|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| Resolved HJT Threads Resolved spyware and popup issues. |
|
|
LinkBack | Thread Tools |
10-15-2007, 08:11 PM
|
#41 (permalink) |
|
Registered User
Join Date: Oct 2007
Posts: 53
OS: xp
|
Re: slimsay's thread
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:08:57 PM, on 10/14/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Eset\Eset Smart Security\ekrn.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\Protexis\License Service\PSIService.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\VTTimer.exe C:\WINDOWS\system32\VTtrayp.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\Eset\Eset Smart Security\egui.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.windowsxlive.net R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file) O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll (file missing) O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe" O4 - HKLM\..\Run: [capfasem] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe O4 - HKLM\..\Run: [cafwc] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe -cl O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe" O4 - HKLM\..\Run: [egui] "C:\Program Files\Eset\Eset Smart Security\egui.exe" /hide /waitservice O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [ViStart] C:\Program Files\ViStart\ViStart.exe O4 - HKCU\..\RunOnce: [] C:\PROGRA~1\MOZILL~1\FIREFOX.EXE http://www.symantec.com/techsupp/ser...00096.000001da O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe O23 - Service: DefWatch - Unknown owner - C:\Program Files\NavNT\defwatch.exe (file missing) O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\Eset\Eset Smart Security\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - Eset - C:\Program Files\Eset\Eset Smart Security\ekrn.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing) O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Unknown owner - C:\Program Files\NavNT\rtvscan.exe (file missing) O23 - Service: ProtexisLicensing - Unknown owner - C:\Program Files\Common Files\Protexis\License Service\PSIService.exe O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe O23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- End of file - 9957 bytes |
|
     |
| Important Information |
|
Join the #1 Tech Support Forum Today - It's Totally Free!
TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free. Join TechSupportforum.com Today - Click Here |
|
10-15-2007, 09:14 PM
|
#42 (permalink) |
|
Security Team (ret.)
Join Date: Nov 2003
Location: Victoria.Australia
Posts: 7,404
OS: XP Pro SP3
|
Re: slimsay's thread
Nothing from the ADS spy log ????
You should be able to remove Nortons via your Add/Remove along with CA..it is there.If you have problems try this: This should help uninstall Nortons.. http://service1.symantec.com/SUPPORT...05033108162039 Will you post the C:\ComboFix-quarantined-files.txt ... 2007-10-14 20:49
__________________
Eddy Last edited by Pancake; 10-15-2007 at 09:41 PM. |
|
|
|
|
10-15-2007, 11:02 PM
|
#46 (permalink) |
|
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
Join Date: Jan 2005
Location: Ohio
Posts: 26,804
OS: WinXP and Vista
|
Re: slimsay's thread
Hello slimsay,
 When you navigate to C:\ you'll see the following reports: C:\ComboFix.txt C:\ComboFix-quarantined-files.txt C:\ComboFix2.txt ... 2007-10-14 02:10 C:\ComboFix3.txt ... 2007-10-13 23:04 What we're looking for is the C:\ComboFix-quarantined-files.txt ------------------------------------ Do you remember what version of Norton that is? What year? |
|
|
|
|
10-16-2007, 05:50 AM
|
#48 (permalink) |
|
Registered User
Join Date: Oct 2007
Posts: 53
OS: xp
|
Re: slimsay's thread
im gonna post what have in my c drive ok, dont kno which one you want
Code:
2007-08-25 18:52 16 --a------ C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\Settings\s_pid.dat.vir
2007-08-25 18:53 1024 --a------ C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\History\search2.vir
2007-09-14 22:06 240240 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\wpcap.dll.vir
2007-09-14 22:06 42512 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\npf.sys.vir
2007-09-14 22:06 88704 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\packet.dll.vir
2007-09-28 12:16 446976 --a------ C:\Qoobox\Quarantine\C\Program Files\Common Files\Yazzle1848OinUninstaller.exe.vir
2007-10-06 23:02 47357 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\Keygen.exe.vir
2007-10-06 23:09 446976 --a------ C:\Qoobox\Quarantine\C\Program Files\STEM~1\tracert.exe.vir
2007-10-06 23:10 487424 --a------ C:\Qoobox\Quarantine\C\Program Files\Common Files\CROSOF~1.NET\?ti2evxx.exe.vir
2007-10-07 13:56 304017 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\hjkmp.tmp.vir
2007-10-07 13:58 304017 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\hjkmp.ini.vir
2007-10-08 06:46 693532 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\yesxjjkv.ini.vir
2007-10-08 06:46 7415 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\hjkmp.bak1.vir
2007-10-08 07:34 2036 --a------ C:\Qoobox\Quarantine\Registry_backups\services_NPF.reg.dat
2007-10-08 07:34 304077 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\hjkmp.ini2.vir
2007-10-08 07:35 152 --a------ C:\Qoobox\Quarantine\catchme.log
2007-10-08 16:48 77376 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\oumkgqmg.dll.vir
2007-10-08 18:31 216561 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\hjkmp.bak2.vir
2007-10-08 18:33 63 --a------ C:\Qoobox\Quarantine\C\WINDOWS\cookies.ini.vir
2007-10-08 18:42 77376 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\ijslfowg.dll.vir
Folder PATH listing
Volume serial number is 9C7B-B5CF
C:\QOOBOX\QUARANTINE
| catchme.log
|
+---C
| +---Program Files
| | +---Common Files
| | | | Yazzle1848OinUninstaller.exe.vir
| | | |
| | | \---CROSOF~1.NET
| | | ?ti2evxx.exe.vir
| | |
| | +---MyWebSearch
| | | \---bar
| | | +---History
| | | | search2.vir
| | | |
| | | \---Settings
| | | s_pid.dat.vir
| | |
| | \---STEM~1
| | tracert.exe.vir
| |
| \---WINDOWS
| | cookies.ini.vir
| |
| \---system32
| | hjkmp.bak1.vir
| | hjkmp.bak2.vir
| | hjkmp.ini.vir
| | hjkmp.ini2.vir
| | hjkmp.tmp.vir
| | ijslfowg.dll.vir
| | Keygen.exe.vir
| | oumkgqmg.dll.vir
| | packet.dll.vir
| | wpcap.dll.vir
| | yesxjjkv.ini.vir
| |
| \---drivers
| npf.sys.vir
|
\---Registry_backups
services_NPF.reg.dat
|
|
|
|
|
10-16-2007, 08:03 AM
|
#49 (permalink) |
|
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
Join Date: Jan 2005
Location: Ohio
Posts: 26,804
OS: WinXP and Vista
|
Re: slimsay's thread
Please copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.
It's important to carry out the instructions in the sequence listed below. *************************************************** Delete your existing ComboFix.exe. Download an updated version from here --> http://download.bleepingcomputer.com...a/ComboFix.exe and save it to your desktop. **Note: It is important that it is saved directly to your desktop** -------------------------------------------------------------------- Download the attached slimsay.zip file to your desktop. Do not run it yet. -------------------------------------------------------------------- Close any open browsers. -------------------------------------------------------------------- Open HijackThis and click on 'Do a System Scan Only'. 'Check' the following entries: R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file) O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll (file missing) O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe" O4 - HKLM\..\Run: [capfasem] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe O4 - HKLM\..\Run: [cafwc] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe -cl O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe" O4 - HKCU\..\RunOnce: [] C:\PROGRA~1\MOZILL~1\FIREFOX.EXE http://www.symantec.com/techsupp/ser...00096.000001da Click 'Fix Checked' and close HijackThis. -------------------------------------------------------------------- Double click on the slimsay.zip folder, then double click on the .reg file within. It should look like this:  .Click yes to allow it to merge into your registry. -------------------------------------------------------------------- Insert any thumb/flash drives you have. -------------------------------------------------------------------- Double click on combofix.exe & follow the prompts.
Note: Do not mouseclick combofix's window while it's running. That may cause it to stall -------------------------------------------------------------------- Please run dss.exe again, but use these instructions: Click Start>Select 'Run' - then copy/paste the following text into the run box & click OK "%userprofile%\desktop\dss.exe" /config Click on "Check All" Click Scan! When finished, it shall produce main.txt and extra.txt for you. -------------------------------------------------------------------- Please include the following reports in your next reply: C:\ComboFix.txt main.txt extra.txt Also, please answer these questions: 1. Do you have the install disc for CA Internet Security? 2. Norton AntiVirus Corporate Edition is listed in your Add/Remove programs. What happens when you try to remove it via that panel? Last edited by Ried; 09-21-2009 at 08:52 AM. |
|
|
|
|
10-16-2007, 05:55 PM
|
#50 (permalink) |
|
Registered User
Join Date: Oct 2007
Posts: 53
OS: xp
|
Re: slimsay's thread
ComboFix 07-10-16.1 - randy 2007-10-16 18:36:19.10 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.143 [GMT -8:00] Running from: C:\Documents and Settings\randy\Desktop\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((( Files Created from 2007-09-17 to 2007-10-17 ))))))))))))))))))))))))))))))) . 2007-10-14 02:26 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab 2007-10-14 02:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab 2007-10-14 00:42 131,072 --a------ C:\WINDOWS\system32\dzip32.dll 2007-10-14 00:42 110,592 --a------ C:\WINDOWS\system32\dunzip32.dll 2007-10-14 00:41 <DIR> d-------- C:\Program Files\Windows Media Bonus Pack for Windows XP 2007-10-13 23:56 <DIR> d-------- C:\Program Files\Rainy Screensaver 2007-10-13 23:56 1,175,700 --a------ C:\WINDOWS\system32\RainySs.scr 2007-10-13 18:22 <DIR> d-------- C:\Documents and Settings\randy\Application Data\Eset 2007-10-13 17:38 <DIR> d-------- C:\WINDOWS\system32\eScan 2007-10-13 17:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Eset 2007-10-13 11:10 52,496 --a------ C:\WINDOWS\system32\drivers\tmactmon.sys 2007-10-13 11:10 52,368 --a------ C:\WINDOWS\system32\drivers\tmevtmgr.sys 2007-10-13 11:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Trend Micro 2007-10-13 11:03 <DIR> d-------- C:\WINDOWS\SxsCaPendDel 2007-10-13 09:59 51,200 --a------ C:\WINDOWS\nircmd.exe 2007-10-12 22:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Symantec 2007-10-12 21:01 <DIR> d-------- C:\WINDOWS\system32\CBA 2007-10-12 20:28 1,079 --a------ C:\smbios.bin 2007-10-10 09:47 <DIR> d-------- C:\Documents and Settings\randy\Application Data\BitDefender 2007-10-10 07:38 <DIR> d-------- C:\Documents and Settings\randy\Downloads 2007-10-10 01:18 <DIR> d-------- C:\Documents and Settings\randy\Application Data\CheckPoint 2007-10-10 01:17 <DIR> d-------- C:\Program Files\CheckPoint 2007-10-09 13:16 <DIR> d-------- C:\Program Files\Sun 2007-10-09 13:08 <DIR> d-------- C:\Program Files\Java 2007-10-09 13:07 <DIR> d-------- C:\Program Files\Common Files\Java 2007-10-09 01:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier 2007-10-09 01:20 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll 2007-10-09 00:22 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll 2007-10-08 23:43 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat 2007-10-08 23:42 <DIR> d-------- C:\WINDOWS\system32\ZoneLabs 2007-10-08 23:41 <DIR> d-------- C:\WINDOWS\Internet Logs 2007-10-08 23:24 <DIR> d-------- C:\Program Files\SpywareBlaster 2007-10-08 22:39 <DIR> d-------- C:\Program Files\CCleaner 2007-10-08 18:32 <DIR> d-------- C:\WINDOWS\system32\ActiveScan 2007-10-08 12:32 <DIR> d-------- C:\VundoFix Backups 2007-10-07 15:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files 2007-10-07 14:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SiteAdvisor 2007-10-07 13:47 <DIR> d-------- C:\Documents and Settings\randy\Application Data\SiteAdvisor 2007-10-07 13:17 2,977,792 --------- C:\WINDOWS\UNNMP.exe 2007-10-07 13:13 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe 2007-10-07 13:10 2,977,792 --------- C:\WINDOWS\UNNeroVision.exe 2007-10-07 13:10 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll 2007-10-07 13:10 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll 2007-10-07 13:10 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll 2007-10-07 13:10 364,544 --------- C:\WINDOWS\system32\TwnLib4.dll 2007-10-07 13:10 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll 2007-10-07 13:10 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll 2007-10-07 13:10 38,912 --------- C:\WINDOWS\system32\picn20.dll 2007-10-06 22:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet 2007-10-04 23:16 <DIR> d-------- C:\WINDOWS\config 2007-10-04 15:01 <DIR> d-------- C:\Program Files\Real Desktop 2007-10-04 15:01 <DIR> d-------- C:\Documents and Settings\randy\Application Data\FogelSoft 2007-10-03 23:36 <DIR> d-------- C:\Program Files\SuperBladePro 2007-10-03 22:35 <DIR> d-------- C:\Deckard 2007-10-03 22:07 0 --a------ C:\WINDOWS\nsreg.dat 2007-10-01 14:23 4,912 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd 2007-10-01 11:54 <DIR> d-------- C:\Program Files\Windows Live 2007-09-30 14:35 <DIR> d-------- C:\Program Files\ViStart 2007-09-29 18:06 <DIR> d-------- C:\Program Files\XP Repair Pro 2007 2007-09-29 17:57 <DIR> d-------- C:\Program Files\XPRepairPro2006 2007-09-28 14:01 <DIR> d-------- C:\Documents and Settings\randy\Application Data\Leadertech 2007-09-28 01:35 81,984 --a------ C:\WINDOWS\system32\bdod.bin 2007-09-27 00:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee 2007-09-26 18:59 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll 2007-09-26 18:53 <DIR> d-------- C:\Program Files\Windows Desktop Search 2007-09-26 18:52 192,000 -----c--- C:\WINDOWS\system32\dllcache\offfilt.dll 2007-09-26 18:52 98,304 -----c--- C:\WINDOWS\system32\dllcache\nlhtml.dll 2007-09-26 18:49 <DIR> d-------- C:\Program Files\Microsoft SQL Server Compact Edition 2007-09-26 18:46 <DIR> d-------- C:\Program Files\Windows Live Toolbar 2007-09-26 10:49 <DIR> d-------- C:\Documents and Settings\randy\Application Data\???????sAppData 2007-09-26 07:11 <DIR> d-------- C:\Program Files\Formosoft 2007-09-26 07:11 1,032,192 --a------ C:\WINDOWS\AquaReal.scr 2007-09-26 07:11 131,072 --a------ C:\WINDOWS\SNVerifyDLL.dll 2007-09-26 06:54 <DIR> d-------- C:\Program Files\3D Fish School 3 2007-09-26 06:54 4,770,816 --a------ C:\WINDOWS\3D Fish School 3.scr 2007-09-26 06:54 118,784 --a------ C:\WINDOWS\dx7ogl32.dll 2007-09-24 21:15 249,856 --------- C:\WINDOWS\Setup1.exe 2007-09-24 21:15 73,216 --a------ C:\WINDOWS\ST6UNST.EXE 2007-09-24 14:46 <DIR> d-------- C:\Program Files\AIMP2 2007-09-21 09:17 52,232 --a------ C:\WINDOWS\system32\drivers\epfwtdi.sys 2007-09-21 09:17 50,184 --a------ C:\WINDOWS\system32\drivers\epfw.sys 2007-09-21 09:17 30,728 --a------ C:\WINDOWS\system32\drivers\epfwndis.sys 2007-09-21 09:15 33,288 --a------ C:\WINDOWS\system32\drivers\eamon.sys 2007-09-21 09:15 25,096 --a------ C:\WINDOWS\system32\drivers\easdrv.sys 2007-09-19 19:21 <DIR> d-------- C:\Program Files\Microsoft Encarta 2007-09-18 19:52 <DIR> d-------- C:\Documents and Settings\randy\Application Data\Symantec 2007-09-18 00:29 1,126,328 --a------ C:\WINDOWS\system32\drivers\vsapint.sys 2007-09-18 00:29 203,024 --a------ C:\WINDOWS\system32\drivers\tmxpflt.sys 2007-09-18 00:29 65,936 --a------ C:\WINDOWS\system32\drivers\tmtdi.sys 2007-09-18 00:29 36,112 --a------ C:\WINDOWS\system32\drivers\tmpreflt.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-10-17 01:31 64 ----a-w C:\WINDOWS\system32\drivers\kmxcfg.u2k7 2007-10-17 01:31 64 ----a-w C:\WINDOWS\system32\drivers\kmxcfg.u2k6 2007-10-17 01:31 64 ----a-w C:\WINDOWS\system32\drivers\kmxcfg.u2k5 2007-10-17 01:31 64 ----a-w C:\WINDOWS\system32\drivers\kmxcfg.u2k4 2007-10-17 01:31 64 ----a-w C:\WINDOWS\system32\drivers\kmxcfg.u2k3 2007-10-17 01:31 64 ----a-w C:\WINDOWS\system32\drivers\kmxcfg.u2k2 2007-10-17 01:31 64 ----a-w C:\WINDOWS\system32\drivers\kmxcfg.u2k1 2007-10-17 01:31 64 ----a-w C:\WINDOWS\system32\drivers\kmxcfg.u2k0 2007-10-16 14:35 --------- d-----w C:\Documents and Settings\randy\Application Data\uTorrent 2007-10-13 19:10 --------- d-----w C:\Program Files\Trend Micro 2007-10-13 19:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help 2007-10-13 17:35 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2007-10-13 08:47 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF 2007-10-13 08:47 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT 2007-10-13 07:52 --------- d-----w C:\Program Files\Xilisoft 2007-10-11 00:31 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-10-09 05:11 --------- d-----w C:\Program Files\Common Files\Adobe 2007-10-08 07:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\Downloaded Installations 2007-10-07 21:17 --------- d-----w C:\Program Files\Ahead 2007-10-07 21:09 --------- d-----w C:\Program Files\Common Files\Ahead 2007-10-04 23:01 --------- d-----w C:\Program Files\Windows Live Safety Center 2007-10-04 23:01 --------- d-----w C:\Program Files\OneStepSearch 2007-10-04 23:01 --------- d-----w C:\Documents and Settings\randy\Application Data\dvdcss 2007-10-04 23:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\WindowsLiveInstaller 2007-10-01 22:40 72,074 ----a-w C:\WINDOWS\BricoPackUninst.cmd 2007-10-01 19:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller 2007-09-28 20:24 --------- d-----w C:\Program Files\Windows Media Connect 2 2007-09-26 18:49 --------- d-----w C:\Documents and Settings\randy\Application Data\???????sAppData 2007-09-26 15:08 --------- d-----w C:\Program Files\Common Files\InstallShield 2007-09-20 04:12 --------- d-----w C:\Program Files\Yahoo! 2007-09-20 04:12 --------- d-----w C:\Program Files\Common Files\Scanner 2007-09-19 07:37 --------- d-----w C:\Program Files\SUPERAntiSpyware 2007-09-19 07:37 --------- d-----w C:\Documents and Settings\randy\Application Data\SUPERAntiSpyware.com 2007-09-18 08:29 138,512 ----a-w C:\WINDOWS\system32\drivers\tmcomm.sys 2007-09-18 01:05 --------- d-----w C:\Documents and Settings\randy\Application Data\Apple Computer 2007-09-15 06:59 --------- d-----w C:\Program Files\MSBuild 2007-09-15 06:59 --------- d-----w C:\Program Files\Microsoft Works 2007-09-15 06:56 --------- d-----w C:\Program Files\Microsoft.NET 2007-09-15 06:43 --------- d-----w C:\Program Files\Microsoft Visual Studio 8 2007-09-15 06:27 --------- d-----w C:\Program Files\PowerISO 2007-09-15 06:06 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2007-09-14 21:08 --------- d-----w C:\Program Files\Apple Software Update 2007-09-14 17:51 --------- d-----w C:\Program Files\Microsoft Silverlight 2007-09-08 04:16 --------- d-----w C:\Documents and Settings\randy\Application Data\MSN6 2007-09-08 04:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\MSN6 2007-09-03 17:18 --------- d-----w C:\Program Files\uTorrent 2007-08-29 23:16 359,808 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys 2007-08-29 21:42 --------- d-----w C:\Program Files\DivX 2007-08-29 21:02 --------- d-----w C:\Documents and Settings\randy\Application Data\Yahoo! 2007-08-29 21:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! 2007-08-28 07:16 --------- d-----w C:\Program Files\Common Files\Download Manager 2007-08-28 01:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion 2007-08-27 06:48 --------- d-----w C:\Program Files\Flash N Burn 2007-08-26 05:26 --------- d-----w C:\Documents and Settings\randy\Application Data\AIMP 2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll 2007-07-31 02:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll 2007-07-31 02:19 68,440 ----a-w C:\WINDOWS\system32\wuauclt.exe 2007-07-31 02:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll 2007-07-31 02:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll 2007-07-31 02:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll 2007-07-31 02:19 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll 2007-07-31 02:19 207,736 ----a-w C:\WINDOWS\system32\muweb.dll 2007-07-31 02:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll 2007-07-31 02:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll 2007-07-31 02:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll 2007-07-26 23:06 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll 2007-07-26 23:06 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll . ((((((((((((((((((((((((((((( snapshot@2007-10-08_10.22.12.82 ))))))))))))))))))))))))))))))))))))))))) . + 2006-08-24 16:28:54 141,424 ----a-w C:\WINDOWS\Downloaded Program Files\asinst.dll + 2007-06-27 14:34:51 124,928 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\advpack.dll + 2006-10-17 18:57:50 214,528 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\dxtrans.dll + 2007-06-27 14:34:51 132,608 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\extmgr.dll + 2006-10-17 18:58:20 61,952 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\icardie.dll + 2007-06-27 08:27:04 63,488 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\ie4uinit.exe + 2007-06-27 14:34:51 153,088 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\ieakeng.dll + 2007-06-27 14:34:51 230,400 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\ieaksie.dll + 2007-06-27 07:00:33 161,792 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\ieakui.dll + 2007-06-27 14:34:51 383,488 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\ieapfltr.dll + 2007-06-27 14:34:51 384,512 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\iedkcs32.dll + 2007-06-27 14:34:55 6,058,496 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\ieframe.dll + 2007-06-27 14:34:55 44,544 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\iernonce.dll + 2007-06-27 14:34:55 267,776 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\iertutil.dll + 2007-06-27 08:27:05 13,824 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\ieudinit.exe + 2007-06-27 08:27:30 625,152 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\iexplore.exe + 2007-06-27 14:34:56 27,648 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\jsproxy.dll + 2007-06-27 14:34:56 459,264 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\msfeeds.dll + 2007-06-27 14:34:56 52,224 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\msfeedsbs.dll + 2007-07-19 06:59:59 3,856,384 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\mshtml.dll + 2007-06-27 14:34:57 477,696 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\mshtmled.dll + 2007-06-27 14:34:58 193,024 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\msrating.dll + 2007-06-27 14:34:58 671,232 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\mstime.dll + 2007-06-27 14:34:58 163,840 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\occache.dll + 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe + 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\updspapi.dll + 2007-06-27 14:34:58 62,464 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\url.dll + 2007-06-27 14:34:58 1,225,728 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\urlmon.dll + 2007-06-27 14:34:59 393,728 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\webcheck.dll + 2007-06-27 14:34:59 814,592 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\wininet.dll - 2007-09-19 18:40:11 1,165,584 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe + 2007-10-09 09:07:43 1,165,584 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe - 2007-09-19 18:40:15 20,240 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe + 2007-10-09 09:07:44 20,240 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe - 2007-09-19 18:40:11 159,504 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe + 2007-10-09 09:07:43 159,504 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe - 2007-09-19 18:40:12 184,080 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe + 2007-10-09 09:07:44 184,080 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe - 2007-09-19 18:40:15 217,864 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe + 2007-10-09 09:07:44 217,864 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe - 2007-09-19 18:40:15 18,704 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe + 2007-10-09 09:07:44 18,704 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe - 2007-09-19 18:40:15 35,088 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe + 2007-10-09 09:07:44 35,088 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe - 2007-09-19 18:40:14 845,584 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe + 2007-10-09 09:07:44 845,584 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe - 2007-09-19 18:40:14 922,384 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe + 2007-10-09 09:07:44 922,384 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe - 2007-09-19 18:40:15 272,648 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe + 2007-10-09 09:07:44 272,648 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe - 2007-09-19 18:40:15 888,080 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe + 2007-10-09 09:07:44 888,080 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe - 2007-09-19 18:40:11 1,172,240 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe + 2007-10-09 09:07:43 1,172,240 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe + 2007-10-14 02:22:28 22,862 ----a-r C:\WINDOWS\Installer\{C23C7DB5-9598-495C-A44A-175ED4927528}\controlPanelIcon.exe + 2007-10-14 02:22:28 10,134 ----a-r C:\WINDOWS\Installer\{C23C7DB5-9598-495C-A44A-175ED4927528}\SystemFolder_msiexec.exe + 2007-09-18 08:29:54 96,256 ----a-w C:\WINDOWS\Installer\atl80.dll + 2007-09-18 08:29:54 156,936 ----a-w C:\WINDOWS\Installer\libexpat.dll + 2007-09-18 08:29:54 1,101,824 ----a-w C:\WINDOWS\Installer\mfc80.dll + 2007-09-18 08:29:54 1,093,120 ----a-w C:\WINDOWS\Installer\mfc80u.dll + 2007-09-18 08:29:54 69,632 ----a-w C:\WINDOWS\Installer\mfcm80.dll + 2007-09-18 08:29:54 57,856 ----a-w C:\WINDOWS\Installer\mfcm80u.dll + 2007-09-18 08:29:54 479,232 ----a-w C:\WINDOWS\Installer\msvcm80.dll + 2007-09-18 08:29:54 548,864 ----a-w C:\WINDOWS\Installer\msvcp80.dll + 2007-09-18 08:29:54 626,688 ----a-w C:\WINDOWS\Installer\msvcr80.dll + 2007-09-18 08:29:54 124,168 ----a-w C:\WINDOWS\Installer\TmDbg32.dll + 2007-03-29 17:20:50 110,592 ----a-w C:\WINDOWS\system32\ActiveScan\as.dll + 2006-10-06 00:15:26 233,472 ----a-w C:\WINDOWS\system32\ActiveScan\ascontrol.dll + 2005-06-03 22:03:18 96,256 ----a-w C:\WINDOWS\system32\ActiveScan\asmdat.dll + 2003-08-01 19:00:16 36,864 ----a-w C:\WINDOWS\system32\ActiveScan\certdll.dll + 2005-05-20 21:42:44 86,016 ----a-w C:\WINDOWS\system32\ActiveScan\instlsp.dll + 2006-02-17 02:20:20 4,608 ----a-w C:\WINDOWS\system32\ActiveScan\memvfile.dll + 2005-10-26 02:08:32 348,160 ----a-w C:\WINDOWS\system32\ActiveScan\msvcr71.dll + 2004-05-04 23:01:02 139,264 ----a-w C:\WINDOWS\system32\ActiveScan\pavaleas.dll + 2006-07-14 21:04:10 45,056 ----a-w C:\WINDOWS\system32\ActiveScan\pavdr.exe + 2006-04-10 18:50:02 159,832 ----a-w C:\WINDOWS\system32\ActiveScan\pavexcom.dll + 2006-02-14 21:05:38 94,208 ----a-w C:\WINDOWS\system32\ActiveScan\pavinas.dll + 2006-02-17 02:35:38 180,224 ----a-w C:\WINDOWS\system32\ActiveScan\pavoe.dll + 2006-10-06 00:15:38 122,880 ----a-w C:\WINDOWS\system32\ActiveScan\pavpz.dll + 2006-06-30 22:13:38 8,704 ----a-w C:\WINDOWS\system32\ActiveScan\pfdnnt.exe + 2004-02-04 22:08:42 49,152 ----a-w C:\WINDOWS\system32\ActiveScan\port32.dll + 2006-08-01 21:23:10 69,632 ----a-w C:\WINDOWS\system32\ActiveScan\pscpu.dll + 2006-08-23 21  08 1,388,544 ----a-w C:\WINDOWS\system32\ActiveScan\pskahk.dll+ 2006-08-17 19:38:14 10,752 ----a-w C:\WINDOWS\system32\ActiveScan\pskalloc.dll + 2006-09-04 19:49:54 61,440 ----a-w C:\WINDOWS\system32\ActiveScan\pskas.dll + 2006-08-18 16:46:18 779,264 ----a-w C:\WINDOWS\system32\ActiveScan\pskavs.dll + 2007-03-26 22:25:34 417,792 ----a-w C:\WINDOWS\system32\ActiveScan\pskcmp.dll + 2006-08-09 18:42:24 90,112 ----a-w C:\WINDOWS\system32\ActiveScan\pskfss.dll + 2006-07-19 18:55:58 208,896 ----a-w C:\WINDOWS\system32\ActiveScan\pskhtml.dll + 2006-01-21 00:57:00 9,728 ----a-w C:\WINDOWS\system32\ActiveScan\pskmas.dll + 2006-05-17 17:50:12 14,336 ----a-w C:\WINDOWS\system32\ActiveScan\pskmdfs.dll + 2006-08-16 18:58:12 33,280 ----a-w C:\WINDOWS\system32\ActiveScan\pskpack.dll + 2006-06-30 22:42:36 266,240 ----a-w C:\WINDOWS\system32\ActiveScan\pskscs.dll + 2006-08-17 22:33:14 62,976 ----a-w C:\WINDOWS\system32\ActiveScan\pskutil.dll + 2006-08-08 21:13:10 13,312 ----a-w C:\WINDOWS\system32\ActiveScan\pskvfile.dll + 2006-08-18 16:53:08 69,632 ----a-w C:\WINDOWS\system32\ActiveScan\pskvfs.dll + 2006-08-18 16:49:50 167,936 ----a-w C:\WINDOWS\system32\ActiveScan\pskvm.dll + 2007-04-19 01:16:04 353,840 ----a-w C:\WINDOWS\system32\ActiveScan\psscan.dll + 2007-01-22 22:42:48 35,328 ----a-w C:\WINDOWS\system32\ActiveScan\rawvfile.dll + 1997-09-18 14:12:32 9,488 ----a-w C:\WINDOWS\system32\ActiveScan\sporder.dll + 2006-03-01 01:23:40 69,632 ----a-w C:\WINDOWS\system32\ActiveScan\tcpvfile.dll - 2007-06-27 14:34:51 124,928 ----a-w C:\WINDOWS\system32\advpack.dll + 2007-08-20 10:04:34 124,928 ----a-w C:\WINDOWS\system32\advpack.dll + 2006-08-02 20:39:06 73,728 ----a-w C:\WINDOWS\system32\asuninst.exe + 2000-09-19 01:16:20 13,824 ----a-w C:\WINDOWS\system32\cba.dll - 2007-10-08 01:07:11 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat + 2007-10-10 16:59:56 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat - 2007-10-08 01:07:11 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat + 2007-10-10 16:59:56 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat - 2007-10-08 01:07:11 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat + 2007-10-10 16:59:56 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat - 2007-06-27 14:34:51 124,928 -c----w C:\WINDOWS\system32\dllcache\advpack.dll + 2007-08-20 10:04:34 124,928 -c----w C:\WINDOWS\system32\dllcache\advpack.dll - 2006-10-17 18:57:50 214,528 -c----w C:\WINDOWS\system32\dllcache\dxtrans.dll + 2007-08-20 10:04:34 214,528 -c----w C:\WINDOWS\system32\dllcache\dxtrans.dll - 2007-06-27 14:34:51 132,608 -c----w C:\WINDOWS\system32\dllcache\extmgr.dll + 2007-08-20 10:04:34 132,608 -c----w C:\WINDOWS\system32\dllcache\extmgr.dll + 2007-08-20 10:04:34 63,488 -c----w C:\WINDOWS\system32\dllcache\icardie.dll - 2007-06-27 08:27:04 63,488 -c----w C:\WINDOWS\system32\dllcache\ie4uinit.exe + 2007-08-17 10:20:54 63,488 -c----w C:\WINDOWS\system32\dllcache\ie4uinit.exe - 2007-06-27 14:34:51 153,088 -c----w C:\WINDOWS\system32\dllcache\ieakeng.dll + 2007-08-20 10:04:34 153,088 -c----w C:\WINDOWS\system32\dllcache\ieakeng.dll - 2007-06-27 14:34:51 230,400 -c----w C:\WINDOWS\system32\dllcache\ieaksie.dll + 2007-08-20 10:04:35 230,400 -c----w C:\WINDOWS\system32\dllcache\ieaksie.dll - 2007-06-27 07:00:33 161,792 -c--a-w C:\WINDOWS\system32\dllcache\ieakui.dll + 2007-08-17 07:34:25 161,792 -c--a-w C:\WINDOWS\system32\dllcache\ieakui.dll - 2007-06-27 14:34:51 383,488 -c----w C:\WINDOWS\system32\dllcache\ieapfltr.dll + 2007-08-20 10:04:35 383,488 -c----w C:\WINDOWS\system32\dllcache\ieapfltr.dll - 2007-06-27 14:34:51 384,512 -c----w C:\WINDOWS\system32\dllcache\iedkcs32.dll + 2007-08-20 10:04:35 384,512 -c----w C:\WINDOWS\system32\dllcache\iedkcs32.dll - 2007-06-27 14:34:55 6,058,496 -c----w C:\WINDOWS\system32\dllcache\ieframe.dll + 2007-08-20 10:04:37 6,058,496 -c----w C:\WINDOWS\system32\dllcache\ieframe.dll - 2007-06-27 14:34:55 44,544 -c----w C:\WINDOWS\system32\dllcache\iernonce.dll + 2007-08-20 10:04:38 44,544 -c----w C:\WINDOWS\system32\dllcache\iernonce.dll - 2007-06-27 14:34:55 267,776 -c----w C:\WINDOWS\system32\dllcache\iertutil.dll + 2007-08-20 10:04:38 267,776 -c----w C:\WINDOWS\system32\dllcache\iertutil.dll - 2007-06-27 08:27:05 13,824 -c----w C:\WINDOWS\system32\dllcache\ieudinit.exe + 2007-08-17 10:20:54 13,824 -c----w C:\WINDOWS\system32\dllcache\ieudinit.exe - 2007-06-27 08:27:30 625,152 -c--a-w C:\WINDOWS\system32\dllcache\iexplore.exe + 2007-08-17 10:21:21 625,152 -c--a-w C:\WINDOWS\system32\dllcache\iexplore.exe - 2007-05-16 15:12:02 683,520 -c----w C:\WINDOWS\system32\dllcache\inetcomm.dll + 2007-08-21 06:15:44 683,520 -c----w C:\WINDOWS\system32\dllcache\inetcomm.dll - 2007-06-27 14:34:56 27,648 -c----w C:\WINDOWS\system32\dllcache\jsproxy.dll + 2007-08-20 10:04:39 27,648 -c----w C:\WINDOWS\system32\dllcache\jsproxy.dll - 2007-06-27 14:34:56 459,264 -c----w C:\WINDOWS\system32\dllcache\msfeeds.dll + 2007-08-20 10:04:39 459,264 -c----w C:\WINDOWS\system32\dllcache\msfeeds.dll - 2007-06-27 14:34:56 52,224 -c----w C:\WINDOWS\system32\dllcache\msfeedsbs.dll + 2007-08-20 10:04:39 52,224 -c----w C:\WINDOWS\system32\dllcache\msfeedsbs.dll - 2007-07-19 06:59:59 3,583,488 -c----w C:\WINDOWS\system32\dllcache\mshtml.dll + 2007-08-20 10:04:41 3,584,512 -c----w C:\WINDOWS\system32\dllcache\mshtml.dll - 2007-06-27 14:34:57 477,696 -c----w C:\WINDOWS\system32\dllcache\mshtmled.dll + 2007-08-20 10:04:41 477,696 -c----w C:\WINDOWS\system32\dllcache\mshtmled.dll - 2007-06-27 14:34:58 193,024 -c----w C:\WINDOWS\system32\dllcache\msrating.dll + 2007-08-20 10:04:41 193,024 -c----w C:\WINDOWS\system32\dllcache\msrating.dll - 2007-06-27 14:34:58 671,232 -c----w C:\WINDOWS\system32\dllcache\mstime.dll + 2007-08-20 10:04:42 671,232 -c----w C:\WINDOWS\system32\dllcache\mstime.dll - 2007-06-27 14:34:58 102,400 -c--a-w C:\WINDOWS\system32\dllcache\occache.dll + 2007-08-20 10:04:42 102,400 -c--a-w C:\WINDOWS\system32\dllcache\occache.dll - 2007-06-27 14:34:58 105,984 -c----w C:\WINDOWS\system32\dllcache\url.dll + 2007-08-20 10:04:42 105,984 -c----w C:\WINDOWS\system32\dllcache\url.dll - 2007-06-27 14:34:58 1,152,000 -c----w C:\WINDOWS\system32\dllcache\urlmon.dll + 2007-08-20 10:04:42 1,152,000 -c----w C:\WINDOWS\system32\dllcache\urlmon.dll - 2007-06-27 14:34:59 232,960 -c----w C:\WINDOWS\system32\dllcache\webcheck.dll + 2007-08-20 10:04:42 232,960 -c----w C:\WINDOWS\system32\dllcache\webcheck.dll - 2007-06-27 14:34:59 823,808 -c----w C:\WINDOWS\system32\dllcache\wininet.dll + 2007-08-20 10:04:43 824,832 -c----w C:\WINDOWS\system32\dllcache\wininet.dll - 2006-10-17 18:57:50 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll + 2007-08-20 10:04:34 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll - 2007-06-27 14:34:51 132,608 ----a-w C:\WINDOWS\system32\extmgr.dll + 2007-08-20 10:04:34 132,608 ----a-w C:\WINDOWS\system32\extmgr.dll - 2006-10-17 18:58:20 61,952 ------w C:\WINDOWS\system32\icardie.dll + 2007-08-20 10:04:34 63,488 ----a-w C:\WINDOWS\system32\icardie.dll - 2007-06-27 08:27:04 63,488 ----a-w C:\WINDOWS\system32\ie4uinit.exe + 2007-08-17 10:20:54 63,488 ----a-w C:\WINDOWS\system32\ie4uinit.exe - 2007-06-27 14:34:51 153,088 ----a-w C:\WINDOWS\system32\ieakeng.dll + 2007-08-20 10:04:34 153,088 ----a-w C:\WINDOWS\system32\ieakeng.dll - 2007-06-27 14:34:51 230,400 ----a-w C:\WINDOWS\system32\ieaksie.dll + 2007-08-20 10:04:35 230,400 ----a-w C:\WINDOWS\system32\ieaksie.dll - 2007-06-27 07:00:33 161,792 ----a-w C:\WINDOWS\system32\ieakui.dll + 2007-08-17 07:34:25 161,792 ----a-w C:\WINDOWS\system32\ieakui.dll - 2007-06-27 14:34:51 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll + 2007-08-20 10:04:35 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll - 2007-06-27 14:34:51 384,512 ----a-w C:\WINDOWS\system32\iedkcs32.dll + 2007-08-20 10:04:35 384,512 ----a-w C:\WINDOWS\system32\iedkcs32.dll - 2007-06-27 14:34:55 6,058,496 ----a-w C:\WINDOWS\system32\ieframe.dll + 2007-08-20 10:04:37 6,058,496 ----a-w C:\WINDOWS\system32\ieframe.dll - 2007-06-27 14:34:55 44,544 ----a-w C:\WINDOWS\system32\iernonce.dll + 2007-08-20 10:04:38 44,544 ----a-w C:\WINDOWS\system32\iernonce.dll - 2007-06-27 14:34:55 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll + 2007-08-20 10:04:38 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll - 2007-06-27 08:27:05 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe + 2007-08-17 10:20:54 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe + 2007-09-25 06:30:28 135,168 ----a-w C:\WINDOWS\system32\java.exe + 2007-09-25 06:30:30 135,168 ----a-w C:\WINDOWS\system32\javaw.exe + 2007-09-25 07:31:42 139,264 ----a-w C:\WINDOWS\system32\javaws.exe - 2007-06-27 14:34:56 27,648 ----a-w C:\WINDOWS\system32\jsproxy.dll + 2007-08-20 10:04:39 27,648 ----a-w C:\WINDOWS\system32\jsproxy.dll + 2005-05-24 20:27:16 213,048 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll + 2007-08-29 23:47:20 94,208 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe + 2007-08-29 23:49:54 950,272 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll + 2000-09-19 01:12:40 77,824 ------w C:\WINDOWS\system32\LOC32VC0.DLL - 2007-09-06 02:50:42 17,474,680 ----a-w C:\WINDOWS\system32\MRT.exe + 2007-09-28 05:19:39 18,089,592 ----a-w C:\WINDOWS\system32\MRT.exe - 2007-06-27 14:34:56 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll + 2007-08-20 10:04:39 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll - 2007-06-27 14:34:56 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll + 2007-08-20 10:04:39 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll + 2000-09-19 01:16:20 20,992 ----a-w C:\WINDOWS\system32\msgsys.dll - 2007-07-19 06:59:59 3,856,384 ----a-w C:\WINDOWS\system32\mshtml.dll + 2007-08-20 10:04:41 3,584,512 ----a-w C:\WINDOWS\system32\mshtml.dll - 2007-06-27 14:34:57 477,696 ------w C:\WINDOWS\system32\mshtmled.dll + 2007-08-20 10:04:41 477,696 ----a-w C:\WINDOWS\system32\mshtmled.dll + 2000-09-19 01:12:40 1,039,360 ------w C:\WINDOWS\system32\MSJET35.DLL + 2000-09-19 01:12:40 37,136 ------w C:\WINDOWS\system32\MSJINT35.DLL + 2000-09-19 01:12:40 24,336 ------w C:\WINDOWS\system32\MSJTER35.DLL + 2000-09-19 01:12:40 169,984 ------w C:\WINDOWS\system32\MSLTUS35.DLL - 2007-06-27 14:34:58 193,024 ----a-w C:\WINDOWS\system32\msrating.dll + 2007-08-20 10:04:41 193,024 ----a-w C:\WINDOWS\system32\msrating.dll + 2000-09-19 01:12:40 251,664 ------w C:\WINDOWS\system32\MSRD2X35.DLL - 2007-06-27 14:34:58 671,232 ----a-w C:\WINDOWS\system32\mstime.dll + 2007-08-20 10:04:42 671,232 ----a-w C:\WINDOWS\system32\mstime.dll + 2001-09-24 15:59:00 45,056 ----a-w C:\WINDOWS\system32\NavLogon.dll + 2000-09-19 01:16:20 61,952 ----a-w C:\WINDOWS\system32\nts.dll - 2007-06-27 14:34:58 163,840 ----a-w C:\WINDOWS\system32\occache.dll + 2007-08-20 10:04:42 102,400 ----a-w C:\WINDOWS\system32\occache.dll + 2000-09-19 01:12:40 77,824 ------w C:\WINDOWS\system32\ODBCTL32.DLL + 2000-09-19 01:16:20 81,408 ----a-w C:\WINDOWS\system32\pds.dll - 2004-08-04 07:56:46 581,120 ----a-w C:\WINDOWS\system32\rpcrt4.dll + 2007-07-09 13:09:42 584,192 ----a-w C:\WINDOWS\system32\rpcrt4.dll - 2007-06-27 14:34:58 62,464 ----a-w C:\WINDOWS\system32\url.dll + 2007-08-20 10:04:42 105,984 ----a-w C:\WINDOWS\system32\url.dll - 2007-06-27 14:34:58 1,225,728 ----a-w C:\WINDOWS\system32\urlmon.dll + 2007-08-20 10:04:42 1,152,000 ----a-w C:\WINDOWS\system32\urlmon.dll + 2000-09-19 01:12:40 368,912 ------w C:\WINDOWS\system32\VBAR332.DLL + 2007-09-07 00:14:04 83,432 ----a-w C:\WINDOWS\system32\vsdata.dll + 2007-09-07 00:14:28 395,080 ----a-w C:\WINDOWS\system32\vsdatant.sys + 2007-09-07 00:14:06 46,568 ----a-w C:\WINDOWS\system32\vswmi.dll - 2007-06-27 14:34:59 393,728 ----a-w C:\WINDOWS\system32\webcheck.dll + 2007-08-20 10:04:42 232,960 ----a-w C:\WINDOWS\system32\webcheck.dll - 2007-06-27 14:34:59 814,592 ----a-w C:\WINDOWS\system32\wininet.dll + 2007-08-20 10:04:43 824,832 ----a-w C:\WINDOWS\system32\wininet.dll - 2007-03-09 10:02:31 115,200 ----a-w C:\WINDOWS\system32\xpsp3res.dll + 2007-06-13 06:53:14 115,712 ----a-w C:\WINDOWS\system32\xpsp3res.dll + 2007-09-07 00:14:06 83,432 ----a-w C:\WINDOWS\system32\zlcomm.dll + 2007-09-07 00:14:08 71,144 ----a-w C:\WINDOWS\system32\zlcommdb.dll + 2003-03-26 02:53:50 11,776 ----a-w C:\WINDOWS\system32\ZPORT4AS.dll . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "VTTimer"="VTTimer.exe" [2005-03-08 02:33 C:\WINDOWS\system32\VTTimer.exe] "VTTrayp"="VTtrayp.exe" [2005-03-11 16:33 C:\WINDOWS\system32\VTTrayp.exe] "SoundMan"="SOUNDMAN.EXE" [2006-03-01 15:22 C:\WINDOWS\soundman.exe] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 02:06] "ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 15:15] "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 15:15] "SMSERIAL"="sm56hlpr.exe" [] "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 23:47] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11] "egui"="C:\Program Files\Eset\Eset Smart Security\egui.exe" [2007-09-21 09:16] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-29 12:22] "ViStart"="C:\Program Files\ViStart\ViStart.exe" [] [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t C:\Documents and Settings\randy\Start Menu\Programs\Startup\ Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-06-27 18:56:26] OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 19:24:54] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoResolveTrack"=0 (0x0) "NoFileAssociate"=0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoRecentDocsHistory"=0 (0x0) "NoTrayItemsDisplay"=0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PFW] UmxWnp.Dll 2007-01-31 13:00 79368 C:\WINDOWS\system32\UmxWNP.dll R0 KmxStart;KmxStart;C:\WINDOWS\system32\DRIVERS\kmxstart.sys R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys R0 xfilt;VIA SATA IDE Hot-plug Driver;C:\WINDOWS\system32\DRIVERS\xfilt.sys R1 BIOS;BIOS;\??\C:\WINDOWS\System32\drivers\BIOS.sys R1 easdrv;easdrv;C:\WINDOWS\system32\DRIVERS\easdrv.sys R1 epfwtdi;epfwtdi;C:\WINDOWS\system32\DRIVERS\epfwtdi.sys R1 KmxAgent;KmxAgent;C:\WINDOWS\system32\DRIVERS\kmxagent.sys R1 KmxFile;KmxFile;C:\WINDOWS\system32\DRIVERS\KmxFile.sys R1 KmxFw;KmxFw;C:\WINDOWS\system32\DRIVERS\kmxfw.sys R2 eamon;EAMON;C:\WINDOWS\system32\DRIVERS\eamon.sys R2 ekrn;Eset Service;"C:\Program Files\Eset\Eset Smart Security\ekrn.exe" R2 epfw;epfw;C:\WINDOWS\system32\DRIVERS\epfw.sys R2 KmxCF;KmxCF;C:\WINDOWS\system32\DRIVERS\KmxCF.sys R2 KmxSbx;KmxSbx;C:\WINDOWS\system32\DRIVERS\KmxSbx.sys R2 UmxAgent;HIPS Event Manager;"C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe" R2 UmxCfg;HIPS Configuration Interpreter;"C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe" R2 UmxPol;HIPS Policy Manager;"C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe" R3 Epfwndis;Eset Personal Firewall;C:\WINDOWS\system32\DRIVERS\Epfwndis.sys R3 KmxCfg;KmxCfg;C:\WINDOWS\system32\DRIVERS\kmxcfg.sys S3 BDSelfPr;BDSelfPr;\??\C:\Program Files\BitDefender\BitDefender 2008\bdselfpr.sys S3 EhttpSrv;Eset HTTP Server;"C:\Program Files\Eset\Eset Smart Security\EHttpSrv.exe" S3 motmodem;Motorola USB CDC ACM Driver;C:\WINDOWS\system32\DRIVERS\motmodem.sys [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bdx scan [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F] AutoRun\command - F:\CDStart.Exe Install\Command - F:\Stub.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{76ee0c80-657a-11dc-be68-00192167bb26}] Auto\command - sxs.exe AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sxs.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8cc795e4-357f-11dc-bdbb-00192167bb26}] AutoRun\command - F:\LaunchU3.exe -a . Contents of the 'Scheduled Tasks' folder "2007-09-14 21:08:39 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2007-10-13 04:00:56 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - randy.job" "2007-08-28 07:37:11 C:\WINDOWS\Tasks\rpc.job" - C:\Program Files\Winferno\RegistryPowerCleaner\RegPowerClean.exe . ************************************************************************** catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-10-16 18:38:53 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... ************************************************************************** . Completion time: 2007-10-16 18:40:12 C:\ComboFix-quarantined-files.txt ... 2007-10-14 20:49 C:\ComboFix2.txt ... 2007-10-14 20:50 C:\ComboFix3.txt ... 2007-10-14 02:10 . --- E O F --- Deckard's System Scanner v20070905.67 Run by randy on 2007-10-16 18:45:49 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- Successfully created a Deckard's System Scanner Restore Point. -- Last 5 Restore Point(s) -- 36: 2007-10-17 02:45:56 UTC - RP36 - Deckard's System Scanner Restore Point 35: 2007-10-17 02:35:53 UTC - RP35 - ComboFix created restore point 34: 2007-10-17 00:57:22 UTC - RP34 - System Checkpoint 33: 2007-10-15 04:45:26 UTC - RP33 - ComboFix created restore point 32: 2007-10-14 10:13:04 UTC - RP32 - Removed Symantec Technical Support Web Controls -- First Restore Point -- 1: 2007-10-09 06:35:55 UTC - RP1 - System Checkpoint Performed disk cleanup. Total Physical Memory: 447 MiB (512 MiB recommended). -- HijackThis (run as randy.exe) ----------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 6:46:06 PM, on 10/16/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Eset\Eset Smart Security\ekrn.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\Protexis\License Service\PSIService.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\VTTimer.exe C:\WINDOWS\system32\VTtrayp.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\Eset\Eset Smart Security\egui.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Documents and Settings\randy\desktop\dss.exe C:\PROGRA~1\TRENDM~1\HIJACK~1\randy.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.windowsxlive.net R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [egui] "C:\Program Files\Eset\Eset Smart Security\egui.exe" /hide /waitservice O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [ViStart] C:\Program Files\ViStart\ViStart.exe O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe O23 - Service: DefWatch - Unknown owner - C:\Program Files\NavNT\defwatch.exe (file missing) O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\Eset\Eset Smart Security\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - Eset - C:\Program Files\Eset\Eset Smart Security\ekrn.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing) O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Unknown owner - C:\Program Files\NavNT\rtvscan.exe (file missing) O23 - Service: ProtexisLicensing - Unknown owner - C:\Program Files\Common Files\Protexis\License Service\PSIService.exe O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe O23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- End of file - 8828 bytes -- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) ----------- backup-20071014-020020-169 O3 - Toolbar: (no name) - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - (no file) backup-20071014-020020-272 O3 - Toolbar: (no name) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - (no file) backup-20071014-020020-538 O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - (no file) backup-20071014-020020-758 O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) backup-20071014-020020-806 O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file) backup-20071014-020020-841 R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - (no file) backup-20071014-020020-984 O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file) backup-20071016-183405-262 O4 - HKLM\..\Run: [cafwc] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe -cl backup-20071016-183405-409 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe backup-20071016-183405-440 O4 - HKLM\..\Run: [capfasem] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe backup-20071016-183405-529 O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe" backup-20071016-183405-625 O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe" backup-20071016-183405-728 O4 - HKCU\..\RunOnce: [] C:\PROGRA~1\MOZILL~1\FIREFOX.EXE http://www.symantec.com/techsupp/ser...00096.000001da backup-20071016-183405-761 O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - (no file) backup-20071016-183405-982 O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file) -- File Associations ----------------------------------------------------------- All associations okay. -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R0 sr (System Restore Filter Driver) - c:\windows\\systemroot\system32\drivers\sr.sys (file missing) R1 BIOS - c:\windows\system32\drivers\bios.sys <Not Verified; BIOSTAR Group; BIOSTAR I/O driver fle> R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu> R3 catchme - c:\docume~1\randy\locals~1\temp\catchme.sys (file missing) S3 BDSelfPr - c:\program files\bitdefender\bitdefender 2008\bdselfpr.sys (file missing) S3 SABProcEnum - c:\progra~1\mozill~1\sabprocenum.sys (file missing) S4 NAVAPEL - c:\program files\norton antivirus\navapel.sys (file missing) -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service> S2 DefWatch - "c:\program files\navnt\defwatch.exe" (file missing) S2 Norton AntiVirus Server (Norton AntiVirus Client) - "c:\program files\navnt\rtvscan.exe" (file missing) S2 ProtexisLicensing - "c:\program files\common files\protexis\license service\psiservice.exe" <Not Verified; ; PSIService> S3 NMIndexingService - "c:\program files\common files\ahead\lib\nmindexingservice.exe" (file missing) -- Device Manager: Disabled ---------------------------------------------------- Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318} Description: BitDefender Firewall NDIS Filter Miniport Device ID: ROOT\SW_BDFNDISFMP\0000 Manufacturer: Softwin Name: BitDefender Firewall NDIS Filter Miniport PNP Device ID: ROOT\SW_BDFNDISFMP\0000 Service: Bdfndisf -- Process Modules ------------------------------------------------------------- C:\WINDOWS\system32\winlogon.exe (pid 916) 2004-08-03 23:56:44 1101824 --a------ C:\WINDOWS\system32\msgina.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2006-12-19 13:52:18 12866048 --a------ C:\WINDOWS\system32\shell32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2006-09-23 11:12:50 498688 --a------ C:\WINDOWS\system32\shlwapi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2006-08-09 19:58:54 218624 --a------ C:\WINDOWS\system32\uxtheme.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2004-08-03 23:56:38 3288064 --a------ C:\WINDOWS\system32\xpsp2res.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2001-09-24 07:59:00 45056 --a------ C:\WINDOWS\system32\NavLogon.dll C:\WINDOWS\system32\svchost.exe (pid 1192) 2006-12-19 13:52:18 12866048 --a------ C:\WINDOWS\system32\shell32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2006-09-23 11:12:50 498688 --a------ C:\WINDOWS\system32\shlwapi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2006-08-09 19:58:54 218624 --a------ C:\WINDOWS\system32\uxtheme.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2004-08-03 23:56:38 3288064 --a------ C:\WINDOWS\system32\xpsp2res.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> C:\WINDOWS\system32\svchost.exe (pid 1400) 2006-12-19 13:52:18 12866048 --a------ C:\WINDOWS\system32\shell32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2006-09-23 11:12:50 498688 --a------ C:\WINDOWS\system32\shlwapi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2006-08-09 19:58:54 218624 --a------ C:\WINDOWS\system32\uxtheme.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2004-08-03 23:56:38 3288064 --a------ C:\WINDOWS\system32\xpsp2res.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2004-08-03 23:56:46 2122752 --a------ C:\WINDOWS\system32\netshell.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2004-08-03 23:56:42 188928 --a------ C:\WINDOWS\system32\credui.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2004-08-03 23:56:46 1229824 --a------ C:\WINDOWS\system32\rasdlg.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> C:\WINDOWS\system32\svchost.exe (pid 1440) 2006-12-19 13:52:18 12866048 --a------ C:\WINDOWS\system32\shell32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2006-09-23 11:12:50 498688 --a------ C:\WINDOWS\system32\shlwapi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2006-08-09 19:58:54 218624 --a------ C:\WINDOWS\system32\uxtheme.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> C:\WINDOWS\system32\svchost.exe (pid 748) 2006-12-19 13:52:18 12866048 --a------ C:\WINDOWS\system32\shell32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2006-09-23 11:12:50 498688 --a------ C:\WINDOWS\system32\shlwapi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2006-08-09 19:58:54 218624 --a------ C:\WINDOWS\system32\uxtheme.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2004-08-03 23:56:38 3288064 --a------ C:\WINDOWS\system32\xpsp2res.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> C:\WINDOWS\explorer.exe (pid 4060) 2006-09-23 11:12:50 1020928 --a------ C:\WINDOWS\system32\browseui.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2006-09-23 11:12:50 498688 --a------ C:\WINDOWS\system32\shlwapi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2006-09-23 11:12:50 1776640 --a------ C:\WINDOWS\system32\shdocvw.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2006-12-19 13:52:18 12866048 --a------ C:\WINDOWS\system32\shell32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2006-08-09 19:58:54 218624 --a------ C:\WINDOWS\system32\uxtheme.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2004-08-03 23:56:48 388096 --a------ C:\WINDOWS\system32\themeui.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2004-08-03 23:56:38 3288064 --a------ C:\WINDOWS\system32\xpsp2res.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2004-08-03 23:56:46 231936 --a------ C:\WINDOWS\system32\ntshrui.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2004-08-03 23:56:46 147456 --a------ C:\WINDOWS\system32\stobject.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2004-08-03 23:56:42 28672 --a------ C:\WINDOWS\system32\batmeter.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2004-08-03 23:56:46 2122752 --a------ C:\WINDOWS\system32\netshell.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2004-08-03 23:56:42 188928 --a------ C:\WINDOWS\system32\credui.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2004-08-03 23:56:46 86016 --a------ C:\WINDOWS\system32\mydocs.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> -- Scheduled Tasks ------------------------------------------------------------- 2007-10-12 20:00:56 564 --a------ C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - randy.job 2007-09-14 13:08:39 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job 2007-08-27 23:37:11 386 --a------ C:\WINDOWS\Tasks\rpc.job -- Files created between 2007-09-16 and 2007-10-16 ----------------------------- 2007-10-14 02:26:22 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab 2007-10-14 02:26:20 0 d-------- C:\WINDOWS\system32\Kaspersky Lab 2007-10-14 00:42:10 131072 --a------ C:\WINDOWS\system32\dzip32.dll <Not Verified; Inner Media, Inc.; DynaZIP-32 Multi-Threading ZIP DLL> 2007-10-14 00:42:10 110592 --a------ C:\WINDOWS\system32\dunzip32.dll <Not Verified; Inner Media, Inc.; DynaZIP-32 Multi-Threading UnZIP DLL> 2007-10-14 00:41:48 0 d-------- C:\Program Files\Windows Media Bonus Pack for Windows XP 2007-10-13 23:56:36 1175700 --a------ C:\WINDOWS\system32\RainySs.scr 2007-10-13 23:56:36 0 d-------- C:\Program Files\Rainy Screensaver 2007-10-13 18:22:50 0 d-------- C:\Documents and Settings\randy\Application Data\Eset 2007-10-13 17:38:36 0 d-------- C:\WINDOWS\system32\eScan 2007-10-13 17:34:01 0 d-------- C:\Documents and Settings\All Users\Application Data\Eset 2007-10-13 11:08:13 0 d-------- C:\Documents and Settings\All Users\Application Data\Trend Micro 2007-10-13 11:03:09 0 d-------- C:\WINDOWS\SxsCaPendDel 2007-10-13 09:54:36 0 drahs---- C:\autorun.inf 2007-10-12 23:47:30 0 d-------- C:\Documents and Settings\randy\Application Data\Help 2007-10-12 22:10:44 0 d-------- C:\Documents and Settings\All Users\Application Data\Symantec 2007-10-12 21:01:48 0 d-------- C:\WINDOWS\system32\CBA 2007-10-12 20:28:25 1079 --a------ C:\smbios.bin 2007-10-10 10:02:18 0 d--hs---- C:\Documents and Settings\randy\Recent 2007-10-10 09:47:56 0 d-------- C:\Documents and Settings\randy\Application Data\BitDefender 2007-10-10 07:38:02 0 d-------- C:\Documents and Settings\randy\Downloads 2007-10-10 01:18:19 0 d-------- C:\Documents and Settings\randy\Application Data\CheckPoint 2007-10-10 01:17:03 0 d-------- C:\Program Files\CheckPoint 2007-10-09 13:16:03 0 d-------- C:\Program Files\Sun 2007-10-09 13:08:14 0 d-------- C:\Program Files\Java 2007-10-09 13:07:52 0 d-------- C:\Program Files\Common Files\Java 2007-10-09 13:05:45 0 d-------- C:\Documents and Settings\randy\Application Data\Sun 2007-10-09 01:21:01 0 d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier 2007-10-09 01:20:45 11264 --a------ C:\WINDOWS\system32\SpOrder.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows NT(TM) Operating System> 2007-10-08 23:43:25 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat 2007-10-08 23:42:10 0 d-------- C:\WINDOWS\system32\ZoneLabs 2007-10-08 23:41:02 0 d-------- C:\WINDOWS\Internet Logs 2007-10-08 23:24:02 0 d-------- C:\Program Files\SpywareBlaster 2007-10-08 22:39:22 0 d-------- C:\Program Files\CCleaner 2007-10-08 18:32:37 0 d-------- C:\WINDOWS\system32\ActiveScan 2007-10-08 12:32:11 0 d-------- C:\VundoFix Backups 2007-10-07 15:47:03 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files 2007-10-07 14:11:14 0 d-------- C:\Documents and Settings\All Users\Application Data\SiteAdvisor 2007-10-07 13:47:22 0 d-------- C:\Documents and Settings\randy\Application Data\SiteAdvisor 2007-10-07 13:17:27 2977792 -----n--- C:\WINDOWS\UNNMP.exe <Not Verified; Nero AG; Nero Web Engine> 2007-10-07 13:13:44 155648 --a------ C:\WINDOWS\system32\NeroCheck.exe <Not Verified; Ahead Software Gmbh; Ahead Software Gmbh NeroCheck> 2007-10-07 13:10:59 2977792 -----n--- C:\WINDOWS\UNNeroVision.exe <Not Verified; Nero AG; Nero Web Engine> 2007-10-07 13:10:04 364544 -----n--- C:\WINDOWS\system32\TwnLib4.dll <Not Verified; Pegasus Imaging Corp.; TwnLib4> 2007-10-07 13:10:04 471040 -----n--- C:\WINDOWS\system32\ImagXRA7.dll <Not Verified; Pegasus Imaging Corp.; ImagXpress7> 2007-10-07 13:10:04 262144 -----n--- C:\WINDOWS\system32\ImagXR7.dll <Not Verified; Pegasus Imaging Corp.; ImagXpress7> 2007-10-07 13:10:03 106496 --a------ C:\WINDOWS\system32\TwnLib20.dll <Not Verified; Pegasus Software; TWNLIB20> 2007-10-07 13:10:03 38912 -----n--- C:\WINDOWS\system32\picn20.dll <Not Verified; Pegasus Imaging Corp.; PEGASUS> 2007-10-07 13:10:03 1568768 -----n--- C:\WINDOWS\system32\ImagX7.dll <Not Verified; Pegasus Imaging Corp.; ImagXpress7> 2007-10-06 22:49:31 0 d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet 2007-10-04 23:16:48 0 d-------- C:\WINDOWS\config 2007-10-04 15:01:24 0 d-------- C:\Program Files\Real Desktop 2007-10-04 15:01:24 0 d-------- C:\Documents and Settings\randy\Application Data\FogelSoft 2007-10-04 15:00:47 0 d-------- C:\Documents and Settings\LocalService\Desktop 2007-10-04 15:00:29 0 d-------- C:\Documents and Settings\randy\Application Data\Opera 2007-10-03 23:36:43 0 d-------- C:\Program Files\SuperBladePro 2007-10-03 22:07:12 0 --a------ C:\WINDOWS\nsreg.dat 2007-10-01 14:23:21 4912 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd 2007-10-01 11:54:02 0 d-------- C:\Program Files\Windows Live 2007-09-30 14:35:21 0 d-------- C:\Program Files\ViStart 2007-09-29 18 03 0 d-------- C:\Program Files\XP Repair Pro 20072007-09-29 17:57:29 0 d-------- C:\Program Files\XPRepairPro2006 2007-09-28 14:01:29 0 d-------- C:\Documents and Settings\randy\Application Data\Leadertech 2007-09-28 01:35:25 81984 --a------ C:\WINDOWS\system32\bdod.bin 2007-09-27 00:50:06 0 d-------- C:\Documents and Settings\All Users\Application Data\McAfee 2007-09-26 18:54:50 0 d-------- C:\Documents and Settings\NetworkService\Application Data\Identities 2007-09-26 18:53:26 0 d-------- C:\Program Files\Windows Desktop Search 2007-09-26 18:49:06 0 d-------- C:\Program Files\Microsoft SQL Server Compact Edition 2007-09-26 18:46:44 0 d-------- C:\Program Files\Windows Live Toolbar 2007-09-26 10:49:17 0 d-------- C:\Documents and Settings\randy\Application Data\???????sAppData 2007-09-26 07:11:05 131072 --a------ C:\WINDOWS\SNVerifyDLL.dll 2007-09-26 07:11:05 1032192 --a------ C:\WINDOWS\AquaReal.scr 2007-09-26 07:11:03 0 d-------- C:\Program Files\Formosoft 2007-09-26 06:54:35 118784 --a------ C:\WINDOWS\dx7ogl32.dll 2007-09-26 06:54:34 4770816 --a------ C:\WINDOWS\3D Fish School 3.scr 2007-09-26 06:54:34 0 d-------- C:\Program Files\3D Fish School 3 2007-09-24 21:15:11 73216 --a------ C:\WINDOWS\ST6UNST.EXE <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows> 2007-09-24 14:46:48 0 d-------- C:\Program Files\AIMP2 2007-09-19 19:21:27 0 d-------- C:\Program Files\Microsoft Encarta 2007-09-18 19:52:56 0 d-------- C:\Documents and Settings\randy\Application Data\Symantec -- Find3M Report --------------------------------------------------------------- 2007-10-16 06:35:09 0 d-------- C:\Documents and Settings\randy\Application Data\uTorrent 2007-10-13 11:10:22 0 d-------- C:\Program Files\Trend Micro 2007-10-13 09:35:46 0 d-------- C:\Program Files\Common Files\Symantec Shared 2007-10-13 00:26:12 0 d-------- C:\Program Files\Common Files 2007-10-12 23:52:33 0 d-------- C:\Program Files\Xilisoft 2007-10-12 20:16:49 0 d-------- C:\Documents and Settings\randy\Application Data\Adobe 2007-10-10 16:31:18 0 d--h----- C:\Program Files\InstallShield Installation Information 2007-10-08 21:11:35 0 d-------- C:\Program Files\Common Files\Adobe 2007-10-07 22:53:54 1771318 --a------ C:\Documents and Settings\randy\Application Data\NAB_Install.log 2007-10-07 13:17:10 0 d-------- C:\Program Files\Ahead 2007-10-07 13:09:47 0 d-------- C:\Program Files\Common Files\Ahead 2007-10-04 15:03:25 0 d-------- C:\Program Files\Movie Maker 2007-10-04 15:01:24 0 d-------- C:\Program Files\Windows Live Safety Center 2007-10-04 15:01:12 0 d-------- C:\Program Files\OneStepSearch 2007-10-04 15:01:12 0 d-------- C:\Documents and Settings\randy\Application Data\dvdcss 2007-10-01 14:40:30 72074 --a------ C:\WINDOWS\BricoPackUninst.cmd 2007-09-28 19:18:41 1791 --a------ C:\WINDOWS\mozver.dat 2007-09-28 12:24:59 0 d-------- C:\Program Files\Windows Media Connect 2 2007-09-26 10:49:32 0 d-------- C:\Documents and Settings\randy\Application Data\???????sAppData 2007-09-26 07:08:13 0 d-------- C:\Program Files\Common Files\InstallShield 2007-09-19 20:12:43 0 d-------- C:\Program Files\Yahoo! 2007-09-19 20:12:38 0 d-------- C:\Program Files\Common Files\Scanner 2007-09-18 23:37:15 0 d-------- C:\Documents and Settings\randy\Application Data\SUPERAntiSpyware.com 2007-09-18 23:37:08 0 d-------- C:\Program Files\SUPERAntiSpyware 2007-09-17 17:05:52 0 d-------- C:\Documents and Settings\randy\Application Data\Apple Computer 2007-09-14 22:59:59 0 d-------- C:\Program Files\Microsoft Works 2007-09-14 22:59:25 0 d-------- C:\Program Files\MSBuild 2007-09-14 22:56:29 0 d-------- C:\Program Files\Microsoft.NET 2007-09-14 22:43:32 0 d-------- C:\Program Files\Microsoft Visual Studio 8 2007-09-14 22:27:20 0 d-------- C:\Program Files\PowerISO 2007-09-14 13:08:16 0 d-------- C:\Program Files\Apple Software Update 2007-09-14 09:51:12 0 d-------- C:\Program Files\Microsoft Silverlight 2007-09-07 20:16:33 0 d-------- C:\Documents and Settings\randy\Application Data\MSN6 2007-09-03 09:18:34 0 d-------- C:\Program Files\uTorrent 2007-08-29 13:42:37 0 d-------- C:\Program Files\DivX 2007-08-29 13:02:06 0 d-------- C:\Documents and Settings\randy\Application Data\Yahoo! 2007-08-27 23:16:09 0 d-------- C:\Program Files\Common Files\Download Manager 2007-08-26 22:48:20 0 d-------- C:\Program Files\Flash N Burn 2007-08-25 21:26:47 0 d-------- C:\Documents and Settings\randy\Application Data\AIMP 2007-08-04 20:39:47 2560 --a------ C:\WINDOWS\_MSRSTRT.EXE 2007-07-30 18:19:16 68440 --a------ C:\WINDOWS\system32\wuauclt.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2007-07-21 22:47:51 2516 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "VTTimer"="VTTimer.exe" [03/08/2005 02:33 AM C:\WINDOWS\system32\VTTimer.exe] "VTTrayp"="VTtrayp.exe" [03/11/2005 04:33 PM C:\WINDOWS\system32\VTTrayp.exe] "SoundMan"="SOUNDMAN.EXE" [03/01/2006 03:22 PM C:\WINDOWS\soundman.exe] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [05/11/2007 02:06 AM] "ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [02/16/2005 03:15 PM] "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [02/16/2005 03:15 PM] "SMSERIAL"="sm56hlpr.exe" [] "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [10/26/2006 11:47 PM] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [07/09/2001 11:50 AM] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 01:11 AM] "egui"="C:\Program Files\Eset\Eset Smart Security\egui.exe" [09/21/2007 09:16 AM] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/03/2004 11:56 PM] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [07/29/2007 12:22 PM] "ViStart"="C:\Program Files\ViStart\ViStart.exe" [] [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t C:\Documents and Settings\randy\Start Menu\Programs\Startup\ Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [6/27/2007 6:56:26 PM] OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [10/26/2006 7:24:54 PM] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [6/27/2007 6:56:26 PM] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "NoDispBackgroundPage"=0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoResolveTrack"=0 (0x0) "NoPropertiesMyComputer"=0 (0x0) "NoFileAssociate"=0 (0x0) "NoSMHelp"=0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoRecentDocsHistory"=0 (0x0) "ClearRecentDocsOnExit"=0 (0x0) "NoTrayItemsDisplay"=0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PFW] UmxWnp.Dll 01/31/2007 01:00 PM 79368 C:\WINDOWS\system32\UmxWNP.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] @="Volume shadow copy" [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bdx scan [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F] AutoRun\command- F:\CDStart.Exe Install\Command- F:\Stub.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{76ee0c80-657a-11dc-be68-00192167bb26}] Auto\command- sxs.exe AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sxs.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8cc795e4-357f-11dc-bdbb-00192167bb26}] AutoRun\command- F:\LaunchU3.exe -a -- End of Deckard's System Scanner: finished at 2007-10-16 18:48:42 ------------ Deckard's System Scanner v20070905.67 Extra logfile - please post this as an attachment with your post. -------------------------------------------------------------------------------- -- System Information ---------------------------------------------------------- Microsoft Windows XP Home Edition (build 2600) SP 2.0 Architecture: X86; Language: English CPU 0: Intel(R) Celeron(R) D CPU 3.06GHz Percentage of Memory in Use: 71% Physical Memory (total/avail): 446.42 MiB / 125.18 MiB Pagefile Memory (total/avail): 1050.39 MiB / 816.75 MiB Virtual Memory (total/avail): 2047.88 MiB / 1944.77 MiB C: is Fixed (NTFS) - 56.64 GiB total, 32.09 GiB free. D: is Fixed (NTFS) - 55.14 GiB total, 32.8 GiB free. E: is CDROM (No Media) F: is Removable (FAT32) \\.\PHYSICALDRIVE0 - ST3120022A - 111.79 GiB - 2 partitions \PARTITION0 (bootable) - Installable File System - 56.64 GiB - C: \PARTITION1 - Extended w/Extended Int 13 - 55.14 GiB - D: \\.\PHYSICALDRIVE1 - USB 2.0 Flash Disk USB Device - 980.53 MiB - 1 partition \PARTITION0 (bootable) - Unknown - 983.97 MiB - F: -- Security Center ------------------------------------------------------------- AUOptions is scheduled to auto-install. Windows Internal Firewall is disabled. FirewallOverride is set. FW: Bitdefender Firewall v8.0 (BitDefender) Disabled FW: Eset personal firewall v3.0.414.0 (Eset, spol. s r. o.) AV: Bitdefender Antivirus v8.0 (BitDefender) AV: Eset Smart Security 3.0 v3.0 (Eset, spol. s r. o.) [HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] -- Environment Variables ------------------------------------------------------- ALLUSERSPROFILE=C:\Documents and Settings\All Users APPDATA=C:\Documents and Settings\randy\Application Data CLASSPATH=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip CLIENTNAME=Console CommonProgramFiles=C:\Program Files\Common Files COMPUTERNAME=MR-3PN7GIISE2K2 ComSpec=C:\WINDOWS\system32\cmd.exe FP_NO_HOST_CHECK=NO HOMEDRIVE=C: HOMEPATH=\Documents and Settings\randy LOGONSERVER=\\MR-3PN7GIISE2K2 NUMBER_OF_PROCESSORS=1 OS=Windows_NT Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\QuickTime\QTSystem PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH PROCESSOR_ARCHITECTURE=x86 PROCESSOR_IDENTIFIER=x86 Family 15 Model 6 Stepping 5, GenuineIntel PROCESSOR_LEVEL=15 PROCESSOR_REVISION=0605 ProgramFiles=C:\Program Files PROMPT=$P$G QTJAVA=C:\Program Files\QuickTime\QTSystem\QTJava.zip SESSIONNAME=Console SystemDrive=C: SystemRoot=C:\WINDOWS TEMP=C:\DOCUME~1\randy\LOCALS~1\Temp TMP=C:\DOCUME~1\randy\LOCALS~1\Temp USERDOMAIN=MR-3PN7GIISE2K2 USERNAME=randy USERPROFILE=C:\Documents and Settings\randy windir=C:\WINDOWS __COMPAT_LAYER=EnableNXShowUI -- User Profiles --------------------------------------------------------------- randy (admin) Administrator (admin) -- Add/Remove Programs --------------------------------------------------------- --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL --> C:\WINDOWS\UNNeroVision.exe /UNINSTALL --> C:\WINDOWS\UNNMP.exe /UNINSTALL --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL 3D Fish School Screen Saver 3.94 --> "C:\Program Files\3D Fish School 3\unins000.exe" Adobe Bridge 1.0 --> MsiExec.exe /I{B74D4E10-6884-0000-0000-000000000103} Adobe Common File Installer --> MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39} Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe Adobe Help Center 1.0 --> MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001} Adobe Illustrator CS --> RunDll32 "C:\Program Files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll",LaunchSetup "C:\Program Files\InstallShield Installation Information\{91A4AD99-69CE-4745-97B7-0E0DFBECFDE5}\setup.exe" Adobe Illustrator CS2 --> msiexec /I {B2F5D08C-7E79-4FCD-AAF4-57AD35FF0601} Adobe Photoshop 7.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop 7.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 7.0\Uninst.dll" Adobe Photoshop CS2 --> msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D} Adobe Reader 8.1.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003} Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log Adobe Stock Photos 1.0 --> MsiExec.exe /I{EE0D5DCD-2B97-4473-98DF-E93C0BD92F7A} Adobe SVG Viewer 3.0 --> C:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Install.log Adobe® Photoshop® Album Starter Edition 3.2 --> MsiExec.exe /I{A654A805-41D9-40C7-AA46-4AF04F044D61} AIMP2 --> C:\Program Files\AIMP2\UnInstall.exe Apple Mobile Device Support --> MsiExec.exe /I{A43B2A2F-1DB5-47F9-A608-F11A4835D7CB} Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4} Aqua Real --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{08830FBE-81C6-4286-8A62-27D0018B1F7D}\Setup.exe" -l0x9 Ashampoo WinOptimizer 4.35 --> "C:\Program Files\Ashampoo\Ashampoo WinOptimizer 4\unins000.exe" CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe" DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN DVD Creator3 --> C:\Program Files\Xilisoft\DVD Creator3\Uninstall.exe Eset Smart Security --> MsiExec.exe /I{C23C7DB5-9598-495C-A44A-175ED4927528} FTDI USB Serial Converter Drivers --> C:\WINDOWS\system32\ftdiunin.exe C:\WINDOWS\system32\ftdiun2k.ini Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29} Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll" HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe" Java DB 10.2.2.0 --> MsiExec.exe /X{0ECB59D5-A3FC-4D61-AD3B-6CE679B3F852} Java(TM) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030} Java(TM) SE Development Kit 6 Update 3 --> MsiExec.exe /I{32A3A4F4-B792-11D6-A78A-00B0D0160030} Kaspersky Online Scanner --> C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe Media Library Management Wizard --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\mplibwiz.inf,DefaultUninstall Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe" Microsoft Encarta Encyclopedia Standard 2004 --> MsiExec.exe /I{04410044-9149-45C6-A806-F2BF9CFCE762} Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 --> "C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe" Microsoft Office Access MUI (English) 2007 --> MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE} Microsoft Office Access Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE} Microsoft Office Enterprise 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL Microsoft Office Enterprise 2007 --> MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE} Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE} Microsoft Office Groove MUI (English) 2007 --> MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE} Microsoft Office Groove Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE} Microsoft Office InfoPath MUI (English) 2007 --> MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE} Microsoft Office OneNote MUI (English) 2007 --> MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE} Microsoft Office Outlook MUI (English) 2007 --> MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE} Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE} Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE} Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE} Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE} Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE} Microsoft Office Publisher MUI (English) 2007 --> MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE} Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE} Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE} Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE} Microsoft Silverlight --> MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} Microsoft SQL Server 2005 Compact Edition [ENU] --> MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8} Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe" Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Movie Maker Background Music Files --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\mmmusic.inf,DefaultUninstall Movie Maker Sound Effects --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\mmsounds.inf,DefaultUninstall Movie Maker Title Images --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\mmtitle.inf,DefaultUninstall Mozilla Firefox (2.0.0.7) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe Nero Suite --> C:\Program Files\Common Files\Nero\Uninstall\setupx.exe /uninstall ExtraUninstallID="" neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B} Norton AntiVirus Corporate Edition --> MsiExec.exe /I{BD12EB47-DBDF-11D3-BEEA-00A0CC272509} OneStep Search 1.0 build 120 --> C:\Program Files\OneStepSearch\uninstall.exe Pack Vista Inspirat 2 1.0 --> C:\WINDOWS\BricoPacks\Vista Inspirat 2\Remove.exe Panda ActiveScan --> C:\WINDOWS\system32\ASUninst.exe Panda ActiveScan Plus! MP3 Audio Converter LE --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\audcle.inf,DefaultUninstall PowerISO --> "C:\Program Files\PowerISO\uninstall.exe" QuickTime --> MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC} Rainy Screensaver 2.2.15 --> C:\Program Files\Rainy Screensaver\Uninstall.exe C:\WINDOWS\system32\RainySs.scr /uninstall Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" -l0x9 -removeonly Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Security Update for Excel 2007 (KB936509) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {A00724F5-82C4-4924-B707-0E5A84B52471} Security Update for Office 2007 (KB934062) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {305D509B-F194-4638-9F0F-D9E4C05F9D33} Security Update for Office 2007 (KB936514) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C7A78F7F-EF32-4477-BAD7-3439EA7571BF} Security Update for Publisher 2007 (KB936646) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {A32E4BAF-6477-45FA-B8AB-E743FA8D63FF} Security Update for the 2007 Microsoft Office System (KB936960) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5E5BD655-7AA9-47F9-BB6D-A1D8CE29AC86} Shockwave --> C:\WINDOWS\system32\Macromed\SHOCKW~2\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~2\Install.log Update for Office 2007 (KB932080) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {EDC9CA29-6BC1-471C-828C-7A36109005D7} Update for Office 2007 (KB934391) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {B3091818-7C56-4C45-BE7D-CA23027A5EA5} Update for Office 2007 (KB934393) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {92FBAD46-E7F6-49FA-89B5-C39FC5BFAD15} Update for Outlook 2007 (KB937608) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {CBB2454D-193F-4523-8A31-FEB343B7C30E} Update for Outlook 2007 Junk Email Filter (kb942575) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {0FC27B9D-5BCD-45C1-B9ED-9F0273F7A18D} Update for Word 2007 (KB934173) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C6A89125-5473-45E3-B413-ED8186437475} Update Manager --> MsiExec.exe /I{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA} VIA Platform Device Manager --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{20D4A895-748C-4D88-871C-FDB1695B0169} VIA Rhine-Family Fast Ethernet Adapter --> Rundll32.exe vuins32.dll,vuins32Ex $Rhine $VIA VIA/S3G Display Driver --> C:\PROGRA~1\S3\UChromeP\s3minset.exe /u UChromeP.uns VideoLAN VLC media player 0.8.6a --> C:\Program Files\VideoLAN\VLC\uninstall.exe Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe" Windows Live installer --> MsiExec.exe /I{621AF8B2-75D2-4074-BA44-79178A617255} Windows Live Messenger --> MsiExec.exe /X{33F8EAD4-B6EC-498B-B487-696B973D1C0C} Windows Live OneCare safety scanner --> RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT Windows Media Bonus Pack for Windows XP --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmbonus.inf,DefaultUninstall Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe" WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe Yahoo! Install Manager --> C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG Yahoo! Toolbar --> C:\PROGRA~1\Yahoo!\Common\unyt.exe -- Application Event Log ------------------------------------------------------- Event Record #/Type14607 / Success Event Submitted/Written: 10/16/2007 06:40:38 PM Event ID/Source: 88 / UmxAgent Event Description: explorer.exe started Event Record #/Type14606 / Success Event Submitted/Written: 10/16/2007 06:40:38 PM Event ID/Source: 88 / UmxAgent Event Description: explorer.exe started Event Record #/Type14603 / Success Event Submitted/Written: 10/16/2007 06:39:02 PM Event ID/Source: 88 / UmxAgent Event Description: explorer.exe started Event Record #/Type14602 / Success Event Submitted/Written: 10/16/2007 06:39:02 PM Event ID/Source: 88 / UmxAgent Event Description: explorer.exe started Event Record #/Type14601 / Success Event Submitted/Written: 10/16/2007 06:39:02 PM Event ID/Source: 88 / UmxAgent Event Description: Shell is started at session 0 -- Security Event Log ---------------------------------------------------------- No Errors/Warnings found. -- System Event Log ------------------------------------------------------------ Event Record #/Type30299 / Error Event Submitted/Written: 10/16/2007 06:26:46 PM Event ID/Source: 59 / SideBySide Event Description: Generate Activation Context failed for C:\Program Files\Mozilla Firefox\components\coFFPlgn.dll. Reference error message: The operation completed successfully. . Event Record #/Type30298 / Error Event Submitted/Written: 10/16/2007 06:26:46 PM Event ID/Source: 59 / SideBySide Event Description: Resolve Partial Assembly failed for Microsoft.VC80.CRT. Reference error message: The referenced assembly is not installed on your system. . Event Record #/Type30297 / Error Event Submitted/Written: 10/16/2007 06:26:46 PM Event ID/Source: 32 / SideBySide Event Description: Dependent Assembly Microsoft.VC80.CRT could not be found and Last Error was The referenced assembly is not installed on your system. Event Record #/Type30296 / Error Event Submitted/Written: 10/16/2007 06:21:32 PM Event ID/Source: 59 / SideBySide Event Description: Generate Activation Context failed for C:\Program Files\Mozilla Firefox\components\coFFPlgn.dll. Reference error message: The operation completed successfully. . Event Record #/Type30295 / Error Event Submitted/Written: 10/16/2007 06:21:32 PM Event ID/Source: 59 / SideBySide Event Description: Resolve Partial Assembly failed for Microsoft.VC80.CRT. Reference error message: The referenced assembly is not installed on your system. . -- End of Deckard's System Scanner: finished at 2007-10-16 18:48:42 ------------ |
|
|
|
|
10-16-2007, 06:00 PM
|
#51 (permalink) |
|
Registered User
Join Date: Oct 2007
Posts: 53
OS: xp
|
Re: slimsay's thread
the ca security i downloaded , i was try to uninstall it too but windows told mi fatal error , so i downloaded a uninstall software to force the software to be remove but only certain parts of the software is still on it
ok with the Norton anti virus , everytime i try to uninstall it , it stalls and freezes the computer, |
|
|
|
|
10-16-2007, 11:13 PM
|
#52 (permalink) |
|
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
Join Date: Jan 2005
Location: Ohio
Posts: 26,804
OS: WinXP and Vista
|
Re: slimsay's thread
Hello slimsay,
For the Anti-Virus programs that have not uninstalled completely, let's try the following: Download the Windows Installer CleanUp Utility
1. Please let me know which you found, if any. 2. Besides your usb flash drive, do you have any other usb devices you plug into your computer such as an iPod or Mp3 player? |
|
|
|
|
10-17-2007, 07:31 AM
|
#54 (permalink) | |
|
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
Join Date: Jan 2005
Location: Ohio
Posts: 26,804
OS: WinXP and Vista
|
Re: slimsay's thread
Quote:
|
|
|
|
|
|
10-17-2007, 05:43 PM
|
#58 (permalink) |
|
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
Join Date: Jan 2005
Location: Ohio
Posts: 26,804
OS: WinXP and Vista
|
Re: slimsay's thread
Please run a new scan with dss.exe and post the main.txt
Also, how many flash drives (thumb drives) do you use? |
|
|
|
|
10-17-2007, 07:40 PM
|
#60 (permalink) |
|
Registered User
Join Date: Oct 2007
Posts: 53
OS: xp
|
Re: slimsay's thread
Deckard's System Scanner v20070905.67
Run by randy on 2007-10-17 20:34:55 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- Successfully created a Deckard's System Scanner Restore Point. -- Last 5 Restore Point(s) -- 38: 2007-10-18 04:35:05 UTC - RP38 - Deckard's System Scanner Restore Point 37: 2007-10-17 09:05:01 UTC - RP37 - Installed Windows Installer Clean Up 36: 2007-10-17 02:45:56 UTC - RP36 - Deckard's System Scanner Restore Point 35: 2007-10-17 02:35:53 UTC - RP35 - ComboFix created restore point 34: 2007-10-17 00:57:22 UTC - RP34 - System Checkpoint -- First Restore Point -- 1: 2007-10-09 06:35:55 UTC - RP1 - System Checkpoint Performed disk cleanup. Percentage of Memory in Use: 80% (more than 75%). Total Physical Memory: 447 MiB (512 MiB recommended). -- HijackThis (run as randy.exe) ----------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 8:35:18 PM, on 10/17/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Eset\Eset Smart Security\ekrn.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\Protexis\License Service\PSIService.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\VTTimer.exe C:\WINDOWS\system32\VTtrayp.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\Eset\Eset Smart Security\egui.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\randy\desktop\dss.exe C:\PROGRA~1\TRENDM~1\HIJACK~1\randy.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.windowsxlive.net R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [egui] "C:\Program Files\Eset\Eset Smart Security\egui.exe" /hide /waitservice O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [ViStart] C:\Program Files\ViStart\ViStart.exe O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe O23 - Service: DefWatch - Unknown owner - C:\Program Files\NavNT\defwatch.exe (file missing) O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\Eset\Eset Smart Security\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - Eset - C:\Program Files\Eset\Eset Smart Security\ekrn.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing) O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Unknown owner - C:\Program Files\NavNT\rtvscan.exe (file missing) O23 - Service: ProtexisLicensing - Unknown owner - C:\Program Files\Common Files\Protexis\License Service\PSIService.exe O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe O23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- End of file - 8857 bytes -- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) ----------- backup-20071014-020020-169 O3 - Toolbar: (no name) - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - (no file) backup-20071014-020020-272 O3 - Toolbar: (no name) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - (no file) backup-20071014-020020-538 O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - (no file) backup-20071014-020020-758 O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) backup-20071014-020020-806 O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file) backup-20071014-020020-841 R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - (no file) backup-20071014-020020-984 O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file) backup-20071016-183405-262 O4 - HKLM\..\Run: [cafwc] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe -cl backup-20071016-183405-409 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe backup-20071016-183405-440 O4 - HKLM\..\Run: [capfasem] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe backup-20071016-183405-529 O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe" backup-20071016-183405-625 O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe" backup-20071016-183405-728 O4 - HKCU\..\RunOnce: [] C:\PROGRA~1\MOZILL~1\FIREFOX.EXE http://www.symantec.com/techsupp/ser...00096.000001da backup-20071016-183405-761 O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - (no file) backup-20071016-183405-982 O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file) -- File Associations ----------------------------------------------------------- All associations okay. -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R0 sr (System Restore Filter Driver) - c:\windows\\systemroot\system32\drivers\sr.sys (file missing) R1 BIOS - c:\windows\system32\drivers\bios.sys <Not Verified; BIOSTAR Group; BIOSTAR I/O driver fle> R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu> S3 BDSelfPr - c:\program files\bitdefender\bitdefender 2008\bdselfpr.sys (file missing) S3 catchme - c:\docume~1\randy\locals~1\temp\catchme.sys (file missing) S3 SABProcEnum - c:\progra~1\mozill~1\sabprocenum.sys (file missing) S4 NAVAPEL - c:\program files\norton antivirus\navapel.sys (file missing) -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service> R2 ProtexisLicensing - "c:\program files\common files\protexis\license service\psiservice.exe" <Not Verified; ; PSIService> S2 DefWatch - "c:\program files\navnt\defwatch.exe" (file missing) S2 Norton AntiVirus Server (Norton AntiVirus Client) - "c:\program files\navnt\rtvscan.exe" (file missing) S3 NMIndexingService - "c:\program files\common files\ahead\lib\nmindexingservice.exe" (file missing) -- Device Manager: Disabled ---------------------------------------------------- Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318} Description: BitDefender Firewall NDIS Filter Miniport Device ID: ROOT\SW_BDFNDISFMP\0000 Manufacturer: Softwin Name: BitDefender Firewall NDIS Filter Miniport PNP Device ID: ROOT\SW_BDFNDISFMP\0000 Service: Bdfndisf -- Process Modules ------------------------------------------------------------- C:\WINDOWS\system32\winlogon.exe (pid 916) 2004-08-03 23:56:44 1101824 --a------ C:\WINDOWS\system32\msgina.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2006-12-19 13:52:18 12866048 --a------ C:\WINDOWS\system32\shell32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2006-09-23 11:12:50 498688 --a------ C:\WINDOWS\system32\shlwapi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2006-08-09 19:58:54 218624 --a------ C:\WINDOWS\system32\uxtheme.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2004-08-03 23:56:38 3288064 --a------ C:\WINDOWS\system32\xpsp2res.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2001-09-24 07:59:00 45056 --a------ C:\WINDOWS\system32\NavLogon.dll C:\WINDOWS\system32\svchost.exe (pid 1172) 2006-12-19 13:52:18 12866048 --a------ C:\WINDOWS\system32\shell32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2006-09-23 11:12:50 498688 --a------ C:\WINDOWS\system32\shlwapi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2006-08-09 19:58:54 218624 --a------ C:\WINDOWS\system32\uxtheme.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2004-08-03 23:56:38 3288064 --a------ C:\WINDOWS\system32\xpsp2res.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> C:\WINDOWS\system32\svchost.exe (pid 1404) 2006-12-19 13:52:18 12866048 --a------ C:\WINDOWS\system32\shell32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2006-09-23 11:12:50 498688 --a------ C:\WINDOWS\system32\shlwapi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2006-08-09 19:58:54 218624 --a------ C:\WINDOWS\system32\uxtheme.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2004-08-03 23:56:38 3288064 --a------ C:\WINDOWS\system32\xpsp2res.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2004-08-03 23:56:46 2122752 --a------ C:\WINDOWS\system32\netshell.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2004-08-03 23:56:42 188928 --a------ C:\WINDOWS\system32\credui.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2004-08-03 23:56:46 1229824 --a------ C:\WINDOWS\system32\rasdlg.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> C:\WINDOWS\system32\svchost.exe (pid 1444) 2006-12-19 13:52:18 12866048 --a------ C:\WINDOWS\system32\shell32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2006-09-23 11:12:50 498688 --a------ C:\WINDOWS\system32\shlwapi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2006-08-09 19:58:54 218624 --a------ C:\WINDOWS\system32\uxtheme.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> C:\WINDOWS\explorer.exe (pid 824) 2006-09-23 11:12:50 1020928 --a------ C:\WINDOWS\system32\browseui.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2006-09-23 11:12:50 498688 --a------ C:\WINDOWS\system32\shlwapi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2006-09-23 11:12:50 1776640 --a------ C:\WINDOWS\system32\shdocvw.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2006-12-19 13:52:18 12866048 --a------ C:\WINDOWS\system32\shell32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2006-08-09 19:58:54 218624 --a------ C:\WINDOWS\system32\uxtheme.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2004-08-03 23:56:48 388096 --a------ C:\WINDOWS\system32\themeui.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2004-08-03 23:56:38 3288064 --a------ C:\WINDOWS\system32\xpsp2res.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2004-08-03 23:56:46 231936 --a------ C:\WINDOWS\system32\ntshrui.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2004-08-03 23:56:46 2122752 --a------ C:\WINDOWS\system32\netshell.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2004-08-03 23:56:42 188928 --a------ C:\WINDOWS\system32\credui.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2004-08-03 23:56:46 147456 --a------ C:\WINDOWS\system32\stobject.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2004-08-03 23:56:42 28672 --a------ C:\WINDOWS\system32\batmeter.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2004-08-03 23:56:46 86016 --a------ C:\WINDOWS\system32\mydocs.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> C:\WINDOWS\system32\svchost.exe (pid 1480) 2006-12-19 13:52:18 12866048 --a------ C:\WINDOWS\system32\shell32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2006-09-23 11:12:50 498688 --a------ C:\WINDOWS\system32\shlwapi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2006-08-09 19:58:54 218624 --a------ C:\WINDOWS\system32\uxtheme.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2004-08-03 23:56:38 3288064 --a------ C:\WINDOWS\system32\xpsp2res.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> -- Scheduled Tasks ------------------------------------------------------------- 2007-10-12 20:00:56 564 --a------ C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - randy.job 2007-09-14 13:08:39 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job 2007-08-27 23:37:11 386 --a------ C:\WINDOWS\Tasks\rpc.job -- Files created between 2007-09-17 and 2007-10-17 ----------------------------- 2007-10-17 01:05:03 0 d-------- C:\Program Files\Windows Installer Clean Up 2007-10-17 01:04:40 0 d-------- C:\Program Files\MSECACHE 2007-10-16 19:00:22 0 d-------- C:\WINDOWS\Sun 2007-10-14 02:26:22 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab 2007-10-14 02:26:20 0 d-------- C:\WINDOWS\system32\Kaspersky Lab 2007-10-14 00:42:10 131072 --a------ C:\WINDOWS\system32\dzip32.dll <Not Verified; Inner Media, Inc.; DynaZIP-32 Multi-Threading ZIP DLL> 2007-10-14 00:42:10 110592 --a------ C:\WINDOWS\system32\dunzip32.dll <Not Verified; Inner Media, Inc.; DynaZIP-32 Multi-Threading UnZIP DLL> 2007-10-14 00:41:48 0 d-------- C:\Program Files\Windows Media Bonus Pack for Windows XP 2007-10-13 23:56:36 1175700 --a------ C:\WINDOWS\system32\RainySs.scr 2007-10-13 23:56:36 0 d-------- C:\Program Files\Rainy Screensaver 2007-10-13 18:22:50 0 d-------- C:\Documents and Settings\randy\Application Data\Eset 2007-10-13 17:38:36 0 d-------- C:\WINDOWS\system32\eScan 2007-10-13 17:34:01 0 d-------- C:\Documents and Settings\All Users\Application Data\Eset 2007-10-13 11:08:13 0 d-------- C:\Documents and Settings\All Users\Application Data\Trend Micro 2007-10-13 11:03:09 0 d-------- C:\WINDOWS\SxsCaPendDel 2007-10-13 09:54:36 0 drahs---- C:\autorun.inf 2007-10-12 23:47:30 0 d-------- C:\Documents and Settings\randy\Application Data\Help 2007-10-12 22:10:44 0 d-------- C:\Documents and Settings\All Users\Application Data\Symantec 2007-10-12 21:01:48 0 d-------- C:\WINDOWS\system32\CBA 2007-10-12 20:28:25 1079 --a------ C:\smbios.bin 2007-10-10 10:02:18 0 d--hs---- C:\Documents and Settings\randy\Recent 2007-10-10 09:47:56 0 d-------- C:\Documents and Settings\randy\Application Data\BitDefender 2007-10-10 07:38:02 0 d-------- C:\Documents and Settings\randy\Downloads 2007-10-10 01:18:19 0 d-------- C:\Documents and Settings\randy\Application Data\CheckPoint 2007-10-10 01:17:03 0 d-------- C:\Program Files\CheckPoint 2007-10-09 13:16:03 0 d-------- C:\Program Files\Sun 2007-10-09 13:08:14 0 d-------- C:\Program Files\Java 2007-10-09 13:07:52 0 d-------- C:\Program Files\Common Files\Java 2007-10-09 13:05:45 0 d-------- C:\Documents and Settings\randy\Application Data\Sun 2007-10-09 01:21:01 0 d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier 2007-10-09 01:20:45 11264 --a------ C:\WINDOWS\system32\SpOrder.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows NT(TM) Operating System> 2007-10-08 23:43:25 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat 2007-10-08 23:42:10 0 d-------- C:\WINDOWS\system32\ZoneLabs 2007-10-08 23:41:02 0 d-------- C:\WINDOWS\Internet Logs 2007-10-08 23:24:02 0 d-------- C:\Program Files\SpywareBlaster 2007-10-08 22:39:22 0 d-------- C:\Program Files\CCleaner 2007-10-08 18:32:37 0 d-------- C:\WINDOWS\system32\ActiveScan 2007-10-08 12:32:11 0 d-------- C:\VundoFix Backups 2007-10-07 15:47:03 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files 2007-10-07 14:11:14 0 d-------- C:\Documents and Settings\All Users\Application Data\SiteAdvisor 2007-10-07 13:47:22 0 d-------- C:\Documents and Settings\randy\Application Data\SiteAdvisor 2007-10-07 13:17:27 2977792 -----n--- C:\WINDOWS\UNNMP.exe <Not Verified; Nero AG; Nero Web Engine> 2007-10-07 13:13:44 155648 --a------ C:\WINDOWS\system32\NeroCheck.exe <Not Verified; Ahead Software Gmbh; Ahead Software Gmbh NeroCheck> 2007-10-07 13:10:59 2977792 -----n--- C:\WINDOWS\UNNeroVision.exe <Not Verified; Nero AG; Nero Web Engine> 2007-10-07 13:10:04 364544 -----n--- C:\WINDOWS\system32\TwnLib4.dll <Not Verified; Pegasus Imaging Corp.; TwnLib4> 2007-10-07 13:10:04 471040 -----n--- C:\WINDOWS\system32\ImagXRA7.dll <Not Verified; Pegasus Imaging Corp.; ImagXpress7> 2007-10-07 13:10:04 262144 -----n--- C:\WINDOWS\system32\ImagXR7.dll <Not Verified; Pegasus Imaging Corp.; ImagXpress7> 2007-10-07 13:10:03 106496 --a------ C:\WINDOWS\system32\TwnLib20.dll <Not Verified; Pegasus Software; TWNLIB20> 2007-10-07 13:10:03 38912 -----n--- C:\WINDOWS\system32\picn20.dll <Not Verified; Pegasus Imaging Corp.; PEGASUS> 2007-10-07 13:10:03 1568768 -----n--- C:\WINDOWS\system32\ImagX7.dll <Not Verified; Pegasus Imaging Corp.; ImagXpress7> 2007-10-06 22:49:31 0 d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet 2007-10-04 23:16:48 0 d-------- C:\WINDOWS\config 2007-10-04 15:01:24 0 d-------- C:\Program Files\Real Desktop 2007-10-04 15:01:24 0 d-------- C:\Documents and Settings\randy\Application Data\FogelSoft 2007-10-04 15:00:47 0 d-------- C:\Documents and Settings\LocalService\Desktop 2007-10-04 15:00:29 0 d-------- C:\Documents and Settings\randy\Application Data\Opera 2007-10-03 23:36:43 0 d-------- C:\Program Files\SuperBladePro 2007-10-03 22:07:12 0 --a------ C:\WINDOWS\nsreg.dat 2007-10-01 14:23:21 4912 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd 2007-10-01 11:54:02 0 d-------- C:\Program Files\Windows Live 2007-09-30 14:35:21 0 d-------- C:\Program Files\ViStart 2007-09-29 18 03 0 d-------- C:\Program Files\XP Repair Pro 20072007-09-29 17:57:29 0 d-------- C:\Program Files\XPRepairPro2006 2007-09-28 14:01:29 0 d-------- C:\Documents and Settings\randy\Application Data\Leadertech 2007-09-28 01:35:25 81984 --a------ C:\WINDOWS\system32\bdod.bin 2007-09-27 00:50:06 0 d-------- C:\Documents and Settings\All Users\Application Data\McAfee 2007-09-26 18:54:50 0 d-------- C:\Documents and Settings\NetworkService\Application Data\Identities 2007-09-26 18:53:26 0 d-------- C:\Program Files\Windows Desktop Search 2007-09-26 18:49:06 0 d-------- C:\Program Files\Microsoft SQL Server Compact Edition 2007-09-26 18:46:44 0 d-------- C:\Program Files\Windows Live Toolbar 2007-09-26 10:49:17 0 d-------- C:\Documents and Settings\randy\Application Data\???????sAppData 2007-09-26 07:11:05 131072 --a------ C:\WINDOWS\SNVerifyDLL.dll 2007-09-26 07:11:05 1032192 --a------ C:\WINDOWS\AquaReal.scr 2007-09-26 07:11:03 0 d-------- C:\Program Files\Formosoft 2007-09-26 06:54:35 118784 --a------ C:\WINDOWS\dx7ogl32.dll 2007-09-26 06:54:34 4770816 --a------ C:\WINDOWS\3D Fish School 3.scr 2007-09-26 06:54:34 0 d-------- C:\Program Files\3D Fish School 3 2007-09-24 21:15:11 73216 --a------ C:\WINDOWS\ST6UNST.EXE <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows> 2007-09-24 14:46:48 0 d-------- C:\Program Files\AIMP2 2007-09-19 19:21:27 0 d-------- C:\Program Files\Microsoft Encarta 2007-09-18 19:52:56 0 d-------- C:\Documents and Settings\randy\Application Data\Symantec -- Find3M Report --------------------------------------------------------------- 2007-10-16 21:55:19 0 d-------- C:\Documents and Settings\randy\Application Data\Adobe 2007-10-16 06:35:09 0 d-------- C:\Documents and Settings\randy\Application Data\uTorrent 2007-10-13 11:10:22 0 d-------- C:\Program Files\Trend Micro 2007-10-13 09:35:46 0 d-------- C:\Program Files\Common Files\Symantec Shared 2007-10-13 00:26:12 0 d-------- C:\Program Files\Common Files 2007-10-12 23:52:33 0 d-------- C:\Program Files\Xilisoft 2007-10-10 16:31:18 0 d--h----- C:\Program Files\InstallShield Installation Information 2007-10-08 21:11:35 0 d-------- C:\Program Files\Common Files\Adobe 2007-10-07 22:53:54 1771318 --a------ C:\Documents and Settings\randy\Application Data\NAB_Install.log 2007-10-07 13:17:10 0 d-------- C:\Program Files\Ahead 2007-10-07 13:09:47 0 d-------- C:\Program Files\Common Files\Ahead 2007-10-04 15:03:25 0 d-------- C:\Program Files\Movie Maker 2007-10-04 15:01:24 0 d-------- C:\Program Files\Windows Live Safety Center 2007-10-04 15:01:12 0 d-------- C:\Program Files\OneStepSearch 2007-10-04 15:01:12 0 d-------- C:\Documents and Settings\randy\Application Data\dvdcss 2007-10-01 14:40:30 72074 --a------ C:\WINDOWS\BricoPackUninst.cmd 2007-09-28 19:18:41 1791 --a------ C:\WINDOWS\mozver.dat 2007-09-28 12:24:59 0 d-------- C:\Program Files\Windows Media Connect 2 2007-09-26 10:49:32 0 d-------- C:\Documents and Settings\randy\Application Data\???????sAppData 2007-09-26 07:08:13 0 d-------- C:\Program Files\Common Files\InstallShield 2007-09-19 20:12:43 0 d-------- C:\Program Files\Yahoo! 2007-09-19 20:12:38 0 d-------- C:\Program Files\Common Files\Scanner 2007-09-18 23:37:15 0 d-------- C:\Documents and Settings\randy\Application Data\SUPERAntiSpyware.com 2007-09-18 23:37:08 0 d-------- C:\Program Files\SUPERAntiSpyware 2007-09-17 17:05:52 0 d-------- C:\Documents and Settings\randy\Application Data\Apple Computer 2007-09-14 22:59:59 0 d-------- C:\Program Files\Microsoft Works 2007-09-14 22:59:25 0 d-------- C:\Program Files\MSBuild 2007-09-14 22:56:29 0 d-------- C:\Program Files\Microsoft.NET 2007-09-14 22:43:32 0 d-------- C:\Program Files\Microsoft Visual Studio 8 2007-09-14 22:27:20 0 d-------- C:\Program Files\PowerISO 2007-09-14 13:08:16 0 d-------- C:\Program Files\Apple Software Update 2007-09-14 09:51:12 0 d-------- C:\Program Files\Microsoft Silverlight 2007-09-07 20:16:33 0 d-------- C:\Documents and Settings\randy\Application Data\MSN6 2007-09-03 09:18:34 0 d-------- C:\Program Files\uTorrent 2007-08-29 13:42:37 0 d-------- C:\Program Files\DivX 2007-08-29 13:02:06 0 d-------- C:\Documents and Settings\randy\Application Data\Yahoo! 2007-08-27 23:16:09 0 d-------- C:\Program Files\Common Files\Download Manager 2007-08-26 22:48:20 0 d-------- C:\Program Files\Flash N Burn 2007-08-25 21:26:47 0 d-------- C:\Documents and Settings\randy\Application Data\AIMP 2007-08-04 20:39:47 2560 --a------ C:\WINDOWS\_MSRSTRT.EXE 2007-07-30 18:19:16 68440 --a------ C:\WINDOWS\system32\wuauclt.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2007-07-21 22:47:51 2516 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "VTTimer"="VTTimer.exe" [03/08/2005 02:33 AM C:\WINDOWS\system32\VTTimer.exe] "VTTrayp"="VTtrayp.exe" [03/11/2005 04:33 PM C:\WINDOWS\system32\VTTrayp.exe] "SoundMan"="SOUNDMAN.EXE" [03/01/2006 03:22 PM C:\WINDOWS\soundman.exe] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [05/11/2007 02:06 AM] "ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [02/16/2005 03:15 PM] "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [02/16/2005 03:15 PM] "SMSERIAL"="sm56hlpr.exe" [] "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [10/26/2006 11:47 PM] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [07/09/2001 11:50 AM] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 01:11 AM] "egui"="C:\Program Files\Eset\Eset Smart Security\egui.exe" [09/21/2007 09:16 AM] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/03/2004 11:56 PM] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [07/29/2007 12:22 PM] "ViStart"="C:\Program Files\ViStart\ViStart.exe" [] [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t C:\Documents and Settings\randy\Start Menu\Programs\Startup\ Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [6/27/2007 6:56:26 PM] OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [10/26/2006 7:24:54 PM] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [6/27/2007 6:56:26 PM] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "NoDispBackgroundPage"=0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoResolveTrack"=0 (0x0) "NoPropertiesMyComputer"=0 (0x0) "NoFileAssociate"=0 (0x0) "NoSMHelp"=0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoRecentDocsHistory"=0 (0x0) "ClearRecentDocsOnExit"=0 (0x0) "NoTrayItemsDisplay"=0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PFW] UmxWnp.Dll 01/31/2007 01:00 PM 79368 C:\WINDOWS\system32\UmxWNP.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] @="Volume shadow copy" [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bdx scan [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F] AutoRun\command- F:\CDStart.Exe Install\Command- F:\Stub.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{76ee0c80-657a-11dc-be68-00192167bb26}] Auto\command- sxs.exe AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sxs.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8cc795e4-357f-11dc-bdbb-00192167bb26}] AutoRun\command- F:\LaunchU3.exe -a -- End of Deckard's System Scanner: finished at 2007-10-17 20:37:33 ------------ Deckard's System Scanner v20070905.67 Extra logfile - please post this as an attachment with your post. -------------------------------------------------------------------------------- -- System Information ---------------------------------------------------------- Microsoft Windows XP Home Edition (build 2600) SP 2.0 Architecture: X86; Language: English CPU 0: Intel(R) Celeron(R) D CPU 3.06GHz Percentage of Memory in Use: 77% Physical Memory (total/avail): 446.42 MiB / 101.61 MiB Pagefile Memory (total/avail): 1050.39 MiB / 750.64 MiB Virtual Memory (total/avail): 2047.88 MiB / 1938.03 MiB C: is Fixed (NTFS) - 56.64 GiB total, 32 GiB free. D: is Fixed (NTFS) - 55.14 GiB total, 32.8 GiB free. E: is CDROM (No Media) \\.\PHYSICALDRIVE0 - ST3120022A - 111.79 GiB - 2 partitions \PARTITION0 (bootable) - Installable File System - 56.64 GiB - C: \PARTITION1 - Extended w/Extended Int 13 - 55.14 GiB - D: -- Security Center ------------------------------------------------------------- AUOptions is scheduled to auto-install. Windows Internal Firewall is disabled. FirewallOverride is set. FW: Bitdefender Firewall v8.0 (BitDefender) Disabled FW: Eset personal firewall v3.0.414.0 (Eset, spol. s r. o.) AV: Bitdefender Antivirus v8.0 (BitDefender) AV: Eset Smart Security 3.0 v3.0 (Eset, spol. s r. o.) [HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] -- Environment Variables ------------------------------------------------------- ALLUSERSPROFILE=C:\Documents and Settings\All Users APPDATA=C:\Documents and Settings\randy\Application Data CLASSPATH=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip CLIENTNAME=Console CommonProgramFiles=C:\Program Files\Common Files COMPUTERNAME=MR-3PN7GIISE2K2 ComSpec=C:\WINDOWS\system32\cmd.exe FP_NO_HOST_CHECK=NO HOMEDRIVE=C: HOMEPATH=\Documents and Settings\randy LOGONSERVER=\\MR-3PN7GIISE2K2 NUMBER_OF_PROCESSORS=1 OS=Windows_NT Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\QuickTime\QTSystem PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH PROCESSOR_ARCHITECTURE=x86 PROCESSOR_IDENTIFIER=x86 Family 15 Model 6 Stepping 5, GenuineIntel PROCESSOR_LEVEL=15 PROCESSOR_REVISION=0605 ProgramFiles=C:\Program Files PROMPT=$P$G QTJAVA=C:\Program Files\QuickTime\QTSystem\QTJava.zip SESSIONNAME=Console SystemDrive=C: SystemRoot=C:\WINDOWS TEMP=C:\DOCUME~1\randy\LOCALS~1\Temp TMP=C:\DOCUME~1\randy\LOCALS~1\Temp USERDOMAIN=MR-3PN7GIISE2K2 USERNAME=randy USERPROFILE=C:\Documents and Settings\randy windir=C:\WINDOWS __COMPAT_LAYER=EnableNXShowUI -- User Profiles --------------------------------------------------------------- randy (admin) Administrator (admin) -- Add/Remove Programs --------------------------------------------------------- --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL --> C:\WINDOWS\UNNeroVision.exe /UNINSTALL --> C:\WINDOWS\UNNMP.exe /UNINSTALL --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL 3D Fish School Screen Saver 3.94 --> "C:\Program Files\3D Fish School 3\unins000.exe" Adobe Bridge 1.0 --> MsiExec.exe /I{B74D4E10-6884-0000-0000-000000000103} Adobe Common File Installer --> MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39} Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe Adobe Help Center 1.0 --> MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001} Adobe Illustrator CS --> RunDll32 "C:\Program Files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll",LaunchSetup "C:\Program Files\InstallShield Installation Information\{91A4AD99-69CE-4745-97B7-0E0DFBECFDE5}\setup.exe" Adobe Illustrator CS2 --> msiexec /I {B2F5D08C-7E79-4FCD-AAF4-57AD35FF0601} Adobe Photoshop 7.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop 7.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 7.0\Uninst.dll" Adobe Photoshop CS2 --> msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D} Adobe Reader 8.1.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003} Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log Adobe Stock Photos 1.0 --> MsiExec.exe /I{EE0D5DCD-2B97-4473-98DF-E93C0BD92F7A} Adobe SVG Viewer 3.0 --> C:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Install.log Adobe® Photoshop® Album Starter Edition 3.2 --> MsiExec.exe /I{A654A805-41D9-40C7-AA46-4AF04F044D61} AIMP2 --> C:\Program Files\AIMP2\UnInstall.exe Apple Mobile Device Support --> MsiExec.exe /I{A43B2A2F-1DB5-47F9-A608-F11A4835D7CB} Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4} Aqua Real --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{08830FBE-81C6-4286-8A62-27D0018B1F7D}\Setup.exe" -l0x9 Ashampoo WinOptimizer 4.35 --> "C:\Program Files\Ashampoo\Ashampoo WinOptimizer 4\unins000.exe" CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe" DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN DVD Creator3 --> C:\Program Files\Xilisoft\DVD Creator3\Uninstall.exe Eset Smart Security --> MsiExec.exe /I{C23C7DB5-9598-495C-A44A-175ED4927528} FTDI USB Serial Converter Drivers --> C:\WINDOWS\system32\ftdiunin.exe C:\WINDOWS\system32\ftdiun2k.ini Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29} Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll" HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe" Java DB 10.2.2.0 --> MsiExec.exe /X{0ECB59D5-A3FC-4D61-AD3B-6CE679B3F852} Java(TM) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030} Java(TM) SE Development Kit 6 Update 3 --> MsiExec.exe /I{32A3A4F4-B792-11D6-A78A-00B0D0160030} Kaspersky Online Scanner --> C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe Media Library Management Wizard --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\mplibwiz.inf,DefaultUninstall Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe" Microsoft Encarta Encyclopedia Standard 2004 --> MsiExec.exe /I{04410044-9149-45C6-A806-F2BF9CFCE762} Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 --> "C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe" Microsoft Office Access MUI (English) 2007 --> MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE} Microsoft Office Access Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE} Microsoft Office Enterprise 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL Microsoft Office Enterprise 2007 --> MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE} Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE} Microsoft Office Groove MUI (English) 2007 --> MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE} Microsoft Office Groove Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE} Microsoft Office InfoPath MUI (English) 2007 --> MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE} Microsoft Office OneNote MUI (English) 2007 --> MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE} Microsoft Office Outlook MUI (English) 2007 --> MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE} Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE} Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE} Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE} Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE} Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE} Microsoft Office Publisher MUI (English) 2007 --> MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE} Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE} Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE} Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE} Microsoft Silverlight --> MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} Microsoft SQL Server 2005 Compact Edition [ENU] --> MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8} Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe" Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Movie Maker Background Music Files --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\mmmusic.inf,DefaultUninstall Movie Maker Sound Effects --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\mmsounds.inf,DefaultUninstall Movie Maker Title Images --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\mmtitle.inf,DefaultUninstall Mozilla Firefox (2.0.0.7) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe Nero Suite --> C:\Program Files\Common Files\Nero\Uninstall\setupx.exe /uninstall ExtraUninstallID="" neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B} OneStep Search 1.0 build 120 --> C:\Program Files\OneStepSearch\uninstall.exe Pack Vista Inspirat 2 1.0 --> C:\WINDOWS\BricoPacks\Vista Inspirat 2\Remove.exe Panda ActiveScan --> C:\WINDOWS\system32\ASUninst.exe Panda ActiveScan Plus! MP3 Audio Converter LE --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\audcle.inf,DefaultUninstall PowerISO --> "C:\Program Files\PowerISO\uninstall.exe" QuickTime --> MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC} Rainy Screensaver 2.2.15 --> C:\Program Files\Rainy Screensaver\Uninstall.exe C:\WINDOWS\system32\RainySs.scr /uninstall Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" -l0x9 -removeonly Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Security Update for Excel 2007 (KB936509) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {A00724F5-82C4-4924-B707-0E5A84B52471} Security Update for Office 2007 (KB934062) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {305D509B-F194-4638-9F0F-D9E4C05F9D33} Security Update for Office 2007 (KB936514) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C7A78F7F-EF32-4477-BAD7-3439EA7571BF} Security Update for Publisher 2007 (KB936646) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {A32E4BAF-6477-45FA-B8AB-E743FA8D63FF} Security Update for the 2007 Microsoft Office System (KB936960) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5E5BD655-7AA9-47F9-BB6D-A1D8CE29AC86} Shockwave --> C:\WINDOWS\system32\Macromed\SHOCKW~2\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~2\Install.log Update for Office 2007 (KB932080) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {EDC9CA29-6BC1-471C-828C-7A36109005D7} Update for Office 2007 (KB934391) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {B3091818-7C56-4C45-BE7D-CA23027A5EA5} Update for Office 2007 (KB934393) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {92FBAD46-E7F6-49FA-89B5-C39FC5BFAD15} Update for Outlook 2007 (KB937608) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {CBB2454D-193F-4523-8A31-FEB343B7C30E} Update for Outlook 2007 Junk Email Filter (kb942575) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {0FC27B9D-5BCD-45C1-B9ED-9F0273F7A18D} Update for Word 2007 (KB934173) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C6A89125-5473-45E3-B413-ED8186437475} Update Manager --> MsiExec.exe /I{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA} VIA Platform Device Manager --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{20D4A895-748C-4D88-871C-FDB1695B0169} VIA Rhine-Family Fast Ethernet Adapter --> Rundll32.exe vuins32.dll,vuins32Ex $Rhine $VIA VIA/S3G Display Driver --> C:\PROGRA~1\S3\UChromeP\s3minset.exe /u UChromeP.uns VideoLAN VLC media player 0.8.6a --> C:\Program Files\VideoLAN\VLC\uninstall.exe Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe" Windows Installer Clean Up --> MsiExec.exe /X{121634B0-2F4B-11D3-ADA3-00C04F52DD52} Windows Live installer --> MsiExec.exe /I{621AF8B2-75D2-4074-BA44-79178A617255} Windows Live Messenger --> MsiExec.exe /X{33F8EAD4-B6EC-498B-B487-696B973D1C0C} Windows Live OneCare safety scanner --> RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT Windows Media Bonus Pack for Windows XP --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmbonus.inf,DefaultUninstall Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe" WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe Yahoo! Install Manager --> C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG Yahoo! Toolbar --> C:\PROGRA~1\Yahoo!\Common\unyt.exe -- Application Event Log ------------------------------------------------------- Event Record #/Type14823 / Success Event Submitted/Written: 10/17/2007 08:23:53 PM Event ID/Source: 88 / UmxAgent Event Description: explorer.exe started Event Record #/Type14821 / Success Event Submitted/Written: 10/17/2007 08:23:48 PM Event ID/Source: 88 / UmxAgent Event Description: Shell is started at session 0 Event Record #/Type14820 / Success Event Submitted/Written: 10/17/2007 08:23:48 PM Event ID/Source: 88 / UmxAgent Event Description: explorer.exe started Event Record #/Type14819 / Success Event Submitted/Written: 10/17/2007 08:23:45 PM Event ID/Source: 88 / UmxAgent Event Description: SyncEventThread: Processes read from KmxCfg (0) Event Record #/Type14818 / Error Event Submitted/Written: 10/17/2007 08:23:45 PM Event ID/Source: 89 / UmxAgent Event Description: DeviceIoControl KMXCFG_IOCTL_GetProcessProp status 3221225473 -- Security Event Log ---------------------------------------------------------- No Errors/Warnings found. -- System Event Log ------------------------------------------------------------ Event Record #/Type30420 / Error Event Submitted/Written: 10/17/2007 08:29:20 PM Event ID/Source: 59 / SideBySide Event Description: Generate Activation Context failed for C:\Program Files\Mozilla Firefox\components\coFFPlgn.dll. Reference error message: The operation completed successfully. . Event Record #/Type30419 / Error Event Submitted/Written: 10/17/2007 08:29:20 PM Event ID/Source: 59 / SideBySide Event Description: Resolve Partial Assembly failed for Microsoft.VC80.CRT. Reference error message: The referenced assembly is not installed on your system. . Event Record #/Type30418 / Error Event Submitted/Written: 10/17/2007 08:29:20 PM Event ID/Source: 32 / SideBySide Event Description: Dependent Assembly Microsoft.VC80.CRT could not be found and Last Error was The referenced assembly is not installed on your system. Event Record #/Type30417 / Error Event Submitted/Written: 10/17/2007 08:27:43 PM Event ID/Source: 59 / SideBySide Event Description: Generate Activation Context failed for C:\Program Files\Mozilla Firefox\components\coFFPlgn.dll. Reference error message: The operation completed successfully. . Event Record #/Type30416 / Error Event Submitted/Written: 10/17/2007 08:27:43 PM Event ID/Source: 59 / SideBySide Event Description: Resolve Partial Assembly failed for Microsoft.VC80.CRT. Reference error message: The referenced assembly is not installed on your system. . -- End of Deckard's System Scanner: finished at 2007-10-17 20:37:33 ------------ |
|
|
|
| Thread Tools | |
|
|
