Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Could Be Some New Strand Of Fubar Malware.... Or Not


  • This topic is locked This topic is locked
2 replies to this topic

#1 camarostylin

camarostylin

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:12:37 AM

Posted 16 July 2008 - 05:35 PM

so for some time now i've been dealing with what's obviously spyware or adware or something on this computer that i got from my bother-in-law. it's a 2.4 ghz computer but it runs like my old green screen half the time. Whatever combination of infections have taken over this computer has left me with very limited functionality. I have tried many kinds of adware and spyware removers, but the ones that i've tried by recommendations lately i havnt even been able to install because my install shield was taken down long ago, i'm missing a hand full of .dlls i believe, and when i tried to install stopzilla the final stage of installation informed me that my grpconv (i think that was the file) is missing and the installation will not complete.

my biggest symptom is that whatever is running in the background will launch internet explorer and use it to either give me a stupid number of pop ups, or bring up the huge full screen of "porn tube" while im away from my computer, or possibly the worst, is that my computer will randomly start playing commercials or sound clips that i've never heard before (except this one LG commercial that i saw on tv, the song is awful). ctrl+alt+delete will bring up the active list and i can force quit iexplorer (even if there are no windows in my desktop for iexplorer) and the sounds will immediately stop and the computer speeds back up for a while until the system launches again, which doesnt take long. It's a true RAM hog, i've seen the program runnin in the background and taking up over 100MB or RAM before!! and this is only a 256 mb system.

so what i'd like to do is flash the whole drive and start from scratch, but the first problem with that is nobody has the windows xp disk for this computer, and i really dont have the money to go buy one. secondly, I've never done such a thing on a newer OS that doesnt base itself off of DOS, so im a little scared of that.

I'm hoping that you guys can find something in these logs that will allow me to at least use my computer without having giant wangs and small asian women popping up on my computer with my comcast tech guy or mother in the room, if not i guess ill have to spend some cash. I tried launching the kaspersky scanner but i need to update my java to do so, and when i tried that i got more windows installer error messages :thumbsup: please help!!

Deckard's System Scanner v20071014.68
Run by George on 2008-07-16 18:14:27
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Failed to create restore point; System Restore is disabled (service is not running).


-- Last 5 Restore Point(s) --
98: 2008-07-16 05:49:18 UTC - RP967 - System Checkpoint
97: 2008-07-15 04:49:29 UTC - RP966 - System Checkpoint
96: 2008-07-14 04:46:18 UTC - RP965 - Agnitum Outpost Antivirus Pro Restore Point: install
95: 2008-07-14 02:49:21 UTC - RP964 - System Checkpoint
94: 2008-07-13 01:49:34 UTC - RP963 - System Checkpoint


-- First Restore Point --
1: 2008-04-18 07:00:30 UTC - RP870 - Software Distribution Service 3.0


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 248 MiB (512 MiB recommended).


-- HijackThis (run as George.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:19:20 PM, on 7/16/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\COMPAQ\RF Wheel Mouse and Keyboard\Keyboard.exe
C:\Program Files\COMPAQ\RF Wheel Mouse and Keyboard\openusbkbd.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\temporary use\Program Files\deckards scanner\dss.exe
C:\TEMPOR~1\PROGRA~1\HIGHJA~1\George.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.bearshare.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.vcu.org
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.netscape.com/home/winsearch200.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.netscape.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://keyword.netscape.com/keyword/%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Online@VCU
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - (no file)
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)
O2 - BHO: Aero skin - {FFFFFFFF-85A3-452b-B7A8-759AD9B42162} - swin32.dll (file missing)
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll
O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL
O4 - HKLM\..\Run: [Gnetmous] C:\Program Files\COMPAQ\RF Wheel Mouse and Keyboard\gnetmous.exe
O4 - HKLM\..\Run: [Gkeybd] C:\Program Files\COMPAQ\RF Wheel Mouse and Keyboard\Keyboard.exe
O4 - HKLM\..\Run: [EPSON Stylus CX5400] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE /P19 "EPSON Stylus CX5400" /O5 "LPT1:" /M "Stylus CX5400"
O4 - HKLM\..\Run: [\\Unitek\EPSON CX5400] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE /P21 "\\Unitek\EPSON CX5400" /O21 "\\Unitek\EPSON CX5400" /M "Stylus CX5400"
O4 - HKLM\..\Run: [Auto EPSON Stylus CX5400 on RUTH] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE /P32 "Auto EPSON Stylus CX5400 on RUTH" /O20 "\\RUTH\Stylus CX5400" /M "Stylus CX5400"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [ViewpointPhotosDeviceConnect] C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\FotomatDeviceConnect.exe
O4 - HKLM\..\Run: [OutpostMonitor] "C:\temporary use\Program Files\Outpost Antivirus\op_mon.exe" /tray /noservice
O4 - HKLM\..\Run: [OutpostFeedBack] "C:\temporary use\Program Files\Outpost Antivirus\feedback.exe" /dump:os_startup
O4 - HKCU\..\Run: [BPS Spyware Remover] C:\temporary use\Program Files\BPS Remover\BPSRem.exe /STARTUP
O4 - HKCU\..\Run: [Performance Center] C:\Program Files\Ascentive\Performance Center\APCMain.exe -m
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: NETGEAR WG111T Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111T Configuration Utility\wlan111t.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.vcu.org
O16 - DPF: {343CE214-9998-4B21-A151-FFE970167297} - http://xscanner.spyshredderscanner.com/setup/webinst.cab
O16 - DPF: {42D06124-98A2-47EC-8098-3778B58CE7D5} (SupportSoft External Control) - http://connect.comcast.com/dl/Comcast%20Ac...%20Controls.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {7D5DD829-6C90-42C5-B54C-2AFA82F988BA} - http://www.antivirusxp2008.com/tools/virusremover.dll
O16 - DPF: {B4A78D29-52B1-4A7B-BAC0-1471BEDF9836} - http://xscanner.shredderscan.com/setup/webinst.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - AppInit_DLLs: c:\tempor~1\progra~1\outpos~1\wl_hook.dll
O21 - SSODL: DriveBoot - {98bf30a6-29ee-4586-99a8-d1b5f11822e9} - C:\WINDOWS\Installer\{98bf30a6-29ee-4586-99a8-d1b5f11822e9}\DriveBoot.dll
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Intel Corporation - (no file)
O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Lexar SG20 (LxrSG20s) - Unknown owner - LxrSG20s.exe (file missing)
O23 - Service: MACCATSRV - Wrenchead, Inc.. - C:\temporary use\Program Files\Wincat\Program\MACCATSRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: SAVScan - Agnitum Ltd. - (no file)
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 8059 bytes

-- File Associations -----------------------------------------------------------

.bat - batfile - shell\edit\command - unable to read value
.cmd - cmdfile - shell\edit\command - unable to read value
.chm - chm.file - DefaultIcon - unable to read value
.chm - chm.file - shell\open\command - unable to read value
.inf - inffile - shell\open\command - unable to read value
.ini - inifile - shell\open\command - notepad.exe %1
.reg - regfile - DefaultIcon - unable to read value
.reg - regfile - shell\edit\command - unable to read value
.txt - txtfile - shell\open\command - notepad.exe %1
.vbs - VBSFile - shell\edit\command - unable to read value


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 BsStor (InCD Storage Helper Driver) - c:\windows\system32\drivers\bsstor.sys <Not Verified; B.H.A Co.,Ltd.; >
R2 MDC8021X (AEGIS Protocol (IEEE 802.1x) v2.3.1.10) - c:\windows\system32\drivers\mdc8021x.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 2.3.1.10>
R3 genmcmn (Scroll Mouse Driver) - c:\windows\system32\drivers\gmfiltr.sys <Not Verified; KYE Systems Corp.; Scroll Mouse Driver>

S3 AR5523 (NETGEAR WG111T USB2.0 Wireless Card Service) - c:\windows\system32\drivers\wg11tnd5.sys <Not Verified; NETGEAR, Inc.; NETGEAR WG111T 108Mbps Wireless USB2.0 Adapter>
S3 ATHFMWDL (NETGEAR WG111T Bootloader driver) - c:\windows\system32\drivers\athfmwdl.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>
S3 Avgfwdx - c:\windows\system32\drivers\avgfwdx.sys <Not Verified; AVG Technologies CZ, s.r.o.; AVG Internet Security>
S3 Avgfwfd (AVG network filter service) - c:\windows\system32\drivers\avgfwdx.sys <Not Verified; AVG Technologies CZ, s.r.o.; AVG Internet Security>
S3 DCamUSBSQTECH (Dual-Mode DSC(2770)) - c:\windows\system32\drivers\sqcaptur.sys <Not Verified; Service & Quality Technology.; SQ913>
S3 DNINDIS5 (DNINDIS5 NDIS Protocol Driver) - c:\windows\system32\dnindis5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
S3 LxrSG20d - c:\windows\system32\drivers\lxrsg20d.sys
S3 VBEngNT - c:\windows\system32\drivers\vbengnt.sys <Not Verified; VirusBuster Kft.; VirusBuster Engine SYS for Windows NT/2000/XP>
S3 XTrapD12 - c:\windows\system32\xtrapd12.sys (file missing)
S4 BsUDF (InCD UDF Driver) - c:\windows\system32\drivers\bsudf.sys <Not Verified; ahead software; UDF File System Driver (WindowsXP)>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S2 AdobeActiveFileMonitor (Adobe Active File Monitor) - c:\program files\adobe\photoshop elements 3.0\photoshopelementsfileagent.exe
S2 MACCATSRV - c:\temporary use\program files\wincat\program\maccatsrv.exe <Not Verified; Wrenchead, Inc..; MACCATSRV Part Catalog Server>
S2 PhotoshopElementsDeviceConnect (Photoshop Elements Device Connect) - c:\program files\adobe\photoshop elements 3.0\photoshopelementsdeviceconnect.exe
S2 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager>
S3 LxrSG20s (Lexar SG20) - lxrsg20s.exe (file missing)


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E96F-E325-11CE-BFC1-08002BE10318}
Description: PS/2 Scroll Mouse
Device ID: ACPI\PNP0F13\4&2A083901&0
Manufacturer: KYE
Name: PS/2 Scroll Mouse
PNP Device ID: ACPI\PNP0F13\4&2A083901&0
Service: i8042prt


-- Scheduled Tasks -------------------------------------------------------------

2008-07-11 20:00:00 550 --a------ C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer - George.job


-- Files created between 2008-06-16 and 2008-07-16 -----------------------------

2008-07-14 01:32:06 0 d-------- C:\Documents and Settings\George\Application Data\Malwarebytes
2008-07-14 01:31:51 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-14 00:46:30 1072722 --a------ C:\WINDOWS\system32\drivers\VBEngNT.sys <Not Verified; VirusBuster Kft.; VirusBuster Engine SYS for Windows NT/2000/XP>
2008-07-14 00:45:57 0 d-------- C:\WINDOWS\system32\Filt
2008-07-14 00:45:21 0 d-------- C:\Documents and Settings\All Users\Application Data\Agnitum
2008-07-11 19:53:03 0 d-------- C:\WINDOWS\LastGood
2008-07-11 19:52:55 23296 --a------ C:\WINDOWS\system32\drivers\avgfwdx.sys <Not Verified; AVG Technologies CZ, s.r.o.; AVG Internet Security>
2008-07-11 19:52:55 45568 --a------ C:\WINDOWS\system32\avgfwdx.dll <Not Verified; AVG Technologies CZ, s.r.o.; AVG Internet Security>
2008-07-04 10:34:41 0 d-------- C:\Documents and Settings\NetworkService\My Documents


-- Find3M Report ---------------------------------------------------------------

2008-07-11 21:05:15 0 d-------- C:\Program Files\ComcastToolbar
2008-07-11 21:04:52 0 d-------- C:\Documents and Settings\George\Application Data\Lavasoft
2008-05-21 18:53:18 0 d-------- C:\Program Files\Ascentive
2008-05-20 00:55:17 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-20 00:55:11 0 d-------- C:\Documents and Settings\George\Application Data\InstallShield
2008-05-20 00:55:01 0 d-------- C:\Program Files\Plaxo
2008-05-17 05:32:12 1 --a------ C:\WINDOWS\system32\boa1.dat
2008-05-17 05:32:06 1 --a------ C:\WINDOWS\system32\rc.dat
2008-05-17 05:32:06 1 --a------ C:\WINDOWS\system32\ps1.dat
2008-05-17 05:32:06 1 --a------ C:\WINDOWS\system32\cs.dat
2008-05-17 05:00:56 46080 --a------ C:\WINDOWS\system32\swin32.dll <Not Verified; Kp; >
2008-05-17 05:00:55 5214 --a------ C:\WINDOWS\system32\ds.dat
2008-05-01 22:47:20 8 --a------ C:\WINDOWS\system32\nvModes.dat
2008-04-29 13:14:08 208896 --a------ C:\WINDOWS\system32\ConTest.dll <Not Verified; Ascentive; ConnectionTester>


-- Registry Dump ---------------------------------------------------------------

Unable to run batchfile; The system cannot find the file specified.
ComSpec: C:\WINDOWS\system32\cmd.exe


-- Hosts -----------------------------------------------------------------------

127.0.0.1 ad.doubleclick.net
127.0.0.1 ad.fastclick.net
127.0.0.1 ads.fastclick.net
127.0.0.1 ar.atwola.com
127.0.0.1 atdmt.com
127.0.0.1 awaps.net
127.0.0.1 banner.fastclick.net
127.0.0.1 banners.fastclick.net
127.0.0.1 click.atdmt.com
127.0.0.1 clicks.atdmt.com

8 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-07-16 18:20:24 ------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Celeron® CPU 2.50GHz
Percentage of Memory in Use: 80%
Physical Memory (total/avail): 247.52 MiB / 49.02 MiB
Pagefile Memory (total/avail): 977.44 MiB / 711.07 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1933.47 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 74.52 GiB total, 39.66 GiB free.
D: is CDROM (CDFS)
E: is CDROM (Unformatted)

\\.\PHYSICALDRIVE0 - WDC WD800EB-11DJF0 - 74.53 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 74.52 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FW: Norton Internet Security v2005 (Symantec Corporation)
AV: Norton Internet Security v2005 (Symantec Corporation)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Microsoft Visual Studio\\Common\\Tools\\VS-Ent98\\Vanalyzr\\VARPC.EXE"="C:\\Program Files\\Microsoft Visual Studio\\Common\\Tools\\VS-Ent98\\Vanalyzr\\VARPC.EXE:*:Enabled:Microsoft ® Visual Studio VSA RPC Event Creator"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\Common Files\\AOL\\1147734874\\ee\\aolsoftware.exe"="C:\\Program Files\\Common Files\\AOL\\1147734874\\ee\\aolsoftware.exe:*:Enabled:AOL Services"
"C:\\Program Files\\Common Files\\AOL\\1147734874\\ee\\aim6.exe"="C:\\Program Files\\Common Files\\AOL\\1147734874\\ee\\aim6.exe:*:Enabled:AIM"
"C:\\temporary use\\Program Files\\iTunes\\iTunes.exe"="C:\\temporary use\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
"C:\\temporary use\\Program Files\\BearShare\\BearShare.exe"="C:\\temporary use\\Program Files\\BearShare\\BearShare.exe:*:Enabled:BearShare"
"C:\\Program Files\\Winamp\\winamp.exe"="C:\\Program Files\\Winamp\\winamp.exe:*:Enabled:Winamp"
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE:*:Enabled:SAgent4"
"C:\\temporary use\\Program Files\\Gunz\\GunzLauncher.exe"="C:\\temporary use\\Program Files\\Gunz\\GunzLauncher.exe:*:Enabled:GunzLauncher"
"C:\\Program Files\\Steam\\steamapps\\shakezulathemicruler\\counter-strike\\hl.exe"="C:\\Program Files\\Steam\\steamapps\\shakezulathemicruler\\counter-strike\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\\Program Files\\AIM6\\aim6.exe"="C:\\Program Files\\AIM6\\aim6.exe:*:Enabled:AIM"


-- Environment Variables -------------------------------------------------------

Unable to get environment variables; The system cannot find the file specified.
ComSpec: C:\WINDOWS\system32\cmd.exe


-- User Profiles ---------------------------------------------------------------

George (admin)


-- Add/Remove Programs ---------------------------------------------------------

abysses l04.06.02 --> "C:\temporary use\downloads\screen savers\abysses l04.06.02\abysses l04.06.02.scr" /S /Uninstall
AC3Filter (remove only) --> C:\Program Files\Windows Media Player\AC3Filter\uninstall.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Adobe Download Manager 2.0 (Remove Only) --> "C:\Program Files\Common Files\Adobe\ESD\uninst.exe"
Agnitum Outpost Antivirus Pro --> "C:\temporary use\Program Files\Outpost Antivirus\unins000.exe"
AIM 6 --> C:\Program Files\AIM6\uninst.exe
BearShare --> C:\TEMPOR~1\PROGRA~1\BEARSH~1\UNWISE.EXE C:\TEMPOR~1\PROGRA~1\BEARSH~1\INSTALL.LOG
EPSON Printer Software --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
GoldWave v5.14 --> "C:\temporary use\Program Files\Goldwave\GoldWave\unstall.exe" "GoldWave v5.14" "C:\temporary use\Program Files\Goldwave\GoldWave\unstall.log"
MAIET entertainment - Gunz --> C:\temporary use\Program Files\Gunz\Uninstall.exe
HighGrow Freeware Version 4.20 --> C:\TEMPOR~1\PROGRA~1\ADULTG~1\Highgrow\HighGrow\UNWISE.EXE C:\TEMPOR~1\PROGRA~1\ADULTG~1\Highgrow\HighGrow\INSTALL.LOG
HijackThis 2.0.2 --> "C:\temporary use\Program Files\HighJackThis\HijackThis.exe" /uninstall
InterActual Player --> C:\Program Files\InterActual\InterActual Player\inuninst.exe
Security Update for Windows XP (KB917422) --> "C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918118) --> "C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918899) --> "C:\WINDOWS\$NtUninstallKB918899$\spuninst\spuninst.exe"
Security Update for Windows XP (KB919007) --> "C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920213) --> "C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920214) --> "C:\WINDOWS\$NtUninstallKB920214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920670) --> "C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920683) --> "C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920685) --> "C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Update for Windows XP (KB920872) --> "C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921398) --> "C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921503) --> "C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921883) --> "C:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst.exe"
Update for Windows XP (KB922582) --> "C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922616) --> "C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922760) --> "C:\WINDOWS\$NtUninstallKB922760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922819) --> "C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923191) --> "C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923414) --> "C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923694) --> "C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923980) --> "C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924191) --> "C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924270) --> "C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924496) --> "C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924667) --> "C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Security Update for Windows Media Player 6.4 (KB925398) --> "C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925454) --> "C:\WINDOWS\$NtUninstallKB925454$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925486) --> "C:\WINDOWS\$NtUninstallKB925486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925902) --> "C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB926239) --> "C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926247) --> "C:\WINDOWS\$NtUninstallKB926247$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926255) --> "C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926436) --> "C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927779) --> "C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927802) --> "C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Update for Windows XP (KB927891) --> "C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928255) --> "C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928843) --> "C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Security Update for Windows XP (KB929123) --> "C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
Update for Windows XP (KB929338) --> "C:\WINDOWS\$NtUninstallKB929338$\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Security Update for Windows XP (KB929969) --> "C:\WINDOWS\$NtUninstallKB929969$\spuninst\spuninst.exe"
Security Update for Windows XP (KB930178) --> "C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Update for Windows XP (KB930916) --> "C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931261) --> "C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931768) --> "C:\WINDOWS\$NtUninstallKB931768$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931784) --> "C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
Update for Windows XP (KB931836) --> "C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe"
Security Update for Windows XP (KB932168) --> "C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Update for Windows XP (KB933360) --> "C:\WINDOWS\$NtUninstallKB933360$\spuninst\spuninst.exe"
Security Update for Windows XP (KB933566) --> "C:\WINDOWS\$NtUninstallKB933566$\spuninst\spuninst.exe"
Security Update for Windows XP (KB933729) --> "C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935839) --> "C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935840) --> "C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
Security Update for Windows XP (KB936021) --> "C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
Update for Windows XP (KB936357) --> "C:\WINDOWS\$NtUninstallKB936357$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782) --> "C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB937143) --> "C:\WINDOWS\$NtUninstallKB937143$\spuninst\spuninst.exe"
Security Update for Windows XP (KB937894) --> "C:\WINDOWS\$NtUninstallKB937894$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938127) --> "C:\WINDOWS\$NtUninstallKB938127$\spuninst\spuninst.exe"
Update for Windows XP (KB938828) --> "C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938829) --> "C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"
Security Update for Windows XP (KB939653) --> "C:\WINDOWS\$NtUninstallKB939653$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683) --> "C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941202) --> "C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941568) --> "C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569) --> "C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941644) --> "C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941693) --> "C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe"
Security Update for Windows XP (KB942615) --> "C:\WINDOWS\$NtUninstallKB942615$\spuninst\spuninst.exe"
Update for Windows XP (KB942763) --> "C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
Update for Windows XP (KB942840) --> "C:\WINDOWS\$NtUninstallKB942840$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943055) --> "C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943460) --> "C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943485) --> "C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944338) --> "C:\WINDOWS\$NtUninstallKB944338$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944533) --> "C:\WINDOWS\$NtUninstallKB944533$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944653) --> "C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
Security Update for Windows XP (KB945553) --> "C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946026) --> "C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
Update for Windows XP (KB946627) --> "C:\WINDOWS\$NtUninstallKB946627$\spuninst\spuninst.exe"
Security Update for Windows XP (KB947864) --> "C:\WINDOWS\$NtUninstallKB947864$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948590) --> "C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948881) --> "C:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950749) --> "C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950759) --> "C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760) --> "C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762) --> "C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376) --> "C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2) --> "C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698) --> "C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748) --> "C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
LG USB Drivers --> C:\PROGRA~1\LGDRIV~1\LGUSBD~1\UNWISE.EXE C:\PROGRA~1\LGDRIV~1\LGUSBD~1\INSTALL.LOG
Malwarebytes' Anti-Malware --> "C:\temporary use\Program Files\Malwarebytes\Malwarebytes' Anti-Malware\unins000.exe"
Mozilla Firefox (2.0.0.15) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Ahead InCD EasyWrite Reader --> C:\WINDOWS\unmrw.exe /UNINSTALL
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
My Global Search Bar --> rundll32 C:\PROGRA~1\MYGLOB~1\bar\1.bin\mgsBar.dll,O
Ahead NeroVision Express --> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
Netscape Communicator 4.76 --> C:\WINDOWS\cd32.exe 4.76 (en)
NVIDIA Drivers --> C:\WINDOWS\system32\nvuninst.exe UninstallGUI
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock
Spyware Cleaner 2008 --> "C:\temporary use\Program Files\spyware cleaner 2008\Spyware Cleaner 2008\unins000.exe"
Viewpoint Manager (Remove Only) --> C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgrInstaller.exe /u /k
Viewpoint Toolbar --> C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\Uninstaller.exe /u /k /url "http://www.viewpoint.com/pub/uninstallcompleted.html"
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
WebFerret --> C:\WINDOWS\WebFerretUninstall.exe C:\Program Files\FerretSoft\WebFerret
Microsoft Web Publishing Wizard 1.53 --> RunDll32 ADVPACK.DLL,LaunchINFSection C:\WINDOWS\INF\wpie3x86.inf,WebPostUninstall
Windows Genuine Advantage Notifications (KB905474) -->
Windows Media Format 11 runtime --> "C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Player 11 --> "C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
WinRAR archiver --> C:\temporary use\Program Files\WinRAR\uninstall.exe
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11 --> "C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Office 2000 Premium --> MsiExec.exe /I{00000409-78E1-11D2-B60F-006097C998E7}
Norton Internet Security --> MsiExec.exe /I{12E2B9E9-05B1-407d-B0FD-B5F350535125}
SymNet --> MsiExec.exe /I{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}
Logitech SetPoint --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}\setup.exe" -l0x9 -removeonly
Norton AntiSpam --> MsiExec.exe /I{3B29A786-5803-4e9e-9B58-3014A5B4E519}
Norton Internet Security --> MsiExec.exe /I{449F3A9E-9903-4a0d-A209-08030D45A935}
Norton Internet Security --> MsiExec.exe /I{48185814-A224-447a-81DA-71BD20580E1B}
NETGEAR WG111T Smart Wizard Wireless Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{51123D42-6B9C-4B93-900C-29F9EC5963C9}\Setup.exe"
Norton Internet Security --> MsiExec.exe /I{526AD5DC-CFC4-4f2a-8442-C84CC91D6C7F}
Norton AntiSpam --> MsiExec.exe /I{5677563D-0CB1-485f-9E18-C5025306BB3F}
Part-Select Wincat --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5905E90C-391C-49D2-84D8-EF16B2729329}\TK_NTB_Wincat.exe" -uninst
--> MsiExec.exe /I{5B782FFA-6A95-480D-8E0A-0954A14693D6}
America's Army --> MsiExec.exe /I{6C5930D1-E4BC-4A10-AB5A-224C48CBA7E6}
SPBBC --> MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
RF Wheel Mouse and Keyboard --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{78DFE6C0-E0BC-11D4-91F5-00C0DF4C00AE}\setup.exe" UNINST
Adobe Photoshop Elements 3.0 --> MsiExec.exe /I{851C67EF-068A-4060-9EF5-2E3DDCD68382}
Intel® Extreme Graphics Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2562
Logitech Desktop Messenger --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\SETUP.EXE" -l0x9 UNINSTALL
Norton Internet Security --> MsiExec.exe /I{A93C9E60-29B6-49da-BA21-F70AC6AADE20}
Adobe Reader 6.0.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A00000000001}
MSRedist --> MsiExec.exe /I{B7C61755-DB48-4003-948F-3D34DB8EAF69}
Norton AntiVirus 2005 --> MsiExec.exe /X{C6F5B6CF-609C-428E-876F-CA83176C021B}
Symantec Script Blocking Installer --> MsiExec.exe /I{D327AFC9-7BAA-473A-8319-6EB7A0D40138}
CC_ccProxyExt --> MsiExec.exe /I{DA42FDCA-7C5A-43EF-9A05-CCE148ADF919}
ccCommon --> MsiExec.exe /I{DC367608-64A7-4BF7-92F4-8BAA25BA02DB}
Norton Internet Security --> MsiExec.exe /I{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}
Norton Internet Security --> MsiExec.exe /I{E5EE9939-259F-4DE2-8023-5C49E16A4F43}
Norton WMI Update --> MsiExec.exe /X{E85FA9A1-C241-4698-893B-DD99509B8DB0}
ArcSoft Software Suite --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F57D8342-E2E4-46F4-915A-F50817CBCB45}\setup.exe" -l0x9
Norton WMI Update --> MsiExec.exe /X{F64306A5-4C32-41bb-B153-53986527FAB4}
Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
ccPxyCore --> MsiExec.exe /I{FC08587A-4F01-4188-819F-F55880022917}
Norton Internet Security --> MsiExec.exe /I{FC2C0536-583C-46c0-844A-62CECAE01F22}


-- Application Event Log -------------------------------------------------------

Event Record #/Type19047 / Warning
Event Submitted/Written: 07/16/2008 06:08:24 PM
Event ID/Source: 1015 / MsiInstaller
Event Description:
Failed to connect to server. Error: 0x80070003

Event Record #/Type19046 / Error
Event Submitted/Written: 07/16/2008 05:47:48 PM
Event ID/Source: 1 / nview_info
Event Description:
NVIEW : sprite6: Shared heap exhausted or damaged, process ID 734, total alloc:382a0...

Event Record #/Type19045 / Error
Event Submitted/Written: 07/16/2008 05:47:48 PM
Event ID/Source: 1 / nview_info
Event Description:
NVIEW : sprite6: Shared heap exhausted or damaged, process ID 734, total alloc:382a0...

Event Record #/Type19044 / Error
Event Submitted/Written: 07/16/2008 05:43:17 PM
Event ID/Source: 1 / nview_info
Event Description:
NVIEW : LogitechDesktopMessenger: Shared heap exhausted or damaged, process ID ae0, total alloc:382a0...

Event Record #/Type19043 / Error
Event Submitted/Written: 07/16/2008 05:43:17 PM
Event ID/Source: 1 / nview_info
Event Description:
NVIEW : LogitechDesktopMessenger: Shared heap exhausted or damaged, process ID ae0, total alloc:382a0...



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type31309 / Error
Event Submitted/Written: 07/16/2008 06:08:24 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The Windows Installer service failed to start due to the following error:
%%3

Event Record #/Type31308 / Error
Event Submitted/Written: 07/16/2008 06:08:24 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%" attempting to start the service MSIServer with arguments ""
in order to run the server:
{000C101C-0000-0000-C000-000000000046}

Event Record #/Type31302 / Error
Event Submitted/Written: 07/16/2008 05:52:41 PM
Event ID/Source: 7034 / Service Control Manager
Event Description:
The Server service terminated unexpectedly. It has done this 1 time(s).

Event Record #/Type31301 / Error
Event Submitted/Written: 07/16/2008 05:52:41 PM
Event ID/Source: 7034 / Service Control Manager
Event Description:
The HID Input Service service terminated unexpectedly. It has done this 1 time(s).

Event Record #/Type31300 / Error
Event Submitted/Written: 07/16/2008 05:52:41 PM
Event ID/Source: 7031 / Service Control Manager
Event Description:
The Help and Support service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.



-- End of Deckard's System Scanner: finished at 2008-07-16 18:20:24 ------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:19:20 PM, on 7/16/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\COMPAQ\RF Wheel Mouse and Keyboard\Keyboard.exe
C:\Program Files\COMPAQ\RF Wheel Mouse and Keyboard\openusbkbd.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\temporary use\Program Files\deckards scanner\dss.exe
C:\TEMPOR~1\PROGRA~1\HIGHJA~1\George.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.bearshare.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.vcu.org
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.netscape.com/home/winsearch200.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.netscape.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://keyword.netscape.com/keyword/%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Online@VCU
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - (no file)
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)
O2 - BHO: Aero skin - {FFFFFFFF-85A3-452b-B7A8-759AD9B42162} - swin32.dll (file missing)
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll
O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL
O4 - HKLM\..\Run: [Gnetmous] C:\Program Files\COMPAQ\RF Wheel Mouse and Keyboard\gnetmous.exe
O4 - HKLM\..\Run: [Gkeybd] C:\Program Files\COMPAQ\RF Wheel Mouse and Keyboard\Keyboard.exe
O4 - HKLM\..\Run: [EPSON Stylus CX5400] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE /P19 "EPSON Stylus CX5400" /O5 "LPT1:" /M "Stylus CX5400"
O4 - HKLM\..\Run: [\\Unitek\EPSON CX5400] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE /P21 "\\Unitek\EPSON CX5400" /O21 "\\Unitek\EPSON CX5400" /M "Stylus CX5400"
O4 - HKLM\..\Run: [Auto EPSON Stylus CX5400 on RUTH] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE /P32 "Auto EPSON Stylus CX5400 on RUTH" /O20 "\\RUTH\Stylus CX5400" /M "Stylus CX5400"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [ViewpointPhotosDeviceConnect] C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\FotomatDeviceConnect.exe
O4 - HKLM\..\Run: [OutpostMonitor] "C:\temporary use\Program Files\Outpost Antivirus\op_mon.exe" /tray /noservice
O4 - HKLM\..\Run: [OutpostFeedBack] "C:\temporary use\Program Files\Outpost Antivirus\feedback.exe" /dump:os_startup
O4 - HKCU\..\Run: [BPS Spyware Remover] C:\temporary use\Program Files\BPS Remover\BPSRem.exe /STARTUP
O4 - HKCU\..\Run: [Performance Center] C:\Program Files\Ascentive\Performance Center\APCMain.exe -m
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: NETGEAR WG111T Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111T Configuration Utility\wlan111t.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.vcu.org
O16 - DPF: {343CE214-9998-4B21-A151-FFE970167297} - http://xscanner.spyshredderscanner.com/setup/webinst.cab
O16 - DPF: {42D06124-98A2-47EC-8098-3778B58CE7D5} (SupportSoft External Control) - http://connect.comcast.com/dl/Comcast%20Ac...%20Controls.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {7D5DD829-6C90-42C5-B54C-2AFA82F988BA} - http://www.antivirusxp2008.com/tools/virusremover.dll
O16 - DPF: {B4A78D29-52B1-4A7B-BAC0-1471BEDF9836} - http://xscanner.shredderscan.com/setup/webinst.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - AppInit_DLLs: c:\tempor~1\progra~1\outpos~1\wl_hook.dll
O21 - SSODL: DriveBoot - {98bf30a6-29ee-4586-99a8-d1b5f11822e9} - C:\WINDOWS\Installer\{98bf30a6-29ee-4586-99a8-d1b5f11822e9}\DriveBoot.dll
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Intel Corporation - (no file)
O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Lexar SG20 (LxrSG20s) - Unknown owner - LxrSG20s.exe (file missing)
O23 - Service: MACCATSRV - Wrenchead, Inc.. - C:\temporary use\Program Files\Wincat\Program\MACCATSRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: SAVScan - Agnitum Ltd. - (no file)
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 8059 bytes




I have no idea what any of this means, so sorry if i over posted, or maybe i didnt post enough-not sure. thanks for any help you guys can give!

BC AdBot (Login to Remove)

 


m

#2 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:12:37 AM

Posted 05 August 2008 - 01:53 PM

Welcome to the BleepingComputer Forums. Since it has been a few days, please post a new Deckard's System Scanner which includes the HijackThis log. Please see Preparation Guide for use before posting about your potential Malware problem. Thank you for your patience.

If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#3 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:12:37 AM

Posted 12 August 2008 - 06:00 AM

This subject is now closed. If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request. If you should have a new issue, please start a new topic. This applies only to the original topic starter. Everyone else please begin a New Topic.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users