Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Buritos.exe, Karina.dat


  • This topic is locked This topic is locked
2 replies to this topic

#1 Kotetsua

Kotetsua

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:12:41 AM

Posted 11 August 2008 - 05:50 PM

I can't tell, did I get it all? Three times it's come back after I think it's all gone!

I used ProcessGuard, HijackThis (had to rename it), CCleaner, SDFix, ComboFix, after that I was able to install Spybot S&D (the .exe kept being deleted even with rename immediately when installing it) and here I am. Still getting 7 infected showing up on Kaspersky but can't figure out how to clean that up.

Thanks for the help in advance, just want to make sure I got it all.

main.txt

Deckard's System Scanner v20071014.68
Run by Owner on 2008-08-11 18:39:52
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------



-- Last 5 Restore Point(s) --
84: 2008-08-11 22:36:45 UTC - RP84 - Deckard's System Scanner Restore Point
83: 2008-08-11 21:46:40 UTC - RP83 - System Checkpoint
82: 2008-08-10 20:10:05 UTC - RP82 - Last known good configuration
81: 2008-08-10 20:10:00 UTC - RP81 - System Checkpoint
80: 2008-08-10 20:10:00 UTC - RP80 - Installed Sansa Updater


-- First Restore Point --
1: 2008-08-10 20:09:52 UTC - RP1 - Removed Compaq Organize


Backed up registry hives.
Performed disk cleanup.



-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-08-11 18:41:22
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon05.exe
C:\hp\KBD\kbd.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\WINDOWS\ltmsg.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe
C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\interMute\SpamSubtract\SpamSub.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\Program Files\McAfee\MSC\mcmscsvc.exe
C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
C:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
C:\Program Files\McAfee\VirusScan\Mcshield.exe
C:\Program Files\McAfee\MPF\MpfSrv.exe
C:\Program Files\McAfee\MSK\msksrver.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\ZuneBusEnum.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Owner\Desktop\dss.exe
C:\Program Files\McAfee\MSC\mcuimgr.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SansaDispatch] C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [McAfee Backup] C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSub.exe
O8 - Extra context menu item: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O10 - Unknown file in Winsock LSP: SpSubLSP.dllO10 - Unknown file in Winsock LSP: SpSubLSP.dllO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSVCCDA.EXE
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\Mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MpfSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\msksrver.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe


--
End of file - 9223 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R3 FGDSCSI - c:\windows\system32\drivers\fgdscsi.sys <Not Verified; FarStone Inc.; FarStone GameDrive>
R3 fgdxbus - c:\windows\system32\drivers\fgdxbus.sys <Not Verified; FarStone Inc.; >
R3 fsRamDsk (RamDisk Drive Service) - c:\windows\system32\drivers\fsramdsk.sys <Not Verified; FarStone; FarStone RamDisk>
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>

S3 catchme - c:\combotommy\catchme.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>
R2 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-08-07 18:09:02 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2008-08-01 01:00:29 332 --a------ C:\WINDOWS\Tasks\McQcTask.job
2008-07-28 18:27:09 340 --a------ C:\WINDOWS\Tasks\McDefragTask.job
2008-07-28 01:13:43 272 --a------ C:\WINDOWS\Tasks\Easy Internet Sign-up.job


-- Files created between 2008-07-11 and 2008-08-11 -----------------------------

2008-08-11 15:48:50 0 dr-h----- C:\Documents and Settings\Owner\Recent
2008-08-11 15:42:32 0 d-------- C:\Documents and Settings\Owner\Application Data\McAfee
2008-08-11 07:48:12 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2008-08-11 04:50:29 53248 --a------ C:\WINDOWS\PSEXESVC.EXE <Not Verified; Sysinternals; Sysinternals PsExec>
2008-08-11 04:44:46 68096 --a------ C:\WINDOWS\zip.exe
2008-08-11 04:44:46 49152 --a------ C:\WINDOWS\VFind.exe
2008-08-11 04:44:46 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-08-11 04:44:46 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-08-11 04:44:46 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-08-11 04:44:46 98816 --a------ C:\WINDOWS\sed.exe
2008-08-11 04:44:46 80412 --a------ C:\WINDOWS\grep.exe
2008-08-11 04:44:46 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-08-11 04:44:39 0 d-------- C:\ComboTommy
2008-08-11 04:16:21 0 d-------- C:\WINDOWS\ERUNT
2008-08-11 04:12:03 0 d-------- C:\Tommyfix
2008-08-11 03:48:01 0 d-------- C:\Program Files\TommySD
2008-08-11 03:08:56 0 d-------- C:\Documents and Settings\Administrator\Application Data\Mozilla
2008-08-11 02:13:11 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities
2008-08-11 02:13:10 0 dr------- C:\Documents and Settings\Administrator\Favorites
2008-08-11 02:13:10 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-08-11 02:13:10 0 d---s---- C:\Documents and Settings\Administrator\Cookies
2008-08-11 02:13:10 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-08-11 02:13:10 0 d-------- C:\Documents and Settings\Administrator\Application Data\Symantec
2008-08-11 02:13:10 0 d-------- C:\Documents and Settings\Administrator\Application Data\Sun
2008-08-11 02:13:10 0 d-------- C:\Documents and Settings\Administrator\Application Data\Sonic
2008-08-11 02:13:10 0 d-------- C:\Documents and Settings\Administrator\Application Data\SampleView
2008-08-11 02:13:10 0 d-------- C:\Documents and Settings\Administrator\Application Data\Real
2008-08-11 02:13:10 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-08-11 02:13:10 0 d-------- C:\Documents and Settings\Administrator\Application Data\interMute
2008-08-11 02:13:09 0 d-------- C:\Documents and Settings\Administrator\WINDOWS
2008-08-11 02:13:09 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-08-11 02:13:09 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-08-11 02:13:09 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-08-11 02:13:09 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-08-11 02:13:09 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-08-11 02:13:09 0 dr------- C:\Documents and Settings\Administrator\My Documents
2008-08-11 02:13:09 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-08-11 02:13:08 3670016 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-08-11 01:22:26 0 d-------- C:\Program Files\ProcessGuard
2008-08-11 01:15:15 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-10 16:06:16 18649 --a------ C:\WINDOWS\ixagula.dll
2008-08-10 16:06:16 13015 --a------ C:\Documents and Settings\All Users\Application Data\kumod.sys
2008-08-10 16:06:15 13866 --a------ C:\WINDOWS\ehoroc.com
2008-08-10 16:06:15 14518 --a------ C:\WINDOWS\edikof.com
2008-08-10 16:06:15 14348 --a------ C:\WINDOWS\ecoby.dat
2008-08-10 16:06:15 19626 --a------ C:\Program Files\Common Files\ykyse.sys
2008-08-10 16:06:15 15635 --a------ C:\Program Files\Common Files\megedamig.dat
2008-08-10 16:06:15 12211 --a------ C:\Documents and Settings\All Users\Application Data\ugiwyrusaq.bat
2008-08-10 15:38:25 0 d-------- C:\Documents and Settings\Owner\Application Data\vlc
2008-08-10 15:28:42 0 d-------- C:\Documents and Settings\Owner\Application Data\Motive
2008-08-10 00:40:51 0 d-------- C:\WINDOWS\system32\NtmsData
2008-08-08 17:39:45 0 d-------- C:\Documents and Settings\Owner\Application Data\InstallShield
2008-08-08 17:39:10 0 d-------- C:\Program Files\SanDisk
2008-08-08 16:00:03 0 d-------- C:\Program Files\TagRename
2008-08-08 04:08:57 0 d-------- C:\Program Files\Electronic Arts
2008-08-08 03:52:45 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-08-02 02:04:05 0 d-------- C:\Documents and Settings\All Users\Application Data\SlySoft
2008-08-02 02:01:36 0 d-------- C:\Program Files\SlySoft
2008-08-01 01:29:58 0 d-------- C:\Documents and Settings\Owner\Application Data\InterVideo
2008-08-01 01:19:22 0 d-------- C:\Program Files\DAEMON Tools Lite
2008-08-01 01:16:19 717296 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-08-01 01:16:14 0 d-------- C:\Documents and Settings\Owner\Application Data\DAEMON Tools
2008-07-31 22:47:18 183 --a------ C:\WINDOWS\setuplog
2008-07-31 22:45:41 25088 --a------ C:\WINDOWS\system32\CTSVCCTL.EXE <Not Verified; Creative Technology Ltd; Creative Service Control>
2008-07-31 22:45:41 44032 --a------ C:\WINDOWS\system32\CTSVCCDA.EXE <Not Verified; Creative Technology Ltd; Creative Service for CDROM Access>
2008-07-31 22:42:39 0 d-------- C:\Program Files\Creative
2008-07-31 22:27:09 0 d-------- C:\Documents and Settings\Owner\Application Data\SlySoft
2008-07-31 22:22:27 0 d-------- C:\Documents and Settings\All Users\Application Data\Elaborate Bytes
2008-07-31 22:19:35 0 d-------- C:\Program Files\Elaborate Bytes
2008-07-31 22:18:10 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-07-31 22:14:34 0 d-------- C:\Program Files\DVDFab HD Decrypter 4
2008-07-31 22:14:19 0 d-------- C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-07-31 22:14:17 0 d-------- C:\Program Files\DVD Shrink
2008-07-31 22:13:50 0 d-------- C:\Program Files\DVD Decrypter
2008-07-31 22:09:20 0 d-------- C:\Program Files\Yahoo!
2008-07-31 22:04:20 3051520 -----n--- C:\WINDOWS\UNNeroVision.exe <Not Verified; Nero AG; Nero WebEngine>
2008-07-31 22:04:03 364544 --a------ C:\WINDOWS\system32\TwnLib4.dll <Not Verified; Pegasus Imaging Corp.; TwnLib4>
2008-07-31 22:04:03 38912 --a------ C:\WINDOWS\system32\picn20.dll <Not Verified; Pegasus Imaging Corp.; PEGASUS>
2008-07-31 22:04:03 0 d-------- C:\Documents and Settings\All Users\Application Data\Ahead
2008-07-31 22:02:13 106496 --a------ C:\WINDOWS\system32\TwnLib20.dll <Not Verified; Pegasus Software; TWNLIB20>
2008-07-31 22:02:12 155648 --a------ C:\WINDOWS\system32\NeroCheck.exe <Not Verified; Ahead Software Gmbh; Ahead Software Gmbh NeroCheck>
2008-07-31 22:02:12 471040 --a------ C:\WINDOWS\system32\ImagXRA7.dll <Not Verified; Pegasus Imaging Corp.; ImagXpress7>
2008-07-31 22:02:12 262144 --a------ C:\WINDOWS\system32\ImagXR7.dll <Not Verified; Pegasus Imaging Corp.; ImagXpress7>
2008-07-31 22:02:12 1568768 --a------ C:\WINDOWS\system32\ImagX7.dll <Not Verified; Pegasus Imaging Corp.; ImagXpress7>
2008-07-31 22:00:41 0 d-------- C:\Program Files\GoldEsel
2008-07-31 22:00:41 0 d-------- C:\Program Files\Common Files\Ahead
2008-07-31 22:00:41 0 d-------- C:\Program Files\Ahead
2008-07-30 15:32:27 0 d--hs---- C:\WINDOWS\ftpcache
2008-07-30 02:39:44 0 d-------- C:\Program Files\Tencent
2008-07-30 02:39:24 0 d-------- C:\Program Files\AIMTunes
2008-07-30 02:39:11 0 d-------- C:\Documents and Settings\All Users\Application Data\AOL Downloads
2008-07-30 02:38:43 0 d-------- C:\Documents and Settings\Owner\Application Data\Viewpoint
2008-07-30 02:38:43 0 d-------- C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-07-30 02:38:41 0 d-------- C:\Documents and Settings\All Users\Application Data\acccore
2008-07-30 02:38:30 0 d-------- C:\Documents and Settings\All Users\Application Data\AOL
2008-07-30 02:38:30 0 d-------- C:\Documents and Settings\All Users\Application Data\AOL OCP
2008-07-30 02:38:10 0 d-------- C:\Program Files\Common Files\AOL
2008-07-30 02:37:43 0 d-------- C:\Program Files\AIM6
2008-07-30 02:37:05 0 d-------- C:\Program Files\Common Files\Adobe AIR
2008-07-30 02:27:24 843 --a------ C:\WINDOWS\checkip.dat
2008-07-30 02:24:38 1291 --a------ C:\WINDOWS\ipconfig.dat
2008-07-29 15:50:37 0 d-------- C:\Program Files\VideoLAN
2008-07-29 15:28:29 0 d-------- C:\Documents and Settings\All Users\Application Data\Soulseek
2008-07-29 15:27:43 0 d-------- C:\Program Files\SoulseekNS
2008-07-29 01:15:08 0 d-------- C:\Documents and Settings\Owner\Application Data\AdobeUM
2008-07-29 00:47:14 0 d-------- C:\Documents and Settings\Owner\dwhelper
2008-07-29 00:07:21 0 d-------- C:\Program Files\PeerGuardian2
2008-07-29 00:05:44 0 d-------- C:\Program Files\CCleaner
2008-07-29 00:00:07 0 d-------- C:\Documents and Settings\Owner\Application Data\WinRAR
2008-07-28 20:32:12 0 d-------- C:\Program Files\uTorrent
2008-07-28 20:32:05 0 d-------- C:\Documents and Settings\Owner\Application Data\uTorrent
2008-07-28 20:24:58 0 d-------- C:\Program Files\MSXML 4.0
2008-07-28 20:20:33 0 d-------- C:\WINDOWS\pss
2008-07-28 20:14:40 0 d-------- C:\Documents and Settings\Owner\Application Data\Help
2008-07-28 20:06:48 0 d-------- C:\Program Files\Lexmark X1100 Series
2008-07-28 20:05:50 299520 --a------ C:\WINDOWS\uninst.exe <Not Verified; InstallShield Corporation, Inc.; InstallShield unInstaller>
2008-07-28 19:58:24 0 d-------- C:\Program Files\Zune
2008-07-28 19:29:33 0 d-------- C:\Program Files\Western Digital Technologies
2008-07-28 19:25:39 0 d-------- C:\Program Files\CD Audio Reader Filter
2008-07-28 19:25:37 0 d-------- C:\Program Files\DScaler5
2008-07-28 19:25:35 0 d-------- C:\Program Files\OpenSource Flash Video Splitter
2008-07-28 19:25:29 0 d-------- C:\Program Files\RealMedia
2008-07-28 19:25:14 0 d-------- C:\Program Files\SHOUTcast Source
2008-07-28 19:25:12 0 d-------- C:\Program Files\Haali
2008-07-28 19:25:02 0 d-------- C:\Program Files\DSP-worx
2008-07-28 19:24:59 7680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2008-07-28 19:24:58 60273 --a------ C:\WINDOWS\system32\pthreadGC2.dll <Not Verified; Open Source Software community project; >
2008-07-28 19:24:57 0 d-------- C:\Program Files\ffdshow
2008-07-28 19:24:48 0 d-------- C:\Program Files\DirectVobSub
2008-07-28 19:24:28 0 d-------- C:\Program Files\Zoom Player
2008-07-28 19:20:18 0 d-------- C:\Program Files\Winamp Toolbar
2008-07-28 19:20:18 0 d-------- C:\Documents and Settings\All Users\Application Data\Winamp Toolbar
2008-07-28 19:19:51 0 d-------- C:\Program Files\Winamp
2008-07-28 19:19:51 0 d-------- C:\Documents and Settings\Owner\Application Data\Winamp
2008-07-28 19:18:42 0 d-------- C:\Documents and Settings\Owner\Application Data\Opera
2008-07-28 19:18:25 0 d-------- C:\Program Files\Opera
2008-07-28 18:59:48 0 --a------ C:\WINDOWS\nsreg.dat
2008-07-28 18:59:44 0 d-------- C:\Documents and Settings\Owner\Application Data\Mozilla
2008-07-28 18:54:35 0 d-------- C:\Documents and Settings\Owner\Application Data\Apple Computer
2008-07-28 18:54:17 0 d-------- C:\Program Files\iPod
2008-07-28 18:54:14 0 d-------- C:\Program Files\iTunes
2008-07-28 18:54:01 0 d-------- C:\Program Files\Bonjour
2008-07-28 18:53:17 0 d-------- C:\Program Files\QuickTime
2008-07-28 18:53:15 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-07-28 18:53:03 0 d-------- C:\Program Files\Apple Software Update
2008-07-28 18:52:56 0 d------c- C:\WINDOWS\system32\DRVSTORE
2008-07-28 18:52:37 0 d-------- C:\Program Files\Common Files\Apple
2008-07-28 18:52:37 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-07-28 18:49:50 0 d-------- C:\Program Files\Windows Media Connect 2
2008-07-28 18:48:42 0 d-------- C:\WINDOWS\system32\LogFiles
2008-07-28 18:48:42 0 d-------- C:\WINDOWS\system32\drivers\UMDF
2008-07-28 18:39:51 0 d-------- C:\Program Files\a-squared Free
2008-07-28 18:32:33 0 d-------- C:\Documents and Settings\LocalService\Application Data\Adobe
2008-07-28 18:32:21 0 dr------- C:\Documents and Settings\LocalService\Favorites
2008-07-28 18:30:49 0 d-------- C:\Program Files\Common Files\SWF Studio
2008-07-28 18:29:07 143360 --a------ C:\WINDOWS\system32\dunzip32.dll <Not Verified; Inner Media, Inc.; DynaZIP-32 Multi-Threading UnZIP DLL>
2008-07-28 18:26:57 0 d-------- C:\Program Files\McAfee.com
2008-07-28 18:26:52 0 d-------- C:\Program Files\Common Files\McAfee
2008-07-28 18:26:40 0 d-------- C:\Program Files\McAfee
2008-07-28 18:21:13 0 d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2008-07-28 18:14:39 0 d-------- C:\Documents and Settings\Owner\Application Data\OpenOffice.org2
2008-07-28 18:11:33 0 d-------- C:\Program Files\OpenOffice.org 2.4
2008-07-28 18:10:48 0 d-------- C:\Documents and Settings\LocalService\Start Menu
2008-07-28 18:10:18 0 d-------- C:\WINDOWS\Prefetch
2008-07-28 18:05:26 0 d-------- C:\WINDOWS\peernet
2008-07-28 18:05:25 0 d-------- C:\WINDOWS\provisioning
2008-07-28 18:04:19 0 d-------- C:\WINDOWS\ServicePackFiles
2008-07-28 17:57:31 0 d-------- C:\WINDOWS\EHome
2008-07-28 17:47:29 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-07-28 17:45:48 0 d-------- C:\WINDOWS\system32\PreInstall
2008-07-28 17:45:45 0 d--h----- C:\WINDOWS\$hf_mig$
2008-07-28 17:45:06 0 d-------- C:\WINDOWS\system32\bits
2008-07-28 17:43:24 0 d-------- C:\WINDOWS\SoftwareDistribution
2008-07-28 17:43:17 0 d---s---- C:\Documents and Settings\Owner\UserData
2008-07-28 17:32:18 0 d-------- C:\Documents and Settings\Owner\Application Data\Macromedia
2008-07-28 17:32:18 0 d-------- C:\Documents and Settings\Owner\Application Data\Adobe
2008-07-28 16:16:02 0 d-------- C:\WINDOWS\system32\Adobe
2008-07-28 16:05:47 0 d-------- C:\NVIDIA
2008-07-28 16:03:54 0 d-------- C:\Program Files\SystemRequirementsLab
2008-07-28 16:03:54 0 d-------- C:\Documents and Settings\Owner\Application Data\SystemRequirementsLab
2008-07-28 16:03:46 0 d-------- C:\WINDOWS\Sun
2008-07-28 02:11:01 0 d-------- C:\Program Files\Microsoft IntelliPoint
2008-07-28 02:08:50 0 d-------- C:\Program Files\support.com
2008-07-28 02:08:24 0 d-------- C:\Documents and Settings\All Users\Application Data\Support.com
2008-07-28 02:06:52 0 d-------- C:\Documents and Settings\Owner\Application Data\FarStone
2008-07-28 02:04:56 65536 --a------ C:\WINDOWS\system32\GDPersns.dat
2008-07-28 02:04:44 37409 -ra------ C:\WINDOWS\system32\drivers\fsRamDsk.sys <Not Verified; FarStone; FarStone RamDisk>
2008-07-28 02:04:27 14496 -ra------ C:\WINDOWS\system32\GDI08X.dat
2008-07-28 02:04:27 10899 -ra------ C:\WINDOWS\system32\drivers\fgdxbus.sys <Not Verified; FarStone Inc.; >
2008-07-28 02:04:27 72475 -ra------ C:\WINDOWS\system32\drivers\fgdscsi.sys <Not Verified; FarStone Inc.; FarStone GameDrive>
2008-07-28 02:03:33 0 d-------- C:\Program Files\FarStone
2008-07-28 02:02:11 53248 --a------ C:\WINDOWS\system32\RDrvNTInterface.dll <Not Verified; ; RDrv2KInterface Dynamic Link Library>
2008-07-28 02:02:11 77824 --a------ C:\WINDOWS\system32\RDrv2KInterface.dll <Not Verified; ; RDrv2KInterface Dynamic Link Library>
2008-07-28 02:02:10 28672 --a------ C:\WINDOWS\system32\RDrvInterface.dll <Not Verified; ; RDrvInterface Dynamic Link Library>
2008-07-28 02:02:10 32768 --a------ C:\WINDOWS\system32\RDrv9xInterface.dll <Not Verified; ; RDrv9XInterface Dynamic Link Library>
2008-07-28 02:02:10 36864 --a------ C:\WINDOWS\system32\inVHDDrvExe.exe
2008-07-28 02:02:09 36864 --a------ C:\WINDOWS\system32\unVHDDrvExe.exe
2008-07-28 02:02:09 81920 --a------ C:\WINDOWS\system32\Dversion.dll <Not Verified; FarStone; Farstone Dversion>
2008-07-28 02:02:08 45056 --a------ C:\WINDOWS\system32\Fsinst32.dll
2008-07-28 02:02:08 5120 --a------ C:\WINDOWS\system32\Fsinst16.DLL
2008-07-28 02:02:08 122880 --a------ C:\WINDOWS\system32\DVC.dll <Not Verified; Farstone; Farstone DVC>
2008-07-28 01:36:59 0 d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-07-28 01:30:16 245920 -r-hs---- C:\cmldr
2008-07-28 01:30:13 0 dr-hs---- C:\cmdcons
2008-07-28 01:30:11 0 d-------- C:\WINDOWS\setup.pss
2008-07-28 01:30:01 0 d-------- C:\WINDOWS\setupupd
2008-07-28 01:03:22 0 d-------- C:\WUTemp
2008-07-28 01:03:04 262144 --a------ C:\Documents and Settings\All Users\NTUSER.DAT
2008-07-28 01:02:34 1630208 --a------ C:\WINDOWS\system32\mplvw7.dll <Not Verified; Ligos Corporation; MPL Video Library>
2008-07-28 01:02:34 1150976 --a------ C:\WINDOWS\system32\mplvpx.dll <Not Verified; Ligos Corporation; MPL Video Library>
2008-07-28 01:02:34 1581056 --a------ C:\WINDOWS\system32\mplvm6.dll <Not Verified; Ligos Corporation; MPL Video Library>
2008-07-28 01:02:33 1675264 --a------ C:\WINDOWS\system32\mplva6.dll <Not Verified; Ligos Corporation; MPL Video Library>
2008-07-28 01:02:33 81920 --a------ C:\WINDOWS\system32\mplaw7.dll <Not Verified; Ligos Corporation; MPL Audio Library>
2008-07-28 01:02:33 69632 --a------ C:\WINDOWS\system32\mplapx.dll <Not Verified; Ligos Corporation; MPL Audio Library>
2008-07-28 01:02:33 69632 --a------ C:\WINDOWS\system32\mplam6.dll <Not Verified; Ligos Corporation; MPL Audio Library>
2008-07-28 01:02:33 81920 --a------ C:\WINDOWS\system32\mplaa6.dll <Not Verified; Ligos Corporation; MPL Audio Library>
2008-07-28 01:02:33 49152 --a------ C:\WINDOWS\system32\cpuinf32.dll <Not Verified; Intel Corporation; Intel CPUInfo>
2008-07-28 01:01:58 0 d-------- C:\Program Files\ArcSoft
2008-07-28 01:00:15 0 d-------- C:\Documents and Settings\Default User\WINDOWS
2008-07-28 01:00:15 0 d-------- C:\Documents and Settings\Default User\Application Data\Symantec
2008-07-28 01:00:15 0 d-------- C:\Documents and Settings\Default User\Application Data\Sun
2008-07-28 01:00:15 0 d-------- C:\Documents and Settings\Default User\Application Data\Sonic
2008-07-28 01:00:15 0 d-------- C:\Documents and Settings\Default User\Application Data\SampleView
2008-07-28 01:00:15 0 d-------- C:\Documents and Settings\Default User\Application Data\Real
2008-07-28 01:00:15 0 d-------- C:\Documents and Settings\Default User\Application Data\interMute
2008-07-28 00:59:25 0 d--hs---- C:\System Volume Information
2008-07-28 00:37:30 247 --a------ C:\WINDOWS\system\hpsysdrv.dat
2008-07-28 00:24:24 0 dr------- C:\Program Files
2008-07-28 00:24:24 0 dr------- C:\Documents and Settings\Owner\Start Menu
2008-07-28 00:24:24 0 dr-h----- C:\Documents and Settings\Owner\SendTo
2008-07-28 00:24:24 0 dr------- C:\Documents and Settings\Owner\My Documents
2008-07-28 00:24:22 0 dr------- C:\Documents and Settings\Owner\Favorites
2008-07-28 00:24:22 0 dr-h----- C:\Documents and Settings\Owner\Application Data
2008-07-28 00:24:21 0 dr------- C:\Documents and Settings\Default User\Start Menu
2008-07-28 00:24:21 0 dr-h----- C:\Documents and Settings\Default User\SendTo
2008-07-28 00:24:21 0 d--h----- C:\Documents and Settings\Default User\Local Settings
2008-07-28 00:24:21 0 dr-h----- C:\Documents and Settings\Default User\Application Data
2008-07-28 00:24:21 0 dr------- C:\Documents and Settings\All Users\Start Menu
2008-07-28 00:24:20 0 dr------- C:\Documents and Settings\All Users\Documents
2008-07-28 00:24:16 0 dr-h----- C:\Documents and Settings\All Users\Application Data
2008-07-28 00:23:56 0 dr------- C:\WINDOWS\Offline Web Pages
2008-07-28 00:22:24 0 dr-hs--c- C:\WINDOWS\system32\dllcache


-- Find3M Report ---------------------------------------------------------------

2008-08-11 04:48:48 0 d-------- C:\Program Files\Common Files
2008-08-08 17:40:06 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-07-31 22:31:22 40 ---hs---- C:\Documents and Settings\Owner\Application Data\.zreglib
2008-07-30 02:38:45 0 d-------- C:\Program Files\Viewpoint
2008-07-30 02:36:06 0 d-------- C:\Program Files\Common Files\Adobe
2008-07-28 18:11:13 0 d-------- C:\Program Files\Java
2008-07-28 18:05:38 0 d-------- C:\Program Files\Messenger
2008-07-28 18:05:26 0 d-------- C:\Program Files\Movie Maker
2008-07-28 18:04:06 0 d-------- C:\Program Files\Windows NT
2008-07-28 17:43:58 0 d--h----- C:\Program Files\WindowsUpdate
2008-07-28 02:16:06 0 d-------- C:\Program Files\Microsoft Plus! Digital Media Edition
2008-07-28 01:31:52 0 d-------- C:\Program Files\Common Files\InstallShield
2008-07-28 01:19:41 0 d-------- C:\Program Files\Common Files\Real
2008-07-28 01:13:43 0 d-------- C:\Program Files\Easy Internet signup
2008-07-28 01:03:43 1100 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-05-16 15:01:00 1630208 --a------ C:\WINDOWS\system32\nwiz.exe
2008-05-16 15:01:00 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll
2008-05-16 15:01:00 1703936 --a------ C:\WINDOWS\system32\nvwdmcpl.dll
2008-05-16 15:01:00 466944 --a------ C:\WINDOWS\system32\nvshell.dll
2008-05-16 15:01:00 1486848 --a------ C:\WINDOWS\system32\nview.dll
2008-05-16 15:01:00 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe
2008-05-16 15:01:00 442368 --a------ C:\WINDOWS\system32\nvappbar.exe
2008-05-16 15:01:00 425984 --a------ C:\WINDOWS\system32\keystone.exe


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Program Files\Winamp Toolbar\winamptb.dll [07/16/2008 04:51 PM 1266992]

[-HKEY_CLASSES_ROOT\CLSID\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [05/07/1998 07:04 PM]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [04/07/2003 10:07 AM]
"HPHUPD05"="c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" []
"HPHmon05"="C:\WINDOWS\System32\hphmon05.exe" [05/23/2003 05:55 AM]
"KBD"="C:\HP\KBD\KBD.EXE" [02/11/2003 11:02 PM]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [08/19/2003 11:01 AM]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [09/14/2002 12:42 AM]
"VTTimer"="VTTimer.exe" []
"LTMSG"="LTMSG.exe" [07/14/2003 08:52 PM C:\WINDOWS\ltmsg.exe]
"PS2"="C:\WINDOWS\system32\ps2.exe" [07/31/2002 11:28 PM]
"Reminder"="C:\Windows\Creator\Remind_XP.exe" [06/17/2003 09:13 PM]
"nwiz"="nwiz.exe" [05/16/2008 03:01 PM C:\WINDOWS\system32\nwiz.exe]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [02/05/2007 07:52 PM]
"AlcxMonitor"="ALCXMNTR.EXE" [09/07/2004 01:47 PM C:\WINDOWS\ALCXMNTR.EXE]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [11/01/2007 07:12 PM]
"McENUI"="C:\PROGRA~1\McAfee\MHN\McENUI.exe" [11/30/2007 05:42 AM]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [05/16/2008 03:01 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [06/10/2008 05:27 AM]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [07/10/2008 10:47 AM]
"Zune Launcher"="c:\Program Files\Zune\ZuneLauncher.exe" [04/29/2008 08:56 PM]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [07/09/2001 11:50 AM]
"SansaDispatch"="C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe" [10/22/2007 12:52 PM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [05/16/2008 03:01 PM]
"McAfee Backup"="C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe" [01/16/2007 01:59 PM]
"MBkLogOnHook"="C:\Program Files\McAfee\MBK\LogOnHook.exe" [01/08/2007 11:22 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RecordNow!"="" []
"Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [12/02/2004 06:23 PM]

C:\Documents and Settings\Owner\Start Menu\Programs\Startup\
spamsubtract.lnk - C:\Program Files\interMute\SpamSubtract\SpamSub.exe [10/14/2003 9:35:01 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"=1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mfehidk]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mfehidk.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mferkdk]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mferkdk.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mfetdik]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mfetdik.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^OpenOffice.org 2.4.lnk]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\OpenOffice.org 2.4.lnk
backup=C:\WINDOWS\pss\OpenOffice.org 2.4.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CamMonitor]
c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GameDrive]
"C:\Program Files\FarStone\GameDrive\GDTask.exe" /AutoRestore

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X1100 Series]
"C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
"C:\Program Files\Winamp\winampa.exe"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ca3bebe2-5cf1-11dd-a53e-000ea63302b3}]
AutoRun\command- G:\wd_windows_tools\setup.exe




-- Hosts -----------------------------------------------------------------------

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

8972 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-08-11 18:42:32 ------------




extra.txt

-- Add/Remove Programs ---------------------------------------------------------

--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> C:\WINDOWS\System32\\MSIEXEC.EXE /I {09DA4F91-2A09-4232-AB8C-6BC740096DE3} REMOVE=UpdateMgrFeature
--> c:\WINDOWS\System32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{39DA87A1-0B26-4562-A70C-2A6147366E47}\Setup.exe"
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9F765BD0-B900-4EDE-A90B-61C8A9E95C42}\Setup.exe"
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BAD59025-5B73-4E12-B789-0028C5A573C2}\Setup.exe"
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0B095086-7205-4D48-90DF-DCD16613C6D4}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0B095086-7205-4D48-90DF-DCD16613C6D4}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{103BCDA0-E063-46AC-8028-64E78722ABA7}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{103BCDA0-E063-46AC-8028-64E78722ABA7}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2616B36E-38CE-4357-8AB5-8B3EE9B1C117}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2616B36E-38CE-4357-8AB5-8B3EE9B1C117}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{57FA4E0F-82C9-417D-87BC-0186D6CB7A44}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{836612F0-1571-4C65-A4B7-58A39AA578EE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{836612F0-1571-4C65-A4B7-58A39AA578EE}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9744AE38-1CC6-414F-96CE-0643AEE30A9B}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9744AE38-1CC6-414F-96CE-0643AEE30A9B}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9AB14DF5-3B04-4E3B-9969-695DBA7F2008}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9AB14DF5-3B04-4E3B-9969-695DBA7F2008}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9B5027F7-B355-4240-9DE8-E748AB8D07B1}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9B5027F7-B355-4240-9DE8-E748AB8D07B1}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9E54F486-CD4A-44A5-B041-16D4E1E56A53}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9E54F486-CD4A-44A5-B041-16D4E1E56A53}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CB99E420-8071-48F9-9567-4A53BE7569C4}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CB99E420-8071-48F9-9567-4A53BE7569C4}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D42EFA6C-0553-45F7-AD03-6D36207CA6D4}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D42EFA6C-0553-45F7-AD03-6D36207CA6D4}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D524239C-FD5C-4183-A49C-7930915A9C0A}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D524239C-FD5C-4183-A49C-7930915A9C0A}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DAAC5938-8026-4D0C-A476-D1954917B7F5}\SETUP.EXE" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DAAC5938-8026-4D0C-A476-D1954917B7F5}\SETUP.EXE" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DD2D9012-E5A1-4717-8EE9-8DB3F36E2F8C}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DD2D9012-E5A1-4717-8EE9-8DB3F36E2F8C}\setup.exe" -l0x9 /remove
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
a-squared Free 3.5 --> "C:\Program Files\a-squared Free\unins000.exe"
Acrobat.com --> C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe -uninstall com.adobe.mauby 4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
Acrobat.com --> MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
Adobe AIR --> C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR --> MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F}
Adobe Flash Player ActiveX --> C:\WINDOWS\System32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Photoshop Album Starter Edition --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{483616D1-867E-46F8-BEC7-3C6475933908}\apxp.ex_" -l0x9
Adobe Reader 9 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A90000000001}
Adobe Shockwave Player 11 --> C:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Ahead Nero Burning Rom PlugIn Pack 2.0.2 by MadHacker2k4 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2715D1D6-2B81-4DD5-A9DC-6EFF4D5E0993}\setup.exe" -l0x7 -removeonly
AIM 6 --> C:\Program Files\AIM6\uninst.exe
Aim Plugin for QQ Games --> C:\Program Files\Tencent\QQ Games\Plugin\Uninstall.EXE
AIM Toolbar 5.0 --> "C:\Program Files\AOL\AIM Toolbar 5.0\uninstall.exe"
AIMTunes --> C:\Program Files\AIMTunes\Uninstall.exe
AnyDVD --> "C:\Program Files\SlySoft\AnyDVD\AnyDVD-uninst.exe" /D="C:\Program Files\SlySoft\AnyDVD"
Apple Mobile Device Support --> MsiExec.exe /I{35B91753-5789-4517-9CF1-2CCE3A8CF4F1}
Apple Software Update --> MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
ArcSoft ShowBiz 2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{791B20D4-AE59-4DE9-B45F-BA01F3D0A493}\setup.exe" -l0x9
Battlefield 2142 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ED50ECE9-EC54-4C05-B5ED-EE4741A9F2EC}\setup.exe" -l0x9 -removeonly
Bonjour --> MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
CD Audio Reader Filter (remove only) --> "C:\Program Files\CD Audio Reader Filter\uninstall.exe"
CloneDVD2 --> "C:\Program Files\Elaborate Bytes\CloneDVD2\CloneDVD2-uninst.exe" /D="C:\Program Files\Elaborate Bytes\CloneDVD2"
Comcast High-Speed Internet Install Wizard --> C:\Program Files\support.com\uninstall\chsi_uninstaller.exe
Compaq Connections --> C:\WINDOWS\BWUnin-6.2.3.66L.exe -AppId 1940576
Compaq Instant Support --> C:\PROGRA~1\COMPAQ~2\UNWISE.EXE C:\PROGRA~1\COMPAQ~2\INSTALL.LOG
Creative MediaSource --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}\SETUP.EXE" -l0x9 /remove
Creative Removable Disk Manager --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{57FA4E0F-82C9-417D-87BC-0186D6CB7A44}\setup.exe" -l0x9 /remove
Creative System Information --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9 /remove
Creative Zen Sleek (for PlaysForSure devices) --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4FACA848-2ABF-4A80-B75A-D075295B746D}\SETUP.EXE" -l0x9 /remove
DC-Bass Source 1.1.1 --> "C:\Program Files\DSP-worx\DC-Bass Source\Uninstall.exe"
DirectVobSub (remove only) --> "C:\Program Files\DirectVobSub\uninstall.exe"
DScaler 5 Mpeg Decoders --> "C:\Program Files\DScaler5\unins000.exe"
DVD Decrypter (Remove Only) --> "C:\Program Files\DVD Decrypter\uninstall.exe"
DVD Shrink 3.2 --> "C:\Program Files\DVD Shrink\unins000.exe"
DVDFab HD Decrypter 4.0.5.0 --> "C:\Program Files\DVDFab HD Decrypter 4\unins000.exe"
Easy Internet Sign-up --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{0613467F-A45E-4CB1-9ECE-1F3DD79FB927} /l1033
ffdshow [rev 1685] [2007-12-06] --> "C:\Program Files\ffdshow\unins000.exe"
GameDrive --> "C:\Program Files\FarStone\GameDrive\Setup.exe"
Haali Media Splitter --> "C:\Program Files\Haali\MatroskaSplitter\uninstall.exe"
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
HP Deskjet Preloaded Printer Drivers --> MsiExec.exe /X{F419D20A-7719-4639-8E30-C073A040D878}
HP Photo & Imaging 3.1 --> C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Photo and Imaging 2.0 - Photosmart Cameras --> MsiExec.exe /X{5D7F0A0E-369E-46C0-9F99-FAB21A064781}
HP PSC & OfficeJet 3.0 --> "C:\Program Files\HP\Digital Imaging\{F38FA38A-7E5A-4209-88ED-4DE21CD20EEF}\setup\hpzscr01.exe" -datfile hposcr03.dat
HP Software Update --> MsiExec.exe /X{CC0A24CB-87C9-4F1C-A1F2-F87D8D4DDCAF}
Intel® Extreme Graphics Driver --> RUNDLL32.EXE C:\WINDOWS\System32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2572
IntelliMover Data Transfer Demo --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{14589F05-C658-4594-9429-D437BA688686}\Setup.exe" -l0x9
InterVideo WinDVD Player --> "C:\Program Files\InstallShield Installation Information\{98E8A2EF-4EAE-43B8-A172-74842B764777}\setup.exe" REMOVEALL
iTunes --> MsiExec.exe /I{EF6C4600-306D-4F6A-A119-C2A877D25B4A}
Java 2 Runtime Environment, SE v1.4.2 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142000}
Java™ 6 Update 4 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160040}
Java™ 6 Update 7 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
KBD --> C:\HP\KBD\KBD.EXE uninstalled
Lexmark X1100 Series --> C:\WINDOWS\system32\spool\drivers\w32x86\3\LXBKUN5C.EXE -dLexmark X1100 Series
McAfee SecurityCenter --> C:\Program Files\McAfee\MSC\mcuninst.exe
Memories Disc Creator 2.0 --> MsiExec.exe /X{2E132061-C78A-48D4-A899-1D13B9D189FA}
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7 --> "C:\WINDOWS\$NtUninstallWdf01007$\spuninst\spuninst.exe"
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Works 7.0 --> MsiExec.exe /I{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}
Mozilla Firefox (3.0.1) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Nero 6 Ultra Edition --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
Nero Digital --> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
NVIDIA Drivers --> C:\WINDOWS\system32\nvuninst.exe UninstallGUI
NVIDIA WDM Drivers --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B023185F-F1EF-4F97-B0BD-AE6D802226D1}\setup.exe"
OpenOffice.org 2.4 --> MsiExec.exe /I{2CD2C0DB-81C3-416B-9FA6-589B9235359B}
OpenSource Flash Video Splitter (remove only) --> "C:\Program Files\OpenSource Flash Video Splitter\uninstall.exe"
Opera 9.51 --> MsiExec.exe /X{1219497F-FA96-4D8E-9571-9C27A2A66B38}
PC-Doctor for Windows --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F7CCFA3-D926-4882-B2A5-A0217ED25597}\Setup.exe"
PeerGuardian 2.0 --> "C:\Program Files\PeerGuardian2\unins000.exe"
Photosmart 140,240,7200,7600,7700,7900 Series --> C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\setup\hpzscr01.exe -datfile hphscr01.dat
PS2 --> C:\WINDOWS\system32\ps2.exe uninstall
Python 2.2 combined Win32 extensions --> C:\Python22\Lib\SITE-P~1\UNWISE~1.EXE C:\Python22\Lib\SITE-P~1\w32inst.log
Python 2.2.1 --> C:\Python22\UNWISE.EXE C:\Python22\INSTALL.LOG
QQ Games --> C:\Program Files\Tencent\QQ Games\Uninstall.EXE
QuickTime --> MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175}
RealMedia (remove only) --> "C:\Program Files\RealMedia\uninstall.exe"
RecordNow! --> MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
Sansa Media Converter --> "C:\Program Files\InstallShield Installation Information\{FC053571-8507-44E4-8B6D-AACEAB8CA57C}\setup.exe" --u:{FC053571-8507-44E4-8B6D-AACEAB8CA57C}
Sansa Updater --> C:\Program Files\InstallShield Installation Information\{E2D7E05E-C8C7-45F4-8D89-D6696075E0B7}\setup.exe -runfromtemp -l0x0009 -removeonly
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
SHOUTcast Source (remove only) --> "C:\Program Files\SHOUTcast Source\uninstall.exe"
Sonic Update Manager --> MsiExec.exe /I{09DA4F91-2A09-4232-AB8C-6BC740096DE3}
SoulSeek 157 NS 13 --> "C:\Program Files\SoulseekNS\uninstall.exe"
SpamSubtract --> C:\PROGRA~1\INTERM~1\SPAMSU~1\UNWISE.EXE /U C:\PROGRA~1\INTERM~1\SPAMSU~1\INSTALL.LOG
Spybot - Search & Destroy --> "C:\Program Files\TommySD\unins000.exe"
System Requirements Lab --> C:\Program Files\SystemRequirementsLab\Uninstall.exe
Tag&Rename 3.3.5 --> "C:\Program Files\TagRename\unins000.exe"
VIA Rhine-Family Fast Ethernet Adapter --> Rundll32.exe vuins32.dll,vuins32Ex $Rhine $VIA
VideoLAN VLC media player 0.8.6i --> C:\Program Files\VideoLAN\VLC\uninstall.exe
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
WD Diagnostics --> MsiExec.exe /X{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}
Winamp --> "C:\Program Files\Winamp\UninstWA.exe"
Winamp Toolbar for Firefox --> "C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\93eab9nm.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\uninstall.exe"
Winamp Toolbar for Internet Explorer --> "C:\Program Files\Winamp Toolbar\uninstall.exe"
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Zoom Player (remove only) --> "C:\Program Files\Zoom Player\uninstall.exe"
Zune --> c:\Program Files\Zune\ZuneSetup.exe /x
Zune --> MsiExec.exe /X{FF70513F-E3A7-402F-84FB-B7810A064BE2}
Zune Language Pack (ES) --> MsiExec.exe /X{EE4ACABF-531E-419A-9225-B8E0FA4955AF}
Zune Language Pack (FR) --> MsiExec.exe /X{0076E1AC-9E7B-4B9F-A62A-4CC9511AD8E3}


-- Application Event Log -------------------------------------------------------

Event Record #/Type540 / Warning
Event Submitted/Written: 08/11/2008 03:42:12 PM
Event ID/Source: 0 / COM+ SOAP Services
Event Description:
Removal of an assembly from the global assembly cache failed: C:\Program Files\McAfee\MBK\Arbus.Interfacing.Library.dll Arbus.Interfacing.Library,Version=1.0.0.27362

Event Record #/Type539 / Warning
Event Submitted/Written: 08/11/2008 03:42:12 PM
Event ID/Source: 0 / COM+ SOAP Services
Event Description:
Removal of an assembly from the global assembly cache failed: C:\Program Files\McAfee\MBK\ArbusApplicationController.dll ArbusApplicationController,Version=1.0.2563.27362

Event Record #/Type532 / Error
Event Submitted/Written: 08/11/2008 11:39:47 AM
Event ID/Source: 5051 / McLogEvent
Event Description:
A thread in process C:\Program Files\McAfee\VirusScan\McShield.exe took longer than 90000 ms to complete a request.

The process will be terminated.
Thread id : 2568 (0xa08)

Thread address : 0x7C90EB94

Thread message :

Build VSCORE.14.0.0.349 / 5200.2160
Object being scanned = \Device\HarddiskVolume2\Documents and Settings\Owner\Desktop\BF2142_Update_1.50.exe
by C:\WINDOWS\Explorer.EXE
4(0)(0)
4(0)(0)
7200(0)(0)
7595(0)(0)
7005(0)(0)
7004(0)(0)
5006(0)(0)
5004(0)(0)

Event Record #/Type506 / Error
Event Submitted/Written: 08/11/2008 07:50:19 AM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Event Record #/Type505 / Error
Event Submitted/Written: 08/11/2008 07:50:19 AM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type9703 / Error
Event Submitted/Written: 08/11/2008 03:41:20 PM
Event ID/Source: 7032 / Service Control Manager
Event Description:
The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the McAfee Network Agent service, but this action failed with the following error:
%%1056

Event Record #/Type9702 / Error
Event Submitted/Written: 08/11/2008 03:41:19 PM
Event ID/Source: 7032 / Service Control Manager
Event Description:
The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the McAfee Services service, but this action failed with the following error:
%%1056

Event Record #/Type9694 / Error
Event Submitted/Written: 08/11/2008 03:40:20 PM
Event ID/Source: 7031 / Service Control Manager
Event Description:
The McAfee Network Agent service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Event Record #/Type9693 / Error
Event Submitted/Written: 08/11/2008 03:40:19 PM
Event ID/Source: 7031 / Service Control Manager
Event Description:
The McAfee Services service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Event Record #/Type9659 / Error
Event Submitted/Written: 08/11/2008 11:39:48 AM
Event ID/Source: 7031 / Service Control Manager
Event Description:
The McAfee Real-time Scanner service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.



-- End of Deckard's System Scanner: finished at 2008-08-11 18:42:32 ------------



Kaspersky
Monday, August 11, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Monday, August 11, 2008 21:32:49
Records in database: 1083444
Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes
Scan area My Computer
A:\
C:\
D:\
E:\
F:\
H:\
L:\
M:\
N:\
Scan statistics
Files scanned 80667
Threat name 2
Infected objects 5
Suspicious objects 0
Duration of the scan 01:53:49

File name Threat name Threats count
C:\QooBox\Quarantine\catchme2008-08-11_ 45024.39.zip Infected: not-a-virus:FraudTool.Win32.UltimateDefender.cm 2
C:\Tommyfix\Tommyfix\backups\backups.zip Infected: not-a-virus:FraudTool.Win32.UltimateDefender.cm 1
C:\Tommyfix\Tommyfix\backups\backups.zip Infected: Hoax.Win32.Renos.vaqt 2
The selected area was scanned.

Edited by Kotetsua, 11 August 2008 - 05:53 PM.


BC AdBot (Login to Remove)

 


#2 Shaba

Shaba

    Koutsi


  • Members
  • 7,872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:06:41 AM

Posted 24 August 2008 - 06:46 AM

Hello and welcome to BC

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. We aim to provide the valuable service known to come from BC to every member we can, but sometimes it takes just a little longer to get to every request for help.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

Thanks and again sorry for the delay.

Please see here for instructions
how to install HijackThis and make a logfile. Save it into convenient location and include it to your next reply, please.

Next
Please do a scan with Kaspersky Online Scanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
Please post back with HijackThis log and Kaspersky report.

Regards
Microsoft MVP Consumer Security
Posted Image

Posted Image

#3 Shaba

Shaba

    Koutsi


  • Members
  • 7,872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:06:41 AM

Posted 29 August 2008 - 04:09 AM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Microsoft MVP Consumer Security
Posted Image

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users