here are the results of the dss scanner you requested...
Deckard's System Scanner v20071014.68
Run by wayne on 2008-02-03 19:35:22
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Failed to create restore point; System Restore is disabled (service is not running).
Backed up registry hives.
Performed disk cleanup.
-- HijackThis (run as wayne.exe) -----------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:38:30 PM, on 2/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\system32\msdtc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\AQS VPN Client\cvpnd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\PatchLink\Update Agent\GravitixService.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\PatchLink\Update Agent\pddm.exe
C:\Program Files\DellTPad\Apoint.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Symantec AntiVirus\DoScan.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\wayne\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\wayne.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://intranet.aqssys.comR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft....k/?LinkId=54896R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
http://go.microsoft....k/?LinkId=74005O2 - BHO: (no name) - {8F01E740-9113-4DB9-9D54-4FAE4B8AF49E} - C:\WINDOWS\system32\dfrgresa.dll
O2 - BHO: (no name) - {C006E3B7-D3BD-470B-A912-152705A9A4CD} - c:\windows\system32\corpolm.dll
O4 - HKLM\..\Run: [PDDM] C:\Program Files\PatchLink\Update Agent\pddm.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: AQS VPN Client.lnk = C:\Program Files\AQS VPN Client\vpngui.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.aqsntpl1 (HKLM)
O15 - ESC Trusted Zone: *.aqsntpl1 (HKLM)
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Basic) -
http://tenrox.aqssys...oad/ScriptX.cabO16 - DPF: {1C203F13-95AD-11D0-A84B-00A0247B735B} (Infragistics ActiveTreeView Control) -
http://mte.piph.aqss.../cab/sstree.cabO16 - DPF: {3E059DAB-6894-435C-B758-2977F014D734} (TClientProc.ClientSettings) -
http://tenrox.aqssys...TClientProc.CABO16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) -
http://www.symantec....abs/tgctlsr.cabO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://www.update.mi...b?1188401068544O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://www.update.mi...b?1188401052044O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) -
http://www.adobe.com...obat/nos/gp.cabO16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) -
https://aqssys.webex...ing/ieatgpc.cabO16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} (Dell PC Checkup Installer Control) -
http://pccheckup.del...ll/gtdownde.cabO17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = aqssys.com
O17 - HKLM\Software\..\Telephony: DomainName = aqssys.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = aqssys.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = aqssys.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = aqssys.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = aqssys.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = aqssys.com
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: mcggovvu - C:\WINDOWS\SYSTEM32\corpolm.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\AQS VPN Client\cvpnd.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PatchLink Update - PatchLink Corporation - C:\Program Files\PatchLink\Update Agent\GravitixService.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
--
End of file - 8880 bytes
-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------
backup-20080126-214546-194 O2 - BHO: (no name) - {C006E3B7-D3BD-470B-A912-152705A9A4CD} - c:\windows\system32\corpolm.dll
backup-20080126-214546-464 O2 - BHO: (no name) - {8F01E740-9113-4DB9-9D54-4FAE4B8AF49E} - C:\WINDOWS\system32\dfrgresa.dll
backup-20080126-214546-505 O20 - Winlogon Notify: mcggovvu - C:\WINDOWS\SYSTEM32\corpolm.dll
backup-20080126-215222-107 O20 - Winlogon Notify: mcggovvu - C:\WINDOWS\SYSTEM32\corpolm.dll
backup-20080126-215222-597 O2 - BHO: (no name) - {8F01E740-9113-4DB9-9D54-4FAE4B8AF49E} - C:\WINDOWS\system32\dfrgresa.dll
backup-20080126-215222-796 O2 - BHO: (no name) - {C006E3B7-D3BD-470B-A912-152705A9A4CD} - c:\windows\system32\corpolm.dll
backup-20080127-110947-103 O2 - BHO: (no name) - {8F01E740-9113-4DB9-9D54-4FAE4B8AF49E} - C:\WINDOWS\system32\dfrgresa.dll
backup-20080127-110947-132 O20 - Winlogon Notify: mcggovvu - C:\WINDOWS\SYSTEM32\corpolm.dll
backup-20080127-110947-800 O2 - BHO: (no name) - {C006E3B7-D3BD-470B-A912-152705A9A4CD} - c:\windows\system32\corpolm.dll
backup-20080127-122557-243 O2 - BHO: (no name) - {C006E3B7-D3BD-470B-A912-152705A9A4CD} - c:\windows\system32\corpolm.dll
backup-20080127-122557-418 O20 - Winlogon Notify: mcggovvu - C:\WINDOWS\SYSTEM32\corpolm.dll
backup-20080127-122557-451 O2 - BHO: (no name) - {8F01E740-9113-4DB9-9D54-4FAE4B8AF49E} - C:\WINDOWS\system32\dfrgresa.dll
backup-20080202-190312-339 O4 - HKCU\..\Run: [kcs] C:\WINDOWS\system32\kcs.exe
backup-20080202-190312-501 O2 - BHO: (no name) - {8F01E740-9113-4DB9-9D54-4FAE4B8AF49E} - C:\WINDOWS\system32\dfrgresa.dll
backup-20080202-190312-559 O2 - BHO: (no name) - {C006E3B7-D3BD-470B-A912-152705A9A4CD} - c:\windows\system32\corpolm.dll
backup-20080202-200622-628 O2 - BHO: (no name) - {8F01E740-9113-4DB9-9D54-4FAE4B8AF49E} - C:\WINDOWS\system32\dfrgresa.dll
backup-20080202-200622-952 O2 - BHO: (no name) - {C006E3B7-D3BD-470B-A912-152705A9A4CD} - c:\windows\system32\corpolm.dll
backup-20080203-163440-534 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft....k/?LinkId=69157backup-20080203-163440-554 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://intranet.aqssys.combackup-20080203-163622-249 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft....k/?LinkId=54896backup-20080203-163622-338 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft....k/?LinkId=54896backup-20080203-163622-434 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://intranet.aqssys.combackup-20080203-163830-598 O2 - BHO: (no name) - {8F01E740-9113-4DB9-9D54-4FAE4B8AF49E} - C:\WINDOWS\system32\dfrgresa.dll
backup-20080203-163830-749 O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
backup-20080203-163830-995 O2 - BHO: (no name) - {C006E3B7-D3BD-470B-A912-152705A9A4CD} - c:\windows\system32\corpolm.dll
backup-20080203-164138-230 O16 - DPF: {CC696B63-4159-11D0-BDCB-0020A90B183A} (Infragistics Date Edit Control) -
http://mte.piph.aqss...B/pvdatecal.cabbackup-20080203-164138-474 O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) -
https://ive.societyi...perSetupSP1.cabbackup-20080203-164138-622 O16 - DPF: {7823A620-9DD9-11CF-A662-00AA00C066D2} (PopupMenu Object) -
http://mte.piph.aqss.../CAB/iemenu.cabbackup-20080203-164139-390 O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) -
http://download.mcaf...196/mcfscan.cab-- File Associations -----------------------------------------------------------
All associations okay.
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R0 wjbwzbwp - c:\windows\system32\drivers\jcvbtqjh.dat
R1 OMCI - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Computer Corporation; OMCI Driver>
R1 SASDIFSV - c:\program files\superantispyware\sasdifsv.sys
R1 SASKUTIL - c:\program files\superantispyware\saskutil.sys
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.4.9.0) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.4.9.0>
R2 s24trans (WLAN Transport) - c:\windows\system32\drivers\s24trans.sys <Not Verified; Intel Corporation; Intel Wireless LAN Packet Driver>
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>
S0 cercsr6 - c:\windows\system32\drivers\cercsr6.sys <Not Verified; Adaptec, Inc.; Dell RAID Controller>
S0 osnvbqup - c:\windows\system32\drivers\lgwaugyo.sys (file missing)
S3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>
S3 UIUSys (Conexant Setup API) - c:\windows\system32\drivers\uiusys.sys (file missing)
S4 SAVRT - - (file missing)
S4 SYMTDI - - (file missing)
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 PatchLink Update - "c:\program files\patchlink\update agent\gravitixservice.exe" <Not Verified; PatchLink Corporation; Agent Service (NT and above)>
R2 RegSrvc (Intel® PROSet/Wireless Registry Service) - c:\program files\intel\wireless\bin\regsrvc.exe <Not Verified; Intel Corporation; Intel® PROSet/Wireless Registry Service>
R2 sprtsvc_dellsupportcenter (SupportSoft Sprocket Service (dellsupportcenter)) - c:\program files\dell support center\bin\sprtsvc.exe /service /p dellsupportcenter
R2 WLANKEEPER (Intel® PROSet/Wireless SSO Service) - c:\program files\intel\wireless\bin\wlkeeper.exe <Not Verified; Intel® Corporation; SSO Service>
S4 ccEvtMgr (Symantec Event Manager) - - (file missing)
S4 SNDSrvc (Symantec Network Drivers Service) - - (file missing)
-- Device Manager: Disabled ----------------------------------------------------
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Cisco Systems VPN Adapter
Device ID: ROOT\NET\0000
Manufacturer: Cisco Systems
Name: Cisco Systems VPN Adapter
PNP Device ID: ROOT\NET\0000
Service: CVirtA
-- Scheduled Tasks -------------------------------------------------------------
2008-02-03 16:47:00 434 --a------ C:\WINDOWS\Tasks\At1.job
2008-02-03 16:34:48 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job
2008-02-02 13:31:00 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
-- Files created between 2008-01-03 and 2008-02-03 -----------------------------
2008-02-02 18:48:33 0 d--h----- C:\WINDOWS\system32\GroupPolicy
2008-02-02 18:05:17 0 d-------- C:\Program Files\Windows Defender
2008-02-02 17:54:04 0 d-------- C:\Program Files\Lavasoft
2008-02-02 16:36:31 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-02-02 16:36:23 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-02-02 16:36:23 0 d-------- C:\Documents and Settings\Administrator.TRN624\Application Data\SUPERAntiSpyware.com
2008-02-02 16:26:05 0 d-------- C:\Documents and Settings\wayne\Application Data\Grisoft
2008-02-02 14:00:25 0 d-------- C:\Documents and Settings\Administrator.TRN624\Application Data\Grisoft
2008-02-02 14:00:15 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-02 13:47:43 0 d-------- C:\Documents and Settings\Administrator.TRN624\Application Data\Adobe
2008-01-30 15:31:57 0 d-------- C:\Documents and Settings\wayne\Application Data\AQS
2008-01-28 12:19:05 0 d-------- C:\Documents and Settings\wayne\Application Data\Borland
2008-01-27 12:18:51 0 d-------- C:\!KillBox
2008-01-25 15:58:51 0 d-------- C:\VundoFix Backups
2008-01-25 15:46:36 0 d-------- C:\Program Files\Trend Micro
2008-01-25 15:44:17 0 dr-h----- C:\Documents and Settings\NetworkService\Recent
2008-01-25 15:44:17 0 dr------- C:\Documents and Settings\NetworkService\My Documents
2008-01-25 15:44:12 0 d-------- C:\Documents and Settings\NetworkService\Application Data\Macromedia
2008-01-25 15:44:12 0 d-------- C:\Documents and Settings\NetworkService\Application Data\Adobe
2008-01-25 14:41:35 129741694 --a------ C:\SYM_REGISTRY_BACKUP.reg
2008-01-24 19:36:19 0 d-------- C:\Documents and Settings\wayne\Application Data\Adobe
2008-01-24 15:11:21 0 dr------- C:\Documents and Settings\NetworkService\Favorites
2008-01-24 15:04:02 0 d-------- C:\Documents and Settings\wayne\Application Data\Identities
2008-01-24 15:03:48 0 d--h----- C:\Documents and Settings\wayne\Templates
2008-01-24 15:03:48 0 dr------- C:\Documents and Settings\wayne\Start Menu
2008-01-24 15:03:48 0 dr-h----- C:\Documents and Settings\wayne\SendTo
2008-01-24 15:03:48 0 dr-h----- C:\Documents and Settings\wayne\Recent
2008-01-24 15:03:48 0 d--h----- C:\Documents and Settings\wayne\PrintHood
2008-01-24 15:03:48 2621440 --ah----- C:\Documents and Settings\wayne\NTUSER.DAT
2008-01-24 15:03:48 0 d--h----- C:\Documents and Settings\wayne\NetHood
2008-01-24 15:03:48 0 dr------- C:\Documents and Settings\wayne\My Documents
2008-01-24 15:03:48 0 d--h----- C:\Documents and Settings\wayne\Local Settings
2008-01-24 15:03:48 0 dr------- C:\Documents and Settings\wayne\Favorites
2008-01-24 15:03:48 0 d-------- C:\Documents and Settings\wayne\Desktop
2008-01-24 15:03:48 0 d--hs---- C:\Documents and Settings\wayne\Cookies
2008-01-24 15:03:48 0 dr-h----- C:\Documents and Settings\wayne\Application Data
2008-01-24 12:22:52 0 d-------- C:\Program Files\Symantec
2008-01-24 12:22:41 0 d-------- C:\Program Files\Symantec AntiVirus
2008-01-24 12:22:41 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-01-24 12:22:41 0 d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-01-24 11:54:12 0 d-------- C:\WINDOWS\system32\msmq
2008-01-24 08:47:51 0 dr-h----- C:\Documents and Settings\wayne.crap\Recent
2008-01-23 15:22:23 0 d-------- C:\Program Files\MSBuild
2008-01-23 15:14:47 0 d-------- C:\WINDOWS\Symbols
2008-01-23 15:14:47 0 d-------- C:\Program Files\HTML Help Workshop
2008-01-23 15:14:47 0 d-------- C:\Program Files\Common Files\Merge Modules
2008-01-23 15:14:47 0 d-------- C:\Program Files\Common Files\Business Objects
2008-01-23 15:14:47 0 d-------- C:\Program Files\CE Remote Tools
2008-01-23 15:14:47 0 d-------- C:\Documents and Settings\All Users\Application Data\PreEmptive Solutions
2008-01-22 23:13:54 0 d-------- C:\Documents and Settings\All Users\Application Data\SecTaskMan
2008-01-22 23:13:49 0 d-------- C:\Program Files\Security Task Manager
2008-01-21 10:14:11 0 d-------- C:\Documents and Settings\Administrator.TRN624\Application Data\Macromedia
2008-01-18 18:15:02 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-17 22:24:53 0 d-------- C:\WINDOWS\SxsCaPendDel
2008-01-17 20:38:39 0 d-------- C:\Program Files\STOPzilla!
2008-01-17 20:38:39 0 d-------- C:\Program Files\Common Files\iS3
2008-01-17 20:38:38 0 d-------- C:\Documents and Settings\All Users\Application Data\STOPzilla!
2008-01-13 00:30:15 42752 --a------ C:\WINDOWS\system32\wldmcrbu.dat
2008-01-13 00:30:15 36608 --a------ C:\WINDOWS\system32\mlzupuqv.dat
2008-01-13 00:30:15 246545 --a------ C:\WINDOWS\system32\libssl32.dll <Not Verified; OpenSSL <www.openssl.org>; OpenSSL>
2008-01-13 00:30:15 1188375 --a------ C:\WINDOWS\system32\libeay32.dll <Not Verified; OpenSSL <www.openssl.org>; OpenSSL>
2008-01-13 00:30:15 741632 --a------ C:\WINDOWS\system32\jqtcrhic.dat
2008-01-13 00:30:15 35072 --a------ C:\WINDOWS\system32\hrnexwdd.dat
2008-01-11 13:51:58 0 d-------- C:\Documents and Settings\All Users\Application Data\NVIDIA Corporation
2008-01-11 13:51:46 60416 --a------ C:\WINDOWS\system32\DSETUP.dll <Not Verified; Microsoft Corporation; Microsoft® DirectX for Windows®>
2008-01-11 13:51:46 9856 --a------ C:\WINDOWS\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>
2008-01-11 13:51:46 4608 --a------ C:\WINDOWS\system32\drivers\nvport.sys <Not Verified; NVIDIA Corporation.; Port Driver>
2008-01-11 13:51:46 671744 --a------ C:\WINDOWS\system32\DolbyHph.dll <Not Verified; Lake Technology Limited,
http://www.lake.com.au; Dolby Headphone>
2008-01-11 13:51:46 0 d-------- C:\Program Files\NVIDIA Corporation
2008-01-10 17:53:58 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-07 18:38:21 0 d-------- C:\Program Files\Microsoft Silverlight
2008-01-06 08:43:16 120576 --a------ C:\WINDOWS\system32\ndqcoprh.dat
2008-01-06 08:41:25 19584 --a------ C:\WINDOWS\system32\drivers\jcvbtqjh.dat
2008-01-06 08:36:35 83968 --a------ C:\WINDOWS\system32\corpolm.dll
2008-01-06 08:36:12 0 d-------- C:\WINDOWS\system32\AppCert
2008-01-06 08:35:55 84992 --a------ C:\WINDOWS\system32\dfrgresa.dll
-- Find3M Report ---------------------------------------------------------------
2008-02-02 21:01:31 170 --a------ C:\Program Files\nnyxojfu.txt
2008-02-02 18:51:20 133741 --a------ C:\WINDOWS\system32\nvModes.dat
2008-02-02 17:52:13 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-01 10:08:49 0 d-------- C:\Program Files\AQS VPN Client
2008-01-28 08:13:04 0 d-------- C:\Program Files\Common Files
2008-01-23 16:37:39 0 d-------- C:\Program Files\Microsoft Visual Studio 8
2008-01-21 16:54:06 0 d-------- C:\Program Files\DellTPad
2008-01-21 10:33:33 0 d-------- C:\Program Files\Google
2008-01-11 13:51:46 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-01-01 12:58:52 0 d-------- C:\Program Files\Apoint
2008-01-01 12:40:52 0 d-------- C:\Program Files\WebCyberCoach
2008-01-01 12:31:56 0 d-------- C:\Program Files\Dell Support Center
2008-01-01 12:31:50 0 d-------- C:\Program Files\Common Files\supportsoft
2007-12-07 11:42:08 0 d-------- C:\Program Files\Borland
2007-12-07 08:27:08 71168 --a------ C:\WINDOWS\system32\iawin32.dll <Not Verified; ; Intel Win32 Extentions Dynamic Link Library>
2007-11-16 08:40:27 202827 --a------ C:\WINDOWS\system32\atasnt40.dll <Not Verified; WebEx Communications, Inc; WebEx Application Sharing>
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8F01E740-9113-4DB9-9D54-4FAE4B8AF49E}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C006E3B7-D3BD-470B-A912-152705A9A4CD}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PDDM"="C:\Program Files\PatchLink\Update Agent\pddm.exe" [01/25/2007 03:32 PM]
"Apoint"="C:\Program Files\DellTPad\Apoint.exe" [07/02/2007 01:29 PM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [01/19/2006 08:14 AM]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [11/15/2005 01:28 PM]
"SigmatelSysTrayApp"="stsystra.exe" [11/16/2005 02:35 PM C:\WINDOWS\stsystra.exe]
"NVHotkey"="nvHotkey.dll" [01/19/2006 08:14 AM C:\WINDOWS\system32\nvhotkey.dll]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [06/11/2007 03:25 AM]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [11/03/2006 07:20 PM]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [09/07/2006 11:19 AM]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 04:00 AM]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
AQS VPN Client.lnk - C:\Program Files\AQS VPN Client\vpngui.exe [4/24/2007 8:20:02 AM]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"Wallpaper"=\\aqssys.com\enterprisedeliverables\AQSBACKGROUND\AQS_background.bmp
"WallpaperStyle"=0
"DisableRegistryTools"=0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktopChanges"=1 (0x1)
"ForceActiveDesktopOn"=1 (0x1)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/2006 12:55 PM 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 02/27/2007 11:39 AM 282624 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mcggovvu]
corpolm.dll 01/31/2008 10:29 PM 83968 C:\WINDOWS\system32\corpolm.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1202660629-1957994488-1708537768-1236\Scripts\Logon\0\0]
"Script"=\\aqssys.com\SysVol\aqssys.com\scripts\ModifyComputerDescription.VBS
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1202660629-1957994488-1708537768-3620\Scripts\Logon\0\0]
"Script"=\\aqssys.com\SysVol\aqssys.com\scripts\ModifyComputerDescription.VBS
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
wwmqrcrh
-- End of Deckard's System Scanner: finished at 2008-02-03 19:41:20 ------------
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English
CPU 0: Genuine Intel® CPU T2500 @ 2.00GHz
CPU 1: Genuine Intel® CPU T2500 @ 2.00GHz
Percentage of Memory in Use: 31%
Physical Memory (total/avail): 2046.11 MiB / 1402.93 MiB
Pagefile Memory (total/avail): 3938.94 MiB / 3332.68 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1931.57 MiB
C: is Fixed (NTFS) - 74.46 GiB total, 34.57 GiB free.
D: is CDROM (No Media)
H: is Network (Unformatted)
I: is Network (Unformatted)
J: is Network (Unformatted)
K: is Network (Unformatted)
O: is Network (Unformatted)
P: is Network (Unformatted)
Q: is Network (Unformatted)
\\.\PHYSICALDRIVE0 - Hitachi HTS721080G9SA00 - 74.53 GiB - 2 partitions
\PARTITION0 - Unknown - 70.57 MiB
\PARTITION1 (bootable) - Installable File System - 74.46 GiB - C:
-- Security Center -------------------------------------------------------------
AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.
FirstRunDisabled is set.
AntivirusOverride is set.
AV: Symantec AntiVirus Corporate Edition v10.0.2.2000 (Symantec Corporation)
Disabled[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Microsoft Visual Studio\\Common\\Tools\\VS-Ent98\\Vanalyzr\\VARPC.EXE"="C:\\Program Files\\Microsoft Visual Studio\\Common\\Tools\\VS-Ent98\\Vanalyzr\\VARPC.EXE:*:Enabled:Microsoft ® Visual Studio VSA RPC Event Creator"
"C:\\Program Files\\Borland\\StarTeam Toolbar\\SBToolbar.exe"="C:\\Program Files\\Borland\\StarTeam Toolbar\\SBToolbar.exe:*:Enabled:StarTeam Toolbar Application"
"C:\\WINDOWS\\system32\\wbem\\unsecapp.exe"="C:\\WINDOWS\\system32\\wbem\\unsecapp.exe:*:Enabled:WMI"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Fox\\No One Lives Forever\\eReg\\NAVBrowser.exe"="C:\\Program Files\\Fox\\No One Lives Forever\\eReg\\NAVBrowser.exe:*:Disabled:NAVBrowser"
"C:\\Program Files\\Neoteris\\Secure Application Manager\\dsSamProxy.exe"="C:\\Program Files\\Neoteris\\Secure Application Manager\\dsSamProxy.exe:*:Enabled:Secure Application Manager Proxy"
"C:\\Documents and Settings\\wayne\\Application Data\\Juniper Networks\\Juniper Terminal Services Client\\dsTermServ.exe"="C:\\Documents and Settings\\wayne\\Application Data\\Juniper Networks\\Juniper Terminal Services Client\\dsTermServ.exe:*:Enabled:dsTermServ Module"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Disabled:uTorrent"
"C:\\WINDOWS\\system32\\mqsvc.exe"="C:\\WINDOWS\\system32\\mqsvc.exe:*:Enabled:Message Queuing"
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Borland\\StarTeam Toolbar\\SBToolbar.exe"="C:\\Program Files\\Borland\\StarTeam Toolbar\\SBToolbar.exe:*:Enabled:StarTeam Toolbar Application"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"
"C:\\WINDOWS\\system32\\mqsvc.exe"="C:\\WINDOWS\\system32\\mqsvc.exe:*:Enabled:Message Queuing"
-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\wayne\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=TRN624
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\wayne
lib=C:\Program Files\SQLXML 4.0\bin\
LOGONSERVER=\\AQSNTDC6
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;c:\program files\borland\StarTeam SDK 2005 R2\Lib;c:\program files\borland\StarTeam SDK 2005 R2\Bin;c:\Program Files\Microsoft SQL Server\90\Tools\binn\;C:\Program Files\Microsoft SQL Server\80\Tools\Binn\;C:\Program Files\Microsoft SQL Server\90\DTS\Binn\;C:\Program Files\Microsoft SQL Server\90\Tools\Binn\VSShell\Common7\IDE\;C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\PrivateAssemblies\;c:\program files\borland\StarTeam SDK 2006\Lib;c:\program files\borland\StarTeam SDK 2006\Bin;c:\program files\borland\StarTeam SDK 9.3\Lib;c:\program files\borland\StarTeam SDK 9.3\Bin;C:\Program Files\Borland\StarTeam SDK for .NET 2006\bin;C:\Program Files\Borland\StarTeam SDK Runtime for .NET 9.3\bin
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 14 Stepping 8, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0e08
ProgramFiles=C:\Program Files
PROMPT=$P$G
RTARCH=i86_w32
RTHOME=C:\Program Files\Borland\StarTeam SDK Runtime for .NET 9.3\bin
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\wayne\LOCALS~1\Temp
TMP=C:\DOCUME~1\wayne\LOCALS~1\Temp
USERDNSDOMAIN=AQSSYS.COM
USERDOMAIN=AQSSYS
USERNAME=wayne
USERPROFILE=C:\Documents and Settings\wayne
VS80COMNTOOLS=C:\Program Files\Microsoft Visual Studio 8\Common7\Tools\
windir=C:\WINDOWS
__COMPAT_LAYER=EnableNXShowUI
-- User Profiles ---------------------------------------------------------------
sdavis
(admin)wayne
(admin)Administrator
(admin)rick
(new local, admin)AQS
(admin)Administrator.TRN624
(admin)-- Add/Remove Programs ---------------------------------------------------------
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
.NET Framework Enterprise Code Access Security Policy --> MsiExec.exe /I{18595737-F2A0-4818-8967-D7093E8BC350}
.NET Framework Enterprise Code Access Security Policy --> MsiExec.exe /I{44D7D8EA-D9D1-47DB-97C0-745E9590BA8E}
.NET Framework Enterprise Code Access Security Policy --> MsiExec.exe /I{6A8E2355-49D6-46A2-8D3F-30FD2B5432BF}
.NET Framework Enterprise Code Access Security Policy --> MsiExec.exe /I{B180104F-B695-4D85-AE13-A02D15583B72}
.NET Framework Enterprise Code Access Security Policy --> MsiExec.exe /I{BD5D42CF-7C7A-440A-B61C-BD3D6B22A088}
.NET Framework Enterprise Code Access Security Policy --> MsiExec.exe /I{DB3BADCD-F9F4-4680-86E2-EBE85DC10907}
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003}
Alexsys Team Client --> C:\Program Files\Alexsys\Team\UnTeam.exe
Apple Mobile Device Support --> MsiExec.exe /I{A43B2A2F-1DB5-47F9-A608-F11A4835D7CB}
Apple Software Update --> MsiExec.exe /I{A260B422-70E1-41E2-957D-F76FA21266D5}
AQS Code Generator --> rundll32.exe dfshim.dll,ShArpMaintain SQLCodeGenerator.application, Culture=neutral, PublicKeyToken=788cfac139501332, processorArchitecture=msil
AQS Software Delivery Tools --> rundll32.exe dfshim.dll,ShArpMaintain AQS.Utility.Database.SDTools.application, Culture=neutral, PublicKeyToken=de54d4fbfbba6d58, processorArchitecture=msil
AQS SQL Manager 3.0 --> rundll32.exe dfshim.dll,ShArpMaintain SQLManager 3.0.application, Culture=neutral, PublicKeyToken=8c63650071e6d3ea, processorArchitecture=x86
AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
Beyond Compare Version 2.4.3 --> "C:\Program Files\Beyond Compare 2\unins000.exe"
Broadcom Gigabit Integrated Controller --> MsiExec.exe /X{B7F54262-AB66-44B3-88BF-9FC69941B643}
Conexant HDA D110 MDC V.92 Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3\HXFSETUP.EXE -U -Idel1028p.inf
Dell Driver Reset Tool --> MsiExec.exe /I{5905F42D-3F5F-4916-ADA6-94A3646AEE76}
Dell Mobile Broadband Card Utility --> MsiExec.exe /X{DF62D775-BB7C-4AFA-9CA4-DDA1C4855F28}
Dell ResourceCD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D78653C3-A8FF-415F-92E6-D774E634FF2D}\setup.exe"
Dell Support Center --> MsiExec.exe /X{E3BFEE55-39E2-4BE0-B966-89FE583822C1}
Dell Touchpad --> C:\Program Files\DellTPad\Uninstap.exe ADDREMOVE
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
EditPlus 2 --> C:\Program Files\EditPlus 2\remove.exe
Embarcadero ER/Studio v7.1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{975147A4-5167-444C-B52D-FA2A24F9F3CD}\setup.exe" -l0x9 -removeonly
getPlus®_ocx --> rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\inf\GETPLUSo.INF, DefaultUninstall
High Definition Audio Driver Package - KB835221 --> C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix 3152 for SQL Server Analysis Services 2005 ENU (KB933097) --> C:\WINDOWS\OLAP9_KB933097_ENU\Hotfix.exe /Uninstall
Hotfix 3152 for SQL Server Database Services 2005 ENU (KB933097) --> C:\WINDOWS\SQL9_KB933097_ENU\Hotfix.exe /Uninstall
Hotfix 3152 for SQL Server Integration Services 2005 ENU (KB933097) --> C:\WINDOWS\DTS9_KB933097_ENU\Hotfix.exe /Uninstall
Hotfix 3152 for SQL Server Notification Services 2005 ENU (KB933097) --> C:\WINDOWS\NS9_KB933097_ENU\Hotfix.exe /Uninstall
Hotfix 3152 for SQL Server Reporting Services 2005 ENU (KB933097) --> C:\WINDOWS\RS9_KB933097_ENU\Hotfix.exe /Uninstall
Hotfix 3152 for SQL Server Tools and Workstation Components 2005 ENU (KB933097) --> C:\WINDOWS\SQLTools9_KB933097_ENU\Hotfix.exe /Uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Infragistics NetAdvantage 2004 Vol. 1 --> MsiExec.exe /I{313FAD09-889E-4819-B3FC-636D58C41091}
Infragistics NetAdvantage 2004 Vol. 1 .NET Hot Fix - 07/16/04 --> MsiExec.exe /I{61000F94-3843-41D1-A554-2FB013D924B6}
Infragistics NetAdvantage for .NET 2006 Vol. 3 CLR 2.0 --> MsiExec.exe /X{E891DA25-9CEC-45d5-AEC0-BFD9578ADDFC}
Intel® PROSet/Wireless Software --> C:\WINDOWS\Installer\iProInst.exe
Java Runtime 1.5.0_03 for Borland COM APIs --> C:\WINDOWS\IsUninst.exe -f"c:\program files\borland\Java\Sun1.5.0_03\JavaRT1.5.0_03.isu"
Java Runtime 1.5.0_09 for Borland COM APIs --> C:\WINDOWS\IsUninst.exe -f"c:\program files\borland\Java\Sun1.5.0_09\JavaRT1.5.0_09.isu"
LiteSpeed --> MsiExec.exe /X{862D1B6D-E69A-4D05-BEB0-902CB62D2F90}
LiveUpdate 2.6 (Symantec Corporation) --> C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
mCore --> MsiExec.exe /I{E81667C6-2856-46D6-ABEA-6A2F42166779}
mDriver --> MsiExec.exe /I{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}
mDrWiFi --> MsiExec.exe /I{F6090A17-0967-4A8A-B3C3-422A1B514D49}
mHlpDell --> MsiExec.exe /I{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Device Emulator version 1.0 - ENU --> MsiExec.exe /X{78B75C6D-E53C-424C-BF83-4B63BD4A6682}
Microsoft Document Explorer 2005 --> C:\Program Files\Common Files\Microsoft Shared\Help 8\Microsoft Document Explorer 2005\install.exe
Microsoft Document Explorer 2005 --> MsiExec.exe /X{44D4AF75-6870-41F5-9181-662EA05507E1}
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 --> "C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft Office 2003 Web Components --> MsiExec.exe /I{90A40409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Visio Professional 2003 --> MsiExec.exe /I{90510409-6000-11D3-8CFE-0150048383C9}
Microsoft Silverlight --> MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 --> "c:\Program Files\Microsoft SQL Server\90\Setup Bootstrap\ARPWrapper.exe" /Remove
Microsoft SQL Server 2005 --> MsiExec.exe /I{130A3BE1-85CC-4135-8EA7-5A724EE6CE2C}
Microsoft SQL Server 2005 Analysis Services --> MsiExec.exe /I{8ABF8FEB-ABB0-40DC-9945-85AF36EF30A9}
Microsoft SQL Server 2005 Backward compatibility --> MsiExec.exe /I{69880C00-08DD-4385-B752-9C62656F6D1E}
Microsoft SQL Server 2005 Books Online (English) (February 2007) --> MsiExec.exe /I{9FD95902-7327-4C45-86C2-1785F9785E87}
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS) --> MsiExec.exe /I{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}
Microsoft SQL Server 2005 Integration Services --> MsiExec.exe /I{EE8CFFD9-6E29-4DC3-A967-7348D5F41F44}
Microsoft SQL Server 2005 Mobile [ENU] Developer Tools --> MsiExec.exe /X{1389C6A4-4965-4AEC-9175-08B54A10FA48}
Microsoft SQL Server 2005 Notification Services --> MsiExec.exe /I{37E9AD9F-3217-4229-B5A5-7A0C82364C6C}
Microsoft SQL Server 2005 Performance Dashboard Reports --> MsiExec.exe /I{CAA9FC64-D3FB-4478-B1C6-879181F0DC91}
Microsoft SQL Server 2005 Reporting Services --> MsiExec.exe /I{E930E839-998E-42F9-97E2-71FC960DB1B7}
Microsoft SQL Server 2005 Tools --> MsiExec.exe /I{1DD463C0-A50A-4394-B7E4-5895C02F9E0D}
Microsoft SQL Server Native Client --> MsiExec.exe /I{F9B3DD02-B0B3-42E9-8650-030DFF0D133D}
Microsoft SQL Server Setup Support Files (English) --> MsiExec.exe /X{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}
Microsoft SQL Server VSS Writer --> MsiExec.exe /I{E9F44C98-B8B6-480F-AF7B-E42A0A46F4E3}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual J# 2.0 Redistributable Package --> C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft Visual J# 2.0 Redistributable Package\install.exe
Microsoft Visual Studio 2005 Team Suite - ENU --> C:\Program Files\Microsoft Visual Studio 8\Microsoft Visual Studio 2005 Team Suite - ENU\setup.exe
Microsoft Visual Studio 2005 Team Suite - ENU Service Pack 1 (KB926601) --> C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {D93F9C7C-AB57-44C8-BAD6-1494674BCAF7} /package {1862162E-3BBC-448F-AA63-49F33152D54A}
Microsoft Visual Studio 2005 Tools for Office Runtime --> C:\Program Files\Common Files\Microsoft Shared\VSTO\8.0\Microsoft Visual Studio 2005 Tools for Office Runtime\install.exe
Microsoft Visual Studio 2005 Tools for Office Runtime --> MsiExec.exe /X{388E4B09-3E71-4649-8921-F44A3A2954A7}
Microsoft Visual Studio 6.0 Enterprise Edition --> "C:\Program Files\Microsoft Visual Studio\Common\Setup\1033\Setup.exe"
Microsoft Web Publishing Wizard 1.53 --> RunDll32 ADVPACK.DLL,LaunchINFSection C:\WINDOWS\INF\wpie3x86.inf,WebPostUninstall
mIWA --> MsiExec.exe /I{3E9D596A-61D4-4239-BD19-2DB984D2A16F}
mLogView --> MsiExec.exe /I{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}
mMHouse --> MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
mPfMgr --> MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
mPfWiz --> MsiExec.exe /I{90B0D222-8C21-4B35-9262-53B042F18AF9}
mProSafe --> MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
MSDN Library for Visual Studio 2005 --> msiexec /i {23959E96-A80F-4172-A655-210E9BB7BFBE}
MSDN Library for Visual Studio 2005 --> MsiExec.exe /X{23959E96-A80F-4172-A655-210E9BB7BFBE}
mSSO --> MsiExec.exe /I{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
mWlsSafe --> MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
mWMI --> MsiExec.exe /I{63DB9CCD-2B56-4217-9A3D-507AC78320CA}
mXML --> MsiExec.exe /I{9CC89556-3578-48DD-8408-04E66EBEF401}
mZConfig --> MsiExec.exe /I{94658027-9F16-4509-BBD7-A59FE57C3023}
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
NVIDIA PureVideo Decoder --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{055FEF8E-4B86-400F-A5C6-8FAC0042DCD9}\setup.exe" -l0x9 -uninstall
OZ776 SCR CardBus Windows Driver --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{2D91C34E-12CC-4B1B-90D5-31DAD47B6F48} /l1033
PatchLink Update Agent --> MsiExec.exe /X{023DBB60-2689-4EFC-A2A6-4CCDB3A9A5BF}
Red Gate SQL Bundle 5 --> MsiExec.exe /X{FA6A39CB-6FFC-48B8-A05B-C5D0938015C0}
Security Task Manager 1.7e --> C:\Program Files\Security Task Manager\Uninstal.exe "C:\Documents and Settings\All Users\Start Menu\Programs\Security Task Manager"
Service Pack 2 for SQL Server Analysis Services 2005 ENU (KB921896) --> C:\WINDOWS\OLAP9_KB921896_ENU\Hotfix.exe /Uninstall
Service Pack 2 for SQL Server Database Services 2005 ENU (KB921896) --> C:\WINDOWS\SQL9_KB921896_ENU\Hotfix.exe /Uninstall
Service Pack 2 for SQL Server Integration Services 2005 ENU (KB921896) --> C:\WINDOWS\DTS9_KB921896_ENU\Hotfix.exe /Uninstall
Service Pack 2 for SQL Server Notification Services 2005 ENU (KB921896) --> C:\WINDOWS\NS9_KB921896_ENU\Hotfix.exe /Uninstall
Service Pack 2 for SQL Server Reporting Services 2005 ENU (KB921896) --> C:\WINDOWS\RS9_KB921896_ENU\Hotfix.exe /Uninstall
Service Pack 2 for SQL Server Tools and Workstation Components 2005 ENU (KB921896) --> C:\WINDOWS\SQLTools9_KB921896_ENU\Hotfix.exe /Uninstall
SigmaTel Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x9 -remove -removeonly
SQL Server 2000 DTS Designer Components --> MsiExec.exe /I{F582ABB6-BFD7-419C-9C0B-43CE27BF543E}
SQLXML4 --> MsiExec.exe /I{36DD7006-7BFE-4E3D-AF6E-FA734BC879B7}
StarTeam Cross-Platform Client 2006 Release 2 --> "C:\Program Files\Borland\StarTeam Cross-Platform Client 2006 R2\Uninstaller\Uninstall.exe"
StarTeam SDK for .NET 2006 --> "C:\Program Files\Borland\StarTeam SDK for .NET 2006\UninstallSDK\Uninstall.exe"
StarTeam SDK for .NET 9.3 --> "C:\Program Files\Borland\StarTeam SDK for .NET 9.3\UninstallSDK\Uninstall.exe"
StarTeam SDK Runtime 2005 R2 --> C:\WINDOWS\ISUNINST.EXE -f"c:\program files\borland\StarTeam SDK 2005 R2\SDKRT2005R2.isu" -c"c:\program files\borland\StarTeam SDK 2005 R2\sdkUninst.dll" 8.0
StarTeam SDK Runtime 9.3 --> C:\WINDOWS\ISUNINST.EXE -f"c:\program files\borland\StarTeam SDK 9.3\SDKRT.isu" -c"c:\program files\borland\StarTeam SDK 9.3\sdkUninst.dll" 9.3
StarTeam SDK Runtime for .NET 9.3 --> "C:\Program Files\Borland\StarTeam SDK Runtime for .NET 9.3\UninstallSDKRuntime\Uninstall.exe"
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Symantec AntiVirus --> MsiExec.exe /I{46B63F23-2B4A-4525-A827-688026BE5E40}
Unlocker 1.8.5 --> C:\Program Files\Unlocker\uninst.exe
VPN Client --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5624C000-B109-11D4-9DB4-00E0290FCAC5}\Setup.exe" -l0x9 VpnUninstall
WebCyberCoach 3.2 Dell --> "C:\Program Files\WebCyberCoach\b_Dell\WCC_Wipe.exe" "WebCyberCoach ext\wtrb" /inf "engine.inf,RealUninstallSection,,4" /infcfg "enginecf.inf,RealUninstallSection,,4"
WebEx --> C:\WINDOWS\DOWNLO~1\atcliun.exe
Windows Defender --> MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinZip --> "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
-- Application Event Log -------------------------------------------------------
Event Record #/Type2281 / Error
Event Submitted/Written: 02/03/2008 05:42:02 PM
Event ID/Source: 5 / Symantec AntiVirus
Event Description:
Threat Found!Threat: Trojan.Adclicker in File: c:\WINDOWS\system32\dfrgresa.dll by: Manual scan. Action: Clean failed : Quarantine failed. Action Description: The file was left unchanged.
Event Record #/Type2280 / Error
Event Submitted/Written: 02/03/2008 05:42:01 PM
Event ID/Source: 51 / Symantec AntiVirus
Event Description:
Security Risk Found!Threat: Trojan.Adclicker in File: c:\windows\system32\dfrgresa.dll by: Manual scan. Action: Clean failed : Quarantine failed. Action Description: Quarantine was partially successful.
Event Record #/Type2279 / Error
Event Submitted/Written: 02/03/2008 05:41:37 PM
Event ID/Source: 46 / Symantec AntiVirus
Event Description:
Security Risk Found!Threat: Trojan.Adclicker in File: c:\windows\system32\dfrgresa.dll by: Manual scan. Action: Clean failed : Quarantine failed. Action Description: The file was left unchanged.
Event Record #/Type2276 / Error
Event Submitted/Written: 02/03/2008 05:20:24 PM
Event ID/Source: 5 / Symantec AntiVirus
Event Description:
Threat Found!Threat: Trojan.Adclicker in File: c:\WINDOWS\system32\dfrgresa.dll by: Manual scan. Action: Leave Alone succeeded. Action Description: The file was left unchanged.
Event Record #/Type2275 / Error
Event Submitted/Written: 02/03/2008 05:20:22 PM
Event ID/Source: 51 / Symantec AntiVirus
Event Description:
Security Risk Found!Threat: Trojan.Adclicker in File: c:\windows\system32\dfrgresa.dll by: Manual scan. Action: Clean was partially successful.. Action Description: Clean was partially successful.
-- Security Event Log ----------------------------------------------------------
No Errors/Warnings found.
-- System Event Log ------------------------------------------------------------
Event Record #/Type22985 / Error
Event Submitted/Written: 02/03/2008 07:38:38 PM
Event ID/Source: 10016 / DCOM
Event Descr