAB4FCEE-B3F0-4E36-AA2B-40D2F843DC66}
ODF Add-in for Microsoft PowerPoint --> MsiExec.exe /I{C316189F-4A2E-495D-896A-E8B53D7B4A86}
ODF Add-in for Microsoft Word --> MsiExec.exe /I{8D774B5B-A1D9-45B3-AFB4-3F85604961BC}
OutlookAddinSetup --> MsiExec.exe /I{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}
PDF Settings --> MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
Quicken 2007 --> MsiExec.exe /X{0D2E80C8-0875-43EB-9623-47118E2DFBCA}
QuickTime --> MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Recuva (remove only) --> "C:\Program Files\Recuva\uninst.exe"
RegCure --> "C:\Windows\RegCure\uninstall.exe" "/U:C:\Program Files\RegCure\Uninstall\uninstall.xml"
Revo Uninstaller 1.60 --> C:\Program Files\VS Revo Group\Revo Uninstaller\uninst.exe
Rhapsody Player Engine --> MsiExec.exe /I{22DE1881-9D24-4981-B5CC-EC7E9F2F4D52}
SearchAssist --> C:\DELL\SearchAssist\UninstSA.bat
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Excel 2007 (KB946974) --> msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {85E83E2E-AF9B-439B-B4F9-EB9B7EF6A00E}
Security Update for Microsoft Office Publisher 2007 (KB950114) --> msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB951808) --> msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00}
Security Update for Microsoft Office Word 2007 (KB950113) --> msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9}
Security Update for Office 2007 (KB947801) --> msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {02B5A17B-01BE-4BA6-95F1-1CBB46EBC76E}
Security Update for Outlook 2007 (KB946983) --> msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {66B9496E-C0C3-4065-9868-85CCA92126C3}
Security Update for Visio 2007 (KB947590) --> msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {6BAD036C-261F-4BEF-96CF-C20678D07A41}
SightSpeed (remove only) --> "C:\Program Files\SightSpeed\uninst.exe"
SigmaTel Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\SETUP.exe" -l0x9 -remove -removeonly
Sins of a Solar Empire --> "C:\ProgramData\{0E8E33D8-193A-414A-A909-0F101A142D26}\setup.exe" REMOVE=TRUE MODIFY=FALSE
Sonic Encoders --> MsiExec.exe /I{9941F0AA-B903-4AF4-A055-83A9815CC011}
Sound Blaster Audigy ADVANCED MB --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{53C6D09E-EAB6-49E5-BA4C-BA7FF13830FB}\setup.exe" -l0x9 /remove
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
TrojanHunter 5.0 --> "C:\Program Files\TrojanHunter 5.0\unins000.exe"
TuneUp Utilities 2008 --> MsiExec.exe /I{5888428E-699C-4E71-BF71-94EE06B497DA}
TweakNow RegCleaner Professional --> "C:\Program Files\TweakNow RegCleaner Professional\unins000.exe"
Update for Office 2007 (KB946691) --> msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb950378) --> msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {F6296086-AED5-4EC0-938B-08EA0254F20E}
User's Guides --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}\setup.exe"
VIA Platform Device Manager --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{20D4A895-748C-4D88-871C-FDB1695B0169}
VideoLAN VLC media player 0.8.6f --> C:\Program Files\VideoLAN\VLC\uninstall.exe
Videora iPod Converter 3.07 --> C:\Program Files\Red Kawa\Video Converter 3\uninstaller.exe
Vista Codec Package --> MsiExec.exe /I{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}
Visual C++ 8.0 ATL (x86) WinSXS MSM --> MsiExec.exe /I{97F81AF1-0E47-DC99-FF1F-C8B3B9A1E18E}
Visual C++ 8.0 CRT (x86) WinSXS MSM --> MsiExec.exe /I{98CB24AD-52FB-DB5F-FF1F-C8B3B9A1E18E}
WarRock --> C:\Program Files\InstallShield Installation Information\{00D15456-F679-4AD4-8BD2-56450D4C3F72}\setup.exe -runfromtemp -l0x0009 -removeonly
Web-Based Email Tools --> MsiExec.exe /I{66C47F1B-9568-4355-9DD7-8DCC12265F73}
Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Sign-in Assistant --> MsiExec.exe /I{0ED47137-C071-46CC-A243-E5E33271E10E}
Windows Media Format 11 runtime --> "C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Player 10 --> MsiExec.exe /I{33BB4982-DC52-4886-A03B-F4C5C80BEE89}
Windows Media Player 11 --> "C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player Firefox Plugin --> MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
Xobni --> "C:\Program Files\Xobni\Uninstall.exe"
XviD MPEG4 Video Codec (remove only) --> "C:\Windows\system32\xvid-uninstall.exe"


-- Application Event Log -------------------------------------------------------

Event Record #/Type45123 / Error
Event Submitted/Written: 06/04/2008 11:17:43 AM
Event ID/Source: 1013 / MsiInstaller
Event Description:
Product: Kaspersky Anti-Virus 7.0 -- You must restart your computer before proceeding with the installation.

Event Record #/Type45121 / Error
Event Submitted/Written: 06/04/2008 11:12:25 AM
Event ID/Source: 1110 / .NET Runtime Optimization Service
Event Description:
.NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Service Manager returned a fatal error (0x80004002). Will stop service

Event Record #/Type45114 / Success
Event Submitted/Written: 06/04/2008 11:09:59 AM
Event ID/Source: 5617 / WinMgmt
Event Description:
Windows Management Instrumentation Service subsystems initialized successfully

Event Record #/Type45113 / Success
Event Submitted/Written: 06/04/2008 11:09:58 AM
Event ID/Source: 5615 / WinMgmt
Event Description:
Windows Management Instrumentation Service started sucessfully

Event Record #/Type45107 / Success
Event Submitted/Written: 06/04/2008 11:09:54 AM
Event ID/Source: 2570 / Adobe Active File Monitor 5.0
Event Description:
Adobe Active File Monitor Service has Started.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type1610339 / Error
Event Submitted/Written: 06/04/2008 11:12:49 AM
Event ID/Source: 14344 / WMPNetworkSvc
Event Description:
A new media server was not initialized because WMCreateDeviceRegistration() encountered error '0xc00d2711'. The Windows Media DRM components on your computer might be corrupted. Verify that protected files play correctly in Windows Media Player, and then restart the WMPNetworkSvc service.

Event Record #/Type1610338 / Error
Event Submitted/Written: 06/04/2008 11:12:49 AM
Event ID/Source: 14344 / WMPNetworkSvc
Event Description:
A new media server was not initialized because WMCreateDeviceRegistration() encountered error '0xc00d2711'. The Windows Media DRM components on your computer might be corrupted. Verify that protected files play correctly in Windows Media Player, and then restart the WMPNetworkSvc service.

Event Record #/Type1610330 / Error
Event Submitted/Written: 06/04/2008 11:09:22 AM
Event ID/Source: 19 / Print
Event Description:
The print spooler failed to share printer HP officejet 6200 series with shared resource name HP officejet 6200 series. Error 2114. The printer cannot be used by others on the network.

Event Record #/Type1610329 / Error
Event Submitted/Written: 06/04/2008 11:09:22 AM
Event ID/Source: 19 / Print
Event Description:
The print spooler failed to share printer HP officejet 6200 series fax with shared resource name HP officejet 6200 series fax. Error 2114. The printer cannot be used by others on the network.

Event Record #/Type1610328 / Error
Event Submitted/Written: 06/04/2008 11:09:22 AM
Event ID/Source: 19 / Print
Event Description:
The print spooler failed to share printer Microsoft Office Live Meeting Document Writer with shared resource name Microsoft Office Live Meeting Document Writer. Error 2114. The printer cannot be used by others on the network.



-- End of Deckard's System Scanner: finished at 2008-06-04 11:30:00 ------------

BC AdBot (Login to Remove)

 


#2 dc.redwings19

dc.redwings19
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tennessee
  • Local time:10:20 AM

Posted 04 June 2008 - 03:09 PM

This is what Kapersky came up with...

deleted: Trojan program Trojan.Win32.Monder.gen File: C:\Windows\System32\asmtobmj.dll
deleted: Trojan program Trojan-Downloader.Win32.ConHook.apx File: C:\Windows\System32\eopnwrgy.dll
deleted: Trojan program Trojan.Win32.Monder.gen File: C:\Windows\System32\kcbvqblg.dll
deleted: Trojan program Trojan.Win32.Monder.gen File: C:\Windows\System32\ncghdbsi.dll
deleted: Trojan program Trojan-Downloader.Win32.ConHook.apx File: C:\Windows\System32\nvxnagud.dll
deleted: Trojan program Trojan.Win32.Monder.gen File: C:\Windows\System32\tjaauojo.dll
deleted: Trojan program Trojan.Win32.Monder.gen File: C:\Windows\System32\yedmqshi.dll



But I am still having problems....constantly....

Edited by dc.redwings19, 04 June 2008 - 04:03 PM.


#3 dc.redwings19

dc.redwings19
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tennessee
  • Local time:10:20 AM

Posted 05 June 2008 - 09:58 AM

Seem to have corrected the issue. Ran Comodo Firewall, TrojanHunter, Kaspersky Antivirus, and Superspyware. Superspyware seems to have vacated the issue. Below is a DSS scan from today. I need help ensuring I actually have been rid of the problem or there is another one lurking.

Also, while running DSS today, cmd.exe tried to run sed.exe. Comodo flagged as possible malware. Anyone have any idea what sed.exe is? Thanks.
:thumbsup:


Deckard's System Scanner v20071014.68
Run by DHHCOUTCHER on 2008-06-05 09:51:33
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as DHHCOUTCHER.exe) -----------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:51:48 AM, on 6/5/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\vVX6000.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\SiteAdvisor\6261\SiteAdv.exe
C:\Program Files\TrojanHunter 5.0\THGuard.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Comodo\CBOClean\BOC426.EXE
C:\Program Files\Comodo\Firewall\cfp.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Users\DHHCOUTCHER\AppData\Roaming\U3\0000177BE9621E54\LaunchPad.exe
C:\Program Files\Mozilla Firefox3\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\DHHCOUTCHER\Desktop\dss.exe
C:\PROGRA~1\Trend Micro\HijackThis\DHHCOUTCHER.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=4061212
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=4061212
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {F20E45CD-8009-424B-8905-61E7247A9FAA} - (no file)
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - (no file)
O4 - HKLM\..\Run: [VX6000] C:\Windows\vVX6000.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe"
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 5.0\THGuard.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [BOC-426] C:\PROGRA~1\Comodo\CBOClean\BOC426.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\RunServices: [SSDPSRV] C:\Windows\system32\ssdpsrv.exe
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - (no file)
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network Diagnostic\xpnetdiag.exe
O15 - Trusted Zone: *.easysite.com
O15 - Trusted Zone: http://*.easysite.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/u...can_unicode.cab
O16 - DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} (Scanner.SysScanner) - http://i.dell.com/images/global/js/scanner/SysProExe.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - http://www.costcophotocenter.com/CostcoActivia.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A8CD5839-C7B2-4B24-93C2-A1CB654103EE}: NameServer = 68.87.68.162,68.87.74.162
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - (no file)
O20 - AppInit_DLLs: C:\Windows\system32\guard32.dll,C:\PROGRA~1\Kaspersky Lab\Kaspersky Anti-Virus 7.0\r3hook.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: BOCore - COMODO - C:\Program Files\Comodo\CBOClean\BOCORE.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\Windows\system32\CTsvcCDA.exe
O23 - Service: EGSEDDUXL - Sysinternals - www.sysinternals.com - C:\Users\DHHCOU~1\AppData\Local\Temp\EGSEDDUXL.exe
O23 - Service: FQTJXLBH - Sysinternals - www.sysinternals.com - C:\Users\DHHCOU~1\AppData\Local\Temp\FQTJXLBH.exe
O23 - Service: Google Update Service (gupdate1c8c19bbf455014) (gupdate1c8c19bbf455014) - Google Inc. - C:\Program Files\Google\Update\1.1.27.3\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: Process Monitor (LVPrcSrv) - Unknown owner - (no file)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
O23 - Service: XobniService - Xobni Corporation - C:\Program Files\Xobni\XobniService.exe

--
End of file - 10566 bytes

-- Files created between 2008-05-05 and 2008-06-05 -----------------------------

2008-06-04 22:39:07 0 d-------- C:\Program Files\Ashampoo
2008-06-04 18:16:32 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-06-04 17:18:33 0 d-------- C:\VundoFix Backups
2008-06-04 10:55:57 96966 --a------ C:\Windows\system32\drivers\klin.dat
2008-06-04 10:55:57 88774 --a------ C:\Windows\system32\drivers\klick.dat
2008-06-04 10:40:49 98310944 --ahs---- C:\Windows\system32\drivers\fidbox.dat
2008-06-04 10:40:48 0 d-------- C:\Program Files\Kaspersky Lab
2008-06-04 10:36:58 0 d-------- C:\kav
2008-06-04 09:00:02 746095 --ahs---- C:\Windows\system32\SsuvCfhk.ini2
2008-06-03 23:42:46 0 d-------- C:\Windows\system32\Kaspersky Lab
2008-06-03 20:52:40 0 d-------- C:\Users\DHHCOUTCHER\Pavark
2008-06-03 20:44:25 1520122 ---hs---- C:\Windows\system32\isbdhgcn.ini2
2008-06-03 20:25:07 0 d-------- C:\Program Files\Comodo
2008-06-03 19:56:07 742137 --ahs---- C:\Windows\system32\OpsAKUvw.ini2
2008-06-03 17:11:04 0 d-------- C:\Program Files\TrojanHunter 5.0
2008-06-03 14:48:15 294 ---hs---- C:\Windows\system32\ujhitnyl.ini2
2008-06-03 13:04:13 0 d-------- C:\Windows\Little Farm
2008-06-03 13:04:13 0 d-------- C:\Program Files\Little Farm
2008-06-03 10:03:57 737264 --ahs---- C:\Windows\system32\ppXGPXbc.ini2
2008-06-01 11:55:23 0 d-------- C:\Program Files\Lavasoft
2008-05-29 15:45:05 0 d-------- C:\Program Files\BitDefender
2008-05-29 15:43:26 0 d-------- C:\Program Files\Common Files\BitDefender
2008-05-29 15:37:45 345 --ahs---- C:\Windows\system32\QBaKUwEg.ini2
2008-05-29 14:59:31 0 d-------- C:\Program Files\TweakNow RegCleaner Professional
2008-05-26 09:30:24 0 d-------- C:\Program Files\Stardock
2008-05-26 09:25:54 2560 --a------ C:\Windows\_MSRSTRT.EXE
2008-05-26 07:43:55 0 d-------- C:\Program Files\MagicISO
2008-05-24 19:49:23 0 d-------- C:\Program Files\BurnAware Free Edition
2008-05-22 16:37:17 0 d-------- C:\Program Files\ODF
2008-05-20 12:29:21 0 d-------- C:\Program Files\ebay
2008-05-20 12:20:01 0 d-------- C:\Program Files\Mozilla Firefox3
2008-05-20 11:02:18 0 d-------- C:\Program Files\Yahoo!
2008-05-19 17:34:35 0 d-------- C:\Program Files\Common Files\Stardock
2008-05-13 10:49:03 0 d-------- C:\Program Files\Hewlett-Packard
2008-05-13 10:48:38 0 d-------- C:\Program Files\Common Files\HP
2008-05-13 10:45:26 148932 --a------ C:\Windows\hpoins19.dat
2008-05-13 10:45:06 26952 --a------ C:\Windows\hpomdl19.dat
2008-05-13 07:38:19 0 d-------- C:\Program Files\DExposE2
2008-05-10 00:28:31 0 d-------- C:\Program Files\VideoLAN
2008-05-10 00:22:24 0 d-------- C:\Program Files\RegCure
2008-05-10 00:06:55 0 d-------- C:\Windows\RegCure
2008-05-09 17:37:24 0 d-------- C:\Program Files\Common Files\xing shared
2008-05-07 10:42:51 0 d-------- C:\Program Files\Xobni
2008-05-07 10:34:00 0 d-------- C:\Program Files\VistaCodecPack
2008-05-06 14:09:05 0 d-------- C:\Program Files\Starfield


-- Find3M Report ---------------------------------------------------------------

2008-06-05 09:35:42 0 d-------- C:\Users\DHHCOUTCHER\AppData\Roaming\Adobe
2008-06-04 18:16:32 0 d-------- C:\Users\DHHCOUTCHER\AppData\Roaming\SUPERAntiSpyware.com
2008-06-04 18:16:01 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-04 18:08:49 0 d-------- C:\Users\DHHCOUTCHER\AppData\Roaming\uTorrent
2008-06-04 09:31:17 0 d-------- C:\Users\DHHCOUTCHER\AppData\Roaming\WinPatrol
2008-06-03 20:39:28 0 d-------- C:\Users\DHHCOUTCHER\AppData\Roaming\Comodo
2008-06-03 20:17:09 0 d-------- C:\Program Files\Java
2008-06-03 19:48:39 0 d-------- C:\Users\DHHCOUTCHER\AppData\Roaming\TrojanHunter
2008-05-29 15:43:26 0 d-------- C:\Program Files\Common Files
2008-05-29 14:59:06 0 d-------- C:\Program Files\TweakNow RegCleaner Std
2008-05-29 09:53:52 0 d-------- C:\Program Files\Google
2008-05-27 15:48:52 0 d-------- C:\Users\DHHCOUTCHER\AppData\Roaming\Image Zone Express
2008-05-25 23:11:29 92 --a------ C:\Users\DHHCOUTCHER\AppData\Roaming\burnaware.ini
2008-05-23 14:44:46 0 d-------- C:\Users\DHHCOUTCHER\AppData\Roaming\SiteAdvisor
2008-05-23 08:38:04 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-23 08:38:03 0 d-------- C:\Users\DHHCOUTCHER\AppData\Roaming\COWON
2008-05-22 08:11:12 0 d-------- C:\Program Files\SiteAdvisor
2008-05-20 12:29:25 0 d-------- C:\Users\DHHCOUTCHER\AppData\Roaming\com.ebay.sandimas.public-beta.AA1EEF5552BF52051F68E7EAF27E23FA6449A65C.1
2008-05-20 11:15:26 0 d-------- C:\Users\DHHCOUTCHER\AppData\Roaming\Yahoo!
2008-05-19 16:26:14 0 d-------- C:\Program Files\Common Files\Logishrd
2008-05-15 17:57:02 0 d-------- C:\Users\DHHCOUTCHER\AppData\Roaming\U3
2008-05-14 08:13:05 0 d-------- C:\Program Files\Windows Mail
2008-05-13 10:51:55 0 d-------- C:\Program Files\HP
2008-05-10 00:29:13 0 d-------- C:\Users\DHHCOUTCHER\AppData\Roaming\vlc
2008-05-09 17:37:16 0 d-------- C:\Program Files\Common Files\Real
2008-05-09 13:06:46 0 d-------- C:\Users\DHHCOUTCHER\AppData\Roaming\Vso
2008-05-09 13:04:47 0 d-------- C:\Program Files\AviSynth 2.5
2008-05-04 12:28:00 7680 --a------ C:\Windows\system32\ff_vfw.dll
2008-05-03 16:24:44 0 d-------- C:\Program Files\AGEIA Technologies
2008-05-03 16:03:20 0 d-------- C:\Program Files\Ubisoft
2008-05-02 17:45:49 0 d-------- C:\Program Files\TuneUp Utilities 2008
2008-05-02 17:10:51 0 d-------- C:\Program Files\Electronic Arts
2008-05-02 17:08:19 540 --a------ C:\Users\DHHCOUTCHER\AppData\Roaming\AutoGK.ini
2008-05-02 12:20:10 0 d-------- C:\Program Files\WarRock
2008-05-02 11:34:03 0 d-------- C:\Program Files\Mozilla Thunderbird
2008-05-02 11:19:44 0 d-------- C:\Program Files\AMP
2008-05-02 11:19:39 0 d-------- C:\Program Files\Common Files\Adobe AIR
2008-04-25 21:19:41 0 d-------- C:\Program Files\Neat Image
2008-04-22 11:49:44 0 d-------- C:\Program Files\uTorrent
2008-04-22 11:02:07 0 d-------- C:\Program Files\ASAP Utilities
2008-04-22 11:02:03 0 d-------- C:\Users\DHHCOUTCHER\AppData\Roaming\ASAP Utilities
2008-04-18 08:31:58 0 d-------- C:\Users\DHHCOUTCHER\AppData\Roaming\Markzware
2008-04-17 11:05:26 187176 --ah----- C:\Windows\system32\mlfcache.dat
2008-04-17 09:57:43 0 d-------- C:\Program Files\Apple Software Update
2008-04-15 08:06:04 0 d-------- C:\Program Files\AutoGK
2008-04-15 08:06:01 43698 --a------ C:\Windows\system32\xvid-uninstall.exe
2008-04-12 07:41:20 180224 --a------ C:\Windows\system32\xvidvfw.dll
2008-04-12 07:30:20 765952 --a------ C:\Windows\system32\xvidcore.dll
2008-04-08 13:00:48 737280 --a------ C:\Windows\iun6002.exe <Not Verified; Indigo Rose Corporation; Setup Factory 6.0 Runtime Module>
2008-04-08 09:48:23 0 d-------- C:\Users\DHHCOUTCHER\AppData\Roaming\Move Networks
2008-04-07 12:25:43 0 d-------- C:\Program Files\LameFE
2008-04-07 10:13:18 0 d-------- C:\Program Files\iTunes
2008-04-07 09:48:57 0 d-------- C:\Program Files\RGB
2008-04-07 09:41:12 0 d-------- C:\Program Files\VS Revo Group
2008-04-01 10:56:28 34 --a------ C:\Users\DHHCOUTCHER\AppData\Roaming\pcouffin.log
2008-04-01 10:56:24 7887 --a------ C:\Users\DHHCOUTCHER\AppData\Roaming\pcouffin.cat
2008-04-01 10:53:57 668 --a------ C:\Users\DHHCOUTCHER\AppData\Roaming\vso_ts_preview.xml
2008-03-21 10:43:24 28161 --a------ C:\Users\DHHCOUTCHER\AppData\Roaming\Comma Separated Values (Windows).ADR
2008-03-06 18:29:44 966656 --a------ C:\Windows\system32\VSFilter.dll <Not Verified; Gabest; VSFilter>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F20E45CD-8009-424B-8905-61E7247A9FAA}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VX6000"="C:\Windows\vVX6000.exe" [04/10/2007 02:46 PM]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [11/22/2006 09:20 PM]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [02/29/2008 03:12 AM C:\Windows\KHALMNPR.Exe]
"LifeCam"="C:\Program Files\Microsoft LifeCam\LifeExp.exe" [05/17/2007 02:45 PM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [03/28/2008 11:37 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [03/30/2008 10:36 AM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [05/09/2008 05:36 PM]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [12/10/2006 09:52 PM]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6261\SiteAdv.exe" [12/19/2006 09:37 PM]
"THGuard"="C:\Program Files\TrojanHunter 5.0\THGuard.exe" [02/08/2008 11:22 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [03/25/2008 04:28 AM]
"BOC-426"="C:\PROGRA~1\Comodo\CBOClean\BOC426.exe" [04/10/2008 11:08 AM]
"COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\cfp.exe" [06/03/2008 10:36 PM]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [02/08/2008 06:36 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [11/10/2006 03:35 PM]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [06/05/2008 07:44 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"SSDPSRV"=C:\Windows\system32\ssdpsrv.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [1/2/2007 9:40:10 PM]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [9/12/2007 10:57:36 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)
"EnableLUA"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoLowDiskSpaceChecks"=1 (0x1)
"NoToolbarCustomize"=0 (0x0)
"NoFileMenu"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [06/05/2008 07:44 AM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 12:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"= C:\Windows\system32\guard32.dll,C:\PROGRA~1\Kaspersky Lab\Kaspersky Anti-Virus 7.0\r3hook.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\Windows\system32\khfCvusS

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Digital Line Detect.lnk]
backup=C:\Windows\pss\Digital Line Detect.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^DHHCOUTCHER^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^DING!.lnk]
backup=C:\Windows\pss\DING!.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HIDDaemon]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HIDPATCH]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ModemOnHold]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminator]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VoiceCenter]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SightSpeed"=C:\Program Files\SightSpeed\SightSpeed.exe -minimized
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe
"ehTray.exe"=C:\Windows\ehome\ehTray.exe
"<NO NAME>"=

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"PCMService"="C:\Program Files\Dell\MediaDirect\PCMService.exe"
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum
WudfServiceGroup WUDFSvc
HPZ12 Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt hpqcxs08 hpqddsvc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4d05d31b-fa6a-11dc-a4ac-0015c5cf143c}]
AutoRun\command- H:\LaunchU3.exe -a

*Newly Created Service* - FLEXNET_LICENSING_SERVICE
*Newly Created Service* - SASENUM

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static]
msiexec /fums {537DCF03-71F2-E659-C402-516AE3F1003F} /qb

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- End of Deckard's System Scanner: finished at 2008-06-05 09:52:58 ------------

#4 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:10:20 AM

Posted 28 June 2008 - 03:05 PM

Hello dc.redwings19,

Welcome to Bleeping Computer :)

Sorry about the delay.:thumbsup: If you still need help, please post a new HijackThis log to make sure nothing has changed, and I'll be happy to look at it for you.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#5 dc.redwings19

dc.redwings19
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tennessee
  • Local time:10:20 AM

Posted 30 June 2008 - 06:54 AM

I was beginning to wonder....Thanks. Here is the latest HJT run this morning. I have ESET Security running and Malwarebytes as well. Haven't had an inkling of a problem for about 3 weeks. Thanks!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:51:06 AM, on 6/30/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16681)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Trend Micro\HijackThis\HJT.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=4061212
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=4061212
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\RunServices: [SSDPSRV] C:\Windows\system32\ssdpsrv.exe
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - (no file)
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network Diagnostic\xpnetdiag.exe
O15 - Trusted Zone: *.easysite.com
O15 - Trusted Zone: http://*.easysite.com
O16 - DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} (Scanner.SysScanner) - http://i.dell.com/images/global/js/scanner/SysProExe.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - http://www.costcophotocenter.com/CostcoActivia.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A8CD5839-C7B2-4B24-93C2-A1CB654103EE}: NameServer = 68.87.68.162,68.87.74.162
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - (no file)
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: BOCore - COMODO - C:\Program Files\Comodo\CBOClean\BOCORE.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\Windows\system32\CTsvcCDA.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Google Update Service (gupdate1c8c19bbf455014) (gupdate1c8c19bbf455014) - Google Inc. - C:\Program Files\Google\Update\1.1.27.3\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: Process Monitor (LVPrcSrv) - Unknown owner - (no file)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
O23 - Service: XobniService - Xobni Corporation - C:\Program Files\Xobni\XobniService.exe

--
End of file - 7003 bytes

#6 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:10:20 AM

Posted 30 June 2008 - 10:33 AM

Hello there,

That log looks all right....scans coming up clean then? If so, then I'd say you did a pretty good job cleaning up and you don't need me right now. :thumbsup:

Regards,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#7 dc.redwings19

dc.redwings19
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tennessee
  • Local time:10:20 AM

Posted 30 June 2008 - 06:31 PM

Thanks! :thumbsup:

#8 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:10:20 AM

Posted 30 June 2008 - 11:12 PM

You're most welcome. :thumbsup:
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#9 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:10:20 AM

Posted 04 July 2008 - 10:13 PM

Since this issue appears resolved ... this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users