Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Just Want To Make Sure My Computer Is Clear.


  • This topic is locked This topic is locked
21 replies to this topic

#1 Philolaus

Philolaus

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:02 AM

Posted 25 July 2008 - 06:21 PM

I was reminded to use Hijack this by a small possible problem. RegCure wants to run Spysweeper Schedule at Startup. This does not seem right? If this is no real problem, I still would like to be sure my computer is clear. It's only a few weeks old, but I only now got a hardware router firewall and have been using dsl. Below are the Trend and Spysweeper warnings:

System Change

Risk Level: Low

Description:
An new entry added to your computer's registry will load a suspicious program automatically the next time you start your computer.

Details:
Registry Key: HKU\S-1-5-21-369704275-3481632229-123819497-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Registry Name: RunSpySweeperScheduleAtStartup
Program: "C:\Program Files\RegCure\RegCure.exe" /ScheduleSweep=RegCure
Product(s): RegCure Application



ABOVE IS FROM TREND:

BELOW FROM SPYSWEEPER:

Startup Item: RunSpySweeperScheduleAtStartup
Assessment: Unknown
RegCure Application
Location: C:program files\regcure\regcure.exe
Registry or Startup Folder: HKCU: Run

Deckard's System Scanner v20071014.68
Run by Laurence Crossen on 2008-07-25 15:51:21
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- Last 5 Restore Point(s) --
25: 2008-07-25 08:06:19 UTC - RP182 - Scheduled Checkpoint
24: 2008-07-23 07:21:14 UTC - RP181 - Windows Update
23: 2008-07-22 07:21:01 UTC - RP180 - RegCure Backup
22: 2008-07-20 22:54:14 UTC - RP178 - Removed Windows Live installer
21: 2008-07-20 22:54:03 UTC - RP177 - Before uninstall Windows Live installer


-- First Restore Point --
1: 2008-07-12 01:09:27 UTC - RP187 - Installed Computrace


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Laurence Crossen.exe) ------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:52:06 PM, on 7/25/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Toshiba\Utilities\KeNotify.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Toshiba\SmoothView\SmoothView.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\SiteAdvisor\6261\SiteAdv.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Babylon\Babylon-Pro\Babylon.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\mdres.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Windows\System32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\System32\notepad.exe
C:\Users\Laurence Crossen\Downloads\deckardssystemscannerjuly2008.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Laurence Crossen.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: OToolbarHelper Class - {EAD3A971-6A23-4246-8691-C9244E858967} - C:\Program Files\PayPal\PayPal Plug-In\PayPalHelper.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O3 - Toolbar: PayPal Plug-In - {DC0F2F93-27FA-4f84-ACAA-9416F90B9511} - C:\Program Files\PayPal\PayPal Plug-In\OToolbar.dll
O4 - HKLM\..\Run: [NvSvc] "RUNDLL32.EXE" C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SynTPStart] "C:\Program Files\Synaptics\SynTP\SynTPStart.exe"
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [SVPWUTIL] "C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe" SVPwUTIL
O4 - HKLM\..\Run: [KeNotify] "C:\Program Files\TOSHIBA\Utilities\KeNotify.exe"
O4 - HKLM\..\Run: [TPwrMain] "C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE"
O4 - HKLM\..\Run: [HSON] "C:\Program Files\TOSHIBA\TBS\HSON.exe"
O4 - HKLM\..\Run: [SmoothView] "C:\Program Files\Toshiba\SmoothView\SmoothView.exe"
O4 - HKLM\..\Run: [00TCrdMain] "C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe"
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe"
O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe"
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [TrueImageMonitor.exe] "C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe"
O4 - HKLM\..\Run: [AcronisTimounterMonitor] "C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe"
O4 - HKLM\..\Run: [Babylon Client] "C:\Program Files\Babylon\Babylon-Pro\Babylon.exe" -AutoStart
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Window Washer] "C:\Program Files\Webroot\Washer\wwDisp.exe" /startup
O4 - HKCU\..\Run: [TOSCDSPD] "C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe"
O4 - HKCU\..\Run: [ISUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup
O4 - HKCU\..\RunOnce: [Index Washer] "C:\Program Files\Webroot\Washer\WashIdx.exe" "Laurence Crossen"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Delete all.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Translate with &Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O15 - Trusted Zone: http://login.live.com
O15 - Trusted Zone: http://*.officeliveoffers.com
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {700EF03F-A472-4D26-8ACB-300F4D04FD96} (Recovery ActiveX Control Module) - https://www.lojackforlaptops.com/ctmweb/testoc.cab
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Procedure Call (RPC) Net (rpcnet) - Absolute Software Corp. - C:\Windows\System32\rpcnet.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe
O23 - Service: Swupdtmr - Unknown owner - c:\Toshiba\IVP\swupdate\swupdtmr.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
O23 - Service: TryAndDecideService - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe

--
End of file - 12167 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R3 NETw5v32 (Intel® Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ) - c:\windows\system32\drivers\netw5v32.sys <Not Verified; Intel Corporation; Intel® Wireless WiFi Link Adapter>

S3 MREMP50 (MREMP50 NDIS Protocol Driver) - \??\c:\progra~1\common~1\motive\mremp50.sys
S3 MRESP50 (MRESP50 NDIS Protocol Driver) - \??\c:\progra~1\common~1\motive\mresp50.sys
S3 TVICHW32 - \??\c:\windows\system32\drivers\tvichw32.sys


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 ConfigFree Service - "c:\program files\toshiba\configfree\cfsvcs.exe" <Not Verified; TOSHIBA CORPORATION; ConfigFree™>
R2 McciCMService - "c:\program files\common files\motive\mccicmservice.exe" <Not Verified; Motive Communications, Inc.; >
R2 RegSrvc (Intel® PROSet/Wireless Registry Service) - c:\program files\intel\wireless\bin\regsrvc.exe <Not Verified; Intel Corporation; Intel® PROSet/Wireless Registry Service>
R2 rpcnet (Remote Procedure Call (RPC) Net) - c:\windows\system32\rpcnet.exe <Not Verified; Absolute Software Corp.; Installation/Management Application>
R2 TOSHIBA SMART Log Service - "c:\program files\toshiba\smartlogservice\tosipcsrv.exe" <Not Verified; TOSHIBA Corporation; TOSHIBA S.M.A.R.T. Log Service>

S2 CLTNetCnService (Symantec Lic NetConnect service) - "c:\program files\common files\symantec shared\ccsvchst.exe" /h cccommon (file missing)
S2 pinger -


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-07-25 07:00:08 1652 --a------ C:\Windows\Tasks\wrSpySweeper_LC86EC6C8AA1C40DDA447B83DB973AE15.job
2008-07-25 00:07:54 460 --a------ C:\Windows\Tasks\RegCure Program Check.job
2008-07-23 00:07:45 394 --a------ C:\Windows\Tasks\RegCure.job


-- Files created between 2008-06-25 and 2008-07-25 -----------------------------

2008-07-21 10:50:53 2716 --a------ C:\Windows\checkip.dat
2008-07-20 15:57:49 0 d-------- C:\Program Files\RegCure
2008-07-20 13:41:09 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-07-20 13:40:33 0 d-------- C:\Users\All Users\WLInstaller
2008-07-18 17:02:21 0 d-------- C:\Program Files\TouchStoneSoftware
2008-07-15 11:28:57 0 d-------- C:\Program Files\DIFX
2008-07-11 18:17:38 47104 --a------ C:\Windows\system32\rpcnet.dll <Not Verified; Absolute Software Corp.; Installation/Management Application>
2008-07-11 18:09:37 0 d-------- C:\Windows\LoJackInstaller
2008-07-10 13:29:49 0 d-------- C:\Program Files\SystemRequirementsLab
2008-07-10 13:27:40 0 d-------- C:\Windows\Sun
2008-07-09 12:37:25 0 d-------- C:\Program Files\Yahoo!
2008-07-09 12:36:50 0 d-------- C:\Program Files\att-aace
2008-07-09 12:36:38 0 d-------- C:\Users\All Users\Motive
2008-07-09 12:36:33 0 d-------- C:\Program Files\Common Files\Motive
2008-07-09 12:36:30 0 d-------- C:\Program Files\ATT
2008-07-06 18:30:41 23600 --a------ C:\Windows\system32\drivers\TVICHW32.SYS <Not Verified; EnTech Taiwan; TVicHW32 Generic Device Driver for Windows 95/98/ME/NT/2000/2003/XP/XP64>
2008-07-05 20:20:23 45056 --a------ C:\Windows\system32\wnaspi32.dll <Not Verified; Adaptec; Adaptec's ASPI Layer>
2008-07-05 20:20:23 25244 --a------ C:\Windows\system32\drivers\aspi32.sys <Not Verified; Adaptec; Adaptec's ASPI Layer>
2008-07-05 20:20:23 203776 --a------ C:\Windows\system32\clrviddc.dll <Not Verified; Iterated Systems, Inc.; ClearVideo Decoder DLL>
2008-07-05 20:20:23 4672 --a------ C:\Windows\system\wowpost.exe <Not Verified; Adaptec; Adaptec's ASPI Layer>
2008-07-05 20:20:23 5600 --a------ C:\Windows\system\winaspi.dll <Not Verified; Adaptec; Adaptec's ASPI Layer>
2008-07-05 16:55:42 0 d-------- C:\Windows\$regcmp$
2008-07-05 16:55:31 0 d-------- C:\Program Files\Registry Clean Expert
2008-07-05 16:49:33 0 d-------- C:\Program Files\Common Files\ResearchSoft
2008-07-05 16:46:49 0 d-------- C:\Program Files\EndNote X2
2008-07-05 16:46:26 0 d-------- C:\Users\All Users\Thomson.ResearchSoft.Installers
2008-07-05 15:04:39 0 d-------- C:\perflogs
2008-07-04 20:52:59 0 d-------- C:\sp205v250
2008-07-04 14:59:37 0 d-------- C:\Program Files\Foxit Software
2008-07-04 14:41:11 0 d-------- C:\Users\All Users\WholeSecurity
2008-07-04 14:33:38 0 d-------- C:\Program Files\PayPal
2008-07-03 18:06:49 0 d-------- C:\Program Files\PersonalBrain
2008-07-03 17:56:37 0 d-------- C:\Program Files\Babylon
2008-07-03 17:47:41 0 d-------- C:\Users\All Users\Babylon
2008-07-03 17:42:09 9728 --a------ C:\Windows\system32\LivingGlobe.scr
2008-07-03 17:42:09 0 d-------- C:\Program Files\LivingGlobe
2008-07-03 17:36:18 0 d-------- C:\Windows\TweakVI
2008-07-03 17:36:18 0 d-------- C:\Program Files\TweakVI
2008-07-03 17:13:22 0 d-------- C:\Program Files\Nuance
2008-07-03 17:11:45 0 d-------- C:\Program Files\Common Files\ScanSoft Shared
2008-07-03 16:37:18 0 d-------- C:\PaperPort11
2008-07-03 16:19:30 0 d-------- C:\Users\All Users\DataViz
2008-07-03 16:19:30 0 d-------- C:\Program Files\Common Files\DataViz
2008-07-03 16:19:19 0 d-------- C:\Program Files\Documents To Go
2008-07-03 15:45:13 0 d-------- C:\Program Files\Palm
2008-07-03 15:42:46 0 d-------- C:\Users\All Users\HotSync
2008-07-03 15:27:55 0 d-------- C:\Program Files\Common Files\Thomson ResearchSoft
2008-07-03 15:01:38 0 d-------- C:\Program Files\Common Files\Risxtd
2008-07-03 15:00:44 0 d-------- C:\Program Files\EndNote X1
2008-07-03 14:57:12 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-03 14:52:27 0 d-------- C:\Program Files\SkyMap Lite 2005
2008-07-03 14:51:17 0 -rahs---- C:\MSDOS.SYS
2008-07-03 14:51:17 0 -rahs---- C:\IO.SYS
2008-07-03 10:54:37 0 d--h----- C:\Program Files\Zero G Registry
2008-07-03 10:54:37 0 d-------- C:\Program Files\Britannica 7.0
2008-07-03 10:52:04 0 d--h----- C:\Users\Laurence Crossen\InstallAnywhere
2008-07-03 10:40:31 0 d-------- C:\Users\All Users\InstallShield
2008-07-03 10:40:03 0 d-------- C:\Users\All Users\ScanSoft
2008-07-03 10:39:21 0 d-------- C:\Program Files\ScanSoft
2008-07-03 10:35:56 0 d-------- C:\OP16StdSP1
2008-07-03 10:20:34 0 d-------- C:\Users\All Users\WEBREG
2008-07-03 10:18:12 0 d-------- C:\Program Files\Common Files\Hewlett-Packard
2008-07-03 10:17:48 0 d-------- C:\Program Files\Common Files\HP
2008-07-03 10:16:38 0 d-------- C:\Users\All Users\Hewlett-Packard
2008-07-03 10:14:57 117760 --a------ C:\Windows\system32\hpz3l4v2.dll <Not Verified; Hewlett-Packard Company; Language Monitor>
2008-07-03 10:14:51 0 d-------- C:\Program Files\HP
2008-07-03 10:10:59 130831 --a------ C:\Windows\hpoins18.dat
2008-07-03 10:10:53 258048 --a------ C:\Windows\system32\hpzids01.dll <Not Verified; Hewlett-Packard; HP Installer>
2008-07-03 10:10:52 675840 --a------ C:\Windows\system32\hpowiav1.dll <Not Verified; Hewlett-Packard; hpowiav1.dll>
2008-07-03 10:10:52 303104 --a------ C:\Windows\system32\hpovst01.dll <Not Verified; Hewlett-Packard Co.; hp digital imaging - hp all-in-one series>
2008-07-03 10:10:52 897024 --a------ C:\Windows\system32\hpotiop1.dll <Not Verified; Hewlett-Packard Co.; hp digital imaging - hp all-in-one series>
2008-07-03 10:10:51 6600 --a------ C:\Windows\hpomdl18.dat
2008-07-03 10:07:10 0 d-------- C:\Users\All Users\HP
2008-07-03 09:33:16 143360 -ra------ C:\Windows\apptune1018.exe <Not Verified; Zenographics; Zenographics apptune>
2008-07-03 09:33:13 0 d-------- C:\Program Files\Hewlett-Packard
2008-07-03 09:33:12 0 d--h----- C:\Program Files\Zenographics
2008-07-03 09:28:42 0 d-------- C:\Program Files\MSECache
2008-07-03 09:27:18 0 d-------- C:\Users\All Users\Office Genuine Advantage
2008-07-03 09:04:15 0 d-------- C:\Windows\PCHEALTH
2008-07-03 09:04:15 0 d-------- C:\Program Files\Microsoft.NET
2008-07-03 08:59:30 0 dr-h----- C:\MSOCache
2008-07-03 08:26:54 0 d-------- C:\Program Files\Microsoft Works Suite 2006
2008-07-02 18:32:46 0 d-------- C:\Windows\Registry Drill
2008-07-02 18:32:46 0 d-------- C:\Program Files\Easy Desk Utilities
2008-07-02 18:30:54 0 d-------- C:\Temp
2008-07-02 18:16:33 0 d-------- C:\Program Files\Driver-Soft
2008-07-02 18:01:54 0 d-------- C:\Program Files\Your Uninstaller 2008
2008-07-02 17:53:24 0 d-a------ C:\Users\All Users\TEMP
2008-07-02 17:52:33 1753088 --a------ C:\Windows\system32\ExGrid.dll <Not Verified; Exontrol Inc.; ExGrid Module>
2008-07-02 17:52:32 516096 --a------ C:\Windows\system32\ExTab.dll <Not Verified; Exontrol Inc.; ExTab Module>
2008-07-02 17:52:32 307200 --a------ C:\Windows\system32\ExPMenu.dll <Not Verified; Exontrol Inc.; ExPopupMenu Control>
2008-07-02 17:52:32 602112 --a------ C:\Windows\system32\ExMenu.dll <Not Verified; Exontrol Inc.; ExMenu Control>
2008-07-02 17:52:32 614400 --a------ C:\Windows\system32\ExButton.dll <Not Verified; Exontrol Inc.; ExButton Module>
2008-07-02 17:52:31 118784 --a------ C:\Windows\system32\eWebControl.dll <Not Verified; eSellerate Inc.; >
2008-07-02 17:52:31 356352 --a------ C:\Windows\system32\eSellerateEngine.dll <Not Verified; eSellerate Inc.; eSellerateEngine>
2008-07-02 17:52:31 0 d-------- C:\Program Files\Common Files\eSellerate
2008-07-02 17:52:30 368912 --a------ C:\Windows\system32\vbar332.dll <Not Verified; Microsoft Corporation; Microsoft Visual Basic for Applications>
2008-07-02 17:52:29 0 d-------- C:\Program Files\AnswersThatWork
2008-07-02 17:23:54 0 d-------- C:\Users\All Users\Diskeeper Corporation
2008-07-02 17:23:51 0 d-------- C:\Program Files\Diskeeper Corporation
2008-07-02 17:12:33 0 d-------- C:\Users\Laurence Crossen\Diskeeper
2008-07-02 16:43:49 0 d-------- C:\Program Files\Identity Finder
2008-07-02 16:34:06 0 d-------- C:\Program Files\Common Files\Webroot Shared
2008-07-02 16:17:10 0 d-------- C:\Users\All Users\Webroot
2008-07-02 16:17:10 0 d-------- C:\Program Files\Webroot
2008-07-02 16:16:24 164 --a------ C:\install.dat
2008-07-02 15:16:59 0 d-------- C:\Windows\system32\Adobe
2008-07-02 15:11:10 0 d-------- C:\Program Files\Common Files\xing shared
2008-07-02 15:11:02 0 d-------- C:\Program Files\Common Files\Real
2008-07-02 15:11:01 0 d-------- C:\Program Files\Real
2008-07-02 15:08:12 0 d-------- C:\Users\All Users\Apple Computer
2008-07-02 15:08:12 0 d-------- C:\Program Files\QuickTime
2008-07-02 15:07:52 0 d-------- C:\Users\All Users\Apple
2008-07-02 15:07:52 0 d-------- C:\Program Files\Apple Software Update
2008-07-02 14:49:18 0 d-------- C:\Program Files\SiteAdvisor
2008-07-02 14:48:59 0 d-------- C:\Users\All Users\SiteAdvisor
2008-07-02 14:48:59 0 d-------- C:\Users\All Users\McAfee
2008-07-02 14:26:57 0 d-------- C:\Users\All Users\RoboForm
2008-07-02 14:26:40 0 d-------- C:\Program Files\Siber Systems
2008-07-02 14:17:02 0 --a------ C:\Windows\nsreg.dat
2008-07-02 13:44:20 0 d-------- C:\Users\All Users\Acronis
2008-07-02 13:43:23 0 d-------- C:\Program Files\Common Files\Acronis
2008-07-02 13:43:18 0 d-------- C:\Program Files\Acronis
2008-07-02 12:21:17 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-07-02 11:29:51 0 d-------- C:\Users\All Users\Trend Micro
2008-07-02 11:29:40 0 d-------- C:\Program Files\Trend Micro
2008-07-02 11:10:29 0 dr------- C:\Users\Laurence Crossen\Searches
2008-07-02 11:10:18 0 dr------- C:\Users\Laurence Crossen\Contacts
2008-07-02 11:10:17 4 -r-hs---- C:\Windows\system32\drivers\taishop.sys
2008-07-02 11:10:17 13 -r-hs---- C:\Windows\system32\drivers\fbd.sys
2008-07-02 11:10:11 0 dr------- C:\Users\Laurence Crossen\Videos
2008-07-02 11:10:11 0 d--hs---- C:\Users\Laurence Crossen\Templates
2008-07-02 11:10:11 0 d--hs---- C:\Users\Laurence Crossen\Start Menu
2008-07-02 11:10:11 0 d--hs---- C:\Users\Laurence Crossen\SendTo
2008-07-02 11:10:11 0 dr------- C:\Users\Laurence Crossen\Saved Games
2008-07-02 11:10:11 0 d-------- C:\Users\Laurence Crossen\Roaming
2008-07-02 11:10:11 0 d--hs---- C:\Users\Laurence Crossen\Recent
2008-07-02 11:10:11 0 d--hs---- C:\Users\Laurence Crossen\PrintHood
2008-07-02 11:10:11 0 dr------- C:\Users\Laurence Crossen\Pictures
2008-07-02 11:10:11 2621440 --a------ C:\Users\Laurence Crossen\NTUSER.DAT
2008-07-02 11:10:11 0 d--hs---- C:\Users\Laurence Crossen\NetHood
2008-07-02 11:10:11 0 d--hs---- C:\Users\Laurence Crossen\My Documents
2008-07-02 11:10:11 0 dr------- C:\Users\Laurence Crossen\Music
2008-07-02 11:10:11 0 d--hs---- C:\Users\Laurence Crossen\Local Settings
2008-07-02 11:10:11 0 dr------- C:\Users\Laurence Crossen\Links
2008-07-02 11:10:11 0 dr------- C:\Users\Laurence Crossen\Favorites
2008-07-02 11:10:11 0 dr------- C:\Users\Laurence Crossen\Downloads
2008-07-02 11:10:11 0 dr------- C:\Users\Laurence Crossen\Documents
2008-07-02 11:10:11 0 dr------- C:\Users\Laurence Crossen\Desktop
2008-07-02 11:10:11 0 d--hs---- C:\Users\Laurence Crossen\Cookies
2008-07-02 11:10:11 0 d--hs---- C:\Users\Laurence Crossen\Application Data
2008-07-02 11:10:11 0 d--h----- C:\Users\Laurence Crossen\AppData


-- Find3M Report ---------------------------------------------------------------

2008-07-25 00:09:06 28380 --a------ C:\Users\Laurence Crossen\AppData\Roaming\nvModes.001
2008-07-20 13:41:09 0 d-------- C:\Program Files\Common Files
2008-07-20 09:10:11 0 d-------- C:\Users\Laurence Crossen\AppData\Roaming\EndNote
2008-07-18 17:02:29 0 d-------- C:\Users\Laurence Crossen\AppData\Roaming\SiteAdvisor
2008-07-12 11:43:45 28380 --a------ C:\Users\Laurence Crossen\AppData\Roaming\nvModes.dat
2008-07-12 11:25:18 0 d-------- C:\Users\Laurence Crossen\AppData\Roaming\Help
2008-07-11 18:17:18 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-07-11 18:10:53 0 d-------- C:\Users\Laurence Crossen\AppData\Roaming\Babylon
2008-07-11 00:58:49 0 d-------- C:\Users\Laurence Crossen\AppData\Roaming\Webroot
2008-07-10 13:29:50 0 d-------- C:\Users\Laurence Crossen\AppData\Roaming\SystemRequirementsLab
2008-07-09 00:45:44 0 d-------- C:\Program Files\Windows Mail
2008-07-07 09:19:50 0 d-------- C:\Users\Laurence Crossen\AppData\Roaming\Acronis
2008-07-05 20:47:40 0 d-------- C:\Users\Laurence Crossen\AppData\Roaming\Ulead Systems
2008-07-05 20:32:08 0 d-------- C:\Users\Laurence Crossen\AppData\Roaming\toshiba
2008-07-05 20:20:25 0 d-------- C:\Users\Laurence Crossen\AppData\Roaming\Real
2008-07-05 20:15:19 0 d-------- C:\Users\Laurence Crossen\AppData\Roaming\Printer Info Cache
2008-07-05 20:15:19 0 d-------- C:\Users\Laurence Crossen\AppData\Roaming\Image Zone Express
2008-07-05 20:14:31 0 d-------- C:\Users\Laurence Crossen\AppData\Roaming\HP
2008-07-05 19:29:30 0 d-------- C:\Users\Laurence Crossen\AppData\Roaming\ScanSoft
2008-07-05 19:28:42 0 d-------- C:\Users\Laurence Crossen\AppData\Roaming\Zeon
2008-07-04 18:27:52 0 d-------- C:\Users\Laurence Crossen\AppData\Roaming\WinBatch
2008-07-04 14:33:08 0 d-------- C:\Users\Laurence Crossen\AppData\Roaming\InstallShield
2008-07-03 18:10:43 0 d-------- C:\Users\Laurence Crossen\AppData\Roaming\PersonalBrain
2008-07-03 17:43:43 0 d-------- C:\Users\Laurence Crossen\AppData\Roaming\Living Globe
2008-07-03 15:46:10 0 d-------- C:\Users\Laurence Crossen\AppData\Roaming\Arcsoft
2008-07-03 15:42:46 0 d-------- C:\Users\Laurence Crossen\AppData\Roaming\HotSync
2008-07-03 10:39:44 0 d-------- C:\Program Files\Common Files\InstallShield
2008-07-03 09:04:51 0 d-------- C:\Program Files\Microsoft Works
2008-07-02 19:06:08 0 --a------ C:\Users\Laurence Crossen\AppData\Roaming\wklnhst.dat
2008-07-02 18:01:57 0 d-------- C:\Users\Laurence Crossen\AppData\Roaming\URSoft
2008-07-02 15:05:27 0 d-------- C:\Program Files\Java
2008-07-02 14:17:01 0 d-------- C:\Users\Laurence Crossen\AppData\Roaming\Mozilla
2008-07-02 13:25:52 0 d-------- C:\Program Files\Toshiba Registration
2008-07-02 13:04:55 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-07-02 12:30:32 0 d-------- C:\Users\Laurence Crossen\AppData\Roaming\Macromedia
2008-07-02 12:28:54 0 d-------- C:\Users\Laurence Crossen\AppData\Roaming\Google
2008-07-02 12:06:41 0 d-------- C:\Users\Laurence Crossen\AppData\Roaming\Adobe
2008-07-02 11:10:20 0 d-------- C:\Users\Laurence Crossen\AppData\Roaming\Identities
2008-05-15 15:41:34 56 --a------ C:\Windows\system32\IHV_Install.bat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvSvc"="RUNDLL32.exe" [11/02/2006 02:45 AM C:\Windows\System32\rundll32.exe]
"NvCplDaemon"="RUNDLL32.exe" [11/02/2006 02:45 AM C:\Windows\System32\rundll32.exe]
"NvMediaCenter"="RUNDLL32.exe" [11/02/2006 02:45 AM C:\Windows\System32\rundll32.exe]
"SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [07/27/2007 03:00 PM]
"NDSTray.exe"="NDSTray.exe" []
"SVPWUTIL"="C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe" [03/22/2006 10:42 PM]
"KeNotify"="C:\Program Files\TOSHIBA\Utilities\KeNotify.exe" [11/06/2006 06:14 PM]
"TPwrMain"="C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE" [01/17/2008 05:27 PM]
"HSON"="C:\Program Files\TOSHIBA\TBS\HSON.exe" [10/31/2007 11:01 PM]
"SmoothView"="C:\Program Files\Toshiba\SmoothView\SmoothView.exe" [06/15/2007 10:01 PM]
"00TCrdMain"="C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe" [01/22/2008 03:25 PM]
"pccguide.exe"="C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe" [04/12/2007 03:58 AM]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6261\SiteAdv.exe" [05/16/2008 09:50 AM]
"PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [01/11/2007 01:01 PM]
"IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [01/11/2007 12:58 PM]
"Acronis Scheduler2 Service"="C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" [09/14/2007 02:55 AM]
"TrueImageMonitor.exe"="C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe" [09/14/2007 02:52 AM]
"AcronisTimounterMonitor"="C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe" [09/14/2007 03:02 AM]
"Babylon Client"="C:\Program Files\Babylon\Babylon-Pro\Babylon.exe" [03/11/2008 09:23 AM]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [01/04/2008 08:56 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RoboForm"="C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [07/02/2008 02:26 PM]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [01/20/2008 07:25 PM]
"Window Washer"="C:\Program Files\Webroot\Washer\wwDisp.exe" [11/26/2007 02:47 PM]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [01/29/2008 05:00 PM]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [02/16/2005 04:15 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"Index Washer"="C:\Program Files\Webroot\Washer\WashIdx.exe" "Laurence Crossen"

C:\Users\Laurence Crossen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Delete all.lnk - C:\Windows\system32\RunDll32.exe [11/2/2006 1:48:33 AM]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [1/2/2007 9:40:10 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)
"EnableLUA"=0 (0x0)
"EnableUIADesktopToggle"=0 (0x0)
"DisableCAD"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"SynchronousMachineGroupPolicy"=0 (0x0)
"SynchronousUserGroupPolicy"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoRemoteRecursiveEvents"=1 (0x1)
"NoStrCmpLogical"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBalloonTip"=0 (0x0)
"NoSaveSettings"=0 (0x0)
"NoRecentDocsHistory"=1 (0x1)
"NoLowDiskSpaceChecks"=1 (0x1)
"NoAutoTrayNotify"=0 (0x0)
"NoResolveTrack"=0 (0x0)
"NoResolveSearch"=1 (0x1)
"NoStartBanner"=01000000
"NoWelcomeScreen"=1 (0x1)
"NoRecentDocsNetHood"=1 (0x1)
"RestrictWelcomeCenter"=1 (0x1)
"AlwaysShowClassicMenu"=1 (0x1)
"NoStartMenuMyGames"=1 (0x1)
"NoStartMenuMFUprogramsList"=1 (0x1)
"ClearRecentDocsOnExit"=1 (0x1)
"TaskbarNoNotification"=1 (0x1)
"NoDesktopCleanupWizard"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
C:\Windows\system32\psqlpwd.dll 12/03/2006 04:50 PM 90112 C:\Windows\System32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Notification Packages"= scecli psqlpwd
"Authentication Packages"= msv1_0 relog_ap

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalService nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE Mcx2Svc WebClient SstpSvc
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum
HPZ12 Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt hpqcxs08 hpqddsvc


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{eeea90a4-557f-11dd-81a1-001eec371a40}]
AutoRun\command- F:\WINDOWS\IronKey.exe


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- End of Deckard's System Scanner: finished at 2008-07-25 15:53:13 ------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft® Windows Vista™ Home Premium (build 6001) SP 1.0
Architecture: X86; Language: English

CPU 0: Intel® Core™2 Duo CPU T8300 @ 2.40GHz
Percentage of Memory in Use: 53%
Physical Memory (total/avail): 3069.5 MiB / 1412.19 MiB
Pagefile Memory (total/avail): 6343.28 MiB / 5095.94 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1894.5 MiB

C: is Fixed (NTFS) - 147.58 GiB total, 89.63 GiB free.
D: is Fixed (NTFS) - 149.05 GiB total, 148.96 GiB free.
E: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - Hitachi HTS722016K9SA00 ATA Device - 149.05 GiB - 2 partitions
\PARTITION0 - Unknown - 1500 MiB
\PARTITION1 (bootable) - Installable File System - 147.58 GiB - C:

\\.\PHYSICALDRIVE1 - Hitachi HTS722016K9SA00 ATA Device - 149.05 GiB - 1 partition
\PARTITION0 - Extended w/Extended Int 13 - 149.05 GiB - D:



-- Security Center -------------------------------------------------------------

AUOptions is set to notify before download.
Windows Internal Firewall is disabled.

AntiVirusDisableNotify is set.
FirewallDisableNotify is set.
UpdatesDisableNotify is set.

FW: Trend Micro PC-cillin Internet Security (Firewall) v15 (Trend Micro, Inc.)
AV: Trend Micro PC-cillin Internet Security 2007 v15.30.1239 (Trend Micro, Inc.)
AS: Trend Micro PC-cillin Internet Security 2007 v15.30.1239 (Trend Micro, Inc.)
AS: Windows Defender v1.1.1505.0 (Microsoft Corporation)
AS: Spy Sweeper v5.5.7.124 (Webroot Software Inc)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"="C:\\TOSHIBA\\ivp\\NetInt\\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrades Engine"
"C:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"="C:\\TOSHIBA\\Ivp\\ISM\\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\ProgramData
APPDATA=C:\Users\Laurence Crossen\AppData\Roaming
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_06\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=LAURENCECROS-PC
ComSpec=C:\Windows\system32\cmd.exe
DFSTRACINGON=FALSE
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Users\Laurence Crossen
LOCALAPPDATA=C:\Users\Laurence Crossen\AppData\Local
LOGONSERVER=\\LAURENCECROS-PC
MOZ_CRASHREPORTER_DATA_DIRECTORY=C:\Users\Laurence Crossen\AppData\Roaming\Mozilla\Firefox\Crash Reports
MOZ_CRASHREPORTER_RESTART_ARG_0=C:\Program Files\Mozilla Firefox\firefox.exe
MOZ_CRASHREPORTER_STRINGS_OVERRIDE=C:\Program Files\Mozilla Firefox\crashreporter-override.ini
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Program Files\Mozilla Firefox;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Program Files\QuickTime\QTSystem\;C:\PROGRA~1\DISKEE~1\DISKEE~1\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 23 Stepping 6, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=1706
ProgramData=C:\ProgramData
ProgramFiles=C:\Program Files
PROMPT=$P$G
PUBLIC=C:\Users\Public
QTJAVA=C:\Program Files\Java\jre1.6.0_06\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\Windows
TEMP=C:\Users\LAUREN~1\AppData\Local\Temp
TMP=C:\Users\LAUREN~1\AppData\Local\Temp
TRACE_FORMAT_SEARCH_PATH=\\NTREL202.ntdev.corp.microsoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat
USERDOMAIN=LaurenceCros-PC
USERNAME=Laurence Crossen
USERPROFILE=C:\Users\Laurence Crossen
windir=C:\Windows


-- User Profiles ---------------------------------------------------------------

Laurence Crossen (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program Files\InstallShield Installation Information\{A644254B-92F6-4970-8635-AB0775371E72}\setup.exe" --u:{A644254B-92F6-4970-8635-AB0775371E72}
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{622E6F16-0904-49B6-BBE1-4CC836314CCF}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{697AFC77-F318-4CD4-BF16-F50F4C1072DA}\setup.exe" -l0x9
32 Bit HP CIO Components Installer --> MsiExec.exe /I{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}
Acronis True Image Home --> MsiExec.exe /X{E5343B27-55DF-40BD-9FCF-A643C1331E8A}
Adobe Flash Player 9 ActiveX --> MsiExec.exe /X{8E9DB7EF-5DD3-499E-BA2A-A1F3153A4DF8}
Adobe Flash Player Plugin --> C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Shockwave Player 11 --> C:\Windows\system32\adobe\SHOCKW~1\UNWISE.EXE C:\Windows\system32\Adobe\SHOCKW~1\Install.log
AI RoboForm (All Users) --> "C:\Program Files\Siber Systems\AI RoboForm\rfwipeout.exe"
Apple Software Update --> MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
ATT-AACE --> C:\PROGRA~1\ATT\UNWISE.EXE C:\PROGRA~1\ATT\INSTALL.LOG
Babylon --> C:\Program Files\Babylon\Babylon-Pro\Utils\uninstbb.exe
Bluetooth Stack for Windows by Toshiba --> MsiExec.exe /X{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}
Camera Assistant Software for Toshiba --> C:\Program Files\InstallShield Installation Information\{37C866E4-AA67-4725-9E95-A39968DD7960}\setup.exe -runfromtemp -l0x0009
CD/DVD Drive Acoustic Silencer --> C:\Program Files\InstallShield Installation Information\{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}\setup.exe -runfromtemp -l0x0009 -removeonly
Compatibility Pack for the 2007 Office system --> MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Diskeeper 2008 Home --> MsiExec.exe /X{F7F70237-5B02-4A7A-BEF8-7972FD5C766E}
Documents To Go --> MsiExec.exe /X{E1062BEC-4340-4504-88C2-60C33A485635}
Driver Genius Professional Edition --> "C:\Program Files\Driver-Soft\DriverGenius\unins000.exe"
DVD MovieFactory for TOSHIBA --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}\setup.exe" -l0x9
Encyclopaedia Britannica 2007 Ultimate Reference Suite --> "C:\Program Files\Britannica 7.0\Ultimate Reference Suite DVD\UninstallerData\Uninstall Encyclopaedia Britannica 2007 Ultimate Reference Suite.exe"
EndNote X1 --> MsiExec.exe /I{87F7773C-EC9C-461A-AA7B-4AF8EF54DF49}
EndNote X2 --> MsiExec.exe /I{002B1E90-3241-4D45-8831-E89020F8E7E6}
Foxit Reader --> C:\Program Files\Foxit Software\Foxit Reader\Uninstall.exe
Free Registry Defrag --> "C:\Program Files\Registry Clean Expert\unins000.exe"
GearDrvs --> MsiExec.exe /I{206FD69B-F9FE-4164-81BD-D52552BC9C23}
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HP Imaging Device Functions 8.0 --> C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP OCR Software 8.0 --> C:\Program Files\HP\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat
HP OrderReminder --> "C:\Program Files\Hewlett-Packard\OrderReminder\uninstall\hpuninstaller.exe" hp_LaserJet_1018
HP Photosmart Essential --> MsiExec.exe /X{EB21A812-671B-4D08-B974-2A347F0D8F70}
HP Photosmart.All-In-One Driver Software 8.0 .A --> C:\Program Files\HP\Digital Imaging\{282E5AB2-8E47-4571-B6FA-6B512555B557}\setup\hpzscr01.exe -datfile hposcr18.dat -onestop -showdisconnect -forcereboot
HP Solution Center 8.0 --> C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
Identity Finder Home Edition --> MsiExec.exe /I{4F2E807F-112B-46DA-9F3E-90EE93827BE7}
Intel® PROSet/Wireless Software --> C:\Windows\Installer\iProInst.exe
ISI ResearchSoft - Export Helper --> C:\PROGRA~1\COMMON~1\Risxtd\_UNINST.EXE
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160060}
LaserJet 1018 --> C:\Program Files\Zenographics\{723F65FD-44CB-498F-A9A7-FBA8FB01021C}\setup.exe -u "HPLJInstaller.dll=Hplj1018.inf"
Living Globe Version 1.0 --> "C:\Program Files\LivingGlobe\unins000.exe"
McAfee SiteAdvisor --> C:\Program Files\SiteAdvisor\6261\uninstall.exe
mCore --> MsiExec.exe /I{F5D7FAB5-A1FD-4DD3-983E-4155B09D7102}
Memeo AutoBackup --> C:\Program Files\InstallShield Installation Information\{03240EBA-04F2-4652-BC7F-B055902BDCD3}\setup.exe -runfromtemp -l0x0409
mHelp --> MsiExec.exe /I{8C6BB412-D3A8-4AAE-A01B-35B681789D68}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall WORDR /dll OSETUP.DLL
Microsoft Office Word 2007 --> MsiExec.exe /X{91120000-001B-0000-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Save as PDF Add-in for 2007 Microsoft Office programs --> MsiExec.exe /X{90120000-00B0-0409-0000-0000000FF1CE}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works --> MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
Microsoft Works Suite 2006 Setup Launcher --> C:\Program Files\Microsoft Works Suite 2006\Setup\Launcher.exe /ARP E:\
Microsoft Works Suite Add-in for Microsoft Word --> MsiExec.exe /I{17E3A651-12B9-4149-BAE8-E6FB9A5ADC4F}
mMHouse --> MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
Mozilla Firefox (2.0.0.14) --> I:\Mozilla Firefox\uninstall\helper.exe
Mozilla Firefox (3.0) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mozilla Firefox (3.0.1) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
mPfMgr --> MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
MSXML 4.0 SP2 (KB941833) --> MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
Norton 360 --> MsiExec.exe /I{63A6E9A9-A190-46D4-9430-2DB28654AFD8}
NVIDIA Drivers --> C:\Windows\system32\NVUNINST.EXE UninstallGUI
Palm Desktop by ACCESS --> MsiExec.exe /X{FD6034A3-655C-49F0-B496-D4CBFD74D7A7}
PaperPort Image Printer --> MsiExec.exe /X{332CC6BF-E6C7-48EE-BA3D-435E576AD67F}
PayPal Plug-In --> C:\Program Files\InstallShield Installation Information\{73317C31-2B6E-4B88-9865-B97C1331A39D}\setup.exe -runfromtemp -l0x0009 -removeonly
PersonalBrain 4.0.3.1 --> C:\Program Files\PersonalBrain\uninstall.exe
QuickTime --> MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista --> C:\Program Files\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe -runfromtemp -l0x0009 -removeonly
Realtek High Definition Audio Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
RegCure 1.5.0.1 --> C:\Program Files\RegCure\uninst.exe
Registry Drill --> "C:\Windows\Registry Drill\uninstall.exe" "/U:C:\Program Files\Easy Desk Utilities\Registry Drill\irunin.xml"
ScanSoft OmniPage 16 --> MsiExec.exe /X{77AC2FA8-215F-4F67-90AF-59CD0375AF8B}
ScanSoft PaperPort 11 --> MsiExec.exe /I{02E73E50-6513-4802-8600-B5A5BA185BE3}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
SkyMap Lite 2005 --> C:\PROGRA~1\SKYMAP~1\UNWISE.EXE C:\PROGRA~1\SKYMAP~1\INSTALL.LOG
Spy Sweeper --> "C:\Program Files\Webroot\Spy Sweeper\unins000.exe"
Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
System Requirements Lab --> C:\Program Files\SystemRequirementsLab\Uninstall.exe
Texas Instruments PCIxx21/x515/xx12 drivers. --> C:\Program Files\InstallShield Installation Information\{DB780B85-B4B5-4864-A49C-9B706B169C93}\setup.exe -runfromtemp -l0x0409
The Ultimate Troubleshooter --> C:\PROGRA~1\ANSWER~1\TROUBL~1\UNWISE.EXE C:\PROGRA~1\ANSWER~1\TROUBL~1\INSTALL.LOG
TOSHIBA Assist --> C:\Program Files\InstallShield Installation Information\{12B3A009-A080-4619-9A2A-C6DB151D8D67}\setup.exe -runfromtemp -l0x0009 -removeonly
TOSHIBA ConfigFree --> MsiExec.exe /X{78C6A78A-8B03-48C8-A47C-78BA1FCA2307}
TOSHIBA Disc Creator --> MsiExec.exe /X{5DA0E02F-970B-424B-BF41-513A5018E4C0}
TOSHIBA DVD PLAYER --> C:\Program Files\InstallShield Installation Information\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}\setup.exe -runfromtemp -l0x0009 -ADDREMOVE -removeonly
TOSHIBA Extended Tiles for Windows Mobility Center --> C:\Program Files\InstallShield Installation Information\{617C36FD-0CBE-4600-84B2-441CEB12FADF}\setup.exe -runfromtemp -l0x0409
TOSHIBA Flash Cards Support Utility --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{620BBA5E-F848-4D56-8BDA-584E44584C5E}
TOSHIBA Hardware Setup --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{5279374D-87FE-4879-9385-F17278EBB9D3} /l1033
Toshiba Registration --> MsiExec.exe /I{C53D16CC-E56F-47B8-906E-70AAF8EABB4F}
TOSHIBA SD Memory Utilities --> MsiExec.exe /X{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}
TOSHIBA Software Upgrades --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{425A2BC2-AA64-4107-9C29-484245BBEA05}\setup.exe" -l0x9 -removeonly
TOSHIBA Speech System Applications --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}\Setup.exe" -l0x9
TOSHIBA Speech System SR Engine(U.S.) Version1.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{008D69EB-70FF-46AB-9C75-924620DF191A}\Setup.exe" -l0x9 UNINSTALL
TOSHIBA Speech System TTS Engine(U.S.) Version1.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}\Setup.exe" -l0x9
TOSHIBA Supervisor Password --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE} /l1033
TOSHIBA Value Added Package --> C:\Program Files\InstallShield Installation Information\{FEDD27A0-B306-45EF-BF58-B527406B42C8}\setup.exe -runfromtemp -l0x0409
Trend Micro PC-cillin Internet Security 2007 --> C:\PROGRA~1\TRENDM~1\INTERN~1\remove.exe
Trend Micro PC-cillin Internet Security 2007 --> MsiExec.exe /X{BB4B6355-D38A-492C-873B-A1B2CF6C3832}
TweakVI --> "C:\Windows\TweakVI\uninstall.exe" "/U:C:\Program Files\TweakVI\Uninstall\uninstall.xml"
Undelete Plus 2.97 --> "C:\Program Files\TouchStoneSoftware\UndeletePlus\unins000.exe"
Window Washer --> C:\Windows\Unwash6.exe
Windows Driver Package - NVIDIA (nvlddmkm) Display (02/22/2008 7.15.11.7431) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\Windows\System32\DriverStore\FileRepository\nv_dispd.inf_2f6366db\nv_dispd.inf
Windows Media Encoder 9 Series --> msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Encoder 9 Series --> MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Player Firefox Plugin --> MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
Yahoo! Install Manager --> C:\Windows\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Your Uninstaller! 2008 Version 6.0 --> "C:\Program Files\Your Uninstaller 2008\unins000.exe"


-- Application Event Log -------------------------------------------------------

Event Record #/Type4147 / Error
Event Submitted/Written: 07/25/2008 00:08:16 AM
Event ID/Source: 10 / WinMgmt
Event Description:
//./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Event Record #/Type4140 / Success
Event Submitted/Written: 07/25/2008 00:07:40 AM
Event ID/Source: 5617 / WinMgmt
Event Description:


Event Record #/Type4139 / Success
Event Submitted/Written: 07/25/2008 00:07:40 AM
Event ID/Source: 5615 / WinMgmt
Event Description:


Event Record #/Type4132 / Success
Event Submitted/Written: 07/25/2008 00:07:23 AM
Event ID/Source: 902 / Software Licensing Service
Event Description:
The Software Licensing service has started.

Event Record #/Type4099 / Error
Event Submitted/Written: 07/23/2008 11:59:47 PM
Event ID/Source: 10 / WinMgmt
Event Description:
//./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type29867 / Error
Event Submitted/Written: 07/25/2008 00:08:17 AM
Event ID/Source: 7000 / Service Control Manager
Event Description:
Parallel port driver%%1058

Event Record #/Type29826 / Warning
Event Submitted/Written: 07/25/2008 00:07:48 AM
Event ID/Source: 4 / Client Side Rendering Spooler
Event Description:
The print spooler failed to reopen an existing printer connection because it could not read the configuration information from the registry key S-1-5-21-369704275-3481632229-123819497-1000\Printers\Connections. The print spooler could not open the registry key. This can occur if the registry key is corrupt or missing, or if the registry recently became unavailable.

Event Record #/Type29825 / Warning
Event Submitted/Written: 07/25/2008 00:07:48 AM
Event ID/Source: 4 / Client Side Rendering Spooler
Event Description:
The print spooler failed to reopen an existing printer connection because it could not read the configuration information from the registry key S-1-5-21-369704275-3481632229-123819497-1000\Printers\Connections. The print spooler could not open the registry key. This can occur if the registry key is corrupt or missing, or if the registry recently became unavailable.

Event Record #/Type29820 / Error
Event Submitted/Written: 07/25/2008 00:07:22 AM
Event ID/Source: 15016 / HTTP
Event Description:
\Device\Http\ReqQueueKerberos

Event Record #/Type29804 / Warning
Event Submitted/Written: 07/24/2008 04:19:08 PM
Event ID/Source: 4001 / Microsoft-Windows-WLAN-AutoConfig
Event Description:




-- End of Deckard's System Scanner: finished at 2008-07-25 15:53:13 ------------

Thanks!

BC AdBot (Login to Remove)

 


#2 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 37,011 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:06:02 AM

Posted 08 August 2008 - 12:10 AM

Hello Philolaus,

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. We aim to provide the valuable service known to come from BC to every member we can, but sometimes it takes just a little longer to get to every request for help.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Upon completing the steps below, a staff member will review and take the steps necessary with you to get your machine back in working order, clean and free of malware.

Thanks and again sorry for the delay.

Please download Deckard's System Scanner (DSS) and save to your Desktop.
alternate download site

DSS will do the following:
  • Create a new System Restore point in Windows XP and Vista.
  • Clean your Temporary Files, Downloaded Program Files, Internet Cache Files, and empty the Recycle Bin on all drives.
  • Check some important areas of your system and produce a report for an analyst to review.
  • Automatically run HijackThis. It will also install and place a shortcut to HijackThis on your desktop if you do not already have it installed. So if HijackThis is not installed and DSS prompts you to download it, please answer yes.
You must be logged onto an account with administrator privileges when using.
  • Close all applications and windows.
  • Double-click on dss.exe to run it and follow the prompts.
  • If your anti-virus or firewall complains, please allow this script to run as it is not
    malicious.
  • When the scan is complete, two text files will open in Notepad:
    • main.txt <- this one will be maximized
    • extra.txt <- this one will be minimized
  • If not, they both can be found in the C:\Deckard\System Scanner folder.
  • Please copy (Ctrl+C) and paste (Ctrl+V) the contents of main.txt and extra.txt in your next reply.
-- When running DSS, some firewalls may warn that it is trying to access the Internet especially if your asked to download the most current version of HijackThis. Please ensure that you allow it permission to do so.
-- If you get a warning from your anti-virus while DSS is scanning, please allow DSS to continue as the scan is not harmful.


If you already preformed the steps above, we still need to see the current state of the machine. A fresh scan and logs are still necessary

Click on Start then Run
Copy and paste the following in bold in the open window and then click OK
"%userprofile%\desktop\dss.exe" /config
This will open up DSS configuration
Click on Check All
Click Scan
DSS will now run again when finished
Please post back both logs that open in notepad
Main txt and extra txt



Next
Please do a scan with Kaspersky Online Scanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#3 Philolaus

Philolaus
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:02 AM

Posted 08 August 2008 - 03:59 PM

Hello Orange Blossom,
Thank you for following up. The delay was no problem, though the odd startup entry persists.
I just did the Kaspersky scan again Friday the 8th at about noon and it found no problems at all.
I just did the dss and it did not do an extra text. I tried it twice today with the same results. I checked in the folder you specified and the only extra text is from the scan last week.
There is a "moved text" from last week I've attached here along with last week's extra text.
Re: your instruction to use "Run"- I copied and pasted it and it said "could not find the file".


Directories/Files moved to C:\Deckard\System Scanner\backup

2008-07-25 01:11:29 3668 --a------ C:\Users\LAUREN~1\AppData\Local\Temp\cnvB922.tmp
2008-07-25 14:54:01 0 d-------- C:\Users\LAUREN~1\AppData\Local\Temp\plugtmp
2008-07-25 13:44:43 16384 --a------ C:\Users\LAUREN~1\AppData\Local\Temp\~DF8B7A.tmp
2008-07-25 08:37:43 0 d--hs---- C:\Windows\temp\Cookies
2008-07-05 15:04:44 0 d--hs---- C:\Windows\temp\History
2008-07-05 15:04:42 0 d--hs---- C:\Windows\temp\Temporary Internet Files
2008-07-25 07:00:12 16384 --a------ C:\Windows\temp\~DF306D.tmp

-*- End of Logfile -*-

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft® Windows Vista™ Home Premium (build 6001) SP 1.0
Architecture: X86; Language: English

CPU 0: Intel® Core™2 Duo CPU T8300 @ 2.40GHz
Percentage of Memory in Use: 53%
Physical Memory (total/avail): 3069.5 MiB / 1412.19 MiB
Pagefile Memory (total/avail): 6343.28 MiB / 5095.94 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1894.5 MiB

C: is Fixed (NTFS) - 147.58 GiB total, 89.63 GiB free.
D: is Fixed (NTFS) - 149.05 GiB total, 148.96 GiB free.
E: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - Hitachi HTS722016K9SA00 ATA Device - 149.05 GiB - 2 partitions
\PARTITION0 - Unknown - 1500 MiB
\PARTITION1 (bootable) - Installable File System - 147.58 GiB - C:

\\.\PHYSICALDRIVE1 - Hitachi HTS722016K9SA00 ATA Device - 149.05 GiB - 1 partition
\PARTITION0 - Extended w/Extended Int 13 - 149.05 GiB - D:



-- Security Center -------------------------------------------------------------

AUOptions is set to notify before download.
Windows Internal Firewall is disabled.

AntiVirusDisableNotify is set.
FirewallDisableNotify is set.
UpdatesDisableNotify is set.

FW: Trend Micro PC-cillin Internet Security (Firewall) v15 (Trend Micro, Inc.)
AV: Trend Micro PC-cillin Internet Security 2007 v15.30.1239 (Trend Micro, Inc.)
AS: Trend Micro PC-cillin Internet Security 2007 v15.30.1239 (Trend Micro, Inc.)
AS: Windows Defender v1.1.1505.0 (Microsoft Corporation)
AS: Spy Sweeper v5.5.7.124 (Webroot Software Inc)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"="C:\\TOSHIBA\\ivp\\NetInt\\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrades Engine"
"C:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"="C:\\TOSHIBA\\Ivp\\ISM\\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\ProgramData
APPDATA=C:\Users\Laurence Crossen\AppData\Roaming
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_06\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=LAURENCECROS-PC
ComSpec=C:\Windows\system32\cmd.exe
DFSTRACINGON=FALSE
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Users\Laurence Crossen
LOCALAPPDATA=C:\Users\Laurence Crossen\AppData\Local
LOGONSERVER=\\LAURENCECROS-PC
MOZ_CRASHREPORTER_DATA_DIRECTORY=C:\Users\Laurence Crossen\AppData\Roaming\Mozilla\Firefox\Crash Reports
MOZ_CRASHREPORTER_RESTART_ARG_0=C:\Program Files\Mozilla Firefox\firefox.exe
MOZ_CRASHREPORTER_STRINGS_OVERRIDE=C:\Program Files\Mozilla Firefox\crashreporter-override.ini
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Program Files\Mozilla Firefox;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Program Files\QuickTime\QTSystem\;C:\PROGRA~1\DISKEE~1\DISKEE~1\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 23 Stepping 6, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=1706
ProgramData=C:\ProgramData
ProgramFiles=C:\Program Files
PROMPT=$P$G
PUBLIC=C:\Users\Public
QTJAVA=C:\Program Files\Java\jre1.6.0_06\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\Windows
TEMP=C:\Users\LAUREN~1\AppData\Local\Temp
TMP=C:\Users\LAUREN~1\AppData\Local\Temp
TRACE_FORMAT_SEARCH_PATH=\\NTREL202.ntdev.corp.microsoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat
USERDOMAIN=LaurenceCros-PC
USERNAME=Laurence Crossen
USERPROFILE=C:\Users\Laurence Crossen
windir=C:\Windows


-- User Profiles ---------------------------------------------------------------

Laurence Crossen (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program Files\InstallShield Installation Information\{A644254B-92F6-4970-8635-AB0775371E72}\setup.exe" --u:{A644254B-92F6-4970-8635-AB0775371E72}
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{622E6F16-0904-49B6-BBE1-4CC836314CCF}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{697AFC77-F318-4CD4-BF16-F50F4C1072DA}\setup.exe" -l0x9
32 Bit HP CIO Components Installer --> MsiExec.exe /I{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}
Acronis True Image Home --> MsiExec.exe /X{E5343B27-55DF-40BD-9FCF-A643C1331E8A}
Adobe Flash Player 9 ActiveX --> MsiExec.exe /X{8E9DB7EF-5DD3-499E-BA2A-A1F3153A4DF8}
Adobe Flash Player Plugin --> C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Shockwave Player 11 --> C:\Windows\system32\adobe\SHOCKW~1\UNWISE.EXE C:\Windows\system32\Adobe\SHOCKW~1\Install.log
AI RoboForm (All Users) --> "C:\Program Files\Siber Systems\AI RoboForm\rfwipeout.exe"
Apple Software Update --> MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
ATT-AACE --> C:\PROGRA~1\ATT\UNWISE.EXE C:\PROGRA~1\ATT\INSTALL.LOG
Babylon --> C:\Program Files\Babylon\Babylon-Pro\Utils\uninstbb.exe
Bluetooth Stack for Windows by Toshiba --> MsiExec.exe /X{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}
Camera Assistant Software for Toshiba --> C:\Program Files\InstallShield Installation Information\{37C866E4-AA67-4725-9E95-A39968DD7960}\setup.exe -runfromtemp -l0x0009
CD/DVD Drive Acoustic Silencer --> C:\Program Files\InstallShield Installation Information\{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}\setup.exe -runfromtemp -l0x0009 -removeonly
Compatibility Pack for the 2007 Office system --> MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Diskeeper 2008 Home --> MsiExec.exe /X{F7F70237-5B02-4A7A-BEF8-7972FD5C766E}
Documents To Go --> MsiExec.exe /X{E1062BEC-4340-4504-88C2-60C33A485635}
Driver Genius Professional Edition --> "C:\Program Files\Driver-Soft\DriverGenius\unins000.exe"
DVD MovieFactory for TOSHIBA --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}\setup.exe" -l0x9
Encyclopaedia Britannica 2007 Ultimate Reference Suite --> "C:\Program Files\Britannica 7.0\Ultimate Reference Suite DVD\UninstallerData\Uninstall Encyclopaedia Britannica 2007 Ultimate Reference Suite.exe"
EndNote X1 --> MsiExec.exe /I{87F7773C-EC9C-461A-AA7B-4AF8EF54DF49}
EndNote X2 --> MsiExec.exe /I{002B1E90-3241-4D45-8831-E89020F8E7E6}
Foxit Reader --> C:\Program Files\Foxit Software\Foxit Reader\Uninstall.exe
Free Registry Defrag --> "C:\Program Files\Registry Clean Expert\unins000.exe"
GearDrvs --> MsiExec.exe /I{206FD69B-F9FE-4164-81BD-D52552BC9C23}
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HP Imaging Device Functions 8.0 --> C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP OCR Software 8.0 --> C:\Program Files\HP\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat
HP OrderReminder --> "C:\Program Files\Hewlett-Packard\OrderReminder\uninstall\hpuninstaller.exe" hp_LaserJet_1018
HP Photosmart Essential --> MsiExec.exe /X{EB21A812-671B-4D08-B974-2A347F0D8F70}
HP Photosmart.All-In-One Driver Software 8.0 .A --> C:\Program Files\HP\Digital Imaging\{282E5AB2-8E47-4571-B6FA-6B512555B557}\setup\hpzscr01.exe -datfile hposcr18.dat -onestop -showdisconnect -forcereboot
HP Solution Center 8.0 --> C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
Identity Finder Home Edition --> MsiExec.exe /I{4F2E807F-112B-46DA-9F3E-90EE93827BE7}
Intel® PROSet/Wireless Software --> C:\Windows\Installer\iProInst.exe
ISI ResearchSoft - Export Helper --> C:\PROGRA~1\COMMON~1\Risxtd\_UNINST.EXE
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160060}
LaserJet 1018 --> C:\Program Files\Zenographics\{723F65FD-44CB-498F-A9A7-FBA8FB01021C}\setup.exe -u "HPLJInstaller.dll=Hplj1018.inf"
Living Globe Version 1.0 --> "C:\Program Files\LivingGlobe\unins000.exe"
McAfee SiteAdvisor --> C:\Program Files\SiteAdvisor\6261\uninstall.exe
mCore --> MsiExec.exe /I{F5D7FAB5-A1FD-4DD3-983E-4155B09D7102}
Memeo AutoBackup --> C:\Program Files\InstallShield Installation Information\{03240EBA-04F2-4652-BC7F-B055902BDCD3}\setup.exe -runfromtemp -l0x0409
mHelp --> MsiExec.exe /I{8C6BB412-D3A8-4AAE-A01B-35B681789D68}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall WORDR /dll OSETUP.DLL
Microsoft Office Word 2007 --> MsiExec.exe /X{91120000-001B-0000-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Save as PDF Add-in for 2007 Microsoft Office programs --> MsiExec.exe /X{90120000-00B0-0409-0000-0000000FF1CE}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works --> MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
Microsoft Works Suite 2006 Setup Launcher --> C:\Program Files\Microsoft Works Suite 2006\Setup\Launcher.exe /ARP E:\
Microsoft Works Suite Add-in for Microsoft Word --> MsiExec.exe /I{17E3A651-12B9-4149-BAE8-E6FB9A5ADC4F}
mMHouse --> MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
Mozilla Firefox (2.0.0.14) --> I:\Mozilla Firefox\uninstall\helper.exe
Mozilla Firefox (3.0) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mozilla Firefox (3.0.1) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
mPfMgr --> MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
MSXML 4.0 SP2 (KB941833) --> MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
Norton 360 --> MsiExec.exe /I{63A6E9A9-A190-46D4-9430-2DB28654AFD8}
NVIDIA Drivers --> C:\Windows\system32\NVUNINST.EXE UninstallGUI
Palm Desktop by ACCESS --> MsiExec.exe /X{FD6034A3-655C-49F0-B496-D4CBFD74D7A7}
PaperPort Image Printer --> MsiExec.exe /X{332CC6BF-E6C7-48EE-BA3D-435E576AD67F}
PayPal Plug-In --> C:\Program Files\InstallShield Installation Information\{73317C31-2B6E-4B88-9865-B97C1331A39D}\setup.exe -runfromtemp -l0x0009 -removeonly
PersonalBrain 4.0.3.1 --> C:\Program Files\PersonalBrain\uninstall.exe
QuickTime --> MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista --> C:\Program Files\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe -runfromtemp -l0x0009 -removeonly
Realtek High Definition Audio Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
RegCure 1.5.0.1 --> C:\Program Files\RegCure\uninst.exe
Registry Drill --> "C:\Windows\Registry Drill\uninstall.exe" "/U:C:\Program Files\Easy Desk Utilities\Registry Drill\irunin.xml"
ScanSoft OmniPage 16 --> MsiExec.exe /X{77AC2FA8-215F-4F67-90AF-59CD0375AF8B}
ScanSoft PaperPort 11 --> MsiExec.exe /I{02E73E50-6513-4802-8600-B5A5BA185BE3}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
SkyMap Lite 2005 --> C:\PROGRA~1\SKYMAP~1\UNWISE.EXE C:\PROGRA~1\SKYMAP~1\INSTALL.LOG
Spy Sweeper --> "C:\Program Files\Webroot\Spy Sweeper\unins000.exe"
Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
System Requirements Lab --> C:\Program Files\SystemRequirementsLab\Uninstall.exe
Texas Instruments PCIxx21/x515/xx12 drivers. --> C:\Program Files\InstallShield Installation Information\{DB780B85-B4B5-4864-A49C-9B706B169C93}\setup.exe -runfromtemp -l0x0409
The Ultimate Troubleshooter --> C:\PROGRA~1\ANSWER~1\TROUBL~1\UNWISE.EXE C:\PROGRA~1\ANSWER~1\TROUBL~1\INSTALL.LOG
TOSHIBA Assist --> C:\Program Files\InstallShield Installation Information\{12B3A009-A080-4619-9A2A-C6DB151D8D67}\setup.exe -runfromtemp -l0x0009 -removeonly
TOSHIBA ConfigFree --> MsiExec.exe /X{78C6A78A-8B03-48C8-A47C-78BA1FCA2307}
TOSHIBA Disc Creator --> MsiExec.exe /X{5DA0E02F-970B-424B-BF41-513A5018E4C0}
TOSHIBA DVD PLAYER --> C:\Program Files\InstallShield Installation Information\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}\setup.exe -runfromtemp -l0x0009 -ADDREMOVE -removeonly
TOSHIBA Extended Tiles for Windows Mobility Center --> C:\Program Files\InstallShield Installation Information\{617C36FD-0CBE-4600-84B2-441CEB12FADF}\setup.exe -runfromtemp -l0x0409
TOSHIBA Flash Cards Support Utility --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{620BBA5E-F848-4D56-8BDA-584E44584C5E}
TOSHIBA Hardware Setup --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{5279374D-87FE-4879-9385-F17278EBB9D3} /l1033
Toshiba Registration --> MsiExec.exe /I{C53D16CC-E56F-47B8-906E-70AAF8EABB4F}
TOSHIBA SD Memory Utilities --> MsiExec.exe /X{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}
TOSHIBA Software Upgrades --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{425A2BC2-AA64-4107-9C29-484245BBEA05}\setup.exe" -l0x9 -removeonly
TOSHIBA Speech System Applications --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}\Setup.exe" -l0x9
TOSHIBA Speech System SR Engine(U.S.) Version1.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{008D69EB-70FF-46AB-9C75-924620DF191A}\Setup.exe" -l0x9 UNINSTALL
TOSHIBA Speech System TTS Engine(U.S.) Version1.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}\Setup.exe" -l0x9
TOSHIBA Supervisor Password --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE} /l1033
TOSHIBA Value Added Package --> C:\Program Files\InstallShield Installation Information\{FEDD27A0-B306-45EF-BF58-B527406B42C8}\setup.exe -runfromtemp -l0x0409
Trend Micro PC-cillin Internet Security 2007 --> C:\PROGRA~1\TRENDM~1\INTERN~1\remove.exe
Trend Micro PC-cillin Internet Security 2007 --> MsiExec.exe /X{BB4B6355-D38A-492C-873B-A1B2CF6C3832}
TweakVI --> "C:\Windows\TweakVI\uninstall.exe" "/U:C:\Program Files\TweakVI\Uninstall\uninstall.xml"
Undelete Plus 2.97 --> "C:\Program Files\TouchStoneSoftware\UndeletePlus\unins000.exe"
Window Washer --> C:\Windows\Unwash6.exe
Windows Driver Package - NVIDIA (nvlddmkm) Display (02/22/2008 7.15.11.7431) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\Windows\System32\DriverStore\FileRepository\nv_dispd.inf_2f6366db\nv_dispd.inf
Windows Media Encoder 9 Series --> msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Encoder 9 Series --> MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Player Firefox Plugin --> MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
Yahoo! Install Manager --> C:\Windows\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Your Uninstaller! 2008 Version 6.0 --> "C:\Program Files\Your Uninstaller 2008\unins000.exe"


-- Application Event Log -------------------------------------------------------

Event Record #/Type4147 / Error
Event Submitted/Written: 07/25/2008 00:08:16 AM
Event ID/Source: 10 / WinMgmt
Event Description:
//./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Event Record #/Type4140 / Success
Event Submitted/Written: 07/25/2008 00:07:40 AM
Event ID/Source: 5617 / WinMgmt
Event Description:


Event Record #/Type4139 / Success
Event Submitted/Written: 07/25/2008 00:07:40 AM
Event ID/Source: 5615 / WinMgmt
Event Description:


Event Record #/Type4132 / Success
Event Submitted/Written: 07/25/2008 00:07:23 AM
Event ID/Source: 902 / Software Licensing Service
Event Description:
The Software Licensing service has started.

Event Record #/Type4099 / Error
Event Submitted/Written: 07/23/2008 11:59:47 PM
Event ID/Source: 10 / WinMgmt
Event Description:
//./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type29867 / Error
Event Submitted/Written: 07/25/2008 00:08:17 AM
Event ID/Source: 7000 / Service Control Manager
Event Description:
Parallel port driver%%1058

Event Record #/Type29826 / Warning
Event Submitted/Written: 07/25/2008 00:07:48 AM
Event ID/Source: 4 / Client Side Rendering Spooler
Event Description:
The print spooler failed to reopen an existing printer connection because it could not read the configuration information from the registry key S-1-5-21-369704275-3481632229-123819497-1000\Printers\Connections. The print spooler could not open the registry key. This can occur if the registry key is corrupt or missing, or if the registry recently became unavailable.

Event Record #/Type29825 / Warning
Event Submitted/Written: 07/25/2008 00:07:48 AM
Event ID/Source: 4 / Client Side Rendering Spooler
Event Description:
The print spooler failed to reopen an existing printer connection because it could not read the configuration information from the registry key S-1-5-21-369704275-3481632229-123819497-1000\Printers\Connections. The print spooler could not open the registry key. This can occur if the registry key is corrupt or missing, or if the registry recently became unavailable.

Event Record #/Type29820 / Error
Event Submitted/Written: 07/25/2008 00:07:22 AM
Event ID/Source: 15016 / HTTP
Event Description:
\Device\Http\ReqQueueKerberos

Event Record #/Type29804 / Warning
Event Submitted/Written: 07/24/2008 04:19:08 PM
Event ID/Source: 4001 / Microsoft-Windows-WLAN-AutoConfig
Event Description:




-- End of Deckard's System Scanner: finished at 2008-07-25 15:53:13 ------------

Deckard's System Scanner v20071014.68
Run by Laurence Crossen on 2008-08-08 01:57:46
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Laurence Crossen.exe) ------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:57:53 AM, on 8/8/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\Program Files\Toshiba\Utilities\KeNotify.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Toshiba\SmoothView\SmoothView.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Babylon\Babylon-Pro\Babylon.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide.exe
C:\Windows\system32\mdres.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\PayPal\PayPal Plug-In\RBroker.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Laurence Crossen\Downloads\dss.exeaugust2008.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\LAUREN~1.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Ad Annihilator Kernel - {15BB258F-B477-4DF6-A4E7-65EA4B016CB0} - C:\PROGRA~1\ADANNI~1\ADANNI~1.DLL
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: OToolbarHelper Class - {EAD3A971-6A23-4246-8691-C9244E858967} - C:\Program Files\PayPal\PayPal Plug-In\PayPalHelper.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: PayPal Plug-In - {DC0F2F93-27FA-4f84-ACAA-9416F90B9511} - C:\Program Files\PayPal\PayPal Plug-In\OToolbar.dll
O3 - Toolbar: &Ad Annihilator - {A1C18A7B-55E9-4DA3-A880-D112C791A9D8} - C:\PROGRA~1\ADANNI~1\ADANNI~1.DLL
O3 - Toolbar: &IE Doctor Bar - {123249EB-F891-44C4-946F-450064F9080E} - C:\PROGRA~1\IEDOCT~1\IEDrBar.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [NvSvc] "RUNDLL32.EXE" C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SynTPStart] "C:\Program Files\Synaptics\SynTP\SynTPStart.exe"
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [SVPWUTIL] "C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe" SVPwUTIL
O4 - HKLM\..\Run: [KeNotify] "C:\Program Files\TOSHIBA\Utilities\KeNotify.exe"
O4 - HKLM\..\Run: [TPwrMain] "C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE"
O4 - HKLM\..\Run: [HSON] "C:\Program Files\TOSHIBA\TBS\HSON.exe"
O4 - HKLM\..\Run: [SmoothView] "C:\Program Files\Toshiba\SmoothView\SmoothView.exe"
O4 - HKLM\..\Run: [00TCrdMain] "C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe"
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe"
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [TrueImageMonitor.exe] "C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe"
O4 - HKLM\..\Run: [AcronisTimounterMonitor] "C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe"
O4 - HKLM\..\Run: [Babylon Client] "C:\Program Files\Babylon\Babylon-Pro\Babylon.exe" -AutoStart
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Window Washer] "C:\Program Files\Webroot\Washer\wwDisp.exe" /startup
O4 - HKCU\..\Run: [TOSCDSPD] "C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe"
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\RunOnce: [Index Washer] "C:\Program Files\Webroot\Washer\WashIdx.exe" "Laurence Crossen"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Delete all.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Translate with &Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Ad Annihilator Options - {6715FB17-6DC8-4ff8-8CED-9BEFC28E2704} - C:\PROGRA~1\ADANNI~1\ADANNI~1.DLL
O9 - Extra 'Tools' menuitem: Ad Annihilator Options - {6715FB17-6DC8-4ff8-8CED-9BEFC28E2704} - C:\PROGRA~1\ADANNI~1\ADANNI~1.DLL
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {BB15D76F-6189-4c89-A9F8-CED4F9D01328} - C:\PROGRA~1\ADANNI~1\ADANNI~1.DLL
O9 - Extra 'Tools' menuitem: Ad Annihilator Toolbar - {BB15D76F-6189-4c89-A9F8-CED4F9D01328} - C:\PROGRA~1\ADANNI~1\ADANNI~1.DLL
O13 - Gopher Prefix:
O15 - Trusted Zone: http://www.adobe.com
O15 - Trusted Zone: http://www.amazon.co.uk
O15 - Trusted Zone: http://www.diskeeper.com
O15 - Trusted Zone: http://*.mcafee.com
O15 - Trusted Zone: http://www.youtube.com
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Procedure Call (RPC) Net (rpcnet) - Absolute Software Corp. - C:\Windows\System32\rpcnet.exe
O23 - Service: Swupdtmr - Unknown owner - c:\Toshiba\IVP\swupdate\swupdtmr.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
O23 - Service: TryAndDecideService - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe

--
End of file - 13028 bytes

-- Files created between 2008-07-08 and 2008-08-08 -----------------------------

2008-08-06 13:29:09 0 d-------- C:\Users\Laurence Crossen\{4b9c1b78-70b3-4e9b-82ae-e8badcd567bf}
2008-08-05 16:20:30 0 d-------- C:\Users\All Users\LogiShrd
2008-08-05 16:16:49 0 d-------- C:\Users\All Users\Logitech
2008-08-05 16:16:44 0 d-------- C:\Program Files\Common Files\Logishrd
2008-08-05 16:16:43 0 d-------- C:\Program Files\Logitech
2008-08-05 16:07:19 0 d-------- C:\Program Files\Athena
2008-08-05 15:43:15 53248 --a------ C:\Windows\system32\CSVer.dll <Not Verified; Windows XP Bundled build C-Centric Single User; Windows XP Bundled build C-Centric Single User CSVer>
2008-08-05 15:28:34 0 d-------- C:\cabs
2008-08-03 05:44:07 0 d-------- C:\Program Files\Common Files\McAfee
2008-08-03 05:43:42 0 d-------- C:\Program Files\McAfee
2008-07-31 11:20:14 0 d-------- C:\Windows\$regcmp$
2008-07-31 11:08:52 0 d-------- C:\Program Files\OpenOffice.org 2.4
2008-07-30 15:18:45 0 d-------- C:\Program Files\iPod
2008-07-30 15:18:43 0 d-------- C:\Program Files\iTunes
2008-07-30 15:18:31 0 d-------- C:\Program Files\Bonjour
2008-07-30 15:17:12 0 d-------- C:\Program Files\Common Files\Apple
2008-07-30 15:14:38 0 d-------- C:\Program Files\Safari
2008-07-29 15:40:14 0 d-------- C:\Windows\system32\ENU
2008-07-29 15:40:13 0 d-------- C:\Windows\system32\Lang
2008-07-29 15:38:27 0 d-------- C:\Intel
2008-07-29 15:21:23 520192 --a------ C:\Windows\RtlExUpd.dll <Not Verified; Realtek Semiconductor Corp.; RtlExUpd Dynamic Link Library>
2008-07-26 14:37:55 89547567 --a------ C:\Windows\Backup.reg
2008-07-26 09:18:21 0 d-------- C:\Users\All Users\WindowsSearch
2008-07-26 09:04:56 19 --a------ C:\Windows\msxfcg32.dll
2008-07-26 09:04:50 0 d-------- C:\Program Files\IE Doctor
2008-07-26 08:11:57 0 d-------- C:\Program Files\Ad Annihilator
2008-07-21 10:50:53 2716 --a------ C:\Windows\checkip.dat
2008-07-20 15:57:49 0 d-------- C:\Program Files\RegCure
2008-07-20 13:41:09 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-07-20 13:40:33 0 d-------- C:\Users\All Users\WLInstaller
2008-07-18 17:02:21 0 d-------- C:\Program Files\TouchStoneSoftware
2008-07-15 11:28:57 0 d-------- C:\Program Files\DIFX
2008-07-11 18:17:38 47104 --a------ C:\Windows\system32\rpcnet.dll <Not Verified; Absolute Software Corp.; Installation/Management Application>
2008-07-11 18:09:37 0 d-------- C:\Windows\LoJackInstaller
2008-07-10 13:29:49 0 d-------- C:\Program Files\SystemRequirementsLab
2008-07-10 13:27:40 0 d-------- C:\Windows\Sun
2008-07-09 12:37:25 0 d-------- C:\Program Files\Yahoo!
2008-07-09 12:36:50 0 d-------- C:\Program Files\att-aace
2008-07-09 12:36:38 0 d-------- C:\Users\All Users\Motive
2008-07-09 12:36:33 0 d-------- C:\Program Files\Common Files\Motive
2008-07-09 12:36:30 0 d-------- C:\Program Files\ATT


-- Find3M Report ---------------------------------------------------------------

2008-08-08 00:20:05 28380 --a------ C:\Users\Laurence Crossen\AppData\Roaming\nvModes.001
2008-08-07 15:35:53 0 d-------- C:\Users\Laurence Crossen\AppData\Roaming\EndNote
2008-08-07 15:10:04 0 d-------- C:\Program Files\PersonalBrain
2008-08-06 13:42:58 0 d-------- C:\Users\Laurence Crossen\AppData\Roaming\Apple Computer
2008-08-05 16:20:29 0 d-------- C:\Users\Laurence Crossen\AppData\Roaming\Logitech
2008-08-05 16:16:45 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-08-05 16:16:44 0 d-------- C:\Program Files\Common Files
2008-08-03 11:27:45 0 d-------- C:\Users\Laurence Crossen\AppData\Roaming\McAfee
2008-08-03 04:00:00 0 d-------- C:\Users\Laurence Crossen\AppData\Roaming\OpenOffice.org2
2008-08-02 05:30:31 0 d-------- C:\Program Files\Hewlett-Packard
2008-07-31 11:08:19 0 d-------- C:\Program Files\Java
2008-07-30 15:21:09 203776 --a------ C:\Windows\system32\clrviddc.dll <Not Verified; Iterated Systems, Inc.; ClearVideo Decoder DLL>
2008-07-30 15:00:15 0 d-------- C:\Program Files\Foxit Software
2008-07-29 15:40:13 0 d-------- C:\Program Files\Intel
2008-07-29 15:39:19 0 d-------- C:\Users\Laurence Crossen\AppData\Roaming\Babylon
2008-07-29 15:36:01 0 d-------- C:\Program Files\Realtek
2008-07-26 14:48:58 28380 --a------ C:\Users\Laurence Crossen\AppData\Roaming\nvModes.dat
2008-07-26 08:13:39 0 d-------- C:\Users\Laurence Crossen\AppData\Roaming\Ad Annihilator.files
2008-07-26 08:13:39 82 --a------ C:\Users\Laurence Crossen\AppData\Roaming\Ad Annihilator.aap
2008-07-26 07:48:00 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-25 15:05:04 0 d-------- C:\Program Files\Trend Micro
2008-07-17 11:47:31 0 d-------- C:\Program Files\TweakVI
2008-07-12 11:25:18 0 d-------- C:\Users\Laurence Crossen\AppData\Roaming\Help
2008-07-11 00:58:51 0 d-------- C:\Program Files\Common Files\Webroot Shared
2008-07-11 00:58:49 0 d-------- C:\Users\Laurence Crossen\AppData\Roaming\Webroot
2008-07-10 13:29:50 0 d-------- C:\Users\Laurence Crossen\AppData\Roaming\SystemRequirementsLab
2008-07-09 00:45:44 0 d-------- C:\Program Files\Windows Mail
2008-07-07 09:19:50 0 d-------- C:\Users\Laurence Crossen\AppData\Roaming\Acronis
2008-07-05 20:47:40 0 d-------- C:\Users\Laurence Crossen\AppData\Roaming\Ulead Systems
2008-07-05 20:32:08 0 d-------- C:\Users\Laurence Crossen\AppData\Roaming\toshiba
2008-07-05 20:20:25 0 d-------- C:\Users\Laurence Crossen\AppData\Roaming\Real
2008-07-05 20:15:19 0 d-------- C:\Users\Laurence Crossen\AppData\Roaming\Printer Info Cache
2008-07-05 20:15:19 0 d-------- C:\Users\Laurence Crossen\AppData\Roaming\Image Zone Express
2008-07-05 20:14:31 0 d-------- C:\Users\Laurence Crossen\AppData\Roaming\HP
2008-07-05 19:38:16 0 d-------- C:\Program Files\EndNote X2
2008-07-05 19:29:30 0 d-------- C:\Users\Laurence Crossen\AppData\Roaming\ScanSoft
2008-07-05 19:28:42 0 d-------- C:\Users\Laurence Crossen\AppData\Roaming\Zeon
2008-07-05 16:55:31 0 d-------- C:\Program Files\Registry Clean Expert
2008-07-05 16:49:35 0 d-------- C:\Program Files\Common Files\Risxtd
2008-07-05 16:49:33 0 d-------- C:\Program Files\Common Files\ResearchSoft
2008-07-04 18:27:52 0 d-------- C:\Users\Laurence Crossen\AppData\Roaming\WinBatch
2008-07-04 14:33:38 0 d-------- C:\Program Files\PayPal
2008-07-04 14:33:08 0 d-------- C:\Users\Laurence Crossen\AppData\Roaming\InstallShield
2008-07-03 18:10:43 0 d-------- C:\Users\Laurence Crossen\AppData\Roaming\PersonalBrain
2008-07-03 17:56:37 0 d-------- C:\Program Files\Babylon
2008-07-03 17:43:43 0 d-------- C:\Users\Laurence Crossen\AppData\Roaming\Living Globe
2008-07-03 17:42:11 0 d-------- C:\Program Files\LivingGlobe
2008-07-03 17:13:22 0 d-------- C:\Program Files\Nuance
2008-07-03 17:11:47 0 d-------- C:\Program Files\Common Files\ScanSoft Shared
2008-07-03 16:40:05 0 d-------- C:\Program Files\ScanSoft
2008-07-03 16:39:32 0 d-------- C:\Program Files\Common Files\DataViz
2008-07-03 16:29:05 0 d-------- C:\Program Files\Documents To Go
2008-07-03 16:22:13 0 d-------- C:\Program Files\Palm
2008-07-03 15:46:10 0 d-------- C:\Users\Laurence Crossen\AppData\Roaming\Arcsoft
2008-07-03 15:42:46 0 d-------- C:\Users\Laurence Crossen\AppData\Roaming\HotSync
2008-07-03 15:27:55 0 d-------- C:\Program Files\Common Files\Thomson ResearchSoft
2008-07-03 15:26:27 0 d-------- C:\Program Files\EndNote X1
2008-07-03 14:55:01 0 d-------- C:\Program Files\SkyMap Lite 2005
2008-07-03 14:51:17 0 -rahs---- C:\MSDOS.SYS
2008-07-03 14:51:17 0 -rahs---- C:\IO.SYS
2008-07-03 11:10:41 0 d-------- C:\Program Files\Britannica 7.0
2008-07-03 11:07:53 0 d--h----- C:\Program Files\Zero G Registry
2008-07-03 10:39:44 0 d-------- C:\Program Files\Common Files\InstallShield
2008-07-03 10:22:08 130831 --a------ C:\Windows\hpoins18.dat
2008-07-03 10:19:36 0 d-------- C:\Program Files\Common Files\HP
2008-07-03 10:19:35 0 d-------- C:\Program Files\HP
2008-07-03 10:18:12 0 d-------- C:\Program Files\Common Files\Hewlett-Packard
2008-07-03 09:33:12 0 d--h----- C:\Program Files\Zenographics
2008-07-03 09:28:42 0 d-------- C:\Program Files\MSECache
2008-07-03 09:04:51 0 d-------- C:\Program Files\Microsoft Works
2008-07-03 09:04:15 0 d-------- C:\Program Files\Microsoft.NET
2008-07-03 08:26:54 0 d-------- C:\Program Files\Microsoft Works Suite 2006
2008-07-02 19:06:08 0 --a------ C:\Users\Laurence Crossen\AppData\Roaming\wklnhst.dat
2008-07-02 18:32:46 0 d-------- C:\Program Files\Easy Desk Utilities
2008-07-02 18:16:33 0 d-------- C:\Program Files\Driver-Soft
2008-07-02 18:04:09 0 d-------- C:\Program Files\Your Uninstaller 2008
2008-07-02 18:01:57 0 d-------- C:\Users\Laurence Crossen\AppData\Roaming\URSoft
2008-07-02 17:52:31 0 d-------- C:\Program Files\Common Files\eSellerate
2008-07-02 17:52:29 0 d-------- C:\Program Files\AnswersThatWork
2008-07-02 16:43:59 0 d-------- C:\Program Files\Identity Finder
2008-07-02 16:34:06 0 d-------- C:\Program Files\Webroot
2008-07-02 16:16:24 164 --a------ C:\install.dat
2008-07-02 15:11:10 0 d-------- C:\Program Files\Common Files\xing shared
2008-07-02 15:11:08 0 d-------- C:\Program Files\Common Files\Real
2008-07-02 15:11:01 0 d-------- C:\Program Files\Real
2008-07-02 15:08:34 0 d-------- C:\Program Files\QuickTime
2008-07-02 15:07:53 0 d-------- C:\Program Files\Apple Software Update
2008-07-02 14:26:40 0 d-------- C:\Program Files\Siber Systems
2008-07-02 14:17:02 0 --a------ C:\Windows\nsreg.dat
2008-07-02 14:17:01 0 d-------- C:\Users\Laurence Crossen\AppData\Roaming\Mozilla
2008-07-02 13:43:30 0 d-------- C:\Program Files\Common Files\Acronis
2008-07-02 13:43:18 0 d-------- C:\Program Files\Acronis
2008-07-02 13:25:52 0 d-------- C:\Program Files\Toshiba Registration
2008-07-02 13:04:55 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-07-02 12:30:32 0 d-------- C:\Users\Laurence Crossen\AppData\Roaming\Macromedia
2008-07-02 12:28:54 0 d-------- C:\Users\Laurence Crossen\AppData\Roaming\Google
2008-07-02 12:21:17 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-07-02 12:06:41 0 d-------- C:\Users\Laurence Crossen\AppData\Roaming\Adobe
2008-07-02 11:10:20 0 d-------- C:\Users\Laurence Crossen\AppData\Roaming\Identities
2008-05-15 15:41:34 56 --a------ C:\Windows\system32\IHV_Install.bat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]
07/23/2008 12:21 PM 120608 --a------ c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvSvc"="RUNDLL32.exe" [11/02/2006 02:45 AM C:\Windows\System32\rundll32.exe]
"NvCplDaemon"="RUNDLL32.exe" [11/02/2006 02:45 AM C:\Windows\System32\rundll32.exe]
"NvMediaCenter"="RUNDLL32.exe" [11/02/2006 02:45 AM C:\Windows\System32\rundll32.exe]
"SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [07/27/2007 03:00 PM]
"NDSTray.exe"="NDSTray.exe" []
"SVPWUTIL"="C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe" [03/22/2006 10:42 PM]
"KeNotify"="C:\Program Files\TOSHIBA\Utilities\KeNotify.exe" [11/06/2006 06:14 PM]
"TPwrMain"="C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE" [01/17/2008 05:27 PM]
"HSON"="C:\Program Files\TOSHIBA\TBS\HSON.exe" [10/31/2007 11:01 PM]
"SmoothView"="C:\Program Files\Toshiba\SmoothView\SmoothView.exe" [06/15/2007 10:01 PM]
"00TCrdMain"="C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe" [01/22/2008 03:25 PM]
"pccguide.exe"="C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe" [04/12/2007 03:58 AM]
"PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [01/11/2007 01:01 PM]
"IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [01/11/2007 12:58 PM]
"Acronis Scheduler2 Service"="C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" [04/09/2008 08:14 PM]
"TrueImageMonitor.exe"="C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe" [04/09/2008 08:11 PM]
"AcronisTimounterMonitor"="C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe" [09/14/2007 03:02 AM]
"Babylon Client"="C:\Program Files\Babylon\Babylon-Pro\Babylon.exe" [03/11/2008 09:23 AM]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [02/29/2008 03:12 AM C:\Windows\KHALMNPR.Exe]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [01/04/2008 08:56 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [01/20/2008 07:25 PM]
"Window Washer"="C:\Program Files\Webroot\Washer\wwDisp.exe" [11/26/2007 02:47 PM]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [01/29/2008 05:00 PM]
"RoboForm"="C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [07/02/2008 02:26 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"Index Washer"="C:\Program Files\Webroot\Washer\WashIdx.exe" "Laurence Crossen"

C:\Users\Laurence Crossen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Delete all.lnk - C:\Windows\system32\RunDll32.exe [11/2/2006 1:48:33 AM]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [1/2/2007 9:40:10 PM]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [8/5/2008 4:17:08 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)
"EnableLUA"=0 (0x0)
"EnableUIADesktopToggle"=0 (0x0)
"DisableCAD"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"SynchronousMachineGroupPolicy"=0 (0x0)
"SynchronousUserGroupPolicy"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoRemoteRecursiveEvents"=1 (0x1)
"NoStrCmpLogical"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBalloonTip"=1 (0x1)
"NoSaveSettings"=0 (0x0)
"NoRecentDocsHistory"=1 (0x1)
"NoLowDiskSpaceChecks"=1 (0x1)
"NoAutoTrayNotify"=0 (0x0)
"NoResolveTrack"=0 (0x0)
"NoResolveSearch"=1 (0x1)
"NoStartBanner"=01000000
"NoWelcomeScreen"=1 (0x1)
"NoRecentDocsNetHood"=1 (0x1)
"RestrictWelcomeCenter"=1 (0x1)
"AlwaysShowClassicMenu"=1 (0x1)
"NoStartMenuMyGames"=1 (0x1)
"NoStartMenuMFUprogramsList"=1 (0x1)
"ClearRecentDocsOnExit"=1 (0x1)
"TaskbarNoNotification"=1 (0x1)
"NoDesktopCleanupWizard"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
C:\Windows\system32\psqlpwd.dll 12/03/2006 04:50 PM 90112 C:\Windows\System32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Notification Packages"= scecli psqlpwd
"Authentication Packages"= msv1_0 relog_ap

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalService nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE Mcx2Svc WebClient SstpSvc
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum
HPZ12 Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt hpqcxs08 hpqddsvc


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{eeea90a4-557f-11dd-81a1-001eec371a40}]
AutoRun\command- G:\WINDOWS\IronKey.exe


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- End of Deckard's System Scanner: finished at 2008-08-08 01:58:31 ------------

#4 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:03:02 AM

Posted 08 August 2008 - 10:11 PM

Hello, Philolaus.
I don't see any malware, but I do see some things worth cleaning up, and I would like to run a final check :thumbsup:

You appear to have a Registry Cleaner installed!
The following is referring to RegCure, Registry Drill
Please be aware that bleepingcomputer staff do not recommend the usage of registry cleaners / tools due to the following facts:
  • Registry tools can cause irreparable damage to your Operating System
  • Registry tools can, as a result of the above, render your pc to be inoperable.
This is done, assuming that the major audience here at this board might be inexperienced users and thus a suggested safeguard from our side.
If you feel you have the need for a registry cleaner, then you are just as welcome to keep it. This is what we refer to an "optional fix" and is up to the user, so just take this as a recommendation from my side.

The event logs from your system report that one of those registry cleaners are breaking your system configuration. I recomend you restore their backups and uninstall the application.

For example:
The print spooler failed to reopen an existing printer connection because it could not read the configuration information from the registry key S-1-5-21-369704275-3481632229-123819497-1000\Printers\Connections. The print spooler could not open the registry key. This can occur if the registry key is corrupt or missing, or if the registry recently became unavailable.

We need to move some files
Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{0BF43445-2F28-4351-9252-17FE6E806AA0}
    HKEY_CLASSES_ROOT\CLSID\{0BF43445-2F28-4351-9252-17FE6E806AA0}
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt2
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

I would like us to use ESET (NOD32)'s Online Scanner
  • Please go to ESET OnlineScan (NOD32)
  • You will then see the Terms of Use, tick the check-box infront of YES, I accept the Terms of Use
  • Now click Start
  • Should you face a Security Warning that asks if you want to install and run a file called "OnlineScanner.cab", click Yes
  • Click Start
    • Note: (the Onlinescanner will now prepare itself for running on your pc)
  • To do a full-scan, tick: "Remove found threats" and "Scan potentially unwanted applications"
  • Press Scan
  • The Onlinescan will now start and scan your pc (this could take a while)
  • When the scan has finished, it will show a screen with two tabs "overview" and "details" and the option to get information or buy software, just close the window
  • Click Start >> Run... >> type: C:\Program Files\EsetOnlineScanner\log.txt
  • The Scanresults will now open in Notepad
  • Click into the text area, right-click and chose "select all" (or use <Control>+A)
  • Right-click again and chose "Copy" (or <Control>+C)
  • Close/Exit Notepad
  • Navigate to this thread and post your log along with anything else requested from us, by right-clicking and "paste" (or ctrl+v) in the text area of the reply post you just created.
Note: For Vista Users: Eset is compatible but Internet Explorer must be run as Administrator. To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select "Run as Administrator" from the context menu.)

In your next reply, please include the following:
  • OTMoveIt2's Log
  • ESET OnlineScan's Log

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#5 Philolaus

Philolaus
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:02 AM

Posted 09 August 2008 - 10:02 AM

Hello Billy,
Thanks for taking the time for your very helpful reply. I ran the scans and the two results are copied here:

ESET:

# version=4
# OnlineScanner.ocx=1.0.0.635
# OnlineScannerDLLA.dll=1, 0, 0, 79
# OnlineScannerDLLW.dll=1, 0, 0, 78
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3341 (20080808)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.066 (20070917)
# EOSSerial=af85b3f319ab4c44986e97092e3dc1c0
# end=finished
# remove_checked=true
# unwanted_checked=true
# utc_time=2008-08-09 02:29:28
# local_time=2008-08-09 07:29:28 (-0800, Pacific Daylight Time)
# country="United States"
# osver=6.0.6001 NT Service Pack 1
# scanned=661649
# found=0
# scan_time=8088

MoveIt:

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{0BF43445-2F28-4351-9252-17FE6E806AA0} >
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{0BF43445-2F28-4351-9252-17FE6E806AA0}\\ not found.
< HKEY_CLASSES_ROOT\CLSID\{0BF43445-2F28-4351-9252-17FE6E806AA0} >
Registry key HKEY_CLASSES_ROOT\CLSID\{0BF43445-2F28-4351-9252-17FE6E806AA0}\\ not found.

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 08092008_045051


What would you recommend for a good book or article on how to use a good registry cleaner safely for someone willing to take the time for that?

Thanks,
Philolaus

#6 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:03:02 AM

Posted 09 August 2008 - 11:22 PM

Hello, Philolaus.
It's not an issue of time... it's just that there's really no point in running a registry cleaner. You may save ~ 10kb of hard disk space by removing those entries... but the fact that they are in you registry does not cause problems.

The problem with any registry cleaner is that they can make mistakes. And when they do, there's little that can be done to replace the lost information.

So I guess what I'm saying is that the best policy on using a registry cleaner is simply to not use one at all. They don't fix any problems by themselves, they don't increase the preformance of your computer, and they have a chance to REALLY screw things up :)

That's my 2 cents anyway :wink:

You now appear to be clean. Congratulations!

We need to clean up our tools.
  • Please download OTMoveIt2 by OldTimer and save it to your desktop.
  • Click the Clean Up button.
    Posted Image
  • Accept any prompts.
  • This will remove any tools we used, including OTMoveIt, and will require a reboot.
Please take the time to tell us what you would like to be done about the people who are behind all the problems you have had. We can only get something done about this if the people that we help, like you, are prepared to complain. We have a dedicated forum for collecting these complaints: Malware Complaints. Just find your country room and register your complaint.
The infections you had were "None"

Below are some steps to follow in order to dramatically lower the chances of reinfection.
You may have already implemented some of the steps below, however you should follow any steps that you have not already implemented.
  • Set a New Restore Point to prevent possible reinfection from an old one.
    Some of the malware you picked up could have been saved in System Restore. Since System Restore is a protected directory, your tools can not access it to delete these bad files which sometimes can reinfect your system. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.
    • Go to Start -> Control Panel -> System and Maintenance -> System.
    • Select "System Protection" in the upper left hand corner.
    • Click the button marked "Create" in the bottom of the window.
    • Give the R.P. a name then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
    • Open Vista's Searchbox (on your start menu) and type in "cleanmgr.exe"
    • Click "OK".
    • Click the "More Options" Tab.
    • Click "Clean Up", and then "Delete" in the "System Restore and Shadow Copies" section to remove all previous restore points except the newly created one.
    Note: You should only do this once!
    :thumbsup:
  • Make sure you install all the security updates for Windows, Internet Explorer & Microsoft Office
    Whenever a security problem in its software is found, Microsoft will usually create a patch for it. After the patch is installed, attackers can't use the vulnerability to install malicious software on your PC, so keeping up with these patches will help to prevent malicious software being installed on your PC
    Go here to check for & install updates to Microsoft applications.
    Note: The update process uses ActiveX, so you will need to use Internet Explorer for it, and allow the ActiveX control that it wants to install.
    :)
  • Keep your non-Microsoft applications updated as well
    Microsoft isn't the only company whose products can contain security vulnerabilities, to check for other vulnerable programs running on your PC that are in need of an update, you can use the Secunia Software Inspector - I suggest that you run it at least once a month.
    :)
  • Make Internet Explorer more secure
    • Click Start -> Run
    • Type "Inetcpl.cpl" (without quotes) & click OK.
    • Click on the Security tab.
    • Click "Reset all zones to default level"
    • Make sure the Internet Zone is selected & click "Custom level"
    • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls") to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
    • Click OK, then Apply, then OK to exit the Internet Properties page.
    :)
  • Install SpywareBlaster & make sure to update it regularly
    SpywareBlaster sets killbits in the registry to prevent known malicious ActiveX controls from installing themselves on your computer.
    If you don't know what ActiveX controls are, see here
    You can download SpywareBlaster from here.
    :spacer:
  • Install and use Spybot Search & Destroy
    Instructions are located here
    Make sure you update, reimmunize & scan regularly.
    :spacer:
  • Make use of the HOSTS file included with Spybot Search & Destroy
    Every version of Microsoft Windows includes a hosts file. A hosts file is a bit like a phone book: it points to the actual numeric address (i.e. the IP address) from the human friendly name of a website. This feature can be used to block malicious websites.
    Spybot Search & Destroy has a good HOSTS file built in. To enable it,
    • Run Spybot Search & Destroy
    • Click the Mode button on the toolbar, and then place a tick next to Advanced mode.
    • Click Yes.
    • In the left hand pane of Spybot Search & Destroy, click on "Tools", and then on Hosts File.
    • Click on "Add Spybot-S&D hosts list"
    Note: On some PCs, having a custom HOSTS file installed can cause a significant slowdown. Following these instructions should resolve the issue
    • Click Start -> Run.
    • Type "services.msc" (without quotes) & click OK.
    • In the list, find the service called "DNS Client" & double click on it.
    • On the dropdown box, change the setting from "Automatic" to "Manual".
    • Click OK.
    • Exit/close the Services window
    For a more detailed explanation of the HOSTS file, click here.
    :spacer:
  • Install a-squared Free & update and scan with it regularly
    a-squared free is a product from Emsi Software provided free for private use that can detect and remove a variety of malicious software. You can get it here
    Note: If you have a dialup internet connection, you may also like to install a-squared Anti-Dialer which provides some real time protection against premium rate dialers
    :spacer:
  • Finally I am trying to make one point very clear. It is absolutely essential to keep all of your security programs up to date!
Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#7 Philolaus

Philolaus
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:02 AM

Posted 10 August 2008 - 09:46 AM

Hello Billy,
Thank you for your instructive posting. I tried Secunia and found it helpful. You wouldn't know how to remove old versions of the Flash Player detected by Secunia? Secunia really helps complete my monthly update routine.

I'm happy to be very clear that no malware is present.

I appreciate the advise about registry cleaners and am carefully considering not using them any longer.

Only one problem remains. That's the odd startup entry that keeps re-establishing itself every day. This is what initially made me concerned. It's described at the beginning of this posting. I wonder if there's some way to clear that?

Thanks,
Philolaus

#8 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:03:02 AM

Posted 10 August 2008 - 10:09 AM

Go ahead and uninstall RegCure and see if the problems continue. Sypsweeper needs those regkeys, and it is likely RegCure is trying to remove them.

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#9 Philolaus

Philolaus
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:02 AM

Posted 10 August 2008 - 10:50 AM

Billy,
Thanks, but I already tried that before posting. No luck, even though I used my Your Uninstaller to do a thorough job. Any other ideas?
Philolaus

#10 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:03:02 AM

Posted 10 August 2008 - 11:54 AM

Hello, Philolaus.
Alright... we'll rip out the remaining bits of RegCure manually :thumbsup:

We need to move some files
Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RegCure
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\RegCure.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\RegCure
    C:\Program Files\RegCure\
    %userprofile%\Start Menu\Programs\RegCure
    C:\Documents and Settings\All Users\Start Menu\Programs\RegCure
    C:\Documents and Settings\All Users\Desktop\RegCure.lnk
    %userprofile%\Application Data\Microsoft\Internet Explorer\Quick Launch\RegCure.lnk
    C:\Windows\Tasks\RegCure*
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt2
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

In your next reply, please include the following:
  • OTMoveIt2's Log


Also let me know if the problem still occurs :)
Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#11 Philolaus

Philolaus
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:02 AM

Posted 10 August 2008 - 01:06 PM

Billy,

Thanks! It seems to most likely have worked this time. On restarting Spysweeper invariably gives an alert stating that regCure wants to add this odd entry, but finally it stopped. I guess I better stop using RegCure. You wouldn't know of a good book on editing the registry that would help in using registry cleaners in a cautious manner, helping to chose which files to fix or clean?

Philolaus

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RegCure >
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RegCure\\ not found.
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\RegCure.exe >
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\RegCure.exe\\ not found.
< HKEY_LOCAL_MACHINE\SOFTWARE\RegCure >
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\RegCure\\ not found.
Folder C:\Program Files\RegCure\ not found.
< %userprofile%\Start Menu\Programs\RegCure >
Folder C:\Users\Laurence Crossen\Start Menu\Programs\RegCure not found.
File/Folder C:\Documents and Settings\All Users\Start Menu\Programs\RegCure not found.
File/Folder C:\Documents and Settings\All Users\Desktop\RegCure.lnk not found.
< %userprofile%\Application Data\Microsoft\Internet Explorer\Quick Launch\RegCure.lnk >
Folder C:\Users\Laurence Crossen\Application Data\Microsoft\Internet Explorer\Quick Launch\RegCure.lnk not found.
< C:\Windows\Tasks\RegCure* >
File/Folder C:\Windows\Tasks\RegCure* not found.

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 08102008_103356

#12 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:03:02 AM

Posted 10 August 2008 - 01:35 PM

Hello, Philolaus.

That didn't quite get rid of all of it.. just a little left...

We need to move some files
Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    C:\Windows\Tasks\wrSpySweeper_LC86EC6C8AA1C40DDA447B83DB973AE15.job
    C:\Windows\Tasks\RegCure Program Check.job
    C:\Windows\Tasks\RegCure.job
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt2
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

In your next reply, please include the following:
  • OTMoveIt2's Log

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#13 Philolaus

Philolaus
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:02 AM

Posted 10 August 2008 - 05:29 PM

Hello Billy,
One more security problem just came up. My Microsoft vulnerabilities scan found that I did not have an update issued 7/9/08. However, I did install it then, as shown in my Update history. And the Update history still shows it as installed.

So, I went to Microsoft and downloaded it and attempted to install it again, but it said it wasn't for my system.

What could be wrong here, and what did we do to my I.E., since this update pertains to it?

Thanks,

Philolaus

#14 Philolaus

Philolaus
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:02 AM

Posted 10 August 2008 - 05:44 PM

Billy,
In your last post at 11:35, what will the one with "wrSpysweeper" do? What does "wr" have to do with or mean?
Philolaus

#15 Philolaus

Philolaus
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:02 AM

Posted 10 August 2008 - 05:47 PM

Billy,
I wonder exactly what it was that we did with the first MoveIt involving Internet Explorer and another file yesterday?
Philolaus




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users