Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected With Trojan Generic 10.thy


  • This topic is locked This topic is locked
4 replies to this topic

#1 zoeybadm

zoeybadm

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:10:52 AM

Posted 11 June 2008 - 11:40 PM

Once in my external drive and the other time in my OS partition.

I have updated Win XP as much as possible and used the latest version of AVG and Spybot Search & Destroy

I enabled my firewall using Win XP.

Kaspersky took about 4 hrs to scan but did not find anything. I just want to make sure things are fresh and clean.

Thanks for all the help in advance.

Main text:

Deckard's System Scanner v20071014.68
Run by Galen on 2008-06-10 21:45:42
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
13: 2008-06-11 04:45:45 UTC - RP95 - Deckard's System Scanner Restore Point
12: 2008-06-11 04:41:20 UTC - RP94 - Installed Java™ 6 Update 6
11: 2008-06-11 04:28:03 UTC - RP93 - Software Distribution Service 3.0
10: 2008-06-11 04:26:20 UTC - RP92 - Software Distribution Service 3.0
9: 2008-06-11 04:24:58 UTC - RP91 - Software Distribution Service 3.0


-- First Restore Point --
1: 2008-06-10 06:54:28 UTC - RP83 - Installed iTunes


Backed up registry hives.
Performed disk cleanup.



-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-06-10 21:46:52
Platform: Windows XP Service Pack 3 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.5512)
Boot mode: Normal

Running processes:
K:\WINDOWS\system32\smss.exe
K:\WINDOWS\system32\csrss.exe
K:\WINDOWS\system32\winlogon.exe
K:\WINDOWS\system32\services.exe
K:\WINDOWS\system32\lsass.exe
K:\WINDOWS\system32\svchost.exe
K:\WINDOWS\system32\svchost.exe
K:\WINDOWS\system32\svchost.exe
K:\WINDOWS\system32\svchost.exe
K:\WINDOWS\system32\svchost.exe
K:\WINDOWS\system32\spoolsv.exe
K:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
K:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
H:\avgamsvr.exe
H:\avgupsvc.exe
H:\avgrssvc.exe
H:\avgrssvc.exe
H:\avgemc.exe
H:\avgrssvc.exe
K:\Program Files\Bonjour\mDNSResponder.exe
K:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
H:\NortonGhost\Agent\VProSvc.exe
K:\WINDOWS\system32\alg.exe
K:\WINDOWS\explorer.exe
K:\WINDOWS\RTHDCPL.exe
H:\avgcc.exe
K:\WINDOWS\system32\igfxtray.exe
K:\WINDOWS\system32\hkcmd.exe
K:\WINDOWS\system32\igfxpers.exe
K:\WINDOWS\system32\igfxsrvc.exe
K:\WINDOWS\system32\ctfmon.exe
H:\Firefox\firefox.exe
K:\Program Files\Viewpoint\Common\ViewpointService.exe
K:\WINDOWS\system32\msiexec.exe
K:\Documents and Settings\Galen\Desktop\dss.exe
K:\WINDOWS\system32\taskmgr.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - K:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - K:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - K:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - K:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - K:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - K:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AVG7_CC] H:\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [IgfxTray] K:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] K:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] K:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Norton Ghost 12.0] "H:\NortonGhost\Agent\VProTray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "K:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [MSConfig] K:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] K:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "K:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] H:\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] H:\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] H:\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] H:\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: Append to existing PDF - res://K:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://K:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://K:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://K:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://K:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://K:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://K:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://K:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - K:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - K:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - H:\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - H:\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - K:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - K:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - K:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - K:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: K:\WINDOWS\system32\mswsock.dll
O10 - Unknown file in Winsock LSP: K:\WINDOWS\system32\winrnr.dll
O10 - Unknown file in Winsock LSP: K:\WINDOWS\system32\mswsock.dll
O10 - Unknown file in Winsock LSP: K:\Program Files\Bonjour\mdnsNSP.dll
O10 - Unknown file in Winsock LSP: K:\WINDOWS\system32\rsvpsp.dll
O10 - Unknown file in Winsock LSP: K:\WINDOWS\system32\mswsock.dll
O10 - Unknown file in Winsock LSP: K:\WINDOWS\system32\mswsock.dll
O10 - Unknown file in Winsock LSP: K:\WINDOWS\system32\mswsock.dll
O10 - Unknown file in Winsock LSP: K:\WINDOWS\system32\mswsock.dll
O10 - Unknown file in Winsock LSP: K:\WINDOWS\system32\mswsock.dll
O10 - Unknown file in Winsock LSP: K:\WINDOWS\system32\mswsock.dll
O10 - Unknown file in Winsock LSP: K:\WINDOWS\system32\mswsock.dll
O10 - Unknown file in Winsock LSP: K:\WINDOWS\system32\mswsock.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1213075964234
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1213076134500
O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - K:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - K:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: avgwlntf - K:\WINDOWS\system32\avgwlntf.dll
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - K:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - K:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - K:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - H:\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - H:\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - H:\avgrssvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - H:\avgemc.exe
O23 - Service: Bonjour Service - Apple Inc. - K:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - K:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - K:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - K:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - K:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE
O23 - Service: Norton Ghost - Symantec Corporation - H:\NortonGhost\Agent\VProSvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - K:\Program Files\Viewpoint\Common\ViewpointService.exe


--
End of file - 9065 bytes

-- File Associations -----------------------------------------------------------

.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 PQNTDrv - k:\windows\system32\drivers\pqntdrv.sys <Not Verified; PowerQuest Corporation; PowerQuest product>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "k:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Bonjour Service - "k:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>
R2 Viewpoint Manager Service - "k:\program files\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager>

S3 FLEXnet Licensing Service - "k:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-06-09 23:45:04 284 --a------ K:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-05-10 and 2008-06-10 -----------------------------

2008-06-10 21:42:37 0 d-------- K:\WINDOWS\Sun
2008-06-10 21:42:37 0 d-------- K:\Documents and Settings\Galen\Application Data\Sun
2008-06-10 21:42:17 0 d-------- K:\Documents and Settings\Galen\Application Data\acccore
2008-06-10 21:42:08 0 d-------- K:\Program Files\Java
2008-06-10 21:41:26 0 d-------- K:\Program Files\Common Files\Java
2008-06-10 21:40:19 0 d-------- K:\Program Files\Viewpoint
2008-06-10 21:40:19 0 d-------- K:\Documents and Settings\All Users\Application Data\Viewpoint
2008-06-10 21:40:19 0 d-------- K:\Documents and Settings\All Users\Application Data\acccore
2008-06-10 21:40:14 0 d-------- K:\Documents and Settings\All Users\Application Data\AOL
2008-06-10 21:40:14 0 d-------- K:\Documents and Settings\All Users\Application Data\AOL OCP
2008-06-10 21:40:03 0 d-------- K:\Program Files\Common Files\AOL
2008-06-10 21:39:51 0 d-------- K:\Program Files\AIM6
2008-06-10 21:26:08 0 d-------- K:\WINDOWS\LastGood
2008-06-10 21:24:13 215144 -ra------ K:\WINDOWS\patchw32.dll
2008-06-10 21:23:53 215144 -ra------ K:\WINDOWS\pw32a.dll
2008-06-10 21:19:42 0 d-------- K:\WINDOWS\Prefetch
2008-06-10 19:35:12 0 d-------- K:\WINDOWS\system32\scripting
2008-06-10 19:35:11 0 d-------- K:\WINDOWS\system32\en
2008-06-10 19:35:11 0 d-------- K:\WINDOWS\l2schemas
2008-06-10 19:31:59 0 d-------- K:\WINDOWS\network diagnostic
2008-06-10 19:25:43 0 d-------- K:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-10 19:24:02 0 dr-h----- K:\$VAULT$.AVG
2008-06-10 18:16:10 0 d-------- K:\Program Files\Microsoft Works
2008-06-10 18:15:39 0 d-------- K:\Program Files\Microsoft.NET
2008-06-10 18:13:16 0 d-------- K:\WINDOWS\SHELLNEW
2008-06-10 18:12:57 0 d-------- K:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-06-10 17:57:06 0 d-------- K:\Documents and Settings\Galen\Application Data\Macromedia
2008-06-10 07:29:21 0 d-------- K:\Documents and Settings\Galen\Application Data\AVG7
2008-06-10 07:29:12 0 d-------- K:\Documents and Settings\LocalService\Application Data\AVG7
2008-06-10 07:29:07 0 d-------- K:\Documents and Settings\All Users\Application Data\Grisoft
2008-06-10 07:29:07 0 d-------- K:\Documents and Settings\All Users\Application Data\avg7
2008-06-10 03:09:27 0 d-------- K:\Documents and Settings\All Users\Application Data\FLEXnet
2008-06-10 00:28:40 0 d-------- K:\Program Files\Common Files\Control Panels
2008-06-10 00:27:29 0 d-------- K:\Documents and Settings\All Users\Application Data\ALM
2008-06-10 00:13:18 0 d-------- K:\Documents and Settings\All Users\Application Data\Adobe
2008-06-09 23:52:12 0 d-------- K:\Program Files\Common Files\Macrovision Shared
2008-06-09 23:51:59 0 d-------- K:\Documents and Settings\Galen\Application Data\Adobe
2008-06-09 23:43:40 0 d-------- K:\Documents and Settings\Galen\Application Data\Apple Computer
2008-06-09 23:43:34 0 d-------- K:\Program Files\iPod
2008-06-09 23:43:22 0 d-------- K:\Program Files\Bonjour
2008-06-09 23:42:59 0 d-------- K:\Program Files\QuickTime
2008-06-09 23:42:58 0 d-------- K:\Documents and Settings\All Users\Application Data\Apple Computer
2008-06-09 23:42:47 0 d-------- K:\Program Files\Apple Software Update
2008-06-09 23:42:34 0 d-------- K:\Program Files\Common Files\Apple
2008-06-09 23:42:33 0 d-------- K:\Documents and Settings\All Users\Application Data\Apple
2008-06-09 23:37:26 0 d-------- K:\Documents and Settings\LocalService\Start Menu
2008-06-09 23:27:36 0 d-------- K:\WINDOWS\peernet
2008-06-09 23:27:35 0 d-------- K:\WINDOWS\provisioning
2008-06-09 23:27:04 0 d-------- K:\WINDOWS\ServicePackFiles
2008-06-09 23:24:45 0 d-------- K:\WINDOWS\EHome
2008-06-09 22:55:18 0 d-------- K:\WINDOWS\pss
2008-06-09 22:50:56 171280 --a------ K:\WINDOWS\system32\jit.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-06-09 22:50:56 139536 --a------ K:\WINDOWS\system32\javaee.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-06-09 22:50:56 313856 --a------ K:\WINDOWS\system32\dx3j.dll <Not Verified; Microsoft Corporation; Microsoft® DirectX for Java>
2008-06-09 22:50:56 46352 --a------ K:\WINDOWS\setdebug.exe <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-06-09 22:50:56 6550 --a------ K:\WINDOWS\jautoexp.dat
2008-06-09 22:50:54 113 --a------ K:\WINDOWS\system32\zonedon.reg
2008-06-09 22:50:54 113 --a------ K:\WINDOWS\system32\zonedoff.reg
2008-06-09 22:50:54 171792 --a------ K:\WINDOWS\system32\wjview.exe <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-06-09 22:50:54 286992 --a------ K:\WINDOWS\system32\vmhelper.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-06-09 22:50:54 21264 --a------ K:\WINDOWS\system32\msjdbc10.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-06-09 22:50:54 154384 --a------ K:\WINDOWS\system32\msawt.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-06-09 22:50:54 172304 --a------ K:\WINDOWS\system32\jview.exe <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-06-09 22:50:54 15120 --a------ K:\WINDOWS\system32\jdbgmgr.exe <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-06-09 22:50:54 404752 --a------ K:\WINDOWS\system32\javart.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-06-09 22:50:53 63248 --a------ K:\WINDOWS\system32\javaprxy.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-06-09 22:50:53 187152 --a------ K:\WINDOWS\system32\javacypt.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-06-09 22:50:53 49424 --a------ K:\WINDOWS\system32\clspack.exe <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-06-09 22:40:29 0 d-------- K:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-06-09 22:39:11 0 d-------- K:\WINDOWS\system32\Lang
2008-06-09 22:38:00 0 d-------- K:\WINDOWS\system32\PreInstall
2008-06-09 22:37:58 0 d--h----- K:\WINDOWS\$hf_mig$
2008-06-09 22:37:48 0 d-------- K:\WINDOWS\system32\bits
2008-06-09 22:36:26 0 d---s---- K:\WINDOWS\system32\Microsoft
2008-06-09 22:32:49 0 d-------- K:\WINDOWS\SoftwareDistribution
2008-06-09 22:32:40 0 d---s---- K:\Documents and Settings\Galen\UserData
2008-06-09 22:30:58 0 d-------- K:\Program Files\Common Files\Adobe
2008-06-09 22:30:13 0 d-------- K:\Program Files\Symantec
2008-06-09 22:30:13 0 d-------- K:\Program Files\Common Files\Symantec Shared
2008-06-09 22:30:13 0 d-------- K:\Documents and Settings\All Users\Application Data\Symantec
2008-06-09 22:28:07 0 d-------- K:\Program Files\BitTorrent
2008-06-09 22:28:01 0 d-------- K:\Documents and Settings\Galen\Application Data\BitTorrent
2008-06-09 22:27:33 0 d-------- K:\Documents and Settings\Galen\Application Data\Talkback
2008-06-09 22:27:30 0 --a------ K:\WINDOWS\nsreg.dat
2008-06-09 22:27:28 0 d-------- K:\Documents and Settings\Galen\Application Data\Mozilla
2008-06-09 22:20:57 716272 --a------ K:\WINDOWS\system32\drivers\sptd.sys
2008-06-09 22:20:40 0 d-------- K:\Documents and Settings\Galen\Application Data\DAEMON Tools
2008-06-09 22:20:13 0 d-------- K:\Documents and Settings\Galen\Application Data\WinRAR
2008-06-09 22:15:06 0 d-------- K:\WINDOWS\OPTIONS
2008-06-09 22:15:03 0 d-------- K:\Documents and Settings\Galen\Application Data\InstallShield
2008-06-09 22:14:48 49152 --a------ K:\WINDOWS\system32\ChCfg.exe
2008-06-09 22:14:29 0 d-------- K:\WINDOWS\system32\RTCOM
2008-06-09 22:14:00 0 d-------- K:\Program Files\Realtek
2008-06-09 22:14:00 0 d--h----- K:\Program Files\InstallShield Installation Information
2008-06-09 22:13:58 520192 --a------ K:\WINDOWS\RtlExUpd.dll <Not Verified; Realtek Semiconductor Corp.; RtlExUpd Dynamic Link Library>
2008-06-09 22:13:58 315392 --a------ K:\WINDOWS\HideWin.exe <Not Verified; Realtek Semiconductor Corp.; HD Audio Hide windows program>
2008-06-09 22:13:56 0 d-------- K:\Program Files\Common Files\InstallShield
2008-06-09 22:13:27 0 d-------- K:\WINDOWS\system32\ReinstallBackups
2008-06-09 22:13:26 0 d------c- K:\WINDOWS\system32\DRVSTORE
2008-06-09 22:13:26 0 d-------- K:\Program Files\Intel
2008-06-09 22:13:18 0 d-------- K:\Intel
2008-06-09 22:12:13 0 d--hs---- K:\WINDOWS\Installer
2008-06-09 22:12:11 0 d-------- K:\Documents and Settings\Galen\Application Data\Identities
2008-06-09 22:12:03 0 d--h----- K:\Documents and Settings\Galen\Templates
2008-06-09 22:12:03 0 dr------- K:\Documents and Settings\Galen\Start Menu
2008-06-09 22:12:03 0 dr-h----- K:\Documents and Settings\Galen\SendTo
2008-06-09 22:12:03 0 dr-h----- K:\Documents and Settings\Galen\Recent
2008-06-09 22:12:03 0 d--h----- K:\Documents and Settings\Galen\PrintHood
2008-06-09 22:12:03 2359296 --ah----- K:\Documents and Settings\Galen\NTUSER.DAT
2008-06-09 22:12:03 0 d--h----- K:\Documents and Settings\Galen\NetHood
2008-06-09 22:12:03 0 dr------- K:\Documents and Settings\Galen\My Documents
2008-06-09 22:12:03 0 d--h----- K:\Documents and Settings\Galen\Local Settings
2008-06-09 22:12:03 0 dr------- K:\Documents and Settings\Galen\Favorites
2008-06-09 22:12:03 0 d-------- K:\Documents and Settings\Galen\Desktop
2008-06-09 22:12:03 0 d---s---- K:\Documents and Settings\Galen\Cookies
2008-06-09 22:12:03 0 dr-h----- K:\Documents and Settings\Galen\Application Data
2008-06-09 22:11:25 0 d--hs---- K:\System Volume Information
2008-06-09 22:11:24 229376 --ah----- K:\Documents and Settings\NetworkService\NTUSER.DAT
2008-06-09 22:11:24 0 d--h----- K:\Documents and Settings\NetworkService\Local Settings
2008-06-09 22:11:24 0 d---s---- K:\Documents and Settings\NetworkService\Cookies
2008-06-09 22:11:24 0 d-------- K:\Documents and Settings\NetworkService\Application Data
2008-06-09 22:11:24 0 d---s---- K:\Documents and Settings\NetworkService\Application Data\Microsoft
2008-06-09 22:11:24 229376 --ah----- K:\Documents and Settings\LocalService\NTUSER.DAT
2008-06-09 22:11:24 0 d--h----- K:\Documents and Settings\LocalService\Local Settings
2008-06-09 22:11:24 0 d---s---- K:\Documents and Settings\LocalService\Cookies
2008-06-09 22:11:24 0 d-------- K:\Documents and Settings\LocalService\Application Data
2008-06-09 22:11:24 0 d---s---- K:\Documents and Settings\LocalService\Application Data\Microsoft
2008-06-09 22:09:50 0 d-------- K:\WINDOWS\system32\xircom
2008-06-09 22:09:50 0 d-------- K:\Program Files\microsoft frontpage
2008-06-09 22:09:38 262144 --ah----- K:\Documents and Settings\Default User\NTUSER.DAT
2008-06-09 22:08:57 0 d--hs---- K:\Documents and Settings\All Users\DRM
2008-06-09 22:08:51 0 dr------- K:\WINDOWS\Offline Web Pages
2008-06-09 22:08:51 0 d---s---- K:\WINDOWS\Downloaded Program Files
2008-06-09 22:08:34 0 d-------- K:\WINDOWS\system32\DirectX
2008-06-09 22:08:00 0 d---s---- K:\WINDOWS\Tasks
2008-06-09 22:07:57 0 d-------- K:\Program Files\Common Files\MSSoap
2008-06-09 22:07:54 0 d-------- K:\WINDOWS\srchasst
2008-06-09 22:07:53 0 d-------- K:\WINDOWS\system32\Macromed
2008-06-09 22:07:52 0 d-------- K:\Program Files\Movie Maker
2008-06-09 22:07:49 0 d-------- K:\WINDOWS\PCHealth
2008-06-09 22:07:48 0 d-------- K:\WINDOWS\system32\Restore
2008-06-09 22:07:35 21640 --a------ K:\WINDOWS\system32\emptyregdb.dat
2008-06-09 22:07:29 0 d-------- K:\WINDOWS\Registration
2008-06-09 22:07:15 0 d--h----- K:\Program Files\WindowsUpdate
2008-06-09 22:07:15 0 d-------- K:\Program Files\Online Services
2008-06-09 22:07:13 0 d-------- K:\Program Files\Messenger
2008-06-09 22:07:09 0 d-------- K:\Program Files\MSN Gaming Zone
2008-06-09 22:06:41 0 d-------- K:\Program Files\Windows NT
2008-06-09 22:06:38 0 d-------- K:\WINDOWS\system32\MsDtc
2008-06-09 22:06:38 0 d-------- K:\WINDOWS\system32\Com
2008-06-09 15:01:46 0 d-------- K:\Program Files\Common Files\ODBC
2008-06-09 15:01:44 0 d-------- K:\Program Files\Common Files\SpeechEngines
2008-06-09 15:01:43 0 dr------- K:\Program Files
2008-06-09 15:01:43 0 d-------- K:\Program Files\Common Files
2008-06-09 15:01:28 0 d--h----- K:\Documents and Settings\Default User\Templates
2008-06-09 15:01:28 0 dr------- K:\Documents and Settings\Default User\Start Menu
2008-06-09 15:01:28 0 dr-h----- K:\Documents and Settings\Default User\SendTo
2008-06-09 15:01:28 0 d--h----- K:\Documents and Settings\Default User\Recent
2008-06-09 15:01:28 0 d--h----- K:\Documents and Settings\Default User\PrintHood
2008-06-09 15:01:28 0 d--h----- K:\Documents and Settings\Default User\NetHood
2008-06-09 15:01:28 0 d-------- K:\Documents and Settings\Default User\My Documents
2008-06-09 15:01:28 0 dr-h----- K:\Documents and Settings\Default User\Local Settings
2008-06-09 15:01:28 0 d-------- K:\Documents and Settings\Default User\Favorites
2008-06-09 15:01:28 0 d-------- K:\Documents and Settings\Default User\Desktop
2008-06-09 15:01:28 0 d---s---- K:\Documents and Settings\Default User\Cookies
2008-06-09 15:01:28 0 d--h----- K:\Documents and Settings\All Users\Templates
2008-06-09 15:01:28 0 dr------- K:\Documents and Settings\All Users\Start Menu
2008-06-09 15:01:28 0 d-------- K:\Documents and Settings\All Users\Favorites
2008-06-09 15:01:28 0 dr------- K:\Documents and Settings\All Users\Documents
2008-06-09 15:01:28 0 d-------- K:\Documents and Settings\All Users\Desktop
2008-06-09 15:00:49 0 d-------- K:\WINDOWS\system32\CatRoot2
2008-06-09 15:00:49 0 d-------- K:\WINDOWS\system32\CatRoot
2008-06-09 15:00:44 0 dr-h----- K:\Documents and Settings\Default User\Application Data
2008-06-09 15:00:44 0 d---s---- K:\Documents and Settings\Default User\Application Data\Microsoft
2008-06-09 15:00:44 0 dr-h----- K:\Documents and Settings\All Users\Application Data
2008-06-09 15:00:44 0 d---s---- K:\Documents and Settings\All Users\Application Data\Microsoft
2008-06-09 15:00:23 0 d-------- K:\Documents and Settings
2008-06-09 14:56:40 0 d-------- K:\WINDOWS
2008-06-09 14:56:40 0 d-------- K:\WINDOWS\WinSxS
2008-06-09 14:56:40 0 dr------- K:\WINDOWS\Web
2008-06-09 14:56:40 0 d-------- K:\WINDOWS\twain_32
2008-06-09 14:56:40 0 d-------- K:\WINDOWS\system32
2008-06-09 14:56:40 0 d-------- K:\WINDOWS\system32\wins
2008-06-09 14:56:40 0 d-------- K:\WINDOWS\system32\wbem
2008-06-09 14:56:40 0 d-------- K:\WINDOWS\system32\usmt
2008-06-09 14:56:40 0 d-------- K:\WINDOWS\system32\spool
2008-06-09 14:56:40 0 d-------- K:\WINDOWS\system32\ShellExt
2008-06-09 14:56:40 0 d-------- K:\WINDOWS\system32\Setup
2008-06-09 14:56:40 0 d-------- K:\WINDOWS\system32\ras
2008-06-09 14:56:40 0 d-------- K:\WINDOWS\system32\oobe
2008-06-09 14:56:40 0 d-------- K:\WINDOWS\system32\npp
2008-06-09 14:56:40 0 d-------- K:\WINDOWS\system32\mui
2008-06-09 14:56:40 0 d-------- K:\WINDOWS\system32\inetsrv
2008-06-09 14:56:40 0 d-------- K:\WINDOWS\system32\IME
2008-06-09 14:56:40 0 d-------- K:\WINDOWS\system32\icsxml
2008-06-09 14:56:40 0 d-------- K:\WINDOWS\system32\ias
2008-06-09 14:56:40 0 d-------- K:\WINDOWS\system32\export
2008-06-09 14:56:40 0 d-------- K:\WINDOWS\system32\drivers
2008-06-09 14:56:40 0 d-------- K:\WINDOWS\system32\drivers\etc
2008-06-09 14:56:40 0 d-------- K:\WINDOWS\system32\drivers\disdn
2008-06-09 14:56:40 0 dr-hs--c- K:\WINDOWS\system32\dllcache
2008-06-09 14:56:40 0 d-------- K:\WINDOWS\system32\dhcp
2008-06-09 14:56:40 0 d-------- K:\WINDOWS\system32\config
2008-06-09 14:56:40 0 d-------- K:\WINDOWS\system32\3com_dmi
2008-06-09 14:56:40 0 d-------- K:\WINDOWS\system32\3076
2008-06-09 14:56:40 0 d-------- K:\WINDOWS\system32\2052
2008-06-09 14:56:40 0 d-------- K:\WINDOWS\system32\1054
2008-06-09 14:56:40 0 d-------- K:\WINDOWS\system32\1042
2008-06-09 14:56:40 0 d-------- K:\WINDOWS\system32\1041
2008-06-09 14:56:40 0 d-------- K:\WINDOWS\system32\1037
2008-06-09 14:56:40 0 d-------- K:\WINDOWS\system32\1033
2008-06-09 14:56:40 0 d-------- K:\WINDOWS\system32\1031
2008-06-09 14:56:40 0 d-------- K:\WINDOWS\system32\1028
2008-06-09 14:56:40 0 d-------- K:\WINDOWS\system32\1025
2008-06-09 14:56:40 0 d-------- K:\WINDOWS\system
2008-06-09 14:56:40 0 d-------- K:\WINDOWS\security
2008-06-09 14:56:40 0 d-------- K:\WINDOWS\Resources
2008-06-09 14:56:40 0 d-------- K:\WINDOWS\repair
2008-06-09 14:56:40 0 d-------- K:\WINDOWS\mui
2008-06-09 14:56:40 0 d-------- K:\WINDOWS\msapps
2008-06-09 14:56:40 0 d-------- K:\WINDOWS\msagent
2008-06-09 14:56:40 0 d-------- K:\WINDOWS\Media
2008-06-09 14:56:40 0 d-------- K:\WINDOWS\java
2008-06-09 14:56:40 0 d--h----- K:\WINDOWS\inf
2008-06-09 14:56:40 0 d-------- K:\WINDOWS\ime
2008-06-09 14:56:40 0 d-------- K:\WINDOWS\Help
2008-06-09 14:56:40 0 dr--s---- K:\WINDOWS\Fonts
2008-06-09 14:56:40 0 d-------- K:\WINDOWS\Driver Cache
2008-06-09 14:56:40 0 d-------- K:\WINDOWS\Debug
2008-06-09 14:56:40 0 d-------- K:\WINDOWS\Cursors
2008-06-09 14:56:40 0 d-------- K:\WINDOWS\Connection Wizard
2008-06-09 14:56:40 0 d-------- K:\WINDOWS\Config
2008-06-09 14:56:40 0 d-------- K:\WINDOWS\AppPatch
2008-06-09 14:56:40 0 d-------- K:\WINDOWS\addins


-- Find3M Report ---------------------------------------------------------------

2008-06-09 15:01:28 62 --ahs---- K:\Documents and Settings\Galen\Application Data\desktop.ini


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [06/08/2008 12:54 PM K:\WINDOWS\RTHDCPL.exe]
"Alcmtr"="ALCMTR.EXE" [06/08/2008 12:54 PM K:\WINDOWS\Alcmtr.exe]
"@"="" []
"AVG7_CC"="H:\avgcc.exe" [06/10/2008 08:49 AM]
"IgfxTray"="K:\WINDOWS\system32\igfxtray.exe" [06/27/2007 04:38 PM]
"HotKeysCmds"="K:\WINDOWS\system32\hkcmd.exe" [06/27/2007 04:38 PM]
"Persistence"="K:\WINDOWS\system32\igfxpers.exe" [06/27/2007 04:38 PM]
"Norton Ghost 12.0"="H:\NortonGhost\Agent\VProTray.exe" [05/07/2008 04:11 PM]
"SunJavaUpdateSched"="K:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [03/25/2008 04:28 AM]
"MSConfig"="K:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [04/14/2008 05:42 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="K:\WINDOWS\system32\ctfmon.exe" [04/14/2008 05:42 AM]
"Aim6"="K:\Program Files\AIM6\aim6.exe" [06/06/2008 09:04 AM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"AVG7_Run"=H:\avgw.exe /RUNONCE

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]
avgwlntf.dll 06/10/2008 07:29 AM 9216 K:\WINDOWS\system32\avgwlntf.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
K:\WINDOWS\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
"K:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe_ID0EYTHM]
K:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
"H:\Daemon\DAEMON Tools Lite\daemon.exe" -autorun

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"H:\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"K:\Program Files\Messenger\MSMSGS.EXE" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Ghost 12.0]
"H:\NortonGhost\Agent\VProTray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"K:\Program Files\QuickTime\QTTask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ee179fe9-366d-11dd-bfb2-806d6172696f}]
AutoRun\command- G:\PortableVault.exe

*Newly Created Service* - VIEWPOINT_MANAGER_SERVICE



-- Hosts -----------------------------------------------------------------------

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

8713 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-06-10 21:48:44 ------------


Extra text:

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 3.0
Architecture: X86; Language: English

CPU 0: Intel® Core™2 Quad CPU Q6600 @ 2.40GHz
Percentage of Memory in Use: 20%
Physical Memory (total/avail): 3318.17 MiB / 2622.5 MiB
Pagefile Memory (total/avail): 5202.04 MiB / 4580.84 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1914.42 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 124.21 GiB total, 124.14 GiB free.
D: is Fixed (NTFS) - 43.95 GiB total, 43.88 GiB free.
E: is Fixed (NTFS) - 465.75 GiB total, 296.11 GiB free.
F: is Fixed (NTFS) - 20.12 GiB total, 20.05 GiB free.
G: is Removable (FAT)
H: is Fixed (NTFS) - 184.33 GiB total, 182.95 GiB free.
I: is CDROM (No Media)
J: is CDROM (No Media)
K: is Fixed (NTFS) - 40.04 GiB total, 22.99 GiB free.
L: is Fixed (NTFS) - 891.46 GiB total, 891.26 GiB free.
M: is CDROM (No Media)

\\.\PHYSICALDRIVE1 - ST31000340AS - 931.51 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 40.04 GiB - K:
\PARTITION1 - Extended w/Extended Int 13 - 891.46 GiB - L:

\\.\PHYSICALDRIVE0 - ST3400620AS - 372.61 GiB - 4 partitions
\PARTITION0 - Installable File System - 124.21 GiB - C:
\PARTITION1 - Extended w/Extended Int 13 - 248.4 GiB - D: - F: - H:

\\.\PHYSICALDRIVE2 - Memorex TRAVELDRIVE 005B USB Device - 980.53 MiB - 1 partition
\PARTITION0 - Win95 w/Extended Int 13 - 982.98 MiB - G:

\\.\PHYSICALDRIVE3 - Disk drive - 465.76 GiB - 1 partition
\PARTITION0 - Installable File System - 465.75 GiB - E:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=K:\Documents and Settings\All Users
APPDATA=K:\Documents and Settings\Galen\Application Data
CLASSPATH=.;K:\Program Files\QuickTime\QTSystem\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=K:\Program Files\Common Files
COMPUTERNAME=GFUNK
ComSpec=K:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=K:
HOMEPATH=\Documents and Settings\Galen
LOGONSERVER=\\GFUNK
NUMBER_OF_PROCESSORS=4
OS=Windows_NT
Path=K:\WINDOWS\system32;K:\WINDOWS;K:\WINDOWS\System32\Wbem;K:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 11, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f0b
ProgramFiles=K:\Program Files
PROMPT=$P$G
QTJAVA=K:\Program Files\QuickTime\QTSystem\QTJava.zip
SESSIONNAME=Console
SystemDrive=K:
SystemRoot=K:\WINDOWS
TEMP=K:\DOCUME~1\Galen\LOCALS~1\Temp
TMP=K:\DOCUME~1\Galen\LOCALS~1\Temp
USERDOMAIN=GFUNK
USERNAME=Galen
USERPROFILE=K:\Documents and Settings\Galen
windir=K:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Galen (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 K:\WINDOWS\INF\PCHealth.inf
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
Add or Remove Adobe Creative Suite 3 Master Collection --> K:\Program Files\Common Files\Adobe\Installers\4dcfd9b7e901b57f81f667144603236\Setup.exe
Adobe After Effects CS3 --> MsiExec.exe /I{EB0202F7-016A-410C-ADE4-40F848CCC661}
Adobe After Effects CS3 Presets --> MsiExec.exe /I{193EAFD0-1BAF-4FB4-B18F-79D5D6A4B285}
Adobe Anchor Service CS3 --> MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3 --> MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3 --> MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting --> MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe BridgeTalk Plugin CS3 --> MsiExec.exe /I{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}
Adobe Camera Raw 4.0 --> MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps --> MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific --> MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings --> MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
Adobe Color EU Extra Settings --> MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings --> MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings --> MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Contribute CS3 --> MsiExec.exe /I{FC9E08AA-CD59-4C59-BEF9-87E05B9E37D7}
Adobe Creative Suite 3 Master Collection --> MsiExec.exe /I{8718DC03-D066-4957-94E5-50C3C5042E8E}
Adobe Default Language CS3 --> MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3 --> MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe Dreamweaver CS3 --> MsiExec.exe /I{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}
Adobe Encore CS3 --> MsiExec.exe /I{54B2EAD9-A110-43F7-B010-2859A1BD2AFE}
Adobe Encore CS3 Codecs --> MsiExec.exe /I{B8B7A4D8-80E1-4DAE-BD33-7FD535BA3931}
Adobe ExtendScript Toolkit 2 --> MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}
Adobe Extension Manager CS3 --> MsiExec.exe /I{BE5F3842-8309-4754-92D5-83E02E6077A3}
Adobe Fireworks CS3 --> MsiExec.exe /I{7DFC1012-D346-46CE-B03E-FF79125AE029}
Adobe Flash CS3 --> MsiExec.exe /I{6B52140A-F189-4945-BFFC-DB3F00B8C589}
Adobe Flash Player 9 ActiveX --> MsiExec.exe /X{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}
Adobe Flash Player 9 Plugin --> MsiExec.exe /X{88D422DB-E9C7-4E16-9D80-2999F4FD6AD9}
Adobe Flash Video Encoder --> MsiExec.exe /I{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}
Adobe Fonts All --> MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3 --> MsiExec.exe /I{7ACFB90E-8FD0-4397-AD3A-5195412623A3}
Adobe Illustrator CS3 --> MsiExec.exe /I{F08E8D2E-F132-4742-9C87-D5FF223A016A}
Adobe InDesign CS3 --> MsiExec.exe /I{CB3F8375-B600-4B9F-83C9-238ED1E583FD}
Adobe InDesign CS3 Icon Handler --> MsiExec.exe /I{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}
Adobe Linguistics CS3 --> MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe MotionPicture Color Files --> MsiExec.exe /I{6B708481-748A-4EB4-97C1-CD386244FF77}
Adobe PDF Library Files --> MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3 --> MsiExec.exe /I{0046FA01-C5B9-4985-BACB-398DC480FC05}
Adobe Premiere Pro CS3 --> MsiExec.exe /I{58DCEEE5-532E-44F4-B1D7-A146EF9E9FDA}
Adobe Premiere Pro CS3 Functional Content --> MsiExec.exe /I{50F102CA-4BE2-41A9-9810-5BB05EB91B9A}
Adobe Premiere Pro CS3 Third Party Content --> MsiExec.exe /I{485ACF57-F364-440A-8496-E1E81C8FA1AA}
Adobe Setup --> MsiExec.exe /I{4458C442-7376-4CF9-AF58-E8CEA6722363}
Adobe SING CS3 --> MsiExec.exe /I{B671CBFD-4109-4D35-9252-3062D3CCB7B2}
Adobe Soundbooth CS3 --> MsiExec.exe /I{A6B23EFA-6590-482C-A11F-5ACE1B91F5B9}
Adobe Soundbooth CS3 Codecs --> MsiExec.exe /I{0327FA9D-975C-448C-A086-577D57BB25B8}
Adobe Stock Photos CS3 --> MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support --> MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3 --> MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client --> MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe Version Cue CS3 Server --> MsiExec.exe /I{1D58229F-C505-45CA-8223-F35F3A34B963}
Adobe Video Profiles --> MsiExec.exe /I{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}
Adobe WAS CS3 --> MsiExec.exe /I{C5BD220A-EFE8-48A5-B70E-9503D535FACE}
Adobe WinSoft Linguistics Plugin --> MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP DVA Panels CS3 --> MsiExec.exe /I{0224CACC-994D-45F8-B973-D65056EA9C2F}
Adobe XMP Panels CS3 --> MsiExec.exe /I{D5A31AB1-345D-47C7-A87B-036A669F6DF1}
AHV content for Acrobat and Flash --> MsiExec.exe /I{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}
AIM 6 --> K:\Program Files\AIM6\uninst.exe
Apple Mobile Device Support --> MsiExec.exe /I{D8AB8F0C-CEEB-4A29-8EF5-219B064813F4}
Apple Software Update --> MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
AVG 7.5 --> H:\setup.exe /UNINSTALL
BitTorrent --> "K:\Program Files\BitTorrent\BitTorrent.exe" /UNINSTALL
Bonjour --> MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
Intel® Graphics Media Accelerator Driver --> K:\WINDOWS\system32\igxpun.exe -uninstall
iTunes --> MsiExec.exe /I{B85C4D19-6CEB-48CF-BD98-C887AC8C6F94}
Java™ 6 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160060}
LiveUpdate 3.2 (Symantec Corporation) --> "K:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Home and Student 2007 --> "K:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007 --> MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007 --> MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Mozilla Firefox (2.0.0.11) --> H:\Firefox\uninstall\helper.exe
Norton Ghost --> MsiExec.exe /I{B0255743-165B-4BD5-8DA8-37DFB9930012}
PDF Settings --> MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
PeerGuardian 2.0 --> "H:\PeerGuardian2\unins000.exe"
QuickTime --> MsiExec.exe /I{6EC874C2-F950-4B7E-A5B7-B1066D6B74AA}
REALTEK GbE & FE Ethernet PCI-E NIC Driver --> K:\Program Files\InstallShield Installation Information\{C9BED750-1211-4480-B1A5-718A3BE15525}\setup.exe -runfromtemp -l0x0009 -removeonly
Realtek High Definition Audio Driver --> RunDll32 K:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "K:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
Security Update for Excel 2007 (KB946974) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {85E83E2E-AF9B-439B-B4F9-EB9B7EF6A00E}
Security Update for Microsoft Office system 2007 (KB951808) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00}
Security Update for Microsoft Office Word 2007 (KB950113) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9}
Security Update for Office 2007 (KB947801) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {02B5A17B-01BE-4BA6-95F1-1CBB46EBC76E}
Spybot - Search & Destroy --> "H:\Spybot - Search & Destroy\unins000.exe"
Update for Office 2007 (KB946691) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Viewpoint Media Player --> K:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
Windows XP Service Pack 3 --> "K:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver --> K:\Program Files\WinRAR\uninstall.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type380 / Warning
Event Submitted/Written: 06/10/2008 09:29:32 PM
Event ID/Source: 1020 / ASP.NET 2.0.50727.0
Event Description:
Updates to the IIS metabase were aborted because IIS is either not installed or is disabled on this machine. To configure ASP.NET to run in IIS, please install or enable IIS and re-register ASP.NET using aspnet_regiis.exe /i.

Event Record #/Type352 / Warning
Event Submitted/Written: 06/10/2008 09:23:53 PM
Event ID/Source: 1015 / MsiInstaller
Event Description:
Failed to connect to server. Error: 0x800401F0

Event Record #/Type341 / Warning
Event Submitted/Written: 06/10/2008 08:23:19 PM
Event ID/Source: 1015 / MsiInstaller
Event Description:
Failed to connect to server. Error: 0x80080005

Event Record #/Type340 / Warning
Event Submitted/Written: 06/10/2008 08:22:24 PM
Event ID/Source: 1015 / MsiInstaller
Event Description:
Failed to connect to server. Error: 0x80080005

Event Record #/Type339 / Warning
Event Submitted/Written: 06/10/2008 08:21:54 PM
Event ID/Source: 1015 / MsiInstaller
Event Description:
Failed to connect to server. Error: 0x80080005



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type716 / Warning
Event Submitted/Written: 06/10/2008 09:32:32 PM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 001A70ACDAB3. The following
error occurred:
%%1223.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Event Record #/Type708 / Warning
Event Submitted/Written: 06/10/2008 09:30:55 PM
Event ID/Source: 20 / Print
Event Description:
Printer Driver Send To Microsoft OneNote Driver for Windows NT x86 Version-3 was added or updated. Files:- msonpdrv.dll, msonpui.dll, msonpui.dll.

Event Record #/Type707 / Warning
Event Submitted/Written: 06/10/2008 09:30:54 PM
Event ID/Source: 3 / Print
Event Description:
Printer Send To OneNote 2007 was deleted.

Event Record #/Type706 / Warning
Event Submitted/Written: 06/10/2008 09:30:54 PM
Event ID/Source: 4 / Print
Event Description:
Printer Send To OneNote 2007 is pending deletion.

Event Record #/Type695 / Error
Event Submitted/Written: 06/10/2008 09:26:43 PM
Event ID/Source: 20 / Windows Update Agent
Event Description:
Installation Failure: Windows failed to install the following update with error 0x80070652: Security Update for Microsoft Office Word 2007 (KB950113).



-- End of Deckard's System Scanner: finished at 2008-06-10 21:48:44 ------------

BC AdBot (Login to Remove)

 


m

#2 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,301 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:10:52 AM

Posted 05 July 2008 - 12:41 PM

Hello zoeybadm. :thumbsup: to BleepingComputer.com

My name is Billy O'Neal and I will be helping you. (Billy or Bill is fine)

We apologize for the delay in response we get overwhelmed at times but we are trying our best to keep up.
If you have since resolved the original problem you were having would appreciate you letting us know If not please perform the following below so I can have a look at the current condition of your machine.

Thanks and again sorry for the delay.

If you still would like help, please follow the following instructions:

Please run Deckard's System Scanner again, this time using these instructions:
(In the event you lost your copy, you can download a new one from here: Deckard's System Scanner)
  • Click on Start, click on Run
  • Copy and paste the following in the open window and then click OK:
    "%userprofile%\desktop\dss.exe" /config
  • This will open up DSS configuration
  • Click on Check All.
  • Click Scan.
    DSS will now run again.
  • Please post back both logs that open in notepad.
    Main.txt and Extra.txt
Next
Please do an online scan with Kaspersky WebScanner.
  • Please visit the Kaspersky Online Scanner website.
    Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.
  • Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
In your next reply, please make sure the following reports are present:
  • The Kaspersky scan report
  • DSS's Main.txt
  • DSS's Extra.txt

Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#3 zoeybadm

zoeybadm
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:10:52 AM

Posted 05 July 2008 - 11:47 PM

Here is the scan results as requested:

Kasp:

Saturday, July 5, 2008
Operating System: Microsoft Windows Vista Ultimate Edition, 64-bit Service Pack 1 (build 6001)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Saturday, July 05, 2008 19:24:44
Records in database: 916362
Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes
Scan area My Computer
A:\
C:\
D:\
E:\
F:\
H:\
I:\
J:\
K:\
L:\
Scan statistics
Files scanned 234605
Threat name 0
Infected objects 0
Suspicious objects 0
Duration of the scan 04:49:07

No malware has been detected. The scan area is clean.
The selected area was scanned.

Deckard:

Deckard's System Scanner v20071014.68
Run by Gfunk on 2008-07-05 14:05:48
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- Last 5 Restore Point(s) --
26: 2008-07-05 20:38:08 UTC - RP34 - Scheduled Checkpoint
25: 2008-07-04 10:00:16 UTC - RP33 - Windows Update
24: 2008-07-04 03:31:02 UTC - RP32 - Windows Update
23: 2008-07-03 18:57:18 UTC - RP31 - Installed iTunes
22: 2008-07-03 10:00:18 UTC - RP30 - Windows Update


-- First Restore Point --
1: 2008-06-25 03:38:36 UTC - RP7 - Windows Update


Backed up registry hives.
Performed disk cleanup.



-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-07-05 14:07:10
Platform: Windows Vista Service Pack 1 (6.00.6001)
MSIE: Internet Explorer (7.00.6000.16386)
Boot mode: Normal

Running processes:
E:\Users\Gfunk\Program Files (x86)\DNA\btdna.exe
H:\HP Software Update\hpwuSchd2.exe
H:\iTunes\iTunesHelper.exe
H:\Digital Imaging\bin\hpqtra08.exe
H:\Digital Imaging\bin\hpqste08.exe
H:\Digital Imaging\bin\hpqbam08.exe
H:\Digital Imaging\bin\hpqgpc01.exe
H:\Moz\firefox.exe
C:\Downloads\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [AVG7_CC] H:\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "H:\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] H:\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] H:\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [QuickTime Task] "H:\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "H:\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [ehTray.exe] E:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "E:\Users\Gfunk\Program Files (x86)\DNA\btdna.exe"
O4 - HKCU\..\Run: [WMPNSCFG] E:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] H:\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] H:\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] H:\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] H:\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = H:\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://H:\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (file missing)
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - E:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - E:\Program Files (x86)\Common Files\microsoft shared\Help\hxds.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - E:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - E:\Windows\System32\alg.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - E:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - H:\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - H:\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - H:\avgrssvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - H:\avgemc.exe
O23 - Service: Bonjour Service - Apple Inc. - E:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - E:\Windows\system32\DFSR.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - E:\Windows\system32\fxssvc.exe
O23 - Service: iPod Service - Apple Inc. - E:\Program Files (x86)\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - E:\Windows\system32\lsass.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - E:\Windows\System32\msdtc.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - E:\Windows\system32\lsass.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - E:\Windows\system32\lsass.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - E:\Windows\system32\locator.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - E:\Windows\system32\lsass.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - E:\Windows\system32\SLsvc.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - E:\Windows\System32\snmptrap.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - E:\Windows\System32\spoolsv.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - E:\Windows\system32\UI0Detect.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - E:\Windows\System32\vds.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - E:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - E:\Windows\system32\vssvc.exe
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - E:\Windows\system32\wbengine.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - E:\Windows\system32\wbem\WmiApSrv.exe
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - E:\Program Files (x86)\Windows Media Player\wmpnetwk.exe


--
End of file - 6955 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 ACPI (Microsoft ACPI Driver) - e:\windows\system32\drivers\acpi.sys (file missing)
R0 atapi (IDE Channel) - e:\windows\system32\drivers\atapi.sys (file missing)
R0 CLFS (Common Log (CLFS)) - e:\windows\system32\clfs.sys (file missing)
R0 crcdisk (Crcdisk Filter Driver) - e:\windows\system32\drivers\crcdisk.sys (file missing)
R0 disk (Disk Driver) - e:\windows\system32\drivers\disk.sys (file missing)
R0 Ecache (ReadyBoost Caching Driver) - e:\windows\system32\drivers\ecache.sys (file missing)
R0 FileInfo (File Information FS MiniFilter) - e:\windows\system32\drivers\fileinfo.sys (file missing)
R0 FltMgr - e:\windows\system32\drivers\fltmgr.sys (file missing)
R0 fvevol (BitLocker Drive Encryption Filter Driver) - e:\windows\system32\drivers\fvevol.sys (file missing)
R0 intelide - e:\windows\system32\drivers\intelide.sys (file missing)
R0 KSecDD - e:\windows\system32\drivers\ksecdd.sys (file missing)
R0 MountMgr (Mount Point Manager) - e:\windows\system32\drivers\mountmgr.sys (file missing)
R0 msisadrv (ISA/EISA Class Driver) - e:\windows\system32\drivers\msisadrv.sys (file missing)
R0 Mup - e:\windows\system32\drivers\mup.sys (file missing)
R0 NDIS (NDIS System Driver) - e:\windows\system32\drivers\ndis.sys (file missing)
R0 partmgr (Partition Manager) - e:\windows\system32\drivers\partmgr.sys (file missing)
R0 pci (PCI Bus Driver) - e:\windows\system32\drivers\pci.sys (file missing)
R0 spldr (Security Processor Loader Driver) - e:\windows\system32\drivers\spldr.sys (file missing)
R0 Tcpip (TCP/IP Protocol Driver) - e:\windows\system32\drivers\tcpip.sys (file missing)
R0 volmgr (Volume Manager Driver) - e:\windows\system32\drivers\volmgr.sys (file missing)
R0 volmgrx (Dynamic Volume Manager) - e:\windows\system32\drivers\volmgrx.sys (file missing)
R0 volsnap (Storage volumes) - e:\windows\system32\drivers\volsnap.sys (file missing)
R0 Wdf01000 (Kernel Mode Driver Frameworks service) - e:\windows\system32\drivers\wdf01000.sys (file missing)
R1 AFD (Ancilliary Function Driver for Winsock) - e:\windows\system32\drivers\afd.sys (file missing)
R1 AvgCln64 (AVG7 Clean Driver (x64)) - e:\windows\system32\drivers\avgcln64.sys (file missing)
R1 AvgMfx64 (AVG Minifilter x64 Resident Driver) - e:\windows\system32\drivers\avgmfx64.sys (file missing)
R1 cdrom (CD-ROM Driver) - e:\windows\system32\drivers\cdrom.sys (file missing)
R1 CSC (Offline Files Driver) - e:\windows\system32\drivers\csc.sys (file missing)
R1 DfsC (DFS Namespace Client Driver) - e:\windows\system32\drivers\dfsc.sys (file missing)
R1 kbdclass (Keyboard Class Driver) - e:\windows\system32\drivers\kbdclass.sys (file missing)
R1 kbdhid (Keyboard HID Driver) - e:\windows\system32\drivers\kbdhid.sys (file missing)
R1 mouclass (Mouse Class Driver) - e:\windows\system32\drivers\mouclass.sys (file missing)
R1 Msfs - e:\windows\system32\drivers\msfs.sys (file missing)
R1 NetBIOS (NetBIOS Interface) - e:\windows\system32\drivers\netbios.sys (file missing)
R1 netbt - e:\windows\system32\drivers\netbt.sys (file missing)
R1 Npfs - e:\windows\system32\drivers\npfs.sys (file missing)
R1 nsiproxy (NSI proxy service) - e:\windows\system32\drivers\nsiproxy.sys (file missing)
R1 Null - e:\windows\system32\drivers\null.sys (file missing)
R1 PSched (QoS Packet Scheduler) - e:\windows\system32\drivers\pacer.sys (file missing)
R1 RasAcd (Remote Access Auto Connection Driver) - e:\windows\system32\drivers\rasacd.sys (file missing)
R1 rdbss (Redirected Buffering Sub Sysytem) - e:\windows\system32\drivers\rdbss.sys (file missing)
R1 RDPCDD - e:\windows\system32\drivers\rdpcdd.sys (file missing)
R1 RDPENCDD (RDP Encoder Mirror Driver) - e:\windows\system32\drivers\rdpencdd.sys (file missing)
R1 Serial (Serial port driver) - e:\windows\system32\drivers\serial.sys (file missing)
R1 Smb (Message-oriented TCP/IP and TCP/IPv6 Protocol (SMB session)) - e:\windows\system32\drivers\smb.sys (file missing)
R1 tdx (NetIO Legacy TDI Support Driver) - e:\windows\system32\drivers\tdx.sys (file missing)
R1 TermDD (Terminal Device Driver) - e:\windows\system32\drivers\termdd.sys (file missing)
R1 VgaSave - e:\windows\system32\drivers\vga.sys (file missing)
R1 Wanarpv6 (Remote Access IPv6 ARP Driver) - e:\windows\system32\drivers\wanarp.sys (file missing)
R2 lltdio (Link-Layer Topology Discovery Mapper I/O Driver) - e:\windows\system32\drivers\lltdio.sys (file missing)
R2 luafv (UAC File Virtualization) - e:\windows\system32\drivers\luafv.sys (file missing)
R2 PEAUTH - e:\windows\system32\drivers\peauth.sys (file missing)
R2 rspndr (Link-Layer Topology Discovery Responder) - e:\windows\system32\drivers\rspndr.sys (file missing)
R2 secdrv (Security Driver) - e:\windows\system32\drivers\secdrv.sys (file missing)
R2 tcpipreg (TCP/IP Registry Compatibility) - e:\windows\system32\drivers\tcpipreg.sys (file missing)
R3 AvgWFPx64 (AVG7 Firewall Driver x64) - e:\windows\system32\drivers\avgwfpx64.sys (file missing)
R3 bowser - e:\windows\system32\drivers\bowser.sys (file missing)
R3 DXGKrnl (LDDM Graphics Subsystem) - e:\windows\system32\drivers\dxgkrnl.sys (file missing)
R3 fastfat (FAT12/16/32 File System Driver) - e:\windows\system32\drivers\fastfat.sys (file missing)
R3 fdc (Floppy Disk Controller Driver) - e:\windows\system32\drivers\fdc.sys (file missing)
R3 flpydisk (Floppy Disk Driver) - e:\windows\system32\drivers\flpydisk.sys (file missing)
R3 GEARAspiWDM - e:\windows\system32\drivers\gearaspiwdm.sys (file missing)
R3 HdAudAddService (Microsoft 1.1 UAA Function Driver for High Definition Audio Service) - e:\windows\system32\drivers\hdaudio.sys (file missing)
R3 HDAudBus (Microsoft UAA Bus Driver for High Definition Audio) - e:\windows\system32\drivers\hdaudbus.sys (file missing)
R3 HidUsb (Microsoft HID Class Driver) - e:\windows\system32\drivers\hidusb.sys (file missing)
R3 HTTP - e:\windows\system32\drivers\http.sys (file missing)
R3 igfx - e:\windows\system32\drivers\igdkmd64.sys (file missing)
R3 intelppm (Intel Processor Driver) - e:\windows\system32\drivers\intelppm.sys (file missing)
R3 iScsiPrt (iScsiPort Driver) - e:\windows\system32\drivers\msiscsi.sys (file missing)
R3 ksthunk (Kernel Streaming Thunks) - e:\windows\system32\drivers\ksthunk.sys (file missing)
R3 monitor (Microsoft Monitor Class Function Driver Service) - e:\windows\system32\drivers\monitor.sys (file missing)
R3 mouhid (Mouse HID Driver) - e:\windows\system32\drivers\mouhid.sys (file missing)
R3 mpsdrv (Windows Firewall Authorization Driver) - e:\windows\system32\drivers\mpsdrv.sys (file missing)
R3 MRxDAV (WebDav Client Redirector Driver) - e:\windows\system32\drivers\mrxdav.sys (file missing)
R3 mrxsmb (SMB MiniRedirector Wrapper and Engine) - e:\windows\system32\drivers\mrxsmb.sys (file missing)
R3 mrxsmb10 (SMB 1.x MiniRedirector) - e:\windows\system32\drivers\mrxsmb10.sys (file missing)
R3 mrxsmb20 (SMB 2.0 MiniRedirector) - e:\windows\system32\drivers\mrxsmb20.sys (file missing)
R3 mssmbios (Microsoft System Management BIOS Driver) - e:\windows\system32\drivers\mssmbios.sys (file missing)
R3 NativeWifiP (NativeWiFi Filter) - e:\windows\system32\drivers\nwifi.sys (file missing)
R3 NdisTapi (Remote Access NDIS TAPI Driver) - e:\windows\system32\drivers\ndistapi.sys (file missing)
R3 Ndisuio (NDIS Usermode I/O Protocol) - e:\windows\system32\drivers\ndisuio.sys (file missing)
R3 NdisWan (Remote Access NDIS WAN Driver) - e:\windows\system32\drivers\ndiswan.sys (file missing)
R3 NDProxy (NDIS Proxy) - e:\windows\system32\drivers\ndproxy.sys (file missing)
R3 Ntfs - e:\windows\system32\drivers\ntfs.sys (file missing)
R3 NuidFltr (NUID filter driver) - e:\windows\system32\drivers\nuidfltr.sys (file missing)
R3 Parport (Parallel port driver) - e:\windows\system32\drivers\parport.sys (file missing)
R3 PptpMiniport (WAN Miniport (PPTP)) - e:\windows\system32\drivers\raspptp.sys (file missing)
R3 Rasl2tp (WAN Miniport (L2TP)) - e:\windows\system32\drivers\rasl2tp.sys (file missing)
R3 RasPppoe (Remote Access PPPOE Driver) - e:\windows\system32\drivers\raspppoe.sys (file missing)
R3 RasSstp (WAN Miniport (SSTP)) - e:\windows\system32\drivers\rassstp.sys (file missing)
R3 rdpdr (Terminal Server Device Redirector Driver) - e:\windows\system32\drivers\rdpdr.sys (file missing)
R3 RDPWD (RDP Winstation Driver) - e:\windows\system32\drivers\rdpwd.sys (file missing)
R3 rt61x64 (Linksys Wireless-G PCI Adapter Driver) - e:\windows\system32\drivers\wmp54gv41x64.sys (file missing)
R3 RTL8169 (Realtek 8169 NT Driver) - e:\windows\system32\drivers\rtlh64.sys (file missing)
R3 Serenum (Serenum Filter Driver) - e:\windows\system32\drivers\serenum.sys (file missing)
R3 srv - e:\windows\system32\drivers\srv.sys (file missing)
R3 srv2 - e:\windows\system32\drivers\srv2.sys (file missing)
R3 srvnet - e:\windows\system32\drivers\srvnet.sys (file missing)
R3 swenum (Software Bus Driver) - e:\windows\system32\drivers\swenum.sys (file missing)
R3 TDTCP - e:\windows\system32\drivers\tdtcp.sys (file missing)
R3 tssecsrv (Terminal Services Security Filter Driver) - e:\windows\system32\drivers\tssecsrv.sys (file missing)
R3 tunmp (Microsoft Tun Miniport Adapter Driver) - e:\windows\system32\drivers\tunmp.sys (file missing)
R3 tunnel (Microsoft IPv6 Tunnel Miniport Adapter Driver) - e:\windows\system32\drivers\tunnel.sys (file missing)
R3 umbus (UMBus Enumerator Driver) - e:\windows\system32\drivers\umbus.sys (file missing)
R3 usbccgp (Microsoft USB Generic Parent Driver) - e:\windows\system32\drivers\usbccgp.sys (file missing)
R3 usbehci (Microsoft USB 2.0 Enhanced Host Controller Miniport Driver) - e:\windows\system32\drivers\usbehci.sys (file missing)
R3 usbhub (USB2 Enabled Hub) - e:\windows\system32\drivers\usbhub.sys (file missing)
R3 usbuhci (Microsoft USB Universal Host Controller Miniport Driver) - e:\windows\system32\drivers\usbuhci.sys (file missing)
R4 cdfs (CD/DVD File System Reader) - e:\windows\system32\drivers\cdfs.sys (file missing)

S3 agp440 (Intel AGP Bus Filter) - e:\windows\system32\drivers\agp440.sys (file missing)
S3 AsyncMac (RAS Asynchronous Media Driver) - e:\windows\system32\drivers\asyncmac.sys (file missing)
S3 BrFiltLo (Brother USB Mass-Storage Lower Filter Driver) - e:\windows\system32\drivers\brfiltlo.sys (file missing)
S3 BrFiltUp (Brother USB Mass-Storage Upper Filter Driver) - e:\windows\system32\drivers\brfiltup.sys (file missing)
S3 BrUsbSer (Brother MFC USB Serial WDM Driver) - e:\windows\system32\drivers\brusbser.sys (file missing)
S3 drmkaud (Microsoft Kernel DRM Audio Descrambler) - e:\windows\system32\drivers\drmkaud.sys (file missing)
S3 E1G60 (Intel® PRO/1000 NDIS 6 Adapter Driver) - e:\windows\system32\drivers\e1g6032e.sys (file missing)
S3 exfat (exFAT File System Driver) - e:\windows\system32\drivers\exfat.sys (file missing)
S3 Filetrace - e:\windows\system32\drivers\filetrace.sys (file missing)
S3 gagp30kx (Microsoft Generic AGPv3.0 Filter for K8 Processor Platforms) - e:\windows\system32\drivers\gagp30kx.sys (file missing)
S3 IpFilterDriver (IP Traffic Filter Driver) - e:\windows\system32\drivers\ipfltdrv.sys (file missing)
S3 IPNAT (IP Network Address Translator) - e:\windows\system32\drivers\ipnat.sys (file missing)
S3 IRENUM (IR Bus Enumerator) - e:\windows\system32\drivers\irenum.sys (file missing)
S3 Modem - e:\windows\system32\drivers\modem.sys (file missing)
S3 MSKSSRV (Microsoft Streaming Service Proxy) - e:\windows\system32\drivers\mskssrv.sys (file missing)
S3 MSPCLOCK (Microsoft Streaming Clock Proxy) - e:\windows\system32\drivers\mspclock.sys (file missing)
S3 MSPQM (Microsoft Streaming Quality Manager Proxy) - e:\windows\system32\drivers\mspqm.sys (file missing)
S3 MsRPC - e:\windows\system32\drivers\msrpc.sys (file missing)
S3 MSTEE (Microsoft Streaming Tee/Sink-to-Sink Converter) - e:\windows\system32\drivers\mstee.sys (file missing)
S3 nv_agp (NVIDIA nForce AGP Bus Filter) - e:\windows\system32\drivers\nv_agp.sys (file missing)
S3 QWAVEdrv (QWAVE driver) - e:\windows\system32\drivers\qwavedrv.sys (file missing)
S3 sffp_mmc (SFF Storage Protocol Driver for MMC) - e:\windows\system32\drivers\sffp_mmc.sys (file missing)
S3 sffp_sd (SFF Storage Protocol Driver for SDBus) - e:\windows\system32\drivers\sffp_sd.sys (file missing)
S3 StillCam (Still Serial Digital Camera Driver) - e:\windows\system32\drivers\serscan.sys (file missing)
S3 Tcpip6 (Microsoft IPv6 Protocol Driver) - e:\windows\system32\drivers\tcpip.sys (file missing)
S3 TDPIPE - e:\windows\system32\drivers\tdpipe.sys (file missing)
S3 uagp35 (Microsoft AGPv3.5 Filter) - e:\windows\system32\drivers\uagp35.sys (file missing)
S3 uliagpkx (Uli AGP Bus Filter) - e:\windows\system32\drivers\uliagpkx.sys (file missing)
S3 UMPass (Microsoft UMPass Driver) - e:\windows\system32\drivers\umpass.sys (file missing)
S3 USBSTOR (USB Mass Storage Driver) - e:\windows\system32\drivers\usbstor.sys (file missing)
S3 vga - e:\windows\system32\drivers\vgapnp.sys (file missing)
S3 Wanarp (Remote Access IP ARP Driver) - e:\windows\system32\drivers\wanarp.sys (file missing)
S3 WUDFRd - e:\windows\system32\drivers\wudfrd.sys (file missing)
S4 adp94xx - e:\windows\system32\drivers\adp94xx.sys (file missing)
S4 adpahci - e:\windows\system32\drivers\adpahci.sys (file missing)
S4 adpu160m - e:\windows\system32\drivers\adpu160m.sys (file missing)
S4 adpu320 - e:\windows\system32\drivers\adpu320.sys (file missing)
S4 aic78xx - e:\windows\system32\drivers\djsvs.sys (file missing)
S4 aliide - e:\windows\system32\drivers\aliide.sys (file missing)
S4 amdide - e:\windows\system32\drivers\amdide.sys (file missing)
S4 AmdK8 (AMD K8 Processor Driver) - e:\windows\system32\drivers\amdk8.sys (file missing)
S4 arc - e:\windows\system32\drivers\arc.sys (file missing)
S4 arcsas - e:\windows\system32\drivers\arcsas.sys (file missing)
S4 blbdrive - e:\windows\system32\drivers\blbdrive.sys (file missing)
S4 Brserid (Brother MFC Serial Port Interface Driver (WDM)) - e:\windows\system32\drivers\brserid.sys (file missing)
S4 BrSerWdm (Brother WDM Serial driver) - e:\windows\system32\drivers\brserwdm.sys (file missing)
S4 BrUsbMdm (Brother MFC USB Fax Only Modem) - e:\windows\system32\drivers\brusbmdm.sys (file missing)
S4 BTHMODEM (Bluetooth Serial Communications Driver) - e:\windows\system32\drivers\bthmodem.sys (file missing)
S4 circlass (Consumer IR Devices) - e:\windows\system32\drivers\circlass.sys (file missing)
S4 cmdide - e:\windows\system32\drivers\cmdide.sys (file missing)
S4 Compbatt (Microsoft Composite Battery Driver) - e:\windows\system32\drivers\compbatt.sys (file missing)
S4 elxstor - e:\windows\system32\drivers\elxstor.sys (file missing)
S4 ErrDev (Microsoft Hardware Error Device Driver) - e:\windows\system32\drivers\errdev.sys (file missing)
S4 HidBth (Microsoft Bluetooth HID Miniport) - e:\windows\system32\drivers\hidbth.sys (file missing)
S4 HidIr (Microsoft Infrared HID Driver) - e:\windows\system32\drivers\hidir.sys (file missing)
S4 HpCISSs - e:\windows\system32\drivers\hpcisss.sys (file missing)
S4 i2omp - e:\windows\system32\drivers\i2omp.sys (file missing)
S4 i8042prt (i8042 Keyboard and PS/2 Mouse Port Driver) - e:\windows\system32\drivers\i8042prt.sys (file missing)
S4 iaStorV (Intel RAID Controller Vista) - e:\windows\system32\drivers\iastorv.sys (file missing)
S4 iirsp - e:\windows\system32\drivers\iirsp.sys (file missing)
S4 IPMIDRV - e:\windows\system32\drivers\ipmidrv.sys (file missing)
S4 isapnp (PnP ISA/EISA Bus Driver) - e:\windows\system32\drivers\isapnp.sys (file missing)
S4 iteatapi (ITEATAPI_Service_Install) - e:\windows\system32\drivers\iteatapi.sys (file missing)
S4 iteraid (ITERAID_Service_Install) - e:\windows\system32\drivers\iteraid.sys (file missing)
S4 LSI_FC - e:\windows\system32\drivers\lsi_fc.sys (file missing)
S4 LSI_SAS - e:\windows\system32\drivers\lsi_sas.sys (file missing)
S4 LSI_SCSI - e:\windows\system32\drivers\lsi_scsi.sys (file missing)
S4 megasas - e:\windows\system32\drivers\megasas.sys (file missing)
S4 MegaSR - e:\windows\system32\drivers\megasr.sys (file missing)
S4 mpio (Microsoft Multi-Path Bus Driver) - e:\windows\system32\drivers\mpio.sys (file missing)
S4 Mraid35x - e:\windows\system32\drivers\mraid35x.sys (file missing)
S4 msahci - e:\windows\system32\drivers\msahci.sys (file missing)
S4 msdsm (Microsoft Multi-Path Device Specific Module) - e:\windows\system32\drivers\msdsm.sys (file missing)
S4 nfrd960 - e:\windows\system32\drivers\nfrd960.sys (file missing)
S4 nvraid (NVIDIA nForce RAID Driver ) - e:\windows\system32\drivers\nvraid.sys (file missing)
S4 nvstor - e:\windows\system32\drivers\nvstor.sys (file missing)
S4 ohci1394 (NEC FireWarden OHCI Compliant IEEE 1394 Host Controller) - e:\windows\system32\drivers\ohci1394.sys (file missing)
S4 pciide - e:\windows\system32\drivers\pciide.sys (file missing)
S4 pcmcia - e:\windows\system32\drivers\pcmcia.sys (file missing)
S4 Processor (Processor Driver) - e:\windows\system32\drivers\processr.sys (file missing)
S4 ql2300 (QLogic Fibre Channel Miniport Driver) - e:\windows\system32\drivers\ql2300.sys (file missing)
S4 ql40xx (QLogic iSCSI Miniport Driver) - e:\windows\system32\drivers\ql40xx.sys (file missing)
S4 sbp2port (SBP-2 Transport/Protocol Bus Driver) - e:\windows\system32\drivers\sbp2port.sys (file missing)
S4 sermouse (Serial Mouse Driver) - e:\windows\system32\drivers\sermouse.sys (file missing)
S4 sffdisk (SFF Storage Class Driver) - e:\windows\system32\drivers\sffdisk.sys (file missing)
S4 sfloppy (High-Capacity Floppy Disk Drive) - e:\windows\system32\drivers\sfloppy.sys (file missing)
S4 SiSRaid2 - e:\windows\system32\drivers\sisraid2.sys (file missing)
S4 SiSRaid4 - e:\windows\system32\drivers\sisraid4.sys (file missing)
S4 Sym_hi - e:\windows\system32\drivers\sym_hi.sys (file missing)
S4 Sym_u3 - e:\windows\system32\drivers\sym_u3.sys (file missing)
S4 Symc8xx - e:\windows\system32\drivers\symc8xx.sys (file missing)
S4 udfs - e:\windows\system32\drivers\udfs.sys (file missing)
S4 uliahci - e:\windows\system32\drivers\uliahci.sys (file missing)
S4 UlSata - e:\windows\system32\drivers\ulsata.sys (file missing)
S4 ulsata2 - e:\windows\system32\drivers\ulsata2.sys (file missing)
S4 usbcir (eHome Infrared Receiver (USBCIR)) - e:\windows\system32\drivers\usbcir.sys (file missing)
S4 usbohci (Microsoft USB Open Host Controller Miniport Driver) - e:\windows\system32\drivers\usbohci.sys (file missing)
S4 usbprint (Microsoft USB PRINTER Class) - e:\windows\system32\drivers\usbprint.sys (file missing)
S4 viaide - e:\windows\system32\drivers\viaide.sys (file missing)
S4 vsmraid - e:\windows\system32\drivers\vsmraid.sys (file missing)
S4 WacomPen (Wacom Serial Pen HID Driver) - e:\windows\system32\drivers\wacompen.sys (file missing)
S4 Wd (Microsoft Watchdog Timer Driver) - e:\windows\system32\drivers\wd.sys (file missing)
S4 WmiAcpi (Microsoft Windows Management Interface for ACPI) - e:\windows\system32\drivers\wmiacpi.sys (file missing)
S4 ws2ifsl (Winsock IFS driver) - e:\windows\system32\drivers\ws2ifsl.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "e:\program files (x86)\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Bonjour Service - "e:\program files (x86)\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>
R2 SamSs (Security Accounts Manager) - e:\windows\system32\lsass.exe (file missing)
R2 slsvc (Software Licensing) - e:\windows\system32\slsvc.exe (file missing)
R2 Spooler (Print Spooler) - e:\windows\system32\spoolsv.exe (file missing)
R2 Viewpoint Manager Service - "e:\program files (x86)\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager>
R3 KeyIso (CNG Key Isolation) - e:\windows\system32\lsass.exe (file missing)
R3 VSS (Volume Shadow Copy) - e:\windows\system32\vssvc.exe (file missing)

S3 ALG (Application Layer Gateway Service) - e:\windows\system32\alg.exe (file missing)
S3 DFSR (DFS Replication) - e:\windows\system32\dfsr.exe (file missing)
S3 Fax - e:\windows\system32\fxssvc.exe (file missing)
S3 MSDTC (Distributed Transaction Coordinator) - e:\windows\system32\msdtc.exe (file missing)
S3 Netlogon - e:\windows\system32\lsass.exe (file missing)
S3 ProtectedStorage (Protected Storage) - e:\windows\system32\lsass.exe (file missing)
S3 RpcLocator (Remote Procedure Call (RPC) Locator) - e:\windows\system32\locator.exe (file missing)
S3 SNMPTRAP (SNMP Trap) - e:\windows\system32\snmptrap.exe (file missing)
S3 UI0Detect (Interactive Services Detection) - e:\windows\system32\ui0detect.exe (file missing)
S3 vds (Virtual Disk) - e:\windows\system32\vds.exe (file missing)
S3 wbengine (Block Level Backup Engine Service) - "e:\windows\system32\wbengine.exe" (file missing)
S3 wmiApSrv (WMI Performance Adapter) - e:\windows\system32\wbem\wmiapsrv.exe (file missing)


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {36fc9e60-c465-11cf-8056-444553540000}
Description: USB Mass Storage Device
Device ID: USB\VID_05AC&PID_1301\000A270010D3798B
Manufacturer: Compatible USB storage device
Name: USB Mass Storage Device
PNP Device ID: USB\VID_05AC&PID_1301\000A270010D3798B
Service: USBSTOR

Class GUID: {36fc9e60-c465-11cf-8056-444553540000}
Description: USB Mass Storage Device
Device ID: USB\VID_05AC&PID_1204\000000C8D9B1
Manufacturer: Compatible USB storage device
Name: USB Mass Storage Device
PNP Device ID: USB\VID_05AC&PID_1204\000000C8D9B1
Service: USBSTOR

Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Description: Photosmart C7200 series
Device ID: ROOT\IMAGE\0000
Manufacturer: HP
Name: Photosmart C7200 series
PNP Device ID: ROOT\IMAGE\0000
Service: StillCam

Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Photosmart C7200 series
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Photosmart C7200 series
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:


-- Scheduled Tasks -------------------------------------------------------------

2008-07-05 13:19:26 418 --ah----- E:\Windows\Tasks\User_Feed_Synchronization-{824FDAE4-FE7B-41AA-B070-FAAE2B3A38D6}.job
2008-07-05 08:44:15 274 --a------ E:\Windows\Tasks\WebReg Photosmart C7200 series.job


-- Files created between 2008-06-05 and 2008-07-05 -----------------------------

2008-07-03 11:58:07 0 d-------- E:\Program Files (x86)\iPod
2008-07-03 03:00:32 0 d-------- E:\Program Files (x86)\MSXML 4.0
2008-07-02 16:16:27 0 d-------- E:\Program Files (x86)\Bonjour
2008-07-02 16:15:40 0 d-------- E:\Program Files (x86)\Common Files\Apple
2008-07-01 22:58:04 0 d-------- E:\Users\All Users\Apple Computer
2008-07-01 22:57:31 0 d-------- E:\Users\All Users\Apple
2008-07-01 22:57:31 0 d-------- E:\Program Files (x86)\Apple Software Update
2008-07-01 10:17:23 0 d-------- E:\Users\All Users\WEBREG
2008-07-01 09:54:42 0 d-------- E:\Users\All Users\HP Product Assistant
2008-07-01 09:54:31 0 d-------- E:\Windows\system32\spool
2008-07-01 09:54:15 0 d-------- E:\Program Files (x86)\Hewlett-Packard
2008-07-01 09:54:15 0 d-------- E:\Program Files (x86)\Common Files\Hewlett-Packard
2008-07-01 09:53:41 0 d-------- E:\Program Files (x86)\Common Files\HP
2008-07-01 09:53:10 0 d-------- E:\Users\All Users\Hewlett-Packard
2008-07-01 09:50:12 233472 --a------ E:\Windows\system32\hpzc35ha.dll <Not Verified; Hewlett Packard Corporation; HP Settings>
2008-07-01 09:50:09 671816 --a------ E:\Windows\system32\hpcdmc32.dll <Not Verified; HP; DMC>
2008-07-01 09:50:08 0 d-------- E:\Windows\LastGood.Tmp
2008-07-01 09:49:29 0 d-------- E:\Program Files (x86)\HP
2008-07-01 09:48:02 7262 -----n--- E:\Windows\hpomdl21.dat
2008-07-01 09:48:02 164771 --a------ E:\Windows\hpoins21.dat
2008-07-01 09:47:57 0 d-------- E:\Users\All Users\HP
2008-06-30 10:14:06 0 d-------- E:\Users\All Users\Office Genuine Advantage
2008-06-30 09:21:52 0 dr-h----- E:\MSOCache
2008-06-27 18:14:43 27248 --a------ E:\Windows\DIIUnin.dat
2008-06-27 18:14:41 2829 --a------ E:\Windows\DIIUnin.pif
2008-06-27 18:14:41 94208 --a------ E:\Windows\DIIUnin.exe <Not Verified; Blizzard Entertainment; Diablo II Uninstaller>
2008-06-27 09:27:28 0 d--hs---- E:\Users\Mcx1\Templates
2008-06-27 09:27:28 0 d--hs---- E:\Users\Mcx1\Start Menu
2008-06-27 09:27:28 0 d--hs---- E:\Users\Mcx1\SendTo
2008-06-27 09:27:28 0 d--hs---- E:\Users\Mcx1\Recent
2008-06-27 09:27:28 0 d--hs---- E:\Users\Mcx1\PrintHood
2008-06-27 09:27:28 0 d--hs---- E:\Users\Mcx1\NetHood
2008-06-27 09:27:28 0 d--hs---- E:\Users\Mcx1\My Documents
2008-06-27 09:27:28 0 d--hs---- E:\Users\Mcx1\Local Settings
2008-06-27 09:27:28 0 d--hs---- E:\Users\Mcx1\Cookies
2008-06-27 09:27:28 0 d--hs---- E:\Users\Mcx1\Application Data
2008-06-27 09:27:27 0 dr------- E:\Users\Mcx1\Videos
2008-06-27 09:27:27 0 d-------- E:\Users\Mcx1\Saved Games
2008-06-27 09:27:27 0 dr------- E:\Users\Mcx1\Pictures
2008-06-27 09:27:27 262144 --ahs---- E:\Users\Mcx1\NTUSER.DAT
2008-06-27 09:27:27 0 dr------- E:\Users\Mcx1\Music
2008-06-27 09:27:27 0 dr------- E:\Users\Mcx1\Links
2008-06-27 09:27:27 0 dr------- E:\Users\Mcx1\Favorites
2008-06-27 09:27:27 0 dr------- E:\Users\Mcx1\Downloads
2008-06-27 09:27:27 0 dr------- E:\Users\Mcx1\Documents
2008-06-27 09:27:27 0 dr------- E:\Users\Mcx1\Desktop
2008-06-27 09:27:27 0 d--h----- E:\Users\Mcx1\AppData
2008-06-25 18:23:41 0 d-------- E:\Users\All Users\Adobe
2008-06-25 18:23:37 0 d-------- E:\Program Files (x86)\Common Files\Adobe
2008-06-25 02:16:39 0 dr-h----- E:\$VAULT$.AVG
2008-06-24 23:49:14 0 d-------- E:\Users\Gfunk\Program Files (x86)
2008-06-24 22:45:10 0 d-------- E:\Program Files (x86)\Yahoo!
2008-06-24 22:30:38 0 d-------- E:\Users\All Users\Viewpoint
2008-06-24 22:30:37 0 d-------- E:\Users\All Users\acccore
2008-06-24 22:30:37 0 d-------- E:\Program Files (x86)\Viewpoint
2008-06-24 22:30:33 0 d-------- E:\Users\All Users\AOL
2008-06-24 22:30:33 0 d-------- E:\Users\All Users\AOL OCP
2008-06-24 22:30:23 0 d-------- E:\Program Files (x86)\Common Files\AOL
2008-06-24 22:30:14 0 d-------- E:\Program Files (x86)\AIM6
2008-06-24 22:07:19 0 d-------- E:\Program Files (x86)\Microsoft Works
2008-06-24 22:07:04 0 d-------- E:\Windows\PCHEALTH
2008-06-24 22:07:04 0 d-------- E:\Program Files (x86)\Microsoft.NET
2008-06-24 22:03:50 0 d-------- E:\Users\All Users\Microsoft Help
2008-06-24 22:03:42 0 d--hs---- E:\Windows\Installer
2008-06-24 21:28:34 0 d-------- E:\Program Files (x86)\DNA
2008-06-24 21:17:29 0 d-------- E:\Users\All Users\Grisoft
2008-06-24 21:17:29 0 d-------- E:\Users\All Users\avg7
2008-06-24 21:07:47 0 d-------- E:\Windows\Panther
2008-06-24 20:40:06 0 d-------- E:\Windows\system32\Macromed
2008-06-24 20:39:44 0 d-------- E:\Windows\system32\x64
2008-06-24 20:19:53 0 dr------- E:\Users\Gfunk\Searches
2008-06-24 20:19:43 0 dr------- E:\Users\Gfunk\Contacts
2008-06-24 20:19:39 0 dr------- E:\Users\Gfunk\Videos
2008-06-24 20:19:39 0 d--hs---- E:\Users\Gfunk\Templates
2008-06-24 20:19:39 0 d--hs---- E:\Users\Gfunk\Start Menu
2008-06-24 20:19:39 0 d--hs---- E:\Users\Gfunk\SendTo
2008-06-24 20:19:39 0 dr------- E:\Users\Gfunk\Saved Games
2008-06-24 20:19:39 0 d--hs---- E:\Users\Gfunk\Recent
2008-06-24 20:19:39 0 d--hs---- E:\Users\Gfunk\PrintHood
2008-06-24 20:19:39 0 dr------- E:\Users\Gfunk\Pictures
2008-06-24 20:19:39 1310720 --ahs---- E:\Users\Gfunk\NTUSER.DAT
2008-06-24 20:19:39 0 d--hs---- E:\Users\Gfunk\NetHood
2008-06-24 20:19:39 0 d--hs---- E:\Users\Gfunk\My Documents
2008-06-24 20:19:39 0 dr------- E:\Users\Gfunk\Music
2008-06-24 20:19:39 0 d--hs---- E:\Users\Gfunk\Local Settings
2008-06-24 20:19:39 0 dr------- E:\Users\Gfunk\Links
2008-06-24 20:19:39 0 dr------- E:\Users\Gfunk\Favorites
2008-06-24 20:19:39 0 dr------- E:\Users\Gfunk\Downloads
2008-06-24 20:19:39 0 dr------- E:\Users\Gfunk\Documents
2008-06-24 20:19:39 0 dr------- E:\Users\Gfunk\Desktop
2008-06-24 20:19:39 0 d--hs---- E:\Users\Gfunk\Cookies
2008-06-24 20:19:39 0 d--hs---- E:\Users\Gfunk\Application Data
2008-06-24 20:19:39 0 d--h----- E:\Users\Gfunk\AppData
2008-06-24 20:15:41 0 d-------- E:\Windows\Debug
2008-06-24 20:11:56 0 d-------- E:\Windows\SoftwareDistribution
2008-06-24 20:10:21 0 d-------- E:\Windows\CSC
2008-06-24 20:08:29 0 d-------- E:\Windows\Prefetch
2008-06-14 16:24:10 0 d--hs---- E:\System Volume Information


-- Find3M Report ---------------------------------------------------------------

2008-07-05 14:05:08 0 d-------- E:\Users\Gfunk\AppData\Roaming\DNA
2008-07-05 14:04:23 0 d-------- E:\Users\Gfunk\AppData\Roaming\BitTorrent
2008-07-05 11:08:43 0 d-------- E:\Users\Gfunk\AppData\Roaming\AVG7
2008-07-03 11:58:18 0 d-------- E:\Users\Gfunk\AppData\Roaming\Apple Computer
2008-07-02 16:15:40 0 d-------- E:\Program Files (x86)\Common Files
2008-07-01 10:17:33 0 d-------- E:\Users\Gfunk\AppData\Roaming\HP
2008-06-29 21:20:44 0 d-------- E:\Users\Gfunk\AppData\Roaming\vlc
2008-06-25 18:24:32 0 d-------- E:\Users\Gfunk\AppData\Roaming\Adobe
2008-06-24 22:36:26 0 d-------- E:\Users\Gfunk\AppData\Roaming\acccore
2008-06-24 21:16:17 0 d-------- E:\Users\Gfunk\AppData\Roaming\WinRAR
2008-06-24 21:02:03 0 d-------- E:\Users\Gfunk\AppData\Roaming\Mozilla
2008-06-24 20:41:45 0 d-------- E:\Program Files (x86)\Windows Mail
2008-06-24 20:40:07 0 d-------- E:\Users\Gfunk\AppData\Roaming\Macromedia
2008-06-24 20:19:45 0 d-------- E:\Users\Gfunk\AppData\Roaming\Identities


-- Registry Dump ---------------------------------------------------------------



-- End of Deckard's System Scanner: finished at 2008-07-05 14:07:38 ------------

Extra:

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft® Windows Vista™ Ultimate (build 6001) SP 1.0
Architecture: X64; Language: English

CPU 0: Intel® Core™2 Quad CPU Q6600 @ 2.40GHz
Percentage of Memory in Use: 47%
Physical Memory (total/avail): 4085.32 MiB / 2163.8 MiB
Pagefile Memory (total/avail): 8393.95 MiB / 6466.48 MiB
Virtual Memory (total/avail): 4095.88 MiB / 3937.07 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 124.21 GiB total, 115.17 GiB free.
D: is Fixed (NTFS) - 43.95 GiB total, 21.08 GiB free.
E: is Fixed (NTFS) - 931.51 GiB total, 855.8 GiB free.
F: is Fixed (NTFS) - 20.12 GiB total, 19.13 GiB free.
H: is Fixed (NTFS) - 184.33 GiB total, 180.31 GiB free.
I: is CDROM (CDFS)
J: is CDROM (CDFS)
K: is Fixed (NTFS) - 40.04 GiB total, 20.56 GiB free.
L: is Fixed (NTFS) - 891.46 GiB total, 816.14 GiB free.

\\.\PHYSICALDRIVE2 - ST31000340AS ATA Device - 931.51 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 40.04 GiB - K:
\PARTITION1 - Extended w/Extended Int 13 - 891.46 GiB - L:

\\.\PHYSICALDRIVE0 - ST3400620AS ATA Device - 372.61 GiB - 4 partitions
\PARTITION0 - Installable File System - 124.21 GiB - C:
\PARTITION1 - Extended w/Extended Int 13 - 248.4 GiB - D: - F: - H:

\\.\PHYSICALDRIVE1 - WDC WD10EAVS-00D7B0 ATA Device - 931.51 GiB - 1 partition
\PARTITION0 - Installable File System - 931.51 GiB - E:



-- Security Center -------------------------------------------------------------

Windows Internal Firewall is enabled.

AV: AVG 7.5.523 v7.5.523 (Grisoft)
AS: AVG 7.5.523 v7.5.523 (Grisoft)
AS: Windows Defender v1.1.1505.0 (Microsoft Corporation)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"H:\\BitTorrentVista\\bittorrent.exe"="H:\\BitTorrentVista\\bittorrent.exe:*:Enabled:BitTorrent"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=E:\ProgramData
APPDATA=E:\Users\Gfunk\AppData\Roaming
CLASSPATH=.;H:\QTSystem\QTJava.zip
CommonProgramFiles=E:\Program Files (x86)\Common Files
CommonProgramFiles(x86)=E:\Program Files (x86)\Common Files
CommonProgramW6432=E:\Program Files\Common Files
COMPUTERNAME=GFUNK-PC
ComSpec=E:\Windows\system32\cmd.exe
DFSTRACINGON=FALSE
FP_NO_HOST_CHECK=NO
HOMEDRIVE=E:
HOMEPATH=\Users\Gfunk
LOCALAPPDATA=E:\Users\Gfunk\AppData\Local
LOGONSERVER=\\GFUNK-PC
NUMBER_OF_PROCESSORS=4
OS=Windows_NT
Path=E:\Windows\system32;E:\Windows;E:\Windows\System32\Wbem;H:\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_ARCHITEW6432=AMD64
PROCESSOR_IDENTIFIER=Intel64 Family 6 Model 15 Stepping 11, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f0b
ProgramData=E:\ProgramData
ProgramFiles=E:\Program Files (x86)
ProgramFiles(x86)=E:\Program Files (x86)
ProgramW6432=E:\Program Files
PROMPT=$P$G
PUBLIC=E:\Users\Public
QTJAVA=H:\QTSystem\QTJava.zip
SystemDrive=E:
SystemRoot=E:\Windows
TEMP=E:\Users\Gfunk\AppData\Local\Temp
TMP=E:\Users\Gfunk\AppData\Local\Temp
TRACE_FORMAT_SEARCH_PATH=\\NTREL202.ntdev.corp.microsoft.com\34FB5F65-FFEB-4B61-BF0E-A6A76C450FAA\TraceFormat
USERDOMAIN=Gfunk-PC
USERNAME=Gfunk
USERPROFILE=E:\Users\Gfunk
windir=E:\Windows


-- User Profiles ---------------------------------------------------------------

Gfunk
Mcx1


-- Add/Remove Programs ---------------------------------------------------------

Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742) --> MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Flash Player ActiveX --> E:\Windows\SysWOW64\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> E:\Windows\SysWOW64\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Reader 8.1.2 Security Update 1 (KB403742) -->
AIM 6 --> E:\Program Files (x86)\AIM6\uninst.exe
Apple Software Update --> MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
AVG 7.5 --> H:\setup.exe /UNINSTALL
BitTorrent --> H:\BitTorrentVista\uninst.exe
Diablo II --> E:\Windows\DIIUnin.exe E:\Windows\DIIUnin.dat
DNA --> "E:\Users\Gfunk\Program Files (x86)\DNA\btdna.exe" /UNINSTALL
HP Update --> MsiExec.exe /X{11B83AD3-7A46-4C2E-A568-9505981D4C6F}
Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Home and Student 2007 --> "E:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007 --> MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007 --> MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Mozilla Firefox (3.0) --> H:\Moz\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181) --> MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833) --> MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
PeerGuardian 2.0 --> "H:\PeerGuardianvista\unins000.exe"
QuickTime --> MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175}
Security Update for Excel 2007 (KB946974) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {85E83E2E-AF9B-439B-B4F9-EB9B7EF6A00E}
Security Update for Microsoft Office system 2007 (KB951808) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00}
Security Update for Microsoft Office Word 2007 (KB950113) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9}
Security Update for Office 2007 (KB947801) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {02B5A17B-01BE-4BA6-95F1-1CBB46EBC76E}
Update for Office 2007 (KB946691) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
VideoLAN VLC media player 0.8.6h --> H:\VLC\uninstall.exe
Viewpoint Media Player --> E:\Program Files (x86)\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
WinRAR archiver --> E:\Program Files (x86)\WinRAR\uninstall.exe
Yahoo! Install Manager --> E:\Windows\system32\regsvr32 /u E:\PROGRA~2\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Widgets --> H:\Widgets\uninstall.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type1123 / Error
Event Submitted/Written: 07/05/2008 01:59:54 PM
Event ID/Source: 1002 / Application Hang
Event Description:
The program pg2.exe version 1.0.6.4 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 304
Start Time: 01c8decd0cc5c35c
Termination Time: 3

Event Record #/Type1107 / Error
Event Submitted/Written: 07/05/2008 08:45:39 AM
Event ID/Source: 10 / WinMgmt
Event Description:
//./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Event Record #/Type1101 / Success
Event Submitted/Written: 07/05/2008 08:44:27 AM
Event ID/Source: 5617 / WinMgmt
Event Description:


Event Record #/Type1100 / Success
Event Submitted/Written: 07/05/2008 08:44:27 AM
Event ID/Source: 902 / Software Licensing Service
Event Description:
The Software Licensing service has started.

Event Record #/Type1099 / Success
Event Submitted/Written: 07/05/2008 08:44:26 AM
Event ID/Source: 5615 / WinMgmt
Event Description:




-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type8232 / Warning
Event Submitted/Written: 07/05/2008 02:07:21 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%%8271.1.1600.0{10510673-9836-4BED-A8F7-FB32F57CCF9C}Gfunk-PCGfunkS-1-5-21-2929319052-3447138732-312726701-1000Unknown%%832driver:huy320%%807

Event Record #/Type8231 / Warning
Event Submitted/Written: 07/05/2008 02:07:21 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%%8271.1.1600.0{55250C23-4CD7-4D4A-B04B-EE1756456E3F}Gfunk-PCGfunkS-1-5-21-2929319052-3447138732-312726701-1000Unknown%%832driver:xpdt0%%807

Event Record #/Type8230 / Warning
Event Submitted/Written: 07/05/2008 02:07:21 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%%8271.1.1600.0{FC492956-BBAD-4AF2-B134-F04BBF1D5E5B}Gfunk-PCGfunkS-1-5-21-2929319052-3447138732-312726701-1000Unknown%%832service:huy320%%807

Event Record #/Type8229 / Warning
Event Submitted/Written: 07/05/2008 02:07:21 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%%8271.1.1600.0{E0D7C592-8452-46F0-8974-21029AD33FF4}Gfunk-PCGfunkS-1-5-21-2929319052-3447138732-312726701-1000Unknown%%832service:xpdt0%%807

Event Record #/Type8218 / Warning
Event Submitted/Written: 07/05/2008 01:32:42 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.



-- End of Deckard's System Scanner: finished at 2008-07-05 14:07:38 ------------

#4 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,301 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:10:52 AM

Posted 06 July 2008 - 01:23 PM

Hello, zoeybadm.

I don't see any malware. Are you experiencing problems?

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#5 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,301 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:10:52 AM

Posted 16 July 2008 - 12:00 PM

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please send me or another moderator a PM.

Everyone else please begin a new topic.
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users