Rapidly dimishing disk space

msc1 · 02-29-2008, 08:13 AM

Any help you can provide will be appreciated. I will try to explain this best I can. I am sure I infected. I keep getting:

Low Disk Space

You are running very los on disk space on System (C:) etc. .....

I deleted program after program and it keeps happening which leads me to think a virus is filling the space.

I went through the steps listed but couldn't get Panda to run. I am completely updated on my operating system.

I proceeded on and here is the logs from DSS

-----------------------------------------------------------

Deckard's System Scanner v20071014.68
Run by mconrad on 2008-02-29 06:21:22
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

System Restore is disabled; attempting to re-enable...failed; access is denied.

Backed up registry hives.
Performed disk cleanup.

System Drive C: has 0.01 GiB (less than 15%) free.

-- HijackThis Clone ------------------------------------------------------------

Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-02-29 06:26:17
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\SafeBoot\sbmgrnt.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ISS\Proventia Desktop\blackd.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\cusrvc.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\GlobeSoft\MultiNetwork Manager\NTx\GSBootTimeSrv.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdiserv.exe
C:\WINDOWS\system32\lxdicoms.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\ISS\Proventia Desktop\RapApp.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\ITSSupportCenter\bin\tgsrvc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\ISS\Proventia Desktop\vpatch.exe
C:\Program Files\Webroot\Enterprise\Spy Sweeper\CommAgent.exe
C:\Program Files\KPMG\Global Desktop\MBL\Base\MBLTrigger.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\nwtray.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\HPQ\Quick Launch Buttons\eabservr.exe
C:\Program Files\Atheros\ACU\Utility\ACU.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Logitech\MouseWare\system\EM_EXEC.EXE
C:\Program Files\Webroot\Enterprise\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Symantec AntiVirus\VPTray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\ITSSupportCenter\bin\sprtcmd.exe
C:\Program Files\GlobeSoft\MultiNetwork Manager\NTx\MNMCtrl.exe
C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe
C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
D:\Documents and Settings\mconrad\Desktop\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.kworld.kpmg.com/usearch/USearch.asp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.kworld.kpmg.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by KPMG
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.kworld.kpmg.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll
O2 - BHO: (no name) - {48edeaba-3d9f-4f2a-b942-f599fc8380a5} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar2.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: mySKG&! - {0D2DF949-98D1-4FD9-B609-2F62A063A8E0} - C:\Program Files\MySKG Toolbar\CustomToolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar2.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE
O4 - HKLM\..\Run: [LU Check] C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vpdn_lu.exe /s
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [ACU_QSB] C:\Program Files\Atheros\ACU\Utility\ACU.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SpySweeperEnterprise] "C:\Program Files\Webroot\Enterprise\Spy Sweeper\SpySweeperUI.exe" /StartInTray
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [SBMGRNT.EXE] C:\PROGRA~1\SafeBoot\SBMGRNT.EXE -WinLogon
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [sprt65ProdPID] "C:\Program Files\ITSSupportCenter\bin\sprtcmd.exe" /P sprt65ProdPID
O4 - HKLM\..\Run: [MNM] "C:\Program Files\GlobeSoft\MultiNetwork Manager\\NTX\MNMCtrl" /h /d 20
O4 - HKLM\..\Run: [Digital Distribution] "D:\Content Download\731439\Program\Digital Distribution.exe" -startup
O4 - HKLM\..\Run: [lxdimon.exe] "C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe"
O4 - HKLM\..\Run: [lxdiamon] "C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = ?
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O10 - Broken Internet access because of LSP provider 'C:\WINDOWS\system32\netware\NWWS2NDS.DLL' missing
O10 - Unknown file in Winsock LSP: C:\WINDOWS\system32\nwprovau.dll
O15 - Trusted Zone: https://hrpayroll-ma.ceridian.com (HKLM)
O15 - Trusted Zone: https://webconnect.fleet.com (HKLM)
O15 - Trusted Zone: http://gbsaccountrecs.ge.com (HKLM)
O15 - Trusted Zone: https://vision.hostedaccess.com (HKLM)
O15 - Trusted Zone: https://*.aspac.kpmg.com (HKLM)
O15 - Trusted Zone: https://*.ema.kpmg.com (HKLM)
O15 - Trusted Zone: https://*.kclient.kworld.kpmg.com (HKLM)
O15 - Trusted Zone: http://abcv.kworld.kpmg.com (HKLM)
O15 - Trusted Zone: http://conf.kworld.kpmg.com (HKLM)
O15 - Trusted Zone: http://cvsearch.kworld.kpmg.com (HKLM)
O15 - Trusted Zone: https://interpreter.kworld.kpmg.com (HKLM)
O15 - Trusted Zone: https://itssupportcenter.us.kworld.kpmg.com (HKLM)
O15 - Trusted Zone: http://maint.kworld.kpmg.com (HKLM)
O15 - Trusted Zone: http://search.kworld.kpmg.com (HKLM)
O15 - Trusted Zone: http://suggestions.kworld.kpmg.com (HKLM)
O15 - Trusted Zone: http://training1.us.kworld.kpmg.com (HKLM)
O15 - Trusted Zone: http://www.kworld.kpmg.com (HKLM)
O15 - Trusted Zone: https://www.seccsq.kworld.kpmg.com (HKLM)
O15 - Trusted Zone: https://www.tsgem.kworld.kpmg.com (HKLM)
O15 - Trusted Zone: http://kpmgconsulting.com (HKLM)
O15 - Trusted Zone: https://www.kpmgexpatextranet.com (HKLM)
O15 - Trusted Zone: https://kpmglink.com (HKLM)
O15 - Trusted Zone: http://www.kpmgtax.com (HKLM)
O15 - Trusted Zone: https://kpmgvirtualihr.com (HKLM)
O15 - Trusted Zone: http://www.matrixcapitalonline.com (HKLM)
O15 - Trusted Zone: http://meomweb14 (HKLM)
O15 - Trusted Zone: http://www.micromash.net (HKLM)
O15 - Trusted Zone: http://kworld2.newsedge-web.com (HKLM)
O15 - Trusted Zone: https://hrpayroll-ma.ceridian.com (HKCU)
O15 - Trusted Zone: https://webconnect.fleet.com (HKCU)
O15 - Trusted Zone: http://gbsaccountrecs.ge.com (HKCU)
O15 - Trusted Zone: https://vision.hostedaccess.com (HKCU)
O15 - Trusted Zone: https://*.kclient.kworld.kpmg.com (HKCU)
O15 - Trusted Zone: http://abcv.kworld.kpmg.com (HKCU)
O15 - Trusted Zone: http://conf.kworld.kpmg.com (HKCU)
O15 - Trusted Zone: http://cvsearch.kworld.kpmg.com (HKCU)
O15 - Trusted Zone: https://interpreter.kworld.kpmg.com (HKCU)
O15 - Trusted Zone: https://itssupportcenter.us.kworld.kpmg.com (HKCU)
O15 - Trusted Zone: http://maint.kworld.kpmg.com (HKCU)
O15 - Trusted Zone: http://search.kworld.kpmg.com (HKCU)
O15 - Trusted Zone: http://suggestions.kworld.kpmg.com (HKCU)
O15 - Trusted Zone: http://training1.us.kworld.kpmg.com (HKCU)
O15 - Trusted Zone: http://www.kworld.kpmg.com (HKCU)
O15 - Trusted Zone: https://www.seccsq.kworld.kpmg.com (HKCU)
O15 - Trusted Zone: https://www.tsgem.kworld.kpmg.com (HKCU)
O15 - Trusted Zone: http://kpmgconsulting.com (HKCU)
O15 - Trusted Zone: https://www.kpmgexpatextranet.com (HKCU)
O15 - Trusted Zone: https://kpmglink.com (HKCU)
O15 - Trusted Zone: http://www.kpmgtax.com (HKCU)
O15 - Trusted Zone: https://kpmgvirtualihr.com (HKCU)
O15 - Trusted Zone: http://www.matrixcapitalonline.com (HKCU)
O15 - Trusted Zone: http://meomweb14 (HKCU)
O15 - Trusted Zone: http://www.micromash.net (HKCU)
O15 - Trusted Zone: http://kworld2.newsedge-web.com (HKCU)
O16 - DPF: TIMEnX Client Library () - http://timenx.us.kworld.kpmg.com/tnxclient.cab
O16 - DPF: TIMEnX VisiBroker Library () - http://timenx.us.kworld.kpmg.com/tnxvb.cab
O16 - DPF: Yahoo! Canasta () - http://download2.games.yahoo.com/gam...ts/y/yt2_x.cab
O16 - DPF: Yahoo! Pinochle () - http://download.games.yahoo.com/game...ts/y/ut2_x.cab
O16 - DPF: {009F119F-8723-11D3-8791-00A0C9EF9624} (RSFTreeView Class) - https://eformrs.com/FormOpen/RSFormsTV.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {0DE70C1A-5136-45F6-95DA-B81CCF0DA5B3} (RIARSDocumentum.DocumentumIntegration) - https://gosystemrs.fasttax.com/OCX/RIARSDocumentum.cab
O16 - DPF: {13F71666-05F2-11D2-B2F6-00A0C9A08B64} (CommonBridge Class) - https://gosystemrs.fasttax.com/OCX/comconv.cab
O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} (Macromedia Authorware Web Player Control) - http://download.macromedia.com/pub/s...re/awswaxf.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {187728C3-71FD-11D3-878E-00A0C9EF9624} (RSFCalculating Class) - https://eformrs.com/FormOpen/Dll/RSFCalc.cab
O16 - DPF: {227F25BE-BCDC-11D0-BA80-0000F6181652} (CLRMachineInfoCtl Class) - https://gosystemrs.fasttax.com/OCX/RSLoginModule.cab
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} (Shockwave ActiveX Control) - http://fpdownload.macromedia.com/pub...irector/sw.cab
O16 - DPF: {2EC07293-4DF5-11D5-992B-0001020FC1FC} (RSCompConvClient Class) - https://gosystemrs.fasttax.com/OCX/comconv.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} () - http://moneycentral.msn.com/cabs/pmupd806.exe
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeup...tent/opuc3.cab
O16 - DPF: {42D683F7-9C1B-11D7-A860-005056C00001} (.print Client RDP Webinstall) - https://www.virtualpc.amr.kworld.kpmg.com/TPRDPenN.cab
O16 - DPF: {455182EE-8F93-11D2-BA3C-00C04F7F6533} (CLRTabbedList Class) - https://gosystemrs.fasttax.com/OCX/RSTabbedList.cab
O16 - DPF: {4E330863-6A11-11D0-BFD8-006097237877} (InstallFromTheWeb ActiveX Control) - https://gosystemrs.fasttax.com/OCX/iftwclix.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/20b6f8be...p/RdxIE601.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1204297043652
O16 - DPF: {6D59A1DF-87FB-11D4-836D-00805F6FC463} () - http://usisweb.us.kworld.kpmg.com/ms...3/SetupINF.cab
O16 - DPF: {7B640A40-EEC1-11D2-B526-00C04F8DEE99} (WebAttachObj Class) - https://gosystemrs.fasttax.com/OCX/WebAttachments.cab
O16 - DPF: {82BFFC8C-B4BD-11D4-9908-000102053AFB} (GRSNotifierCtrl Class) - https://gosystemrs.fasttax.com/OCX/webnotifier.cab
O16 - DPF: {86B092BC-7ABA-11D4-98E7-000102053AFB} (MultiDownload Class) - https://gosystemrs.fasttax.com/OCX/Downloader.cab
O16 - DPF: {973EA5BE-9ED6-11D3-AB1D-00C04F7468E4} (IParseCSV Class) - https://gosystemrs.fasttax.com/OCX/DCParse.cab
O16 - DPF: {97A90946-2984-11D3-AAE7-00C04F7468E4} (FrmSrcCt Control) - https://gosystemrs.fasttax.com/OCX/frmsrc.cab
O16 - DPF: {99140A4E-88C5-11D3-8793-00A0C9EF9624} (RSFDisplay Class) - https://eformrs.com/FormOpen/RSFormsDP.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {B24F0664-7DDA-40B6-B38C-A4FD68DE8685} (CentraDownloaderCtl Class) - https://klladmin.us.kworld.kpmg.com/...Downloader.cab
O16 - DPF: {C5F6B73A-D6E8-46DD-895C-8FE98DC8CFA4} (RSFConvert.MDB) - https://eformrs.com/RSFConvert.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
O16 - DPF: {D76D712E-4A96-11D3-BD95-D296DC2DD072} (:-) VideoSoft FlexGrid 7.0 (OLEDB)) - https://gosystemrs.fasttax.com/OCX/vsflex7.cab
O17 - HKLM\Software\..\Telephony: DomainName = clients.us.kworld.kpmg.com
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{B28F6916-34B9-4861-BBAF-641F7602713C}: Domain = us.kworld.kpmg.com
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{B28F6916-34B9-4861-BBAF-641F7602713C}: NameServer = 10.1.150.4,10.1.150.7,10.13.240.10
O17 - HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: Domain = clients.us.kworld.kpmg.com
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: Domain = clients.us.kworld.kpmg.com
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O20 - Winlogon Notify: mnm_7_bta - C:\Program Files\GlobeSoft\MultiNetwork Manager\NTx\MNMEventNotify.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Client Update Service for Novell (cusrvc) - Novell, Inc. - C:\WINDOWS\system32\cusrvc.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Unknown owner - C:\Program Files\Symantec
O23 - Service: GSBootTimeSrv - Globesoft® Corporation - C:\Program Files\GlobeSoft\MultiNetwork Manager\NTx\GSBootTimeSrv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: lxdiCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdiserv.exe
O23 - Service: lxdi_device - Unknown owner - C:\WINDOWS\system32\lxdicoms.exe
O23 - Service: KPMG GD MBL Trigger (mblTrigger) - KPMG - C:\Program Files\KPMG\Global Desktop\MBL\Base\MBLTrigger.exe
O23 - Service: OracleMTSRecoveryService - Oracle Corporation - C:\oracle\ora92\bin\omtsreco.exe
O23 - Service: OracleOraHome92ClientCache - Unknown owner - C:\oracle\ora92\bin\ONRSD.EXE
O23 - Service: SafeBoot Configuration Manager (SafeBootConfigurationManager) - Control Break International - C:\Program Files\SafeBoot\sbmgrnt.exe
O23 - Service: SavRoam - Unknown owner - C:\Program Files\Symantec
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Unknown owner - C:\Program Files\Symantec
O23 - Service: SupportSoft Repair Service (sprt65prodpid) (tgsrvc_sprt65prodpid) - SupportSoft, Inc. - C:\Program Files\ITSSupportCenter\bin\tgsrvc.exe
O23 - Service: Vsclient Service (VnxService) - Unknown owner - C:\WINDOWS\system32\vnxserv.exe
O23 - Service: Webroot CommAgent Service (WebrootCommAgentService) - Webroot Software, Inc. - C:\Program Files\Webroot\Enterprise\Spy Sweeper\CommAgent.exe
O23 - Service: WebrootSpySweeperService - Webroot Software, Inc. - C:\Program Files\Webroot\Enterprise\Spy Sweeper\SPYSWEEPER.EXE

--
End of file - 19825 bytes

-- File Associations -----------------------------------------------------------

All associations okay.

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 NICM (Novell InterService Communication Driver) - c:\windows\system32\drivers\nicm.sys <Not Verified; Novell, Inc.; Novell XTier for Windows>
R0 NWFILTER (Novell UNC Path Filter) - c:\windows\system32\netware\nwfilter.sys <Not Verified; Novell, Inc.; Novell Client for Windows>
R0 SafeBoot - c:\windows\system32\drivers\safeboot.sys
R0 SBAlg - c:\windows\system32\drivers\sbalg.sys <Not Verified; Control Break International; SafeBoot Security System>
R1 eabfiltr - c:\windows\system32\drivers\eabfiltr.sys <Not Verified; Hewlett-Packard Company; Quick Launch Buttons>
R1 RsvLock - c:\windows\system32\drivers\rsvlock.sys <Not Verified; Control Break International; SafeBoot Security System>
R1 SBFlop - c:\windows\system32\drivers\sbflop.sys <Not Verified; Control Break International; SafeBoot Security System>
R1 SbPrcCtl - c:\windows\system32\drivers\sbprcctl.sys <Not Verified; Control Break International; SafeBoot Security System>
R2 ATNT40K (ActiveTouch NT Appsharing Driver) - c:\windows\system32\drivers\atnt40k.sys
R2 NetwareWorkstation (Novell Client for Windows) - c:\windows\system32\netware\nwfs.sys <Not Verified; Novell, Inc.; Novell Client for Windows>
R2 NWDHCP (Novell DHCP Inform Client) - c:\windows\system32\netware\nwdhcp.sys
R2 NWSIPX32 (Novell NetWare IPX/SPX Transport Interface) - c:\windows\system32\netware\nwsipx32.sys <Not Verified; Novell, Inc.; Novell Client for Windows>
R2 RESMGR (Novell NetWare Resource Manager) - c:\windows\system32\netware\resmgr.sys <Not Verified; Novell, Inc.; Novell Client for Windows>
R2 SRVLOC (Novell Service Location) - c:\windows\system32\netware\srvloc.sys <Not Verified; Novell, Inc.; Novell Client for Windows>
R2 VnxTcp - c:\windows\system32\drivers\vnxtcp.sys
R3 GSNDIS5 (GSNDIS5 NDIS Protocol Driver) - c:\program files\globesoft\multinetwork manager\ntx\gsndis5.sys <Not Verified; GlobeSoft AB; GlobeSoft AB>
R3 MakoNT - c:\windows\system32\drivers\makont.sys <Not Verified; Internet Security Systems, Inc.; ISS Proventia>
R3 NWSAP (Novell SAP Name Space Provider) - c:\windows\system32\netware\nwsap.sys
R3 NWSNS (Novell Simple Naming Services) - c:\windows\system32\netware\nwsns.sys
R3 PCASp50 (PCASp50 NDIS Protocol Driver) - c:\windows\system32\drivers\pcasp50.sys (file missing)
R3 rap - c:\windows\system32\drivers\rapdrv.sys <Not Verified; Internet Security Systems, Inc.; ISS Proventia>
R4 black - c:\windows\system32\drivers\blackcat.sys <Not Verified; Internet Security Systems, Inc.; ISS Proventia Host>

S3 eabusb - c:\windows\system32\drivers\eabusb.sys <Not Verified; Hewlett-Packard Company; Quick Launch Buttons>
S3 NWDNS (Novell DNS Name Space Service Provider) - c:\windows\system32\netware\nwdns.sys
S3 NWHOST (Novell Host File Name Space Service Provider) - c:\windows\system32\netware\nwhost.sys
S3 NWSLP (Novell SLP Name Space Service Provider) - c:\windows\system32\netware\nwslp.sys
S3 RapFile - c:\windows\system32\drivers\rapfile.sys <Not Verified; Internet Security Systems, Inc.; Rap Protection System>
S3 RapNet - c:\windows\system32\drivers\rapnet.sys <Not Verified; Internet Security Systems, Inc.; Rap Protection System>

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 BlackICE - "c:\program files\iss\proventia desktop\blackd.exe" <Not Verified; Internet Security Systems, Inc.; ISS Proventia>
R2 cusrvc (Client Update Service for Novell) - c:\windows\system32\cusrvc.exe <Not Verified; Novell, Inc.; Novell Client for Windows>
R2 GSBootTimeSrv - "c:\program files\globesoft\multinetwork manager\ntx\gsboottimesrv.exe" <Not Verified; Globesoft® Corporation; MultiNetwork Manager>
R2 mblTrigger (KPMG GD MBL Trigger) - "c:\program files\kpmg\global desktop\mbl\base\mbltrigger.exe" <Not Verified; KPMG; MBL>
R2 RapApp - c:\program files\iss\proventia desktop\rapapp.exe <Not Verified; Internet Security Systems, Inc.; ISS Proventia>
R2 SafeBootConfigurationManager (SafeBoot Configuration Manager) - c:\program files\safeboot\sbmgrnt.exe <Not Verified; Control Break International; SafeBoot Security System>
R2 SavRoam - c:\program files\symantec antivirus\savroam.exe
R2 Symantec AntiVirus - c:\program files\symantec antivirus\rtvscan.exe
R2 tgsrvc_sprt65prodpid (SupportSoft Repair Service (sprt65prodpid)) - c:\program files\itssupportcenter\bin\tgsrvc.exe /p sprt65prodpid <Not Verified; SupportSoft, Inc.; SupportSoft Repair Service>
R2 VPatch (ISS Buffer Overflow Exploit Prevention) - c:\program files\iss\proventia desktop\vpatch.exe <Not Verified; Internet Security Systems, Inc.; ISS Proventia>
R2 WebrootCommAgentService (Webroot CommAgent Service) - c:\program files\webroot\enterprise\spy sweeper\commagent.exe <Not Verified; Webroot Software, Inc.; ComAgent>

S3 VnxService (Vsclient Service) - c:\windows\system32\vnxserv.exe
S4 OracleMTSRecoveryService - c:\oracle\ora92\bin\omtsreco.exe "oraclemtsrecoveryservice" <Not Verified; Oracle Corporation; Oracle MTS Recovery Service>
S4 OracleOraHome92ClientCache - c:\oracle\ora92\bin\onrsd.exe

-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Cisco Systems VPN Adapter
Device ID: ROOT\NET\0000
Manufacturer: Cisco Systems
Name: Cisco Systems VPN Adapter
PNP Device ID: ROOT\NET\0000
Service: CVirtA

-- Files created between 2008-01-29 and 2008-02-29 -----------------------------

2008-02-29 05:52:21 0 d-------- C:\Program Files\SpywareBlaster
2008-02-29 05:43:01 0 d-------- C:\WINDOWS\system32\ActiveScan
2008-02-28 22:50:46 44928 --a------ C:\WINDOWS\system32\drivers\SDTHOOK.SYS <Not Verified; Panda Software; Panda® Antivirus>
2008-02-28 22:47:38 8576 --a------ C:\WINDOWS\system32\drivers\shpytikeiyyp.sys <Not Verified; Panda Software International; RKPavProc Driver>
2008-02-28 22:37:41 8576 --a------ C:\WINDOWS\system32\drivers\RkPavProc.sys <Not Verified; Panda Software International; RKPavProc Driver>
2008-02-28 22:13:34 0 d-------- C:\WINDOWS\LastGood
2008-02-27 15:02:13 0 d-------- C:\Program Files\Common Files\ODBC

-- Find3M Report ---------------------------------------------------------------

2008-02-28 22:48:36 0 d-------- C:\Program Files\SafeBoot
2008-02-28 22:46:43 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-02-28 22:45:43 0 d-------- C:\Program Files\Symantec AntiVirus
2008-02-28 22:41:38 0 d-------- C:\Program Files\Lexmark 3500-4500 Series
2008-02-28 22:39:08 0 d-------- C:\Program Files\Google
2008-02-28 22:39:04 0 d-------- C:\Program Files\Windows Desktop Search
2008-02-28 21:25:47 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-02-27 15:02:13 0 d-------- C:\Program Files\Common Files
2008-02-26 09:13:08 0 d-------- C:\Program Files\mIRC
2008-02-23 15:02:01 0 d-------- C:\Program Files\RIA
2008-02-22 17:16:39 0 d-------- C:\Program Files\Yahoo!
2008-02-22 17:16:24 0 d-------- C:\Program Files\QuickTime
2008-02-22 17:15:46 0 d-------- C:\Program Files\CentraOne
2008-02-22 17:15:35 0 d-------- C:\Program Files\Lexmark Fax Solutions
2008-02-06 12:11:16 0 d-------- C:\Program Files\2006Templates
2008-02-06 12:11:02 0 d-------- C:\Program Files\eWPsState
2008-02-06 12:05:30 0 d-------- C:\Program Files\ewp1120
2008-02-06 12:05:20 0 d-------- C:\Program Files\Data Tools
2008-02-06 12:05:03 0 d-------- C:\Program Files\Reference Tools
2008-01-29 20:26:04 0 d-------- D:\Documents and Settings\mconrad\Application Data\yoclient
2008-01-24 14:28:11 0 d-------- C:\Program Files\Common Files\Deterministic Networks
2008-01-24 14:28:05 0 d-------- C:\Program Files\Cisco Systems
2008-01-15 02:00:28 0 d-------- D:\Documents and Settings\mconrad\Application Data\Adobe
2008-01-14 07:38:56 0 d-------- C:\Program Files\Davidson

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0D2DF949-98D1-4FD9-B609-2F62A063A8E0} REG_SZ ]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{48edeaba-3d9f-4f2a-b942-f599fc8380a5}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{0D2DF949-98D1-4FD9-B609-2F62A063A8E0}"= C:\Program Files\MySKG Toolbar\CustomToolbar.dll [12/21/2004 12:53 PM 258048]

[-HKEY_CLASSES_ROOT\CLSID\{0D2DF949-98D1-4FD9-B609-2F62A063A8E0}]
[HKEY_CLASSES_ROOT\CustomToolbar.Toolbar]
[HKEY_CLASSES_ROOT\TypeLib\{20C92556-F070-450D-AD63-0A86953AC2FF}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NWTRAY"="NWTRAY.EXE" [03/12/2002 05:37 AM C:\WINDOWS\system32\nwtray.exe]
"LU Check"="C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vpdn_lu.exe" []
"AGRSMMSG"="AGRSMMSG.exe" [03/09/2004 12:24 PM C:\WINDOWS\AGRSMMSG.exe]
"eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [09/26/2003 12:04 AM]
"ACU_QSB"="C:\Program Files\Atheros\ACU\Utility\ACU.exe" [09/24/2003 12:53 AM]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [10/05/2004 11:25 AM]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [10/05/2004 11:24 AM]
"EM_EXEC"="C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE" [07/01/2002 08:50 AM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [06/25/2006 08:24 AM]
"SpySweeperEnterprise"="C:\Program Files\Webroot\Enterprise\Spy Sweeper\SpySweeperUI.exe" [01/04/2006 11:59 AM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [12/21/2005 08:33 AM]
"vptray"="C:\PROGRA~1\SYMANT~2\VPTray.exe" [05/27/2006 11:06 AM]
"SBMGRNT.EXE"="C:\PROGRA~1\SafeBoot\SBMGRNT.exe" [09/18/2006 09:40 AM]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [06/07/2005 08:05 PM]
"sprt65ProdPID"="C:\Program Files\ITSSupportCenter\bin\sprtcmd.exe" [11/10/2006 05:11 AM]
"MNM"="C:\Program Files\GlobeSoft\MultiNetwork Manager\\NTX\MNMCtrl /h /d 20" []
"Digital Distribution"="D:\Content Download\731439\Program\Digital Distribution.exe" [10/08/2007 09:50 AM]
"lxdimon.exe"="C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe" [05/07/2007 09:07 AM]
"lxdiamon"="C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe" [03/05/2007 03:40 AM]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [12/14/2004 02:12 AM]
"@"="" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [03/17/2006 06:46 AM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [03/30/2007 07:16 AM]

D:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-100000000002}\SC_Acrobat.exe [12/7/2007 9:46:20 AM]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [4/19/2006 11:41:30 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"CompatibleRUPSecurity"=1 (0x1)
"disablecad"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispScrSavPage"=0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"NoDispScrSavPage"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoMSAppLogo5ChannelNotify"=1 (0x1)
"NoToolbarCustomize"=0 (0x0)
"NoBandCustomize"=0 (0x0)
"NoSMConfigurePrograms"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoWindowsUpdate"=0 (0x0)
"Btn_Back"=0 (0x0)
"Btn_Forward"=0 (0x0)
"Btn_Stop"=0 (0x0)
"Btn_Refresh"=0 (0x0)
"Btn_Home"=0 (0x0)
"Btn_Search"=0 (0x0)
"Btn_History"=0 (0x0)
"Btn_Favorites"=0 (0x0)
"Btn_Media"=0 (0x0)
"Btn_Folders"=0 (0x0)
"Btn_Fullscreen"=0 (0x0)
"Btn_Tools"=0 (0x0)
"Btn_MailNews"=0 (0x0)
"Btn_Size"=0 (0x0)
"Btn_Print"=0 (0x0)
"Btn_Edit"=0 (0x0)
"Btn_Discussions"=0 (0x0)
"Btn_Cut"=0 (0x0)
"Btn_Copy"=0 (0x0)
"Btn_Paste"=0 (0x0)
"Btn_Encoding"=0 (0x0)
"Btn_PrintPreview"=0 (0x0)
"NoActiveDesktop"=0 (0x0)
"NoActiveDesktopChanges"=0 (0x0)
"NoInternetIcon"=0 (0x0)
"NoDesktop"=0 (0x0)
"NoFavoritesMenu"=0 (0x0)
"NoFind"=0 (0x0)
"NoRun"=0 (0x0)
"NoSetActiveDesktop"=0 (0x0)
"NoChangeStartMenu"=0 (0x0)
"NoFolderOptions"=0 (0x0)
"NoRecentDocsMenu"=0 (0x0)
"NoRecentDocsHistory"=0 (0x0)
"ClearRecentDocsOnExit"=0 (0x0)
"NoLogoff"=0 (0x0)
"NoClose"=0 (0x0)
"NoSetFolders"=0 (0x0)
"NoSetTaskbar"=0 (0x0)
"NoTrayContextMenu"=0 (0x0)
"NoFileMenu"=0 (0x0)
"NoViewContextMenu"=0 (0x0)
"EnforceShellExtensionSecurity"=0 (0x0)
"LinkResolveIgnoreLinkInfo"=0 (0x0)
"NoNetConnectDisconnect"=0 (0x0)
"NoDeletePrinter"=0 (0x0)
"NoAddPrinter"=0 (0x0)
"NoPrinterTabs"=0 (0x0)
"DisallowCpl"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\DisallowCpl]
"1"=firewall.cpl
"2"=Security Center
"3"=Symantec LiveUpdate
"4"=wuaucpl.cpl

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"Btn_Back"=0 (0x0)
"Btn_Forward"=0 (0x0)
"Btn_Stop"=0 (0x0)
"Btn_Refresh"=0 (0x0)
"Btn_Home"=0 (0x0)
"Btn_Search"=0 (0x0)
"Btn_History"=0 (0x0)
"Btn_Favorites"=0 (0x0)
"Btn_Media"=0 (0x0)
"Btn_Folders"=0 (0x0)
"Btn_Fullscreen"=0 (0x0)
"Btn_Tools"=0 (0x0)
"Btn_MailNews"=0 (0x0)
"Btn_Size"=0 (0x0)
"Btn_Print"=0 (0x0)
"Btn_Edit"=0 (0x0)
"Btn_Discussions"=0 (0x0)
"Btn_Cut"=0 (0x0)
"Btn_Copy"=0 (0x0)
"Btn_Paste"=0 (0x0)
"Btn_Encoding"=0 (0x0)
"Btn_PrintPreview"=0 (0x0)
"NoActiveDesktop"=0 (0x0)
"NoActiveDesktopChanges"=0 (0x0)
"NoInternetIcon"=0 (0x0)
"NoDesktop"=0 (0x0)
"NoFavoritesMenu"=0 (0x0)
"NoFind"=0 (0x0)
"NoRun"=0 (0x0)
"NoSetActiveDesktop"=0 (0x0)
"NoWindowsUpdate"=0 (0x0)
"NoChangeStartMenu"=0 (0x0)
"NoFolderOptions"=0 (0x0)
"NoRecentDocsMenu"=0 (0x0)
"NoRecentDocsHistory"=0 (0x0)
"ClearRecentDocsOnExit"=0 (0x0)
"NoLogoff"=0 (0x0)
"NoClose"=0 (0x0)
"NoSetFolders"=0 (0x0)
"NoSetTaskbar"=0 (0x0)
"NoTrayContextMenu"=0 (0x0)
"NoFileMenu"=0 (0x0)
"NoViewContextMenu"=0 (0x0)
"EnforceShellExtensionSecurity"=0 (0x0)
"LinkResolveIgnoreLinkInfo"=0 (0x0)
"NoNetConnectDisconnect"=0 (0x0)
"NoDeletePrinter"=0 (0x0)
"NoAddPrinter"=0 (0x0)
"NoPrinterTabs"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [03/13/2006 12:11 PM 233472]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mnm_7_bta]
C:\Program Files\GlobeSoft\MultiNetwork Manager\NTx\MNMEventNotify.dll 09/14/2006 07:32 AM 45056 C:\Program Files\GlobeSoft\MultiNetwork Manager\NTx\MNMEventNotify.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 nwv1_0

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1232934697-1086943095-315576832-427174\Scripts\Logon\0\0]
"Script"=SiteFinder.vbs

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 Pml Driver HPZ12 Net Driver HPZ12

*Newly Created Service* - ORACLEMTSRECOVERYSERVICE
*Newly Created Service* - ORACLEORAHOME92CLIENTCACHE
*Newly Created Service* - RKPAVPROC
*Newly Created Service* - SDTHOOK
*Newly Created Service* - SHPYTIKEIYYP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{EEBF9CA6-567B-41cd-B5F6-EF2C7FEF37B5}]
rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmactedp.inf,PerUserStub

-- Hosts -----------------------------------------------------------------------

127.0.0.1 1.httpdads.com #SpySweeperCASS
127.0.0.1 207-87-18-203.wsmg.digex.net #SpySweeperCASS
127.0.0.1 a.mktw.net #SpySweeperCASS
127.0.0.1 a.tribalfusion.com #SpySweeperCASS
127.0.0.1 a207.p.f.qz3.net #SpySweeperCASS
127.0.0.1 a3.suntimes.com #SpySweeperCASS
127.0.0.1 actionsplash.com #SpySweeperCASS
127.0.0.1 ad.abcnews.com #SpySweeperCASS
127.0.0.1 ad.adsmart.net #SpySweeperCASS
127.0.0.1 ad.adtraq.com #SpySweeperCASS

689 more entries in hosts file.

-- End of Deckard's System Scanner: finished at 2008-02-29 06:36:11 ------------

msc1 · 03-01-2008, 07:14 PM

Bump. Also, when I posted the log, I notice Viewpoint so I have uninstalled that.

03-01-2008, 07:14 PM	#2 (permalink)
msc1 Registered User Join Date: Feb 2008 Posts: 2 OS: XP	Re: Rapidly dimishing disk space Bump. Also, when I posted the log, I notice Viewpoint so I have uninstalled that.