Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Comp Running Very Slow, Numerous Popups, Crashing Ie


  • Please log in to reply
19 replies to this topic

#1 Crewdawg77

Crewdawg77

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:18 PM

Posted 29 June 2008 - 09:36 AM

My computer is seriously lagging, and everytime I open IE it multiplies itself over and over to where ive go about 10o IE windows open. Also my CPU constantly peaks oput at 100% not sure why. Any help is appreciated, Thanks for your time.

My logs



Deckard's System Scanner v20071014.68
Run by Darrell on 2008-06-29 23:19:17
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- Last 5 Restore Point(s) --
7: 2008-06-29 12:17:43 UTC - RP63 - Installed
6: 2008-06-29 09:48:42 UTC - RP62 - Scheduled Checkpoint
5: 2008-06-28 04:27:39 UTC - RP61 - Installed
4: 2008-06-28 03:29:28 UTC - RP60 - Windows Update
3: 2008-06-27 18:02:00 UTC - RP59 - Windows Update


-- First Restore Point --
1: 2008-06-27 16:38:42 UTC - RP57 - Windows Update


Backed up registry hives.
Performed disk cleanup.



-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-06-29 23:22:00
Platform: Windows Vista (6.00.6000)
MSIE: Internet Explorer (7.00.6000.16386)
Boot mode: Normal

Running processes:
C:\Windows\System32\dwm.exe
C:\Windows\explorer.exe
C:\Program Files\CSR\Vista Profile Pack\BtHidUi.exe
C:\Program Files\CSR\Vista Profile Pack\HidSw.exe
C:\Windows\System32\taskeng.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
C:\DELL\Utilities\Dell Premium Remote Control\WMPControllerServer.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
C:\Windows\System32\wuauclt.exe
C:\Users\Darrell\Desktop\dss.exe
C:\Windows\System32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rlslog.net/category/movies/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {D70B30A4-CE44-4ED4-8962-5A6E49376350} - C:\Windows\system32\efcAPJbx.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar2.dll
O4 - HKLM\..\Run: [BtHidUi] C:\Program Files\CSR\Vista Profile Pack\BtHidUi.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [BMdf90c999] Rundll32.exe "C:\Users\Darrell\AppData\Local\Temp\bsjqhset.dll",s
O4 - HKCU\..\Run: [dca3fa05] rundll32.exe "C:\Users\Darrell\AppData\Local\Temp\hjkjtiys.dll",b
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'NETWORK SERVICE')
O4 - Startup: CCC.lnk = C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: QuickSet.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\network diagnostic\xpnetdiag.exe
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\microsoft shared\Web Folders\PKMCDO.DLL
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\MSITSS.DLL
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\microsoft shared\Web Components\10\OWC10.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\System32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bluetooth Feature Support (BthFilterHelper) - CSR, plc - C:\Program Files\CSR\Vista Profile Pack\BthFilterHelper.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Nero BackItUp Scheduler 3 - Unknown owner - C:\Program Files\Nero\Nero8\Nero
O23 - Service: Dell Internal Network Card Power Management (NICCONFIGSVC) - Dell Inc. - C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\System32\IoctlSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\Windows\System32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\System32\PnkBstrA.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\System32\stacsv.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Unknown owner - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O23 - Service: WMPControllerService - Dell, Inc - C:\DELL\Utilities\Dell Premium Remote Control\WMPControllerService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\System32\drivers\XAudio.exe


--
End of file - 9795 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 APPDRV - c:\windows\system32\drivers\appdrv.sys <Not Verified; Dell Inc; Application Driver>
R1 OMCI - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Computer Corporation; OMCI Driver>
R2 rimsptsk - c:\windows\system32\drivers\rimsptsk.sys <Not Verified; REDC; Ricoh Memorystick Controller>
R2 s24trans (WLAN Transport) - c:\windows\system32\drivers\s24trans.sys <Not Verified; Intel Corporation; Intel Wireless LAN Packet Driver>

S1 Tosrfcom (Bluetooth RFCOMM from TOSHIBA) - c:\windows\system32\drivers\tosrfcom.sys <Not Verified; TOSHIBA Corporation; Bluetooth RFCOMM Driver>
S3 CSRBC (CSRBC.Sys CSR test driver) - c:\windows\system32\drivers\csrbcxp.sys <Not Verified; CSR, plc; CsrUsb Device Driver>
S3 LVPrcMon (Logitech LVPrcMon Driver) - \??\c:\windows\system32\drivers\lvprcmon.sys
S3 pcouffin (VSO Software pcouffin) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
S3 tosrfnds (Bluetooth Personal Area Network from TOSHIBA) - c:\windows\system32\drivers\tosrfnds.sys <Not Verified; TOSHIBA Corporation.; Bluetooth BNEP Driver from TOSHIBA>
S3 WpdUsb - c:\windows\system32\drivers\wpdusb.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 BthFilterHelper (Bluetooth Feature Support) - "c:\program files\csr\vista profile pack\bthfilterhelper.exe" <Not Verified; CSR, plc; BthFilter Helper Service>
R2 Nero BackItUp Scheduler 3 - c:\program files\nero\nero8\nero backitup\nbservice.exe
R2 PLFlash DeviceIoControl Service - c:\windows\system32\ioctlsvc.exe <Not Verified; Prolific Technology Inc.; IoctlSvc Application>
R2 RegSrvc (Intel® PROSet/Wireless Registry Service) - c:\program files\intel\wireless\bin\regsrvc.exe <Not Verified; Intel Corporation; Intel® PROSet/Wireless Registry Service>
R2 STacSV (SigmaTel Audio Service) - c:\windows\system32\stacsv.exe <Not Verified; SigmaTel, Inc.; C-Major Audio>
R2 WMPControllerService - "c:\dell\utilities\dell premium remote control\wmpcontrollerservice.exe" <Not Verified; Dell, Inc; Dell Premium Remote Control Service>

S2 WLANKEEPER (Intel® PROSet/Wireless SSO Service) - c:\program files\intel\wireless\bin\wlkeeper.exe (file missing)
S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Broadcom NetXtreme 57xx Gigabit Controller
Device ID: PCI\VEN_14E4&DEV_16F7&SUBSYS_01BF1028&REV_21\4&4BC62&0&00E2
Manufacturer: Broadcom
Name: Broadcom NetXtreme 57xx Gigabit Controller
PNP Device ID: PCI\VEN_14E4&DEV_16F7&SUBSYS_01BF1028&REV_21\4&4BC62&0&00E2
Service: b57nd60x


-- Files created between 2008-05-29 and 2008-06-29 -----------------------------

2008-06-27 18:22:53 0 d-------- C:\Program Files\Alwil Software
2008-06-27 16:38:17 171136 -rahs---- C:\grldr
2008-06-25 20:12:06 0 d-------- C:\Users\All Users\Logishrd
2008-06-25 20:12:03 0 d-------- C:\Users\All Users\Logitech
2008-06-25 20:12:00 0 d-------- C:\Program Files\Common Files\LogiShrd
2008-06-24 20:05:42 0 d-------- C:\Program Files\Nero
2008-06-24 20:05:41 0 d-------- C:\Users\All Users\Nero
2008-06-24 20:05:41 0 d-------- C:\Program Files\Common Files\Nero
2008-06-24 20:02:10 1199 --ahs---- C:\Windows\system32\xbJPAcfe.ini2
2008-06-24 19:21:21 0 d-------- C:\Users\All Users\Dell
2008-06-24 03:31:45 0 d-------- C:\Windows\Panther
2008-06-23 22:57:43 0 d-------- C:\Users\Darrell\{1a682cec-35e8-476b-a420-b9105b1446ba}
2008-06-23 22:57:39 43520 --a------ C:\Windows\system32\drivers\rimsptsk.sys <Not Verified; REDC; Ricoh Memorystick Controller>
2008-06-23 20:35:37 65536 --a------ C:\Windows\system32\ltserial.dll
2008-06-23 19:24:52 81920 --a------ C:\Windows\system32\viscomwave.dll <Not Verified; Viscom Software; >
2008-06-23 19:24:51 323584 --a------ C:\Windows\system32\FoxImager.dll
2008-06-23 19:24:44 0 d-------- C:\Users\All Users\TEMP
2008-06-23 17:01:12 0 d-------- C:\Program Files\CSR
2008-06-23 15:35:08 0 d-------- C:\temp
2008-06-23 14:39:01 1660 --a------ C:\Windows\bthservsdp.dat
2008-06-23 12:51:19 0 d-------- C:\Users\All Users\Kaspersky Lab Setup Files
2008-06-23 12:10:53 0 d-------- C:\Users\All Users\Kaspersky Lab
2008-06-23 11:49:33 0 d-------- C:\Program Files\ATI
2008-06-23 11:23:01 32 --a------ C:\Users\All Users\ezsid.dat
2008-06-23 11:21:54 0 dr------- C:\Users\Darrell\Searches
2008-06-23 11:21:45 0 dr------- C:\Users\Darrell\Contacts
2008-06-23 11:08:38 33460 --a------ C:\Windows\system32\emptyregdb.dat
2008-06-23 10:43:31 0 dr------- C:\Users\Darrell\Videos
2008-06-23 10:43:31 0 d--hs---- C:\Users\Darrell\Templates
2008-06-23 10:43:31 0 d--hs---- C:\Users\Darrell\Start Menu
2008-06-23 10:43:31 0 d--hs---- C:\Users\Darrell\SendTo
2008-06-23 10:43:31 0 dr------- C:\Users\Darrell\Saved Games
2008-06-23 10:43:31 0 d--hs---- C:\Users\Darrell\Recent
2008-06-23 10:43:31 0 d--h----- C:\Users\Darrell\PrintHood
2008-06-23 10:43:31 0 dr------- C:\Users\Darrell\Pictures
2008-06-23 10:43:31 2621440 --ahs---- C:\Users\Darrell\NTUSER.DAT
2008-06-23 10:43:31 0 d--hs---- C:\Users\Darrell\NetHood
2008-06-23 10:43:31 0 d--hs---- C:\Users\Darrell\My Documents
2008-06-23 10:43:31 0 dr------- C:\Users\Darrell\Music
2008-06-23 10:43:31 0 d--h----- C:\Users\Darrell\Local Settings
2008-06-23 10:43:31 0 dr------- C:\Users\Darrell\Links
2008-06-23 10:43:31 0 dr------- C:\Users\Darrell\Favorites
2008-06-23 10:43:31 0 dr------- C:\Users\Darrell\Downloads
2008-06-23 10:43:31 0 dr------- C:\Users\Darrell\Documents
2008-06-23 10:43:31 0 dr------- C:\Users\Darrell\Desktop
2008-06-23 10:43:31 0 d--hs---- C:\Users\Darrell\Cookies
2008-06-23 10:43:31 0 d--hs---- C:\Users\Darrell\Application Data
2008-06-23 10:43:31 0 d--h----- C:\Users\Darrell\AppData
2008-06-23 10:42:19 0 d-------- C:\Windows\system32\URTTEMP
2008-06-23 10:42:07 0 d--hs---- C:\Windows\Installer
2008-06-23 10:38:00 0 d-------- C:\Windows\Debug
2008-06-23 10:33:14 0 d-------- C:\Windows\Prefetch
2008-06-23 10:11:05 0 d--hs---- C:\Boot
2008-06-22 22:43:23 0 d-------- C:\Users\All Users\Microsoft Corporation
2008-06-22 22:43:04 0 d-------- C:\Program Files\Microsoft Windows Vista Upgrade Advisor
2008-06-22 22:38:55 0 d-------- C:\doctemp
2008-06-22 20:31:03 0 d-------- C:\kav
2008-06-22 18:54:59 0 d-------- C:\Users\All Users\1Click DVD Copy Pro
2008-06-22 18:54:16 47360 --a------ C:\Windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
2008-06-15 21:05:48 2682880 --a------ C:\Windows\system32\vcredist_x86.exe <Not Verified; Microsoft Corporation; Microsoft Visual C++ 2005 Redistributable>
2008-06-15 21:05:48 416 --a------ C:\Windows\system32\vcredist_x86.bat
2008-06-15 21:05:44 94208 --a------ C:\Windows\system32\GTW32N50.dll
2008-06-15 21:05:44 15872 --a------ C:\Windows\system32\GTNDIS5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); >


-- Find3M Report ---------------------------------------------------------------

2008-06-29 21:20:08 0 d-------- C:\Users\Darrell\AppData\Roaming\Skype
2008-06-29 21:17:09 0 d-------- C:\Users\Darrell\AppData\Roaming\skypePM
2008-06-25 22:17:26 0 d-------- C:\Program Files\Microsoft Games
2008-06-25 22:11:56 0 d-------- C:\Program Files\Common Files
2008-06-25 20:12:00 0 d-------- C:\Program Files\Logitech
2008-06-24 20:32:37 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-24 20:10:35 0 d-------- C:\Users\Darrell\AppData\Roaming\Nero
2008-06-24 19:41:33 0 d-------- C:\Program Files\Roxio
2008-06-23 17:01:12 0 d-------- C:\Users\Darrell\AppData\Roaming\CSR
2008-06-23 16:07:37 174 --ahs---- C:\Program Files\desktop.ini
2008-06-23 16:02:00 0 d-------- C:\Program Files\Windows Calendar
2008-06-23 16:01:56 0 d-------- C:\Program Files\Windows Mail
2008-06-23 16:01:49 0 d-------- C:\Program Files\Windows Defender
2008-06-23 16:01:39 0 d-------- C:\Program Files\Windows Sidebar
2008-06-23 14:53:32 0 d-------- C:\Program Files\Dell
2008-06-23 11:01:04 0 d-------- C:\Users\Darrell\AppData\Roaming\Yahoo!
2008-06-23 11:01:04 0 d-------- C:\Users\Darrell\AppData\Roaming\Talkback
2008-06-23 11:01:03 0 d-------- C:\Users\Darrell\AppData\Roaming\Sun
2008-06-23 11:01:03 0 d-------- C:\Users\Darrell\AppData\Roaming\Sonic
2008-06-23 11:01:02 0 dr-h----- C:\Users\Darrell\AppData\Roaming\SecuROM
2008-06-23 11:01:02 0 d-------- C:\Users\Darrell\AppData\Roaming\PC Suite
2008-06-23 11:01:02 0 d-------- C:\Users\Darrell\AppData\Roaming\Nokia
2008-06-23 11:01:02 0 d-------- C:\Users\Darrell\AppData\Roaming\Nokia Multimedia Player
2008-06-23 11:01:02 0 d-------- C:\Users\Darrell\AppData\Roaming\Mozilla
2008-06-23 11:01:00 0 d-------- C:\Users\Darrell\AppData\Roaming\Macromedia
2008-06-23 11:01:00 0 d-------- C:\Users\Darrell\AppData\Roaming\LimeWire
2008-06-23 11:01:00 0 d-------- C:\Users\Darrell\AppData\Roaming\Leadertech
2008-06-23 11:00:59 0 d-------- C:\Users\Darrell\AppData\Roaming\Intel
2008-06-23 11:00:59 0 d-------- C:\Users\Darrell\AppData\Roaming\InstallShield
2008-06-23 11:00:59 0 d-------- C:\Users\Darrell\AppData\Roaming\Identities
2008-06-23 11:00:59 0 d-------- C:\Users\Darrell\AppData\Roaming\HP
2008-06-23 11:00:59 0 d-------- C:\Users\Darrell\AppData\Roaming\gtk-2.0
2008-06-23 11:00:59 0 d-------- C:\Users\Darrell\AppData\Roaming\Google
2008-06-23 11:00:59 0 d-------- C:\Users\Darrell\AppData\Roaming\DAEMON Tools
2008-06-23 11:00:59 0 d-------- C:\Users\Darrell\AppData\Roaming\CyberLink
2008-06-23 11:00:59 0 d-------- C:\Users\Darrell\AppData\Roaming\COWON
2008-06-23 11:00:59 0 d-------- C:\Users\Darrell\AppData\Roaming\Auslogics
2008-06-23 11:00:59 0 d-------- C:\Users\Darrell\AppData\Roaming\ATI
2008-06-23 11:00:59 0 d-------- C:\Users\Darrell\AppData\Roaming\Apple Computer
2008-06-23 11:00:59 0 d-------- C:\Users\Darrell\AppData\Roaming\Adobe
2008-06-23 10:53:12 0 d-------- C:\Program Files\Yahoo!
2008-06-23 10:53:05 0 d-------- C:\Program Files\Windows Plus
2008-06-23 10:52:47 0 d-------- C:\Program Files\Skype
2008-06-23 10:52:46 0 d-------- C:\Program Files\SigmaTel
2008-06-23 10:52:40 0 d-------- C:\Program Files\RGB
2008-06-23 10:52:40 0 d-------- C:\Program Files\ReflexiveArcade
2008-06-23 10:52:40 0 d-------- C:\Program Files\QuickTime
2008-06-23 10:52:31 0 d-------- C:\Program Files\Modem Helper
2008-06-23 10:52:30 0 d-------- C:\Program Files\Microsoft Silverlight
2008-06-23 10:50:44 0 d-------- C:\Program Files\microsoft frontpage
2008-06-23 10:50:44 0 d-------- C:\Program Files\Microsoft ActiveSync
2008-06-23 10:50:42 0 d-------- C:\Program Files\JetAudio
2008-06-23 10:50:37 0 d-------- C:\Program Files\Java
2008-06-23 10:50:28 0 d-------- C:\Program Files\Intel
2008-06-23 10:50:26 0 d-------- C:\Program Files\HP
2008-06-23 10:50:14 0 d-------- C:\Program Files\Hewlett-Packard
2008-06-23 10:50:14 0 d-------- C:\Program Files\Google
2008-06-23 10:49:57 0 d-------- C:\Program Files\EnglishOtto
2008-06-23 10:47:48 0 d-------- C:\Program Files\Electronic Arts
2008-06-23 10:47:48 0 d-------- C:\Program Files\directx
2008-06-23 10:47:48 0 d-------- C:\Program Files\DIGStream
2008-06-23 10:47:48 0 d-------- C:\Program Files\DIFX
2008-06-23 10:47:46 0 d-------- C:\Program Files\CyberLink
2008-06-23 10:47:44 0 d-------- C:\Program Files\CONEXANT
2008-06-23 10:47:42 0 d-------- C:\Program Files\Common Files\Sonic Shared
2008-06-23 10:47:42 0 d-------- C:\Program Files\Common Files\Skype
2008-06-23 10:47:42 0 d-------- C:\Program Files\Common Files\ODBC
2008-06-23 10:47:42 0 d-------- C:\Program Files\Common Files\MSSoap
2008-06-23 10:47:37 0 d-------- C:\Program Files\Common Files\Microsoft Games
2008-06-23 10:47:37 0 d-------- C:\Program Files\Common Files\Macrovision Shared
2008-06-23 10:47:37 0 d-------- C:\Program Files\Common Files\Logitech
2008-06-23 10:47:36 0 d-------- C:\Program Files\Common Files\L&H
2008-06-23 10:47:36 0 d-------- C:\Program Files\Common Files\Java
2008-06-23 10:47:36 0 d-------- C:\Program Files\Common Files\InstallShield
2008-06-23 10:47:35 0 d-------- C:\Program Files\Common Files\HP
2008-06-23 10:47:35 0 d-------- C:\Program Files\Common Files\Hewlett-Packard
2008-06-23 10:47:35 0 d-------- C:\Program Files\Common Files\COWON
2008-06-23 10:47:35 0 d-------- C:\Program Files\Common Files\Adobe
2008-06-23 10:47:25 0 d-------- C:\Program Files\Broadcom
2008-06-23 10:47:23 0 d-------- C:\Program Files\BitLord
2008-06-23 10:47:16 0 d-------- C:\Program Files\Auslogics
2008-06-23 10:47:16 0 d-------- C:\Program Files\ATI Technologies
2008-06-23 10:46:55 0 d-------- C:\Program Files\AT&T WorldNet Setup
2008-06-23 10:46:24 0 d-------- C:\Program Files\Activision Value
2008-06-23 10:46:22 0 d-------- C:\Program Files\Activision
2008-06-23 10:46:22 0 d-------- C:\Program Files\7-Zip
2008-06-22 20:49:11 0 d-------- C:\Users\Darrell\AppData\Roaming\Vso
2008-06-22 20:49:11 33 --a------ C:\Users\Darrell\AppData\Roaming\pcouffin.log
2008-06-22 20:49:10 47360 --a------ C:\Users\Darrell\AppData\Roaming\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
2008-06-22 20:49:10 1144 --a------ C:\Users\Darrell\AppData\Roaming\pcouffin.inf
2008-06-22 20:49:10 7887 --a------ C:\Users\Darrell\AppData\Roaming\pcouffin.cat
2008-05-13 10:35:07 29160 --a------ C:\Users\Darrell\AppData\Roaming\GDIPFONTCACHEV1.DAT
2008-05-02 20:09:23 0 d-------- C:\Users\Darrell\AppData\Roaming\Help
2008-04-09 07:53:00 117158 --a------ C:\Windows\hpoins11.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D70B30A4-CE44-4ED4-8962-5A6E49376350}]
C:\Windows\system32\efcAPJbx.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BtHidUi"="C:\Program Files\CSR\Vista Profile Pack\BtHidUi.exe" [11/15/2006 02:16 PM]
"@"="" []
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [02/18/2008 04:29 PM]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [02/13/2007 10:37 AM]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" [02/13/2007 10:38 AM]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [05/16/2008 08:19 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [06/23/2008 03:33 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [11/02/2006 06:45 PM]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" []
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [02/06/2008 06:37 PM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [11/22/2007 07:13 PM]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [12/17/2007 05:13 PM]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [07/28/2004 11:50 AM]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [02/28/2008 05:07 PM]
"BMdf90c999"="C:\Users\Darrell\AppData\Local\Temp\bsjqhset.dll,s" []
"dca3fa05"="C:\Users\Darrell\AppData\Local\Temp\hjkjtiys.dll,b" []

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{500DBD6E-6D95-4106-B9A2-DDDCCB2B30D1}"= C:\Windows\system32\xxyASLCu.dll [ ]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\Windows\system32\efcAPJbx

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum
WudfServiceGroup WUDFSvc
bthsvcs BthServ


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
AutoRun\command- "E:\Install FreeAgent Tools.exe" /run

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dcdbaa1b-91a9-11dc-b4d5-0018de38184e}]
AutoRun\command- "E:\Install FreeAgent Tools.exe" /run


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- End of Deckard's System Scanner: finished at 2008-06-29 23:22:49 ------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft® Windows Vista™ Home Premium (build 6000)
Architecture: X86; Language: English

CPU 0: Intel® Core™2 CPU T7200 @ 2.00GHz
Percentage of Memory in Use: 30%
Physical Memory (total/avail): 3325.85 MiB / 2303.31 MiB
Pagefile Memory (total/avail): 6820.88 MiB / 5842.8 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1914.12 MiB

C: is Fixed (NTFS) - 91.11 GiB total, 14.38 GiB free.
D: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - Hitachi HTS721010G9SA00 - 93.16 GiB - 3 partitions
\PARTITION0 - Unknown - 47.03 MiB
\PARTITION1 (bootable) - Installable File System - 91.11 GiB - C:
\PARTITION2 - Extended w/Extended Int 13 - 2.01 GiB



-- Security Center -------------------------------------------------------------

AUOptions is set to notify before download.
Windows Internal Firewall is enabled.

AV: avast! antivirus 4.8.1201 [VPS 080627-0] v4.8.1201 (ALWIL Software) Disabled
AS: Windows Defender v1.1.1505.0 (Microsoft Corporation)
AS: avast! antivirus 4.8.1201 [VPS 080627-0] v4.8.1201 (ALWIL Software) Disabled

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Documents and Settings\\Darrell\\My Documents\\My Games\\Warcraft III\\Warcraft III.exe"="C:\\Users\\Darrell\\My Documents\\My Games\\Warcraft III\\Warcraft III.exe:*:Enabled:Warcraft III"
"C:\\kav\\kav7\\setup.exe"="C:\\kav\\kav7\\setup.exe:*:Enabled:Kaspersky Anti-Virus 7.0 Setup"
"C:\\kav\\kis\\setup.exe"="C:\\kav\\kis\\setup.exe:*:Enabled:Kaspersky Internet Security 7.0 Setup"
"C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"="C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe:*:Enabled:Call of Duty® 4 - Modern Warfare™"
"C:\\Program Files\\Adobe\\Photoshop Elements 6.0\\AdobePhotoshopElementsMediaServer.exe"="C:\\Program Files\\Adobe\\Photoshop Elements 6.0\\AdobePhotoshopElementsMediaServer.exe:*:Disabled:Adobe Photoshop Elements Media Server"
"C:\\Program Files\\BitLord\\BitLord.exe"="C:\\Program Files\\BitLord\\BitLord.exe:*:Enabled:BitLord"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe:*:Enabled:hposid01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Microsoft Games\\Age of Empires III\\age3y.exe"="C:\\Program Files\\Microsoft Games\\Age of Empires III\\age3y.exe:*:Enabled:Age of Empires III - The Asian Dynasties"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Sierra\\Empire Earth - The Art of Conquest\\EE-AOC.exe"="C:\\Sierra\\Empire Earth - The Art of Conquest\\EE-AOC.exe:*:Enabled:EE-AOC"
"C:\\Sierra\\Empire Earth\\Empire Earth.exe"="C:\\Sierra\\Empire Earth\\Empire Earth.exe:*:Enabled:Empire Earth"
"C:\\WINDOWS\\ehome\\ehshell.exe"="C:\\WINDOWS\\ehome\\ehshell.exe:LocalSubNet:Enabled:Media Center"
"C:\\WINDOWS\\system32\\PnkBstrA.exe"="C:\\WINDOWS\\system32\\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\\WINDOWS\\system32\\PnkBstrB.exe"="C:\\WINDOWS\\system32\\PnkBstrB.exe:*:Enabled:PnkBstrB"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\ProgramData
APPDATA=C:\Users\Darrell\AppData\Roaming
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=DADDY
ComSpec=C:\Windows\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Users\Darrell
LOCALAPPDATA=C:\Users\Darrell\AppData\Local
LOGONSERVER=\\DADDY
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 6, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f06
ProgramData=C:\ProgramData
ProgramFiles=C:\Program Files
PROMPT=$P$G
PUBLIC=C:\Users\Public
QTJAVA=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
SonicCentral=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
SystemDrive=C:
SystemRoot=C:\Windows
TEMP=C:\Users\Darrell\AppData\Local\Temp
TMP=C:\Users\Darrell\AppData\Local\Temp
USERDOMAIN=DADDY
USERNAME=Darrell
USERPROFILE=C:\Users\Darrell
windir=C:\Windows


-- User Profiles ---------------------------------------------------------------

Darrell


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\Windows\UNNeroBackItUp.exe /UNINSTALL
--> C:\Windows\UNNeroMediaHome.exe /UNINSTALL
--> C:\Windows\UNNeroShowTime.exe /UNINSTALL
--> C:\Windows\UNNeroVision.exe /UNINSTALL
--> C:\Windows\UNRecode.exe /UNINSTALL
ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
avast! Antivirus --> C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
ccc-Branding --> MsiExec.exe /I{4F5A53E6-3CBE-44D7-91AD-2E535348484F}
Conexant HDA D110 MDC V.92 Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3\HXFSETUP.EXE -U -IDellHDAz.inf
Dell Premium Remote Control --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{125EB8DD-8316-4559-9951-E969929381BD}\setup.exe" -l0x9 -removeonly
GPL MPEG-1/2 DirectShow Decoder Filter --> MsiExec.exe /I{870815CA-6B60-47B6-88DD-A67F42D2F03E}
LEAD MPEG-4 Video Decoder --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A9E140D0-1363-4949-8249-832281537F9F}\setup.exe" -l0x9 -removeonly
Logitech Audio Echo Cancellation Component --> MsiExec.exe /X{BEF726DD-4037-4214-8C6A-E625C02D2870}
Logitech QuickCam --> MsiExec.exe /X{9932886E-7874-4BA1-A1AA-E61EA5A9352D}
Logitech Video Enumerator --> MsiExec.exe /X{EA516024-D84D-41F1-814F-83175A6188F2}
Logitech® Camera Driver --> "C:\Program Files\Common Files\LogiShrd\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT
Microsoft .NET Framework 1.1 --> msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1 --> MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1 Hotfix (KB929729) --> "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\M929729\M929729Uninstall.msp"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Mozilla Firefox (2.0.0.14) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB941833) --> MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
Nero 8 Ultra Edition HD --> MsiExec.exe /X{BE282C23-5484-47FF-B2C1-EBEA5C891033}
neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Panda ActiveScan 2.0 --> C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe
QuickSet --> MsiExec.exe /I{7F0C4457-8E64-491B-8D7B-991504365D1E}
Roxio Drag-to-Disc --> MsiExec.exe /I{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}
SigmaTel Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x9 -remove -removeonly
User's Guides --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}\setup.exe"
Vista Profile Pack --> MsiExec.exe /X{529ABF8F-1ED2-404D-987D-2DBFCF88C3E6}
Windows Vista Upgrade Advisor --> MsiExec.exe /I{C6AA3FB7-804F-4808-AD91-B62D6ED9B788}


-- Application Event Log -------------------------------------------------------

Event Record #/Type2709 / Error
Event Submitted/Written: 06/29/2008 10:36:53 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application YahooMessenger.exe, version 9.0.0.922, time stamp 0x47671df3, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0xaf8cba71,
process id 0x490, application start time 0xYahooMessenger.exe0.

Event Record #/Type2708 / Error
Event Submitted/Written: 06/29/2008 09:23:51 PM
Event ID/Source: 1033 / Microsoft-Windows-SpoolerSpoolss
Event Description:
0x80070006

Event Record #/Type2704 / Error
Event Submitted/Written: 06/29/2008 09:20:50 PM
Event ID/Source: 1033 / Microsoft-Windows-SpoolerSpoolss
Event Description:
0x80070006

Event Record #/Type2699 / Error
Event Submitted/Written: 06/29/2008 09:18:12 PM
Event ID/Source: 11706 / MsiInstaller
Event Description:
Product: Sonic Update Manager -- Error 1706. An installation package for the product Sonic Update Manager cannot be found. Try the installation again using a valid copy of the installation package 'UM.MSI'.

Event Record #/Type2692 / Success
Event Submitted/Written: 06/29/2008 09:17:38 PM
Event ID/Source: 5617 / WinMgmt
Event Description:
Windows Management Instrumentation Service subsystems initialized successfully



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type128721 / Warning
Event Submitted/Written: 06/29/2008 09:36:16 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type128711 / Warning
Event Submitted/Written: 06/29/2008 09:27:06 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type128704 / Error
Event Submitted/Written: 06/29/2008 09:23:51 PM
Event ID/Source: 7034 / Service Control Manager
Event Description:
The Print Spooler service terminated unexpectedly. It has done this 3 time(s).

Event Record #/Type128700 / Warning
Event Submitted/Written: 06/29/2008 09:20:59 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type128699 / Error
Event Submitted/Written: 06/29/2008 09:20:51 PM
Event ID/Source: 7031 / Service Control Manager
Event Description:
The Print Spooler service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.



-- End of Deckard's System Scanner: finished at 2008-06-29 23:22:49 ------------

BC AdBot (Login to Remove)

 


#2 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:01:18 AM

Posted 29 June 2008 - 08:59 PM

Hello Crewdawg77,

Welcome to Bleeping Computer :thumbsup:

This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.

1. Download this file - combofix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply please, along with a new HijackThis log.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#3 Crewdawg77

Crewdawg77
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:18 PM

Posted 30 June 2008 - 12:27 AM

Thank you Teacup for the Speedy reply! Ive followed your post, however I must be doing something wrong :thumbsup: I Got the CF from the BC linik, saveit to my desktop. Then double clicked it a green running comes up saying combofix and then nothing else happens, no promts or anything. I even restarted tryed agian and sat and waited and hour or so and nothing happened. Forgive my Ignornace LOL Ive never used such a program and with the BIG warning I saw on your post I didnt want to go and push my luck and mess something up. So I'll just wait for your next post to tell me what I am doing wrong before I attempt again.

Thank you so much for your patience!

#4 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:01:18 AM

Posted 30 June 2008 - 10:16 AM

Hello,

Might seem like a silly question....but did you run it as Administrator? Vista is funny about that type of thing. :thumbsup:
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#5 Crewdawg77

Crewdawg77
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:18 PM

Posted 30 June 2008 - 11:00 PM

Yup tried it as Admin as well. Ive tried doing everything I can think of LOL (which probably isn't that many things) and am seriously missing something here *Slaps Head* Vista hates me LOL :)

I shut all avast and windows defender. I turned off the UAC. I tried as the admin and just plain old running it. I tried doing these different things in different combos.

All it does no matter how I try is the green running strat for combofix goes then all the icons on my desktop kinda blink and thats it :)

Kicks Self LOL I need help :thumbsup:

#6 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:01:18 AM

Posted 30 June 2008 - 11:32 PM

Hello,

Stop blaming yourself. :) It happens, and there is more than one way to go about this. :thumbsup: We'll just try something different.

Please download Malwarebytes' Anti-Malware from one of these places:
http://www.majorgeeks.com/Malwarebytes_Ant...ware_d5756.html
http://www.besttechie.net/tools/mbam-setup.exe

Double Click mbam-setup.exe to install the application.

* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select "Perform Quick Scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy&Paste the entire report in your next reply along with a fresh HijackThis log.


Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#7 Crewdawg77

Crewdawg77
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:18 PM

Posted 30 June 2008 - 11:56 PM

Malwarebytes' Anti-Malware 1.19
Database version: 910
Windows 6.0.6000

1:55:27 PM 7/1/2008
mbam-log-7-1-2008 (13-55-27).txt

Scan type: Quick Scan
Objects scanned: 36859
Time elapsed: 2 minute(s), 51 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 32
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\bhonew.bhoapp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\bhonew.bhoapp.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2ff811e6-8925-4084-a649-c159955e67e8} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{4937d5d1-2039-409a-bd83-fec9b39b2356} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{caf9d798-c659-4b9b-8e19-ee27c3d04ee7} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{15c7d7ad-a87a-4c0d-9d8b-637fcd3488ef} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.iebutton (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.iebutton.1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c9ccbb35-d123-4a31-affc-9b2933132116} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.hbinfoband (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.hbinfoband.1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a7cddcdc-beeb-4685-a062-978f5e07ceee} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{a7cddcdc-beeb-4685-a062-978f5e07ceee} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.iebuttona (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.iebuttona.1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a16ad1e9-f69a-45af-9462-b1c286708842} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.hbax (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.hbax.1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{20ea9658-6bc3-4599-a87d-6371fe9295fc} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.rprtctrl (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.rprtctrl.1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{8ad9ad05-36be-4e40-ba62-5422eb0d02fb} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{aebf09e2-0c15-43c8-99bf-928c645d98a0} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{d8560ac2-21b5-4c1a-bdd4-bd12bc83b082} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{cdca70d8-c6a6-49ee-9bed-7429d6c477a2} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d136987f-e1c4-4ccc-a220-893df03ec5df} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{e343edfc-1e6c-4cb5-aa29-e9c922641c80} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\dca3fa05 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BMdf90c999 (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Users\Darrell\Local Settings\Temporary Internet Files\Content.IE5\ZB8MG0AE\kb456456[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\scui.cpl (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Windows\System32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.

#8 Crewdawg77

Crewdawg77
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:18 PM

Posted 01 July 2008 - 12:00 AM

Deckard's System Scanner v20071014.68
Run by Darrell on 2008-07-01 13:57:10
Computer is in Normal Mode.
--------------------------------------------------------------------------------

System Drive C: has 8.79 GiB (less than 15%) free.


-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-07-01 13:58:34
Platform: Windows Vista (6.00.6000)
MSIE: Internet Explorer (7.00.6000.16386)
Boot mode: Normal

Running processes:
C:\Windows\System32\taskeng.exe
C:\Windows\System32\dwm.exe
C:\Windows\explorer.exe
C:\Program Files\CSR\Vista Profile Pack\BtHidUi.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\ctfmon.exe
C:\Program Files\CSR\Vista Profile Pack\HidSw.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
C:\DELL\Utilities\Dell Premium Remote Control\WMPControllerServer.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
C:\Windows\System32\wuauclt.exe
C:\Users\Darrell\Desktop\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rlslog.net/category/movies/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {D70B30A4-CE44-4ED4-8962-5A6E49376350} - C:\Windows\system32\efcAPJbx.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar2.dll
O4 - HKLM\..\Run: [BtHidUi] C:\Program Files\CSR\Vista Profile Pack\BtHidUi.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'NETWORK SERVICE')
O4 - Startup: CCC.lnk = C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: QuickSet.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\network diagnostic\xpnetdiag.exe
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\microsoft shared\Web Folders\PKMCDO.DLL
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\MSITSS.DLL
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\microsoft shared\Web Components\10\OWC10.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\System32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bluetooth Feature Support (BthFilterHelper) - CSR, plc - C:\Program Files\CSR\Vista Profile Pack\BthFilterHelper.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Nero BackItUp Scheduler 3 - Unknown owner - C:\Program Files\Nero\Nero8\Nero
O23 - Service: Dell Internal Network Card Power Management (NICCONFIGSVC) - Dell Inc. - C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\System32\IoctlSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\Windows\System32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\System32\PnkBstrA.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\System32\stacsv.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Unknown owner - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O23 - Service: WMPControllerService - Dell, Inc - C:\DELL\Utilities\Dell Premium Remote Control\WMPControllerService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\System32\drivers\XAudio.exe


--
End of file - 9559 bytes

-- Files created between 2008-06-01 and 2008-07-01 -----------------------------

2008-07-01 13:38:10 0 d-------- C:\Users\All Users\Malwarebytes
2008-07-01 13:38:09 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-30 12:33:33 0 d-------- C:\327882R2FWJFW
2008-06-30 12:20:36 0 d-------- C:\Program Files\Gradkell Systems, Inc
2008-06-27 18:22:53 0 d-------- C:\Program Files\Alwil Software
2008-06-27 16:38:17 171136 -rahs---- C:\grldr
2008-06-25 20:12:06 0 d-------- C:\Users\All Users\Logishrd
2008-06-25 20:12:03 0 d-------- C:\Users\All Users\Logitech
2008-06-25 20:12:00 0 d-------- C:\Program Files\Common Files\LogiShrd
2008-06-24 20:05:42 0 d-------- C:\Program Files\Nero
2008-06-24 20:05:41 0 d-------- C:\Users\All Users\Nero
2008-06-24 20:05:41 0 d-------- C:\Program Files\Common Files\Nero
2008-06-24 20:02:10 1199 --ahs---- C:\Windows\system32\xbJPAcfe.ini2
2008-06-24 19:21:21 0 d-------- C:\Users\All Users\Dell
2008-06-24 03:31:45 0 d-------- C:\Windows\Panther
2008-06-23 22:57:43 0 d-------- C:\Users\Darrell\{1a682cec-35e8-476b-a420-b9105b1446ba}
2008-06-23 22:57:39 43520 --a------ C:\Windows\system32\drivers\rimsptsk.sys <Not Verified; REDC; Ricoh Memorystick Controller>
2008-06-23 20:35:37 65536 --a------ C:\Windows\system32\ltserial.dll
2008-06-23 19:24:52 81920 --a------ C:\Windows\system32\viscomwave.dll <Not Verified; Viscom Software; >
2008-06-23 19:24:51 323584 --a------ C:\Windows\system32\FoxImager.dll
2008-06-23 19:24:44 0 d-------- C:\Users\All Users\TEMP
2008-06-23 17:01:12 0 d-------- C:\Program Files\CSR
2008-06-23 15:35:08 0 d-------- C:\temp
2008-06-23 14:39:01 1660 --a------ C:\Windows\bthservsdp.dat
2008-06-23 12:51:19 0 d-------- C:\Users\All Users\Kaspersky Lab Setup Files
2008-06-23 12:10:53 0 d-------- C:\Users\All Users\Kaspersky Lab
2008-06-23 11:49:33 0 d-------- C:\Program Files\ATI
2008-06-23 11:23:01 32 --a------ C:\Users\All Users\ezsid.dat
2008-06-23 11:21:54 0 dr------- C:\Users\Darrell\Searches
2008-06-23 11:21:45 0 dr------- C:\Users\Darrell\Contacts
2008-06-23 11:08:38 33460 --a------ C:\Windows\system32\emptyregdb.dat
2008-06-23 10:43:31 0 dr------- C:\Users\Darrell\Videos
2008-06-23 10:43:31 0 d--hs---- C:\Users\Darrell\Templates
2008-06-23 10:43:31 0 d--hs---- C:\Users\Darrell\Start Menu
2008-06-23 10:43:31 0 d--hs---- C:\Users\Darrell\SendTo
2008-06-23 10:43:31 0 dr------- C:\Users\Darrell\Saved Games
2008-06-23 10:43:31 0 d--hs---- C:\Users\Darrell\Recent
2008-06-23 10:43:31 0 d--h----- C:\Users\Darrell\PrintHood
2008-06-23 10:43:31 0 dr------- C:\Users\Darrell\Pictures
2008-06-23 10:43:31 2621440 --ahs---- C:\Users\Darrell\NTUSER.DAT
2008-06-23 10:43:31 0 d--hs---- C:\Users\Darrell\NetHood
2008-06-23 10:43:31 0 d--hs---- C:\Users\Darrell\My Documents
2008-06-23 10:43:31 0 dr------- C:\Users\Darrell\Music
2008-06-23 10:43:31 0 d--h----- C:\Users\Darrell\Local Settings
2008-06-23 10:43:31 0 dr------- C:\Users\Darrell\Links
2008-06-23 10:43:31 0 dr------- C:\Users\Darrell\Favorites
2008-06-23 10:43:31 0 dr------- C:\Users\Darrell\Downloads
2008-06-23 10:43:31 0 dr------- C:\Users\Darrell\Documents
2008-06-23 10:43:31 0 dr------- C:\Users\Darrell\Desktop
2008-06-23 10:43:31 0 d--hs---- C:\Users\Darrell\Cookies
2008-06-23 10:43:31 0 d--hs---- C:\Users\Darrell\Application Data
2008-06-23 10:43:31 0 d--h----- C:\Users\Darrell\AppData
2008-06-23 10:42:19 0 d-------- C:\Windows\system32\URTTEMP
2008-06-23 10:42:07 0 d--hs---- C:\Windows\Installer
2008-06-23 10:38:00 0 d-------- C:\Windows\Debug
2008-06-23 10:33:14 0 d-------- C:\Windows\Prefetch
2008-06-23 10:11:05 0 d--hs---- C:\Boot
2008-06-22 22:43:23 0 d-------- C:\Users\All Users\Microsoft Corporation
2008-06-22 22:43:04 0 d-------- C:\Program Files\Microsoft Windows Vista Upgrade Advisor
2008-06-22 22:38:55 0 d-------- C:\doctemp
2008-06-22 20:31:03 0 d-------- C:\kav
2008-06-22 18:54:59 0 d-------- C:\Users\All Users\1Click DVD Copy Pro
2008-06-22 18:54:16 47360 --a------ C:\Windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
2008-06-15 21:05:48 2682880 --a------ C:\Windows\system32\vcredist_x86.exe <Not Verified; Microsoft Corporation; Microsoft Visual C++ 2005 Redistributable>
2008-06-15 21:05:48 416 --a------ C:\Windows\system32\vcredist_x86.bat
2008-06-15 21:05:44 94208 --a------ C:\Windows\system32\GTW32N50.dll
2008-06-15 21:05:44 15872 --a------ C:\Windows\system32\GTNDIS5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); >


-- Find3M Report ---------------------------------------------------------------

2008-07-01 13:38:12 0 d-------- C:\Users\Darrell\AppData\Roaming\Malwarebytes
2008-07-01 12:44:12 0 d-------- C:\Users\Darrell\AppData\Roaming\Skype
2008-07-01 09:43:14 0 d-------- C:\Users\Darrell\AppData\Roaming\skypePM
2008-06-30 12:20:35 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-25 22:17:26 0 d-------- C:\Program Files\Microsoft Games
2008-06-25 22:11:56 0 d-------- C:\Program Files\Common Files
2008-06-25 20:12:00 0 d-------- C:\Program Files\Logitech
2008-06-24 20:10:35 0 d-------- C:\Users\Darrell\AppData\Roaming\Nero
2008-06-24 19:41:33 0 d-------- C:\Program Files\Roxio
2008-06-23 17:01:12 0 d-------- C:\Users\Darrell\AppData\Roaming\CSR
2008-06-23 16:07:37 174 --ahs---- C:\Program Files\desktop.ini
2008-06-23 16:02:00 0 d-------- C:\Program Files\Windows Calendar
2008-06-23 16:01:56 0 d-------- C:\Program Files\Windows Mail
2008-06-23 16:01:49 0 d-------- C:\Program Files\Windows Defender
2008-06-23 16:01:39 0 d-------- C:\Program Files\Windows Sidebar
2008-06-23 14:53:32 0 d-------- C:\Program Files\Dell
2008-06-23 11:01:04 0 d-------- C:\Users\Darrell\AppData\Roaming\Yahoo!
2008-06-23 11:01:04 0 d-------- C:\Users\Darrell\AppData\Roaming\Talkback
2008-06-23 11:01:03 0 d-------- C:\Users\Darrell\AppData\Roaming\Sun
2008-06-23 11:01:03 0 d-------- C:\Users\Darrell\AppData\Roaming\Sonic
2008-06-23 11:01:02 0 dr-h----- C:\Users\Darrell\AppData\Roaming\SecuROM
2008-06-23 11:01:02 0 d-------- C:\Users\Darrell\AppData\Roaming\PC Suite
2008-06-23 11:01:02 0 d-------- C:\Users\Darrell\AppData\Roaming\Nokia
2008-06-23 11:01:02 0 d-------- C:\Users\Darrell\AppData\Roaming\Nokia Multimedia Player
2008-06-23 11:01:02 0 d-------- C:\Users\Darrell\AppData\Roaming\Mozilla
2008-06-23 11:01:00 0 d-------- C:\Users\Darrell\AppData\Roaming\Macromedia
2008-06-23 11:01:00 0 d-------- C:\Users\Darrell\AppData\Roaming\LimeWire
2008-06-23 11:01:00 0 d-------- C:\Users\Darrell\AppData\Roaming\Leadertech
2008-06-23 11:00:59 0 d-------- C:\Users\Darrell\AppData\Roaming\Intel
2008-06-23 11:00:59 0 d-------- C:\Users\Darrell\AppData\Roaming\InstallShield
2008-06-23 11:00:59 0 d-------- C:\Users\Darrell\AppData\Roaming\Identities
2008-06-23 11:00:59 0 d-------- C:\Users\Darrell\AppData\Roaming\HP
2008-06-23 11:00:59 0 d-------- C:\Users\Darrell\AppData\Roaming\gtk-2.0
2008-06-23 11:00:59 0 d-------- C:\Users\Darrell\AppData\Roaming\Google
2008-06-23 11:00:59 0 d-------- C:\Users\Darrell\AppData\Roaming\DAEMON Tools
2008-06-23 11:00:59 0 d-------- C:\Users\Darrell\AppData\Roaming\CyberLink
2008-06-23 11:00:59 0 d-------- C:\Users\Darrell\AppData\Roaming\COWON
2008-06-23 11:00:59 0 d-------- C:\Users\Darrell\AppData\Roaming\Auslogics
2008-06-23 11:00:59 0 d-------- C:\Users\Darrell\AppData\Roaming\ATI
2008-06-23 11:00:59 0 d-------- C:\Users\Darrell\AppData\Roaming\Apple Computer
2008-06-23 11:00:59 0 d-------- C:\Users\Darrell\AppData\Roaming\Adobe
2008-06-23 10:53:12 0 d-------- C:\Program Files\Yahoo!
2008-06-23 10:53:05 0 d-------- C:\Program Files\Windows Plus
2008-06-23 10:52:47 0 d-------- C:\Program Files\Skype
2008-06-23 10:52:46 0 d-------- C:\Program Files\SigmaTel
2008-06-23 10:52:40 0 d-------- C:\Program Files\RGB
2008-06-23 10:52:40 0 d-------- C:\Program Files\ReflexiveArcade
2008-06-23 10:52:40 0 d-------- C:\Program Files\QuickTime
2008-06-23 10:52:31 0 d-------- C:\Program Files\Modem Helper
2008-06-23 10:52:30 0 d-------- C:\Program Files\Microsoft Silverlight
2008-06-23 10:50:44 0 d-------- C:\Program Files\microsoft frontpage
2008-06-23 10:50:44 0 d-------- C:\Program Files\Microsoft ActiveSync
2008-06-23 10:50:42 0 d-------- C:\Program Files\JetAudio
2008-06-23 10:50:37 0 d-------- C:\Program Files\Java
2008-06-23 10:50:28 0 d-------- C:\Program Files\Intel
2008-06-23 10:50:26 0 d-------- C:\Program Files\HP
2008-06-23 10:50:14 0 d-------- C:\Program Files\Hewlett-Packard
2008-06-23 10:50:14 0 d-------- C:\Program Files\Google
2008-06-23 10:49:57 0 d-------- C:\Program Files\EnglishOtto
2008-06-23 10:47:48 0 d-------- C:\Program Files\Electronic Arts
2008-06-23 10:47:48 0 d-------- C:\Program Files\directx
2008-06-23 10:47:48 0 d-------- C:\Program Files\DIGStream
2008-06-23 10:47:48 0 d-------- C:\Program Files\DIFX
2008-06-23 10:47:46 0 d-------- C:\Program Files\CyberLink
2008-06-23 10:47:44 0 d-------- C:\Program Files\CONEXANT
2008-06-23 10:47:42 0 d-------- C:\Program Files\Common Files\Sonic Shared
2008-06-23 10:47:42 0 d-------- C:\Program Files\Common Files\Skype
2008-06-23 10:47:42 0 d-------- C:\Program Files\Common Files\ODBC
2008-06-23 10:47:42 0 d-------- C:\Program Files\Common Files\MSSoap
2008-06-23 10:47:37 0 d-------- C:\Program Files\Common Files\Microsoft Games
2008-06-23 10:47:37 0 d-------- C:\Program Files\Common Files\Macrovision Shared
2008-06-23 10:47:37 0 d-------- C:\Program Files\Common Files\Logitech
2008-06-23 10:47:36 0 d-------- C:\Program Files\Common Files\L&H
2008-06-23 10:47:36 0 d-------- C:\Program Files\Common Files\Java
2008-06-23 10:47:36 0 d-------- C:\Program Files\Common Files\InstallShield
2008-06-23 10:47:35 0 d-------- C:\Program Files\Common Files\HP
2008-06-23 10:47:35 0 d-------- C:\Program Files\Common Files\Hewlett-Packard
2008-06-23 10:47:35 0 d-------- C:\Program Files\Common Files\COWON
2008-06-23 10:47:35 0 d-------- C:\Program Files\Common Files\Adobe
2008-06-23 10:47:25 0 d-------- C:\Program Files\Broadcom
2008-06-23 10:47:23 0 d-------- C:\Program Files\BitLord
2008-06-23 10:47:16 0 d-------- C:\Program Files\Auslogics
2008-06-23 10:47:16 0 d-------- C:\Program Files\ATI Technologies
2008-06-23 10:46:55 0 d-------- C:\Program Files\AT&T WorldNet Setup
2008-06-23 10:46:24 0 d-------- C:\Program Files\Activision Value
2008-06-23 10:46:22 0 d-------- C:\Program Files\Activision
2008-06-23 10:46:22 0 d-------- C:\Program Files\7-Zip
2008-06-22 20:49:11 0 d-------- C:\Users\Darrell\AppData\Roaming\Vso
2008-06-22 20:49:11 33 --a------ C:\Users\Darrell\AppData\Roaming\pcouffin.log
2008-06-22 20:49:10 47360 --a------ C:\Users\Darrell\AppData\Roaming\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
2008-06-22 20:49:10 1144 --a------ C:\Users\Darrell\AppData\Roaming\pcouffin.inf
2008-06-22 20:49:10 7887 --a------ C:\Users\Darrell\AppData\Roaming\pcouffin.cat
2008-05-13 10:35:07 29160 --a------ C:\Users\Darrell\AppData\Roaming\GDIPFONTCACHEV1.DAT
2008-05-02 20:09:23 0 d-------- C:\Users\Darrell\AppData\Roaming\Help
2008-04-09 07:53:00 117158 --a------ C:\Windows\hpoins11.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D70B30A4-CE44-4ED4-8962-5A6E49376350}]
C:\Windows\system32\efcAPJbx.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BtHidUi"="C:\Program Files\CSR\Vista Profile Pack\BtHidUi.exe" [11/15/2006 02:16 PM]
"@"="" []
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [02/18/2008 04:29 PM]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [02/13/2007 10:37 AM]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" [02/13/2007 10:38 AM]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [05/16/2008 08:19 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [06/23/2008 03:33 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [11/02/2006 06:45 PM]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" []
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [02/06/2008 06:37 PM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [11/22/2007 07:13 PM]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [12/17/2007 05:13 PM]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [07/28/2004 11:50 AM]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [02/28/2008 05:07 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{500DBD6E-6D95-4106-B9A2-DDDCCB2B30D1}"= C:\Windows\system32\xxyASLCu.dll [ ]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\Windows\system32\efcAPJbx

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum
WudfServiceGroup WUDFSvc
bthsvcs BthServ


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
AutoRun\command- "E:\Install FreeAgent Tools.exe" /run

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dcdbaa1b-91a9-11dc-b4d5-0018de38184e}]
AutoRun\command- "E:\Install FreeAgent Tools.exe" /run


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- End of Deckard's System Scanner: finished at 2008-07-01 13:59:01 ------------

#9 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:01:18 AM

Posted 01 July 2008 - 12:21 AM

Hello,

Much better. :thumbsup: How is it running?

Please run HijackThis! and click "Scan." Place checks next to the following entries, if present:

O2 - BHO: (no name) - {D70B30A4-CE44-4ED4-8962-5A6E49376350} - C:\Windows\system32\efcAPJbx.dll (file missing)

Close all browsers and other windows except for HijackThis!, and click "Fix checked".

Please download ATF Cleaner by Atribune.Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.


Navigate (using Internet Explorer only, other browsers won't work) to the following site: http://www.kaspersky.com/virusscanner

Click the "Kaspersky Online Scanner" button (NOT "Kaspersky File Scanner").

* In the new window that opens, click the "Accept" button to accept the user agreement, install the ActiveX control, and download the program.
* When you get the Windows dialog asking if you want to install this software, click the "Install" button.
* The scanner will download the latest definition files. When the "Update progress" line changes to "Ready" and the "NEXT ->" button lights up with a green arrow, click it.
* Click on the "Scan Settings" button, and in the next window select the "extended" database, and click Ok.
* Under "Please select a target to scan:", click My Computer to start the scan.

When the scan is finished, click the "Save as Text" button, and save the file as kavscan.txt to your Desktop. Close the Kaspersky On-line Scanner window. If it finds anything, please post the report it gives you.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#10 Crewdawg77

Crewdawg77
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:18 PM

Posted 07 July 2008 - 02:11 AM

Sorry its taken me so long to reply, work has taken me away from the computer recently. I have followed all the steps up to the Kaspersky Online Scanner which I started but froze up[ my computer. I will be doing that agian now and when its done Ill be posting the logs. Once agian THANK YOU so very much for your help and I appreciate you taking the time for me! Ill be posting agian soon.

#11 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:01:18 AM

Posted 07 July 2008 - 09:36 AM

Hello,

Not a problem. Sometimes real life just happens huh? :thumbsup: Thanks for letting me know, and post when you're ready. :)

Regards,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#12 Crewdawg77

Crewdawg77
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:18 PM

Posted 07 July 2008 - 08:14 PM

OH man :thumbsup: LOL ok Ive done the Kscan 2 times now and I save the report to the desktop with the stated file name, but it never shows up on my desktop :) Am I doing something wrong...It really shouldnt be this difficult ha ha ha. I am wondering if its the whole admin thing agian? Ive still got the results window pulled up, so if there is anyother way to get you the info please let me know.

#13 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:01:18 AM

Posted 07 July 2008 - 08:34 PM

Can you copy and paste them?
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#14 Crewdawg77

Crewdawg77
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:18 PM

Posted 07 July 2008 - 08:45 PM

No :thumbsup: It also just closed on me. I tryed clicking on one of the infected results and my popup blocler wasnt allowing it, so i clicked to allow popups and it reset the window grrrrr LOL Do you want me to run it agian? there was a large amount of items i think 32

#15 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:01:18 AM

Posted 07 July 2008 - 08:51 PM

Try it one more time, and if it doesn't work we can do something else. :thumbsup:
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users